adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,177 Commits 27 Branches 1,043 Tags
408eceb2d96ea3c703d3bb3622daefd26cebb1bb
Commit Graph

38572 Commits

Author SHA1 Message Date
h00die-gr3y 85b4233345 updated module based on review comments and added documentation 2025-11-03 10:21:31 +00:00
h00die-gr3y 83e7fc2667 update attackerkb reference 2025-11-02 18:26:34 +00:00
h00die-gr3y e01456bcf4 init commit module 2025-11-02 17:45:22 +00:00
jheysel-r7 8251d89e92 Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce 
Adds module for PivotX RCE (CVE-2025-52367)
 2025-08-12 12:28:28 -07:00
Jack Heysel 0273f1474f Added incorrect creds check 2025-08-12 10:42:46 -07:00
jheysel-r7 e59a24823b Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce 
Wazuh Server authenticated RCE [CVE-2025-24016]
 2025-08-12 09:22:22 -07:00
adfoster-r7 a1630c0b81 Improve login summary for ldap schannel scanner 2025-08-11 16:47:02 +01:00
adfoster-r7 2734daec0f Merge pull request #20459 from adfoster-r7/consolidate-pkcs12-cert-file-reads 
Consolidate pkcs12 cert file reads
 2025-08-11 15:53:38 +01:00
adfoster-r7 ced20bf15a Consolidate pkcs12 cert file reads 2025-08-11 14:28:47 +01:00
msutovsky-r7 e8b441a5d3 Land #20012, MeterpreterOptions break-up and default extension loading removal 
MeterpreterOptions break-up and default extension loading removal
 2025-08-07 15:28:56 +02:00
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Brendan b6dc0860e7 Merge pull request #20409 from sfewer-r7/sharepoint-hax 
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
 2025-08-06 14:24:28 -05:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
h00die-gr3y 70f2cbe055 simplified cleaning procedure 2025-08-06 08:22:06 +00:00
msutovsky-r7 8914520139 Land #20418, adds auto selection feature for password crackers 
Adds auto selection of cracker for password crackers
 2025-08-05 15:39:50 +02:00
msutovsky-r7 c99702c8bf Land #20446, adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611) 
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
 2025-08-05 09:29:36 +02:00
Chocapikk a81884fb9e Update metadata 2025-08-04 17:53:29 +02:00
Chocapikk 2c9053c45e Refactor fingerprint detection, cookie handling and per-cookie injection 
- Centralize JS fingerprint checks in `check`
- Memoize `get_valid_cookies` correctly and reuse a single `cookie_jar`
- Update `inject_command` to test payload on each cookie separately
 2025-08-04 17:49:34 +02:00
Valentin Lobstein 26099da7a2 Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:03:04 +02:00
Valentin Lobstein 46b3012cda Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:47 +02:00
Valentin Lobstein a6d86fbe59 Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:35 +02:00
dledda-r7 6d60db195b feat: bump metasploit_payloads-mettle gem to 1.0.45 2025-08-04 10:14:38 -04:00
msutovsky-r7 5fd6184494 Land #20423, adds malicious XDG Desktop fileformat module 
Add Malicious XDG Desktop File module
 2025-08-04 11:44:02 +02:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
Diego Ledda da7ee9d9f8 Update modules/payloads/stages/php/meterpreter.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 11:19:57 +02:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
Hakil 3e47e4a08b Fixed "]}" -> "}]" 2025-08-02 14:18:28 +02:00
Desiree05 8d3a35f332 Fixing issue #20436 
The module did not initialize the variable uri
 2025-08-01 10:48:54 +01:00
Martin Sutovsky c9e0c7171b Adds cleanup method 2025-08-01 10:01:50 +02:00
Martin Sutovsky 2328b40df7 Unifies parenthesis in fail_with calling, whitespaces fixes, changing CheckCode::Unknown to CheckCode::Detected 2025-08-01 09:34:47 +02:00
dwelch-r7 540e8b91d0 Merge pull request #20433 from msutovsky-r7/module/fix/disclosure_date 
Fixes disclosure date in exploit/linux/http/pandora_fms_auth_netflow_rce.rb
 2025-07-31 12:01:01 +01:00
Martin Sutovsky d2175c372f Fixes disclosure date 2025-07-31 12:58:28 +02:00
msutovsky-r7 333b5278ac Land #20428, fixes available payload space in exploits/windows/misc/achat_bof 
Fix achat_bof by increasing the available payload space
 2025-07-31 07:42:32 +02:00
Jack Heysel ff724d0b5c Deregister SMBUser 2025-07-30 15:28:56 -07:00
Jack Heysel e88883c82b ESC9, ESC10 ESC16 exploit support 2025-07-30 15:08:14 -07:00
h00die-gr3y 3d0cfd0dfc update module + documentation based on review comments 2025-07-30 20:24:56 +00:00
Spencer McIntyre 3fb2477fbf Increase payload space 2025-07-30 16:13:19 -04:00
Jack Heysel 13df676863 Update validate method fix failed test 2025-07-30 12:13:33 -07:00
Jack Heysel 8179de6cea ESC9 ESC10 and ESC16 detection 2025-07-30 11:46:57 -07:00
Hakil 1161954677 correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:11:06 +02:00
Hakil 18b611f199 correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:10:49 +02:00
Hakil dc787b1947 correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:10:31 +02:00
Hakil e44f54fda0 correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:10:03 +02:00
Hakil 2a70b78316 correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:09:45 +02:00
Hakil 6ccc49523c correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:09:13 +02:00
h00die-gr3y 4b52708357 update module + documentation based on review comments 2025-07-30 11:39:20 +00:00
Martin Sutovsky 16a5fa2881 Fixing typos 2025-07-30 07:23:50 +02:00
Martin Sutovsky d3f6faa99d Adjust cracker modules 2025-07-29 17:07:03 +02:00
Martin Sutovsky cf243b5d5c Adds auto option support, updates crack_database.rb accordingly 2025-07-29 15:44:48 +02:00
Hakil f454954b0a requested change resolved, PR #20418 2025-07-29 14:22:02 +02:00