adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,127 Commits 27 Branches 1,043 Tags
2b58dec0f36bcdd6dd6e49db7700a3a408eec9c3
Commit Graph

5087 Commits

Author SHA1 Message Date
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik e1982475ca replaced the noisy check method with a silent one 2025-12-05 11:32:07 -08:00
vognik 7b8c08d778 some refactoring 2025-12-05 10:47:06 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik 918f474fc6 fixed the nits 2025-12-05 00:47:19 -08:00
vognik 3669e3cdcc add unused code 2025-12-05 00:25:21 -08:00
vognik b6188e6f50 fix target_uri error 2025-12-05 00:12:52 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik a12431e1a3 add suggestions from @sfewer-r7 2025-12-04 23:58:22 -08:00
Maksim Rogov 5b299a0489 Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-12-05 10:10:51 +03:00
Maksim Rogov d9977f31fc Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-12-05 10:10:35 +03:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik bff7d0836a change execSync to exec 2025-12-04 22:54:35 -08:00
vognik 23e5f68c87 remove debug 2025-12-04 22:44:23 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
Valentin Lobstein 0ccffdd5ff Fix wp_ai_engine_mcp_rce: handle existing users by updating password via MCP fields API 2025-12-03 00:41:16 +01:00
Valentin Lobstein b1b41017c1 Use CheckCode constants instead of string comparison in check method 2025-11-27 22:53:32 +01:00
Valentin Lobstein 4d24789d04 Make USERNAME, PASSWORD, and EMAIL datastore options required 2025-11-27 22:52:19 +01:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
Valentin Lobstein 819b259b4c Apply reviewer suggestions 2025-11-26 18:27:52 +01:00
Valentin Lobstein 9661bfe252 Update modules/exploits/multi/http/monsta_ftp_downloadfile_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-26 17:54:12 +01:00
Valentin Lobstein e3a2148660 Update modules/exploits/multi/http/monsta_ftp_downloadfile_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-26 17:53:40 +01:00
Valentin Lobstein 2b71c84d80 Improve code quality: simplify methods, use dig, compile regex, remove unnecessary variables 2025-11-23 05:40:49 +01:00
Valentin Lobstein 1a93bf7634 Update disclosure date to 2025-11-04 2025-11-23 05:27:19 +01:00
Valentin Lobstein 080230edd0 Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749) 2025-11-23 03:56:11 +01:00
Valentin Lobstein 8c432302b0 Fix code quality improvements and optimizations 2025-11-22 04:15:57 +01:00
msutovsky-r7 8f2525aba7 Land #20705, adds modules for Flowise RCEs (CVE-2025-59528, CVE-2025-8943) 
Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943)
 2025-11-21 21:20:22 +01:00
Valentin Lobstein e91086a1d0 Fix disclosure date for CVE-2025-34299 2025-11-21 20:49:34 +01:00
Valentin Lobstein 8cffe50470 Add Monsta FTP downloadFile RCE (CVE-2025-34299) 2025-11-21 20:43:37 +01:00
Valentin Lobstein 8702256ec2 Remove manual substitution and add BadChars for backslash and quote in flowise_js_rce 2025-11-21 19:34:33 +01:00
Valentin Lobstein 6215da4754 Apply review suggestions: use case/when, improve error handling, simplify code 2025-11-20 22:41:08 +01:00
Valentin Lobstein 8cd32c04ea Update modules/exploits/multi/http/flowise_js_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-20 21:55:43 +01:00
Valentin Lobstein db082959f4 Update modules/exploits/multi/http/flowise_custommcp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-20 21:55:20 +01:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Valentin Lobstein 9624f75617 Simplify code formatting: shorten lines and improve readability 2025-11-19 23:05:01 +01:00
Valentin Lobstein 3102b31767 Move FETCH_COMMAND WGET to Unix/Linux target DefaultOptions only 2025-11-19 22:59:22 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
Valentin Lobstein df1c157471 Improve Flowise CustomMCP RCE exploit stability with Basic Auth support and HTTP response validation 2025-11-19 20:12:31 +01:00
Valentin Lobstein f991bd58a4 Update modules/exploits/multi/http/flowise_custommcp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:57:48 +01:00
Valentin Lobstein 7ba143452c Change checkcode 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:57:03 +01:00
Valentin Lobstein 8178313a46 Delete SSL param 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:56:43 +01:00
Valentin Lobstein a187b9824e Remove CVE ID from title 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:56:23 +01:00
Christophe De La Fuente 179a545312 Remove false positive references 2025-11-19 17:34:15 +01:00
Valentin Lobstein b26c4f5c7b Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:25:39 +01:00
Valentin Lobstein 88aadcc856 Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:03:59 +01:00