adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,584 Commits 27 Branches 1,043 Tags
55152da83acd030976ba8d90ff40e0ca9e3cfac0
Commit Graph

7705 Commits

Author SHA1 Message Date
cgranleese-r7 55152da83a Merge pull request #21186 from Devansh7006/add-wordpress-pingback-doc 
Add documentation for wordpress_pingback_access module
 2026-03-31 11:40:24 +01:00
Devansh7006 b9666f5f0e Improve formatting and clarity of WordPress pingback module 
Reformatted the verification steps and options for clarity. Removed redundant lines and added example usage.
 2026-03-31 12:40:19 +05:30
bcoles b17a5727b5 Improve post/linux/gather/enum_protections module 
* Add system hardening checks
* Add detection for modern security tools
* Add module documentaiton
 2026-03-29 15:07:56 +11:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
Devansh7006 bccbf35950 Enhance documentation for WordPress pingback module 
Updated verification steps and added example run for clarity.
 2026-03-27 17:07:24 +05:30
Devansh7006 63ad9b06bf Refactor WordPress Pingback Access documentation 
Removed redundant sections and improved formatting for clarity.
 2026-03-27 16:39:37 +05:30
cgranleese-r7 ab4f24db5d Merge pull request #21149 from Adithyadspawar/add-auxiliary-scanner-docs 
Add documentation for auxiliary scanner modules
 2026-03-27 11:02:43 +00:00
Devansh7006 93fb3b464b Add WordPress Pingback Access Scanner documentation 
This document outlines the WordPress Pingback Access Scanner module, its verification steps, options, and scenarios for use in security assessments.
 2026-03-27 15:04:49 +05:30
msutovsky-r7 0976f88058 Land #20835, adds module unauthenticated command injection Eclipse Che machine-exec (CVE-2025-12548) 
Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548)
 2026-03-25 14:39:01 +01:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Brendan 7ea60dd7d1 Merge pull request #20478 from futileskills/escpos-injector-module 
Create escpos_tcp_command_injector.rb
 2026-03-24 14:40:27 -05:00
jheysel-r7 81faae13ca Merge pull request #21033 from Alpenlol/barracuda-esg-cve-2023-2868 
Add exploit for CVE-2023-2868 Barracuda ESG command injection
 2026-03-23 13:18:34 -07:00
Adithyadspawar 6326f14768 Add documentation for 5 auxiliary scanner modules 2026-03-19 22:59:00 +05:30
Adithyadspawar 20c265dc32 Add documentation for 5 auxiliary scanner modules 
Add module documentation for:
- auxiliary/scanner/http/apache_activemq_traversal
- auxiliary/scanner/http/drupal_views_user_enum
- auxiliary/scanner/http/coldfusion_version
- auxiliary/scanner/http/elasticsearch_traversal
- auxiliary/scanner/ftp/bison_ftp_traversal

Fixes #12389
 2026-03-19 20:19:26 +05:30
Brendan 5b5d1dbfaa Merge pull request #21076 from Chocapikk/avideo-encoder-getimage-cmd-injection 
Add AVideo Encoder getImage.php command injection (CVE-2026-29058)
 2026-03-18 18:46:32 -05:00
Valentin Lobstein 8ad5924bf1 Fix: Use parent of fix commit (78178d1~1) for vulnerable Encoder checkout 2026-03-13 22:59:51 +01:00
Valentin Lobstein 8d44dcd1fb Fix: Lab setup documentation for first-time environments 
- Fix DB permissions (bind mount creates files as www-data instead of mysql)
- Force table creation (cli.php skips it when configuration.php already exists)
- Revert entire Encoder working tree, not just getImage.php (78178d1 patched multiple files)
- Run git checkout from inside the container to avoid safe.directory issues
 2026-03-13 22:55:23 +01:00
adfoster-r7 fed897ae72 Merge pull request #21074 from jeanmtr/pop3_login-doc 
Docs for pop3_login
 2026-03-13 11:28:24 +00:00
Curt Hyvarinen 63561130af Address PR review feedback for CVE-2023-2868 module 2026-03-12 12:59:30 -07:00
Valentin Lobstein 5150a4b68b Docs: Clarify that .compose/encoder is a clone of AVideo-Encoder repo 
The commit c9861e9c exists in WWBN/AVideo-Encoder (not WWBN/AVideo).
Add a note explaining that .compose/encoder is a git clone created by
the container entrypoint, with a link to the correct repository.
 2026-03-11 22:05:23 +01:00
Valentin Lobstein 38e74740f3 Fix: Use correct commit hash for vulnerable getImage.php in lab setup 
The previous commit (e0c2768) did not touch getImage.php. Use c9861e9c
which is the last commit before the security patch (78178d1) that
modifies the file.
 2026-03-11 21:23:27 +01:00
Valentin Lobstein 6467b7261d Fix: Auto-provision admin user and fix filestore version downgrade in lab 2026-03-11 19:45:14 +01:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
Christophe De La Fuente 31665e1b88 Land #20730, Allow toggling the SACL in LDAP queries 
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
 2026-03-11 16:36:35 +01:00
FutileSkills 1f8dd57f79 Update CVE reference for ESC/POS command injector 2026-03-10 14:25:08 -05:00
Diego Ledda 1af0a49729 Merge pull request #21002 from Chocapikk/add-module-leakix-search 
Add LeakIX search module with 6 actions and bulk streaming
 2026-03-09 10:34:43 -04:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
jeanmtr e369660d18 Update pop3_login.md 
Another md issue
 2026-03-06 22:53:11 +01:00
jeanmtr 81431ea680 Update pop3_login.md 
markdown issue
 2026-03-06 22:51:26 +01:00
jeanmtr d2812ae9fc add documentation for the pop3_login.md module 2026-03-06 22:40:57 +01:00
Valentin Lobstein dfe73bb4c5 Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058) 
Unauthenticated OS command injection via the base64Url parameter in
getImage.php. The URL is interpolated into an ffmpeg shell command
without escapeshellarg(), and FILTER_VALIDATE_URL does not block
shell metacharacters in the URL path.
 2026-03-06 21:30:12 +01:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
Curt Hyvarinen 782c1d5455 Add exploit for CVE-2023-2868 Barracuda ESG command injection 2026-02-27 23:29:56 -08:00
Valentin Lobstein 76d103e483 Fix: Bootstrap cycle tables and update lab documentation 
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
 2026-02-27 14:33:04 +01:00
Valentin Lobstein 402ed5d50b Docs: Clarify 41086aaa is a pinned vulnerable commit on alpha branch 2026-02-26 17:18:22 +01:00
msutovsky-r7 45c058d6f1 Land #21005, adds gnu inetutils auth bypass module against a Synology NAS to documentation 
add dsm target exploitation to gnu telnetd docs
 2026-02-25 16:49:30 +01:00
msutovsky-r7 fae76b2961 Land #20978, adds module BeyondTrust unauth command injection (CVE-2026-1731) 
Add CVE-2026-1731 support and modernize targets for BeyondTrust PRA/R…
 2026-02-25 14:18:59 +01:00
msutovsky-r7 7dcc036b6d Land #21006, adds module for Ollama path traversal RCE (CVE-2024-37032) 
Add Ollama path traversal RCE module (CVE-2024-37032)
 2026-02-25 13:06:09 +01:00
msutovsky-r7 002daf8d7d Merge branch 'beyondtrust-rce-2026' into collab/exploit/beyondtrust/cve-2026-1731 2026-02-25 12:53:37 +01:00
msutovsky-r7 12e21e4c66 Fixes documentation 2026-02-24 12:23:26 -05:00
Valentin Lobstein 5aeff61b26 Fix: Address PR review feedback for Ollama RCE module 
Co-Authored-By: msutovsky-r7 <190406428+msutovsky-r7@users.noreply.github.com>
 2026-02-24 17:51:23 +01:00
msutovsky-r7 51af9d0ff1 Adds documentation 2026-02-24 10:25:49 -05:00
Brendan 1ddee63f05 Merge pull request #20983 from sfewer-r7/0day-grandstream 
Add exploit (CVE-2026-2329) and auxiliary modules for the Grandstream GXP1600 series
 2026-02-24 08:50:42 -06:00
msutovsky-r7 62a466cbed Land #20819, adds WSL startup folder persistence module 
wsl startup folder persistence
 2026-02-24 07:59:11 +01:00
Valentin Lobstein bef9b7ad3b Feat: Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516) 2026-02-23 19:31:22 +01:00
h00die ece2374532 target user for wsl_startup_folder 2026-02-21 21:04:40 -05:00
Valentin Lobstein b17d227d28 Feat: Add Ollama path traversal RCE module (CVE-2024-37032) 2026-02-21 16:52:43 +01:00
h00die a24f53f2b6 add dsm exploitation to telnetd docs 2026-02-21 10:27:47 -05:00