adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,722 Commits 27 Branches 1,043 Tags
8fbc577b73c2f9128f1dfd1fbc6d685b1ca69c75
Commit Graph

7576 Commits

Author SHA1 Message Date
jheysel-r7 be4a69ab1d Merge pull request #20846 from msutovsky-r7/exploit/freepbx/injections_rce 
Adds auxiliary module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 06:39:47 -08:00
jheysel-r7 7d931c960c Merge pull request #20858 from msutovsky-r7/exploit/freepbx/unrestricted_file_upload 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61678)
 2026-01-28 06:23:43 -08:00
Martin Sutovsky e6b97a79a4 Addresses comments 2026-01-28 11:33:54 +01:00
Martin Sutovsky 7e92ef4811 Addresses comments 2026-01-28 11:14:24 +01:00
jheysel-r7 f31776caf0 Merge pull request #20778 from h00die/ssh_keys 
Update and combine ssh key persistence with mixin
 2026-01-27 06:39:10 -08:00
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
msutovsky-r7 537a1c5395 Land #19821, adds Burpsuite persistence module 
Burp extension persistence
 2026-01-22 11:03:08 +01:00
jheysel-r7 719874a7f4 Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module 
Add exploit oracle ebs CVE 2025 61882 module
 2026-01-21 16:08:09 -08:00
jheysel-r7 b6da204725 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-01-21 10:09:12 -08:00
Alex 99636be776 Updated mongobleed 2026-01-21 11:27:02 +01:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
Martin Sutovsky d2af23a4a6 Adds additional installation step 2026-01-19 11:25:39 +01:00
Martin Sutovsky 3672e2ba45 Adds additional installation step 2026-01-19 11:23:09 +01:00
MatDupas 54c6e18505 Update documentation/modules/exploit/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-17 12:26:18 +01:00
h00die 7ccf574e99 burp extension all working 2026-01-16 08:44:27 -05:00
adfoster-r7 666c7ce362 Merge pull request #20865 from rajyavardhan01/docs/dect-scanner-documentation 
Add documentation for auxiliary/scanner/dect modules
 2026-01-16 00:00:22 +00:00
Brendan ade984aead Merge pull request #20793 from Chocapikk/avideo-v2 
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
 2026-01-15 17:36:07 -06:00
Raj Handa b466371b46 Update DECT reference link to archive.org (dedected.org is offline) 2026-01-15 14:13:00 -08:00
Martin Sutovsky b01353cc07 Code cleanup, removes line from documentation 2026-01-15 15:26:30 +01:00
Martin Sutovsky c56f9d2ee2 Removes line from documentation 2026-01-15 15:20:44 +01:00
Martin Sutovsky e114ecdfd5 Splitting the modules into separate PRs 2026-01-15 15:20:43 +01:00
Martin Sutovsky 5ee1a15b7d Addressing comments 2026-01-15 15:20:43 +01:00
Martin Sutovsky b4f4078956 Updates documentation 2026-01-15 15:20:42 +01:00
Martin Sutovsky 744b366c58 Msftidy documentation 2026-01-15 15:20:41 +01:00
Martin Sutovsky 8e8c61b9c1 Fixes typo in documentation 2026-01-15 15:20:41 +01:00
Martin Sutovsky 7bbf49112f Updates documentation 2026-01-15 15:20:39 +01:00
Martin Sutovsky de856db75a Adds check methods, docs init 2026-01-15 15:20:38 +01:00
jheysel-r7 bb473b6019 Merge pull request #20797 from h00die/remove_persistence_exe 
persistence modules cleanup
 2026-01-14 14:43:33 -08:00
Spencer McIntyre 658c251b66 Merge pull request #20472 from jheysel-r7/feat/mod/badsuccessor 
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
 2026-01-14 15:43:35 -05:00
Jack Heysel c1023fd62a Add BadSuccessor dMSA Privilege Escalation in Windows 2025 2026-01-14 12:34:45 -08:00
h00die f4a195b88a persistence modules cleanup 2026-01-14 13:49:29 -05:00
msutovsky-r7 7b092aeedb Land #20806, adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888) 
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
 2026-01-14 15:44:25 +01:00
Diego Ledda e4f8d4fb13 Merge pull request #20706 from h00die/windows_wmi_persistence 
Update windows wmi to persistence mixin
 2026-01-14 09:37:20 -05:00
Raj Handa 42b50b759f Add documentation for auxiliary/scanner/dect modules 
Add module documentation (KB articles) for the DECT scanner modules:
- station_scanner.md: Documents the DECT base station scanner
- call_scanner.md: Documents the DECT active call scanner

Both documents include hardware requirements (COM-ON-AIR cards),
verification steps, options descriptions, and usage scenarios.
 2026-01-13 18:40:47 -08:00
Valentin Lobstein b2abdb21de Fix AVideo lab documentation: update file editing instructions 
Updated the note to provide a working method to edit configuration.php. Users can enter the container shell or copy the file out for editing.
 2026-01-14 00:35:39 +01:00
Valentin Lobstein ae4babbcf1 Fix AVideo lab documentation: remove broken sed command 
Removed the broken sed command that doesn't work correctly. Updated note to specify editing /var/www/html/AVideo/videos/configuration.php manually with an editor instead.
 2026-01-14 00:34:35 +01:00
Valentin Lobstein 37f9802b83 Update AVideo lab documentation: remove automatic sed fix, specify file to edit 
Removed mention of automatic sed fix in docker-entrypoint. Updated note to specify that users should manually edit /var/www/html/AVideo/videos/configuration.php if they encounter redirect issues with webSiteRootURL.
 2026-01-14 00:34:10 +01:00
Valentin Lobstein 733455eb53 Change port to 80 in AVideo lab documentation 
Changed HTTP_PORT from 9999 to 80 in the documentation to use the correct URL directly. This fixes the webSiteRootURL issue where AVideo was generating incorrect URLs with the mapped port instead of the container's internal port.
 2026-01-14 00:32:43 +01:00
Valentin Lobstein f6430ee093 Fix MariaDB tc.log corruption issue in AVideo lab setup 
The MariaDB container fails to start with 'Bad magic header in tc log' error
when the data directory has incorrect permissions or was previously corrupted.
This occurs during first-time setup of the AVideo lab environment.

The fix:
- Creates a custom entrypoint script that detects and removes corrupted tc.log
  files by checking the magic header (should be 01 00 00 00)
- Modifies Dockerfile.mariadb to integrate the fix script into the original
  MariaDB entrypoint using sed
- Ensures the fix runs automatically before MariaDB initialization

This allows the lab to start successfully on first run without manual intervention.

Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com>
 2026-01-13 22:31:38 +01:00
msutovsky-r7 eae97b314a Land #20810, adds module for authenticated RCE in n8n (CVE-2025-68613) 
Adds module for n8n workflow expression RCE (CVE-2025-68613)
 2026-01-13 16:51:06 +01:00
Brendan 10d12570c0 Merge pull request #20791 from Chocapikk/webcheck 
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
 2026-01-12 17:14:04 -06:00
Martin Sutovsky defa2b1337 Adds reference to protocol, fixes formatting 2026-01-12 14:54:46 +01:00
basicallyabidoof 2f62e7c031 Add documentation for ipv6_neighbor_router_advertisement.rb see https://github.com/rapid7/metasploit-framework/issues/12389 2026-01-12 14:54:46 +01:00
h00die 6491f74d9d wmi persistence improvements 2026-01-11 07:25:13 -05:00
Jack Heysel cdebe41d6c Revert unintended change 2026-01-09 09:55:22 -08:00
JohannesLks d45e91b130 typo 2026-01-09 10:48:30 -05:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
Martin Sutovsky e8efe19598 Moves file upload module into separate PR 2026-01-09 11:19:37 +01:00