Metasploit Pro 5.0.0 arrives with a redesigned workflow, new modules, and stronger enterprise features

Rapid7 has released Metasploit Pro 5.0.0, a major update that focuses on workflow changes, broader vulnerability validation, and several new features for larger security teams. The release went live on March 12, 2026, and Rapid7 positions it as a significant refresh for red-team and penetration testing work.

The new version combines interface improvements with added module content and enterprise-focused enhancements. Rapid7 says Metasploit Pro 5.0.0 includes a refreshed user interface, more visibility into vulnerability detection, optional SAML single sign-on support, and expanded support for tagging sessions. The company also added extra auxiliary scan detections to Quick PenTest and Automated Exploit workflows.

One of the biggest changes is the new testing workflow. Rapid7 says the redesign aims to reduce interface friction so testers can spend more time validating real exposure and less time configuring runs. The company also highlighted new Network Topology support, which maps compromised hosts, cracked credentials, and captured data in a more visual format for larger environments.

Rapid7 also put more emphasis on safer and more informed exploitation attempts. According to the company, modules can now register vulnerability detection details during execution, which gives users more context before they try an exploit. That should help testers judge whether a target looks exploitable before launching a full attempt.

What is new in Metasploit Pro 5.0.0

Rapid7 also expanded advanced workflow controls. The company says users now get smarter suggestions for applicable values, including network targets and Kerberos credential cache files, which should speed up common tasks. It also added manual payload selection and configuration, while keeping the default behavior for common payload choices.

Active Directory Certificate Services remains a major focus in this release. Rapid7 says the AD CS Workflows Metamodule now provides an automated way to identify and leverage nine common AD CS vulnerabilities. Rapid7’s earlier 2025 wrap-up also pointed to work around ESC9, ESC10, and ESC16, and the new Pro release continues that AD CS push.

Beyond the workflow changes, Rapid7 added four pieces of new module content in the release notes. These include a Linux RC4 packer, a module for CVE-2025-71243 in the SPIP Saisies plugin, a LeakIX search module, and an exploit module for CVE-2025-69516 in Tactical RMM.

New module content listed by Rapid7

• evasion/linux/x64/rc4_packer
• Module for CVE-2025-71243 in the SPIP Saisies plugin
• auxiliary/gather/leakix_search
• Exploit module for CVE-2025-69516 in Tactical RMM

Rapid7 also made a few quality-of-life improvements that matter for team operations. Session tagging should help analysts keep track of high-value access across longer assessments. Optional SAML single sign-on should make deployments easier to fit into central identity environments, especially where security teams already use MFA and corporate identity providers.

The release does not center on a single new exploit or one headline-grabbing attack chain. Instead, it looks more like a platform update built to make Metasploit Pro faster to use, easier to manage, and more practical for continuous testing in enterprise networks. That could matter more to many teams than one more exploit module, especially as organizations shift from periodic penetration tests to ongoing exposure validation. This is an inference based on Rapid7’s release framing and feature mix.

Why this release matters

• It shifts focus from point-in-time testing to more continuous validation
• It gives testers more context before running exploits
• It improves usability for large, complex enterprise environments
• It adds identity and collaboration features that fit team workflows
• It extends AD CS and enterprise attack path coverage

FAQ