adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
81,239 Commits 27 Branches 1,043 Tags
master
Commit Graph

4970 Commits

Author SHA1 Message Date
h00die 4da2554a2a cleanup vim plugin 2026-05-07 20:06:32 -04:00
h00die 5e39ced730 convert persistence mkdirs to lib function 2026-05-07 14:31:12 -04:00
h00die a394578488 vim plugin 2026-05-07 14:17:43 -04:00
tart0ru5 fd6df3fb81 Improve failure condition checks 
The prior check silently passes when `res` is `nil` (e.g. request
timeout / host unreachable), because `nil != 403` evaluates to `true`
 2026-05-06 11:58:50 +08:00
Spencer McIntyre 0c81638fff Fix ARMLE exec and add to Copy Fail 2026-04-30 20:03:04 -04:00
Brendan dc97d1e97e Merge pull request #21395 from zeroSteiner/feat/cve-2026-31431 
Add exploit for CVE-2026-31431 (Copy Fail)
 2026-04-30 17:19:08 -05:00
Spencer McIntyre 66995d3987 Only allow x64 and AARCH64 for now 2026-04-30 17:51:30 -04:00
Spencer McIntyre cdcdb5fe88 Normalize reported ARMLE architectures from Meterpreter 2026-04-30 17:09:33 -04:00
Spencer McIntyre 0e02f10078 Add support for more architectures 2026-04-30 17:09:32 -04:00
Spencer McIntyre e14ce079bb Appease rubocop 2026-04-30 15:18:18 -04:00
Spencer McIntyre 22a9dc4522 Add docs 2026-04-30 14:54:09 -04:00
Spencer McIntyre 55f9216698 Finish the exploit check and cleanup methods 2026-04-30 14:39:46 -04:00
Spencer McIntyre 12e08fb451 Add an expanded check 2026-04-30 10:54:17 -04:00
adfoster-r7 3bee31ff5e Update checkcodes and bug fixes 2026-04-30 15:42:10 +01:00
Spencer McIntyre d0a205f776 Add the initial LPE exploit 2026-04-30 09:53:35 -04:00
cgranleese-r7 1142d4e15d Merge pull request #21351 from adfoster-r7/improve-checkcode-messages-4 
Add human-readable descriptions to CheckCode returns modules
 2026-04-23 12:54:31 +01:00
cgranleese-r7 591dbdd821 Merge pull request #21350 from adfoster-r7/improve-checkcode-messages-3 
Add human-readable descriptions to CheckCode returns in modules
 2026-04-23 11:33:27 +01:00
adfoster-r7 c38f6b4858 Update checkcodes and bug fixes 2026-04-23 10:20:53 +01:00
adfoster-r7 05befe18b1 Add human-readable descriptions to CheckCode returns in linux/local exploit modules 2026-04-22 15:06:59 +01:00
adfoster-r7 2cbb3942b6 Add human-readable descriptions to CheckCode returns in linux/http exploit modules (A-M) 2026-04-22 13:08:59 +01:00
adfoster-r7 19d333df13 Add human-readable descriptions to CheckCode returns in linux/http exploit modules (N-Z) 2026-04-22 11:55:15 +01:00
Diego Ledda 1d5eae0f5b Merge pull request #21034 from Chocapikk/add-module-opendcim-sqli-rce 
Add openDCIM install.php SQLi to RCE module
 2026-04-14 16:04:13 -04:00
msutovsky-r7 5b6c2be9d1 Land #21003, unifies Selenium Firefox and Chrome modules 
Unified Selenium Grid/Selenoid RCE with Firefox + Chrome auto-detection
 2026-04-14 16:32:06 +02:00
Chocapikk 62e2c336d0 Remove old Selenium modules replaced by unified selenium_greed_rce 2026-04-14 12:32:51 +02:00
Martin Sutovsky db0fe4aaef Fixes Python payload delivery for Firefox profile 2026-04-14 10:17:04 +02:00
Chocapikk d84b09a16e Fix: Wrap Python payload for Firefox profile handler 
The Firefox exploit path delivers payloads via a MIME handler mapped to
/bin/sh. When using the default Python target, the raw Python payload
would fail to execute in /bin/sh. Wrap it with python3 -c so the shell
can invoke it correctly.
 2026-04-13 17:57:48 +02:00
bcoles 338db0cabd Add RISC-V arch support to Linux local exploit modules 
Add ARCH_RISCV64LE and ARCH_RISCV32LE to the supported architecture
lists of 9 Linux local privilege escalation modules that use generic
EXE payload dropping and are not dependent on pre-compiled
architecture-specific exploit binaries.

This allows these modules to be used on RISC-V targets with the
existing RISC-V payload set.
 2026-04-05 02:15:16 +11:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
msutovsky-r7 0976f88058 Land #20835, adds module unauthenticated command injection Eclipse Che machine-exec (CVE-2025-12548) 
Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548)
 2026-03-25 14:39:01 +01:00
jheysel-r7 81faae13ca Merge pull request #21033 from Alpenlol/barracuda-esg-cve-2023-2868 
Add exploit for CVE-2023-2868 Barracuda ESG command injection
 2026-03-23 13:18:34 -07:00
Curt Hyvarinen f14b640de8 Fix rubocop spacing offenses in Author block 2026-03-23 12:40:48 -07:00
Curt Hyvarinen 5d7a154b19 Credit cfielding-r7 as original PoC author 2026-03-23 10:45:41 -07:00
Brendan 5b5d1dbfaa Merge pull request #21076 from Chocapikk/avideo-encoder-getimage-cmd-injection 
Add AVideo Encoder getImage.php command injection (CVE-2026-29058)
 2026-03-18 18:46:32 -05:00
msutovsky-r7 b3aa45fb09 Land #20719, adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328) 
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
 2026-03-13 11:00:43 +01:00
adfoster-r7 510ec29a63 Merge pull request #21046 from msutovsky-r7/exploit/beyondtrust/updates_description 
Updates description for BeyondTrust command injection
 2026-03-13 00:23:40 +00:00
Curt Hyvarinen 488cd0f9eb remove test artifact 2026-03-12 13:41:50 -07:00
Curt Hyvarinen a56e0d0259 Remove require rubygems/package, use Rex::Tar::Writer for monkey-patch 2026-03-12 13:24:56 -07:00
Curt Hyvarinen 63561130af Address PR review feedback for CVE-2023-2868 module 2026-03-12 12:59:30 -07:00
Valentin Lobstein ee2ee34b9e Refactor: Extract shared logic in exploit method for openDCIM module 
Factor out duplicated print_status and backup_config calls, extract
trigger_exec and cleanup_config helpers for readability.
 2026-03-12 20:56:33 +01:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00
Valentin Lobstein f34a0b5d31 Fix: Address PR review feedback for openDCIM module 
Add ARTIFACTS_ON_DISK side effect and fetch payload note in docs.
 2026-03-12 20:44:19 +01:00
g0t mi1k f7c4aac453 OptAddress -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k b2f1e46c82 OptString -> OptAddress 2026-03-12 16:41:25 +00:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
gregd 1f55aa724a Apply reviewer feedback: CheckCode::Appears, ARTIFACTS_ON_DISK, simplify connect 
- Use CheckCode::Appears instead of CheckCode::Vulnerable per convention
  - Add ARTIFACTS_ON_DISK to SideEffects for dropper target
  - Simplify connect call by removing unnecessary uri argument
 2026-03-10 13:07:03 +00:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Valentin Lobstein dfe73bb4c5 Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058) 
Unauthenticated OS command injection via the base64Url parameter in
getImage.php. The URL is interpolated into an ffmpeg shell command
without escapeshellarg(), and FILTER_VALIDATE_URL does not block
shell metacharacters in the URL path.
 2026-03-06 21:30:12 +01:00
Diego Ledda 1ec87b586a Merge pull request #20989 from zeroSteiner/feat/lib/mod-address-opts 
This adjusts module options that need a routable address
 2026-03-05 11:46:52 -05:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Valentin Lobstein bf41455bca Fix: Address review feedback - remove dead execute_command, fix dropper race condition 2026-03-05 14:01:12 +01:00