432bcfc4d3
Mention our corporate sponsors in the banner
2025-07-08 08:37:14 -04:00
a6cdb6deb9
Adds support for MITRE ATT&CK References
2025-06-25 17:24:47 +01:00
65ed80f5b0
Add flag to vuln command to show vuln attempts
2025-06-19 16:06:25 +01:00
5aa91bd57c
Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations
2025-05-24 13:34:32 +10:00
f6faa5598b
Fixes modules to now correctly use a hash with report note
2025-05-22 10:59:50 +01:00
b0f8df0894
Flow the action through to the exploit class
2025-04-29 17:13:02 +10:00
630c2c03bc
Update certs command, pkcs12 matching and specs
...
- use the `status`, certificate's `not_before`/`not_after` and check if the TLS
OID is present to filter pkcs12 before using them with PKInit
- add the `activate`, `deactivate` and `export` capabilities to the
certs command
- add specs
2025-04-02 18:23:14 +02:00
e7535d8fae
Add certs command & use pkinit if kerberos tickets are not available in cache
2025-04-02 18:23:14 +02:00
7f8a762922
Update ms_icpr and creds to reflect the changes in the Pkcs12 data model
...
- a separate field is now used for metadata (`private_metadata`) when
creating a new Pkcs12
- the `creds` command now support adding an encrypted Pkcs12 with a password
2025-04-01 19:12:41 +02:00
865626fbd2
Update Pkcs12-related code to report CA and ADCS Template to the database
...
- Update the `creds` command to add Pkcs12 private credentials with
metadata.
- Update `ms_icpr` module to store metadata.
2025-04-01 19:07:48 +02:00
b43dc8be08
Switch relay modules, add ESC8 check method
2025-03-05 13:44:33 -05:00
5e3953e53e
Add a new mixin for handling multiple targets
2025-03-05 13:44:33 -05:00
f2bcf34d51
Apply the same refactoring to exploits
2025-03-04 17:01:46 -05:00
f2e29a326e
Remove dead code that shouldn't get hit anymore
2025-03-04 13:05:56 -05:00
112b8f5ece
Call #validate before walking the rhosts
2025-03-04 13:05:56 -05:00
8d3d8d8662
Call #validate in run_simple like it is in call_simple
2025-03-04 13:05:56 -05:00
57e3045b57
Fixes crash when searching modules by target
2025-02-28 13:51:22 +00:00
2e9326897f
Land #19887 , Update reload_lib to ignore gemfiles
2025-02-17 14:14:02 +00:00
f16d31b7b1
Update reload_lib to ignore gemfiles
2025-02-17 13:50:41 +00:00
3f85d6d46d
Add osvb search to msfconsole
2025-02-17 10:06:39 +00:00
8e9c144e2c
Consolidate datastore with fallbacks logic
2025-02-09 20:26:52 +00:00
ee4f01f0a4
Ability to reorder DNS entries
2024-12-20 11:02:38 +11:00
6be0182b1f
Fix crash when using modules
2024-11-14 21:19:41 +00:00
0d0631aa2a
Squash to a single line of output
2024-11-13 11:27:17 +00:00
2c009d02f9
place current action display behind feature flag
2024-11-12 15:53:30 +00:00
6018adbbb3
Display current action and number of available actions on module use
2024-11-12 15:53:30 +00:00
617270265d
Only retrieve cached credentials that match the requested OfferedEncryptionTypes
2024-10-11 16:23:26 +11:00
a31261ecf2
Revert "Replace Readline with Reline"
2024-10-02 13:15:12 +01:00
10dee226c6
Replace Readline with Reline
2024-09-04 16:39:41 +01:00
0bba494d1d
Fix edgecase in Meterpreter job persistence
2024-05-16 11:16:55 +01:00
1c8d62abc1
Land #19129 , Add missing '-S' to cmd_notes
2024-04-24 15:57:33 -04:00
99c56c5410
Add missing '-S'
2024-04-24 12:24:01 +03:00
e3625307b3
Land #18914 , Add OpenVAS import improvement
...
This PR adds functionality so that CVE and URL references will be
imported from an OpenVAS XML report by default. DNF-CERT and CERT-BUND
references can also be collected by sending additional flags to the
db_import command
2024-04-22 18:11:33 -07:00
298e03b1cd
Land #18885 , update the sessions command to be consistent
2024-03-20 18:49:33 +00:00
b363f6f87d
Alias blackhole to black-hole in the UI
2024-03-20 10:57:04 -04:00
2b3a723557
Consistently refer to black hole as two words
2024-03-19 20:49:28 -04:00
b3b6f79594
Update the presentation of static entries
...
Keep the first line blank for consistency with rules and sort hostnames
and addresses.
2024-03-19 12:48:13 -04:00
5b1d0100d2
Add spell checking for resolvers
2024-03-19 12:48:07 -04:00
287b07281d
Use Rex Parser to parse options for sessions command
2024-03-15 18:50:19 +05:30
d2c599eaf4
Land #18954 , Ensure modules honor spooler settings
2024-03-13 16:48:30 +00:00
8989b3226f
Update the wording for the DNS feature warning restart message
2024-03-12 20:14:22 +01:00
4292488925
Ensure modules honor spooler settings
2024-03-12 18:01:23 +00:00
a366f6a819
The DNS feature requires a restart, so flag it
...
Also rename DNS_FEATURE to simply DNS because in this context, the
FEATURE suffix is redundant.
2024-03-12 09:58:52 -04:00
7539c3b958
Added arguments to db_import
2024-03-08 00:28:15 -08:00
64831b67f1
Update new session to have a consistent local fs API
2024-03-06 15:52:09 +00:00
0c1bcbf275
Adds support for searching by session types
2024-02-29 15:15:40 +00:00
597807316e
Add -i option to Session mixin's sessions command
2024-02-25 15:32:46 +05:30
9ae9e06017
Land #18879 , update kerberos/inspect_ticket to include PAC credential information
2024-02-23 16:20:57 +00:00
ca562a95d8
Truncate private data at 88 chars
...
Truncating at 87 was the exact length to trim the last byte of an AES256
kerberos key. Furthermore, adding the (TRUNCATED) string to the end
caused the resuting value to be larger than the original trucated value.
2024-02-23 09:46:44 -05:00
d76dd4a7fb
Improve visual indentation logic for tables
2024-02-22 14:43:29 +00:00
Spencer McIntyre