f3b07d5a49
Add human-readable descriptions to CheckCode returns in auxiliary and post modules
2026-04-22 13:56:54 +01:00
2cbb3942b6
Add human-readable descriptions to CheckCode returns in linux/http exploit modules (A-M)
2026-04-22 13:08:59 +01:00
b7f136077e
smb_version: Be more verbose - show smb1 if possible
2026-04-22 13:08:20 +01:00
0474c0ce24
smb_version: Add spacing between :
2026-04-22 13:08:20 +01:00
1d9c922488
Make smb_version happy with smbv1
2026-04-22 13:08:19 +01:00
25d7c25ad8
Merge pull request #21346 from adfoster-r7/fix-false-positive-on-couchdb-enum-check
...
Fix false positive on couchdb enum check
2026-04-22 12:38:47 +01:00
19d333df13
Add human-readable descriptions to CheckCode returns in linux/http exploit modules (N-Z)
2026-04-22 11:55:15 +01:00
6e992aa6ed
Fix false positive on couchdb enum check
2026-04-21 22:48:27 +01:00
9efc727462
automatic module_metadata_base.json update
2026-04-21 17:21:45 +00:00
4c0f2c29bc
Merge pull request #21019 from g0tmi1k/phpmyadmin_config
2026-04-21 19:13:04 +02:00
9692b8865f
automatic module_metadata_base.json update
2026-04-21 17:08:11 +00:00
6a00ea38c6
Merge pull request #21306 from dledda-r7/feat/block-api-randomization
...
Block Api ROR13 IV randomization
2026-04-21 12:58:30 -04:00
946d1a44b5
Fix Notes format (array)
2026-04-21 18:43:54 +02:00
cca7166eb4
automatic module_metadata_base.json update
2026-04-21 15:05:42 +00:00
a918184416
Merge pull request #21344 from adfoster-r7/fix-elasticsearch-traversal-check-support
...
Fix elasticsearch traversal check support
2026-04-21 15:57:26 +01:00
81f1a7c86a
Fix elasticsearch traversal check support
2026-04-21 15:18:58 +01:00
97ab01cddd
Merge pull request #21340 from dledda-r7/ci/disable-meterpreter-ci
...
Disable Windows Server 2022 CI
2026-04-21 15:01:35 +01:00
b9573fa0ce
ops(meterpreter): disable windows server 2022 build until 141_xp dependency is removed
2026-04-21 05:55:29 -04:00
e40422845b
fix: block_api.rb update
2026-04-21 05:43:34 -04:00
20065b3f3d
Fix the include errors
2026-04-20 18:36:00 -04:00
44a45ffdbf
Switch to Rex::Logging
2026-04-20 18:14:56 -04:00
2dbfcfb918
Merge pull request #21232 from bcoles/file-find_writable_directories
...
Add find_writable_directories to Msf::Post::File
2026-04-20 16:33:53 -05:00
ae63cb9b1d
automatic module_metadata_base.json update
2026-04-20 20:41:14 +00:00
6b57b4c66f
Merge pull request #21256 from g0tmi1k/webdav
...
WebDAV improvements
2026-04-20 15:30:43 -05:00
820e737024
Update from code review and some fixes
...
- add the `--mcp-transport` option
- prefix the MCP env. variable with `MSF_`
- move the code under `lib/msf/core/mcp/`
- move specs under `spec/lib/msf/core/mcp/`
- change the namespace from `MsfMcp` to `Msf::RPC`
- update the `lib/msf_autoload.rb` to exclude the mcp-related files
- add missing validation for the `mcp`, `rate_limit and `logging` sections in the config file
- remove duplicate error exception classes
- fix an error in the transformers related to the `created_at` field
- fix a small issue in the input validator when regex are used
- update the way error is reported for MCP Tools to be compatible with the changes in the new `mcp` gem
- update and add specs
2026-04-20 18:29:21 +02:00
bd2e11ad55
Merge pull request #21331 from bcoles/metadata-obj
...
Metadata::Obj: Deduplicate notes hash strings and memoize `Obj#path` to reduce retained memory in the module metadata cache
2026-04-20 16:55:33 +01:00
6acac8e120
automatic module_metadata_base.json update
2026-04-20 13:31:53 +00:00
a53d0a027b
Merge pull request #21332 from adfoster-r7/remove-false-positive-from-nodejs-pipelining-check
...
Remove false positive from nodejs pipelining check
2026-04-20 14:22:23 +01:00
46553b5984
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-20 15:19:47 +02:00
5622bd254b
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-20 15:19:07 +02:00
2c58825343
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-20 15:18:54 +02:00
f060acd1e9
Remove false positive from nodejs pipelining check
2026-04-20 14:02:56 +01:00
09bb98d13e
Memoize Obj#path to avoid repeated File.join
...
The install_root path is immutable at runtime, so cache the computed
full path on first access instead of calling File.join on every call.
2026-04-20 22:19:55 +10:00
76a7f61465
Deduplicate notes hash keys and values in metadata Obj
...
Notes keys ("Stability", "SideEffects", "Reliability") and values
("crash-safe", "ioc-in-logs", etc.) are repeated across thousands of
modules. Use frozen string dedup (-str) to share a single object per
unique string, reducing ~24K string allocations to ~185 shared objects.
2026-04-20 22:17:40 +10:00
e09a38085c
Merge pull request #21330 from bcoles/modules-loader
...
Replace Pathname with string prefix removal in directory module loader
2026-04-20 11:45:33 +01:00
fe1aeb9279
Merge pull request #21329 from bcoles/modulemanager-cache
...
Simplify get_parent_path with rindex instead of split/join
2026-04-20 11:30:04 +01:00
9b985dc1ef
Merge pull request #21327 from tair-m/master
...
Fix uninitialized constant HTTP::CookieJar by correcting load order in http_cookie_jar.rb
2026-04-20 10:39:02 +01:00
a8ccdfc1e4
Simplify get_parent_path with rindex instead of split/join
...
Replace File.join + String#split + array slice + Array#join with a
single String#rindex lookup. This avoids allocating intermediate arrays
and strings on every call (once per cached module during startup).
2026-04-20 18:22:53 +10:00
b1c4fd3f39
Replace Pathname with string prefix removal in directory module loader
...
Msf::Modules::Loader::Directory#each_module_reference_name created two
Pathname objects per module file and called relative_path_from to derive
the module reference name. With ~5,000 module files this produced
~170,000 calls to Pathname#chop_basename internally.
Since Rex::Find.find always yields absolute paths rooted at
full_entry_path, simple String#delete_prefix achieves the same result
without allocating Pathname objects.
2026-04-20 18:14:54 +10:00
f54374eaff
Update exploit to improve stability
2026-04-18 12:56:53 +09:00
4607741a16
Fix LoadError in http_cookie_jar for Ruby 3.3.0
2026-04-18 07:17:26 +05:00
94b4f577e0
WebDAV: MR feedback
2026-04-17 22:19:26 +01:00
046ba861b3
automatic module_metadata_base.json update
2026-04-17 16:21:38 +00:00
08f6dc20a5
Merge pull request #21122 from bootstrapbool/camaleon_cms_cve_2024_46987
...
Camaleon CMS CVE 2024 46987
2026-04-17 09:13:07 -07:00
a47234778c
Increase WfsDelay
2026-04-17 23:54:43 +09:00
92af54c885
Merge pull request #21230 from bcoles/obj-dedup-cache
...
Reduce memory footprint of module metadata Obj instances
2026-04-17 12:33:23 +01:00
19112a0212
Merge pull request #21231 from bcoles/msf-module-cache
...
Module metadata: Fix stale module detection and add per-type metadata index
2026-04-17 11:25:44 +01:00
679d2a9a4e
feat: enhance block_api_iv handling with warnings and options for payload methods
2026-04-17 06:07:18 -04:00
785307f55e
Module metadata: Fix stale module detection and add per-type metadata index
2026-04-17 19:41:18 +10:00
82c8028f1c
refactor: remove redundant block_api_iv calls in payload generation methods
2026-04-17 05:38:19 -04:00
adfoster-r7