adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,925 Commits 27 Branches 1,043 Tags
06eba2245ecffbcacacd36ef2e4d02e6f4048b4d
Commit Graph

7602 Commits

Author SHA1 Message Date
LucasCsmt 78f4b8f97d Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 08:50:23 +01:00
Spencer McIntyre 35b52df28a Merge pull request #20849 from haicenhacks/haicen_xerte 
Add three modules for exploiting Xerte Online Toolkits
 2026-02-12 15:01:42 -05:00
Spencer McIntyre 41414b896b Tweak whitespacing in the docs for the renderer 2026-02-12 14:43:47 -05:00
haicen 7204c64b6b Improves documentation 2026-02-12 12:05:29 -05:00
haicen 66139795e5 Fixes problems with module documentation 2026-02-11 18:20:06 -05:00
jheysel-r7 4adf87ac18 Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061 
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
 2026-02-11 11:12:29 -08:00
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
LucasCsmt eb5507844b Testing the module on different version 
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
 2026-02-05 12:36:26 +01:00
LucasCsmt 4d65f15884 Adding a link to the CVE 2026-02-04 16:17:15 +01:00
LucasCsmt ca5ceae1b3 Adding documentation to the churchcrm module 
The documentation of the module is addedd.
 2026-02-04 16:04:42 +01:00
Valentin Lobstein 005fbb17a1 Address PR #20768 review feedback 
- Fix machineKey extraction regex to handle decryption attribute
- Replace Base64.strict_encode64 with Rex::Text.encode_base64
- Add READ_FILE and EXTRACT_MACHINEKEY actions
- Add PRODUCT option for CentreStack/Triofox support
- Use different storage endpoints per product type
- Update documentation with new options and actions
 2026-02-04 08:38:35 +01:00
Valentin Lobstein 7776588577 Address PR #20768 review feedback 
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)

Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).

Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-04 08:38:35 +01:00
Valentin Lobstein b1adc514d1 Apply suggestions 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2026-02-04 08:38:35 +01:00
Valentin Lobstein 6d25006e8d Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-04 08:38:33 +01:00
Valentin Lobstein 6773459759 Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-04 08:38:33 +01:00
Valentin Lobstein 628c5ee7af Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs 2026-02-04 08:38:32 +01:00
Valentin Lobstein 478345506e Add Gladinet CentreStack/Triofox auxiliary modules and exploit 2026-02-04 08:38:31 +01:00
Jack Heysel bd049dcba4 doc update 2026-02-03 18:41:51 -08:00
Jack Heysel a868bc95b2 GNU Inetutils Telnet Auth Bypass 2026-02-03 17:45:59 -08:00
jheysel-r7 641ab527aa Merge pull request #20857 from msutovsky-r7/exploit/freepbx/sql_to_rce_chain 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 20:03:17 -08:00
Jack Heysel 63a66ee162 Improved CVE version range info in description 2026-01-28 20:15:25 -07:00
jheysel-r7 be4a69ab1d Merge pull request #20846 from msutovsky-r7/exploit/freepbx/injections_rce 
Adds auxiliary module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 06:39:47 -08:00
jheysel-r7 7d931c960c Merge pull request #20858 from msutovsky-r7/exploit/freepbx/unrestricted_file_upload 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61678)
 2026-01-28 06:23:43 -08:00
Martin Sutovsky e6b97a79a4 Addresses comments 2026-01-28 11:33:54 +01:00
Martin Sutovsky 7e92ef4811 Addresses comments 2026-01-28 11:14:24 +01:00
jheysel-r7 f31776caf0 Merge pull request #20778 from h00die/ssh_keys 
Update and combine ssh key persistence with mixin
 2026-01-27 06:39:10 -08:00
Martin Sutovsky c5ffa557a7 Adds UID in documentation 2026-01-26 13:44:09 +01:00
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
msutovsky-r7 537a1c5395 Land #19821, adds Burpsuite persistence module 
Burp extension persistence
 2026-01-22 11:03:08 +01:00
jheysel-r7 719874a7f4 Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module 
Add exploit oracle ebs CVE 2025 61882 module
 2026-01-21 16:08:09 -08:00
jheysel-r7 b6da204725 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-01-21 10:09:12 -08:00
Alex 99636be776 Updated mongobleed 2026-01-21 11:27:02 +01:00
haicen c3830f6987 adds documentation 2026-01-20 22:29:29 -05:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
Martin Sutovsky d2af23a4a6 Adds additional installation step 2026-01-19 11:25:39 +01:00
Martin Sutovsky 4e36ff99ac Adds additional installation step 2026-01-19 11:24:45 +01:00
Martin Sutovsky 3672e2ba45 Adds additional installation step 2026-01-19 11:23:09 +01:00
MatDupas 54c6e18505 Update documentation/modules/exploit/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-17 12:26:18 +01:00
h00die 7ccf574e99 burp extension all working 2026-01-16 08:44:27 -05:00
adfoster-r7 666c7ce362 Merge pull request #20865 from rajyavardhan01/docs/dect-scanner-documentation 
Add documentation for auxiliary/scanner/dect modules
 2026-01-16 00:00:22 +00:00
Brendan ade984aead Merge pull request #20793 from Chocapikk/avideo-v2 
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
 2026-01-15 17:36:07 -06:00
Raj Handa b466371b46 Update DECT reference link to archive.org (dedected.org is offline) 2026-01-15 14:13:00 -08:00
Martin Sutovsky b01353cc07 Code cleanup, removes line from documentation 2026-01-15 15:26:30 +01:00
Martin Sutovsky 85221800a4 Removes line from documentation, code cleanup 2026-01-15 15:23:54 +01:00
Martin Sutovsky c56f9d2ee2 Removes line from documentation 2026-01-15 15:20:44 +01:00
Martin Sutovsky e114ecdfd5 Splitting the modules into separate PRs 2026-01-15 15:20:43 +01:00
Martin Sutovsky 5ee1a15b7d Addressing comments 2026-01-15 15:20:43 +01:00
Martin Sutovsky b4f4078956 Updates documentation 2026-01-15 15:20:42 +01:00