adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,829 Commits 27 Branches 1,043 Tags
7f0b8c83a1ce20ce5adad524eef7da77d4ee4607
Commit Graph

3643 Commits

Author SHA1 Message Date
g0t mi1k b338c774cd Split HEADERS using '=' rather than ':' 2026-04-05 07:30:32 +01:00
Christophe De La Fuente 09a59af789 Merge pull request #21069 from Chocapikk/add-module-freescout-htaccess-rce 2026-03-31 18:09:30 +02:00
msutovsky-r7 6d4b268f9f Land #21029, adds module for Grav CMS (CVE-2025-50286) 
Adds exploit module for Grav CMS (CVE-2025-50286)
 2026-03-31 14:47:44 +02:00
adfoster-r7 438b8e0875 Merge pull request #21102 from zeroSteiner/fix/re-add-20989 
Reapply "This adjusts module options that need a routable address"
 2026-03-30 14:50:05 +01:00
Valentin Lobstein 2a1ebdb996 Update modules/exploits/multi/http/freescout_htaccess_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2026-03-27 19:30:47 +01:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
x1o3 de81c5f0dc plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:45:20 +05:30
Chocapikk 140b58f429 Fix: address PR review feedback for freescout htaccess rce module 2026-03-27 00:34:22 +01:00
Valentin Lobstein 3f718d77b4 Update modules/exploits/multi/http/freescout_htaccess_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2026-03-27 00:29:57 +01:00
Spencer McIntyre 700d063645 Implement copilot feedback 2026-03-26 14:43:33 -04:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
g0t mi1k 17161c42e2 Make Rubocop happy 2026-03-25 13:39:20 +00:00
g0t mi1k 89af3ad558 Sync datastore_headers 
Note: This code was suggested by a LLM (Copilot) in the MR
 2026-03-25 13:32:46 +00:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Valentin Lobstein 3414611a3d Refactor: Use inherited SSL option from HttpClient instead of HTTPSSL 2026-03-14 00:07:28 +01:00
Valentin Lobstein c5c6c34232 Refactor: Remove HTTPSSL option, auto-detect SSL from port 443 2026-03-14 00:04:49 +01:00
Valentin Lobstein d01a2689bb Fix: Use HttpClient bind_call for full HTTP feature inheritance 
Replace standalone Rex::Proto::Http::Client with bind_call on
HttpClient's connect method to bypass SMTPDeliver MRO conflict
while preserving SSL, proxy, basic auth, and vhost support.
Add HTTPSSL option for HTTPS targets.
 2026-03-14 00:02:04 +01:00
Valentin Lobstein db3654eebf Fix: Address Copilot review feedback and fix cmd/dropper targets 
- Fix http_send: use standalone Rex::Proto::Http::Client to avoid
  SMTPDeliver/HttpClient connect() method conflict
- Fix cmd/dropper PHP stub: remove double $$ variable (vars[:cmd_varname]
  already includes $ prefix)
- Fix cmd/dropper unlink: use cleanup POST param instead of inline
  @unlink to preserve shell across multiple stager requests
- Fix wait_for_cron: use .to_i % fetch for correct modulo calculation
- Fix dir_exists?: use res&.redirect? instead of res&.code == 301
- Fix docs: RHOSTS -> RHOST (SMTPDeliver registers singular RHOST)
- Remove manual Date header (SMTPDeliver handles it)
- Update scan_paths comment to reflect MD5 digit extraction
- Replace php_exec_cmd with manual preamble + system_block stub
 2026-03-13 23:38:30 +01:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00
g0t mi1k 3852276028 OptString -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k b2f1e46c82 OptString -> OptAddress 2026-03-12 16:41:25 +00:00
x1o3 146911bb3d rubocop & msftidy compiant 2026-03-11 12:59:36 +05:30
x1o3 de72dcb88a fixes review feedback 2026-03-11 12:56:14 +05:30
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Valentin Lobstein 9b7faea3c2 Feat: Add FreeScout ZWSP .htaccess RCE module (CVE-2026-28289) 2026-03-05 18:06:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Valentin Lobstein 4534a8a07e Fix: Address msutovsky-r7 PR review feedback 
- Add IOC_IN_LOGS to SideEffects (POST payload may appear in app logs)
- Pass page parameter via vars_get instead of embedding in URI string
- Apply vars_get consistently in crawl seed request
 2026-03-05 14:07:22 +01:00
Spencer McIntyre ea915acba3 Appease rubocop 2026-03-03 09:37:27 -05:00
Spencer McIntyre 1b39311784 Remove redundant definitions of SRVHOST 2026-03-03 09:37:27 -05:00
Spencer McIntyre 821e3c28f1 Replace old patterns with srvhost_addr 2026-03-03 09:37:27 -05:00
Spencer McIntyre 6e38f8568c Update tftphost usage in cmd stagers 2026-03-03 09:37:27 -05:00
Spencer McIntyre b7fc0c6613 Replace usage of #lookup_lhost 2026-03-03 09:37:27 -05:00
adfoster-r7 9df6879a95 Update modules to use srvhost method 2026-03-03 09:37:25 -05:00
Spencer McIntyre 758ac7f2f6 Apply rubocop changes 2026-03-03 09:34:49 -05:00
Spencer McIntyre fc49421939 Replace checks for nonroutable addresses 
This consolidates modules that check for a nonroutable SRVHOST value and
replaces it with OptAddressRoutable, defaulting to a reasonable address.
 2026-03-03 09:34:49 -05:00
Spencer McIntyre 92e77de800 Update to use OptAddressRourtable for SRVHOST 2026-03-03 09:34:48 -05:00
x1o3 f87a5d9598 fixes review feedback 2026-03-02 17:38:14 +05:30
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
x1o3 7d6d592efe logic fix & cleanup 2026-02-28 22:56:28 +05:30
x1o3 524dd0efe9 rubocop && msftidy compliant 2026-02-27 20:01:55 +05:30
x1o3 7d57eda229 rubocop && msftidy compliant 2026-02-27 19:36:19 +05:30
Valentin Lobstein 615ca34e29 Fix: Remove explicit timeouts from send_request_cgi calls 2026-02-27 14:42:00 +01:00
Valentin Lobstein 6923badeac Fix: Use background thread for cycle.php bootstrap instead of timeout 2026-02-27 14:34:24 +01:00
Valentin Lobstein 76d103e483 Fix: Bootstrap cycle tables and update lab documentation 
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
 2026-02-27 14:33:04 +01:00
Valentin Lobstein a0cf8b488b Fix: Resolve protocol-relative URLs instead of skipping them 2026-02-25 13:10:30 +01:00
Valentin Lobstein ece296ba6a Fix: Address jvoisin's PR review feedback 
- Remove IOC_IN_LOGS (payload is in POST body, not logged)
- Remove redundant early filter (regex handles it)
- Use non-capturing groups in static asset regex
- Filter protocol-relative URLs before link resolution
- Clarify relative vs absolute path handling in crawler

Co-Authored-By: jvoisin <325724+jvoisin@users.noreply.github.com>
 2026-02-24 23:23:17 +01:00
Valentin Lobstein c905ec66e4 Update modules/exploits/multi/http/spip_saisies_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-24 23:19:03 +01:00
Diego Ledda 1e4c184512 Merge pull request #20988 from adfoster-r7/add-solarwinds-srvhost-defaults 
Add solarwinds srvhost defaults
 2026-02-24 04:41:23 -05:00
Valentin Lobstein a8f66a23d9 Feat: Add SPIP Saisies plugin RCE module (CVE-2025-71243) 2026-02-21 09:32:53 +01:00