adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,127 Commits 27 Branches 1,043 Tags
2b58dec0f36bcdd6dd6e49db7700a3a408eec9c3
Commit Graph

1169 Commits

Author SHA1 Message Date
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik baa0a11492 small fixes 2025-12-05 00:11:44 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
Valentin Lobstein 296e931b7d Fix WordPress lab permissions in documentation 2025-12-04 01:39:25 +01:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
Valentin Lobstein 080230edd0 Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749) 2025-11-23 03:56:11 +01:00
Valentin Lobstein 8cffe50470 Add Monsta FTP downloadFile RCE (CVE-2025-34299) 2025-11-21 20:43:37 +01:00
Valentin Lobstein 6ab2452153 Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example 2025-11-19 22:58:27 +01:00
Valentin Lobstein 8fbbc3e043 Update flowise_custommcp_rce documentation: add Basic Auth testing scenario 2025-11-19 22:24:28 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
Valentin Lobstein df1c157471 Improve Flowise CustomMCP RCE exploit stability with Basic Auth support and HTTP response validation 2025-11-19 20:12:31 +01:00
Valentin Lobstein b26c4f5c7b Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:25:39 +01:00
Valentin Lobstein 88aadcc856 Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:03:59 +01:00
h00die caa2873a14 more adjustments 2025-11-07 15:42:27 -05:00
h00die d8c73f6684 replace bold options with h3 2025-11-07 15:42:23 -05:00
vognik 74c7f98ad9 code review changes from @msutovsky-r7 2025-10-20 09:00:24 -07:00
vognik 9ad83f6454 Add Vvveb CMS Authenticated RCE (CVE-2025-8518) 2025-10-18 17:12:05 -07:00
h00die 1e9dd04505 update periodic_script to new persistence mechanism 2025-10-13 17:48:00 -04:00
Diego Ledda c718a965d7 Merge pull request #20508 from h00die/modern_persistence_cron 
update cron to persistence mixin
 2025-09-18 12:04:00 +02:00
msutovsky-r7 32aa0d84e4 Land #20525, moves obsidian plugin module to persistence category and mixin 
update obsidian to persistence mixin
 2025-09-16 14:58:15 +02:00
h00die 5abe0f57b7 Update documentation/modules/exploit/multi/persistence/at.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-09-12 14:13:27 +02:00
h00die fd1d70ef93 update at persistence to mixin 2025-09-12 14:13:26 +02:00
h00die 785397bb0c cron to multi with persistence mixin 2025-09-09 11:50:31 -04:00
jheysel-r7 7972017936 Merge pull request #20397 from vognik/CVE-2025-34300 
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
 2025-09-08 16:48:29 -07:00
jheysel-r7 0e325e6217 Update documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md 2025-09-08 16:29:00 -07:00
h00die 5c1673bb20 update obsidian to persistence mixin 2025-09-06 15:05:21 -04:00
msutovsky-r7 9283562ee5 Land #20493, adds XWiki unauthenticated exploit module (CVE-2025-24893) 
Add XWiki Unauthenticated RCE (CVE-2025-24893)
 2025-09-01 13:37:31 +02:00
msutovsky-r7 5d59fbd333 Land #19903, adds module for periodic script persistence 
Add OSX Periodic Script Peristence
 2025-08-29 20:12:12 +02:00
Martin Sutovsky 2681e7cfed Update docs 2025-08-29 17:53:07 +02:00
Maksim Rogov 16b3a352e8 Apply suggestion from @msutovsky-r7 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-25 10:49:49 +03:00
Maksim Rogov 51ca11a9d4 Apply suggestion from @msutovsky-r7 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-24 18:14:28 +03:00
Vognik 7317922be8 Added Documentation 2025-08-24 07:46:59 +04:00
Vognik b13f59128c Added Setup Guide for Windows 2025-08-18 08:20:32 +04:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
gardnerapp 92d246da13 Update documentation/modules/exploit/multi/local/periodic_script_persistence.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-29 13:20:00 -04:00
Maksim Rogov 9696cc57db Merge branch 'rapid7:master' into CVE-2025-34300 2025-07-25 11:02:03 +04:00
Maksim Rogov 6e5d474b21 Apply suggestion from @jheysel-r7 in Docs 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-24 06:23:01 +03:00
Vognik 38b0bd15e1 Code Review Edits 2025-07-24 07:19:25 +04:00
Vognik 75e1158457 Fixed docs formatting 2025-07-21 03:16:40 +04:00
Vognik e7667d406a Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300) 2025-07-20 15:23:38 +04:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00