adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

12174 Commits

Author SHA1 Message Date
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
jheysel-r7 00c8c773a3 Merge pull request #20375 from Chocapikk/wp_photo_gallery_sqli 
WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169)
 2025-07-18 16:37:14 -07:00
Chocapikk 7431958e5c Update url reference 2025-07-16 22:59:48 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk efa49d2aa2 refactor(wp_photo_gallery): drop unused action + guard against LocalJumpError in SQLi helper 2025-07-16 22:04:13 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Valentin Lobstein 136cc0ab3d Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:44 +02:00
Valentin Lobstein 131ce6cb3f Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:31 +02:00
Jack Heysel e328a8f8c4 Fix update action in ad_cs_cert_template 2025-07-15 17:20:36 -07:00
jheysel-r7 914f874e12 Merge pull request #20216 from sjanusz-r7/add-graphql-aux-scanner-module 
Add GraphQL Auxiliary Scanner module
 2025-07-15 10:39:44 -07:00
Chocapikk 9d56001643 fix 2025-07-10 16:20:53 +02:00
Valentin Lobstein cf0596a8e9 Update modules/auxiliary/gather/wp_photo_gallery_sqli.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-07-10 16:19:13 +02:00
Valentin Lobstein 69f8679ac2 Update modules/auxiliary/gather/wp_photo_gallery_sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-10 16:18:27 +02:00
Chocapikk 622072bba4 WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169) 2025-07-10 13:22:19 +02:00
Brendan 36675ccd9a Merge pull request #20349 from sfewer-r7/0day-cve-2024-51978 
Add auxiliary module for multiple Brother devices authentication bypass (CVE-2024-51978)
 2025-07-09 13:07:25 -05:00
sfewer-r7 df24090fc0 fix typo in message 2025-07-09 14:59:54 +01:00
sfewer-r7 ab913b0416 make this error message not that no password may be present on the device 2025-07-09 14:58:59 +01:00
sfewer-r7 34952d73f6 display the AuthCookie if one is received 2025-07-09 10:15:30 +01:00
jheysel-r7 79d67dd1f0 Merge pull request #20345 from zeroSteiner/feat/lib/ldap-adds/1 
Add an Active Directory LDAP Mixin
 2025-07-08 14:37:23 -07:00
Spencer McIntyre 2ab90df4b2 Check for full permissions on certs too 2025-07-08 15:46:43 -04:00
Spencer McIntyre 8b8b350950 Use the new function instead of the old 2025-07-08 15:01:54 -04:00
Spencer McIntyre 7cacc4cd45 Update the ad_cs_cert_template module too 2025-07-08 15:01:54 -04:00
Spencer McIntyre c2a06e341d Expand on the matcher logic 2025-07-08 15:01:46 -04:00
Stephen Fewer 56354849f0 favor AUTO over ANY for this enum usage 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-07-01 15:05:09 +01:00
Stephen Fewer 14512d7d17 favor AUTO over ANY for this enum 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-07-01 15:04:57 +01:00
Chocapikk 8373634932 Add defanged mode, fix metadata, add error handling for zip files 2025-06-30 17:38:13 +02:00
Valentin Lobstein d0aaf70bbb Update modules/auxiliary/scanner/http/xorcom_completepbx_file_disclosure.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-06-30 17:13:33 +02:00
Valentin Lobstein fd5894d64a Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-06-30 17:13:26 +02:00
sjanusz-r7 41b83b7170 Fix Bleichenbacher Oracle module on hosts with Python 2 2025-06-30 13:02:40 +01:00
Stephen Fewer 18b00cebbb Use a more permissive regex to pull out the logbox name value 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-26 16:39:36 +01:00
sfewer-r7 6bdebf6ee3 add the salt_table_index value in the failure message 2025-06-26 16:35:21 +01:00
Stephen Fewer 84dda69ee0 this status message should explicitly say it has generated the *default* password 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-26 16:34:04 +01:00
Stephen Fewer a7b26ac74d fail with a message that includes the unexpected length value 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-26 16:32:08 +01:00
Stephen Fewer f66389bbbf include the password in the verbose status message 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-26 16:31:31 +01:00
sfewer-r7 c6ffcdb2f8 This resolves the 'Proto is not included in the list' error during create_credential 2025-06-26 16:11:38 +01:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
Spencer McIntyre cf48211910 Update the RBCD module to use the new mixin 2025-06-24 11:27:52 -04:00
Spencer McIntyre cf53956128 Add a method to get domain info 2025-06-24 11:27:52 -04:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
sfewer-r7 14191f6166 use Base64.strict_encode64 2025-06-24 10:16:49 +01:00
sfewer-r7 edea803c75 add in references 2025-06-24 10:14:59 +01:00
Chocapikk 17b67dfbca Add warning message before execution 2025-06-24 10:10:58 +02:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
Chocapikk 2a008c83d1 Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005, 30006) 2025-06-22 09:07:20 +02:00
sfewer-r7 83a03efa3b aux module for CVE-2024-51978 2025-06-20 16:41:39 +01:00