adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,032 Commits 27 Branches 1,043 Tags
dcd3a62e884cd3fb72a888fa7f793d1e7fb00a6e
Commit Graph

992 Commits

Author SHA1 Message Date
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
h00die b646e0e044 docs editing for consistency 2025-11-07 15:42:27 -05:00
h00die fb02ec4554 remove 4 space indents in options 2025-11-07 15:42:27 -05:00
h00die caa2873a14 more adjustments 2025-11-07 15:42:27 -05:00
h00die d8c73f6684 replace bold options with h3 2025-11-07 15:42:23 -05:00
Diego Ledda 110cb837aa Merge pull request #20672 from h00die-gr3y/centreon_auth_rce 
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
 2025-11-05 16:29:29 +01:00
h00die-gr3y 408eceb2d9 small update documentation 2025-11-03 10:27:44 +00:00
h00die-gr3y 85b4233345 updated module based on review comments and added documentation 2025-11-03 10:21:31 +00:00
Brendan 91c0adb17f Merge pull request #20585 from vognik/CVE_2025_60787 
Add MotionEye Authenticated RCE (CVE-2025-60787)
 2025-10-09 13:50:25 -05:00
Vognik 267a26b763 code review changes from smcintyre-r7@ 2025-10-09 21:51:31 +04:00
Diego Ledda 1314f5d0bb Merge pull request #20455 from Chocapikk/aitemi_m300_time_rce 
Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152)
 2025-09-10 10:12:41 +02:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky f43b141886 Fine-tunning docs 2025-08-27 21:18:03 +02:00
Martin Sutovsky 61a0d68d97 Fine-tuning docs 2025-08-27 19:22:46 +02:00
Martin Sutovsky 23f486dc53 Updates docs 2025-08-27 19:16:33 +02:00
Martin Sutovsky 7196786258 Clarifies docs 2025-08-27 18:12:54 +02:00
Martin Sutovsky d49870211b Adding exceptions to exploit module, bug fix for aux module, adds documentation for exploit module 2025-08-22 15:26:46 +02:00
Martin Sutovsky 72dcc5a301 Library fix 2025-08-21 07:21:56 +02:00
jheysel-r7 8251d89e92 Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce 
Adds module for PivotX RCE (CVE-2025-52367)
 2025-08-12 12:28:28 -07:00
jheysel-r7 e59a24823b Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce 
Wazuh Server authenticated RCE [CVE-2025-24016]
 2025-08-12 09:22:22 -07:00
Chocapikk baacd6f2bf Update CVE-ID in documentation 2025-08-07 21:54:38 +02:00
Chocapikk 87eb063460 Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152) 2025-08-07 18:34:49 +02:00
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Chocapikk 6ff04da954 Add LPE suggestions in documentation 2025-08-04 18:33:28 +02:00
Chocapikk 7d744c2a45 Update documentation 2025-08-04 17:51:42 +02:00
Valentin Lobstein c8f756dd37 Update documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:12 +02:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
msutovsky-r7 8130316de9 Removes unnecessary new line 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-08-01 10:02:46 +02:00
Martin Sutovsky 744188fb88 Updates docs 2025-08-01 09:40:08 +02:00
h00die-gr3y 3d0cfd0dfc update module + documentation based on review comments 2025-07-30 20:24:56 +00:00
h00die-gr3y 4b52708357 update module + documentation based on review comments 2025-07-30 11:39:20 +00:00
Martin Sutovsky 54c86cfc10 Addressing comments 2025-07-24 12:19:47 +02:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
Martin Sutovsky ed5c13330f Module init 2025-07-21 12:41:38 +02:00
h00die-gr3y 58704e9eab init module + documentation 2025-07-20 19:06:01 +00:00
adfoster-r7 8fe815da6f Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt 
Updates docs to reflect new default prompt
 2025-07-17 12:53:02 +01:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Diego Ledda ca9535e39a Update pandora_fms_auth_netflow_rce.md 2025-07-17 11:29:07 +02:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Martin Sutovsky f773e3aef9 Updates docs 2025-07-16 12:25:28 +02:00
h00die-gr3y 7a9cd79170 small update on the documentation 2025-07-16 09:32:47 +00:00
h00die-gr3y 639315452c added attackerkb reference + documenttaion 2025-07-16 09:29:14 +00:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
Martin Sutovsky ffa2152a6a Updates docs 2025-07-07 11:56:53 +02:00
Martin Sutovsky 5c8d918e3d Fixes documentation 2025-06-28 17:07:44 +02:00
happybear-21 840ae0f317 resolved: issues 2025-06-27 19:42:35 +05:30
Martin Sutovsky 37e8780a6b Code refactor, docs 2025-06-27 10:26:31 +02:00