Velociraptor

by Velocidexv0.65.3

Last updated Jun 8, 2026

Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.

Install with winget

$ winget install --id Velocidex.Velociraptor --exact --version 0.65.3

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Velociraptor

Velociraptor uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i velociraptor-v0.6.5-windows-amd64.msi /quiet /norestart

See the full silent install reference for Velociraptor →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v0.65.3

Architecture	Type	Scope	Install	Download
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

13 known CVEs via NVD

high8.0Fix in v0.76.3CVE-2026-6290affects before 0.76.3Apr 15, 2026
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries...
Vendor advisory
high8.5Fix in v0.76.3CVE-2026-5329affects before 0.76.3Apr 9, 2026
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a...
Vendor advisory
medium6.8Fix in v0.75.6CVE-2025-14728affects before 0.75.6Dec 29, 2025
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occu...
Patch Vendor advisory
medium5.5Fix in v0.74.3CVE-2025-6264affects before 0.74.3Jun 19, 2025
Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like...
Vendor advisory
high8.6Patched in wingetCVE-2023-5950affects before 0.6.9-1Nov 6, 2023
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerabilit...
low3.3Patched in wingetCVE-2023-2226affects before 0.6.8Apr 21, 2023
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious f...
medium4.3Patched in wingetCVE-2023-0290affects before 0.6.7-5Jan 18, 2023
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the serve...
high8.8Patched in wingetCVE-2023-0242affects before 0.6.7-5Jan 18, 2023
Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files...
Vendor advisory

Showing 8 of 13. Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install Velociraptor on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Velocidex.Velociraptor --exact --version 0.65.3. winget downloads the installer from Velocidex and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Velociraptor silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Velocidex.Velociraptor --exact 0.65.3 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Velociraptor?

Velociraptor uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i velociraptor-v0.6.5-windows-amd64.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Velociraptor via winget?

Run: winget uninstall --id Velocidex.Velociraptor --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Velociraptor's Apps & Features entry.

Is Velociraptor free?

Velociraptor is distributed under GNU Affero General Public License, Version 3. Refer to the publisher (https://docs.velociraptor.app/) for the full license terms - Wingetly itself does not charge for installation.

Does Velociraptor work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Velociraptor directly from the publisher.

How do I keep Velociraptor up to date?

Run winget upgrade --id Velocidex.Velociraptor --exact, or winget upgrade --all to update everything winget tracks. We index 8 versions of Velociraptor from microsoft/winget-pkgs.

Recent versions

0.65.3latest
0.63.0
0.62.2
0.61.4
0.60.3
0.7.1
0.7.0
0.6.9