adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,922 Commits 27 Branches 1,043 Tags
1e4527d8338b4f431cdc8011c052d3744e29d7ed
Commit Graph

5035 Commits

Author SHA1 Message Date
Michael MacFadden b481b9ef7b gitea_git_fetch_rce aarch64 payload support 
Add support for the Linux Dropper to use payloads targeted to ARCH_AARCH64
 2025-10-26 19:19:11 -05:00
Maksim Rogov ff73363159 Update modules/exploits/multi/http/vvveb_auth_rce_cve_2025_8518.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-10-21 19:10:16 +03:00
vognik 45a87eaaca small fixes 2025-10-20 09:41:48 -07:00
vognik 74c7f98ad9 code review changes from @msutovsky-r7 2025-10-20 09:00:24 -07:00
vognik 9ad83f6454 Add Vvveb CMS Authenticated RCE (CVE-2025-8518) 2025-10-18 17:12:05 -07:00
h00die 68c74e1bcf remove unnecessary writabledir variable and check 2025-10-13 19:54:05 -04:00
h00die f3219668e0 remove unnedcessary sudo 2025-10-13 17:48:02 -04:00
h00die 1e9dd04505 update periodic_script to new persistence mechanism 2025-10-13 17:48:00 -04:00
bcoles 93b3ec34ac exploit/multi/local/periodic_script_persistence: Unset DefaultTarget 2025-10-11 21:47:11 +11:00
Spencer McIntyre 9dc5696cc4 Update dash characters in module references 2025-10-07 14:03:32 -04:00
Spencer McIntyre fd21209e4d Add missing CVEs from VulnCheck 2025-10-07 13:59:13 -04:00
Uli Heilmeier 5af0dd3357 fix: WebLogic server detection regex 
Some WebLogic server versions reports their version with a dash
between 'Server' and 'Version', like
'<p id="footerVersion">WebLogic Server-Version: 12.2.1.3.0</p>'
 2025-09-23 09:58:50 +02:00
Diego Ledda c718a965d7 Merge pull request #20508 from h00die/modern_persistence_cron 
update cron to persistence mixin
 2025-09-18 12:04:00 +02:00
Diego Ledda cb2f3992de chore: fix white-space issue 2025-09-18 11:48:17 +02:00
h00die 6ddaa076c1 Apply suggestions from code review 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-09-17 15:41:25 -04:00
msutovsky-r7 32aa0d84e4 Land #20525, moves obsidian plugin module to persistence category and mixin 
update obsidian to persistence mixin
 2025-09-16 14:58:15 +02:00
h00die 15cdbfac2e update at persistence to use attck ref 2025-09-12 14:13:26 +02:00
h00die fd1d70ef93 update at persistence to mixin 2025-09-12 14:13:26 +02:00
h00die e79c10ac66 cron updated with mixin udpates 2025-09-09 11:55:19 -04:00
h00die 9e461ea875 switch to attck ref 2025-09-09 11:50:31 -04:00
h00die 785397bb0c cron to multi with persistence mixin 2025-09-09 11:50:31 -04:00
jheysel-r7 7972017936 Merge pull request #20397 from vognik/CVE-2025-34300 
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
 2025-09-08 16:48:29 -07:00
h00die 5c1673bb20 update obsidian to persistence mixin 2025-09-06 15:05:21 -04:00
msutovsky-r7 9283562ee5 Land #20493, adds XWiki unauthenticated exploit module (CVE-2025-24893) 
Add XWiki Unauthenticated RCE (CVE-2025-24893)
 2025-09-01 13:37:31 +02:00
msutovsky-r7 5d59fbd333 Land #19903, adds module for periodic script persistence 
Add OSX Periodic Script Peristence
 2025-08-29 20:12:12 +02:00
Martin Sutovsky 2681e7cfed Update docs 2025-08-29 17:53:07 +02:00
Martin Sutovsky 57f14339d9 Adds x64 to BSD target 2025-08-29 14:47:11 +02:00
Vognik 071a4a34fc fix tests 2025-08-29 08:41:43 +04:00
Maksim Rogov 9b1d07dea8 removed unnecessary fail_with from check function 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-29 06:55:59 +03:00
Martin Sutovsky ae64436441 Fixes payload delivery, updates targets 2025-08-28 15:47:24 +02:00
Maksim Rogov bdad398541 Update Payload Generation 2025-08-25 15:49:30 +03:00
Vognik 92ddf5646a Code Review Edits from @msutovsky-r7 2025-08-24 19:13:16 +04:00
Vognik 7289c25faa Fix Tests 2025-08-24 12:12:22 +04:00
Vognik 2b01ba6200 Add XWiki Unauthenticated RCE (CVE-2025-24893) 2025-08-23 18:56:24 +04:00
Vlad Dmitrievich baa5469a21 Fix legacy method override in torchserver_cve_2023_43654 
I think `Msf::Exploit::Remote::Java::HTTP::ClassLoader` module had `on_request_uri` method, that was later renamed to `java_class_loader_on_request_uri`.
 2025-08-22 17:01:41 +03:00
Corey 88d7a1ab04 fix coonflicts and rubocop 2025-08-19 12:37:53 -04:00
Corey df917720eb Remove payload file 2025-08-19 12:33:56 -04:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
gardnerapp a0d03c0638 Update modules/exploits/multi/local/periodic_script_persistence.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-29 13:20:20 -04:00
gardnerapp a413e78689 Update modules/exploits/multi/local/periodic_script_persistence.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-29 13:19:28 -04:00
gardnerapp d87787df69 Update modules/exploits/multi/local/periodic_script_persistence.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-29 13:18:48 -04:00
Vognik 8024900171 fix tests 2025-07-26 03:15:00 +04:00
Maksim Rogov 9696cc57db Merge branch 'rapid7:master' into CVE-2025-34300 2025-07-25 11:02:03 +04:00
Vognik 82eadede83 Code Review Edits from @sjanusz-r7 2025-07-25 05:17:48 +04:00
Vognik 38b0bd15e1 Code Review Edits 2025-07-24 07:19:25 +04:00
Vognik e93755adc6 Added WritableDir Option 2025-07-23 11:59:48 +04:00
Vognik d62ef448f1 Code Review Edits 2025-07-22 04:40:14 +04:00
Vognik 1c1b574b81 Removed Debug Print 2025-07-21 21:37:52 +04:00
Vognik d57a36413d Fix Tests 2025-07-21 21:34:41 +04:00
Vognik 6276b27dfc Improved Exploit Stability on Windows 2025-07-21 21:34:01 +04:00