adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,154 Commits 27 Branches 1,043 Tags
441b671edd1531ceb457017fa7600aeee42072f7
Commit Graph

2001 Commits

Author SHA1 Message Date
Diego Ledda b2e28efa48 Land #19781, Add Selenium file read auxiliary module 
Land #19781, Add Selenium file read auxiliary module
 2025-01-08 13:54:04 +01:00
jheysel-r7 f475b9d4d6 Merge pull request #19749 from zeroSteiner/fix/mod/ntp_nak_to_the_future 
Fix ntp_nak_to_the_future
 2025-01-07 09:01:15 -08:00
Spencer McIntyre e5e06572fb Add documentation to the module with testing steps 2025-01-07 09:14:08 -05:00
jheysel-r7 817557c589 Merge pull request #19614 from vultza/onedev-file-read 
OneDev Unauthenticated Arbitrary File Read (CVE-2024-45309)
 2025-01-06 18:57:35 -08:00
Takah1ro 11c1b726cf Improve 
* add timeout option
  * print session info
  * apply suggestions (#19769)
 2025-01-04 11:54:31 +09:00
Takah1ro 9d664a36f0 Add Selenium file read auxiliary module 2025-01-01 11:55:35 +09:00
vultza 814cdb354f fix typo 2024-12-27 14:45:05 +00:00
Spencer McIntyre 56152fd359 Add docs for the new timeroast module 2024-12-19 09:29:05 -05:00
Spencer McIntyre f36d786736 Merge pull request #19696 from smashery/add_user_module 
Add user module
 2024-12-10 11:26:49 -05:00
Spencer McIntyre f05145dd1e Tweak the documentation verbiage slightly 2024-12-10 10:58:17 -05:00
Diego Ledda 095bd946f4 docs: updated docs 2024-12-10 15:35:16 +01:00
Aaryan Golatkar bd1320f722 Merge branch 'rapid7:master' into wp_perfect_survey_sqli 2024-12-09 23:17:20 +05:30
Spencer McIntyre 8b93f1a087 Merge branch 'master' into smb_change_pw 2024-12-09 09:37:45 -05:00
Spencer McIntyre 909476ee64 Merge pull request #19671 from smashery/ldap_change_pw 
LDAP Change Password module
 2024-12-06 17:13:50 -05:00
aaryan-11-x 500df59156 Changed plaintext to sh for better looking output 2024-12-06 12:44:50 +05:30
aaryan-11-x 547bc96603 Modified the output in the document 2024-12-06 12:43:20 +05:30
aaryan-11-x f426dc6c20 msftidy_docs Fixes 2024-12-06 12:02:18 +05:30
aaryan-11-x 897dfcd328 Added documentation of the auxiliary module 2024-12-06 11:57:04 +05:30
Ashley Donaldson 75a334ca0a Changes from code review 2024-12-06 16:05:53 +11:00
Ashley Donaldson 7c46d4d02d Updated text to be clearer about the AES kerberos behaviour 2024-12-06 14:28:44 +11:00
Ashley Donaldson d5b2d760e8 Updated ancillary documentation 2024-12-06 07:53:19 +11:00
Spencer McIntyre d22c6996be Merge pull request #18877 from h00die/xspy 
New module to replicate xspy tool (and X11 library)
 2024-12-02 13:38:37 -05:00
jheysel-r7 c4b7954f15 Land #19596, Wordpress Plugin Post SMTP Account Takeover 2024-11-29 09:05:03 -08:00
h00die 1906646e67 peer review 2024-11-28 13:18:47 -05:00
jheysel-r7 7de3d117b8 Land #19582 Acronis Cyber Backup/Protect Info Disclosure 2024-11-27 07:50:16 -08:00
Ashley Donaldson cd780e4339 Added documentation 2024-11-22 13:12:38 +11:00
adfoster-r7 d9d7f1a898 Merge pull request #19654 from h00die/strapi 
strapi 3.0.0 beta 17.4 password reset (CVE-2019-18818)
 2024-11-21 12:35:30 +00:00
Ashley Donaldson afc735f4a4 Add documentation 2024-11-20 15:36:36 +11:00
Spencer McIntyre f7e210d3e9 Merge pull request #19624 from cdelafuente-r7/fix/mod/ms_icpr 
Fix a crash when generating CSRs with OpenSSL 3.4.0
 2024-11-19 10:58:52 -05:00
h00die 219981227d Update documentation/modules/auxiliary/scanner/http/strapi_3_password_reset.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2024-11-16 15:36:00 -05:00
h00die 6629d5dff2 strapi password reset 2024-11-15 15:12:34 -05:00
Ashley Donaldson 3e3e81ff22 Update documentation with new datastore options 2024-11-14 15:15:06 +11:00
Christophe De La Fuente 24e19e4ebb Update the ESC8 relay module to use the new helper 
It also fixes some unrelated minor issues found in the module and the documentation
 2024-11-12 18:23:31 +01:00
Ashley Donaldson d396d06e35 Enable adding Users, not just computers (if permissions allow) 
Also added extra error handling for when password is wrong or expired
 2024-11-12 12:33:29 +11:00
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
Spencer McIntyre 006ed90f1c Move the ESC8 module and document the attack 2024-11-04 09:37:12 -05:00
h00die 2b593bcf54 wp_post_smtp_acct_takeover peer review 2024-11-03 13:52:55 -05:00
vultza 8f2f0c7b37 typo on documentation 2024-11-02 15:08:37 +00:00
vultza f0abc0da69 Add documentation 2024-11-02 00:47:32 +00:00
jheysel-r7 ea45d83562 Land #19499, Adds SolarWinds Help Desk Backdoor module 
This adds a new module which exploits a backdoor in SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 which enables attackers to retrieve all tickets currently logged in the application.
 2024-10-31 12:17:32 -04:00
jheysel-r7 2e8892cb01 Land #19517, Add WooCommerce SQLi module 
This adds a new auxiliary module that exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress (versions <= 2.8.2). The vulnerability allows attackers to execute SQL queries via the order parameter which can be used to dump usernames and their hashed passwords.
 2024-10-31 12:09:55 -04:00
h00die 65efd07935 docs for wp_post_smtp 2024-10-30 15:38:46 -04:00
jheysel-r7 87af327507 Merge branch 'master' into wp_ultimate_member_sorting_sqli 2024-10-29 16:34:10 -04:00
Chocapikk 7ccb2991f6 Improve nonce detection, fix bug 2024-10-29 19:41:47 +01:00
h00die-gr3y 5aaf0b22cd update based on review comments of adfoster-r7 2024-10-25 10:41:10 +00:00
h00die-gr3y 4a1d31f239 small update on the documentation 2024-10-23 10:36:59 +00:00
h00die-gr3y d6e080a253 first release module + documentation 2024-10-23 10:25:43 +00:00
Christophe De La Fuente ae213813b5 Updates from code review 2024-10-22 14:41:02 +02:00
h4x-x0r d950bf7bb3 updated 
updated
 2024-10-21 20:51:41 +01:00
Spencer McIntyre 6ca0bb74fd Add workflow docs 2024-10-17 11:23:31 -04:00