adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,279 Commits 27 Branches 1,043 Tags
3f2a07bdcaddfac2ddf05c31400a749c2e88404c
Commit Graph

4631 Commits

Author SHA1 Message Date
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
Valentin Lobstein 76d103e483 Fix: Bootstrap cycle tables and update lab documentation 
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
 2026-02-27 14:33:04 +01:00
Valentin Lobstein 402ed5d50b Docs: Clarify 41086aaa is a pinned vulnerable commit on alpha branch 2026-02-26 17:18:22 +01:00
msutovsky-r7 45c058d6f1 Land #21005, adds gnu inetutils auth bypass module against a Synology NAS to documentation 
add dsm target exploitation to gnu telnetd docs
 2026-02-25 16:49:30 +01:00
msutovsky-r7 fae76b2961 Land #20978, adds module BeyondTrust unauth command injection (CVE-2026-1731) 
Add CVE-2026-1731 support and modernize targets for BeyondTrust PRA/R…
 2026-02-25 14:18:59 +01:00
msutovsky-r7 7dcc036b6d Land #21006, adds module for Ollama path traversal RCE (CVE-2024-37032) 
Add Ollama path traversal RCE module (CVE-2024-37032)
 2026-02-25 13:06:09 +01:00
msutovsky-r7 002daf8d7d Merge branch 'beyondtrust-rce-2026' into collab/exploit/beyondtrust/cve-2026-1731 2026-02-25 12:53:37 +01:00
msutovsky-r7 12e21e4c66 Fixes documentation 2026-02-24 12:23:26 -05:00
Valentin Lobstein 5aeff61b26 Fix: Address PR review feedback for Ollama RCE module 
Co-Authored-By: msutovsky-r7 <190406428+msutovsky-r7@users.noreply.github.com>
 2026-02-24 17:51:23 +01:00
msutovsky-r7 51af9d0ff1 Adds documentation 2026-02-24 10:25:49 -05:00
Brendan 1ddee63f05 Merge pull request #20983 from sfewer-r7/0day-grandstream 
Add exploit (CVE-2026-2329) and auxiliary modules for the Grandstream GXP1600 series
 2026-02-24 08:50:42 -06:00
msutovsky-r7 62a466cbed Land #20819, adds WSL startup folder persistence module 
wsl startup folder persistence
 2026-02-24 07:59:11 +01:00
h00die ece2374532 target user for wsl_startup_folder 2026-02-21 21:04:40 -05:00
Valentin Lobstein b17d227d28 Feat: Add Ollama path traversal RCE module (CVE-2024-37032) 2026-02-21 16:52:43 +01:00
h00die a24f53f2b6 add dsm exploitation to telnetd docs 2026-02-21 10:27:47 -05:00
Valentin Lobstein 05c12bb033 Feat: Add three MajorDoMo unauthenticated RCE modules 
- CVE-2026-27174: Console eval RCE via missing exit after redirect
- CVE-2026-27175: Command injection via rc/index.php + cycle_execs race condition
- CVE-2026-27180: Supply chain RCE via update URL poisoning in saverestore module

All three modules include documentation with Docker lab setup instructions.
 2026-02-21 08:34:31 +01:00
Brendan 1f547f19fb Merge pull request #20832 from DataExplorerX/doc-linux-samba-module 
Add documentation for linux/samba/chain_reply module (CVE-2004-0883)
 2026-02-20 18:12:05 -06:00
Brendan 7f8b18d7dc Update documentation/modules/exploit/linux/samba/chain_reply.md 2026-02-20 17:45:14 -06:00
Brendan fcb41a2275 Update documentation/modules/exploit/linux/samba/chain_reply.md 
Update documentation to point to a specific wayback machine page since the original does not exist, and a few of the wayback machine links are also broken.
 2026-02-20 17:42:34 -06:00
msutovsky-r7 f2262a84cc Land #20841, adds persistence module for Windows feature active setup 
active setup persistence
 2026-02-20 10:46:45 +01:00
msutovsky-r7 b6f37bef11 Land #20976, adds module for StoryChief WP plugin (CVE-2025-7441) 
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
 2026-02-19 10:06:25 +01:00
Diego Ledda c6f7d03d03 Merge pull request #20919 from h00die/emacs 
emacs extension persistence
 2026-02-18 10:58:13 -05:00
Nayeraneru a48129b640 Updated doc after checking msftidy_docs 2026-02-18 16:58:51 +02:00
Diego Ledda 8af82dc7eb Merge pull request #20844 from 6a6f656c/userinit 
Windows Userinit persistence
 2026-02-18 06:05:04 -05:00
Diego Ledda 9f301549e8 Update documentation/modules/exploit/windows/persistence/registry_userinit.md 
Co-authored-by: h00die <h00die@users.noreply.github.com>
 2026-02-18 11:46:11 +01:00
sfewer-r7 08efa9cd16 add in the Grandstream modules 2026-02-17 22:33:46 +00:00
6a6f656c 7e50106cff Apply suggestion from @dledda-r7 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2026-02-17 07:17:03 -05:00
Nayeraneru 8ee79fa524 Add StoryChief WordPress 1.0.42 unauthenticated RCE module 2026-02-16 00:44:20 +02:00
LucasCsmt a39ed2beac Removing default version in the Dockerfile 2026-02-13 15:14:41 +01:00
LucasCsmt bbfe139e7f Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 15:01:52 +01:00
LucasCsmt 2b6d95d3c9 Adding a scenario in the documentation 
The documentation for PHP Fetch have been added. The scenario have been
redone in order to track the last changes.
 2026-02-13 15:01:17 +01:00
LucasCsmt 381972efd2 Changing the documentation 
According to the recent change, i've changed the documentation and the
scenario outputs.
 2026-02-13 14:05:29 +01:00
Diego Ledda a4ec3cd40d Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce 
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
 2026-02-13 06:51:42 -05:00
msutovsky-r7 7e03a89304 Land #20798, adds module for FreeBSD rtsold/rtsol command injection (CVE-2025-14558) 
Add module for rtsold/rtsol DNSSL Command Injection (CVE-2025-14558)
 2026-02-13 10:57:03 +01:00
LucasCsmt 78f4b8f97d Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 08:50:23 +01:00
Spencer McIntyre 35b52df28a Merge pull request #20849 from haicenhacks/haicen_xerte 
Add three modules for exploiting Xerte Online Toolkits
 2026-02-12 15:01:42 -05:00
Spencer McIntyre 41414b896b Tweak whitespacing in the docs for the renderer 2026-02-12 14:43:47 -05:00
haicen 7204c64b6b Improves documentation 2026-02-12 12:05:29 -05:00
haicen 66139795e5 Fixes problems with module documentation 2026-02-11 18:20:06 -05:00
jheysel-r7 4adf87ac18 Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061 
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
 2026-02-11 11:12:29 -08:00
JohannesLks 9512135c84 Merge branch 'master' into rtsold_dnssl_cmdinject 2026-02-10 16:19:53 -05:00
sfewer-r7 58dd29107f remove SMB_SRVPORT as an option. It must allways be 445 so the user cannot change it. We print a message to inform the user this port is intended to be in use so that the SMB server is not compleatly opaque. 2026-02-05 17:21:31 +00:00
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
LucasCsmt eb5507844b Testing the module on different version 
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
 2026-02-05 12:36:26 +01:00
sfewer-r7 40073bcc8e typo in docs 2026-02-05 09:00:15 +00:00
sfewer-r7 50f46aa85d add docs 2026-02-04 20:36:10 +00:00
LucasCsmt 4d65f15884 Adding a link to the CVE 2026-02-04 16:17:15 +01:00
LucasCsmt ca5ceae1b3 Adding documentation to the churchcrm module 
The documentation of the module is addedd.
 2026-02-04 16:04:42 +01:00
Valentin Lobstein 628c5ee7af Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs 2026-02-04 08:38:32 +01:00
Valentin Lobstein 478345506e Add Gladinet CentreStack/Triofox auxiliary modules and exploit 2026-02-04 08:38:31 +01:00