adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,152 Commits 27 Branches 1,043 Tags
4f2eafda096038f536a0ded0fd7e727cc112e512
Commit Graph

4874 Commits

Author SHA1 Message Date
Jonah Burgess 4f2eafda09 Changed error wording to remove patch specifics and loosen wording to 'may indicate' as there could be other reasons for the websocket exiting unexpectedly, e.g. using the cmd/unix/generic payload results in the error, even when target is vulnerable and the exploit succeeds 2026-02-25 10:11:18 +01:00
Jonah Burgess 0b78ab319e improved version checking (i think) 2026-02-25 10:11:18 +01:00
Jonah Burgess b43b204060 Add CVE-2026-1731 support and modernize targets for BeyondTrust PRA/RS RCE 2026-02-25 10:11:15 +01:00
Brendan 1ddee63f05 Merge pull request #20983 from sfewer-r7/0day-grandstream 
Add exploit (CVE-2026-2329) and auxiliary modules for the Grandstream GXP1600 series
 2026-02-24 08:50:42 -06:00
msutovsky-r7 62a466cbed Land #20819, adds WSL startup folder persistence module 
wsl startup folder persistence
 2026-02-24 07:59:11 +01:00
h00die ae65d5d9dc linux wsl startup cleanup now with windows path 2026-02-23 18:29:22 -05:00
sfewer-r7 1f5ad66248 comment gen_buffer to explain why this is needed 2026-02-23 13:04:42 +00:00
sfewer-r7 54f5b88baa clarify the offsets used in patch_offset2cmd 2026-02-23 12:39:37 +00:00
sfewer-r7 2c807a6d95 clarify the initial valud in our rop buffer and the function epilogue that reads them 2026-02-23 12:39:10 +00:00
sfewer-r7 8519bffeff add a Check message for this and change from Safe to Unknown which is more accurate 2026-02-23 11:28:53 +00:00
h00die ece2374532 target user for wsl_startup_folder 2026-02-21 21:04:40 -05:00
Brendan cf497a8d6e Merge pull request #20938 from Chocapikk/fix-beyondtrust-mech-list-fallback 
Fix BeyondTrust PRA/RS exploit failing on older instances
 2026-02-20 17:38:40 -06:00
Diego Ledda c6f7d03d03 Merge pull request #20919 from h00die/emacs 
emacs extension persistence
 2026-02-18 10:58:13 -05:00
Diego Ledda f369cac6d7 Apply suggestion from @jvoisin 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-18 12:24:09 +01:00
sfewer-r7 08efa9cd16 add in the Grandstream modules 2026-02-17 22:33:46 +00:00
jheysel-r7 4adf87ac18 Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061 
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
 2026-02-11 11:12:29 -08:00
jheysel-r7 8f1e16d2a6 Update modules/exploits/linux/telnet/gnu_inetutils_auth_bypass.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-11 08:54:09 -08:00
Brendan d330de16c8 Merge pull request #20932 from sfewer-r7/ivanti-epmm-rce 
Add exploit module for Ivant EPMM/MobileIron (CVE-2026-1281)
 2026-02-10 11:07:39 -06:00
Valentin Lobstein 3f6d228954 Update modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-10 18:06:20 +01:00
Valentin Lobstein defeb14ef4 Update modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-10 18:02:22 +01:00
Valentin Lobstein 47d4cd7601 Update modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-10 18:02:12 +01:00
Valentin Lobstein f41eda1128 Add GHSA and OSV reference type support 
Add support for GHSA (GitHub Security Advisories) and OSV (Open Source
Vulnerabilities) as structured reference types in Metasploit modules.

Convert 49 hardcoded GHSA URLs to structured ['GHSA', 'GHSA-xxxx'] format
across existing modules, and add support for repository-specific GHSA
references with an optional third parameter ['GHSA', 'GHSA-xxxx', 'repo'].

Update reference validation, module validator, and info_fixups to handle
the new reference types correctly.
 2026-02-09 15:17:23 +01:00
Valentin Lobstein 296cb5ff22 Fix BeyondTrust exploit failing on older instances (22.x) 
The /get_mech_list?version=3 endpoint returns HTTP 500 on older
BeyondTrust versions that do not support the JSON API. Add a
fallback to version=2 which returns semicolon-separated key=value
pairs (e.g. "company=sewtest;product=ingredi").

Also remove the "Thank you for using BeyondTrust" check in the
BRDF validation, as PRA instances do not contain this string,
causing the check method to incorrectly report Unknown for PRA
targets.
 2026-02-08 22:57:47 +01:00
sfewer-r7 51d2a18ade remove the extra + operator. add a comment as to why we ljust the value. 2026-02-06 14:52:00 +00:00
sfewer-r7 95da6bd70d use Rex::Stopwatch.elapsed_time to time this operation 2026-02-05 16:17:33 +00:00
sfewer-r7 22e5981a95 add back tick to BadChars 2026-02-05 16:16:57 +00:00
Jack Heysel 85604307fa Update ranking 2026-02-05 06:47:31 -08:00
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
Jack Heysel bd049dcba4 doc update 2026-02-03 18:41:51 -08:00
Jack Heysel a868bc95b2 GNU Inetutils Telnet Auth Bypass 2026-02-03 17:45:59 -08:00
h00die 75ff7b6af1 emacs extension persistence 2026-01-31 22:54:18 -05:00
Arnout Engelen 2f2fea7f6b add CVE reference to Continuum exploit 2026-01-26 12:36:12 +01:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
vognik 9e320dd168 add suggestions from @jheysel-r7 2026-01-19 18:45:01 -08:00
msutovsky-r7 7b092aeedb Land #20806, adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888) 
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
 2026-01-14 15:44:25 +01:00
Martin Sutovsky 2809ff8235 Fix archs 2026-01-13 14:24:04 +01:00
JohannesLks 4678d82c6d fix: architecture specification 2026-01-12 17:03:08 +01:00
h00die 1e98e1b932 update wsl startup folder persistence with attck ref 2026-01-11 07:45:50 -05:00
h00die 19f5970c61 add udev mitre ref 2026-01-09 16:22:24 -05:00
h00die 52ad17690f add arch to windows modules and triggered execution attck to most persistence 2026-01-09 16:21:07 -05:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
jheysel-r7 ae4a5ac986 Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info 
Merge target info into the module info
 2026-01-08 18:01:14 -08:00
JohannesLks 8bd24f4ecf Fix:n- Use Rex::Stopwatch for time-based checkn- Change CheckCode::Appears to CheckCode::Vulnerable - Add cmd/base64 encoder in Payload hash for Unix Command target - Simplify execute_command by removing manual base64 encoding 2026-01-08 12:38:20 -05:00
JohannesLks c859f18557 fix: - Hardcode endpoint path in send_request_cgi - Use idiomatic Ruby single-line conditional - Remove unnecessary return keyword 2026-01-08 15:34:11 +01:00
Xorriath 2030d19438 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:45:03 +02:00
Xorriath 2ef1b9fbae Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:44:51 +02:00
Xorriath a676b05928 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:32 +02:00
Xorriath 236d94ee54 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:17 +02:00
Xorriath b35d74b305 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:01 +02:00
h00die e97c23ca16 wsl startup folder persistence 2025-12-28 11:15:04 -05:00