adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,922 Commits 27 Branches 1,043 Tags
1e4527d8338b4f431cdc8011c052d3744e29d7ed
Commit Graph

3346 Commits

Author SHA1 Message Date
Michael MacFadden b481b9ef7b gitea_git_fetch_rce aarch64 payload support 
Add support for the Linux Dropper to use payloads targeted to ARCH_AARCH64
 2025-10-26 19:19:11 -05:00
Maksim Rogov ff73363159 Update modules/exploits/multi/http/vvveb_auth_rce_cve_2025_8518.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-10-21 19:10:16 +03:00
vognik 45a87eaaca small fixes 2025-10-20 09:41:48 -07:00
vognik 74c7f98ad9 code review changes from @msutovsky-r7 2025-10-20 09:00:24 -07:00
vognik 9ad83f6454 Add Vvveb CMS Authenticated RCE (CVE-2025-8518) 2025-10-18 17:12:05 -07:00
Spencer McIntyre 9dc5696cc4 Update dash characters in module references 2025-10-07 14:03:32 -04:00
Spencer McIntyre fd21209e4d Add missing CVEs from VulnCheck 2025-10-07 13:59:13 -04:00
jheysel-r7 7972017936 Merge pull request #20397 from vognik/CVE-2025-34300 
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
 2025-09-08 16:48:29 -07:00
msutovsky-r7 9283562ee5 Land #20493, adds XWiki unauthenticated exploit module (CVE-2025-24893) 
Add XWiki Unauthenticated RCE (CVE-2025-24893)
 2025-09-01 13:37:31 +02:00
Vognik 071a4a34fc fix tests 2025-08-29 08:41:43 +04:00
Maksim Rogov 9b1d07dea8 removed unnecessary fail_with from check function 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-29 06:55:59 +03:00
Maksim Rogov bdad398541 Update Payload Generation 2025-08-25 15:49:30 +03:00
Vognik 92ddf5646a Code Review Edits from @msutovsky-r7 2025-08-24 19:13:16 +04:00
Vognik 7289c25faa Fix Tests 2025-08-24 12:12:22 +04:00
Vognik 2b01ba6200 Add XWiki Unauthenticated RCE (CVE-2025-24893) 2025-08-23 18:56:24 +04:00
Vlad Dmitrievich baa5469a21 Fix legacy method override in torchserver_cve_2023_43654 
I think `Msf::Exploit::Remote::Java::HTTP::ClassLoader` module had `on_request_uri` method, that was later renamed to `java_class_loader_on_request_uri`.
 2025-08-22 17:01:41 +03:00
Vognik 8024900171 fix tests 2025-07-26 03:15:00 +04:00
Maksim Rogov 9696cc57db Merge branch 'rapid7:master' into CVE-2025-34300 2025-07-25 11:02:03 +04:00
Vognik 82eadede83 Code Review Edits from @sjanusz-r7 2025-07-25 05:17:48 +04:00
Vognik 38b0bd15e1 Code Review Edits 2025-07-24 07:19:25 +04:00
Vognik e93755adc6 Added WritableDir Option 2025-07-23 11:59:48 +04:00
Vognik d62ef448f1 Code Review Edits 2025-07-22 04:40:14 +04:00
Vognik 1c1b574b81 Removed Debug Print 2025-07-21 21:37:52 +04:00
Vognik d57a36413d Fix Tests 2025-07-21 21:34:41 +04:00
Vognik 6276b27dfc Improved Exploit Stability on Windows 2025-07-21 21:34:01 +04:00
Maksim Rogov 85e97aaaf5 Fix STUDYNAME empty check 2025-07-21 13:14:19 +03:00
Vognik e90396a15f Execute Method Refactoring 2025-07-21 13:59:43 +04:00
Vognik c06a7c477b Check Method Refactoring 2025-07-21 13:06:51 +04:00
Vognik 45a6176a9c Removed Limits 2025-07-21 11:03:24 +04:00
Vognik 6bf385e17a Removed dublicate logging bug 2025-07-21 03:20:34 +04:00
Vognik a836c9bc5e Fixed CVE Format 2025-07-21 03:17:57 +04:00
Vognik e7667d406a Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300) 2025-07-20 15:23:38 +04:00
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Valentin Lobstein 6edbfb32ec Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:42:01 +02:00
Valentin Lobstein d79810a7e3 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:11 +02:00
Valentin Lobstein d625ab5fbc Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:01 +02:00
Valentin Lobstein 32f7754774 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-02 14:42:34 +02:00
Chocapikk 5b268bd4b4 Fix documentation and typos 2025-07-01 22:50:01 +02:00
Chocapikk f7a649c121 Remove php mixin and arch 2025-07-01 19:43:21 +02:00
Chocapikk 5d9eb58848 Remove useless mixin 2025-07-01 19:39:26 +02:00
Chocapikk 1a4a15e83b Add WingFTP unauthenticated RCE (CVE-2025-47812) 2025-07-01 19:15:15 +02:00
msutovsky-r7 126bff18a1 Land #20346, fixes payload encoding and substitutes for smaller base64 encoder 
Use the smaller base64 encoder
 2025-06-27 17:15:05 +02:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
Spencer McIntyre 6334996e60 Use the smaller base64 encoder 2025-06-24 15:58:17 -04:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00