adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,113 Commits 27 Branches 1,043 Tags
d2ed326b16ff5dc8f95633e287c19eb467c5ac6c
Commit Graph

4612 Commits

Author SHA1 Message Date
Brendan 1f547f19fb Merge pull request #20832 from DataExplorerX/doc-linux-samba-module 
Add documentation for linux/samba/chain_reply module (CVE-2004-0883)
 2026-02-20 18:12:05 -06:00
Brendan 7f8b18d7dc Update documentation/modules/exploit/linux/samba/chain_reply.md 2026-02-20 17:45:14 -06:00
Brendan fcb41a2275 Update documentation/modules/exploit/linux/samba/chain_reply.md 
Update documentation to point to a specific wayback machine page since the original does not exist, and a few of the wayback machine links are also broken.
 2026-02-20 17:42:34 -06:00
msutovsky-r7 f2262a84cc Land #20841, adds persistence module for Windows feature active setup 
active setup persistence
 2026-02-20 10:46:45 +01:00
msutovsky-r7 b6f37bef11 Land #20976, adds module for StoryChief WP plugin (CVE-2025-7441) 
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
 2026-02-19 10:06:25 +01:00
Diego Ledda c6f7d03d03 Merge pull request #20919 from h00die/emacs 
emacs extension persistence
 2026-02-18 10:58:13 -05:00
Nayeraneru a48129b640 Updated doc after checking msftidy_docs 2026-02-18 16:58:51 +02:00
Diego Ledda 8af82dc7eb Merge pull request #20844 from 6a6f656c/userinit 
Windows Userinit persistence
 2026-02-18 06:05:04 -05:00
Diego Ledda 9f301549e8 Update documentation/modules/exploit/windows/persistence/registry_userinit.md 
Co-authored-by: h00die <h00die@users.noreply.github.com>
 2026-02-18 11:46:11 +01:00
6a6f656c 7e50106cff Apply suggestion from @dledda-r7 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2026-02-17 07:17:03 -05:00
Nayeraneru 8ee79fa524 Add StoryChief WordPress 1.0.42 unauthenticated RCE module 2026-02-16 00:44:20 +02:00
LucasCsmt a39ed2beac Removing default version in the Dockerfile 2026-02-13 15:14:41 +01:00
LucasCsmt bbfe139e7f Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 15:01:52 +01:00
LucasCsmt 2b6d95d3c9 Adding a scenario in the documentation 
The documentation for PHP Fetch have been added. The scenario have been
redone in order to track the last changes.
 2026-02-13 15:01:17 +01:00
LucasCsmt 381972efd2 Changing the documentation 
According to the recent change, i've changed the documentation and the
scenario outputs.
 2026-02-13 14:05:29 +01:00
Diego Ledda a4ec3cd40d Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce 
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
 2026-02-13 06:51:42 -05:00
msutovsky-r7 7e03a89304 Land #20798, adds module for FreeBSD rtsold/rtsol command injection (CVE-2025-14558) 
Add module for rtsold/rtsol DNSSL Command Injection (CVE-2025-14558)
 2026-02-13 10:57:03 +01:00
LucasCsmt 78f4b8f97d Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 08:50:23 +01:00
Spencer McIntyre 35b52df28a Merge pull request #20849 from haicenhacks/haicen_xerte 
Add three modules for exploiting Xerte Online Toolkits
 2026-02-12 15:01:42 -05:00
Spencer McIntyre 41414b896b Tweak whitespacing in the docs for the renderer 2026-02-12 14:43:47 -05:00
haicen 7204c64b6b Improves documentation 2026-02-12 12:05:29 -05:00
haicen 66139795e5 Fixes problems with module documentation 2026-02-11 18:20:06 -05:00
jheysel-r7 4adf87ac18 Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061 
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
 2026-02-11 11:12:29 -08:00
JohannesLks 9512135c84 Merge branch 'master' into rtsold_dnssl_cmdinject 2026-02-10 16:19:53 -05:00
sfewer-r7 58dd29107f remove SMB_SRVPORT as an option. It must allways be 445 so the user cannot change it. We print a message to inform the user this port is intended to be in use so that the SMB server is not compleatly opaque. 2026-02-05 17:21:31 +00:00
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
LucasCsmt eb5507844b Testing the module on different version 
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
 2026-02-05 12:36:26 +01:00
sfewer-r7 40073bcc8e typo in docs 2026-02-05 09:00:15 +00:00
sfewer-r7 50f46aa85d add docs 2026-02-04 20:36:10 +00:00
LucasCsmt 4d65f15884 Adding a link to the CVE 2026-02-04 16:17:15 +01:00
LucasCsmt ca5ceae1b3 Adding documentation to the churchcrm module 
The documentation of the module is addedd.
 2026-02-04 16:04:42 +01:00
Valentin Lobstein 628c5ee7af Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs 2026-02-04 08:38:32 +01:00
Valentin Lobstein 478345506e Add Gladinet CentreStack/Triofox auxiliary modules and exploit 2026-02-04 08:38:31 +01:00
Jack Heysel bd049dcba4 doc update 2026-02-03 18:41:51 -08:00
Jack Heysel a868bc95b2 GNU Inetutils Telnet Auth Bypass 2026-02-03 17:45:59 -08:00
h00die 75ff7b6af1 emacs extension persistence 2026-01-31 22:54:18 -05:00
jheysel-r7 641ab527aa Merge pull request #20857 from msutovsky-r7/exploit/freepbx/sql_to_rce_chain 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 20:03:17 -08:00
Jack Heysel 63a66ee162 Improved CVE version range info in description 2026-01-28 20:15:25 -07:00
jheysel-r7 7d931c960c Merge pull request #20858 from msutovsky-r7/exploit/freepbx/unrestricted_file_upload 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61678)
 2026-01-28 06:23:43 -08:00
Martin Sutovsky e6b97a79a4 Addresses comments 2026-01-28 11:33:54 +01:00
jheysel-r7 f31776caf0 Merge pull request #20778 from h00die/ssh_keys 
Update and combine ssh key persistence with mixin
 2026-01-27 06:39:10 -08:00
Martin Sutovsky c5ffa557a7 Adds UID in documentation 2026-01-26 13:44:09 +01:00
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
msutovsky-r7 537a1c5395 Land #19821, adds Burpsuite persistence module 
Burp extension persistence
 2026-01-22 11:03:08 +01:00
jheysel-r7 719874a7f4 Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module 
Add exploit oracle ebs CVE 2025 61882 module
 2026-01-21 16:08:09 -08:00
jheysel-r7 b6da204725 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-01-21 10:09:12 -08:00
haicen c3830f6987 adds documentation 2026-01-20 22:29:29 -05:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00