adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,279 Commits 27 Branches 1,043 Tags
3f2a07bdcaddfac2ddf05c31400a749c2e88404c
Commit Graph

291 Commits

Author SHA1 Message Date
Spencer McIntyre 3f2a07bdca Update #make_steal_credentials_payload to just take url 2026-03-03 09:37:27 -05:00
msutovsky-r7 7e937b3d5a Land #21010, adds reporting the service to Gitlab mixin 
Update Gitlab mixin logs
 2026-02-26 16:14:35 +01:00
Martin Sutovsky 0e60332411 Minor code changes 2026-02-25 14:46:34 +01:00
Martin Sutovsky 98b3357e2a Adds beyondtrust lib, moves functionality into library, shares those functions to two modules 2026-02-24 16:16:05 +01:00
Nayeraneru ae24f73a73 more simplification for gitlab_version function 2026-02-24 02:42:10 +02:00
Nayera 8df17c6c50 Simplifying version handling in GitLab exploit module 2026-02-24 02:26:14 +02:00
Nayera dd6a2f97e9 Apply suggestion from @msutovsky-r7 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-24 02:19:32 +02:00
Nayeraneru a8dcc9616c update gitlab mixin logs 2026-02-23 05:40:59 +02:00
Diego Ledda 81e54d42e4 Merge pull request #20856 from msutovsky-r7/exploit/cve-2026-21858 
Adds module for Ni8mare (CVE-2026-21858)
 2026-02-16 10:06:14 -05:00
msutovsky-r7 0a5eb04be1 Removes puts 2026-02-04 11:59:41 -05:00
Martin Sutovsky 6a1babf6c3 Updates docs, fixes JWT, module cleanup 2026-02-04 12:40:41 +01:00
Martin Sutovsky dbe8b5574f Updates JWT 2026-02-04 07:52:21 +01:00
Martin Sutovsky 9a18fcf49b Fixes JWT payload and base64 encoding 2026-02-02 14:13:51 +01:00
Martin Sutovsky a6e750518d Fixes basic JWT encoding, code refactors, add better failure codes and messages 2026-02-02 11:17:26 +01:00
Martin Sutovsky 32eaa4e80b Adds base for JWT signing 2026-02-02 08:05:32 +01:00
Jack Heysel 34cebd1453 Update CheckCode messaging 2026-01-22 15:03:32 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
vognik 9e320dd168 add suggestions from @jheysel-r7 2026-01-19 18:45:01 -08:00
vognik 9fbf4e1d67 replace vprint_status with print_status in login.rb module 2025-12-18 08:59:55 -08:00
vognik 59dc9dd59c fix error handling 2025-12-17 09:57:03 -08:00
vognik 6d059bd62e improve csrf token parsing 2025-12-17 09:53:28 -08:00
vognik 1d4b8ce10e add pagination support to get_apps function 2025-12-16 10:03:08 -08:00
vognik 35dd55159d extracted get_apps url into uris.rb 2025-12-13 11:35:25 -08:00
vognik ebd736272f fix variables naming 2025-12-13 11:21:08 -08:00
vognik b35c8b3926 remove unused function calls 2025-12-12 20:31:14 -08:00
vognik ee404d9453 add splunk modules (cve-2022-43571 and cve-2024-36985) 2025-12-12 13:16:57 -08:00
Valentin Lobstein 6215da4754 Apply review suggestions: use case/when, improve error handling, simplify code 2025-11-20 22:41:08 +01:00
Valentin Lobstein 11c64b8f10 Update lib/msf/core/exploit/remote/http/flowise.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-20 21:55:10 +01:00
Valentin Lobstein 6ab2452153 Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example 2025-11-19 22:58:27 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
jheysel-r7 96a83143f1 Merge pull request #20479 from msutovsky-r7/exploit/sitecore/postauth-rce 
Adds modules for Sitecore XP post-auth remote code executions (CVE-2025-34510, CVE-2025-34511)
 2025-09-11 11:25:27 -07:00
Martin Sutovsky fa64376c5c Adds comments for login function 2025-09-01 15:50:21 +02:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky 2533ddf441 Rubocoping 2025-08-26 12:42:28 +02:00
Martin Sutovsky b43b4c9f37 Updates library, addressing comments 2025-08-25 17:49:34 +02:00
Martin Sutovsky 4e113b1768 Addresses comments, adds exception for Pretalx, modifies aux module 2025-08-22 13:59:50 +02:00
Martin Sutovsky fb062075e3 Adds target, adds side effects 2025-08-21 15:21:16 +02:00
Martin Sutovsky 01c09bcfed Library fixes, refactoring exploit module 2025-08-21 09:22:21 +02:00
Martin Sutovsky 72dcc5a301 Library fix 2025-08-21 07:21:56 +02:00
Martin Sutovsky da5b20faa4 Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init 2025-08-20 10:59:22 +02:00
Martin Sutovsky ce1d0d1c27 Removes redundant code, unifies fail_with calling, adds advanced option for wait time 2025-08-01 10:51:52 +02:00
Martin Sutovsky d081d83aa6 Adds additional functionality for Pretalx 2025-07-31 14:53:49 +02:00
Martin Sutovsky 0d556253d3 Fix 2025-07-31 12:57:14 +02:00
Martin Sutovsky 38096c6988 Adding Pretalx functionality, expanding auxiliary module 2025-07-30 15:42:34 +02:00
Martin Sutovsky b276c50115 Making Pretalx functionality more robust 2025-07-28 10:53:24 +02:00
Valentin Lobstein 56f6a65e21 Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-19 04:04:25 +02:00
Valentin Lobstein 4a1f9e541e Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-19 04:04:14 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk 1863eddcd4 chore: add magic encoding comment to Ruby files 2025-07-16 22:32:20 +02:00