adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
jheysel-r7 3141152393 Merge pull request #20017 from zeroSteiner/feat/mod/ldap/passwords 
Add LAPSv1 and LAPSv2 LDAP Module
 2025-04-30 14:02:30 -07:00
jheysel-r7 0f22a18dac Merge pull request #20081 from msutovsky-r7/exploit/wondercms-rce 
Adds module for  CVE-2023-41425 WonderCMS RCE
 2025-04-30 13:14:45 -07:00
Christophe De La Fuente d83e6072ef Add the module and documentation for Ivanti RCE CVE-2025-22457 2025-04-30 22:02:16 +02:00
bcoles bf5269edc0 modules/post/osx: Resolve RuboCop violations 2025-05-01 02:49:28 +10:00
bcoles 2a616f7560 modules/post/multi: Resolve RuboCop violations 2025-05-01 02:32:23 +10:00
Martin Sutovsky 1f650b0432 Adding SRVHOST check 2025-04-30 17:58:15 +02:00
Martin Sutovsky f2e0fe79be Responding to comments 2025-04-30 17:53:26 +02:00
Diego Ledda 8ae6d353d8 Land #20085, module exploit for Craft CMS Preauth RCE (CVE-2025-3243) 
Land #20085, module exploit for Craft CMS Preauth RCE (CVE-2025-3243)
 2025-04-30 17:22:50 +02:00
cgranleese-r7 2c00a912cb Land #20107, modules/post/multi/gather: Resolve RuboCop violations 2025-04-30 16:10:36 +01:00
jheysel-r7 a0f200dba0 Merge pull request #20100 from bcoles/rubocop-modules-post-windows-gather 
modules/post/windows/gather: Resolve RuboCop violations
 2025-04-30 07:51:12 -07:00
Chocapikk 73f0963d81 Lint ^^ 2025-04-30 16:16:30 +02:00
Valentin Lobstein 691cead95c Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-04-30 16:10:32 +02:00
cgranleese-r7 0c7ddd58fe Land #20104, modules/post/solaris: Resolve RuboCop violations 2025-04-30 15:01:23 +01:00
bcoles fab5a3b1b1 modules/post/multi/gather: Resolve RuboCop violations 2025-04-30 20:15:08 +10:00
Valentin Lobstein c85fe60596 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:33:14 +02:00
Valentin Lobstein 301e9e64e7 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:32:58 +02:00
bcoles 5a601fc8b2 Move auxiliary/docx/word_unc_injector to auxiliary/fileformat/ 2025-04-30 18:26:15 +10:00
bcoles 7b8cf0bfbb modules/post/windows/gather: Resolve RuboCop violations 2025-04-30 11:23:07 +10:00
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
 2025-04-30 00:24:25 +02:00
jheysel-r7 3a3a2dbf85 Merge pull request #20084 from bcoles/rubocop-modules-auxiliary-docx 
modules/auxiliary/docx/word_unc_injector: Resolve RuboCop violations
 2025-04-29 12:34:35 -07:00
Spencer McIntyre d59337f0a5 Add LAPS data for ldap_spec 2025-04-29 14:01:23 -04:00
Valentin Lobstein 9d0d12004e Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:59:09 +02:00
Valentin Lobstein 59b9249cec Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:58:38 +02:00
bcoles f2a69666cd modules/post/solaris: Resolve RuboCop violations 2025-04-30 00:19:25 +10:00
bcoles e99ae3d23e modules/post/firefox: Resolve RuboCop violations 2025-04-29 21:39:18 +10:00
Ashley Donaldson 6ec67d6a26 32-bit .NET working 2025-04-29 09:44:03 +10:00
h00die-gr3y a6aca51230 initial module 2025-04-28 21:00:55 +00:00
adfoster-r7 498bc208c1 Merge pull request #20094 from bcoles/rubocop-modules-post-hardware 
modules/post/hardware: Resolve RuboCop violations
 2025-04-28 20:29:19 +01:00
adfoster-r7 ac9669d11a Merge pull request #20092 from bcoles/rubocop-modules-post-windows-gather-credentials 
modules/post/windows/gather/credentials: Resolve RuboCop violations
 2025-04-28 20:19:54 +01:00
adfoster-r7 7ebe8f207d Update modules/post/hardware/zigbee/zstumbler.rb 2025-04-28 20:12:59 +01:00
bcoles 04e1424e31 modules/post/hardware: Resolve RuboCop violations 2025-04-29 01:52:00 +10:00
bcoles 333c38b39e modules/post/windows/gather/credentials: Resolve RuboCop violations 2025-04-28 09:08:33 +10:00
adfoster-r7 1b3ad5050d Merge pull request #20093 from jvoisin/fix_typo 
Fix an unfortunate typo
 2025-04-27 23:10:40 +01:00
adfoster-r7 ba2b72b4ff Merge pull request #20091 from bcoles/rubocop-modules-post-linux-gather 
modules/post/linux/gather: Resolve RuboCop violations
 2025-04-27 22:59:44 +01:00
jvoisin 085f0380c3 Fix an unfortunate typo 2025-04-27 20:37:15 +02:00
RAMELLA Sebastien 73208fda35 add optenum for output ext 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 21:02:04 +04:00
RAMELLA Sebastien 32a8e6797e fixes review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 20:31:13 +04:00
RAMELLA Sebastien d474d9b796 content nil and empty 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 13:32:41 +04:00
RAMELLA Sebastien dc88f3ffd9 fixes review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 13:22:47 +04:00
Chocapikk a0e9758c7f Improve error handling, and search csrf_token in root uri 2025-04-27 08:01:17 +02:00
bcoles 394e7a1ba2 modules/post/linux/gather: Resolve RuboCop violations 2025-04-27 12:23:56 +10:00
adfoster-r7 d4988c4eb2 Merge pull request #20073 from bcoles/rubocop-modules-exploits-solaris 
modules/exploits/solaris: Resolve RuboCop violations
 2025-04-26 18:08:17 +01:00
adfoster-r7 decb528470 Merge pull request #20090 from bcoles/rubocop-modules-post-apple_ios 
modules/post/apple_ios: Resolve RuboCop violations
 2025-04-26 18:05:20 +01:00
adfoster-r7 c5ad0c3cf9 Merge pull request #20089 from bcoles/rubocop-modules-post-networking 
modules/post/networking: Resolve RuboCop violations
 2025-04-26 18:04:43 +01:00
adfoster-r7 7a7a3abd3f Merge pull request #20088 from bcoles/rubocop-modules-post-bsd 
modules/post/bsd: Resolve RuboCop violations
 2025-04-26 18:04:12 +01:00
adfoster-r7 3daecae78c Merge pull request #20087 from bcoles/rubocop-modules-post-android 
modules/post/android: Resolve RuboCop violations
 2025-04-26 18:03:42 +01:00
bcoles f607f4b5b2 modules/post/apple_ios: Resolve RuboCop violations 2025-04-27 02:31:19 +10:00
bcoles dc63ea9668 modules/post/networking: Resolve RuboCop violations 2025-04-27 02:13:25 +10:00
bcoles bf12f3ee8d modules/post/bsd: Resolve RuboCop violations 2025-04-27 02:09:41 +10:00
bcoles 2d94c28c53 modules/post/android: Resolve RuboCop violations 2025-04-27 01:56:49 +10:00