adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity
74,887 Commits 27 Branches 1,043 Tags
566a7f1c36c4c5fe5dd04ac3ed5ad485ce2be692
Commit Graph

74887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
adfoster-r7 566a7f1c36 Update docker Ruby version 2024-09-25 16:30:05 +01:00
cgranleese-r7 9b4c2fea2b Land #19493, Improve documentation for testing the post exploitation API against opened sessions 2024-09-25 10:16:58 +01:00
adfoster-r7 6fcdd570d7 Improve documentation for testing post api and tests 2024-09-24 18:58:18 +01:00
Metasploit f91c95b0a0 automatic module_metadata_base.json update 2024-09-24 11:43:07 -05:00
jheysel-r7 d11c2be4ea Merge pull request #19375 from h4x-x0r/CVE-2024-20419 
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
 2024-09-24 12:19:54 -04:00
adfoster-r7 480a938aaf Land #19184, Update bundler version 2024-09-24 17:02:31 +01:00
Dmitriy Shafranskiy 8060e6b3f9 Merge pull request #19483 from rapid7/SR-139850-snyk-folders-exclusion 
Excluding test folders from snyk scan (test data)
 2024-09-24 12:36:33 +02:00
Metasploit 0ee44151f7 automatic module_metadata_base.json update 2024-09-24 04:29:35 -05:00
adfoster-r7 9ff47b0eb3 Update bundler version 2024-09-24 10:29:20 +01:00
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
jheysel-r7 e0e7c67ff7 Remove jsessionid parsing now that keep_cookies is being used 2024-09-23 18:12:01 -04:00
Jack Heysel f254eeb65e Added error handling 2024-09-23 14:16:26 -07:00
Spencer McIntyre 73bd3fb2cd Merge pull request #19474 from sfewer-r7/bugfix-dns-windows 
Bugfix for DNS resolver on Windows throwing NoMethodError
 2024-09-23 11:44:48 -04:00
Jack Heysel b475f0dccb Land #19448, Improve screensaver management 
Add a number of improvements to modules/post/multi/manage/screensaver.rb
 2024-09-23 08:31:38 -07:00
Stephen Fewer ad98d749ca Instead of only setting a single domain name via self.domain, set self.searchlist which already supports an array of items (thanks Spencer!). 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-23 15:50:24 +01:00
adfoster-r7 feb9ebd9e9 Land #19478, Post::Linux::Kernel.kernel_arch: Add support for RISC-V and LoongArch 2024-09-23 15:44:34 +01:00
bcoles a6ccce8446 Bump rex-arch to 0.1.16 2024-09-23 23:43:37 +10:00
h4x-x0r 322188a112 Refactoring 
Refactored code to remove duplicate requests
 2024-09-23 13:29:46 +01:00
cgranleese-r7 a27d491bf8 Land #19491, Fix a crash in lib/msf/core/payload/php.rb 2024-09-23 10:53:53 +01:00
jvoisin 1647d3a96b Fix a crash in lib/msf/core/payload/php.rb 
As it seems that shuffle is a method
(https://ruby-doc.org/core-2.7.0/Array.html#method-i-shuffle)
and not a function.

As spotted by @Chocapikk in
https://github.com/rapid7/metasploit-framework/pull/19445#pullrequestreview-2320780104
 2024-09-22 21:07:53 +02:00
bcoles 9de029e2fa Post::Linux::Kernel.kernel_arch: Add support for RISC-V and LoongArch 2024-09-21 23:00:52 +10:00
cgranleese-r7 73a6f09d3e Land #19484, Temp removal of mssql acceptance tests 2024-09-20 16:18:25 +01:00
adfoster-r7 e5c1334541 Temp removal of mssql acceptance tests 2024-09-20 16:03:19 +01:00
adfoster-r7 43db34cf54 Land #19413, Add automated acceptance tests for cmd_exec API 2024-09-20 15:23:17 +01:00
cgranleese-r7 cbd763fad5 Drys out some code 2024-09-20 14:54:03 +01:00
adfoster-r7 ab7e02d23f Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline 
Replace Readline with Reline
 2024-09-20 14:23:40 +01:00
Dmitriy Shafranskiy 5f1918cc38 Update .snyk 2024-09-20 13:53:34 +02:00
Dmitriy Shafranskiy 1b7cdc46f1 Excluding test folders from snyk scan (test data) 
```bash
snyk code test

pre:
  469 Code issues found
  35 [High]   298 [Medium]   136 [Low] 
post:
  160 Code issues found
  28 [High]   71 [Medium]   61 [Low] 
```
 2024-09-20 09:35:56 +02:00
cgranleese-r7 2305fc4e9c Land #19476, Bump version of framework to 6.4.28 2024-09-19 19:20:14 +01:00
Spencer McIntyre cd96bcd478 Merge pull request #19462 from jvoisin/auto_compile 
Add an `Auto` option to live_compile
 2024-09-19 12:03:43 -04:00
adfoster-r7 80f050a5f5 Bump version of framework to 6.4.28 2024-09-19 15:52:50 +01:00
cgranleese-r7 5ef3dfd531 Rebase to pull in #19428 changes 2024-09-19 11:13:07 +01:00
cgranleese-r7 8ab3b6c178 Address PR feedback 2024-09-19 11:09:14 +01:00
cgranleese-r7 7acea08c78 Refactors test to reduce code duplication 2024-09-19 11:09:14 +01:00
cgranleese-r7 44efbc21a8 Add automated acceptance tests for cmd_exec 2024-09-19 11:09:14 +01:00
sfewer-r7 9be50f74a8 The first array item will either be nil, or an array of domain names, so we pick the first one to avoid a NoMethodError for a =~ operation on an array object, during a call to the method valid? 2024-09-19 10:40:01 +01:00
jvoisin 38972a7b31 Add an Auto option to live_compile 
Co-authored-by: zeroSteiner
 2024-09-19 01:48:00 +02:00
adfoster-r7 3b33b23aa9 Land #19428, Rename Acceptance::Meterpreter module to Acceptance::Session 2024-09-18 22:49:33 +01:00
Spencer McIntyre 409b1aed45 Land #19461, Modernize NetWkstaUserEnum 
Modernize NetWkstaUserEnum in smb scanner
 2024-09-17 10:14:02 -04:00
Spencer McIntyre 7abfb6c205 Return nil on error to avoid another exception 2024-09-17 09:59:42 -04:00
Metasploit 1a14916e68 automatic module_metadata_base.json update 2024-09-17 07:32:43 -05:00
dledda-r7 0bf524482c Land #19345, Post module Windows LPE CVE-2024-30088 2024-09-17 08:13:21 -04:00
Metasploit f8ada15dea automatic module_metadata_base.json update 2024-09-17 06:15:03 -05:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
NtAlexio2 d4378d6c82 change output format to old style 2024-09-16 18:28:01 -04:00
NtAlexio2 a93e008836 update ruby_smb version 2024-09-16 17:55:58 -04:00
jvoisin 862acbdbae Improve screensaver management 
- Add modern ways to unlock Linux machines remotely
- Use proper `register_options`
- Clarify the actions: lock/unlock, start/stop
- Add more platforms
- Add a couple of checks before running the commands
 2024-09-16 23:41:37 +02:00
Alex Romero 9fac88f709 Update lib/msf/core/exploit/remote/ms_wkst.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-17 00:32:34 +03:30
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
cgranleese-r7 f20dcb27dd Land #19443, Remove an old comment in lib/msf/core/payload/php.rb 2024-09-16 14:59:05 +01:00