adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,348 Commits 27 Branches 1,043 Tags
fef03d3bb7b7f686cf75fa910a766c147fff68bb
Commit Graph

39804 Commits

Author SHA1 Message Date
Diego Ledda b18611c1d9 Merge pull request #20966 from litemars/add_Linux_evasion_module-rc4_packer_x64 
adding RC4 packer x64, rc4 decrypt routine and sleep evasion routine
 2026-03-09 10:55:44 -04:00
Diego Ledda 1af0a49729 Merge pull request #21002 from Chocapikk/add-module-leakix-search 
Add LeakIX search module with 6 actions and bulk streaming
 2026-03-09 10:34:43 -04:00
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
adfoster-r7 628275ef59 Revert "This adjusts module options that need a routable address" 2026-03-08 17:37:49 +00:00
Diego Ledda 1ec87b586a Merge pull request #20989 from zeroSteiner/feat/lib/mod-address-opts 
This adjusts module options that need a routable address
 2026-03-05 11:46:52 -05:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
Valentin Lobstein 4534a8a07e Fix: Address msutovsky-r7 PR review feedback 
- Add IOC_IN_LOGS to SideEffects (POST payload may appear in app logs)
- Pass page parameter via vars_get instead of embedding in URI string
- Apply vars_get consistently in crawl seed request
 2026-03-05 14:07:22 +01:00
Valentin Lobstein bf41455bca Fix: Address review feedback - remove dead execute_command, fix dropper race condition 2026-03-05 14:01:12 +01:00
Valentin Lobstein 77df1f1e87 Fix: Revert action-specific options to non-required with manual validation 
Option conditions control display but required:true still triggers
validation across all actions. Reverted QUERY, TARGET_IP, TARGET_DOMAIN
to required:false and re-added case/when validation in validate method.
 2026-03-04 17:13:03 +01:00
Valentin Lobstein 6a97083e3b Refactor: Use option conditions for action-specific validation 2026-03-04 15:23:27 +01:00
msutovsky-r7 96958dedbb Land #20852, exposes encoder options for exploit and payloads 
Expose encoder options
 2026-03-04 10:01:29 +01:00
Spencer McIntyre 36ba1608af Remove more unnecessary my_host definitions 2026-03-03 09:37:27 -05:00
Spencer McIntyre bd5152f10a Clean up my_host definition in IE exploit 2026-03-03 09:37:27 -05:00
Spencer McIntyre ea915acba3 Appease rubocop 2026-03-03 09:37:27 -05:00
Spencer McIntyre 1b39311784 Remove redundant definitions of SRVHOST 2026-03-03 09:37:27 -05:00
Spencer McIntyre 821e3c28f1 Replace old patterns with srvhost_addr 2026-03-03 09:37:27 -05:00
Spencer McIntyre 132ef661d3 Update usage within binding operations 2026-03-03 09:37:27 -05:00
Spencer McIntyre 6e38f8568c Update tftphost usage in cmd stagers 2026-03-03 09:37:27 -05:00
Spencer McIntyre b7fc0c6613 Replace usage of #lookup_lhost 2026-03-03 09:37:27 -05:00
Spencer McIntyre fc3176ca0d SRVHOST isn't defined here, use DNS 2026-03-03 09:37:27 -05:00
Spencer McIntyre 3f2a07bdca Update #make_steal_credentials_payload to just take url 2026-03-03 09:37:27 -05:00
Spencer McIntyre 18bdbfa402 Update instances of #backend_url to use #get_uri 2026-03-03 09:37:26 -05:00
adfoster-r7 9df6879a95 Update modules to use srvhost method 2026-03-03 09:37:25 -05:00
Spencer McIntyre 514bb88962 Fix java payload cached sizes 2026-03-03 09:34:49 -05:00
Spencer McIntyre 758ac7f2f6 Apply rubocop changes 2026-03-03 09:34:49 -05:00
Spencer McIntyre fc49421939 Replace checks for nonroutable addresses 
This consolidates modules that check for a nonroutable SRVHOST value and
replaces it with OptAddressRoutable, defaulting to a reasonable address.
 2026-03-03 09:34:49 -05:00
Spencer McIntyre a0fb02bd45 Default the address in the SMB share mixin 2026-03-03 09:34:49 -05:00
Spencer McIntyre 92e77de800 Update to use OptAddressRourtable for SRVHOST 2026-03-03 09:34:48 -05:00
Diego Ledda 38dbefecfc Merge pull request #20965 from litemars/add_Linux_evasion_module-rc4_packer_x86 
adding RC4 packer x86, rc4 decrypt routine and sleep evasion routine
 2026-03-03 04:36:51 -05:00
Brendan 9ea5a54fe9 Merge pull request #20940 from g0tmi1k/twiki_search 
twiki_search: Fix exploit, more verbose, error handling, add fetch payload support
 2026-03-02 17:55:50 -06:00
Brendan 9664ab5191 Merge pull request #20946 from g0tmi1k/twiki_history 
twiki_history: Add revision+page options & Fetch payload support
 2026-03-02 13:58:44 -06:00
sjanusz-r7 ccc8367db5 Working Kerberoast and AS-REP modules with LDAP sessions 2026-03-02 15:33:36 +00:00
adfoster-r7 7545328be1 Linting 2026-03-02 15:02:56 +00:00
adfoster-r7 1a4ae7bfa3 Fix broken module url references 2026-03-02 14:35:48 +00:00
Diego Ledda 6f84c83135 Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce 
Add three MajorDoMo unauthenticated RCE modules
 2026-03-02 05:20:22 -05:00
Diego Ledda 069dea2296 Apply suggestion from @dledda-r7 2026-02-27 17:04:03 +01:00
litemars c5c67fac56 new line for linter 2026-02-27 16:02:35 +01:00
litemars 003ac7b12d changed description 2026-02-27 15:44:28 +01:00
litemars b6acc1fd28 moved rc4_packer to x64 sub-directory 2026-02-27 15:21:04 +01:00
Valentin Lobstein 615ca34e29 Fix: Remove explicit timeouts from send_request_cgi calls 2026-02-27 14:42:00 +01:00
Valentin Lobstein 6923badeac Fix: Use background thread for cycle.php bootstrap instead of timeout 2026-02-27 14:34:24 +01:00
Valentin Lobstein 76d103e483 Fix: Bootstrap cycle tables and update lab documentation 
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
 2026-02-27 14:33:04 +01:00
dledda-r7 a59738700f chore: moved rc4_packer to x86 sub-directory, rubocop fix 2026-02-27 07:28:14 -05:00
Valentin Lobstein 2bc2a3e3c0 Fix: Remove extra empty line in run method 2026-02-26 17:26:23 +01:00
Valentin Lobstein 5c4e5e414f Fix: Use validate method with OptionValidateError instead of validate_options! 2026-02-26 17:19:43 +01:00
Valentin Lobstein 097a4700cb Fix: check method returns CheckCode instead of fail_with on login failure 2026-02-26 17:13:57 +01:00
Valentin Lobstein 11806c983d Update modules/exploits/linux/http/tacticalrmm_ssti_rce_cve_2025_69516.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-26 17:12:42 +01:00
Diego Ledda 0d259baf5e Merge pull request #20964 from litemars/add_Linux_evasion_module-rc4_packer_arm64 
adding RC4 packer arm64, rc4 decrypt routine and sleep evasion routine
 2026-02-26 09:11:39 -05:00
g0t mi1k 218c8df3bd twiki_search: Drop MeterpreterTryToFork & fail_with 2026-02-26 09:35:50 +00:00