adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,426 Commits 27 Branches 1,043 Tags
8a9eeafd1c7b2d0e6ccc46378cdfd246ea4bf08e
Commit Graph

7504 Commits

Author SHA1 Message Date
Brendan 10d12570c0 Merge pull request #20791 from Chocapikk/webcheck 
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
 2026-01-12 17:14:04 -06:00
Martin Sutovsky defa2b1337 Adds reference to protocol, fixes formatting 2026-01-12 14:54:46 +01:00
basicallyabidoof 2f62e7c031 Add documentation for ipv6_neighbor_router_advertisement.rb see https://github.com/rapid7/metasploit-framework/issues/12389 2026-01-12 14:54:46 +01:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
jheysel-r7 b9be6ac259 Merge pull request #20785 from Chocapikk/react2shell-clean 
Update react2shell module: Add Waku framework support
 2026-01-08 17:58:48 -08:00
jheysel-r7 bb98e855e1 Merge pull request #20751 from h00die/sticky_keys 
update windows sticky keys to persistence mixin
 2026-01-08 16:44:04 -08:00
Spencer McIntyre da89d98b1e Merge pull request #20847 from dwelch-r7/fix-ssh-login-print-and-docs 
Fix extra characters in print and merge docs for ssh_login/ssh_login_pubkey
 2026-01-08 16:17:43 -05:00
Dean Welch 2867729808 Fix extra characters in print and merge docs for ssh_login/ssh_login_pubkey 2026-01-08 13:57:22 +00:00
msutovsky-r7 c289ff44b9 Land #20811, adds module for Prison Management System 1.0 RCE (CVE-2024-48594) 
Add Prison Management System 1.0 auth RCE (CVE-2024-48594)
 2026-01-08 12:33:00 +01:00
msutovsky-r7 b39e781500 Land #20700, adds module for Taiga.io RCE (CVE-2025-62368) 
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
 2026-01-07 11:53:32 +01:00
jheysel-r7 0d21fd4cc9 Merge pull request #20692 from msutovsky-r7/persistence/multi/python-site-specific-config-hook 
Adds module for python site-specific hook persistence
 2026-01-06 16:19:31 -08:00
h00die bfec7c378b Update documentation/modules/exploit/windows/persistence/accessibility_features_debugger.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-06 14:00:39 -05:00
kali be9b2c9491 Add documentation for prison_management_rce 2026-01-06 12:33:49 +02:00
Diego Ledda acc206b2dc Merge pull request #20833 from xaitax/CVE-2025-14847_Mongobleed 
Add MongoDB memory disclosure module (CVE-2025-14847)
 2025-12-30 08:49:30 -05:00
Diego Ledda cd83a441b9 Merge pull request #20767 from Chocapikk/geoserver 
Add GeoServer WMS GetMap XXE file read module (CVE-2025-58360)
 2025-12-30 08:39:00 -05:00
Alex 44b2adafa7 Add MongoDB memory disclosure module (CVE-2025-14847) 2025-12-30 13:04:25 +01:00
h00die 3ea866c41d udev persistence 2025-12-21 07:50:48 -05:00
Brendan 3015c9f962 Merge pull request #20792 from sfewer-r7/hpe_oneview_rce 
Add unauth RCE exploit module for HPE OneView (CVE-2025-37164)
 2025-12-19 17:41:51 -06:00
Brendan b12ebc95c0 Merge pull request #20754 from h00die/assist_tech 
assistive technology persistence
 2025-12-19 16:33:21 -06:00
sfewer-r7 d40a35acdb the version logic changes, update the docs 2025-12-19 15:48:07 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
Valentin Lobstein 080f74f862 Update Web-Check documentation with docker-compose.yml setup instructions 2025-12-18 19:19:17 +01:00
Valentin Lobstein 5178cdee42 Update Web-Check documentation with git clone command 2025-12-18 18:56:18 +01:00
Valentin Lobstein 13f102eb5b Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778) 2025-12-18 18:51:12 +01:00
Valentin Lobstein 3b407575fa Update react2shell module: Add Waku framework support 2025-12-17 23:07:01 +01:00
Valentin Lobstein 46f87e0f6e Add GeoServer WMS GetMap XXE file read module (CVE-2025-58360) 2025-12-12 16:11:15 +01:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
jheysel-r7 33197bd59c Merge pull request #20713 from Chocapikk/nable 
Add N-able N-Central authentication bypass and XXE scanner module (CVE-2025-9316, CVE-2025-11700)
 2025-12-11 11:10:48 -08:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Martin Sutovsky 6a626a855b Addresses some comments 2025-12-10 17:01:27 +01:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
Valentin Lobstein e9467cd1e3 Clarify file-based session storage requirements and exploit limitations 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2025-12-09 19:26:30 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
Brendan caa672231b Merge pull request #20736 from sfewer-r7/fortiweb-exploit-rce-v6-support 
Update the FortiWeb exploit module (CVE-2025-64446 + CVE-2025-58034) to target older unsupported versions 6.x
 2025-12-08 17:43:49 -06:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
h00die 54d47e72ab sticky keys description update 2025-12-07 07:40:54 -05:00
h00die bd48eda8b2 rename sticky keys module 2025-12-07 07:38:41 -05:00
h00die 42b6a307ac markdown 2025-12-06 19:58:36 -05:00
h00die a2f266068b assistive technology persistence 2025-12-06 13:05:32 -05:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
h00die 54718c7a12 sticky keys as persistence 2025-12-05 07:07:30 -05:00
vognik baa0a11492 small fixes 2025-12-05 00:11:44 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00