adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

2973 Commits

Author SHA1 Message Date
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
Arnout Engelen 2f2fea7f6b add CVE reference to Continuum exploit 2026-01-26 12:36:12 +01:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
vognik 9e320dd168 add suggestions from @jheysel-r7 2026-01-19 18:45:01 -08:00
msutovsky-r7 7b092aeedb Land #20806, adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888) 
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
 2026-01-14 15:44:25 +01:00
Martin Sutovsky 2809ff8235 Fix archs 2026-01-13 14:24:04 +01:00
JohannesLks 4678d82c6d fix: architecture specification 2026-01-12 17:03:08 +01:00
jheysel-r7 ae4a5ac986 Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info 
Merge target info into the module info
 2026-01-08 18:01:14 -08:00
JohannesLks 8bd24f4ecf Fix:n- Use Rex::Stopwatch for time-based checkn- Change CheckCode::Appears to CheckCode::Vulnerable - Add cmd/base64 encoder in Payload hash for Unix Command target - Simplify execute_command by removing manual base64 encoding 2026-01-08 12:38:20 -05:00
JohannesLks c859f18557 fix: - Hardcode endpoint path in send_request_cgi - Use idiomatic Ruby single-line conditional - Remove unnecessary return keyword 2026-01-08 15:34:11 +01:00
Xorriath 2030d19438 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:45:03 +02:00
Xorriath 2ef1b9fbae Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-07 14:44:51 +02:00
Xorriath a676b05928 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:32 +02:00
Xorriath 236d94ee54 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:17 +02:00
Xorriath b35d74b305 Update modules/exploits/linux/http/prison_management_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-06 12:35:01 +02:00
Lukas Johannes Möller 982f5e0e28 control_web_panel_api_cmd_exec.rb aktualisieren 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-26 16:04:42 +01:00
Lukas Johannes Möller 0bfb77d74f control_web_panel_api_cmd_exec.rb aktualisieren 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-26 16:04:12 +01:00
kali 2448429502 Add Prison Management System 1.0 auth RCE (CVE-2024-48594) 2025-12-26 08:08:49 +02:00
JohannesLks 5329e1472e fix: PR and Lint 2025-12-24 06:39:13 -05:00
JohannesLks 455275d087 add module for CVE-2025-67888 2025-12-23 19:21:34 -05:00
sfewer-r7 0c947d05ab add in the AKB analysis 2025-12-19 15:38:43 +00:00
sfewer-r7 5c6c8a3956 better check result given we have the version string 2025-12-19 15:38:27 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
vognik cd8f1593e4 fix version check 2025-12-18 09:12:36 -08:00
vognik 8fdb4ab43a add delay to sudobash drop file 2025-12-18 08:49:24 -08:00
Spencer McIntyre 602adeb4c5 Mass rubocop changes 2025-12-18 10:08:31 -05:00
Spencer McIntyre 8945267db6 Remove redundant Platform and Arch definitions 2025-12-17 16:12:31 -05:00
Spencer McIntyre 2103e1b5f6 Fix a bug in the platform definition 2025-12-17 15:57:58 -05:00
vognik 055d243d05 add create_sudobash payload option 2025-12-13 12:00:08 -08:00
vognik 7149b9a960 randomize provider name in payload 2025-12-13 11:46:47 -08:00
vognik ebd736272f fix variables naming 2025-12-13 11:21:08 -08:00
vognik 4ff2f35154 fix credits 2025-12-12 20:59:29 -08:00
vognik b35c8b3926 remove unused function calls 2025-12-12 20:31:14 -08:00
vognik 0f96f2f3fd fix cve format in references 2025-12-12 13:45:52 -08:00
vognik ee404d9453 add splunk modules (cve-2022-43571 and cve-2024-36985) 2025-12-12 13:16:57 -08:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 8a054b74db improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8 2025-11-25 11:22:43 +00:00
sfewer-r7 b8cefb1af9 add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process 2025-11-21 15:54:41 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Christophe De La Fuente 179a545312 Remove false positive references 2025-11-19 17:34:15 +01:00
Diego Ledda 110cb837aa Merge pull request #20672 from h00die-gr3y/centreon_auth_rce 
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
 2025-11-05 16:29:29 +01:00
h00die-gr3y 34c424f473 update based on dledda-r7 comments 2025-11-05 09:20:13 +00:00
h00die-gr3y 61dfc293d9 update based on dledda-r7 comments 2025-11-03 14:37:23 +00:00
h00die-gr3y 85b4233345 updated module based on review comments and added documentation 2025-11-03 10:21:31 +00:00
h00die-gr3y 83e7fc2667 update attackerkb reference 2025-11-02 18:26:34 +00:00