adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,426 Commits 27 Branches 1,043 Tags
8a9eeafd1c7b2d0e6ccc46378cdfd246ea4bf08e
Commit Graph

20267 Commits

Author SHA1 Message Date
Brendan 10d12570c0 Merge pull request #20791 from Chocapikk/webcheck 
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
 2026-01-12 17:14:04 -06:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
jheysel-r7 ae4a5ac986 Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info 
Merge target info into the module info
 2026-01-08 18:01:14 -08:00
jheysel-r7 b9be6ac259 Merge pull request #20785 from Chocapikk/react2shell-clean 
Update react2shell module: Add Waku framework support
 2026-01-08 17:58:48 -08:00
jheysel-r7 bb98e855e1 Merge pull request #20751 from h00die/sticky_keys 
update windows sticky keys to persistence mixin
 2026-01-08 16:44:04 -08:00
Valentin Lobstein 7b1e7d5320 Apply review feedback: move Space limits to targets, use CheckCode::Detected 
Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com>
 2026-01-08 16:59:17 +01:00
Valentin Lobstein 0583a4c983 Apply review feedback: revert Platform, simplify framework_config, improve Waku detection 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2026-01-08 16:50:55 +01:00
msutovsky-r7 c289ff44b9 Land #20811, adds module for Prison Management System 1.0 RCE (CVE-2024-48594) 
Add Prison Management System 1.0 auth RCE (CVE-2024-48594)
 2026-01-08 12:33:00 +01:00
Xorriath 2030d19438 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:45:03 +02:00
Xorriath 2ef1b9fbae Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:44:51 +02:00
msutovsky-r7 b39e781500 Land #20700, adds module for Taiga.io RCE (CVE-2025-62368) 
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
 2026-01-07 11:53:32 +01:00
jheysel-r7 0d21fd4cc9 Merge pull request #20692 from msutovsky-r7/persistence/multi/python-site-specific-config-hook 
Adds module for python site-specific hook persistence
 2026-01-06 16:19:31 -08:00
Martin Sutovsky d6bffff143 Putting cmd_exec arguments into single argument 2026-01-06 18:38:31 +01:00
jheysel-r7 f0323e8069 Merge pull request #20744 from ptrstr/patch-2 
Remove current date constraint from uploaded path in `wp_reflexgallery_file_upload`
 2026-01-06 08:54:29 -08:00
ptrstr 0e28807458 Fix formatting 2026-01-06 09:44:22 -05:00
Xorriath a676b05928 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:32 +02:00
Xorriath 236d94ee54 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:17 +02:00
Xorriath b35d74b305 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:01 +02:00
Martin Sutovsky 13e93abfdf Addressing comments 2026-01-06 08:31:46 +01:00
h00die 2b85112a36 fix panda local privesc refs 2025-12-27 09:09:19 -05:00
kali 2448429502 Add Prison Management System 1.0 auth RCE (CVE-2024-48594) 2025-12-26 08:08:49 +02:00
h00die 3ea866c41d udev persistence 2025-12-21 07:50:48 -05:00
Brendan 3015c9f962 Merge pull request #20792 from sfewer-r7/hpe_oneview_rce 
Add unauth RCE exploit module for HPE OneView (CVE-2025-37164)
 2025-12-19 17:41:51 -06:00
Brendan b12ebc95c0 Merge pull request #20754 from h00die/assist_tech 
assistive technology persistence
 2025-12-19 16:33:21 -06:00
h00die 5ac586a788 Update modules/exploits/windows/persistence/assistive_technology.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-12-19 14:52:34 -05:00
sfewer-r7 0c947d05ab add in the AKB analysis 2025-12-19 15:38:43 +00:00
sfewer-r7 5c6c8a3956 better check result given we have the version string 2025-12-19 15:38:27 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
Martin Sutovsky 990c6a7a9f Adds check for presence of directory and sufficient rights 2025-12-19 14:31:05 +01:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
h00die d15d4ca5dc .exe guard clause for assistive_tech persistence 2025-12-18 16:17:50 -05:00
Valentin Lobstein 13f102eb5b Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778) 2025-12-18 18:51:12 +01:00
Spencer McIntyre 76b7c82092 Fix a CI failure 2025-12-18 10:33:35 -05:00
Spencer McIntyre 602adeb4c5 Mass rubocop changes 2025-12-18 10:08:31 -05:00
Valentin Lobstein d9498c35f9 Fix react2shell module: sync encoders and payload config with master version (had bad copy) 2025-12-17 23:52:30 +01:00
Spencer McIntyre d4b196b309 Update exploits to note target authors 
Target authors were selected based on comments that indicated that the
author was only responsible for a set of descrete targets. Authors that
were noted as assisting with target testing, check module development,
etc. were left at the module level.
 2025-12-17 17:30:16 -05:00
Valentin Lobstein 3b407575fa Update react2shell module: Add Waku framework support 2025-12-17 23:07:01 +01:00
Spencer McIntyre 8945267db6 Remove redundant Platform and Arch definitions 2025-12-17 16:12:31 -05:00
Spencer McIntyre 2103e1b5f6 Fix a bug in the platform definition 2025-12-17 15:57:58 -05:00
Jack Heysel 0589121fb9 Update payload options 2025-12-15 18:52:38 -05:00
Jack Heysel ca2ac75e16 Change react2shell default encoder 2025-12-12 15:22:34 -08:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
Tarek Nakkouch a20e2dfa6e Use send_request_cgi! for automatic redirect handling 2025-12-11 20:03:17 +01:00
Tarek Nakkouch 028aa2f544 Wrap zlib require in begin/rescue block for proper error handling 2025-12-11 19:53:02 +01:00
Tarek Nakkouch df9f546d01 Use HttpClientTimeout datastore option instead of hardcoded timeout value 2025-12-11 19:52:16 +01:00
Tarek Nakkouch 80f60b431c Set default value for FORM_NAME option and remove fallback check 2025-12-11 19:45:24 +01:00
ptrstr 30635cbadd Make plugin URI configurable 2025-12-10 18:14:26 -05:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Martin Sutovsky 6a626a855b Addresses some comments 2025-12-10 17:01:27 +01:00