adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,315 Commits 27 Branches 1,043 Tags
fa9d58bb73ec709dac8669dbbaaa8b698e17c63c
Commit Graph

1550 Commits

Author SHA1 Message Date
h00die fa9d58bb73 update bash_profile to persistence mixin 2025-08-30 15:17:50 -04:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky f43b141886 Fine-tunning docs 2025-08-27 21:18:03 +02:00
Martin Sutovsky 61a0d68d97 Fine-tuning docs 2025-08-27 19:22:46 +02:00
Martin Sutovsky 23f486dc53 Updates docs 2025-08-27 19:16:33 +02:00
Martin Sutovsky 7196786258 Clarifies docs 2025-08-27 18:12:54 +02:00
Martin Sutovsky d49870211b Adding exceptions to exploit module, bug fix for aux module, adds documentation for exploit module 2025-08-22 15:26:46 +02:00
Martin Sutovsky 72dcc5a301 Library fix 2025-08-21 07:21:56 +02:00
Spencer McIntyre 5735a82df7 Merge pull request #20460 from msutovsky-r7/exploit/ndsudo-priv-esc 
Adds an exploit for ndsudo privilege escalation (CVE-2024-32019)
 2025-08-20 14:13:24 -04:00
Martin Sutovsky aae5356190 Updates the docs 2025-08-20 12:10:11 +02:00
Martin Sutovsky 38f81e073f Fixing documentation, adds more reliable cmd_exec 2025-08-15 07:26:56 +02:00
jheysel-r7 8251d89e92 Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce 
Adds module for PivotX RCE (CVE-2025-52367)
 2025-08-12 12:28:28 -07:00
jheysel-r7 e59a24823b Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce 
Wazuh Server authenticated RCE [CVE-2025-24016]
 2025-08-12 09:22:22 -07:00
Martin Sutovsky fbd1c1767f Finish documentation, adds description and notes 2025-08-11 16:25:56 +02:00
Martin Sutovsky d219efc0ac Adds documentation, adds check method 2025-08-11 12:25:33 +02:00
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Chocapikk 6ff04da954 Add LPE suggestions in documentation 2025-08-04 18:33:28 +02:00
Chocapikk 7d744c2a45 Update documentation 2025-08-04 17:51:42 +02:00
Valentin Lobstein c8f756dd37 Update documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:12 +02:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
msutovsky-r7 8130316de9 Removes unnecessary new line 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-08-01 10:02:46 +02:00
Martin Sutovsky 744188fb88 Updates docs 2025-08-01 09:40:08 +02:00
h00die-gr3y 3d0cfd0dfc update module + documentation based on review comments 2025-07-30 20:24:56 +00:00
h00die-gr3y 4b52708357 update module + documentation based on review comments 2025-07-30 11:39:20 +00:00
Martin Sutovsky 54c86cfc10 Addressing comments 2025-07-24 12:19:47 +02:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
Martin Sutovsky ed5c13330f Module init 2025-07-21 12:41:38 +02:00
h00die-gr3y 58704e9eab init module + documentation 2025-07-20 19:06:01 +00:00
adfoster-r7 8fe815da6f Merge pull request #20394 from cgranleese-r7/update-docs-to-reflect-new-default-prompt 
Updates docs to reflect new default prompt
 2025-07-17 12:53:02 +01:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Diego Ledda ca9535e39a Update pandora_fms_auth_netflow_rce.md 2025-07-17 11:29:07 +02:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Martin Sutovsky f773e3aef9 Updates docs 2025-07-16 12:25:28 +02:00
h00die-gr3y 7a9cd79170 small update on the documentation 2025-07-16 09:32:47 +00:00
h00die-gr3y 639315452c added attackerkb reference + documenttaion 2025-07-16 09:29:14 +00:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
Martin Sutovsky ffa2152a6a Updates docs 2025-07-07 11:56:53 +02:00
Martin Sutovsky 5c8d918e3d Fixes documentation 2025-06-28 17:07:44 +02:00
happybear-21 840ae0f317 resolved: issues 2025-06-27 19:42:35 +05:30
Martin Sutovsky 37e8780a6b Code refactor, docs 2025-06-27 10:26:31 +02:00
Martin Sutovsky 7b845fa3df Fixed documentation issues 2025-06-26 12:08:51 +02:00
Martin Sutovsky 240bc828f1 Removing header 2025-06-26 12:08:51 +02:00
happybear-21 d787444137 Add exploit module for ISPConfig language_edit.php PHP Code Injection (CVE-2023-46818) 
- Adds modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
- Adds documentation for the module in documentation/modules/exploit/linux/http/ispconfig_lang_edit_php_code_injection.md
- Module targets ISPConfig < 3.2.11p1 with admin_allow_langedit enabled
- References and implementation based on PoC and advisories at https://github.com/SyFi/CVE-2023-46818
 2025-06-25 22:27:52 +05:30
msutovsky-r7 fdc78b40bb Add more clear installation steps 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-06-25 15:17:58 +02:00
Martin Sutovsky ca142599e8 Module init 2025-06-23 10:27:27 +02:00
Chocapikk 2a008c83d1 Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005, 30006) 2025-06-22 09:07:20 +02:00
msutovsky-r7 5fbf46ba7f Land #19472, adds exploits/linux/local/udev_persistence 
Add modules/exploits/linux/local/udev_persistence.rb
 2025-06-04 13:21:04 +02:00
Brendan 76471731f9 Merge pull request #20112 from cdelafuente-r7/mod/ivanti/rce/cve_2025_22457 
Ivanti Connect Secure Unauthenticated RCE via Stack-based Buffer Overflow CVE-2025-22457
 2025-05-15 11:44:49 -05:00