adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

4967 Commits

Author SHA1 Message Date
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Valentin Lobstein 6edbfb32ec Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:42:01 +02:00
Valentin Lobstein d79810a7e3 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:11 +02:00
Valentin Lobstein d625ab5fbc Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:01 +02:00
Valentin Lobstein 32f7754774 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-02 14:42:34 +02:00
Chocapikk 5b268bd4b4 Fix documentation and typos 2025-07-01 22:50:01 +02:00
Chocapikk f7a649c121 Remove php mixin and arch 2025-07-01 19:43:21 +02:00
Chocapikk 5d9eb58848 Remove useless mixin 2025-07-01 19:39:26 +02:00
Chocapikk 1a4a15e83b Add WingFTP unauthenticated RCE (CVE-2025-47812) 2025-07-01 19:15:15 +02:00
msutovsky-r7 126bff18a1 Land #20346, fixes payload encoding and substitutes for smaller base64 encoder 
Use the smaller base64 encoder
 2025-06-27 17:15:05 +02:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
Spencer McIntyre 6334996e60 Use the smaller base64 encoder 2025-06-24 15:58:17 -04:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
Diego Ledda c0dfbf43f2 Merge pull request #20235 from Chocapikk/vbulletin_replace_ad_template_rce 
vBulletin replaceAdTemplate Remote Code Execution
 2025-06-19 14:20:16 +02:00
Martin Sutovsky 3abe9b46c0 Addressing comments 2025-06-13 10:32:39 +02:00
msutovsky-r7 2e3b66612b Update modules/exploits/multi/http/wp_tatsu_rce.rb 2025-06-12 11:38:01 +02:00
msutovsky-r7 cb9f5e8743 Update modules/exploits/multi/http/wp_tatsu_rce.rb 2025-06-12 11:35:01 +02:00
Martin Sutovsky 0b2e4bc337 Adds module for CVE-2021-25094 2025-06-11 19:03:00 +02:00
msutovsky-r7 f2920f868a Land #20291, adds Roundcube post-authentication RCE (CVE-2025-49113) 
Add Remote for Roundсube CVE-2025-49113 post-authentication RCE module
 2025-06-11 10:48:58 +02:00
Maksim Rogov 582e32c14e remove timeout 2025-06-11 11:05:33 +03:00
msutovsky-r7 a175e89d07 Land #20299, converts DisableNops to Boolean 
Modules: Convert DisableNops property to Boolean in several modules
 2025-06-11 07:31:53 +02:00
bcoles 3272ee0f28 Modules: Convert DisableNops property to Boolean in several modules 2025-06-10 23:57:52 +10:00
bcoles 304de9e1c9 Modules: Convert Privileged property to Boolean in several modules 2025-06-10 23:01:52 +10:00
Maksim Rogov 8fe5c91801 fix parsing.rb 2025-06-10 14:29:39 +03:00
Maksim Rogov 10ab54369d Update modules/exploits/multi/http/roundcube_auth_rce_cve_2025_49113.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-10 14:18:44 +03:00
Maksim Rogov 97c493a924 Update modules/exploits/multi/http/roundcube_auth_rce_cve_2025_49113.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-10 14:17:55 +03:00
Vognik d764237230 migrated to nokogiri methods for csrf token parsing 2025-06-10 14:54:09 +04:00
Maksim Rogov 5725e6faf7 Apply suggestions from code review 
Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2025-06-10 11:09:05 +03:00
Vognik 072ebafbcf fix naming 2025-06-09 19:32:31 +04:00
Vognik 46a36c9d4c refactor: update code per review 2025-06-09 19:28:38 +04:00
Brendan ebae201198 Merge pull request #20160 from zeroSteiner/feat/mod/payload/php-adapters 
Add PHP adapters and refactor PHP payloads
 2025-06-09 07:41:50 -05:00
Maksim Rogov 01f16ea802 Minor Fixes.rb 2025-06-08 12:47:08 +03:00
Maksim Rogov c63649a12d Update roundcube_auth_rce_cve_2025_49113.rb 2025-06-08 01:21:31 +03:00
Vognik f43e8863ad refactor: update code per review 2025-06-08 02:14:53 +04:00
Maksim Rogov 442b5aadf3 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-07 23:26:03 +03:00
Maksim Rogov 0426d3cb4f Rename roundcube_unauth_rce_cve_2025_49113.rb to roundcube_auth_rce_cve_2025_49113.rb 2025-06-07 16:14:28 +03:00
Maksim Rogov 906ba4fba2 Update roundcube_unauth_rce_cve_2025_49113.rb 2025-06-07 13:58:37 +03:00
Vognik b83b021445 Add Remote for Roundcube CVE-2025-49113 unauthenticated RCE module 2025-06-07 05:28:21 +04:00
Brendan 19e8e6cdf8 Merge pull request #20187 from Chocapikk/wp_ottokit 
Add CVE-2025-27007 in existing `exploit(multi/http/wp_suretriggers_auth_bypass)` module
 2025-06-05 11:03:00 -05:00
bwatters-r7 17bf77fca1 Switch to in-memory python over fetch payloads 2025-06-03 13:39:01 -05:00
remmons-r7 c2556382f1 Reword "pt" to "part" in the Metasploit module 2025-05-30 10:52:28 -05:00
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00