adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,937 Commits 27 Branches 1,043 Tags
91633fdad7e9474debefbfd044d2b8bc7652deee
Commit Graph

5391 Commits

Author SHA1 Message Date
Brendan 4c421532d6 Merge pull request #21288 from g0tmi1k/AutoCheck 
Add AutoCheck to various exploit modules
 2026-04-14 09:59:25 -05:00
g0t mi1k 10fd6b9ef8 Add AutoCheck to various exploit modules 2026-04-14 06:21:15 +01:00
adfoster-r7 44a6da0e53 Merge pull request #21078 from Chocapikk/fix-churchcrm 
Fix ChurchCRM unauthenticated RCE module
 2026-04-13 10:36:18 +01:00
g0t mi1k b338c774cd Split HEADERS using '=' rather than ':' 2026-04-05 07:30:32 +01:00
Christophe De La Fuente 09a59af789 Merge pull request #21069 from Chocapikk/add-module-freescout-htaccess-rce 2026-03-31 18:09:30 +02:00
msutovsky-r7 6d4b268f9f Land #21029, adds module for Grav CMS (CVE-2025-50286) 
Adds exploit module for Grav CMS (CVE-2025-50286)
 2026-03-31 14:47:44 +02:00
adfoster-r7 438b8e0875 Merge pull request #21102 from zeroSteiner/fix/re-add-20989 
Reapply "This adjusts module options that need a routable address"
 2026-03-30 14:50:05 +01:00
Valentin Lobstein 2a1ebdb996 Update modules/exploits/multi/http/freescout_htaccess_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2026-03-27 19:30:47 +01:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
x1o3 de81c5f0dc plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:45:20 +05:30
Chocapikk 140b58f429 Fix: address PR review feedback for freescout htaccess rce module 2026-03-27 00:34:22 +01:00
Valentin Lobstein 3f718d77b4 Update modules/exploits/multi/http/freescout_htaccess_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2026-03-27 00:29:57 +01:00
Spencer McIntyre 700d063645 Implement copilot feedback 2026-03-26 14:43:33 -04:00
Spencer McIntyre b743296f48 Reapply "This adjusts module options that need a routable address" 
This reverts commit 628275ef59.
 2026-03-26 14:43:31 -04:00
g0t mi1k 17161c42e2 Make Rubocop happy 2026-03-25 13:39:20 +00:00
g0t mi1k 89af3ad558 Sync datastore_headers 
Note: This code was suggested by a LLM (Copilot) in the MR
 2026-03-25 13:32:46 +00:00
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Spencer McIntyre b89fb5aa62 Merge pull request #21049 from h00die/fix_persistence_directory 
better wriable_dir for windows persistence
 2026-03-23 15:40:32 -04:00
h00die 7631b54c0f better wriable_dir for windows persistence 2026-03-21 12:21:09 -04:00
Valentin Lobstein 3414611a3d Refactor: Use inherited SSL option from HttpClient instead of HTTPSSL 2026-03-14 00:07:28 +01:00
Valentin Lobstein c5c6c34232 Refactor: Remove HTTPSSL option, auto-detect SSL from port 443 2026-03-14 00:04:49 +01:00
Valentin Lobstein d01a2689bb Fix: Use HttpClient bind_call for full HTTP feature inheritance 
Replace standalone Rex::Proto::Http::Client with bind_call on
HttpClient's connect method to bypass SMTPDeliver MRO conflict
while preserving SSL, proxy, basic auth, and vhost support.
Add HTTPSSL option for HTTPS targets.
 2026-03-14 00:02:04 +01:00
Valentin Lobstein db3654eebf Fix: Address Copilot review feedback and fix cmd/dropper targets 
- Fix http_send: use standalone Rex::Proto::Http::Client to avoid
  SMTPDeliver/HttpClient connect() method conflict
- Fix cmd/dropper PHP stub: remove double $$ variable (vars[:cmd_varname]
  already includes $ prefix)
- Fix cmd/dropper unlink: use cleanup POST param instead of inline
  @unlink to preserve shell across multiple stager requests
- Fix wait_for_cron: use .to_i % fetch for correct modulo calculation
- Fix dir_exists?: use res&.redirect? instead of res&.code == 301
- Fix docs: RHOSTS -> RHOST (SMTPDeliver registers singular RHOST)
- Remove manual Date header (SMTPDeliver handles it)
- Update scan_paths comment to reflect MD5 digit extraction
- Replace php_exec_cmd with manual preamble + system_block stub
 2026-03-13 23:38:30 +01:00
Spencer McIntyre ccf56437da Merge pull request #20960 from g0tmi1k/dhcp_server 
dhcp_server: Add DHCPINTERFACE
 2026-03-12 15:48:36 -04:00
g0t mi1k f7c4aac453 OptAddress -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k 3852276028 OptString -> OptAddressLocal 2026-03-12 16:41:25 +00:00
g0t mi1k b2f1e46c82 OptString -> OptAddress 2026-03-12 16:41:25 +00:00
x1o3 146911bb3d rubocop & msftidy compiant 2026-03-11 12:59:36 +05:30
x1o3 de72dcb88a fixes review feedback 2026-03-11 12:56:14 +05:30
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Valentin Lobstein 6154d53e9a Fix: Use short PHP variable for fetch payload to reduce size 
Use a randomized variable name to store the file path instead of
repeating the full path inline. Remove unnecessary spaces between
PHP statements.
 2026-03-07 03:59:42 +01:00
Valentin Lobstein 9283072822 Fix: Rubocop style fixes for churchcrm module 2026-03-07 02:57:05 +01:00
Valentin Lobstein 3eb814de90 Fix: Refactor ChurchCRM unauthenticated RCE module 
- Upgrade rank to ExcellentRanking, prepend AutoCheck
- Add vulnerability discoverer Arthur Valverde (uartu0) to authors
- Fix GHSA reference format with repo parameter
- Replace InitialAutoRunScript with inline unlink(__FILE__) for PHP
  targets and post-staging rm for CmdStager target
- Randomize DB_SERVER_PORT and GET parameter name
- Simplify check method, extract setup_uri, DRY build_config_payload
- Remove redundant register_options for TARGETURI
 2026-03-07 02:34:58 +01:00
Valentin Lobstein 9b7faea3c2 Feat: Add FreeScout ZWSP .htaccess RCE module (CVE-2026-28289) 2026-03-05 18:06:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Valentin Lobstein 4534a8a07e Fix: Address msutovsky-r7 PR review feedback 
- Add IOC_IN_LOGS to SideEffects (POST payload may appear in app logs)
- Pass page parameter via vars_get instead of embedding in URI string
- Apply vars_get consistently in crawl seed request
 2026-03-05 14:07:22 +01:00
h00die 28c8cf7a14 better wriable_dir for windows persistence 2026-03-03 20:29:51 -05:00
Spencer McIntyre ea915acba3 Appease rubocop 2026-03-03 09:37:27 -05:00
Spencer McIntyre 1b39311784 Remove redundant definitions of SRVHOST 2026-03-03 09:37:27 -05:00
Spencer McIntyre 821e3c28f1 Replace old patterns with srvhost_addr 2026-03-03 09:37:27 -05:00
Spencer McIntyre 6e38f8568c Update tftphost usage in cmd stagers 2026-03-03 09:37:27 -05:00
Spencer McIntyre b7fc0c6613 Replace usage of #lookup_lhost 2026-03-03 09:37:27 -05:00
adfoster-r7 9df6879a95 Update modules to use srvhost method 2026-03-03 09:37:25 -05:00
Spencer McIntyre 758ac7f2f6 Apply rubocop changes 2026-03-03 09:34:49 -05:00
Spencer McIntyre fc49421939 Replace checks for nonroutable addresses 
This consolidates modules that check for a nonroutable SRVHOST value and
replaces it with OptAddressRoutable, defaulting to a reasonable address.
 2026-03-03 09:34:49 -05:00
Spencer McIntyre 92e77de800 Update to use OptAddressRourtable for SRVHOST 2026-03-03 09:34:48 -05:00
x1o3 f87a5d9598 fixes review feedback 2026-03-02 17:38:14 +05:30
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
x1o3 7d6d592efe logic fix & cleanup 2026-02-28 22:56:28 +05:30