adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,127 Commits 27 Branches 1,043 Tags
2b58dec0f36bcdd6dd6e49db7700a3a408eec9c3
Commit Graph

20168 Commits

Author SHA1 Message Date
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
Brendan caa672231b Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support 
Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x
 2025-12-08 17:43:49 -06:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik e1982475ca replaced the noisy check method with a silent one 2025-12-05 11:32:07 -08:00
vognik 7b8c08d778 some refactoring 2025-12-05 10:47:06 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik 918f474fc6 fixed the nits 2025-12-05 00:47:19 -08:00
vognik 3669e3cdcc add unused code 2025-12-05 00:25:21 -08:00
vognik b6188e6f50 fix target_uri error 2025-12-05 00:12:52 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik a12431e1a3 add suggestions from @sfewer-r7 2025-12-04 23:58:22 -08:00
Maksim Rogov 5b299a0489 Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-12-05 10:10:51 +03:00
Maksim Rogov d9977f31fc Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-12-05 10:10:35 +03:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik bff7d0836a change execSync to exec 2025-12-04 22:54:35 -08:00
vognik 23e5f68c87 remove debug 2025-12-04 22:44:23 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
SaiSakthidar 98dd33a3cd Remove CAIN 2025-12-03 15:42:57 -05:00
Valentin Lobstein 0ccffdd5ff Fix wp_ai_engine_mcp_rce: handle existing users by updating password via MCP fields API 2025-12-03 00:41:16 +01:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
Valentin Lobstein b1b41017c1 Use CheckCode constants instead of string comparison in check method 2025-11-27 22:53:32 +01:00
Valentin Lobstein 4d24789d04 Make USERNAME, PASSWORD, and EMAIL datastore options required 2025-11-27 22:52:19 +01:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Valentin Lobstein 819b259b4c Apply reviewer suggestions 2025-11-26 18:27:52 +01:00
Valentin Lobstein 9661bfe252 Update modules/exploits/multi/http/monsta_ftp_downloadfile_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-26 17:54:12 +01:00
Valentin Lobstein e3a2148660 Update modules/exploits/multi/http/monsta_ftp_downloadfile_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-26 17:53:40 +01:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 8a054b74db improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8 2025-11-25 11:22:43 +00:00
Zedeldi d1fe17747c Add check methods and update DisclosureDate 2025-11-24 17:12:56 +00:00
Zedeldi ffaf43af2f Add writable? and file? checks to write_payload 2025-11-24 11:45:34 +00:00
Zedeldi 0c4d1e70d1 Add support for ARCH_CMD payload 2025-11-24 11:16:22 +00:00
Valentin Lobstein 2b71c84d80 Improve code quality: simplify methods, use dig, compile regex, remove unnecessary variables 2025-11-23 05:40:49 +01:00
Valentin Lobstein 1a93bf7634 Update disclosure date to 2025-11-04 2025-11-23 05:27:19 +01:00
Valentin Lobstein 080230edd0 Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749) 2025-11-23 03:56:11 +01:00
Valentin Lobstein 8c432302b0 Fix code quality improvements and optimizations 2025-11-22 04:15:57 +01:00
Brendan 21777b8969 Merge pull request #20685 from msutovsky-r7/persistence/windows/notepad++_persistence 
Adds notepad++ persistence module for Windows
 2025-11-21 14:28:28 -06:00
msutovsky-r7 8f2525aba7 Land #20705, adds modules for Flowise RCEs (CVE-2025-59528, CVE-2025-8943) 
Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943)
 2025-11-21 21:20:22 +01:00
Valentin Lobstein e91086a1d0 Fix disclosure date for CVE-2025-34299 2025-11-21 20:49:34 +01:00
Valentin Lobstein 8cffe50470 Add Monsta FTP downloadFile RCE (CVE-2025-34299) 2025-11-21 20:43:37 +01:00
Valentin Lobstein 8702256ec2 Remove manual substitution and add BadChars for backslash and quote in flowise_js_rce 2025-11-21 19:34:33 +01:00
sfewer-r7 b8cefb1af9 add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process 2025-11-21 15:54:41 +00:00
Zedeldi da33eed842 Use fail_with instead of a check method 2025-11-21 14:02:05 +00:00