Metasploit Weekly Update Adds Kerberos and Certificate Tracing Options, New Modules
Rapid7's latest Metasploit update introduces KerberosTicketTrace and CertificateTrace debugging options, plus multiple new exploit and auxiliary modules for penetration testers.
Rapid7 has released the latest weekly update for the Metasploit open-source penetration testing framework, bringing two new debugging options—KerberosTicketTrace and CertificateTrace—alongside a batch of new exploit and auxiliary modules. The update, published on June 13, 2026, continues the framework's regular release cycle and aims to simplify troubleshooting for operators and module developers alike.
The new tracing options build on the existing HttpTrace pattern, which has long allowed users to inspect HTTP request and response traffic. KerberosTicketTrace and CertificateTrace extend this capability to Kerberos authentication and certificate exchanges, respectively. When enabled, these options output detailed protocol-level data—such as AS-REQ, AS-REP, and KRB-ERROR messages for Kerberos, and certificate handshake details—directly to the console. This allows users to pinpoint exactly where a module is failing, whether due to misconfigured tickets, expired certificates, or unexpected server responses.
One of the two features was developed as part of Rapid7's Google Summer of Code (GSoC) program, reflecting the company's ongoing investment in community-driven improvements. The debugging output is designed to be human-readable, showing fields like protocol version, message type, encryption types, and error codes. For example, running the auxiliary/admin/kerberos/get_ticket module with KerberosTicketTrace enabled reveals the full AS-REQ and AS-REP exchange, including pre-authentication data and encrypted ticket blobs.
In addition to the tracing options, the update bundles multiple new modules. While Rapid7 did not detail every module in the announcement, the release continues a pattern of adding support for recent CVEs and emerging attack techniques. Previous weekly updates have included modules for vulnerabilities in products like Apache, Microsoft Exchange, and various network appliances. The new modules are expected to cover a range of exploitation and post-exploitation scenarios, further expanding Metasploit's already extensive library.
The update also includes bug fixes and performance improvements across the framework. Rapid7 encourages users to update their Metasploit installations via the standard update mechanism—either msfupdate or git pull—to take advantage of the new features. The company notes that the tracing options are particularly useful for developers writing new Kerberos- or certificate-related modules, as they provide immediate visibility into protocol interactions without requiring external packet capture tools.
This release underscores Metasploit's role as a critical tool for red teams, penetration testers, and security researchers. By lowering the barrier to debugging complex authentication flows, Rapid7 aims to accelerate module development and improve the reliability of existing modules. As Kerberos-based attacks—such as Golden Ticket and Silver Ticket—remain a staple of Active Directory compromise, the ability to trace ticket exchanges directly within Metasploit could prove valuable for both offensive and defensive operations.
The full changelog and module list are available on the Rapid7 blog and the Metasploit GitHub repository. Users are advised to review the release notes for any breaking changes or new dependencies.