adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,480 Commits 27 Branches 1,043 Tags
c23c848d2eeffa5a01dfdcdafa63340002b06eb9
Commit Graph

7083 Commits

Author SHA1 Message Date
Simon Janusz d497156f84 Merge pull request #20258 from zeroSteiner/fix/issue/20251 
Update the ldap options for shadow credentials
 2025-06-03 17:45:18 +01:00
Simon Janusz 043f8cb6b4 Merge pull request #20260 from zeroSteiner/fix/issue/20252 
Update the ldap/change_password module
 2025-06-03 17:44:26 +01:00
Spencer McIntyre 3057f80a1b Update the ldap options for shadow credentials 2025-06-03 12:29:04 -04:00
Mario 50ae65d59c Update documentation/modules/auxiliary/scanner/discovery/udp_probe.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-05-31 17:13:29 +02:00
mariomontecatine 3efcc6322b Add documentation for auxiliary/scanner/discovery/udp_probe 2025-05-30 06:23:54 -04:00
Diego Ledda 9b7e27e946 Merge pull request #20185 from Chocapikk/wp_depicter_sqli_cve_2025_2011 
Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011)
 2025-05-28 18:38:52 +02:00
Spencer McIntyre 5c6f6f1070 Merge pull request #20261 from bwatters-r7/fix/vmcenter_vmdir_auth 
Update datastore option names in vmware_vcenter_vmdir_auth_bypass module and docs
 2025-05-28 12:33:43 -04:00
bwatters-r7 e282bbda99 Update datastore option names in module and docs 2025-05-28 09:23:36 -05:00
Spencer McIntyre dae8c9b43a Update the ldap/change_password module 2025-05-28 10:19:30 -04:00
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
mariomontecatine e7a2809ca0 Adding documentation for modules/auxiliary/scanner/http/copy_of_file.rb 2025-05-21 14:48:10 -04:00
Mario 272546658e Merge branch 'rapid7:master' into master 2025-05-21 19:48:46 +02:00
jheysel-r7 ca40f6ecbc Merge pull request #20214 from Chocapikk/invision_customcss_rce 
Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916)
 2025-05-21 09:29:14 -07:00
Chocapikk 2820a0418f Update code to use Wordpress::SQLi mixin ^^ 2025-05-21 18:27:02 +02:00
jheysel-r7 0600de2d90 Merge pull request #20177 from msutovsky-r7/clinic_management_system_sqli2rce 
Clinic Patient's Management System SQLi (CVE-2025-3096)
 2025-05-21 08:42:16 -07:00
Martin Sutovsky 282d0f7820 Refactor docs 2025-05-21 16:48:54 +02:00
Valentin Lobstein e5bbc01e78 Update invision_customcss_rce.md 2025-05-21 08:38:36 +02:00
Chocapikk 28b7c7f786 Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916) 2025-05-20 18:33:06 +02:00
Chocapikk 70d5fb4b65 Move from scanner to gather 2025-05-19 17:52:00 +02:00
msutovsky-r7 561eef98c1 Land #20188, adds module for CVE-2024-7399 Samsung MagicINFO 9 Server 
Samsung MagicINFO 9 Server RCE (CVE-2024-7399) Module
 2025-05-19 09:49:09 +02:00
Martin Sutovsky 070bd54d33 Addressing comments 2025-05-19 07:17:14 +02:00
mariomontecatine 8cde1bab78 Documentation for ipv6_multicast_ping.md 2025-05-18 04:31:03 -04:00
Spencer McIntyre 57c69049f7 Merge pull request #20175 from smashery/ruby-kerberoasting 
Ruby kerberoasting
 2025-05-16 10:28:52 -04:00
Brendan 76471731f9 Merge pull request #20112 from cdelafuente-r7/mod/ivanti/rce/cve_2025_22457 
Ivanti Connect Secure Unauthenticated RCE via Stack-based Buffer Overflow CVE-2025-22457
 2025-05-15 11:44:49 -05:00
msutovsky-r7 c598d8b4b0 Land #20020, adds module for Nextcloud Workflow Remote Code Execution 
Add exploit module for the nextcloud workflow vulnerability CVE-2023-26482
 2025-05-15 12:31:51 +02:00
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
msutovsky-r7 e3649b31fe Land #20123, adds module for path traversal and credential harvester in PowerCom UPSMON Pro 
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121) Module
 2025-05-15 07:23:07 +02:00
Chocapikk 1888abaa4d Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011) 2025-05-14 15:54:40 +02:00
whotwagner 2259de33c1 Fixed a txpo in nextcloud_workflows_rce.md 2025-05-14 13:40:47 +00:00
msutovsky-r7 fe5f56cac0 Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563) 
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
 2025-05-14 15:33:30 +02:00
msutovsky-r7 7d8d0230cb Land #20026, adds module for CVE-2024-57487 
New Exploit Module & Documentation for CVE-2024-57487
 2025-05-14 08:00:20 +02:00
Chocapikk e335841bb0 Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) 2025-05-13 21:42:09 +02:00
Brendan cb6495e5bc Merge pull request #20146 from Chocapikk/wp_suretriggers_auth_bypass 
Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102)
 2025-05-13 10:53:44 -05:00
whotwagner 09aaf5865c Rearranged code and removed wait_for_payload_session 2025-05-13 13:48:56 +00:00
jenkins-metasploit e819362398 automatic module_metadata_base.json update 2025-05-13 13:45:30 +00:00
Brendan 5faa0a5b6b Merge pull request #19777 from msutovsky-r7/linqpad_deserialization 
Linqpad deserialization persistence
 2025-05-13 08:03:30 -05:00
Martin Sutovsky 939d997b8a Adds documentation 2025-05-13 14:57:55 +02:00
Ashley Donaldson 806d0ec557 Kerberoasting documentation 2025-05-13 18:26:25 +10:00
Ashley Donaldson 6d3fc7b732 Neatening kerberoasting modifications 2025-05-13 18:26:25 +10:00
msutovsky-r7 3af76cfa00 Renames incorrect option in documentation 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-05-13 06:30:00 +02:00
msutovsky-r7 8c647cd1ad Land #20118, changes target option for smb_to_ldap module 
Fix the smb_to_ldap module's missing target option
 2025-05-12 09:56:06 +02:00
h4x-x0r e9c88b55f2 cleanup 2025-05-09 22:39:30 +01:00
h4x-x0r 803581ab81 CVE-2024-7399 2025-05-09 17:27:22 +01:00
Chocapikk 4d0c7bb71a Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102) 2025-05-07 17:45:30 +02:00
Spencer McIntyre ba9ecec381 Merge pull request #19952 from jheysel-r7/get_naa_creds_via_relay 
Add SMB to HTTP relay support for get_naa_creds
 2025-05-06 10:43:10 -04:00
Martin Sutovsky d16c639278 Adds cleanup option in documentation 2025-05-06 09:07:21 +02:00
Martin Sutovsky 24a86cd74a Refactoring based on comments 2025-05-06 08:43:57 +02:00
Spencer McIntyre 6ab275a120 Remove a couple of debug prints 2025-05-05 10:58:41 -04:00
h4x-x0r 514f51d7dc CVE-2025-2264 
CVE-2025-2264
 2025-05-02 22:56:30 +01:00
h4x-x0r bd11531d4c wrong branch 2025-05-02 22:55:36 +01:00