adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,219 Commits 27 Branches 1,043 Tags
5ad5384b7fc5ac403ea8dfdb4921f032e349de13
Commit Graph

38592 Commits

Author SHA1 Message Date
adfoster-r7 0557d63127 Add database ref opts for kerberos and pkcs12 2025-08-18 15:56:47 +01:00
Diego Ledda be3d77715e Merge pull request #20382 from Chocapikk/depicter-fix 
Fix `auxiliary/gather/wp_depicter_sqli_cve_2025_2011`
 2025-08-18 12:08:45 +02:00
Spencer McIntyre 170fbcb2bd Add two more report filters 2025-08-15 15:34:13 -04:00
Spencer McIntyre 1c41c734f0 Fix a missing ESC16 check 2025-08-15 15:11:52 -04:00
Spencer McIntyre 25c72d4858 Handle some edge cases in report filtering 2025-08-15 14:49:48 -04:00
Spencer McIntyre f3719b884a Document the new report filtering option 2025-08-15 11:57:30 -04:00
Spencer McIntyre c8f72a83c0 Refactor to remove redundant code 2025-08-15 11:57:30 -04:00
Spencer McIntyre 2338ad7c84 Implement the desired filtering 2025-08-15 11:57:30 -04:00
Spencer McIntyre fa33c84612 Evaluate permissions for templates and CAs 2025-08-15 11:57:30 -04:00
Diego Ledda eb003f704d Merge pull request #20386 from xHector1337/payload/windows/x64/download_exec 
Port payload/windows/download_exec to x64
 2025-08-13 11:58:22 +02:00
jheysel-r7 8251d89e92 Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce 
Adds module for PivotX RCE (CVE-2025-52367)
 2025-08-12 12:28:28 -07:00
Jack Heysel 0273f1474f Added incorrect creds check 2025-08-12 10:42:46 -07:00
jheysel-r7 e59a24823b Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce 
Wazuh Server authenticated RCE [CVE-2025-24016]
 2025-08-12 09:22:22 -07:00
Diego Ledda 3122426ebe Update modules/payloads/singles/windows/x64/download_exec.rb 
update cache size
 2025-08-12 11:39:44 +02:00
Diego Ledda b6d9172d5b chore(rubocop): remove extra white-space 2025-08-12 11:05:21 +02:00
adfoster-r7 a1630c0b81 Improve login summary for ldap schannel scanner 2025-08-11 16:47:02 +01:00
adfoster-r7 2734daec0f Merge pull request #20459 from adfoster-r7/consolidate-pkcs12-cert-file-reads 
Consolidate pkcs12 cert file reads
 2025-08-11 15:53:38 +01:00
adfoster-r7 ced20bf15a Consolidate pkcs12 cert file reads 2025-08-11 14:28:47 +01:00
Umut af0fe9e5cc run rubocop -A 2025-08-11 14:22:28 +03:00
msutovsky-r7 e8b441a5d3 Land #20012, MeterpreterOptions break-up and default extension loading removal 
MeterpreterOptions break-up and default extension loading removal
 2025-08-07 15:28:56 +02:00
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Brendan b6dc0860e7 Merge pull request #20409 from sfewer-r7/sharepoint-hax 
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
 2025-08-06 14:24:28 -05:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
h00die-gr3y 70f2cbe055 simplified cleaning procedure 2025-08-06 08:22:06 +00:00
msutovsky-r7 8914520139 Land #20418, adds auto selection feature for password crackers 
Adds auto selection of cracker for password crackers
 2025-08-05 15:39:50 +02:00
msutovsky-r7 c99702c8bf Land #20446, adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611) 
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
 2025-08-05 09:29:36 +02:00
Chocapikk a81884fb9e Update metadata 2025-08-04 17:53:29 +02:00
Chocapikk 2c9053c45e Refactor fingerprint detection, cookie handling and per-cookie injection 
- Centralize JS fingerprint checks in `check`
- Memoize `get_valid_cookies` correctly and reuse a single `cookie_jar`
- Update `inject_command` to test payload on each cookie separately
 2025-08-04 17:49:34 +02:00
Valentin Lobstein 26099da7a2 Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:03:04 +02:00
Valentin Lobstein 46b3012cda Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:47 +02:00
Valentin Lobstein a6d86fbe59 Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:35 +02:00
dledda-r7 6d60db195b feat: bump metasploit_payloads-mettle gem to 1.0.45 2025-08-04 10:14:38 -04:00
msutovsky-r7 5fd6184494 Land #20423, adds malicious XDG Desktop fileformat module 
Add Malicious XDG Desktop File module
 2025-08-04 11:44:02 +02:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
Diego Ledda da7ee9d9f8 Update modules/payloads/stages/php/meterpreter.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 11:19:57 +02:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
Hakil 3e47e4a08b Fixed "]}" -> "}]" 2025-08-02 14:18:28 +02:00
Desiree05 8d3a35f332 Fixing issue #20436 
The module did not initialize the variable uri
 2025-08-01 10:48:54 +01:00
Martin Sutovsky c9e0c7171b Adds cleanup method 2025-08-01 10:01:50 +02:00
Martin Sutovsky 2328b40df7 Unifies parenthesis in fail_with calling, whitespaces fixes, changing CheckCode::Unknown to CheckCode::Detected 2025-08-01 09:34:47 +02:00
dwelch-r7 540e8b91d0 Merge pull request #20433 from msutovsky-r7/module/fix/disclosure_date 
Fixes disclosure date in exploit/linux/http/pandora_fms_auth_netflow_rce.rb
 2025-07-31 12:01:01 +01:00
Martin Sutovsky d2175c372f Fixes disclosure date 2025-07-31 12:58:28 +02:00
msutovsky-r7 333b5278ac Land #20428, fixes available payload space in exploits/windows/misc/achat_bof 
Fix achat_bof by increasing the available payload space
 2025-07-31 07:42:32 +02:00
Jack Heysel ff724d0b5c Deregister SMBUser 2025-07-30 15:28:56 -07:00
Jack Heysel e88883c82b ESC9, ESC10 ESC16 exploit support 2025-07-30 15:08:14 -07:00
h00die-gr3y 3d0cfd0dfc update module + documentation based on review comments 2025-07-30 20:24:56 +00:00
Spencer McIntyre 3fb2477fbf Increase payload space 2025-07-30 16:13:19 -04:00
Jack Heysel 13df676863 Update validate method fix failed test 2025-07-30 12:13:33 -07:00
Jack Heysel 8179de6cea ESC9 ESC10 and ESC16 detection 2025-07-30 11:46:57 -07:00
Hakil 1161954677 correcting a double assignment: tbl = tbl = cracker_results_table 2025-07-30 14:11:06 +02:00