adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,994 Commits 27 Branches 1,043 Tags
ecfdec9678d3ce221d93044ced77980fb53ddc30
Commit Graph

38487 Commits

Author SHA1 Message Date
Hakil ecfdec9678 Fix issue #20396 2025-07-26 18:36:14 +02:00
Hakil d48419160b Fix issue #20396 2025-07-26 18:35:47 +02:00
Hakil 06c17a6e77 Update crack_webapps.rb 2025-07-26 18:35:21 +02:00
Hakil d88c4bde88 Fix issue #20396 2025-07-26 18:34:54 +02:00
Hakil 5aee8d5d42 Fix issue #20396 2025-07-26 18:34:12 +02:00
Hakil bd3ce5f20e Fix issue #20396 2025-07-26 18:33:20 +02:00
Hakil 56f138c4a1 Fix issue #20396 2025-07-26 18:31:43 +02:00
msutovsky-r7 1fb76b1776 Land #20408, fixes arguments passing to redis_command function in auxiliary/scanner/redis/redis_server 
Fix modules\auxiliary\scanner\redis\redis_server
 2025-07-25 10:47:14 +02:00
jheysel-r7 392f87dee2 Merge pull request #20401 from zeroSteiner/feat/mod/ldap/gmsa-secrets 
Add gMSA Secret Extraction From LDAP
 2025-07-24 14:50:24 -07:00
laptop e4686fe129 deleted the spaces in EOF 2025-07-24 19:23:44 +08:00
msutovsky-r7 afeded56aa Land #20384, adds module for malicious Windows Registration Entries files 
Add Malicious Windows Registration Entries (.reg) File module
 2025-07-24 12:29:34 +02:00
laptop 9c1b7e94eb –fix(redis_server): Correctly parse multi-word Redis commands 2025-07-23 11:50:34 +08:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
jheysel-r7 00c8c773a3 Merge pull request #20375 from Chocapikk/wp_photo_gallery_sqli 
WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169)
 2025-07-18 16:37:14 -07:00
Spencer McIntyre 714f667c0f Finish adding gMSA secret dumping 2025-07-18 17:10:35 -04:00
Spencer McIntyre 82610aec24 Initial commit of extracting gMSA secrets from LDAP 2025-07-18 10:59:15 -04:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Chocapikk 7431958e5c Update url reference 2025-07-16 22:59:48 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk efa49d2aa2 refactor(wp_photo_gallery): drop unused action + guard against LocalJumpError in SQLi helper 2025-07-16 22:04:13 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Valentin Lobstein 136cc0ab3d Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:44 +02:00
Valentin Lobstein 131ce6cb3f Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:31 +02:00
Valentin Lobstein daf6cb3c84 Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:23 +02:00
Valentin Lobstein 65b7415bcc Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:15 +02:00
Valentin Lobstein 82d558bf2a Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:04 +02:00
Jack Heysel e328a8f8c4 Fix update action in ad_cs_cert_template 2025-07-15 17:20:36 -07:00
jheysel-r7 914f874e12 Merge pull request #20216 from sjanusz-r7/add-graphql-aux-scanner-module 
Add GraphQL Auxiliary Scanner module
 2025-07-15 10:39:44 -07:00
bcoles c5ec45452a Add Malicious Windows Registration Entries (.reg) File module 2025-07-13 23:41:59 +10:00
Brendan b4188e70be Merge pull request #20357 from xaitax/add-windows-aarch64-winexec-payload 
Revive and Finalize windows/aarch64/exec Payload
 2025-07-11 10:18:17 -05:00
Chocapikk 9d56001643 fix 2025-07-10 16:20:53 +02:00
Valentin Lobstein cf0596a8e9 Update modules/auxiliary/gather/wp_photo_gallery_sqli.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-07-10 16:19:13 +02:00
Valentin Lobstein 69f8679ac2 Update modules/auxiliary/gather/wp_photo_gallery_sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-10 16:18:27 +02:00
Chocapikk 622072bba4 WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169) 2025-07-10 13:22:19 +02:00
Brendan 36675ccd9a Merge pull request #20349 from sfewer-r7/0day-cve-2024-51978 
Add auxiliary module for multiple Brother devices authentication bypass (CVE-2024-51978)
 2025-07-09 13:07:25 -05:00
sfewer-r7 df24090fc0 fix typo in message 2025-07-09 14:59:54 +01:00
sfewer-r7 ab913b0416 make this error message not that no password may be present on the device 2025-07-09 14:58:59 +01:00
sfewer-r7 34952d73f6 display the AuthCookie if one is received 2025-07-09 10:15:30 +01:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
jheysel-r7 79d67dd1f0 Merge pull request #20345 from zeroSteiner/feat/lib/ldap-adds/1 
Add an Active Directory LDAP Mixin
 2025-07-08 14:37:23 -07:00
Spencer McIntyre 2ab90df4b2 Check for full permissions on certs too 2025-07-08 15:46:43 -04:00
Spencer McIntyre 8b8b350950 Use the new function instead of the old 2025-07-08 15:01:54 -04:00
Spencer McIntyre 7cacc4cd45 Update the ad_cs_cert_template module too 2025-07-08 15:01:54 -04:00
Spencer McIntyre c2a06e341d Expand on the matcher logic 2025-07-08 15:01:46 -04:00
msutovsky-r7 93f902fe27 Land #20364, adds WingFTP unauthenticated RCE module 
Add WingFTP unauthenticated RCE (CVE-2025-47812)
 2025-07-07 13:12:10 +02:00
Martin Sutovsky 7d881567f2 Refactors code 2025-07-07 11:54:28 +02:00
msutovsky-r7 bc705b8c5a Land #20334, adds payload linux/x64/set_hostname 
Add payload/linux/x64/set_hostname module.
 2025-07-06 18:56:43 +02:00
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Martin Sutovsky 1ee9d61de1 Running Rubocop 2025-07-05 15:57:38 +02:00