adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,937 Commits 27 Branches 1,043 Tags
91633fdad7e9474debefbfd044d2b8bc7652deee
Commit Graph

3628 Commits

Author SHA1 Message Date
Brendan 1113a5e109 Merge pull request #21252 from zeroSteiner/feat/adcs/api-consolidation 
Feat/adcs/api consolidation
 2026-04-13 15:52:55 -05:00
Spencer McIntyre 6f813f9b7a Report services using the new style 2026-04-10 11:43:37 -04:00
Brendan a90ec1071c Merge pull request #21075 from Chocapikk/avideo-catname-sqli 
Add AVideo catName blind SQLi credential dump (CVE-2026-28501)
 2026-04-09 16:22:45 -05:00
Spencer McIntyre 657310042b Remove extra OID definitions 2026-04-09 10:37:05 -04:00
Spencer McIntyre b7e7de2fa4 Update the specs so they pass again 2026-04-09 10:37:05 -04:00
Spencer McIntyre 57bb3bbce7 Refactor code to use #with_adcs_certificate_request 2026-04-09 10:37:05 -04:00
Spencer McIntyre 9cedb4a069 Refactor the method name to namespace it to icpr 2026-04-09 10:37:05 -04:00
Spencer McIntyre 8a748d4954 Standardize printed messages a bit more 2026-04-09 10:37:05 -04:00
Spencer McIntyre 4d02f92fab Consolidate the attribute creation 2026-04-09 10:37:05 -04:00
Spencer McIntyre f177b98bfb Consolidate more into #create_csr 2026-04-09 10:37:05 -04:00
Spencer McIntyre a0e188bbbe Use #fetch so that nil is honored 2026-04-09 10:37:04 -04:00
adfoster-r7 6c24a059ae Merge pull request #21031 from zeroSteiner/fix/issue/20959 
LDAP Reporting Improvements
 2026-04-08 10:39:17 +01:00
jheysel-r7 94ccd8bd20 Merge pull request #20948 from ArkaprabhaChakraborty/osticket 
Add initial osticket arbitraray file read auxiliary module
 2026-04-07 09:39:01 -07:00
Spencer McIntyre a0852387fc Merge pull request #20752 from bwatters-r7/feature/certificate-web-enrollment 
Add Authenticating Web Enrollment module for AD/CS
 2026-04-06 15:27:28 -04:00
bwatters-r7 06edc3d08f change minor syntax and raise exception for rsa keylength mismatch 2026-04-06 13:12:47 -05:00
bwatters-r7 d10341befd Fixes for different paths to create_csr and build_csr 2026-04-02 16:23:34 -05:00
Jack Heysel 5111f9eb52 Refactor HashCapture 2026-04-02 13:14:06 -07:00
Jack Heysel 4125b209f8 Refactor reusable relay classes out of SMB directory 
Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-02 13:14:06 -07:00
arkaprabhachakraborty 26a73b060d Resolve rubocop errors and warnings. Address copilot comments on docs and code quality. 
Signed-off-by: arkaprabhachakraborty <chakrabortyarkaprabha998@gmail.com>
 2026-03-27 00:43:23 +05:30
Spencer McIntyre 700d063645 Implement copilot feedback 2026-03-26 14:43:33 -04:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
Spencer McIntyre 308b7277a1 Apply suggestion from @adfoster-r7 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2026-03-26 13:21:42 -04:00
Chocapikk 222e1a28ab Fix: Address Copilot review feedback on blind extraction and calibration 
- Widen blind_dump_data bisection range from 0..127 to 0..255 for
  binary-safe byte extraction, use Encoding::BINARY for chr output
- Revert read_from_file to positional param (binary = false) to stay
  consistent with MSSQL/PostgreSQL implementations
- Add elapsed <= 0 guard and .clamp on calibrated benchmark iterations
- Add unit specs for blind_detect_length and blind_dump_data covering
  zero-length, ASCII, long strings, and high bytes (>127)
- Fix rubocop: remove leading blank line, use single-quoted strings
 2026-03-26 15:53:51 +01:00
adfoster-r7 1faa27f7e6 Fix encoding issues in files 2026-03-25 19:01:57 +00:00
Christophe De La Fuente bf1a12301b Merge pull request #20967 from jheysel-r7/fix/lib/smb_relay_ruby_client_support 
Add support for Ruby SMB Client and `smbclient` to be compatible with Msf::Exploit::Remote::SMB::RelayServer
 2026-03-24 18:12:45 +01:00
Jack Heysel 45884fa090 Removed method parse override 2026-03-23 23:10:29 -07:00
Spencer McIntyre b89fb5aa62 Merge pull request #21049 from h00die/fix_persistence_directory 
better wriable_dir for windows persistence
 2026-03-23 15:40:32 -04:00
h00die 7631b54c0f better wriable_dir for windows persistence 2026-03-21 12:21:09 -04:00
vatsalgargg d0551c397e fix: correct typo 'recieved' to 'received' in two files 2026-03-21 13:24:51 +05:30
Jack Heysel 81b34421a9 Responded to comments 2026-03-19 14:15:49 -07:00
Jack Heysel e9502ce7ed Fix for gss token identification 2026-03-18 16:56:07 -07:00
Jack Heysel a4a34410c7 Mech type update for ruby_smb 2026-03-18 11:18:28 -07:00
Spencer McIntyre 09bb0337d1 Merge pull request #20997 from Nayeraneru/OptTD 
Introduce OptTimedelta
 2026-03-17 18:41:42 -04:00
Nayeraneru 01d88791d2 Removed unnecessary code and module 2026-03-18 00:14:15 +02:00
Jack Heysel 143071ab36 Refactor duplicate code 2026-03-16 19:59:46 -07:00
Jack Heysel e0a4b969ae Add support for simplified single target relaying (smbclient) 2026-03-16 19:42:17 -07:00
msutovsky-r7 b3aa45fb09 Land #20719, adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328) 
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
 2026-03-13 11:00:43 +01:00
adfoster-r7 c882d91155 Merge pull request #21025 from Hemang360/cookie-jar-doc-fix 
Fix HttpCookie integer conversion and cookie jar docs
 2026-03-13 00:08:13 +00:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00
g0t mi1k 33eb773a4d dhcp_server: Check to validate for _determine_server_comm 
Untested - As requested by @smcintyre-r7
 2026-03-12 17:29:21 +00:00
g0t mi1k b2f1e46c82 OptString -> OptAddress 2026-03-12 16:41:25 +00:00
Valentin Lobstein 16b55848b4 Fix: Remove duplicate Content-Type header from FreePBX requests 
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
 2026-03-11 20:09:52 +01:00
Valentin Lobstein 2b0f1c3c21 Fix: Omit default port from Referer header in FreePBX mixin 
FreePBX rejects ajax requests when the Referer includes :80 for HTTP
or :443 for HTTPS. Only include the port when it differs from the
protocol default.
 2026-03-11 20:06:08 +01:00
Valentin Lobstein c42e44e349 Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions 2026-03-11 19:43:29 +01:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
Christophe De La Fuente 31665e1b88 Land #20730, Allow toggling the SACL in LDAP queries 
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
 2026-03-11 16:36:35 +01:00
msutovsky-r7 e6ee6a7c94 Land #20961, adds service reporting to Wordpress mixin 
Update Wordpress Mixin to log services
 2026-03-10 09:05:05 +01:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Valentin Lobstein ba183d456d Fix: Remove BenchmarkProbeIterations from global SQLi options 
MySQL-specific option should not pollute all SQLi modules.
Hardcode probe iteration count in BenchmarkBasedBlind instead.
 2026-03-07 00:09:44 +01:00