adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,113 Commits 27 Branches 1,043 Tags
d2ed326b16ff5dc8f95633e287c19eb467c5ac6c
Commit Graph

3374 Commits

Author SHA1 Message Date
Simon Janusz 8b58c62375 Merge pull request #20807 from webbsssss/fix/acunetix-vulnerability-import 
Fix #17932: Allow Acunetix vulnerabilities to be imported without complete web_page data
 2026-02-13 15:25:54 +00:00
sjanusz-r7 f111ccc5ec Add working Acunetix import tests 2026-02-13 14:50:18 +00:00
Christophe De La Fuente dc2ef2ed77 Update specs after code review 2026-02-10 09:46:37 +00:00
Christophe De La Fuente c02ac3920d Reapply "Vulnerability Report Enhancement" 
This reverts commit c35537252f.
 2026-02-10 09:46:37 +00:00
Valentin Lobstein f41eda1128 Add GHSA and OSV reference type support 
Add support for GHSA (GitHub Security Advisories) and OSV (Open Source
Vulnerabilities) as structured reference types in Metasploit modules.

Convert 49 hardcoded GHSA URLs to structured ['GHSA', 'GHSA-xxxx'] format
across existing modules, and add support for repository-specific GHSA
references with an optional third parameter ['GHSA', 'GHSA-xxxx', 'repo'].

Update reference validation, module validator, and info_fixups to handle
the new reference types correctly.
 2026-02-09 15:17:23 +01:00
cgranleese-r7 8af6bae699 Merge pull request #20906 from rudraditya21/fix/ssh-cmd-exec-trailing-newlines 
Fix SSH command shells dying on cmd_exec with trailing newline
 2026-02-09 12:25:11 +00:00
Simon Janusz db064a4f49 Merge pull request #20895 from rudraditya21/fixed/ldap-entry-cache-misses 
added: negative caching for LDAP lookup misses
 2026-02-06 13:15:57 +00:00
Rudraditya Thakur 674934d6d9 fixed: entry cache spec 2026-02-06 17:11:09 +05:30
Spencer McIntyre 5e43beca60 Merge pull request #20920 from rudraditya21/fix/cracker-auto-action 
Handle ACTION=auto with CRACKER_PATH in password crackers
 2026-02-03 17:23:49 -05:00
Rudraditya Thakur a3dd697f6e fixed: auto cracker selection with CRACKER_PATH 2026-02-01 21:59:31 +05:30
dwelch-r7 6fedaeefc6 Merge pull request #20909 from adfoster-r7/align-login-scanner-apis 
Align login scanner APIs
 2026-01-29 15:29:12 +00:00
adfoster-r7 e70483b785 Rubocop 2026-01-29 14:13:18 +00:00
adfoster-r7 7d81b1aecb Align login scanner APIs 2026-01-28 16:56:52 +00:00
Rudraditya Thakur 5f0ada0c64 fixed: ssh cmd_exec newline handling in command shells 2026-01-27 09:43:55 +05:30
adfoster-r7 f4e67b6455 Mark additional flakey socket tests 2026-01-26 21:11:13 +00:00
Rudraditya Thakur 7134f7ab06 added: negative caching for LDAP lookup misses 2026-01-25 10:13:32 +05:30
Christophe De La Fuente 81bc7640f0 Add missing option KrbClockSkew to specs 2026-01-20 18:16:19 +01:00
jheysel-r7 eb49dade6f Merge pull request #20755 from rudraditya21/feature/kerberos-clock-skew 
Added: Option to adjust kerberos clock
 2026-01-19 10:00:54 -08:00
adfoster-r7 bb07207b9b Merge pull request #20861 from bcoles/post-linux-system-get_hostname 
Post::Linux::System.get_hostname: Use session sysinfo if available
 2026-01-17 19:38:21 +00:00
adfoster-r7 350a39c274 Bump mettle 2026-01-16 13:04:57 +00:00
Spencer McIntyre 6ae361b103 Merge pull request #20868 from adfoster-r7/fix-udp-sockets-for-php-meterpreter 
Fix UDP sockets for PHP meterpreter
 2026-01-15 15:09:26 -05:00
adfoster-r7 7f90e1f6a0 Resove method undefined issue 2026-01-15 16:32:46 +00:00
adfoster-r7 67e279ef8c Fix UDP sockets for php meterpreter 2026-01-15 16:31:16 +00:00
bcoles e245298fc2 Add Linux ARM chmod payloads 2026-01-14 01:04:22 +11:00
Diego Ledda 385c4f9896 Merge pull request #20733 from bcoles/linux-riscv-tcp-bind-shell 
Add Linux RISC-V 32-bit/64-bit TCP bind shell payloads
 2026-01-05 06:38:23 -05:00
Diego Ledda 0dee8a82b8 Merge pull request #20734 from bcoles/linux-riscv-command-payload-adapters 
Add Linux RISC-V command payload adapters
 2026-01-05 05:06:21 -05:00
Rudraditya Thakur 8342493b3b Merge branch 'rapid7:master' into feature/kerberos-clock-skew 2025-12-28 23:16:27 +05:30
Vaibhav Gupta 3fc047db5d fix: Allow Acunetix vulnerabilities to be imported without complete web_page data (#17932) 2025-12-24 22:47:37 +05:30
Spencer McIntyre d4eba39b1d Merge pull request #20800 from adfoster-r7/add-autocheck-vulnerability-logic 
Add autocheck report_vuln logic
 2025-12-22 15:58:18 -05:00
adfoster-r7 34ceae4e2c Add autocheck report_vuln logic 2025-12-22 13:09:32 +00:00
jbx81-1337 17ea7f0e53 fix: remove ppc meterpreter from payloads_spec 2025-12-16 11:19:45 +01:00
cgranleese-r7 c35537252f Revert "Vulnerability Report Enhancement" 2025-12-15 12:40:02 +00:00
Christophe De La Fuente 40ac35c02a Vulnerability Report enhancement 
- update `#report_service` and `#report_vuln`
- update vulnerability report when a session is established
- update CheckCode and `#cmd_check` to report a vulnerability when
  Vulnerable checkcode is returned
- update `vulns` and `services` commands to display the `resource` and
  parent services
- specs
 2025-12-15 12:36:50 +01:00
cgranleese-r7 1523d01a8d Merge pull request #20759 from zeroSteiner/fix/ldap-acceptance/1 
Drop the ldap_esc_vulnerable_cert_finder tests
 2025-12-11 16:30:26 +00:00
bcoles 5871d90cf6 Add Linux RISC-V 32-bit/64-bit TCP bind shell payloads 2025-12-11 12:53:47 +11:00
Diego Ledda efcb07a53f fix: restoring missing end after merge 2025-12-10 13:11:21 +01:00
Diego Ledda d6560b951f Merge branch 'master' into loongarch64 2025-12-10 07:08:40 -05:00
Spencer McIntyre b9d3780afe Drop the ldap_esc_vulnerable_cert_finder tests 2025-12-08 16:30:49 -05:00
Rudraditya Thakur c49a376280 added: Option to adjust kerberos clock (issue-> #20587) 
- Added KrbClockSkew advanced option and parser to offset Kerberos timestamps
- Propagate skew through Kerberos client/authenticators (LDAP/SMB/HTTP/WinRM/MSSQL) and scanners
- Updated docs for new option and extended kerberos client specs for clock skew handling
- Clean up kerberos client error handling/style per rubocop
 2025-12-08 01:47:51 +05:30
Spencer McIntyre c77578dbe8 Merge pull request #20681 from jheysel-r7/fix/test/ldap_whoami_error 
Remove ldap_esc_vulnerable_cert_finder acceptance test
 2025-12-05 10:55:06 -05:00
jheysel-r7 81e23bdbdd Merge pull request #20677 from zeroSteiner/fix/issue/18745 
Support Encrypted MSSQL Sessions
 2025-12-02 16:03:31 -08:00
Spencer McIntyre db1e0187c3 Fix the PostreSQL SSL tests for #starttls method 2025-12-02 16:10:07 -05:00
bcoles 2d414d39fa Add Linux RISC-V command payload adapters 2025-11-27 20:46:30 +11:00
bcoles c467330892 Merge remote-tracking branch 'upstream/master' into linux-riscv-tcp-reverse-shell 2025-11-26 09:22:55 +11:00
Diego Ledda 3b799a50e8 Merge pull request #20703 from bcoles/linux-riscv-chmod-payloads 
Add Linux RISC-V chmod payloads
 2025-11-25 18:10:57 +01:00
jheysel-r7 4a012dd06a Merge pull request #20637 from zeroSteiner/feat/mod/smb-to-mssql 
Add an SMB to MSSQL NTLM Relay module
 2025-11-24 09:17:45 -08:00
bcoles 2e000c2b1c Add support for LoongArch64 payloads 2025-11-23 17:22:32 +11:00
bcoles bb5ea49684 Add Linux RISC-V 32-bit/64-bit TCP reverse shell payloads 2025-11-23 16:09:09 +11:00
bcoles d510adb13c Add Linux RISC-V chmod payloads 2025-11-21 01:37:12 +11:00
adfoster-r7 dff3e3f4a7 Merge pull request #20694 from cgranleese-r7/add-rubocop-detect-cmd-exec 
Adds Rubocop rule to detect calls to old cmd_exec API
 2025-11-19 23:14:21 +00:00