adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,584 Commits 27 Branches 1,043 Tags
55152da83acd030976ba8d90ff40e0ca9e3cfac0
Commit Graph

20704 Commits

Author SHA1 Message Date
adfoster-r7 438b8e0875 Merge pull request #21102 from zeroSteiner/fix/re-add-20989 
Reapply "This adjusts module options that need a routable address"
 2026-03-30 14:50:05 +01:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
cgranleese-r7 971cb93944 Merge pull request #21097 from g0tmi1k/ftp 
auxiliary/scanner/ftp/anonymous: Add report_service()
 2026-03-27 11:23:35 +00:00
Spencer McIntyre 700d063645 Implement copilot feedback 2026-03-26 14:43:33 -04:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
cgranleese-r7 8107adf1a7 Merge pull request #21090 from g0tmi1k/report_service 
Add report_service()
 2026-03-26 14:31:36 +00:00
g0t mi1k 17161c42e2 Make Rubocop happy 2026-03-25 13:39:20 +00:00
msutovsky-r7 0976f88058 Land #20835, adds module unauthenticated command injection Eclipse Che machine-exec (CVE-2025-12548) 
Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548)
 2026-03-25 14:39:01 +01:00
g0t mi1k 89af3ad558 Sync datastore_headers 
Note: This code was suggested by a LLM (Copilot) in the MR
 2026-03-25 13:32:46 +00:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
jheysel-r7 81faae13ca Merge pull request #21033 from Alpenlol/barracuda-esg-cve-2023-2868 
Add exploit for CVE-2023-2868 Barracuda ESG command injection
 2026-03-23 13:18:34 -07:00
Curt Hyvarinen f14b640de8 Fix rubocop spacing offenses in Author block 2026-03-23 12:40:48 -07:00
Spencer McIntyre b89fb5aa62 Merge pull request #21049 from h00die/fix_persistence_directory 
better wriable_dir for windows persistence
 2026-03-23 15:40:32 -04:00
Curt Hyvarinen 5d7a154b19 Credit cfielding-r7 as original PoC author 2026-03-23 10:45:41 -07:00
h00die 7631b54c0f better wriable_dir for windows persistence 2026-03-21 12:21:09 -04:00
g0t mi1k 8922255cc9 Add report_service() 2026-03-20 20:06:01 +00:00
Brendan 5b5d1dbfaa Merge pull request #21076 from Chocapikk/avideo-encoder-getimage-cmd-injection 
Add AVideo Encoder getImage.php command injection (CVE-2026-29058)
 2026-03-18 18:46:32 -05:00
msutovsky-r7 b3aa45fb09 Land #20719, adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328) 
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
 2026-03-13 11:00:43 +01:00
adfoster-r7 510ec29a63 Merge pull request #21046 from msutovsky-r7/exploit/beyondtrust/updates_description 
Updates description for BeyondTrust command injection
 2026-03-13 00:23:40 +00:00
Curt Hyvarinen 488cd0f9eb remove test artifact 2026-03-12 13:41:50 -07:00
Curt Hyvarinen a56e0d0259 Remove require rubygems/package, use Rex::Tar::Writer for monkey-patch 2026-03-12 13:24:56 -07:00
Curt Hyvarinen 63561130af Address PR review feedback for CVE-2023-2868 module 2026-03-12 12:59:30 -07:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00
g0t mi1k f7c4aac453 OptAddress -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k 3852276028 OptString -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k b2f1e46c82 OptString -> OptAddress 2026-03-12 16:41:25 +00:00
Valentin Lobstein 16b55848b4 Fix: Remove duplicate Content-Type header from FreePBX requests 
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
 2026-03-11 20:09:52 +01:00
Valentin Lobstein f59024ce90 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:44:53 +01:00
Valentin Lobstein d088ab632d Simplify execute_command to take cookie as direct parameter instead of hash 2026-03-11 19:43:29 +01:00
Valentin Lobstein 67642dd9a0 Refactor authenticate method to raise exceptions instead of returning special values 2026-03-11 19:43:29 +01:00
Valentin Lobstein c42e44e349 Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions 2026-03-11 19:43:29 +01:00
Valentin Lobstein 63c5221f8a Update modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-03-11 19:43:29 +01:00
Valentin Lobstein b039d8a575 Update modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-03-11 19:43:29 +01:00
Valentin Lobstein 36b294800b Simplify version extraction: use match directly and remove redundant regex validation 2026-03-11 19:43:28 +01:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
g0t mi1k 51451cd58d *FTPD naming consistency 2026-03-11 14:19:23 +00:00
gregd 1f55aa724a Apply reviewer feedback: CheckCode::Appears, ARTIFACTS_ON_DISK, simplify connect 
- Use CheckCode::Appears instead of CheckCode::Vulnerable per convention
  - Add ARTIFACTS_ON_DISK to SideEffects for dropper target
  - Simplify connect call by removing unnecessary uri argument
 2026-03-10 13:07:03 +00:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Valentin Lobstein dfe73bb4c5 Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058) 
Unauthenticated OS command injection via the base64Url parameter in
getImage.php. The URL is interpolated into an ffmpeg shell command
without escapeshellarg(), and FILTER_VALIDATE_URL does not block
shell metacharacters in the URL path.
 2026-03-06 21:30:12 +01:00
Diego Ledda 1ec87b586a Merge pull request #20989 from zeroSteiner/feat/lib/mod-address-opts 
This adjusts module options that need a routable address
 2026-03-05 11:46:52 -05:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Valentin Lobstein 4534a8a07e Fix: Address msutovsky-r7 PR review feedback 
- Add IOC_IN_LOGS to SideEffects (POST payload may appear in app logs)
- Pass page parameter via vars_get instead of embedding in URI string
- Apply vars_get consistently in crawl seed request
 2026-03-05 14:07:22 +01:00
Valentin Lobstein bf41455bca Fix: Address review feedback - remove dead execute_command, fix dropper race condition 2026-03-05 14:01:12 +01:00
h00die 28c8cf7a14 better wriable_dir for windows persistence 2026-03-03 20:29:51 -05:00
Martin Sutovsky 9c7264b48f Updates description 2026-03-03 15:42:15 +01:00
Spencer McIntyre 36ba1608af Remove more unnecessary my_host definitions 2026-03-03 09:37:27 -05:00
Spencer McIntyre ea915acba3 Appease rubocop 2026-03-03 09:37:27 -05:00
Spencer McIntyre 1b39311784 Remove redundant definitions of SRVHOST 2026-03-03 09:37:27 -05:00