adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,768 Commits 27 Branches 1,043 Tags
ff15b581ed084f2104610d232ec4875bdfd8ab9a
Commit Graph

4954 Commits

Author SHA1 Message Date
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
Diego Ledda c0dfbf43f2 Merge pull request #20235 from Chocapikk/vbulletin_replace_ad_template_rce 
vBulletin replaceAdTemplate Remote Code Execution
 2025-06-19 14:20:16 +02:00
Martin Sutovsky 3abe9b46c0 Addressing comments 2025-06-13 10:32:39 +02:00
msutovsky-r7 2e3b66612b Update modules/exploits/multi/http/wp_tatsu_rce.rb 2025-06-12 11:38:01 +02:00
msutovsky-r7 cb9f5e8743 Update modules/exploits/multi/http/wp_tatsu_rce.rb 2025-06-12 11:35:01 +02:00
Martin Sutovsky 0b2e4bc337 Adds module for CVE-2021-25094 2025-06-11 19:03:00 +02:00
msutovsky-r7 f2920f868a Land #20291, adds Roundcube post-authentication RCE (CVE-2025-49113) 
Add Remote for Roundсube CVE-2025-49113 post-authentication RCE module
 2025-06-11 10:48:58 +02:00
Maksim Rogov 582e32c14e remove timeout 2025-06-11 11:05:33 +03:00
msutovsky-r7 a175e89d07 Land #20299, converts DisableNops to Boolean 
Modules: Convert DisableNops property to Boolean in several modules
 2025-06-11 07:31:53 +02:00
bcoles 3272ee0f28 Modules: Convert DisableNops property to Boolean in several modules 2025-06-10 23:57:52 +10:00
bcoles 304de9e1c9 Modules: Convert Privileged property to Boolean in several modules 2025-06-10 23:01:52 +10:00
Maksim Rogov 8fe5c91801 fix parsing.rb 2025-06-10 14:29:39 +03:00
Maksim Rogov 10ab54369d Update modules/exploits/multi/http/roundcube_auth_rce_cve_2025_49113.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-10 14:18:44 +03:00
Maksim Rogov 97c493a924 Update modules/exploits/multi/http/roundcube_auth_rce_cve_2025_49113.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-10 14:17:55 +03:00
Vognik d764237230 migrated to nokogiri methods for csrf token parsing 2025-06-10 14:54:09 +04:00
Maksim Rogov 5725e6faf7 Apply suggestions from code review 
Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2025-06-10 11:09:05 +03:00
Vognik 072ebafbcf fix naming 2025-06-09 19:32:31 +04:00
Vognik 46a36c9d4c refactor: update code per review 2025-06-09 19:28:38 +04:00
Brendan ebae201198 Merge pull request #20160 from zeroSteiner/feat/mod/payload/php-adapters 
Add PHP adapters and refactor PHP payloads
 2025-06-09 07:41:50 -05:00
Maksim Rogov 01f16ea802 Minor Fixes.rb 2025-06-08 12:47:08 +03:00
Maksim Rogov c63649a12d Update roundcube_auth_rce_cve_2025_49113.rb 2025-06-08 01:21:31 +03:00
Vognik f43e8863ad refactor: update code per review 2025-06-08 02:14:53 +04:00
Maksim Rogov 442b5aadf3 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-06-07 23:26:03 +03:00
Maksim Rogov 0426d3cb4f Rename roundcube_unauth_rce_cve_2025_49113.rb to roundcube_auth_rce_cve_2025_49113.rb 2025-06-07 16:14:28 +03:00
Maksim Rogov 906ba4fba2 Update roundcube_unauth_rce_cve_2025_49113.rb 2025-06-07 13:58:37 +03:00
Vognik b83b021445 Add Remote for Roundcube CVE-2025-49113 unauthenticated RCE module 2025-06-07 05:28:21 +04:00
Brendan 19e8e6cdf8 Merge pull request #20187 from Chocapikk/wp_ottokit 
Add CVE-2025-27007 in existing `exploit(multi/http/wp_suretriggers_auth_bypass)` module
 2025-06-05 11:03:00 -05:00
bwatters-r7 17bf77fca1 Switch to in-memory python over fetch payloads 2025-06-03 13:39:01 -05:00
remmons-r7 c2556382f1 Reword "pt" to "part" in the Metasploit module 2025-05-30 10:52:28 -05:00
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
Chocapikk 33439fccb3 Add verbosity, update doc 2025-05-29 16:30:41 +02:00
Valentin Lobstein f053d993f7 Update modules/exploits/multi/http/vbulletin_replace_ad_template_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-05-29 15:59:00 +02:00
remmons-r7 704e498f39 Add ivanti_epmm_rce_cve_2025_4427_4428.rb 
Add a module for CVE-2025-4427 and CVE-2025-4428, unauthenticated RCE chain in Ivanti EPMM.
 2025-05-28 17:32:56 -05:00
Chocapikk 05d41232fe Add CVE IDs 2025-05-27 13:51:49 +02:00
Chocapikk 6dc9809837 Non-blocking requests when trying to exploit, since the payload can be triggered twice 2025-05-26 20:17:39 +02:00
Chocapikk 854d2354fa Fix check, both requests can display if the system is vulnerable 2025-05-26 20:04:19 +02:00
Chocapikk 387a39d0a9 Update doc, module 2025-05-25 20:13:36 +02:00
Chocapikk 6644bfa8dc Check PHP version using X-Powered-By header 2025-05-24 00:10:52 +02:00
Valentin Lobstein 69426e6dca Update modules/exploits/multi/http/vbulletin_replace_ad_template_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-05-23 23:55:44 +02:00
Valentin Lobstein 1c717cf56b Update modules/exploits/multi/http/vbulletin_replace_ad_template_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-05-23 23:55:34 +02:00
Chocapikk ac98c1f554 Replace passthru with system 2025-05-23 23:34:44 +02:00
Chocapikk 1f6dd34f93 vBulletin replaceAdTemplate Remote Code Execution 2025-05-23 23:17:02 +02:00
Chocapikk 2e158d2d1a Fix User-Agent issue 2025-05-22 23:47:20 +02:00