06eba2245e
Creating a check method
2026-02-13 11:34:46 +01:00
867624cad3
Removing default option
...
The default option has been remove in favor of metasploit's default
selection.
2026-02-13 10:42:42 +01:00
dc2e73b44a
Adding a failwith if the injection fail
2026-02-13 09:57:39 +01:00
aacbd1d180
Changing PHP injection logic
...
The PHP payload is injected directly into the PHP code injection. The
cleanup method has been remove in favor of a InitialAutoRunScript that
clear the config file.
2026-02-13 09:52:48 +01:00
78f4b8f97d
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-13 08:50:23 +01:00
7a3f20a895
Merge pull request #20943 from g0tmi1k/twiki_maketext
...
twiki_maketext: Add versions to description
2026-02-12 15:21:11 -06:00
35b52df28a
Merge pull request #20849 from haicenhacks/haicen_xerte
...
Add three modules for exploiting Xerte Online Toolkits
2026-02-12 15:01:42 -05:00
803e6d3991
adds auto-check and fixes print statements
2026-02-12 12:58:01 -05:00
0af126cba9
adds ability to create a project if none exist.
2026-02-12 12:50:00 -05:00
930bb4fecd
fixes error in .htaccess policy generation
2026-02-12 12:43:16 -05:00
b4f26d0329
conform to uri normalization pattern
2026-02-12 12:42:33 -05:00
f25fab7c40
fixes error in .htaccess policy generation
2026-02-12 12:41:28 -05:00
66aad682d6
changes the .htaccess payload to use heredoc
2026-02-11 18:30:20 -05:00
208dc3489c
fixes linting errors
2026-02-11 17:55:21 -05:00
f165eba6a9
Merge pull request #20941 from rudraditya21/attack-credential-access
...
Add MITRE ATT&CK mapping for Windows password cracking
2026-02-11 15:44:52 -06:00
2c7b7e8b5c
Merge pull request #20942 from rudraditya21/attack-exploit-privesc
...
Add MITRE ATT&CK mappings for exploit and privilege escalation modules
2026-02-11 15:38:59 -06:00
c48622e134
Merge pull request #20936 from rudraditya21/attack-smb-samr
...
Add MITRE ATT&CK mappings for SMB/SAMR account operations
2026-02-11 14:57:22 -05:00
4adf87ac18
Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061
...
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
2026-02-11 11:12:29 -08:00
8f1e16d2a6
Update modules/exploits/linux/telnet/gnu_inetutils_auth_bypass.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 08:54:09 -08:00
838d047b66
Fix the GHSA notation
2026-02-11 11:27:24 +01:00
af3ce4a0f5
Changing placeholders to random text inside request
...
The 'alter_config' function has been altered in order to use random text
as placeholder to fake information in the configuration. The GHSA is
fixed too.
2026-02-11 11:26:59 +01:00
7c9f18bbab
Shorten the if condition's format
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 10:48:54 +01:00
fc9d2b2fce
adding CONFIG_CHANGES to side effect
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 10:47:49 +01:00
b609d6de80
Merge pull request #20935 from rudraditya21/attack-kerberos
...
Add MITRE ATT&CK mappings for Kerberos roasting modules
2026-02-10 17:18:17 -05:00
498eefc881
Merge pull request #20934 from rudraditya21/attack-ldap-adcs
...
Add MITRE ATT&CK mappings for LDAP/AD CS modules
2026-02-10 17:11:56 -05:00
d330de16c8
Merge pull request #20932 from sfewer-r7/ivanti-epmm-rce
...
Add exploit module for Ivant EPMM/MobileIron (CVE-2026-1281)
2026-02-10 11:07:39 -06:00
37fe98c7bd
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-10 16:34:08 +01:00
3b64f761f3
Apply suggestion from @msutovsky-r7
2026-02-10 12:30:29 +01:00
0757ca7494
Merge branch 'master' into sap_auxiliary_modules_bugfix
2026-02-10 12:29:55 +01:00
68e17f2b13
Normalizes URI construction
2026-02-09 20:56:08 -05:00
a1b02d1139
adds newlines between functions
2026-02-09 20:53:36 -05:00
3ee7bd435b
changes URI construction to comply with standards
2026-02-09 20:45:10 -05:00
e28afb7e12
renames files to conform to standards
2026-02-09 20:30:33 -05:00
d8fd09b156
adds newline between functions
2026-02-09 20:30:29 -05:00
98d8e35d85
adds checks to address nil condition on variables
2026-02-09 20:30:25 -05:00
f852aac863
Changes url structure to conform to requested changes
2026-02-09 20:30:18 -05:00
60b0209914
Improves module vulnerability check
2026-02-09 20:29:50 -05:00
73808e9365
twiki_maketext: Add versions to description
...
REF: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
2026-02-09 20:26:01 +00:00
71dd4dae19
Merge pull request #20710 from Chocapikk/add-ghsa-reference-support
...
Add GHSA and OSV reference type support
2026-02-09 18:08:22 +00:00
8d6f775ebe
added: ATT&CK references to exploit and privilege escalation modules
2026-02-09 23:03:01 +05:30
838ab7195f
added: ATT&CK reference to crack_windows module
2026-02-09 22:58:04 +05:30
8263d4fa95
removed: ATT&CK reference T1556.006 from shadow_credentials
2026-02-09 22:52:31 +05:30
823b4215e2
removed: ATT&CK reference T1649 from ad_cs_cert_template
2026-02-09 22:51:47 +05:30
65570a1183
removed: ATT&CK reference T1098 from samr_account
2026-02-09 22:48:42 +05:30
70dd06ef67
removed: ATT&CK reference from timeroast
2026-02-09 22:46:34 +05:30
f41eda1128
Add GHSA and OSV reference type support
...
Add support for GHSA (GitHub Security Advisories) and OSV (Open Source
Vulnerabilities) as structured reference types in Metasploit modules.
Convert 49 hardcoded GHSA URLs to structured ['GHSA', 'GHSA-xxxx'] format
across existing modules, and add support for repository-specific GHSA
references with an optional third parameter ['GHSA', 'GHSA-xxxx', 'repo'].
Update reference validation, module validator, and info_fixups to handle
the new reference types correctly.
2026-02-09 15:17:23 +01:00
50335ddc79
updated: ATT&CK Techniques for icpr_cert.rb and esc_update_ldap_object.rb
2026-02-07 10:12:36 +05:30
4c1a25198b
updated: ATT&CK ID from T1552 to T1552.001 in relay_get_naa_credentials.rb
2026-02-07 10:09:31 +05:30
51d2a18ade
remove the extra + operator. add a comment as to why we ljust the value.
2026-02-06 14:52:00 +00:00
9d73966976
added ATT&CK references to relay and SCCM modules
2026-02-06 11:58:08 +05:30
LucasCsmt