metasploit-gs

Author	SHA1	Message	Date
Diego Ledda	d6560b951f	Merge branch 'master' into loongarch64	2025-12-10 07:08:40 -05:00
jheysel-r7	47771a6789	Merge pull request #20760 from sfewer-r7/fix-55182 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182	2025-12-09 10:32:33 -08:00
Diego Ledda	9489296664	Merge pull request #20758 from msutovsky-r7/payload/ppc/fetch_payloads Adds PPC reverse payloads to fetch adapters	2025-12-09 07:04:14 -05:00
sfewer-r7	1a8e88c054	fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182	2025-12-09 09:05:59 +00:00
Brendan	caa672231b	Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x	2025-12-08 17:43:49 -06:00
jheysel-r7	66279422d1	Merge pull request #20747 from vognik/2025-55182 Add CVE-2025-55182 / CVE-2025-66478	2025-12-08 13:41:49 -08:00
Martin Sutovsky	f8ae3912be	Rubocopes	2025-12-08 17:32:28 +01:00
Martin Sutovsky	62d02675ce	Adds reverse shell payloads to PPC fetch adapters	2025-12-08 17:31:55 +01:00
cpomfret-r7	2a53d9c866	Merge pull request #20704 from dwelch-r7/combine-ssh-login-modules The module `auxiliary/scanner/ssh/ssh_login_pubkey` has been removed. Its functionality has been moved into `auxiliary/scanner/ssh/ssh_login`.	2025-12-08 15:44:58 +00:00
vognik	bdd7cb5365	upgraded payload	2025-12-08 01:32:43 -08:00
vognik	1dde12b483	fix naming errors	2025-12-06 02:53:38 -08:00
vognik	38682b5ed6	refactoring	2025-12-05 14:58:59 -08:00
vognik	e1982475ca	replaced the noisy check method with a silent one	2025-12-05 11:32:07 -08:00
vognik	7b8c08d778	some refactoring	2025-12-05 10:47:06 -08:00
Diego Ledda	7e48e12ed0	Merge pull request #20716 from bcoles/linux-riscv-prepends Add Linux RISC-V 32-bit/64-bit prepends	2025-12-05 11:04:24 -05:00
vognik	88309b5a4a	add suggestions from @Chocapikk	2025-12-05 08:02:56 -08:00
Diego Ledda	d66e93afc0	Merge pull request #20658 from jheysel-r7/feat/mod/cert_details_update Add Updates to LDAP ESC Vulnerable Cert Finder	2025-12-05 10:55:52 -05:00
vognik	918f474fc6	fixed the nits	2025-12-05 00:47:19 -08:00
vognik	3669e3cdcc	add unused code	2025-12-05 00:25:21 -08:00
vognik	b6188e6f50	fix target_uri error	2025-12-05 00:12:52 -08:00
vognik	770e63b0d1	add windows documentation	2025-12-05 00:06:58 -08:00
vognik	a12431e1a3	add suggestions from @sfewer-r7	2025-12-04 23:58:22 -08:00
Maksim Rogov	5b299a0489	Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb Co-authored-by: bcoles <bcoles@gmail.com>	2025-12-05 10:10:51 +03:00
Maksim Rogov	d9977f31fc	Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb Co-authored-by: bcoles <bcoles@gmail.com>	2025-12-05 10:10:35 +03:00
vognik	e51ea0ae23	improve documentation	2025-12-04 23:03:13 -08:00
vognik	bff7d0836a	change execSync to exec	2025-12-04 22:54:35 -08:00
vognik	23e5f68c87	remove debug	2025-12-04 22:44:23 -08:00
vognik	f71a71ab18	add exploit mvp	2025-12-04 22:16:27 -08:00
Jack Heysel	0e2af23287	Add Updates to LDAP ESC Vulnerable Cert Finder Add CertificateAuthorityRhost to avoid DNS failures	2025-12-04 17:03:36 -08:00
vognik	eb33e08efa	Add Documentation	2025-12-04 05:48:26 -08:00
vognik	3086dac5a1	Add CVE-2025-55182 / CVE-2025-66478 Scanner	2025-12-04 05:21:09 -08:00
Diego Ledda	4d52e22480	Merge pull request #20720 from Chocapikk/wp-ai-engine Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)	2025-12-04 12:56:04 +01:00
Spencer McIntyre	0f795d715e	Merge pull request #20741 from SaiSakthidar/remove-cain Remove CAIN	2025-12-03 16:12:17 -05:00
SaiSakthidar	98dd33a3cd	Remove CAIN	2025-12-03 15:42:57 -05:00
Dean Welch	2de3623274	Combine ssh_login and ssh_login_pubkey modules	2025-12-03 14:48:12 +00:00
Valentin Lobstein	0ccffdd5ff	Fix wp_ai_engine_mcp_rce: handle existing users by updating password via MCP fields API	2025-12-03 00:41:16 +01:00
Diego Ledda	d20345263b	Merge pull request #20712 from bcoles/linux-riscv-tcp-reverse-shell Add Linux RISC-V 32-bit/64-bit TCP reverse shell payloads	2025-12-01 12:43:42 +01:00
sfewer-r7	795c38c524	Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal.	2025-11-28 10:12:02 +00:00
msutovsky-r7	d7c307bb69	Land #20709 , adds module for Twonky Server Authentication Bypass (CVE-2025-13315,CVE-2025-13316) Auxiliary module for CVE-2025-13315/CVE-2025-13316 - Twonky Server Log Leak Authentication Bypass	2025-11-28 07:35:30 +01:00
Valentin Lobstein	b1b41017c1	Use CheckCode constants instead of string comparison in check method	2025-11-27 22:53:32 +01:00
Valentin Lobstein	4d24789d04	Make USERNAME, PASSWORD, and EMAIL datastore options required	2025-11-27 22:52:19 +01:00
sfewer-r7	014312873c	get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway.	2025-11-27 20:28:44 +00:00
msutovsky-r7	b6330acb12	Land #20718 , adds module for Monsta FTP RCE (CVE-2025-34299) Add Monsta FTP downloadFile RCE (CVE-2025-34299)	2025-11-27 15:16:58 +01:00
Martin Sutovsky	1153f3cf6a	Fixing regex	2025-11-27 14:33:57 +01:00
sfewer-r7	f5e8aa83be	add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor.	2025-11-27 12:43:19 +00:00
adfoster-r7	db3ac6acc6	Fix broken module metadata	2025-11-26 22:51:40 +00:00
Valentin Lobstein	819b259b4c	Apply reviewer suggestions	2025-11-26 18:27:52 +01:00
Valentin Lobstein	9661bfe252	Update modules/exploits/multi/http/monsta_ftp_downloadfile_rce.rb Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>	2025-11-26 17:54:12 +01:00
Valentin Lobstein	e3a2148660	Update modules/exploits/multi/http/monsta_ftp_downloadfile_rce.rb Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>	2025-11-26 17:53:40 +01:00
bcoles	c467330892	Merge remote-tracking branch 'upstream/master' into linux-riscv-tcp-reverse-shell	2025-11-26 09:22:55 +11:00

1 2 3 4 5 ...

39105 Commits