Bugs Fixed

• PR 13105 - The pattern_create, pattern_offset, and makeiplist tools now load much faster. The pattern tools in particular are down from 6-7 seconds to 0-1 seconds.
• PR 13176 - The issue_finder.py used for finding modules without documentation, no longer lists .pyc files or files beginning with _.
• PR 13212 - This fixes several Meterpreter bugs, including a crash with stageless Windows meterpreter, a crash handling Android wakelocks, and implements proper filesystem wildcard handling with Java meterpreter.

Enhancements and Features

• PR 12594 - This adds a new mixin for importing useful information from Ubiquiti UniFi backup files. The new mixin is then also used by a new auxiliary file that can ingest files collected through arbitrary means.
• PR 13093 - This adds an alias of ftp_connect to connect within Exploit::Remote::Ftp. This addition helps solves name collisions when Msf::Exploit::Remote::HttpClient and Msf::Exploit::Remote::Ftp are included in the same module.
• PR 13141 - This adds a reverse shell payload for tclsh, a simple shell containing Tcl interpreter.
• PR 13148 - This reduces unknown commands handling from 1 second to 0.5 seconds for Android payloads.
• PR 13155 - Updates the Metasploit Profiling tools with two new methods Metasploit::Framework::Profiler.record_cpu and Metasploit::Framework::Profiler.record_memory to allow for specific code sections to be profiled
• PR 13172 - This PR updates metasploit_payloads-mettle gem version to 0.5.21 to add OSX Catalina support.
• PR 13188 - This adds additional checks to the tools/dev/msftidy_docs.rb module documentation linter.

New Modules

• PR 10579 - This adds a post module for executing SharpHound ingester and gathering the resulting files for consumption by BloodHound. It also adds a script for checking and updating upstream vendored file-based dependencies.
• PR 12096 - This module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 - 9.3.0-RC, which allows remote code execution via cookie deserialization triggered by loading a custom error page.
• PR 12756 - This adds an exploit module for D-Link DWL-2600 4.2.0.15 Rev A Access Point. The vulnerability exists within the restore configuration functionality in the web interface. Authenticated remote code execution can be achieved by sending a POST request to the /admin.cgi?action=config_restore uri containing a payload within the unsanitized configServerip parameter.
• PR 12759 - This is a module for the vulnerability present in Apache Solr <= 8.3.0 which allows remote code execution via a custom Velocity template.
• PR 12818 - This adds a WebSocket DoS module for the "Cable Haunt" vulnerability in certain cable modems.
• PR 13067 - This adds an unauthenticated RCE exploit for PlaySMS that leverages a flaw in index.php that can allow code to be injected into the template engine.
• PR 13098 - This adds a module for Pandora FMS. A user can gain authenticated code execution via unsanitized input being passed to the system() function in net_tools.php.
• PR 13123 - This adds a local privilege escalation (CVE-2020-3950) exploit against VMware Fusion versions 10.1.3 through 11.5.3 on OS X.
• PR 13152 - This adds an exploit for CVE-2019-4716 against IBM Planning Analytics powered by TM1.
• PR 13187 - New module added for SMBGhost (CVE-2020-0796) to gain privilege escalation, followed by payload execution, on vulnerable Windows 10 targets running SMBv3 with compression enabled.

Offline Update

• https://updates.metasploit.com/packages/494affc4825096b69260f46abda07f013fc448e2.bin

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version