adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
81,239 Commits 27 Branches 1,043 Tags
master
Commit Graph

3687 Commits

Author SHA1 Message Date
inkognitobo c15d513766 Add configurable JAVA_GADGET_CHAIN option to Shiro module 
The gadget chain was previously hardcoded to CommonsCollections2.
Add a JAVA_GADGET_CHAIN OptEnum so operators can select the chain
that matches the target's classpath without modifying the module.

Default remains CommonsCollections2 to preserve existing behaviour.
 2026-05-05 17:55:20 +02:00
cgranleese-r7 7b3aef8ede Merge pull request #21353 from adfoster-r7/improve-checkcode-messages-6 
Add human-readable descriptions to CheckCode returns in modules
 2026-04-30 10:43:21 +01:00
adfoster-r7 b59ced5057 Add human-readable descriptions to CheckCode returns in multi/http exploit modules (A-O) 2026-04-30 00:25:30 +01:00
adfoster-r7 e00515c172 Update logic for aux modules having called report_vuln already 2026-04-24 16:26:49 +01:00
cgranleese-r7 7c4f15a024 Merge pull request #21354 from adfoster-r7/improve-checkcode-messages-7 
Add human-readable descriptions to CheckCode returns in modules
 2026-04-24 16:13:19 +01:00
Brendan 2289fc07ce Merge pull request #21260 from Takahiro-Yoko/langflow_rce_cve_2026_27966 
Add Langflow RCE module (CVE-2026-27966)
 2026-04-23 09:12:12 -05:00
adfoster-r7 96a37da14a Add human-readable descriptions to CheckCode returns in multi/http exploit modules (P-Z) 2026-04-23 12:26:32 +01:00
Brendan 6b57b4c66f Merge pull request #21256 from g0tmi1k/webdav 
WebDAV improvements
 2026-04-20 15:30:43 -05:00
Takah1ro f54374eaff Update exploit to improve stability 2026-04-18 12:56:53 +09:00
g0t mi1k 94b4f577e0 WebDAV: MR feedback 2026-04-17 22:19:26 +01:00
Takah1ro a47234778c Increase WfsDelay 2026-04-17 23:54:43 +09:00
Takah1ro 3cfbb90b0f Fix bug 2026-04-17 07:31:25 +09:00
Takahiro Yokoyama 4c5ed36c88 Update modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2026-04-17 07:10:53 +09:00
Takah1ro 4973d666ff Relocate json to an external file 2026-04-16 21:57:07 +09:00
Takahiro Yokoyama b917de89c3 Merge branch 'rapid7:master' into langflow_rce_cve_2026_27966 2026-04-16 20:58:02 +09:00
Brendan c17c301e36 Merge pull request #21095 from LucasCsmt/multi/http/churchcrm_db_restore_rce 
Adds exploit module for ChurchCRM authenticated RCE (CVE-2025-68109)
 2026-04-15 14:22:56 -05:00
Brendan 4c421532d6 Merge pull request #21288 from g0tmi1k/AutoCheck 
Add AutoCheck to various exploit modules
 2026-04-14 09:59:25 -05:00
g0t mi1k 8bb476a7f5 WebDAV: Misc formatting 2026-04-14 06:28:55 +01:00
g0t mi1k d2ea521ba3 WebDAV: Add check() function 2026-04-14 06:28:45 +01:00
g0t mi1k 10fd6b9ef8 Add AutoCheck to various exploit modules 2026-04-14 06:21:15 +01:00
adfoster-r7 44a6da0e53 Merge pull request #21078 from Chocapikk/fix-churchcrm 
Fix ChurchCRM unauthenticated RCE module
 2026-04-13 10:36:18 +01:00
Takah1ro 2f15039985 Lint formatting 2026-04-10 23:44:26 +09:00
Takah1ro 4dcf67865a minor change 2026-04-09 22:18:01 +09:00
Takah1ro a6d7502c8d Add langflow_rce_cve_2026_27966 module 2026-04-09 22:12:10 +09:00
g0t mi1k 4f38ec3393 WebDAV: Improve response 2026-04-08 17:03:16 +01:00
g0t mi1k 0f4db29f2b WebDAV: Creds is optional 2026-04-08 17:03:16 +01:00
g0t mi1k 328c2e5845 WebDAV: Update workspace 2026-04-08 17:03:16 +01:00
g0t mi1k 918281a5dc WebDAV: Clean up after exploiting 2026-04-08 17:03:16 +01:00
g0t mi1k 6603450572 WebDAV: PATH -> URI 2026-04-08 17:03:16 +01:00
g0t mi1k 2979dafdf4 WebDAV: Make rubocop happy 2026-04-08 17:03:07 +01:00
g0t mi1k 437b8a7cf6 WebDAV isn't just for Windows 2026-04-08 16:36:35 +01:00
g0t mi1k b338c774cd Split HEADERS using '=' rather than ':' 2026-04-05 07:30:32 +01:00
Christophe De La Fuente 09a59af789 Merge pull request #21069 from Chocapikk/add-module-freescout-htaccess-rce 2026-03-31 18:09:30 +02:00
msutovsky-r7 6d4b268f9f Land #21029, adds module for Grav CMS (CVE-2025-50286) 
Adds exploit module for Grav CMS (CVE-2025-50286)
 2026-03-31 14:47:44 +02:00
adfoster-r7 438b8e0875 Merge pull request #21102 from zeroSteiner/fix/re-add-20989 
Reapply "This adjusts module options that need a routable address"
 2026-03-30 14:50:05 +01:00
Valentin Lobstein 2a1ebdb996 Update modules/exploits/multi/http/freescout_htaccess_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2026-03-27 19:30:47 +01:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
x1o3 de81c5f0dc plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:45:20 +05:30
Chocapikk 140b58f429 Fix: address PR review feedback for freescout htaccess rce module 2026-03-27 00:34:22 +01:00
Valentin Lobstein 3f718d77b4 Update modules/exploits/multi/http/freescout_htaccess_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2026-03-27 00:29:57 +01:00
Spencer McIntyre 700d063645 Implement copilot feedback 2026-03-26 14:43:33 -04:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
g0t mi1k 17161c42e2 Make Rubocop happy 2026-03-25 13:39:20 +00:00
g0t mi1k 89af3ad558 Sync datastore_headers 
Note: This code was suggested by a LLM (Copilot) in the MR
 2026-03-25 13:32:46 +00:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Valentin Lobstein 3414611a3d Refactor: Use inherited SSL option from HttpClient instead of HTTPSSL 2026-03-14 00:07:28 +01:00
Valentin Lobstein c5c6c34232 Refactor: Remove HTTPSSL option, auto-detect SSL from port 443 2026-03-14 00:04:49 +01:00
Valentin Lobstein d01a2689bb Fix: Use HttpClient bind_call for full HTTP feature inheritance 
Replace standalone Rex::Proto::Http::Client with bind_call on
HttpClient's connect method to bypass SMTPDeliver MRO conflict
while preserving SSL, proxy, basic auth, and vhost support.
Add HTTPSSL option for HTTPS targets.
 2026-03-14 00:02:04 +01:00
Valentin Lobstein db3654eebf Fix: Address Copilot review feedback and fix cmd/dropper targets 
- Fix http_send: use standalone Rex::Proto::Http::Client to avoid
  SMTPDeliver/HttpClient connect() method conflict
- Fix cmd/dropper PHP stub: remove double $$ variable (vars[:cmd_varname]
  already includes $ prefix)
- Fix cmd/dropper unlink: use cleanup POST param instead of inline
  @unlink to preserve shell across multiple stager requests
- Fix wait_for_cron: use .to_i % fetch for correct modulo calculation
- Fix dir_exists?: use res&.redirect? instead of res&.code == 301
- Fix docs: RHOSTS -> RHOST (SMTPDeliver registers singular RHOST)
- Remove manual Date header (SMTPDeliver handles it)
- Update scan_paths comment to reflect MD5 digit extraction
- Replace php_exec_cmd with manual preamble + system_block stub
 2026-03-13 23:38:30 +01:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00