Metasploit Wrap-Up 03/13/2026

No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestone This week’s Metasploit Framework release delivers three new modules across reconnaissance, evasion, and exploitation: LeakIX-powered discovery for exposed services and leaked data, a Linux x64 RC4 payload packer for more flexible evasive delivery, and an unauthenticated RCE module for SPIP Saisies (CVE-2025-71243). Alongside those additions, we shipped practical quality-of-life improvements including a smaller configurable bind_netcat payload path, and automatic WordPress service reporting in the WordPress mixin. Finally, we’re also excited to share the new Metasploit Pro 5.0.0 release with an updated UI and SSO support amongst other changes, check out the announcement here: Announcing Metasploit Pro 5: Penetration Testing, Evolving . New module content (3) LeakIX Search Authors: LeakIX [email protected] and Valentin Lobstein [email protected] Type: Auxiliary Pull request: #21002 contributed by Chocapikk Path: gather/leakix_search Description: Adds a new module auxiliary/gather/leakix_search, a new module for LeakIX API - a search engine focused on indexing internet-exposed services and leaked credentials/databases. Linux RC4 Encrypted Payload Generator Author: Massimo Bertocchi Type: Evasion Pull request: #20966 contributed by litemars Path: linux/x64/rc4_packer Description: Adds a new module evasion/linux/x64/rc4_packer packer that encrypts the generated payload with RC4, prepends an optional sleep-based delay (nanosleep), and decrypts/executes the payload at runtime via a compact precompiled stub. SPIP Saisies Plugin Unauthenticated RCE Authors: OpenStudio and Valentin Lobstein [email protected] Type: Exploit Pull request: #21001 contributed by Chocapikk Path: multi/http/spip_saisies_rce AttackerKB reference: CVE-2025-71243 Description: This adds a new module for CVE-2025-71243, an unauthenticated PHP code-injection vulnerability in the SPIP Saisies plugin. The injection takes place through _anciennes_valeurs, which allows an attacker to inject a PHP payload. Enhancements and features (2) #20885 from dledda-r7 - Updates the bind_netcat payload to allow it to be smaller by selecting either default or BSD-style netcat command syntax. Previously, the payload ran both command syntaxes combined by an OR operator so wherever it was executed, the payload worked. The default behavior remains to run both, but in the event a user needs a significantly shorter payload, they can select a single netcat syntax and adjust the filenames. #20961 from Nayeraneru - This adds service reporting to Wordpress mixin. Now, when you use a Wordpress module, it will automatically report the target as Wordpress if detected. Documentation You can find the latest Metasploit documentation on our docsite at docs.metasploit.com . Get it As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from Git