Rapid7 maintains a substantial public presence on GitHub, hosting a wide range of repositories primarily in Ruby, Python, Java, C, and JavaScript. Notable projects include the Metasploit Framework, a widely used penetration testing tool, and Metasploitable3, a deliberately vulnerable VM designed for security training.
Top languages
Public repositories
metasploit-framework
Metasploit Framework
metasploitable3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
metasploit-payloads
Unified repository for different Metasploit Framework payloads
hackazon
A modern vulnerable web app
ssh-badkeys
A collection of static SSH keys (public and private) that have made their way into software and hardware products.
IoTSeeker
Created by Jin Qian via the GitHub Connector
recog
Pattern recognition for hosts, services, and content
mettle
This is an implementation of a native-code Meterpreter, designed for portability, embeddability, and low resource utilization.
metasploit-vulnerability-emulator
Created by Jin Qian via the GitHub Connector
meterpreter
THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
metasploit-omnibus
Packaging metasploit-framework with omnibus
ReflectiveDLLInjection
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
sonar
Project Sonar
warvox
No description provided for this repository.
dap
Data Analysis Pipeline
nexpose-client
DEPRECATED: Rapid7 Nexpose API client library written in Ruby
embedded-tools
No description provided for this repository.
myBFF
myBFF - a Brute Force Framework
Rapid7-Labs
Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.
metasploit-javapayload
THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
jsobfu
Obfuscate JavaScript (beyond repair) with Ruby
vm-automation
Created to simplify interactions with virtual machines
ruby_smb
A native Ruby implementation of the SMB Protocol Family
insightvm-sql-queries
InsightVM helpful SQL queries
insightconnect-plugins
Plugin source code for the InsightConnect SOAR product, developer documentation at https://docs.rapid7.com/insightconnect/getting-started
go-get-proxied
Cross platform retrieval of system proxy configurations
smbj-rpc
Created by Paul Miseiko via the GitHub Connector
metasploit_data_models
MSF database code, gemified
DLLHijackAuditKit
This toolkit detects applications vulnerable to DLL hijacking (released in 2010)
rex-powershell
Rex library for dealing with Powershell Scripts
mimikatz
A little tool to play with Windows security
metasploit-aggregator
Created by Jeffrey Martin via the GitHub Connector
nexpose-resources
Scripts, SQL queries, and other resources for Nexpose
le_java
Direct logging support for Java language
metasploit-credential
Code for modeling and managing credentials in Metasploit, implemented as a Rails Engine
re2-java
re2 for Java
pdf-renderer
Golang based app that will render an html page and create a pdf.
metasploit-baseline-builder
Created by Jeffrey Martin via the GitHub Connector
msfrpc-client
Rapid7 Metasploit API client library written in Ruby
resynth
A network packet synthesis language
sonar-client
No description provided for this repository.
akheron-proxy
UART proxy tool for inter-chip analysis.
insightvm-api-examples
Created by Ivan Quintanilla via the GitHub Connector
rex-text
Rex library for text generation and manipulation
FullAutoOSINT
No description provided for this repository.
metakitty
Metakitty, The Metasploit Resource Portal
metasploit-model
Common code, such as validators and mixins, that are shared between ActiveModels in metasploit-framework and ActiveRecords in metasploit_data_models
rex-socket
The Rex Socket Abstraction Library
vm-console-client-ruby
The UNOFFICIAL (but useful) Ruby gem for the Rapid7 InsightVM/Nexpose RESTful API
geppetto
Geppetto - Virtual machine and infrastructure orchestration
rapid7-bulk-export-mcp
Rapid7 Bulk Export MCP - AI-powered analysis for Rapid7 Command Platform data using MCP (Model Context Protocol) & AgentSkills.
attackerkb
Repo for creating-and-tracking issues related to AttackerKB
insightcloudsec-actions
No description provided for this repository.
rex-bin_tools
Created by David Maloney via the GitHub Connector
recog-java
Recog java
insightappsec-azure-devops-extension
Rapid7 InsightAppSec Extension for Azure DevOps
r7insight_js
Client-side JavaScript logging library for InsightOps
insightappsec-api-examples
Project intended to provide guides for InsightAppSec API examples and use cases
icon-integrations-validators
Validator tooling for InsightConnection integrations
recog-ruby
Recog-Ruby: Pattern Recognition using Rapid7 Recog
armor
This repository is no longer supported
r7insight_java
Java logging support for InsightOps
rex-encoder
Rex library providing the basis for all of the polymorphic encoders that Metasploit uses for payload encoding
r7insight_node
node logging support for InsightOps
r7insight_docker
Docker logging support for InsightOps
nmap
Nmap - the Network Mapper. Github mirror of official SVN repository.
omnibus
Easily create full-stack installers for your project across a variety of platforms.
metasploit-omnibus-cache
No description provided for this repository.
meterpreter-deps
No description provided for this repository.
komand-pymetasploit
A full-fledged msfrpc library for Metasploit framework.
github-status-checker
Status Checker tool for GitHub. Uses https://www.githubstatus.com/api
rex-core
Created by David Maloney via the GitHub Connector
metasploit-erd
Extensions to rails-erd to find clusters of models to generate subdomains specific to each model.
r7-surcom-connectors
Source code for Rapid7 Surface Command Connectors
rex-arch
Rex Library which contains architecture specific information such as registers, opcodes, and stack manipulation routines.
r7insight_ruby
Ruby logging support for InsightOps
metasploit-concern
Loads `ActiveSupport::Concern`s from `app/concerns` and and includes them in the appropriate class using `ActiveSupport.on_load(<underscored_class_name>)`.
csp-inline-agent-tcell
No description provided for this repository.
metasm
This is a mirror of the mercurial repository for metasm
aws-secrets-manager-rotation-lambda
Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager
autocompose
autocompose
metasploit-version
Shared examples for testing that the version of gems follow semantic naming rule tied to the branch and tag.
datahub-actions
DataHub Actions is a framework for responding to changes to your DataHub Metadata Graph in real time.
komand-python-whois
Fork of https://code.google.com/p/python-whois/ project. This fork adds the remainder of the WHOIS information to the Domain class.
sigar
System Information Gatherer And Reporter
r7insight_python
Python logging support for InsightOps
r7insight_php
PHP logging support for InsightOps
terraform-provider-rapid7
Rapid7 Terraform Provider
community-id-java
A Java implementation of the Community ID flow hashing standard
flink-tcell
Mirror of Apache Flink
tcell-deployment-examples
No description provided for this repository.
debezium-operator
No description provided for this repository.
debezium-server
Debezium Server runtime for standalone execution of Debezium connectors
idr-collector-image-eula
Repository for holding the SIEM collector EULA, to be referenced at https://hub.docker.com/r/rapid7/idr-collector Created by Thom Holmes via the GitHub Connector
iceberg
Apache Iceberg
rex-random_identifier
Rex Library for generating strings that conform to most standards for an identifier
ruby-advisory-db-tcell
A database of vulnerable Ruby Gems
LicenseFinder
Find licenses for your project's dependencies.
rb-readline
Pure-Ruby Readline Implementation
prism-ids
A suricata rule compiler and checker Created by Gianni Tedesco via the GitHub Connector
Frequently asked questions
What does rapid7 build on GitHub?
Rapid7 develops several security-focused projects on GitHub, including the Metasploit Framework for penetration testing and Metasploitable3, a VM designed for practicing security skills. Their repositories include tools for web application security and vulnerability assessment.
Which programming languages does rapid7 use?
Rapid7's public repositories primarily utilize languages such as Ruby, Python, Java, C, JavaScript, and HTML. This diverse language use supports their development of various security tools and applications.
Are rapid7's repositories public?
Yes, all of Rapid7's repositories are public on GitHub. This transparency allows developers and security professionals to access their tools and contribute to ongoing projects in the cybersecurity community.
Is this exposure intended?
Monitor Rapid7 with RepoGuard and get alerted the moment a new public repository appears.
Monitor this account