b7f136077e
smb_version: Be more verbose - show smb1 if possible
2026-04-22 13:08:20 +01:00
0474c0ce24
smb_version: Add spacing between :
2026-04-22 13:08:20 +01:00
1d9c922488
Make smb_version happy with smbv1
2026-04-22 13:08:19 +01:00
25d7c25ad8
Merge pull request #21346 from adfoster-r7/fix-false-positive-on-couchdb-enum-check
...
Fix false positive on couchdb enum check
2026-04-22 12:38:47 +01:00
6e992aa6ed
Fix false positive on couchdb enum check
2026-04-21 22:48:27 +01:00
9efc727462
automatic module_metadata_base.json update
2026-04-21 17:21:45 +00:00
4c0f2c29bc
Merge pull request #21019 from g0tmi1k/phpmyadmin_config
2026-04-21 19:13:04 +02:00
9692b8865f
automatic module_metadata_base.json update
2026-04-21 17:08:11 +00:00
6a00ea38c6
Merge pull request #21306 from dledda-r7/feat/block-api-randomization
...
Block Api ROR13 IV randomization
2026-04-21 12:58:30 -04:00
946d1a44b5
Fix Notes format (array)
2026-04-21 18:43:54 +02:00
cca7166eb4
automatic module_metadata_base.json update
2026-04-21 15:05:42 +00:00
a918184416
Merge pull request #21344 from adfoster-r7/fix-elasticsearch-traversal-check-support
...
Fix elasticsearch traversal check support
2026-04-21 15:57:26 +01:00
81f1a7c86a
Fix elasticsearch traversal check support
2026-04-21 15:18:58 +01:00
97ab01cddd
Merge pull request #21340 from dledda-r7/ci/disable-meterpreter-ci
...
Disable Windows Server 2022 CI
2026-04-21 15:01:35 +01:00
b9573fa0ce
ops(meterpreter): disable windows server 2022 build until 141_xp dependency is removed
2026-04-21 05:55:29 -04:00
e40422845b
fix: block_api.rb update
2026-04-21 05:43:34 -04:00
2dbfcfb918
Merge pull request #21232 from bcoles/file-find_writable_directories
...
Add find_writable_directories to Msf::Post::File
2026-04-20 16:33:53 -05:00
ae63cb9b1d
automatic module_metadata_base.json update
2026-04-20 20:41:14 +00:00
6b57b4c66f
Merge pull request #21256 from g0tmi1k/webdav
...
WebDAV improvements
2026-04-20 15:30:43 -05:00
bd2e11ad55
Merge pull request #21331 from bcoles/metadata-obj
...
Metadata::Obj: Deduplicate notes hash strings and memoize `Obj#path` to reduce retained memory in the module metadata cache
2026-04-20 16:55:33 +01:00
6acac8e120
automatic module_metadata_base.json update
2026-04-20 13:31:53 +00:00
a53d0a027b
Merge pull request #21332 from adfoster-r7/remove-false-positive-from-nodejs-pipelining-check
...
Remove false positive from nodejs pipelining check
2026-04-20 14:22:23 +01:00
46553b5984
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-20 15:19:47 +02:00
5622bd254b
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-20 15:19:07 +02:00
2c58825343
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-20 15:18:54 +02:00
f060acd1e9
Remove false positive from nodejs pipelining check
2026-04-20 14:02:56 +01:00
09bb98d13e
Memoize Obj#path to avoid repeated File.join
...
The install_root path is immutable at runtime, so cache the computed
full path on first access instead of calling File.join on every call.
2026-04-20 22:19:55 +10:00
76a7f61465
Deduplicate notes hash keys and values in metadata Obj
...
Notes keys ("Stability", "SideEffects", "Reliability") and values
("crash-safe", "ioc-in-logs", etc.) are repeated across thousands of
modules. Use frozen string dedup (-str) to share a single object per
unique string, reducing ~24K string allocations to ~185 shared objects.
2026-04-20 22:17:40 +10:00
e09a38085c
Merge pull request #21330 from bcoles/modules-loader
...
Replace Pathname with string prefix removal in directory module loader
2026-04-20 11:45:33 +01:00
fe1aeb9279
Merge pull request #21329 from bcoles/modulemanager-cache
...
Simplify get_parent_path with rindex instead of split/join
2026-04-20 11:30:04 +01:00
9b985dc1ef
Merge pull request #21327 from tair-m/master
...
Fix uninitialized constant HTTP::CookieJar by correcting load order in http_cookie_jar.rb
2026-04-20 10:39:02 +01:00
a8ccdfc1e4
Simplify get_parent_path with rindex instead of split/join
...
Replace File.join + String#split + array slice + Array#join with a
single String#rindex lookup. This avoids allocating intermediate arrays
and strings on every call (once per cached module during startup).
2026-04-20 18:22:53 +10:00
b1c4fd3f39
Replace Pathname with string prefix removal in directory module loader
...
Msf::Modules::Loader::Directory#each_module_reference_name created two
Pathname objects per module file and called relative_path_from to derive
the module reference name. With ~5,000 module files this produced
~170,000 calls to Pathname#chop_basename internally.
Since Rex::Find.find always yields absolute paths rooted at
full_entry_path, simple String#delete_prefix achieves the same result
without allocating Pathname objects.
2026-04-20 18:14:54 +10:00
4607741a16
Fix LoadError in http_cookie_jar for Ruby 3.3.0
2026-04-18 07:17:26 +05:00
94b4f577e0
WebDAV: MR feedback
2026-04-17 22:19:26 +01:00
046ba861b3
automatic module_metadata_base.json update
2026-04-17 16:21:38 +00:00
08f6dc20a5
Merge pull request #21122 from bootstrapbool/camaleon_cms_cve_2024_46987
...
Camaleon CMS CVE 2024 46987
2026-04-17 09:13:07 -07:00
92af54c885
Merge pull request #21230 from bcoles/obj-dedup-cache
...
Reduce memory footprint of module metadata Obj instances
2026-04-17 12:33:23 +01:00
19112a0212
Merge pull request #21231 from bcoles/msf-module-cache
...
Module metadata: Fix stale module detection and add per-type metadata index
2026-04-17 11:25:44 +01:00
679d2a9a4e
feat: enhance block_api_iv handling with warnings and options for payload methods
2026-04-17 06:07:18 -04:00
785307f55e
Module metadata: Fix stale module detection and add per-type metadata index
2026-04-17 19:41:18 +10:00
82c8028f1c
refactor: remove redundant block_api_iv calls in payload generation methods
2026-04-17 05:38:19 -04:00
9d81fe0f2e
Apply suggestion from @smcintyre-r7
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-17 11:26:11 +02:00
b3ef4db890
Apply suggestion from @smcintyre-r7
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-17 11:25:14 +02:00
2af3bbf34e
Update lib/msf/core/payload/windows/x64/block_api_x64.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-04-17 11:23:28 +02:00
6821066217
Add find_writable_directories to Msf::Post::File
...
Add a method to discover writable directories on Unix targets using the
`find` command. This is useful in post-exploitation scenarios where a
module needs to locate a writable staging path.
Parameters:
- path: base directory to search (default: /)
- max_depth: find -maxdepth limit (default: 2)
- timeout: maximum seconds for cmd_exec to wait (default: 15)
Raises on Windows sessions. Returns an array of absolute paths, or nil
on failure. Non-absolute lines (e.g. find error messages) are filtered
from the output.
2026-04-17 02:31:19 +10:00
37ff9f8530
automatic module_metadata_base.json update
2026-04-16 16:00:17 +00:00
e7c5e0e4a3
Merge pull request #21238 from bcoles/loongarch64-chmod
...
Add Linux LoongArch64 chmod payload
2026-04-16 16:51:00 +01:00
0644f27cb6
Add module documentation, tests, and misc feedback
2026-04-16 16:18:46 +01:00
2b37cbe35e
Bump version of framework to 6.4.129
2026-04-16 13:29:17 +00:00
g0t mi1k