adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,315 Commits 27 Branches 1,043 Tags
fa9d58bb73ec709dac8669dbbaaa8b698e17c63c
Commit Graph

4304 Commits

Author SHA1 Message Date
h00die fa9d58bb73 update bash_profile to persistence mixin 2025-08-30 15:17:50 -04:00
msutovsky-r7 5d59fbd333 Land #19903, adds module for periodic script persistence 
Add OSX Periodic Script Peristence
 2025-08-29 20:12:12 +02:00
Martin Sutovsky 2681e7cfed Update docs 2025-08-29 17:53:07 +02:00
msutovsky-r7 c5e5cb84f1 Land #20266, adds UDP keyboard exploit module for Remote for Mac 2025.6 
Adds UDP Keyboard RCE for Remote for Mac 2025.6
 2025-08-28 09:47:16 +02:00
Martin Sutovsky b177507041 Adds docs 2025-08-28 09:27:32 +02:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky f43b141886 Fine-tunning docs 2025-08-27 21:18:03 +02:00
Martin Sutovsky 61a0d68d97 Fine-tuning docs 2025-08-27 19:22:46 +02:00
Martin Sutovsky 23f486dc53 Updates docs 2025-08-27 19:16:33 +02:00
Martin Sutovsky 7196786258 Clarifies docs 2025-08-27 18:12:54 +02:00
Martin Sutovsky d49870211b Adding exceptions to exploit module, bug fix for aux module, adds documentation for exploit module 2025-08-22 15:26:46 +02:00
Martin Sutovsky 72dcc5a301 Library fix 2025-08-21 07:21:56 +02:00
Spencer McIntyre 5735a82df7 Merge pull request #20460 from msutovsky-r7/exploit/ndsudo-priv-esc 
Adds an exploit for ndsudo privilege escalation (CVE-2024-32019)
 2025-08-20 14:13:24 -04:00
Martin Sutovsky aae5356190 Updates the docs 2025-08-20 12:10:11 +02:00
Martin Sutovsky 38f81e073f Fixing documentation, adds more reliable cmd_exec 2025-08-15 07:26:56 +02:00
jheysel-r7 8251d89e92 Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce 
Adds module for PivotX RCE (CVE-2025-52367)
 2025-08-12 12:28:28 -07:00
jheysel-r7 e59a24823b Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce 
Wazuh Server authenticated RCE [CVE-2025-24016]
 2025-08-12 09:22:22 -07:00
Martin Sutovsky fbd1c1767f Finish documentation, adds description and notes 2025-08-11 16:25:56 +02:00
Martin Sutovsky d219efc0ac Adds documentation, adds check method 2025-08-11 12:25:33 +02:00
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Brendan b6dc0860e7 Merge pull request #20409 from sfewer-r7/sharepoint-hax 
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
 2025-08-06 14:24:28 -05:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
msutovsky-r7 c99702c8bf Land #20446, adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611) 
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
 2025-08-05 09:29:36 +02:00
Chocapikk 6ff04da954 Add LPE suggestions in documentation 2025-08-04 18:33:28 +02:00
Chocapikk 7d744c2a45 Update documentation 2025-08-04 17:51:42 +02:00
Valentin Lobstein c8f756dd37 Update documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:12 +02:00
msutovsky-r7 5fd6184494 Land #20423, adds malicious XDG Desktop fileformat module 
Add Malicious XDG Desktop File module
 2025-08-04 11:44:02 +02:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
msutovsky-r7 8130316de9 Removes unnecessary new line 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-08-01 10:02:46 +02:00
Martin Sutovsky 744188fb88 Updates docs 2025-08-01 09:40:08 +02:00
h00die-gr3y 3d0cfd0dfc update module + documentation based on review comments 2025-07-30 20:24:56 +00:00
h00die-gr3y 4b52708357 update module + documentation based on review comments 2025-07-30 11:39:20 +00:00
gardnerapp 92d246da13 Update documentation/modules/exploit/multi/local/periodic_script_persistence.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-29 13:20:00 -04:00
msutovsky-r7 f4622d802e Land #20406, adds malicious Windows Script Host VBScript fileformat module 
Add Malicious Windows Script Host VBScript (.vbs) File module
 2025-07-28 13:58:07 +02:00
msutovsky-r7 12340ef6b5 Land #20398, adds malicious Windows Script Host JScript fileformat module 
Add Malicious Windows Script Host JScript (.js) File module
 2025-07-28 13:51:26 +02:00
sfewer-r7 3237151512 add in the documentation 2025-07-25 14:40:12 +01:00
bcoles cbc03eaeeb Add Malicious Windows Script Host VBScript (.vbs) File module 2025-07-25 18:46:47 +10:00
bcoles 44c61a7e4d Add Malicious Windows Script Host JScript (.js) File module 2025-07-25 18:43:33 +10:00
msutovsky-r7 afeded56aa Land #20384, adds module for malicious Windows Registration Entries files 
Add Malicious Windows Registration Entries (.reg) File module
 2025-07-24 12:29:34 +02:00
Martin Sutovsky 54c86cfc10 Addressing comments 2025-07-24 12:19:47 +02:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
Martin Sutovsky ed5c13330f Module init 2025-07-21 12:41:38 +02:00
h00die-gr3y 58704e9eab init module + documentation 2025-07-20 19:06:01 +00:00
adfoster-r7 8fe815da6f Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt 
Updates docs to reflect new default prompt
 2025-07-17 12:53:02 +01:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Diego Ledda ca9535e39a Update pandora_fms_auth_netflow_rce.md 2025-07-17 11:29:07 +02:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00