adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,378 Commits 27 Branches 1,043 Tags
c42e44e3491dbeb625fbeb1927002deed38bb040
Commit Graph

39820 Commits

Author SHA1 Message Date
Valentin Lobstein c42e44e349 Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions 2026-03-11 19:43:29 +01:00
Valentin Lobstein 63c5221f8a Update modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-03-11 19:43:29 +01:00
Valentin Lobstein b039d8a575 Update modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-03-11 19:43:29 +01:00
Valentin Lobstein 36b294800b Simplify version extraction: use match directly and remove redundant regex validation 2026-03-11 19:43:28 +01:00
Valentin Lobstein c266e687c2 Add authenticated RCE module for FreePBX filestore (CVE-2025-64328) 2026-03-11 19:43:28 +01:00
Christophe De La Fuente 31665e1b88 Land #20730, Allow toggling the SACL in LDAP queries 
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
 2026-03-11 16:36:35 +01:00
adfoster-r7 eba2c59f71 Revert "Land #20852, exposes encoder options for exploit and payloads" 
This reverts commit 96958dedbb, reversing
changes made to 8e03b6e98a.
 2026-03-10 19:03:51 +00:00
adfoster-r7 4f9b9d5dac Revert "Land #21088, Fix base64 encoder" 
This reverts commit 437f738754, reversing
changes made to e6ee6a7c94.
 2026-03-10 19:02:20 +00:00
Spencer McIntyre 7dcec2e0cb Switch to false by default 2026-03-10 14:57:54 -04:00
Brendan 5092b21717 Merge pull request #20885 from dledda-r7/feat/unix_bind_netcat_update 
Add support for short command execution in bind_netcat module
 2026-03-10 12:34:54 -05:00
jbx81-1337 e341db58f7 fix: default option for base64 encoder 2026-03-10 10:18:07 +01:00
Diego Ledda b18611c1d9 Merge pull request #20966 from litemars/add_Linux_evasion_module-rc4_packer_x64 
adding RC4 packer x64, rc4 decrypt routine and sleep evasion routine
 2026-03-09 10:55:44 -04:00
Diego Ledda 1af0a49729 Merge pull request #21002 from Chocapikk/add-module-leakix-search 
Add LeakIX search module with 6 actions and bulk streaming
 2026-03-09 10:34:43 -04:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Diego Ledda 1ec87b586a Merge pull request #20989 from zeroSteiner/feat/lib/mod-address-opts 
This adjusts module options that need a routable address
 2026-03-05 11:46:52 -05:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Valentin Lobstein 4534a8a07e Fix: Address msutovsky-r7 PR review feedback 
- Add IOC_IN_LOGS to SideEffects (POST payload may appear in app logs)
- Pass page parameter via vars_get instead of embedding in URI string
- Apply vars_get consistently in crawl seed request
 2026-03-05 14:07:22 +01:00
Valentin Lobstein bf41455bca Fix: Address review feedback - remove dead execute_command, fix dropper race condition 2026-03-05 14:01:12 +01:00
Valentin Lobstein 77df1f1e87 Fix: Revert action-specific options to non-required with manual validation 
Option conditions control display but required:true still triggers
validation across all actions. Reverted QUERY, TARGET_IP, TARGET_DOMAIN
to required:false and re-added case/when validation in validate method.
 2026-03-04 17:13:03 +01:00
Valentin Lobstein 6a97083e3b Refactor: Use option conditions for action-specific validation 2026-03-04 15:23:27 +01:00
msutovsky-r7 96958dedbb Land #20852, exposes encoder options for exploit and payloads 
Expose encoder options
 2026-03-04 10:01:29 +01:00
Spencer McIntyre 36ba1608af Remove more unnecessary my_host definitions 2026-03-03 09:37:27 -05:00
Spencer McIntyre bd5152f10a Clean up my_host definition in IE exploit 2026-03-03 09:37:27 -05:00
Spencer McIntyre ea915acba3 Appease rubocop 2026-03-03 09:37:27 -05:00
Spencer McIntyre 1b39311784 Remove redundant definitions of SRVHOST 2026-03-03 09:37:27 -05:00
Spencer McIntyre 821e3c28f1 Replace old patterns with srvhost_addr 2026-03-03 09:37:27 -05:00
Spencer McIntyre 132ef661d3 Update usage within binding operations 2026-03-03 09:37:27 -05:00
Spencer McIntyre 6e38f8568c Update tftphost usage in cmd stagers 2026-03-03 09:37:27 -05:00
Spencer McIntyre b7fc0c6613 Replace usage of #lookup_lhost 2026-03-03 09:37:27 -05:00
Spencer McIntyre fc3176ca0d SRVHOST isn't defined here, use DNS 2026-03-03 09:37:27 -05:00
Spencer McIntyre 3f2a07bdca Update #make_steal_credentials_payload to just take url 2026-03-03 09:37:27 -05:00
Spencer McIntyre 18bdbfa402 Update instances of #backend_url to use #get_uri 2026-03-03 09:37:26 -05:00
adfoster-r7 9df6879a95 Update modules to use srvhost method 2026-03-03 09:37:25 -05:00
Spencer McIntyre 514bb88962 Fix java payload cached sizes 2026-03-03 09:34:49 -05:00
Spencer McIntyre 758ac7f2f6 Apply rubocop changes 2026-03-03 09:34:49 -05:00
Spencer McIntyre fc49421939 Replace checks for nonroutable addresses 
This consolidates modules that check for a nonroutable SRVHOST value and
replaces it with OptAddressRoutable, defaulting to a reasonable address.
 2026-03-03 09:34:49 -05:00
Spencer McIntyre a0fb02bd45 Default the address in the SMB share mixin 2026-03-03 09:34:49 -05:00
Spencer McIntyre 92e77de800 Update to use OptAddressRourtable for SRVHOST 2026-03-03 09:34:48 -05:00
Diego Ledda 38dbefecfc Merge pull request #20965 from litemars/add_Linux_evasion_module-rc4_packer_x86 
adding RC4 packer x86, rc4 decrypt routine and sleep evasion routine
 2026-03-03 04:36:51 -05:00
Brendan 9ea5a54fe9 Merge pull request #20940 from g0tmi1k/twiki_search 
twiki_search: Fix exploit, more verbose, error handling, add fetch payload support
 2026-03-02 17:55:50 -06:00
Brendan 9664ab5191 Merge pull request #20946 from g0tmi1k/twiki_history 
twiki_history: Add revision+page options & Fetch payload support
 2026-03-02 13:58:44 -06:00
sjanusz-r7 ccc8367db5 Working Kerberoast and AS-REP modules with LDAP sessions 2026-03-02 15:33:36 +00:00
adfoster-r7 7545328be1 Linting 2026-03-02 15:02:56 +00:00
adfoster-r7 1a4ae7bfa3 Fix broken module url references 2026-03-02 14:35:48 +00:00
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
Diego Ledda 069dea2296 Apply suggestion from @dledda-r7 2026-02-27 17:04:03 +01:00
litemars c5c67fac56 new line for linter 2026-02-27 16:02:35 +01:00
litemars 003ac7b12d changed description 2026-02-27 15:44:28 +01:00