adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
Spencer McIntyre dcaeb5266c Define the system_block module function 2025-05-30 09:06:38 -04:00
Spencer McIntyre 9220360ed0 Add an ARCH_PHP -> ARCH_CMD adapter 2025-05-30 09:06:20 -04:00
bcoles 5ecf5b770b modules/auxiliary/server/dns: Resolve RuboCop violations 2025-05-30 22:26:50 +10:00
msutovsky-r7 e55032a14f Land #20238, resolves RuboCop violations in auxiliary/scanner/db2 
modules/auxiliary/scanner/db2: Resolve RuboCop violations
 2025-05-30 13:48:59 +02:00
msutovsky-r7 d92088fa97 Land #20239, resolves RuboCop violations in auxiliary/scanner/dcerpc 
modules/auxiliary/scanner/dcerpc: Resolve RuboCop violations
 2025-05-30 12:47:18 +02:00
root 69870ee703 Update Remote for Mac 2025.6 RCE module with improvements and fixes 2025-05-30 11:21:07 +01:00
msutovsky-r7 9ef3134049 Land #20240, resolves RuboCop violations in modules/auxiliary/scanner/dect 
modules/auxiliary/scanner/dect: Resolve RuboCop violations
 2025-05-30 12:01:30 +02:00
Diego Ledda d08995c051 Merge pull request #20201 from bcoles/rubocop-modules-auxiliary-admin-networking 
modules/auxiliary/admin/networking: Resolve RuboCop violations
 2025-05-29 16:53:07 +02:00
Diego Ledda 537f12b6ec Merge pull request #19976 from msutovsky-r7/feat/php_cmd_adapter 
PHP cmd adapter
 2025-05-29 16:49:58 +02:00
Chocapikk 33439fccb3 Add verbosity, update doc 2025-05-29 16:30:41 +02:00
Valentin Lobstein f053d993f7 Update modules/exploits/multi/http/vbulletin_replace_ad_template_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-05-29 15:59:00 +02:00
Diego Ledda 8f64994f47 Merge pull request #20246 from bcoles/encoders-metasm-cpu 
Encoders: Fix assemble method Metasm CPU definition
 2025-05-29 15:15:49 +02:00
bwatters-r7 e36336669d Update description in module and docs to reflect nre option name 2025-05-29 08:11:33 -05:00
Martin Sutovsky cb0ef76140 Adds fail_with to avoid returning nil 2025-05-29 13:47:36 +02:00
adfoster-r7 f1d7f2ed22 Revert "Ensure thinkphp rce runs on metasploit pro" 2025-05-29 10:54:51 +01:00
msutovsky-r7 a5d80290f8 Land #20241, resolves RuboCop violations for modules/auxiliary/scanner/discovery 
modules/auxiliary/scanner/discovery: Resolve RuboCop violations
 2025-05-29 10:38:28 +02:00
msutovsky-r7 6628e0d9e7 Update modules/auxiliary/fileformat/maldoc_in_pdf_polyglot.rb 
This will look better in Metasploit wrapup blog

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-05-29 10:05:10 +02:00
root cf3e1764c5 Finalize Remote for Mac 2025.6 RCE module (no CVE yet) 2025-05-29 04:29:15 +01:00
remmons-r7 704e498f39 Add ivanti_epmm_rce_cve_2025_4427_4428.rb 
Add a module for CVE-2025-4427 and CVE-2025-4428, unauthenticated RCE chain in Ivanti EPMM.
 2025-05-28 17:32:56 -05:00
bwatters-r7 b207a8848c Fix references to LDAP Datastore Options 2025-05-28 12:02:01 -05:00
Diego Ledda 9b7e27e946 Merge pull request #20185 from Chocapikk/wp_depicter_sqli_cve_2025_2011 
Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011)
 2025-05-28 18:38:52 +02:00
Spencer McIntyre 5c6f6f1070 Merge pull request #20261 from bwatters-r7/fix/vmcenter_vmdir_auth 
Update datastore option names in vmware_vcenter_vmdir_auth_bypass module and docs
 2025-05-28 12:33:43 -04:00
Diego Ledda 6cb8d8c599 fix(modules): renaming run_host to run 2025-05-28 18:01:32 +02:00
msutovsky-r7 f3668f436b Land #20242, resolves RuboCop violations for modules/auxiliary/scanner/sap 
modules/auxiliary/scanner/sap: Resolve RuboCop violations
 2025-05-28 16:54:01 +02:00
Valentin Lobstein 8055ba3d65 Update modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-05-28 16:28:59 +02:00
bwatters-r7 e282bbda99 Update datastore option names in module and docs 2025-05-28 09:23:36 -05:00
Spencer McIntyre dae8c9b43a Update the ldap/change_password module 2025-05-28 10:19:30 -04:00
bcoles 1b95ece26d modules/auxiliary/scanner/sap: Resolve RuboCop violations 2025-05-28 22:15:05 +10:00
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
Diego Ledda cd63d653a8 Merge pull request #20200 from bcoles/rubocop-modules-auxiliary-admin-oracle 
modules/auxiliary/admin/oracle: Resolve RuboCop violations
 2025-05-28 13:45:33 +02:00
root 38f0178ad8 Update exploit: fix PacketStorm reference, add CVE placeholder 2025-05-28 09:27:28 +01:00
root 1860c16aa8 Add Remote for Mac 2025.6 unauthenticated RCE module 2025-05-28 07:42:34 +01:00
sjanusz-r7 9cea2891e3 Address GraphQL Introspection comments 2025-05-27 17:13:37 +01:00
msutovsky-r7 ec98f0af2c Land #20243, resolving Rubocop violations in modules/auxiliary/scanner/snmp 
modules/auxiliary/scanner/snmp: Resolve RuboCop violations
 2025-05-27 17:54:32 +02:00
bcoles e89b103873 modules/auxiliary/scanner/snmp: Resolve RuboCop violations 2025-05-28 01:19:53 +10:00
Martin Sutovsky 4d956ba4e4 Fixing Rubocop formatting 2025-05-27 16:35:34 +02:00
Martin Sutovsky fa0aaa0834 Rubocoping 2025-05-27 16:31:36 +02:00
Martin Sutovsky 126b155d6e Adding uuid for cmd 2025-05-27 16:31:33 +02:00
Martin Sutovsky 735140f217 Rolling back to previous base64 functionality 2025-05-27 16:30:53 +02:00
Martin Sutovsky c30a6cabe3 More reliable full command path detection, using already existing base64 encoder 2025-05-27 16:30:52 +02:00
Martin Sutovsky 3e75553044 Removing uncessary whitespaces 2025-05-27 16:30:52 +02:00
Martin Sutovsky b4d2df91de Encoding PHP payload and piping into php unix command 2025-05-27 16:30:52 +02:00
bcoles 32c5280b13 modules/auxiliary/admin/oracle: Resolve RuboCop violations 2025-05-28 00:10:48 +10:00
Chocapikk 05d41232fe Add CVE IDs 2025-05-27 13:51:49 +02:00
Diego Ledda f2e222bfcb Merge pull request #20198 from bcoles/rubocop-modules-auxiliary-admin-scada 
modules/auxiliary/admin/scada: Resolve RuboCop violations
 2025-05-27 10:53:46 +02:00
RAMELLA Sebastien c84056780e fix. r7 code review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-05-27 11:45:52 +04:00
Chocapikk 6dc9809837 Non-blocking requests when trying to exploit, since the payload can be triggered twice 2025-05-26 20:17:39 +02:00
Chocapikk 854d2354fa Fix check, both requests can display if the system is vulnerable 2025-05-26 20:04:19 +02:00
bcoles 1b4d65e8b7 Encoders: Fix assemble method Metasm CPU definition 2025-05-26 23:03:12 +10:00