adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

276 Commits

Author SHA1 Message Date
Jack Heysel 34cebd1453 Update CheckCode messaging 2026-01-22 15:03:32 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
vognik 9e320dd168 add suggestions from @jheysel-r7 2026-01-19 18:45:01 -08:00
vognik 9fbf4e1d67 replace vprint_status with print_status in login.rb module 2025-12-18 08:59:55 -08:00
vognik 59dc9dd59c fix error handling 2025-12-17 09:57:03 -08:00
vognik 6d059bd62e improve csrf token parsing 2025-12-17 09:53:28 -08:00
vognik 1d4b8ce10e add pagination support to get_apps function 2025-12-16 10:03:08 -08:00
vognik 35dd55159d extracted get_apps url into uris.rb 2025-12-13 11:35:25 -08:00
vognik ebd736272f fix variables naming 2025-12-13 11:21:08 -08:00
vognik b35c8b3926 remove unused function calls 2025-12-12 20:31:14 -08:00
vognik ee404d9453 add splunk modules (cve-2022-43571 and cve-2024-36985) 2025-12-12 13:16:57 -08:00
Valentin Lobstein 6215da4754 Apply review suggestions: use case/when, improve error handling, simplify code 2025-11-20 22:41:08 +01:00
Valentin Lobstein 11c64b8f10 Update lib/msf/core/exploit/remote/http/flowise.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-11-20 21:55:10 +01:00
Valentin Lobstein 6ab2452153 Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example 2025-11-19 22:58:27 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
jheysel-r7 96a83143f1 Merge pull request #20479 from msutovsky-r7/exploit/sitecore/postauth-rce 
Adds modules for Sitecore XP post-auth remote code executions (CVE-2025-34510, CVE-2025-34511)
 2025-09-11 11:25:27 -07:00
Martin Sutovsky fa64376c5c Adds comments for login function 2025-09-01 15:50:21 +02:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky 2533ddf441 Rubocoping 2025-08-26 12:42:28 +02:00
Martin Sutovsky b43b4c9f37 Updates library, addressing comments 2025-08-25 17:49:34 +02:00
Martin Sutovsky 4e113b1768 Addresses comments, adds exception for Pretalx, modifies aux module 2025-08-22 13:59:50 +02:00
Martin Sutovsky fb062075e3 Adds target, adds side effects 2025-08-21 15:21:16 +02:00
Martin Sutovsky 01c09bcfed Library fixes, refactoring exploit module 2025-08-21 09:22:21 +02:00
Martin Sutovsky 72dcc5a301 Library fix 2025-08-21 07:21:56 +02:00
Martin Sutovsky da5b20faa4 Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init 2025-08-20 10:59:22 +02:00
Martin Sutovsky ce1d0d1c27 Removes redundant code, unifies fail_with calling, adds advanced option for wait time 2025-08-01 10:51:52 +02:00
Martin Sutovsky d081d83aa6 Adds additional functionality for Pretalx 2025-07-31 14:53:49 +02:00
Martin Sutovsky 0d556253d3 Fix 2025-07-31 12:57:14 +02:00
Martin Sutovsky 38096c6988 Adding Pretalx functionality, expanding auxiliary module 2025-07-30 15:42:34 +02:00
Martin Sutovsky b276c50115 Making Pretalx functionality more robust 2025-07-28 10:53:24 +02:00
Valentin Lobstein 56f6a65e21 Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-19 04:04:25 +02:00
Valentin Lobstein 4a1f9e541e Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-19 04:04:14 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk 1863eddcd4 chore: add magic encoding comment to Ruby files 2025-07-16 22:32:20 +02:00
Chocapikk 1fb6d488a8 Rename file 2025-07-16 22:30:28 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
bcoles 5aa91bd57c Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations 2025-05-24 13:34:32 +10:00
Brendan 13d18f2c83 Update lib/msf/core/exploit/remote/http/wordpress/login.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2025-05-13 17:32:48 -05:00
bwatters-r7 ce8ceaddbc Change check for redirect to be less specific 2025-05-13 10:59:16 -05:00
Spencer McIntyre d95146e315 Use retry to speed things up but also wait longer 2025-05-05 11:06:09 -04:00
Spencer McIntyre 6ab275a120 Remove a couple of debug prints 2025-05-05 10:58:41 -04:00
Jack Heysel 4a746a3963 Relocate find_management_point method 2025-05-01 20:35:41 -07:00
jheysel-r7 ca3c4a1362 Merge branch 'master' into get_naa_creds_via_relay 2025-04-01 09:34:35 -07:00
Jack Heysel 87a17424af Suggestions from code review 2025-03-21 10:34:08 -07:00
Jack Heysel fdf4531c10 Add SMB to HTTP relay support for get_naa_creds 2025-03-13 10:59:59 -07:00
sfewer-r7 60a496eec9 bugfix the URI to work as expected for both HTTP and HTTPS, also some appliences (C8000v) need the _http portion of this URI path to be cchanges from all lowercase for CVE-2023-20198 to work as expected. 2025-03-03 20:20:26 +00:00
jheysel-r7 c4b7954f15 Land #19596, Wordpress Plugin Post SMTP Account Takeover 2024-11-29 09:05:03 -08:00