adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,232 Commits 27 Branches 1,043 Tags
36b29fb458bf22d520fe0cd3fc96069a9af2478e
Commit Graph

1000 Commits

Author SHA1 Message Date
gregd 36b29fb458 Add vulnerable environment setup guide to module documentation 
Step-by-step minikube-based setup for deploying a vulnerable
che-machine-exec instance for module verification.
 2026-02-19 11:27:27 +00:00
gregd c225256956 Add meterpreter scenario and redact IPs in documentation 2025-12-31 15:37:46 +00:00
gregd 475846ea2a Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548) 
This module exploits an unauthenticated RCE vulnerability in the
Eclipse Che machine-exec service. The service accepts WebSocket
connections without authentication on port 3333, allowing command
execution via JSON-RPC.

Affects Red Hat OpenShift DevSpaces environments.
 2025-12-30 21:14:55 +00:00
sfewer-r7 d40a35acdb the version logic changes, update the docs 2025-12-19 15:48:07 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
h00die b646e0e044 docs editing for consistency 2025-11-07 15:42:27 -05:00
h00die fb02ec4554 remove 4 space indents in options 2025-11-07 15:42:27 -05:00
h00die caa2873a14 more adjustments 2025-11-07 15:42:27 -05:00
h00die d8c73f6684 replace bold options with h3 2025-11-07 15:42:23 -05:00
Diego Ledda 110cb837aa Merge pull request #20672 from h00die-gr3y/centreon_auth_rce 
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
 2025-11-05 16:29:29 +01:00
h00die-gr3y 408eceb2d9 small update documentation 2025-11-03 10:27:44 +00:00
h00die-gr3y 85b4233345 updated module based on review comments and added documentation 2025-11-03 10:21:31 +00:00
Brendan 91c0adb17f Merge pull request #20585 from vognik/CVE_2025_60787 
Add MotionEye Authenticated RCE (CVE-2025-60787)
 2025-10-09 13:50:25 -05:00
Vognik 267a26b763 code review changes from smcintyre-r7@ 2025-10-09 21:51:31 +04:00
Diego Ledda 1314f5d0bb Merge pull request #20455 from Chocapikk/aitemi_m300_time_rce 
Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152)
 2025-09-10 10:12:41 +02:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky f43b141886 Fine-tunning docs 2025-08-27 21:18:03 +02:00
Martin Sutovsky 61a0d68d97 Fine-tuning docs 2025-08-27 19:22:46 +02:00
Martin Sutovsky 23f486dc53 Updates docs 2025-08-27 19:16:33 +02:00
Martin Sutovsky 7196786258 Clarifies docs 2025-08-27 18:12:54 +02:00
Martin Sutovsky d49870211b Adding exceptions to exploit module, bug fix for aux module, adds documentation for exploit module 2025-08-22 15:26:46 +02:00
Martin Sutovsky 72dcc5a301 Library fix 2025-08-21 07:21:56 +02:00
jheysel-r7 8251d89e92 Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce 
Adds module for PivotX RCE (CVE-2025-52367)
 2025-08-12 12:28:28 -07:00
jheysel-r7 e59a24823b Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce 
Wazuh Server authenticated RCE [CVE-2025-24016]
 2025-08-12 09:22:22 -07:00
Chocapikk baacd6f2bf Update CVE-ID in documentation 2025-08-07 21:54:38 +02:00
Chocapikk 87eb063460 Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152) 2025-08-07 18:34:49 +02:00
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Chocapikk 6ff04da954 Add LPE suggestions in documentation 2025-08-04 18:33:28 +02:00
Chocapikk 7d744c2a45 Update documentation 2025-08-04 17:51:42 +02:00
Valentin Lobstein c8f756dd37 Update documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:12 +02:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
msutovsky-r7 8130316de9 Removes unnecessary new line 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-08-01 10:02:46 +02:00
Martin Sutovsky 744188fb88 Updates docs 2025-08-01 09:40:08 +02:00
h00die-gr3y 3d0cfd0dfc update module + documentation based on review comments 2025-07-30 20:24:56 +00:00
h00die-gr3y 4b52708357 update module + documentation based on review comments 2025-07-30 11:39:20 +00:00
Martin Sutovsky 54c86cfc10 Addressing comments 2025-07-24 12:19:47 +02:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
Martin Sutovsky ed5c13330f Module init 2025-07-21 12:41:38 +02:00
h00die-gr3y 58704e9eab init module + documentation 2025-07-20 19:06:01 +00:00
adfoster-r7 8fe815da6f Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt 
Updates docs to reflect new default prompt
 2025-07-17 12:53:02 +01:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Diego Ledda ca9535e39a Update pandora_fms_auth_netflow_rce.md 2025-07-17 11:29:07 +02:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00