adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,232 Commits 27 Branches 1,043 Tags
36b29fb458bf22d520fe0cd3fc96069a9af2478e
Commit Graph

4486 Commits

Author SHA1 Message Date
gregd 36b29fb458 Add vulnerable environment setup guide to module documentation 
Step-by-step minikube-based setup for deploying a vulnerable
che-machine-exec instance for module verification.
 2026-02-19 11:27:27 +00:00
gregd c225256956 Add meterpreter scenario and redact IPs in documentation 2025-12-31 15:37:46 +00:00
gregd 475846ea2a Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548) 
This module exploits an unauthenticated RCE vulnerability in the
Eclipse Che machine-exec service. The service accepts WebSocket
connections without authentication on port 3333, allowing command
execution via JSON-RPC.

Affects Red Hat OpenShift DevSpaces environments.
 2025-12-30 21:14:55 +00:00
Brendan 3015c9f962 Merge pull request #20792 from sfewer-r7/hpe_oneview_rce 
Add unauth RCE exploit module for HPE OneView (CVE-2025-37164)
 2025-12-19 17:41:51 -06:00
Brendan b12ebc95c0 Merge pull request #20754 from h00die/assist_tech 
assistive technology persistence
 2025-12-19 16:33:21 -06:00
sfewer-r7 d40a35acdb the version logic changes, update the docs 2025-12-19 15:48:07 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
Valentin Lobstein e9467cd1e3 Clarify file-based session storage requirements and exploit limitations 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2025-12-09 19:26:30 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
Brendan caa672231b Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support 
Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x
 2025-12-08 17:43:49 -06:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
h00die 42b6a307ac markdown 2025-12-06 19:58:36 -05:00
h00die a2f266068b assistive technology persistence 2025-12-06 13:05:32 -05:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik baa0a11492 small fixes 2025-12-05 00:11:44 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Tarek Nakkouch 3c4fdfcad0 Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module (CVE-2025-66294) 2025-12-05 00:01:56 +01:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
Valentin Lobstein 296e931b7d Fix WordPress lab permissions in documentation 2025-12-04 01:39:25 +01:00
Valentin Lobstein b3fc1b05e5 Add WordPress King Addons privilege escalation exploit (CVE-2025-8489) 2025-12-04 01:37:40 +01:00
SaiSakthidar 98dd33a3cd Remove CAIN 2025-12-03 15:42:57 -05:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Valentin Lobstein 4ff9fd4542 Apply reviewer suggestions and remove unnecessary Options section from documentation 2025-11-25 23:48:39 +01:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
Valentin Lobstein be7ad39127 Fix reference URL in documentation to correct Searchlight Cyber research article 2025-11-24 23:26:29 +01:00
Valentin Lobstein 9ef10eeea8 Update documentation with complete Docker lab setup files 2025-11-24 21:12:14 +01:00
Valentin Lobstein 1623660bec Add Magento SessionReaper (CVE-2025-54236) exploit module 2025-11-24 21:04:20 +01:00
Zedeldi 4b2798f357 Correct vulnerable version information 2025-11-24 17:10:51 +00:00
Zedeldi ce926fd3d1 Update vulnerable IGEL OS version to < 11.09.310 2025-11-24 11:57:18 +00:00
Zedeldi 933fb7bdf1 Add clean-up information 2025-11-24 11:43:46 +00:00
Zedeldi 002795c5be Update module information in documentation 2025-11-24 11:24:23 +00:00
Valentin Lobstein 080230edd0 Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749) 2025-11-23 03:56:11 +01:00
Brendan 21777b8969 Merge pull request #20685 from msutovsky-r7/persistence/windows/notepad++_persistence 
Adds notepad++ persistence module for Windows
 2025-11-21 14:28:28 -06:00