adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,518 Commits 27 Branches 1,043 Tags
5ee1a15b7d9f89c031f0791c56ebb8dcda71bdad
Commit Graph

4530 Commits

Author SHA1 Message Date
Martin Sutovsky b4f4078956 Updates documentation 2026-01-15 15:20:42 +01:00
Martin Sutovsky 744b366c58 Msftidy documentation 2026-01-15 15:20:41 +01:00
Martin Sutovsky 8e8c61b9c1 Fixes typo in documentation 2026-01-15 15:20:41 +01:00
Martin Sutovsky 7bbf49112f Updates documentation 2026-01-15 15:20:39 +01:00
Martin Sutovsky de856db75a Adds check methods, docs init 2026-01-15 15:20:38 +01:00
jheysel-r7 bb473b6019 Merge pull request #20797 from h00die/remove_persistence_exe 
persistence modules cleanup
 2026-01-14 14:43:33 -08:00
h00die f4a195b88a persistence modules cleanup 2026-01-14 13:49:29 -05:00
msutovsky-r7 7b092aeedb Land #20806, adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888) 
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
 2026-01-14 15:44:25 +01:00
Diego Ledda e4f8d4fb13 Merge pull request #20706 from h00die/windows_wmi_persistence 
Update windows wmi to persistence mixin
 2026-01-14 09:37:20 -05:00
msutovsky-r7 eae97b314a Land #20810, adds module for authenticated RCE in n8n (CVE-2025-68613) 
Adds module for n8n workflow expression RCE (CVE-2025-68613)
 2026-01-13 16:51:06 +01:00
Brendan 10d12570c0 Merge pull request #20791 from Chocapikk/webcheck 
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
 2026-01-12 17:14:04 -06:00
h00die 6491f74d9d wmi persistence improvements 2026-01-11 07:25:13 -05:00
JohannesLks d45e91b130 typo 2026-01-09 10:48:30 -05:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
jheysel-r7 b9be6ac259 Merge pull request #20785 from Chocapikk/react2shell-clean 
Update react2shell module: Add Waku framework support
 2026-01-08 17:58:48 -08:00
jheysel-r7 bb98e855e1 Merge pull request #20751 from h00die/sticky_keys 
update windows sticky keys to persistence mixin
 2026-01-08 16:44:04 -08:00
msutovsky-r7 c289ff44b9 Land #20811, adds module for Prison Management System 1.0 RCE (CVE-2024-48594) 
Add Prison Management System 1.0 auth RCE (CVE-2024-48594)
 2026-01-08 12:33:00 +01:00
msutovsky-r7 b39e781500 Land #20700, adds module for Taiga.io RCE (CVE-2025-62368) 
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
 2026-01-07 11:53:32 +01:00
jheysel-r7 0d21fd4cc9 Merge pull request #20692 from msutovsky-r7/persistence/multi/python-site-specific-config-hook 
Adds module for python site-specific hook persistence
 2026-01-06 16:19:31 -08:00
h00die 428f31fdd3 review for wmi persistence 2026-01-06 16:36:05 -05:00
h00die bfec7c378b Update documentation/modules/exploit/windows/persistence/accessibility_features_debugger.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-06 14:00:39 -05:00
kali be9b2c9491 Add documentation for prison_management_rce 2026-01-06 12:33:49 +02:00
h00die 2f4db3bd5f review for wmi persistence 2026-01-05 17:06:17 -05:00
JohannesLks 2cadcfe6ab add CVE-2025-68613 2025-12-25 11:21:28 -05:00
JohannesLks 455275d087 add module for CVE-2025-67888 2025-12-23 19:21:34 -05:00
h00die 3ea866c41d udev persistence 2025-12-21 07:50:48 -05:00
Brendan 3015c9f962 Merge pull request #20792 from sfewer-r7/hpe_oneview_rce 
Add unauth RCE exploit module for HPE OneView (CVE-2025-37164)
 2025-12-19 17:41:51 -06:00
Brendan b12ebc95c0 Merge pull request #20754 from h00die/assist_tech 
assistive technology persistence
 2025-12-19 16:33:21 -06:00
sfewer-r7 d40a35acdb the version logic changes, update the docs 2025-12-19 15:48:07 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
Valentin Lobstein 080f74f862 Update Web-Check documentation with docker-compose.yml setup instructions 2025-12-18 19:19:17 +01:00
Valentin Lobstein 5178cdee42 Update Web-Check documentation with git clone command 2025-12-18 18:56:18 +01:00
Valentin Lobstein 13f102eb5b Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778) 2025-12-18 18:51:12 +01:00
Valentin Lobstein 3b407575fa Update react2shell module: Add Waku framework support 2025-12-17 23:07:01 +01:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Martin Sutovsky 6a626a855b Addresses some comments 2025-12-10 17:01:27 +01:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
Valentin Lobstein e9467cd1e3 Clarify file-based session storage requirements and exploit limitations 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2025-12-09 19:26:30 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
Brendan caa672231b Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support 
Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x
 2025-12-08 17:43:49 -06:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
h00die 54d47e72ab sticky keys description update 2025-12-07 07:40:54 -05:00
h00die bd48eda8b2 rename sticky keys module 2025-12-07 07:38:41 -05:00
h00die 42b6a307ac markdown 2025-12-06 19:58:36 -05:00