79b0fd6edc
Use rex-text hex string helper, fix module assembly null-terminated string usage
...
Use rex-text to_hex_cstring keyword arg
2026-05-08 16:41:39 +01:00
d33c2f6600
Re-enabled payload cache size CI specs
2026-05-08 16:35:59 +01:00
557ff0d068
Defer loading dependencies
2026-05-01 00:07:59 +01:00
dc97d1e97e
Merge pull request #21395 from zeroSteiner/feat/cve-2026-31431
...
Add exploit for CVE-2026-31431 (Copy Fail)
2026-04-30 17:19:08 -05:00
c0e5ceb531
Add an AARCH64 exec payload
2026-04-30 17:09:32 -04:00
a0c5b9a6bc
Merge pull request #21315 from cdelafuente-r7/mcp-server
...
MCP Server, specs and documentation
2026-04-30 16:33:18 -04:00
6f3884e832
Redesign the logging capability using Rex::Logging and Rake middleware
...
- remove the original Logger
- use Rex::Logging with helper methods (dlog, ilog, etc.)
- add `sanitize` configuration option
- create Sanitizing, JsonFlatfile and JsonStream sinks for JSON logging format
- minor updates in apply_default (Loader)
- update the re-authentication logic (fix a specific usecase)
- add a Rack middleware that logs MCP HTTP request/response
- use Rex::Socket::Tcp instead of TcpSocket
- update the ensure_rpc_available for better validation
- use around_request instead of the deprecated SDK instrumentation for logging
- update and add specs
2026-04-30 11:10:09 +02:00
2634142f0d
Merge pull request #21323 from jheysel-r7/feat/http_to_ldap
...
HTTP to LDAP Relay Module
2026-04-29 15:20:10 -04:00
2153daad7b
Update the specs
2026-04-29 14:38:29 -04:00
4847d88441
HTTP to LDAP Relay Module and Supporting Libraries
...
Remove unnecessary code
Remove commented out code
Added documentation
Responded to Spencer and Copilot
Add anonymous identity check
Doc update
Warning surpression
Renamed ldap_client to relayed_connection
Comments
2026-04-29 07:48:42 -07:00
e00515c172
Update logic for aux modules having called report_vuln already
2026-04-24 16:26:49 +01:00
3ecbadd032
Improve vuln and vuln attempt tracking
2026-04-24 16:26:49 +01:00
8587d1c211
Skip payload cached size specs
2026-04-22 16:31:51 +01:00
44a45ffdbf
Switch to Rex::Logging
2026-04-20 18:14:56 -04:00
2dbfcfb918
Merge pull request #21232 from bcoles/file-find_writable_directories
...
Add find_writable_directories to Msf::Post::File
2026-04-20 16:33:53 -05:00
820e737024
Update from code review and some fixes
...
- add the `--mcp-transport` option
- prefix the MCP env. variable with `MSF_`
- move the code under `lib/msf/core/mcp/`
- move specs under `spec/lib/msf/core/mcp/`
- change the namespace from `MsfMcp` to `Msf::RPC`
- update the `lib/msf_autoload.rb` to exclude the mcp-related files
- add missing validation for the `mcp`, `rate_limit and `logging` sections in the config file
- remove duplicate error exception classes
- fix an error in the transformers related to the `created_at` field
- fix a small issue in the input validator when regex are used
- update the way error is reported for MCP Tools to be compatible with the changes in the new `mcp` gem
- update and add specs
2026-04-20 18:29:21 +02:00
19112a0212
Merge pull request #21231 from bcoles/msf-module-cache
...
Module metadata: Fix stale module detection and add per-type metadata index
2026-04-17 11:25:44 +01:00
785307f55e
Module metadata: Fix stale module detection and add per-type metadata index
2026-04-17 19:41:18 +10:00
04ffe3ce3b
MCP Server, specs and documentation
2026-04-16 19:31:35 +02:00
6821066217
Add find_writable_directories to Msf::Post::File
...
Add a method to discover writable directories on Unix targets using the
`find` command. This is useful in post-exploitation scenarios where a
module needs to locate a writable staging path.
Parameters:
- path: base directory to search (default: /)
- max_depth: find -maxdepth limit (default: 2)
- timeout: maximum seconds for cmd_exec to wait (default: 15)
Raises on Windows sessions. Returns an array of absolute paths, or nil
on failure. Non-absolute lines (e.g. find error messages) are filtered
from the output.
2026-04-17 02:31:19 +10:00
e7c5e0e4a3
Merge pull request #21238 from bcoles/loongarch64-chmod
...
Add Linux LoongArch64 chmod payload
2026-04-16 16:51:00 +01:00
0644f27cb6
Add module documentation, tests, and misc feedback
2026-04-16 16:18:46 +01:00
214256ffe8
Merge pull request #21310 from zeroSteiner/fix/remove-eshell-payloads
...
Remove the encrypted shell payload and libs
2026-04-16 04:13:02 -04:00
91633fdad7
Remove the encrypted shell payload and libs
2026-04-15 12:43:29 -04:00
c81a2ee9e3
Merge pull request #21287 from zeroSteiner/fix/exe-compat
...
Fix EXE template compatibility with Windows Server 2000
2026-04-15 11:30:34 -04:00
862b1e1aaa
Add the test since it'll work now
2026-04-14 17:28:44 -04:00
8dab0bbba0
Add tests so this doesn't break again in the future
2026-04-14 11:32:38 -04:00
ee5ba948d7
Merge pull request #21286 from Hemang360/add-def_mkdir-toggle
...
Add cleanup toggle to file mixin mkdir method
2026-04-14 10:10:09 -05:00
1113a5e109
Merge pull request #21252 from zeroSteiner/feat/adcs/api-consolidation
...
Feat/adcs/api consolidation
2026-04-13 15:52:55 -05:00
e0c3ecfd74
Add tests for mkdir method
2026-04-14 02:18:15 +05:30
4ce14e6696
Merge pull request #21268 from adfoster-r7/update-checkcode-usage-in-aux-modules
...
Update checkcode usage in aux modules
2026-04-13 11:50:02 +01:00
9a613fc249
Add rubocop rule
2026-04-10 16:18:04 +01:00
a90ec1071c
Merge pull request #21075 from Chocapikk/avideo-catname-sqli
...
Add AVideo catName blind SQLi credential dump (CVE-2026-28501)
2026-04-09 16:22:45 -05:00
536b34a0e4
Update cache sizes for bash payloads
2026-04-09 16:23:35 +01:00
657310042b
Remove extra OID definitions
2026-04-09 10:37:05 -04:00
b7e7de2fa4
Update the specs so they pass again
2026-04-09 10:37:05 -04:00
9cedb4a069
Refactor the method name to namespace it to icpr
2026-04-09 10:37:05 -04:00
4d02f92fab
Consolidate the attribute creation
2026-04-09 10:37:05 -04:00
dac67e6ee6
Update the specs
2026-04-09 10:37:05 -04:00
6c24a059ae
Merge pull request #21031 from zeroSteiner/fix/issue/20959
...
LDAP Reporting Improvements
2026-04-08 10:39:17 +01:00
a0852387fc
Merge pull request #20752 from bwatters-r7/feature/certificate-web-enrollment
...
Add Authenticating Web Enrollment module for AD/CS
2026-04-06 15:27:28 -04:00
06edc3d08f
change minor syntax and raise exception for rsa keylength mismatch
2026-04-06 13:12:47 -05:00
45942c8d5e
Merge pull request #21180 from jheysel-r7/feat/lib/relay_functionality_refactor
...
Refactor reusable relay classes out of the SMB directory
2026-04-03 17:10:56 -04:00
aced72809e
Merge pull request #21153 from Nayeraneru/fixed/datastore_AdvancedOptions
2026-04-03 17:53:16 +02:00
d10341befd
Fixes for different paths to create_csr and build_csr
2026-04-02 16:23:34 -05:00
4125b209f8
Refactor reusable relay classes out of SMB directory
...
Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-04-02 13:14:06 -07:00
d11e41ddfb
Merge pull request #21143 from SaiSakthidar/php-meterpreter-tcp-server-tests
...
Php meterpreter tcp server tests
2026-04-02 09:12:37 -04:00
5e3789d16a
Merge pull request #21048 from zeroSteiner/feat/mod/socks-proxy/fiber-update
...
Update the SOCKS proxy to use the new RelayManager
2026-04-02 05:48:06 -04:00
21fbe713ef
Merge pull request #21214 from adfoster-r7/add-additional-validation-to-db-import
...
Add additional validation to db_import
2026-04-01 20:03:59 +01:00
3f757d9880
Merge pull request #21172 from bwatters-r7/feature/x86_windows_fetch
...
Add HTTP and HTTPS fetch payloads for Windows x86
2026-04-01 14:34:36 -04:00
sjanusz-r7