adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,642 Commits 27 Branches 1,043 Tags
3f757d9880f02534cdfd8d45e13f532dcf3a4c3e
Commit Graph

7727 Commits

Author SHA1 Message Date
Spencer McIntyre 34c7a18ef4 Merge pull request #21217 from dineshg0pal/fix/small-typo-fixes 
Fix: small typo's in Documentation
 2026-04-01 12:38:25 -04:00
Dinesh b668069682 fix: corrected SHA12 to SHA512 2026-04-01 21:32:28 +05:30
Dinesh 7bdfdf9703 fix: removed extra "use" in cmd lines 2026-04-01 21:29:21 +05:30
Dinesh fe0c7e4e97 fix: removed "are" duplicate 2026-04-01 21:25:00 +05:30
Dinesh 2d4c3e748e fix: removed duplicate "which" 2026-04-01 21:22:38 +05:30
Christophe De La Fuente 09a59af789 Merge pull request #21069 from Chocapikk/add-module-freescout-htaccess-rce 2026-03-31 18:09:30 +02:00
msutovsky-r7 6d4b268f9f Land #21029, adds module for Grav CMS (CVE-2025-50286) 
Adds exploit module for Grav CMS (CVE-2025-50286)
 2026-03-31 14:47:44 +02:00
cgranleese-r7 e5e18383a2 Merge pull request #21187 from Devansh7006/patch-1 
Improve HTTP PUT module documentation
 2026-03-31 13:03:56 +01:00
cgranleese-r7 55152da83a Merge pull request #21186 from Devansh7006/add-wordpress-pingback-doc 
Add documentation for wordpress_pingback_access module
 2026-03-31 11:40:24 +01:00
Devansh7006 b9666f5f0e Improve formatting and clarity of WordPress pingback module 
Reformatted the verification steps and options for clarity. Removed redundant lines and added example usage.
 2026-03-31 12:40:19 +05:30
Devansh7006 d3a1bdaa88 Fix HTTP PUT module documentation formatting and structure 
Updated example usage and added details for the PUT action.
 2026-03-31 12:28:17 +05:30
bcoles b17a5727b5 Improve post/linux/gather/enum_protections module 
* Add system hardening checks
* Add detection for modern security tools
* Add module documentaiton
 2026-03-29 15:07:56 +11:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
Devansh7006 bccbf35950 Enhance documentation for WordPress pingback module 
Updated verification steps and added example run for clarity.
 2026-03-27 17:07:24 +05:30
Devansh7006 e56610b530 Enhance documentation for HTTP PUT scanner module 
Added verification steps and detailed options for HTTP PUT scanner.
 2026-03-27 16:45:55 +05:30
Devansh7006 63ad9b06bf Refactor WordPress Pingback Access documentation 
Removed redundant sections and improved formatting for clarity.
 2026-03-27 16:39:37 +05:30
cgranleese-r7 ab4f24db5d Merge pull request #21149 from Adithyadspawar/add-auxiliary-scanner-docs 
Add documentation for auxiliary scanner modules
 2026-03-27 11:02:43 +00:00
Devansh7006 8e2e293062 Improve HTTP PUT module documentation 
Updated the documentation for the HTTP PUT File Upload Scanner module to clarify usage and options.
 2026-03-27 15:33:23 +05:30
Devansh7006 93fb3b464b Add WordPress Pingback Access Scanner documentation 
This document outlines the WordPress Pingback Access Scanner module, its verification steps, options, and scenarios for use in security assessments.
 2026-03-27 15:04:49 +05:30
x1o3 d12e3945fe plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:47:30 +05:30
x1o3 de81c5f0dc plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:45:20 +05:30
msutovsky-r7 0976f88058 Land #20835, adds module unauthenticated command injection Eclipse Che machine-exec (CVE-2025-12548) 
Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548)
 2026-03-25 14:39:01 +01:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Brendan 7ea60dd7d1 Merge pull request #20478 from futileskills/escpos-injector-module 
Create escpos_tcp_command_injector.rb
 2026-03-24 14:40:27 -05:00
jheysel-r7 81faae13ca Merge pull request #21033 from Alpenlol/barracuda-esg-cve-2023-2868 
Add exploit for CVE-2023-2868 Barracuda ESG command injection
 2026-03-23 13:18:34 -07:00
Adithyadspawar 6326f14768 Add documentation for 5 auxiliary scanner modules 2026-03-19 22:59:00 +05:30
Adithyadspawar 20c265dc32 Add documentation for 5 auxiliary scanner modules 
Add module documentation for:
- auxiliary/scanner/http/apache_activemq_traversal
- auxiliary/scanner/http/drupal_views_user_enum
- auxiliary/scanner/http/coldfusion_version
- auxiliary/scanner/http/elasticsearch_traversal
- auxiliary/scanner/ftp/bison_ftp_traversal

Fixes #12389
 2026-03-19 20:19:26 +05:30
Brendan 5b5d1dbfaa Merge pull request #21076 from Chocapikk/avideo-encoder-getimage-cmd-injection 
Add AVideo Encoder getImage.php command injection (CVE-2026-29058)
 2026-03-18 18:46:32 -05:00
Valentin Lobstein 3414611a3d Refactor: Use inherited SSL option from HttpClient instead of HTTPSSL 2026-03-14 00:07:28 +01:00
Valentin Lobstein c5c6c34232 Refactor: Remove HTTPSSL option, auto-detect SSL from port 443 2026-03-14 00:04:49 +01:00
Valentin Lobstein db3654eebf Fix: Address Copilot review feedback and fix cmd/dropper targets 
- Fix http_send: use standalone Rex::Proto::Http::Client to avoid
  SMTPDeliver/HttpClient connect() method conflict
- Fix cmd/dropper PHP stub: remove double $$ variable (vars[:cmd_varname]
  already includes $ prefix)
- Fix cmd/dropper unlink: use cleanup POST param instead of inline
  @unlink to preserve shell across multiple stager requests
- Fix wait_for_cron: use .to_i % fetch for correct modulo calculation
- Fix dir_exists?: use res&.redirect? instead of res&.code == 301
- Fix docs: RHOSTS -> RHOST (SMTPDeliver registers singular RHOST)
- Remove manual Date header (SMTPDeliver handles it)
- Update scan_paths comment to reflect MD5 digit extraction
- Replace php_exec_cmd with manual preamble + system_block stub
 2026-03-13 23:38:30 +01:00
Valentin Lobstein 8ad5924bf1 Fix: Use parent of fix commit (78178d1~1) for vulnerable Encoder checkout 2026-03-13 22:59:51 +01:00
Valentin Lobstein 8d44dcd1fb Fix: Lab setup documentation for first-time environments 
- Fix DB permissions (bind mount creates files as www-data instead of mysql)
- Force table creation (cli.php skips it when configuration.php already exists)
- Revert entire Encoder working tree, not just getImage.php (78178d1 patched multiple files)
- Run git checkout from inside the container to avoid safe.directory issues
 2026-03-13 22:55:23 +01:00
adfoster-r7 fed897ae72 Merge pull request #21074 from jeanmtr/pop3_login-doc 
Docs for pop3_login
 2026-03-13 11:28:24 +00:00
Curt Hyvarinen 63561130af Address PR review feedback for CVE-2023-2868 module 2026-03-12 12:59:30 -07:00
Valentin Lobstein 5150a4b68b Docs: Clarify that .compose/encoder is a clone of AVideo-Encoder repo 
The commit c9861e9c exists in WWBN/AVideo-Encoder (not WWBN/AVideo).
Add a note explaining that .compose/encoder is a git clone created by
the container entrypoint, with a link to the correct repository.
 2026-03-11 22:05:23 +01:00
Valentin Lobstein 38e74740f3 Fix: Use correct commit hash for vulnerable getImage.php in lab setup 
The previous commit (e0c2768) did not touch getImage.php. Use c9861e9c
which is the last commit before the security patch (78178d1) that
modifies the file.
 2026-03-11 21:23:27 +01:00
Valentin Lobstein 6467b7261d Fix: Auto-provision admin user and fix filestore version downgrade in lab 2026-03-11 19:45:14 +01:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
Christophe De La Fuente 31665e1b88 Land #20730, Allow toggling the SACL in LDAP queries 
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
 2026-03-11 16:36:35 +01:00
x1o3 de72dcb88a fixes review feedback 2026-03-11 12:56:14 +05:30
FutileSkills 1f8dd57f79 Update CVE reference for ESC/POS command injector 2026-03-10 14:25:08 -05:00
Diego Ledda 1af0a49729 Merge pull request #21002 from Chocapikk/add-module-leakix-search 
Add LeakIX search module with 6 actions and bulk streaming
 2026-03-09 10:34:43 -04:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
jeanmtr e369660d18 Update pop3_login.md 
Another md issue
 2026-03-06 22:53:11 +01:00
jeanmtr 81431ea680 Update pop3_login.md 
markdown issue
 2026-03-06 22:51:26 +01:00
jeanmtr d2812ae9fc add documentation for the pop3_login.md module 2026-03-06 22:40:57 +01:00
Valentin Lobstein dfe73bb4c5 Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058) 
Unauthenticated OS command injection via the base64Url parameter in
getImage.php. The URL is interpolated into an ffmpeg shell command
without escapeshellarg(), and FILTER_VALIDATE_URL does not block
shell metacharacters in the URL path.
 2026-03-06 21:30:12 +01:00
Valentin Lobstein 9b7faea3c2 Feat: Add FreeScout ZWSP .htaccess RCE module (CVE-2026-28289) 2026-03-05 18:06:32 +01:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00