81e54d42e4
Merge pull request #20856 from msutovsky-r7/exploit/cve-2026-21858
...
Adds module for Ni8mare (CVE-2026-21858)
2026-02-16 10:06:14 -05:00
017e074a61
Address comments
2026-02-10 12:15:48 +01:00
f393055afd
Adds docker instruction
2026-02-04 12:59:38 +01:00
bc77c63496
Adds documentation
2026-02-04 12:57:58 +01:00
6a1babf6c3
Updates docs, fixes JWT, module cleanup
2026-02-04 12:40:41 +01:00
005fbb17a1
Address PR #20768 review feedback
...
- Fix machineKey extraction regex to handle decryption attribute
- Replace Base64.strict_encode64 with Rex::Text.encode_base64
- Add READ_FILE and EXTRACT_MACHINEKEY actions
- Add PRODUCT option for CentreStack/Triofox support
- Use different storage endpoints per product type
- Update documentation with new options and actions
2026-02-04 08:38:35 +01:00
7776588577
Address PR #20768 review feedback
...
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)
Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-04 08:38:35 +01:00
b1adc514d1
Apply suggestions
...
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com >
2026-02-04 08:38:35 +01:00
6d25006e8d
Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
6773459759
Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
628c5ee7af
Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs
2026-02-04 08:38:32 +01:00
478345506e
Add Gladinet CentreStack/Triofox auxiliary modules and exploit
2026-02-04 08:38:31 +01:00
1053ae5c85
Fixes default action, adds base for documentation
2026-01-30 15:39:31 +01:00
be4a69ab1d
Merge pull request #20846 from msutovsky-r7/exploit/freepbx/injections_rce
...
Adds auxiliary module for FreePBX (CVE-2025-66039, CVE-2025-61675)
2026-01-28 06:39:47 -08:00
7e92ef4811
Addresses comments
2026-01-28 11:14:24 +01:00
99636be776
Updated mongobleed
2026-01-21 11:27:02 +01:00
3672e2ba45
Adds additional installation step
2026-01-19 11:23:09 +01:00
666c7ce362
Merge pull request #20865 from rajyavardhan01/docs/dect-scanner-documentation
...
Add documentation for auxiliary/scanner/dect modules
2026-01-16 00:00:22 +00:00
b466371b46
Update DECT reference link to archive.org (dedected.org is offline)
2026-01-15 14:13:00 -08:00
c56f9d2ee2
Removes line from documentation
2026-01-15 15:20:44 +01:00
5ee1a15b7d
Addressing comments
2026-01-15 15:20:43 +01:00
b4f4078956
Updates documentation
2026-01-15 15:20:42 +01:00
744b366c58
Msftidy documentation
2026-01-15 15:20:41 +01:00
8e8c61b9c1
Fixes typo in documentation
2026-01-15 15:20:41 +01:00
7bbf49112f
Updates documentation
2026-01-15 15:20:39 +01:00
de856db75a
Adds check methods, docs init
2026-01-15 15:20:38 +01:00
658c251b66
Merge pull request #20472 from jheysel-r7/feat/mod/badsuccessor
...
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 15:43:35 -05:00
c1023fd62a
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 12:34:45 -08:00
42b50b759f
Add documentation for auxiliary/scanner/dect modules
...
Add module documentation (KB articles) for the DECT scanner modules:
- station_scanner.md: Documents the DECT base station scanner
- call_scanner.md: Documents the DECT active call scanner
Both documents include hardware requirements (COM-ON-AIR cards),
verification steps, options descriptions, and usage scenarios.
2026-01-13 18:40:47 -08:00
defa2b1337
Adds reference to protocol, fixes formatting
2026-01-12 14:54:46 +01:00
2f62e7c031
Add documentation for ipv6_neighbor_router_advertisement.rb see https://github.com/rapid7/metasploit-framework/issues/12389
2026-01-12 14:54:46 +01:00
2867729808
Fix extra characters in print and merge docs for ssh_login/ssh_login_pubkey
2026-01-08 13:57:22 +00:00
acc206b2dc
Merge pull request #20833 from xaitax/CVE-2025-14847_Mongobleed
...
Add MongoDB memory disclosure module (CVE-2025-14847)
2025-12-30 08:49:30 -05:00
cd83a441b9
Merge pull request #20767 from Chocapikk/geoserver
...
Add GeoServer WMS GetMap XXE file read module (CVE-2025-58360)
2025-12-30 08:39:00 -05:00
44b2adafa7
Add MongoDB memory disclosure module (CVE-2025-14847)
2025-12-30 13:04:25 +01:00
46f87e0f6e
Add GeoServer WMS GetMap XXE file read module (CVE-2025-58360)
2025-12-12 16:11:15 +01:00
33197bd59c
Merge pull request #20713 from Chocapikk/nable
...
Add N-able N-Central authentication bypass and XXE scanner module (CVE-2025-9316, CVE-2025-11700)
2025-12-11 11:10:48 -08:00
98dd33a3cd
Remove CAIN
2025-12-03 15:42:57 -05:00
d7c307bb69
Land #20709 , adds module for Twonky Server Authentication Bypass (CVE-2025-13315,CVE-2025-13316)
...
Auxiliary module for CVE-2025-13315/CVE-2025-13316 - Twonky Server Log Leak Authentication Bypass
2025-11-28 07:35:30 +01:00
1b7acbf684
Add Advanced Options section to documentation (XXETriggerTimeout and DTD_PROTO)
2025-11-27 22:22:01 +01:00
4a012dd06a
Merge pull request #20637 from zeroSteiner/feat/mod/smb-to-mssql
...
Add an SMB to MSSQL NTLM Relay module
2025-11-24 09:17:45 -08:00
9734a69ae8
Add N-able N-Central authentication bypass and XXE scanner module (CVE-2025-9316, CVE-2025-11700)
2025-11-21 00:18:12 +01:00
252023222b
Create twonky_authbypass_logleak.md
2025-11-19 14:06:52 -05:00
b1327361e9
add in new CVE ID and vendor advisory
2025-11-14 17:04:33 +00:00
06fbe46172
add in aux moduel for recent FortiWeb exploit
2025-11-14 12:02:10 +00:00
d1c9410a95
Merge pull request #20594 from HamzaSahin61/feat/redoc-exposed-scanner
...
auxiliary(scanner/http/redoc_exposed): detect exposed ReDoc API docs UI
2025-10-24 11:19:13 -05:00
e17b2a0598
Remove 'How It Works' section from redoc_exposed.md
...
Removed the 'How It Works' section detailing the probing process for REDOC.
2025-10-23 01:45:38 +03:00
9640152f25
Update redoc_exposed.md
2025-10-23 01:31:09 +03:00
3ef78ec103
Add docs for the new module
2025-10-22 15:00:44 -04:00
49c1481687
Update redoc_exposed.md
2025-10-22 02:04:27 +03:00
Diego Ledda