adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,378 Commits 27 Branches 1,043 Tags
c42e44e3491dbeb625fbeb1927002deed38bb040
Commit Graph

4639 Commits

Author SHA1 Message Date
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
Valentin Lobstein 76d103e483 Fix: Bootstrap cycle tables and update lab documentation 
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
 2026-02-27 14:33:04 +01:00
Valentin Lobstein 402ed5d50b Docs: Clarify 41086aaa is a pinned vulnerable commit on alpha branch 2026-02-26 17:18:22 +01:00
msutovsky-r7 45c058d6f1 Land #21005, adds gnu inetutils auth bypass module against a Synology NAS to documentation 
add dsm target exploitation to gnu telnetd docs
 2026-02-25 16:49:30 +01:00
msutovsky-r7 fae76b2961 Land #20978, adds module BeyondTrust unauth command injection (CVE-2026-1731) 
Add CVE-2026-1731 support and modernize targets for BeyondTrust PRA/R…
 2026-02-25 14:18:59 +01:00
msutovsky-r7 7dcc036b6d Land #21006, adds module for Ollama path traversal RCE (CVE-2024-37032) 
Add Ollama path traversal RCE module (CVE-2024-37032)
 2026-02-25 13:06:09 +01:00
msutovsky-r7 002daf8d7d Merge branch 'beyondtrust-rce-2026' into collab/exploit/beyondtrust/cve-2026-1731 2026-02-25 12:53:37 +01:00
msutovsky-r7 12e21e4c66 Fixes documentation 2026-02-24 12:23:26 -05:00
Valentin Lobstein 5aeff61b26 Fix: Address PR review feedback for Ollama RCE module 
Co-Authored-By: msutovsky-r7 <190406428+msutovsky-r7@users.noreply.github.com>
 2026-02-24 17:51:23 +01:00
msutovsky-r7 51af9d0ff1 Adds documentation 2026-02-24 10:25:49 -05:00
Brendan 1ddee63f05 Merge pull request #20983 from sfewer-r7/0day-grandstream 
Add exploit (CVE-2026-2329) and auxiliary modules for the Grandstream GXP1600 series
 2026-02-24 08:50:42 -06:00
msutovsky-r7 62a466cbed Land #20819, adds WSL startup folder persistence module 
wsl startup folder persistence
 2026-02-24 07:59:11 +01:00
Valentin Lobstein bef9b7ad3b Feat: Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516) 2026-02-23 19:31:22 +01:00
h00die ece2374532 target user for wsl_startup_folder 2026-02-21 21:04:40 -05:00
Valentin Lobstein b17d227d28 Feat: Add Ollama path traversal RCE module (CVE-2024-37032) 2026-02-21 16:52:43 +01:00
h00die a24f53f2b6 add dsm exploitation to telnetd docs 2026-02-21 10:27:47 -05:00
Valentin Lobstein 53652b3e3b Fix: Update SPIP saisies doc with working lab setup 2026-02-21 09:50:50 +01:00
Valentin Lobstein b904419f28 Fix: Update SPIP saisies doc with working lab setup 2026-02-21 09:50:02 +01:00
Valentin Lobstein a8f66a23d9 Feat: Add SPIP Saisies plugin RCE module (CVE-2025-71243) 2026-02-21 09:32:53 +01:00
Valentin Lobstein 05c12bb033 Feat: Add three MajorDoMo unauthenticated RCE modules 
- CVE-2026-27174: Console eval RCE via missing exit after redirect
- CVE-2026-27175: Command injection via rc/index.php + cycle_execs race condition
- CVE-2026-27180: Supply chain RCE via update URL poisoning in saverestore module

All three modules include documentation with Docker lab setup instructions.
 2026-02-21 08:34:31 +01:00
Brendan 1f547f19fb Merge pull request #20832 from DataExplorerX/doc-linux-samba-module 
Add documentation for linux/samba/chain_reply module (CVE-2004-0883)
 2026-02-20 18:12:05 -06:00
Brendan 7f8b18d7dc Update documentation/modules/exploit/linux/samba/chain_reply.md 2026-02-20 17:45:14 -06:00
Brendan fcb41a2275 Update documentation/modules/exploit/linux/samba/chain_reply.md 
Update documentation to point to a specific wayback machine page since the original does not exist, and a few of the wayback machine links are also broken.
 2026-02-20 17:42:34 -06:00
msutovsky-r7 f2262a84cc Land #20841, adds persistence module for Windows feature active setup 
active setup persistence
 2026-02-20 10:46:45 +01:00
msutovsky-r7 b6f37bef11 Land #20976, adds module for StoryChief WP plugin (CVE-2025-7441) 
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
 2026-02-19 10:06:25 +01:00
Diego Ledda c6f7d03d03 Merge pull request #20919 from h00die/emacs 
emacs extension persistence
 2026-02-18 10:58:13 -05:00
Nayeraneru a48129b640 Updated doc after checking msftidy_docs 2026-02-18 16:58:51 +02:00
Diego Ledda 8af82dc7eb Merge pull request #20844 from 6a6f656c/userinit 
Windows Userinit persistence
 2026-02-18 06:05:04 -05:00
Diego Ledda 9f301549e8 Update documentation/modules/exploit/windows/persistence/registry_userinit.md 
Co-authored-by: h00die <h00die@users.noreply.github.com>
 2026-02-18 11:46:11 +01:00
sfewer-r7 08efa9cd16 add in the Grandstream modules 2026-02-17 22:33:46 +00:00
6a6f656c 7e50106cff Apply suggestion from @dledda-r7 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2026-02-17 07:17:03 -05:00
Nayeraneru 8ee79fa524 Add StoryChief WordPress 1.0.42 unauthenticated RCE module 2026-02-16 00:44:20 +02:00
LucasCsmt a39ed2beac Removing default version in the Dockerfile 2026-02-13 15:14:41 +01:00
LucasCsmt bbfe139e7f Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 15:01:52 +01:00
LucasCsmt 2b6d95d3c9 Adding a scenario in the documentation 
The documentation for PHP Fetch have been added. The scenario have been
redone in order to track the last changes.
 2026-02-13 15:01:17 +01:00
LucasCsmt 381972efd2 Changing the documentation 
According to the recent change, i've changed the documentation and the
scenario outputs.
 2026-02-13 14:05:29 +01:00
Diego Ledda a4ec3cd40d Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce 
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
 2026-02-13 06:51:42 -05:00
msutovsky-r7 7e03a89304 Land #20798, adds module for FreeBSD rtsold/rtsol command injection (CVE-2025-14558) 
Add module for rtsold/rtsol DNSSL Command Injection (CVE-2025-14558)
 2026-02-13 10:57:03 +01:00
LucasCsmt 78f4b8f97d Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 08:50:23 +01:00
Spencer McIntyre 35b52df28a Merge pull request #20849 from haicenhacks/haicen_xerte 
Add three modules for exploiting Xerte Online Toolkits
 2026-02-12 15:01:42 -05:00
Spencer McIntyre 41414b896b Tweak whitespacing in the docs for the renderer 2026-02-12 14:43:47 -05:00
haicen 7204c64b6b Improves documentation 2026-02-12 12:05:29 -05:00
haicen 66139795e5 Fixes problems with module documentation 2026-02-11 18:20:06 -05:00
jheysel-r7 4adf87ac18 Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061 
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
 2026-02-11 11:12:29 -08:00
JohannesLks 9512135c84 Merge branch 'master' into rtsold_dnssl_cmdinject 2026-02-10 16:19:53 -05:00
sfewer-r7 58dd29107f remove SMB_SRVPORT as an option. It must allways be 445 so the user cannot change it. We print a message to inform the user this port is intended to be in use so that the SMB server is not compleatly opaque. 2026-02-05 17:21:31 +00:00