adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,032 Commits 27 Branches 1,043 Tags
dcd3a62e884cd3fb72a888fa7f793d1e7fb00a6e
Commit Graph

39041 Commits

Author SHA1 Message Date
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
Diego Ledda 3b799a50e8 Merge pull request #20703 from bcoles/linux-riscv-chmod-payloads 
Add Linux RISC-V chmod payloads
 2025-11-25 18:10:57 +01:00
msutovsky-r7 47b742ba0c Land #20482, fixes bug in HTTP-based login scanners 
Fix HTTP-based login scanners when using SSL with custom port
 2025-11-25 16:23:39 +01:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 8a054b74db improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8 2025-11-25 11:22:43 +00:00
jheysel-r7 4a012dd06a Merge pull request #20637 from zeroSteiner/feat/mod/smb-to-mssql 
Add an SMB to MSSQL NTLM Relay module
 2025-11-24 09:17:45 -08:00
Zedeldi d1fe17747c Add check methods and update DisclosureDate 2025-11-24 17:12:56 +00:00
Zedeldi ffaf43af2f Add writable? and file? checks to write_payload 2025-11-24 11:45:34 +00:00
Zedeldi 0c4d1e70d1 Add support for ARCH_CMD payload 2025-11-24 11:16:22 +00:00
Brendan 21777b8969 Merge pull request #20685 from msutovsky-r7/persistence/windows/notepad++_persistence 
Adds notepad++ persistence module for Windows
 2025-11-21 14:28:28 -06:00
msutovsky-r7 8f2525aba7 Land #20705, adds modules for Flowise RCEs (CVE-2025-59528, CVE-2025-8943) 
Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943)
 2025-11-21 21:20:22 +01:00
Valentin Lobstein 8702256ec2 Remove manual substitution and add BadChars for backslash and quote in flowise_js_rce 2025-11-21 19:34:33 +01:00
sfewer-r7 b8cefb1af9 add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process 2025-11-21 15:54:41 +00:00
Zedeldi da33eed842 Use fail_with instead of a check method 2025-11-21 14:02:05 +00:00
Zedeldi c0a756a751 Verify registry has been written successfully 2025-11-21 13:52:41 +00:00
Zedeldi 425adfa9bf Prefer create_process over cmd_exec for commands with arguments 2025-11-21 13:40:25 +00:00
Zedeldi dc9eddc7a2 Use store_loot for igel_dump_file 2025-11-21 13:22:22 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
Martin Sutovsky 098af341f9 Fix payload name escaping 2025-11-21 13:04:52 +01:00
Zedeldi ba702d40ea Remove x86 target and redundant DefaultOptions 2025-11-21 12:04:49 +00:00
Valentin Lobstein 6215da4754 Apply review suggestions: use case/when, improve error handling, simplify code 2025-11-20 22:41:08 +01:00
Valentin Lobstein 8cd32c04ea Update modules/exploits/multi/http/flowise_js_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-20 21:55:43 +01:00
Valentin Lobstein db082959f4 Update modules/exploits/multi/http/flowise_custommcp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-20 21:55:20 +01:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Martin Sutovsky d904a526ee Shamefully removes pry and pry-byebug 2025-11-20 17:08:28 +01:00
bcoles d510adb13c Add Linux RISC-V chmod payloads 2025-11-21 01:37:12 +11:00
msutovsky-r7 e2097ee1bc Land #20701, adds windows WSL registry persistence module 
Windows WSL registry persistence
 2025-11-20 15:15:22 +01:00
Martin Sutovsky abaa4e6c7a Fixes cmd_exec call 2025-11-20 11:27:34 +01:00
h00die 9ff3f94bc9 review comments for wsl persistence 2025-11-19 17:37:55 -05:00
Valentin Lobstein 9624f75617 Simplify code formatting: shorten lines and improve readability 2025-11-19 23:05:01 +01:00
Valentin Lobstein 3102b31767 Move FETCH_COMMAND WGET to Unix/Linux target DefaultOptions only 2025-11-19 22:59:22 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
Zedeldi 8d28ce611a Revert to cmd_exec for modify_service and improve code style 2025-11-19 20:33:46 +00:00
Zedeldi bc2c397b8c Add check for root access to igel_persistence 2025-11-19 20:01:57 +00:00
Valentin Lobstein df1c157471 Improve Flowise CustomMCP RCE exploit stability with Basic Auth support and HTTP response validation 2025-11-19 20:12:31 +01:00
Valentin Lobstein f991bd58a4 Update modules/exploits/multi/http/flowise_custommcp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:57:48 +01:00
Valentin Lobstein 7ba143452c Change checkcode 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:57:03 +01:00
Valentin Lobstein 8178313a46 Delete SSL param 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:56:43 +01:00
Valentin Lobstein a187b9824e Remove CVE ID from title 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-19 19:56:23 +01:00
Zack Didcott beed317573 Use create_process instead of cmd_exec 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:02:08 +00:00
Zack Didcott 22aead0db1 Use vprint_status for modify_service and restart_service 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:01:05 +00:00
Christophe De La Fuente 179a545312 Remove false positive references 2025-11-19 17:34:15 +01:00
Martin Sutovsky 554c952d06 Adds payload name escaping 2025-11-19 15:58:30 +01:00
msutovsky-r7 d8b544b1ab Land #20707, adds note "CAP_SYS_BOOT privileges are required" to Linux Reboot payloads 
Add note "CAP_SYS_BOOT privileges are required" to Linux Reboot payloads
 2025-11-19 12:10:03 +01:00
bcoles c77c138117 Add note "CAP_SYS_BOOT privileges are required" to Linux Reboot payloads 2025-11-19 21:39:44 +11:00
Martin Sutovsky 6957f73bf5 Adds architecture match check 2025-11-19 08:12:30 +01:00
h00die 58f29548b3 review for windows/persistence/wsl/registry 2025-11-18 18:50:07 -05:00
Valentin Lobstein b26c4f5c7b Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:25:39 +01:00
Valentin Lobstein 88aadcc856 Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:03:59 +01:00