4da2554a2a
cleanup vim plugin
2026-05-07 20:06:32 -04:00
fa69f45366
docs
2026-05-07 15:36:07 -04:00
a394578488
vim plugin
2026-05-07 14:17:43 -04:00
98e588e066
Merge pull request #21410 from inkognitobo/fix/shiro-configurable-gadget-chain
...
Add configurable JAVA_GADGET_CHAIN option to Shiro module
2026-05-06 17:13:10 -04:00
b40623a0e1
ftp_anonymous: Move module
2026-05-06 13:32:12 +01:00
c15d513766
Add configurable JAVA_GADGET_CHAIN option to Shiro module
...
The gadget chain was previously hardcoded to CommonsCollections2.
Add a JAVA_GADGET_CHAIN OptEnum so operators can select the chain
that matches the target's classpath without modifying the module.
Default remains CommonsCollections2 to preserve existing behaviour.
2026-05-05 17:55:20 +02:00
22a9dc4522
Add docs
2026-04-30 14:54:09 -04:00
2634142f0d
Merge pull request #21323 from jheysel-r7/feat/http_to_ldap
...
HTTP to LDAP Relay Module
2026-04-29 15:20:10 -04:00
4847d88441
HTTP to LDAP Relay Module and Supporting Libraries
...
Remove unnecessary code
Remove commented out code
Added documentation
Responded to Spencer and Copilot
Add anonymous identity check
Doc update
Warning surpression
Renamed ldap_client to relayed_connection
Comments
2026-04-29 07:48:42 -07:00
2289fc07ce
Merge pull request #21260 from Takahiro-Yoko/langflow_rce_cve_2026_27966
...
Add Langflow RCE module (CVE-2026-27966)
2026-04-23 09:12:12 -05:00
f54374eaff
Update exploit to improve stability
2026-04-18 12:56:53 +09:00
08f6dc20a5
Merge pull request #21122 from bootstrapbool/camaleon_cms_cve_2024_46987
...
Camaleon CMS CVE 2024 46987
2026-04-17 09:13:07 -07:00
e7c5e0e4a3
Merge pull request #21238 from bcoles/loongarch64-chmod
...
Add Linux LoongArch64 chmod payload
2026-04-16 16:51:00 +01:00
0644f27cb6
Add module documentation, tests, and misc feedback
2026-04-16 16:18:46 +01:00
c887384546
Merge pull request #21275 from adfoster-r7/improve-mongobleed-checks
...
Improve mongobleed checks
2026-04-16 14:22:51 +01:00
b917de89c3
Merge branch 'rapid7:master' into langflow_rce_cve_2026_27966
2026-04-16 20:58:02 +09:00
d530230b5f
Reflects module name change in documentation.
2026-04-15 16:16:16 -04:00
f52184a566
Renames module
...
Places rails version check after downgrading concurrent-ruby
2026-04-15 16:07:15 -04:00
1bbfb699e1
Ensure curl
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2026-04-15 15:49:49 -04:00
c17c301e36
Merge pull request #21095 from LucasCsmt/multi/http/churchcrm_db_restore_rce
...
Adds exploit module for ChurchCRM authenticated RCE (CVE-2025-68109)
2026-04-15 14:22:56 -05:00
0ba59a1254
Update documentation/modules/exploit/multi/http/churchcrm_db_restore_rce.md
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2026-04-15 16:07:43 +01:00
1d5eae0f5b
Merge pull request #21034 from Chocapikk/add-module-opendcim-sqli-rce
...
Add openDCIM install.php SQLi to RCE module
2026-04-14 16:04:13 -04:00
addcd69205
Merge pull request #20933 from madefourit/persis_pwrshell_profile
...
Windows Persistence: Powershell Profile
2026-04-14 15:43:06 -04:00
31a2de9562
Merge pull request #20839 from h00die/bits
...
New persistence module: Microsoft Bits
2026-04-14 15:42:55 -04:00
5d5896d3a1
Formatting Fix/Improvement
2026-04-14 19:18:54 +00:00
fcdb16e69a
Document setup process for Camaleon CMS
2026-04-14 19:12:56 +00:00
5b6c2be9d1
Land #21003 , unifies Selenium Firefox and Chrome modules
...
Unified Selenium Grid/Selenoid RCE with Firefox + Chrome auto-detection
2026-04-14 16:32:06 +02:00
05914feb4d
module docs and description_formatted
2026-04-14 09:45:45 -04:00
0ba93b6ae3
module docs and description
2026-04-14 09:45:45 -04:00
14cd7fad47
module docs
2026-04-14 09:45:44 -04:00
9e506cc5a0
update pshell module
2026-04-14 09:45:43 -04:00
89d0115185
Improve mongobleed checks
2026-04-13 21:53:42 +01:00
a4d84fa734
Merge branch 'rapid7:master' into bits
2026-04-13 05:14:48 -04:00
8684cec986
Corrects check method
2026-04-11 20:28:28 -04:00
d441c07408
Corrects documentation
...
Removes unnecessary options
Removes credentials from logs
Refactors check method
Makes use of Rex::Version
Removes get_base_url in favor of relative filepaths in send_request_cgi
Other small changes
2026-04-11 19:31:22 -04:00
a90ec1071c
Merge pull request #21075 from Chocapikk/avideo-catname-sqli
...
Add AVideo catName blind SQLi credential dump (CVE-2026-28501)
2026-04-09 16:22:45 -05:00
a6d7502c8d
Add langflow_rce_cve_2026_27966 module
2026-04-09 22:12:10 +09:00
475f203760
windows telemetry persistence
2026-04-09 15:02:42 +02:00
3de026b88c
Merge pull request #21221 from cgranleese-r7/update-module-doc-template-with-example
...
Adds examples to module template markdown
2026-04-08 10:51:49 +01:00
db9f98e704
Adds examples to module template markdown
2026-04-08 09:25:08 +01:00
94ccd8bd20
Merge pull request #20948 from ArkaprabhaChakraborty/osticket
...
Add initial osticket arbitraray file read auxiliary module
2026-04-07 09:39:01 -07:00
08e29e833d
Merge pull request #20814 from h00die/s4u
...
s4u persistence updates
2026-04-07 05:22:01 -04:00
a0852387fc
Merge pull request #20752 from bwatters-r7/feature/certificate-web-enrollment
...
Add Authenticating Web Enrollment module for AD/CS
2026-04-06 15:27:28 -04:00
0f156364eb
Merge pull request #21158 from sfewer-r7/CVE-2026-20127
...
Add auxiliary module for Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE-2026-20127)
2026-04-02 09:50:22 -07:00
1d41776cf8
Merge pull request #21032 from Nayeraneru/UserInitMprLogon
...
windows persistence userinit_mpr_logon
2026-04-01 14:59:36 -04:00
34c7a18ef4
Merge pull request #21217 from dineshg0pal/fix/small-typo-fixes
...
Fix: small typo's in Documentation
2026-04-01 12:38:25 -04:00
b668069682
fix: corrected SHA12 to SHA512
2026-04-01 21:32:28 +05:30
7bdfdf9703
fix: removed extra "use" in cmd lines
2026-04-01 21:29:21 +05:30
fe0c7e4e97
fix: removed "are" duplicate
2026-04-01 21:25:00 +05:30
2d4c3e748e
fix: removed duplicate "which"
2026-04-01 21:22:38 +05:30
h00die