adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,055 Commits 27 Branches 1,043 Tags
c423ff07c5e2bb3fcff34346eb57bca62ecd8220
Commit Graph

1158 Commits

Author SHA1 Message Date
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
Valentin Lobstein b3fc1b05e5 Add WordPress King Addons privilege escalation exploit (CVE-2025-8489) 2025-12-04 01:37:40 +01:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
Valentin Lobstein 8cffe50470 Add Monsta FTP downloadFile RCE (CVE-2025-34299) 2025-11-21 20:43:37 +01:00
Valentin Lobstein 6ab2452153 Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example 2025-11-19 22:58:27 +01:00
Valentin Lobstein 8fbbc3e043 Update flowise_custommcp_rce documentation: add Basic Auth testing scenario 2025-11-19 22:24:28 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
Valentin Lobstein df1c157471 Improve Flowise CustomMCP RCE exploit stability with Basic Auth support and HTTP response validation 2025-11-19 20:12:31 +01:00
Valentin Lobstein b26c4f5c7b Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:25:39 +01:00
Valentin Lobstein 88aadcc856 Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:03:59 +01:00
h00die caa2873a14 more adjustments 2025-11-07 15:42:27 -05:00
h00die d8c73f6684 replace bold options with h3 2025-11-07 15:42:23 -05:00
vognik 74c7f98ad9 code review changes from @msutovsky-r7 2025-10-20 09:00:24 -07:00
vognik 9ad83f6454 Add Vvveb CMS Authenticated RCE (CVE-2025-8518) 2025-10-18 17:12:05 -07:00
h00die 1e9dd04505 update periodic_script to new persistence mechanism 2025-10-13 17:48:00 -04:00
Diego Ledda c718a965d7 Merge pull request #20508 from h00die/modern_persistence_cron 
update cron to persistence mixin
 2025-09-18 12:04:00 +02:00
msutovsky-r7 32aa0d84e4 Land #20525, moves obsidian plugin module to persistence category and mixin 
update obsidian to persistence mixin
 2025-09-16 14:58:15 +02:00
h00die 5abe0f57b7 Update documentation/modules/exploit/multi/persistence/at.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-09-12 14:13:27 +02:00
h00die fd1d70ef93 update at persistence to mixin 2025-09-12 14:13:26 +02:00
h00die 785397bb0c cron to multi with persistence mixin 2025-09-09 11:50:31 -04:00
jheysel-r7 7972017936 Merge pull request #20397 from vognik/CVE-2025-34300 
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
 2025-09-08 16:48:29 -07:00
jheysel-r7 0e325e6217 Update documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md 2025-09-08 16:29:00 -07:00
h00die 5c1673bb20 update obsidian to persistence mixin 2025-09-06 15:05:21 -04:00
msutovsky-r7 9283562ee5 Land #20493, adds XWiki unauthenticated exploit module (CVE-2025-24893) 
Add XWiki Unauthenticated RCE (CVE-2025-24893)
 2025-09-01 13:37:31 +02:00
msutovsky-r7 5d59fbd333 Land #19903, adds module for periodic script persistence 
Add OSX Periodic Script Peristence
 2025-08-29 20:12:12 +02:00
Martin Sutovsky 2681e7cfed Update docs 2025-08-29 17:53:07 +02:00
Maksim Rogov 16b3a352e8 Apply suggestion from @msutovsky-r7 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-25 10:49:49 +03:00
Maksim Rogov 51ca11a9d4 Apply suggestion from @msutovsky-r7 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-24 18:14:28 +03:00
Vognik 7317922be8 Added Documentation 2025-08-24 07:46:59 +04:00
Vognik b13f59128c Added Setup Guide for Windows 2025-08-18 08:20:32 +04:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
gardnerapp 92d246da13 Update documentation/modules/exploit/multi/local/periodic_script_persistence.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-29 13:20:00 -04:00
Maksim Rogov 9696cc57db Merge branch 'rapid7:master' into CVE-2025-34300 2025-07-25 11:02:03 +04:00
Maksim Rogov 6e5d474b21 Apply suggestion from @jheysel-r7 in Docs 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-24 06:23:01 +03:00
Vognik 38b0bd15e1 Code Review Edits 2025-07-24 07:19:25 +04:00
Vognik 75e1158457 Fixed docs formatting 2025-07-21 03:16:40 +04:00
Vognik e7667d406a Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300) 2025-07-20 15:23:38 +04:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00
Corey 2351a6a9bc Minor changes to options, add documentation 2025-07-08 13:30:22 -04:00
Valentin Lobstein b9ee9ba88c Update wingftp_null_byte_rce.md 2025-07-03 19:43:06 +02:00
Valentin Lobstein ef3ddec3dd Update documentation/modules/exploit/multi/http/wingftp_null_byte_rce.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:41:34 +02:00
Chocapikk 5b268bd4b4 Fix documentation and typos 2025-07-01 22:50:01 +02:00
Chocapikk 1a4a15e83b Add WingFTP unauthenticated RCE (CVE-2025-47812) 2025-07-01 19:15:15 +02:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
Diego Ledda afdad8ed4c chore(wp_tatsu_rce): msftidy_docs fix 2025-06-25 10:16:49 +02:00
msutovsky-r7 a67c883e0c Removes unnecessary header 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-06-24 15:48:38 +02:00
Diego Ledda c0dfbf43f2 Merge pull request #20235 from Chocapikk/vbulletin_replace_ad_template_rce 
vBulletin replaceAdTemplate Remote Code Execution
 2025-06-19 14:20:16 +02:00
Martin Sutovsky 4fe750a946 Removing redundant comment 2025-06-13 10:33:58 +02:00
Martin Sutovsky 3abe9b46c0 Addressing comments 2025-06-13 10:32:39 +02:00