adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,584 Commits 27 Branches 1,043 Tags
55152da83acd030976ba8d90ff40e0ca9e3cfac0
Commit Graph

39898 Commits

Author SHA1 Message Date
Spencer McIntyre 402502b262 Merge pull request #21194 from bcoles/enum_protections 
Improve post/linux/gather/enum_protections module
 2026-03-30 17:40:26 -04:00
Spencer McIntyre 217f98b74d Merge pull request #21181 from aryan9190/docs/appletv-display-image 
Add YARD documentation for AppleTV display image module
 2026-03-30 17:18:19 -04:00
adfoster-r7 438b8e0875 Merge pull request #21102 from zeroSteiner/fix/re-add-20989 
Reapply "This adjusts module options that need a routable address"
 2026-03-30 14:50:05 +01:00
bcoles b17a5727b5 Improve post/linux/gather/enum_protections module 
* Add system hardening checks
* Add detection for modern security tools
* Add module documentaiton
 2026-03-29 15:07:56 +11:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
cgranleese-r7 971cb93944 Merge pull request #21097 from g0tmi1k/ftp 
auxiliary/scanner/ftp/anonymous: Add report_service()
 2026-03-27 11:23:35 +00:00
Spencer McIntyre 700d063645 Implement copilot feedback 2026-03-26 14:43:33 -04:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
Aryan Yadav 3da962b6a4 Add YARD documentation for AppleTV display video module 2026-03-26 20:30:40 +05:30
Aryan Yadav 2d69fb98f3 Add YARD documentation for AppleTV display image module 2026-03-26 20:17:21 +05:30
cgranleese-r7 8107adf1a7 Merge pull request #21090 from g0tmi1k/report_service 
Add report_service()
 2026-03-26 14:31:36 +00:00
adfoster-r7 b3f985dd72 Merge pull request #21178 from zeroSteiner/feat/mod/att&ck/1 
Add MITRE ATT&CK tags for two modules
 2026-03-25 23:06:49 +00:00
g0t mi1k 17161c42e2 Make Rubocop happy 2026-03-25 13:39:20 +00:00
msutovsky-r7 0976f88058 Land #20835, adds module unauthenticated command injection Eclipse Che machine-exec (CVE-2025-12548) 
Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548)
 2026-03-25 14:39:01 +01:00
g0t mi1k 89af3ad558 Sync datastore_headers 
Note: This code was suggested by a LLM (Copilot) in the MR
 2026-03-25 13:32:46 +00:00
Spencer McIntyre b32c4a1dd9 Add ATT&CK metadata to auxiliary/admin/ldap/ad_cs_cert_template 2026-03-24 17:43:51 -04:00
Spencer McIntyre 522f42c158 Add ATT&CK metadata to auxiliary/scanner/ntp/timeroast 2026-03-24 17:43:27 -04:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Brendan 7ea60dd7d1 Merge pull request #20478 from futileskills/escpos-injector-module 
Create escpos_tcp_command_injector.rb
 2026-03-24 14:40:27 -05:00
jheysel-r7 81faae13ca Merge pull request #21033 from Alpenlol/barracuda-esg-cve-2023-2868 
Add exploit for CVE-2023-2868 Barracuda ESG command injection
 2026-03-23 13:18:34 -07:00
Curt Hyvarinen f14b640de8 Fix rubocop spacing offenses in Author block 2026-03-23 12:40:48 -07:00
Spencer McIntyre b89fb5aa62 Merge pull request #21049 from h00die/fix_persistence_directory 
better wriable_dir for windows persistence
 2026-03-23 15:40:32 -04:00
Curt Hyvarinen 5d7a154b19 Credit cfielding-r7 as original PoC author 2026-03-23 10:45:41 -07:00
Martin Sutovsky 0c75717e21 Fixes cached_size for payloads 2026-03-23 15:22:00 +01:00
h00die 7631b54c0f better wriable_dir for windows persistence 2026-03-21 12:21:09 -04:00
g0t mi1k 8922255cc9 Add report_service() 2026-03-20 20:06:01 +00:00
Martin Sutovsky 1fafacd3e0 Fixes cached_sizes 2026-03-19 10:23:07 +01:00
Brendan 5b5d1dbfaa Merge pull request #21076 from Chocapikk/avideo-encoder-getimage-cmd-injection 
Add AVideo Encoder getImage.php command injection (CVE-2026-29058)
 2026-03-18 18:46:32 -05:00
Jack Heysel d47a41c732 Fix version check in ldap_esc_vulnerable_cert_finder 2026-03-17 12:03:10 -07:00
adfoster-r7 3768efbacc Improve payload size generation script 2026-03-16 22:06:39 +00:00
msutovsky-r7 b3aa45fb09 Land #20719, adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328) 
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
 2026-03-13 11:00:43 +01:00
adfoster-r7 510ec29a63 Merge pull request #21046 from msutovsky-r7/exploit/beyondtrust/updates_description 
Updates description for BeyondTrust command injection
 2026-03-13 00:23:40 +00:00
Curt Hyvarinen 488cd0f9eb remove test artifact 2026-03-12 13:41:50 -07:00
Curt Hyvarinen a56e0d0259 Remove require rubygems/package, use Rex::Tar::Writer for monkey-patch 2026-03-12 13:24:56 -07:00
Curt Hyvarinen 63561130af Address PR review feedback for CVE-2023-2868 module 2026-03-12 12:59:30 -07:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00
g0t mi1k 6a831a0f58 autoroute.rb: OptAddress NETMASK - Drop CIDR 
Credit: @smcintyre-r7

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-03-12 16:41:25 +00:00
g0t mi1k f7c4aac453 OptAddress -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k 3852276028 OptString -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k b2f1e46c82 OptString -> OptAddress 2026-03-12 16:41:25 +00:00
Valentin Lobstein 16b55848b4 Fix: Remove duplicate Content-Type header from FreePBX requests 
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
 2026-03-11 20:09:52 +01:00
Valentin Lobstein f59024ce90 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:44:53 +01:00
Valentin Lobstein d088ab632d Simplify execute_command to take cookie as direct parameter instead of hash 2026-03-11 19:43:29 +01:00
Valentin Lobstein 67642dd9a0 Refactor authenticate method to raise exceptions instead of returning special values 2026-03-11 19:43:29 +01:00
Valentin Lobstein c42e44e349 Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions 2026-03-11 19:43:29 +01:00
Valentin Lobstein 63c5221f8a Update modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-03-11 19:43:29 +01:00
Valentin Lobstein b039d8a575 Update modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-03-11 19:43:29 +01:00
Valentin Lobstein 36b294800b Simplify version extraction: use match directly and remove redundant regex validation 2026-03-11 19:43:28 +01:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
Christophe De La Fuente 31665e1b88 Land #20730, Allow toggling the SACL in LDAP queries 
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
 2026-03-11 16:36:35 +01:00