adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

2875 Commits

Author SHA1 Message Date
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Chocapikk 7431958e5c Update url reference 2025-07-16 22:59:48 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Valentin Lobstein daf6cb3c84 Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:23 +02:00
Valentin Lobstein 65b7415bcc Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:15 +02:00
Valentin Lobstein 82d558bf2a Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:04 +02:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
Martin Sutovsky 7d881567f2 Refactors code 2025-07-07 11:54:28 +02:00
Martin Sutovsky 195b874190 Addressing comments 2025-07-04 08:54:30 +02:00
happybear-21 1700b2eaaa fixed: rubocop issues, changes resolved 2025-07-03 21:25:19 +05:30
happybear-21 03e943726a resolved: changes updated methods 2025-07-01 21:33:41 +05:30
happybear-21 20134b5ced resolved: changes 2025-07-01 15:37:10 +05:30
Chocapikk 8373634932 Add defanged mode, fix metadata, add error handling for zip files 2025-06-30 17:38:13 +02:00
happybear-21 47f2ba2861 removed: unused imports, and functions, removed: falsey statements, resolved: changes 2025-06-30 20:34:17 +05:30
happybear-21 ff15b581ed resolved: issues 2025-06-29 12:34:38 +05:30
Martin Sutovsky af4cd2ab6a Addresses comments, fixes check method 2025-06-28 17:05:52 +02:00
happybear-21 e77abd9bbc added: automatic admin_allow_langedit permission checking and enabling capability 2025-06-28 16:20:49 +05:30
happybear-21 93a8334699 fixed: build issue 2025-06-27 20:16:07 +05:30
happybear-21 840ae0f317 resolved: issues 2025-06-27 19:42:35 +05:30
Diego Ledda a7b038b822 Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce 
Adds module for Skyvern SSTI (CVE-2025-49619)
 2025-06-27 14:14:40 +02:00
Martin Sutovsky ee890a83ca Adds BadChars 2025-06-27 11:03:08 +02:00
Martin Sutovsky 37e8780a6b Code refactor, docs 2025-06-27 10:26:31 +02:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
happybear-21 016f4ea142 resolved: issues 2025-06-26 10:26:05 +05:30
happybear-21 d787444137 Add exploit module for ISPConfig language_edit.php PHP Code Injection (CVE-2023-46818) 
- Adds modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
- Adds documentation for the module in documentation/modules/exploit/linux/http/ispconfig_lang_edit_php_code_injection.md
- Module targets ISPConfig < 3.2.11p1 with admin_allow_langedit enabled
- References and implementation based on PoC and advisories at https://github.com/SyFi/CVE-2023-46818
 2025-06-25 22:27:52 +05:30
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
Martin Sutovsky 0a39f6670a Fixing payload execution 2025-06-25 12:44:37 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
Martin Sutovsky ca142599e8 Module init 2025-06-23 10:27:27 +02:00
adfoster-r7 b8c375d087 Merge pull request #20337 from bcoles/exploit-linux-http-opentsdb_key_cmd_injection 
opentsdb_key_cmd_injection: Set Arch to ARCH_CMD
 2025-06-22 14:51:04 +01:00
Chocapikk 2a008c83d1 Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005, 30006) 2025-06-22 09:07:20 +02:00
bcoles cede07596f opentsdb_key_cmd_injection: Set Arch to ARCH_CMD 2025-06-22 12:39:04 +10:00
Ahmed Ezzat 0307bab692 Update opennms_horizon_authenticated_rce.rb 
Fix Arch
 2025-06-21 20:37:33 +03:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
Martin Sutovsky 776379876d Fixing check method 2025-06-16 16:00:14 +02:00
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
Martin Sutovsky 828b6aadfb Adds module for PandoraFMS Netflow RCE 2025-05-20 13:43:54 +02:00
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
Christophe De La Fuente 3d121839c8 Fix from code review #2 2025-05-13 17:17:41 +02:00
Christophe De La Fuente 4aea95f93c Fix from code review 2025-05-13 12:54:31 +02:00
Christophe De La Fuente d83e6072ef Add the module and documentation for Ivanti RCE CVE-2025-22457 2025-04-30 22:02:16 +02:00
Chocapikk 73f0963d81 Lint ^^ 2025-04-30 16:16:30 +02:00