github
/
metasploit-framework
mirror of https://github.com/rapid7/metasploit-framework
1
Fork 0
Code Releases Activity
73,816 Commits 12 Branches 892 Tags 2.1 GiB
Commit Graph

73816 Commits

Author SHA1 Message Date
adfoster-r7 fd10f4d295
Land #19156, Fixes password_spray not using additional_privates and default username 2024-05-02 16:20:10 +01:00
cgranleese-r7 d105ae10ff Fixes some password_spray issues 2024-05-02 15:43:07 +01:00
Metasploit 4c7f1e6520
Bump version of framework to 6.4.8 2024-05-02 03:37:55 -05:00
Metasploit bd767a9279
automatic module_metadata_base.json update 2024-05-01 16:26:41 -05:00
Spencer McIntyre 1bf721b9d5
Land #19152, Fix apache_normalize_path_rce check 
Fix apache_normalize_path_rce check method
 2024-05-01 17:10:23 -04:00
adfoster-r7 5e1dc05f09 Fix apache_normalize_path_rce check method 2024-05-01 20:01:38 +01:00
Metasploit 2dce73833f
automatic module_metadata_base.json update 2024-05-01 08:45:48 -05:00
adfoster-r7 59a3839be8
Land #19137, nameservers from resolv.conf must be IP addresses 2024-05-01 14:28:38 +01:00
Spencer McIntyre a98554a1f4
Land #19048, Enable inline credentials dump 
Windows Secrets Dump: Enable inline credentials dump
 2024-05-01 09:05:40 -04:00
adfoster-r7 fef9024c5a
Land #19148, Update pcaprub dependency 2024-04-30 21:18:34 +01:00
adfoster-r7 27dd14bb64 Update pcaprub dependency 2024-04-30 20:48:24 +01:00
Christophe De La Fuente 52001bf7d4
Bump `ruby_smb` to version 3.3.7 
- This will bring in the GetKeySecurity and SetKeySecurity MS-RRP structures
 2024-04-30 20:54:15 +02:00
Christophe De La Fuente 9079ce331b
Remove call to `each_key` on `users` array, since it is not a Hash 2024-04-30 20:52:23 +02:00
Metasploit d6b45658e0
automatic module_metadata_base.json update 2024-04-29 17:55:45 -05:00
Spencer McIntyre 434186200a
Land #19141, Apache RocketMQ & ActiveMQ fixes 2024-04-29 18:33:47 -04:00
jheysel-r7 6055d8a005 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-29 17:37:49 -04:00
bwatters 8a08f6a083
Land #19075, Modularise the Softing login code 
Merge branch 'land-19075' into upstream-master
 2024-04-29 14:47:44 -05:00
Jack Heysel 6c74d14bb7 Tested attempt to fix rspec 2024-04-29 08:54:57 -07:00
Metasploit 518aafb1f1
automatic module_metadata_base.json update 2024-04-26 18:37:25 -05:00
bwatters 364d491af7
Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
bwatters 02c31159ab
Add vulnerable versions and fix indention 2024-04-26 17:36:50 -05:00
Jack Heysel f5f1deaf5b Untested attempt to fix spec 2024-04-26 14:55:45 -07:00
Jack Heysel 3b57fbf052 ActiveMQ fixes 2024-04-26 14:25:16 -07:00
Jack Heysel 429eaff5ca RocketMQ fixes 2024-04-26 14:24:08 -07:00
Christophe De La Fuente 4f6e2bcd22
Code review 2024-04-26 18:47:42 +02:00
Christophe De La Fuente 4794844b67 Update the documentation 2024-04-26 18:44:05 +02:00
Christophe De La Fuente 1294ed0bbb Add inline technique to dump SAM hashes, LSA secrets and cached hashes 2024-04-26 18:44:05 +02:00
Metasploit a6cf1cd414
automatic module_metadata_base.json update 2024-04-26 07:52:01 -05:00
adfoster-r7 7e2e3eeab3
Land #19138,fix recursive call to `ldap_open` 2024-04-26 13:35:30 +01:00
Dean Welch 1c8a4706d7 Fix recursive call to `ldap_open` 2024-04-26 12:33:43 +01:00
Spencer McIntyre cf6d324832 Nameservers from resolv.conf must be IP addresses 
Fixes an infinite recursion error where Metasploit would attempt to
resolve a nameserver specified as a hostname in /etc/resolv.conf while
initializing.

Values for the namserver key in the resolv.conf file must be IP
addresses per the man page while the Resolver class in theory allows
them to be added by hostname however an existing one must be defined by
which it will be resolved.

This notably prevents IPv6 addresses with a scope ID from being allowed
in Ruby versions < 3.1.
 2024-04-25 16:21:04 -04:00
Metasploit aef3cc546b
automatic module_metadata_base.json update 2024-04-25 10:10:09 -05:00
Simon Janusz 76d7fe8dbd
Land #19095, Refactor smb_enumusers 2024-04-25 15:45:23 +01:00
dwelch-r7 cd40f95f05
Land #19134, Downgrade unf ext 2024-04-25 15:25:05 +01:00
adfoster-r7 c1e5c7a8bf Downgrade unf_ext 2024-04-25 15:08:31 +01:00
Spencer McIntyre d6317923f6 Bump ruby_smb to 3.3.6 
This pulls in the changes from rapid7/ruby_smb#266 which adds
SamrQueryInformationDomain support.
 2024-04-25 09:41:48 -04:00
Metasploit b607c70611
Bump version of framework to 6.4.7 2024-04-25 03:35:58 -05:00
Spencer McIntyre 1c8d62abc1
Land #19129, Add missing '-S' to cmd_notes 2024-04-24 15:57:33 -04:00
Metasploit 1e4e62dc43
automatic module_metadata_base.json update 2024-04-24 14:29:51 -05:00
Jack Heysel aea95c052e
Land #18723, Improve Gitlab fingerprinting 
A webpage exists that can be reached without authentication that
contains a hash that can be used to determine the approximate version of
gitlab running on the endpoint. This PR adds enhances our current GitLab
fingerprinting capabilities to include the aforementioned technique.
 2024-04-24 12:13:15 -07:00
Jack Heysel bc4a532cd7 Changed format of GITLAB_CSS_MAP 2024-04-24 11:38:22 -07:00
Noam Rathaus cadda6f1a3 Fix rspec for cmd_notes 2024-04-24 20:46:32 +03:00
Jack Heysel 8b48d3d056 Print RPORT as well as IP when printing version 2024-04-24 10:20:59 -07:00
Metasploit e6fb1789f4
automatic module_metadata_base.json update 2024-04-24 12:15:44 -05:00
Jack Heysel bd2b1e5f00 Removed redundant use of Object#to_s in interpolation 2024-04-24 10:09:20 -07:00
Jack Heysel f018295509 Ensure range of Rex::Version objects are always returned 2024-04-24 10:00:16 -07:00
adfoster-r7 e5cf357f9e
Land #19078, ldap acceptance tests 2024-04-24 17:59:24 +01:00
Dean Welch 33ffc14e6b Use samba ad container for ldap 2024-04-24 11:38:41 +01:00
Noam Rathaus 99c56c5410 Add missing '-S' 2024-04-24 12:24:01 +03:00
jvoisin 5ff05b7cec Add more fingerprints 2024-04-24 00:12:01 +02:00