Metasploit
Rapid7 penetration testing and exploitation framework
About this crawler
Metasploit is a web crawler identified by the regular-expression pattern Metasploit in the User-Agent request header. It is categorised as scanner. Use the regex above to detect, log, allow, or block Metasploit traffic in your web server, CDN edge rules, or robots.txt.
Block-rate · top 25k sites
No block-rate data for this crawler.
Technical details
- Name
- Metasploit
- Pattern
Metasploit- Tags
- scanner
- Reference
- https://www.metasploit.com/
- Added
- 2026/05/02
- rDNS suffixes
.metasploit.com- Instances
- 0 known sample(s)
rDNS verification (FCrDNS)
Verify a request is genuinely Metasploit with forward-confirmed reverse DNS: the client IP's PTR record must end in one of the suffixes below and a forward A/AAAA lookup of that hostname must return the same IP. UA strings alone are spoofable; FCrDNS is not.
.metasploit.com
Sample User-Agent strings
no public sample user-agents recorded.
Block this crawler
robots.txt — disallow Metasploit:
User-agent: Metasploit
Disallow: /
Apache .htaccess — return 403:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} Metasploit [NC]
RewriteRule .* - [F,L]
Nginx — return 403 inside a server block:
if ($http_user_agent ~* "Metasploit") {
return 403;
}
← back to all crawlers