Pull Requests by Repository

Open Pull Requests (100)

# Title Author Assignees Labels Review Age Updated
#21587 Add Kopia server SFTP ProxyCommand argument injection exploit (CVE-2026-45695) kenlacroix unassigned ⚠ Needs Review today today
#21586 Add Splunk PostgreSQL sidecar unauthenticated file operation scanner (CVE-2026-20253) kenlacroix unassigned ⚠ Needs Review today today
#21585 Add LiteLLM MCP test endpoint command execution exploit (CVE-2026-42271) kenlacroix unassigned ⚠ Needs Review today today
#21581 Smb meterpreter upgrade dwelch-r7 unassigned rn-modules ⚠ Needs Review 1 day ago 1 day ago
#21579 Add extra fields to MCP tools zeroSteiner unassigned enhancement rn-enhancement ⚠ Needs Review 2 days ago 1 day ago
#21578 Fixed issue #21572, rescued ActiveRecord::NoDatabaseError arpan-pramanik unassigned ⚠ Needs Review 3 days ago 3 days ago
#21576 Reporting refactor - first iteration cdelafuente-r7 unassigned blocked rn-enhancement ⚠ Needs Review 3 days ago 3 days ago
#21575 FTP mixin: Report if host is up but service doesn't match g0tmi1k unassigned ⚠ Needs Review 3 days ago 3 days ago
#21574 FTP mixin: Check for complete response g0tmi1k unassigned ⚠ Needs Review 3 days ago 3 days ago
#21573 Add Support for Windows .writable? in Post Mixin jheysel-r7 unassigned library enhancement rn-enhancement ⚠ Needs Review 4 days ago 1 day ago
#21565 Add Audiobookshelf authentication bypass scanner (CVE-2025-25205) kenlacroix jheysel-r7 module docs rn-modules ⚠ Needs Review 6 days ago today
#21550 Add Windows Boot Verification Program persistence M4nu02 unassigned module rn-modules ⚠ Needs Review 1 week ago 1 week ago
#21548 Adds fail-safe for search fileless fetch payloads and updates the docs accordingly msutovsky-r7 unassigned bug payload rn-fix ⚠ Needs Review 1 week ago today
#21532 Adds module for Ubuntu Snap privilege escalation (CVE-2026-3888) msutovsky-r7 unassigned module docs rn-modules ⚠ Needs Review 2 weeks ago 1 week ago
#21527 Add Authentication to the MCP server's HTTP transport zeroSteiner unassigned enhancement rn-enhancement ⚠ Needs Review 2 weeks ago 1 week ago
#21511 ssh_creds: PARSE_KNOWN_HOSTS & CRACK_KNOWN_HOSTS g0tmi1k unassigned ⚠ Needs Review 3 weeks ago 3 weeks ago
#21508 sshexec: Timeout & KEY_FILE support g0tmi1k unassigned ⚠ Needs Review 3 weeks ago 3 weeks ago
#21507 SSH_Login: Various improvements g0tmi1k unassigned ⚠ Needs Review 3 weeks ago 3 weeks ago
#21491 Add Peyara Remote Mouse RCE Module capture0x msutovsky-r7 module docs ⚠ Needs Review 4 weeks ago 2 weeks ago
#21490 Fix http version scanner h00die adfoster-r7 bug ⚠ Needs Review 4 weeks ago 4 weeks ago
#21482 Network map/topology module h00die unassigned module docs additional-testing-required ⚠ Needs Review 1 month ago 1 week ago
#21473 Add Apache .htaccess Persistence Module 4ravind-b msutovsky-r7 module docs ⚠ Needs Review 1 month ago 1 week ago
#21468 Fix FTP anonymous login detection when ANONYMOUS_LOGIN option is enabled kuro-toji cdelafuente-r7 bug ⚠ Needs Review 1 month ago 3 weeks ago
#21461 Kate plugin persistence h00die unassigned module docs ⚠ Needs Review 1 month ago 3 weeks ago
#21456 Adds Fragnesia module (CVE-2026-46300) msutovsky-r7 unassigned module docs rn-modules ⚠ Needs Review 1 month ago 4 days ago
#21445 MIPS Payload updates dledda-r7 unassigned rn-payload-enhancement ⚠ Needs Review 1 month ago 1 day ago
#21409 WIP - DO NOT MERGE dledda-r7 smcintyre-r7, dledda-r7 module rn-modules ⚠ Needs Review 1 month ago 1 month ago
#21402 Add WinRM PowerShell session support karanabe unassigned ⚠ Needs Review 1 month ago 1 month ago
#21384 Fetch Multi Part 2: The Fetchening bwatters-r7 msutovsky-r7 ⚠ Needs Review 1 month ago 3 days ago
#21308 Upgrade framework to rails 8.0 dwelch-r7 unassigned ⚠ Needs Review 2 months ago 1 week ago
#21294 WIP: JIT Templates Generation dledda-r7 msutovsky-r7 additional-testing-required ⚠ Needs Review 2 months ago 1 month ago
#21239 Add Linux LoongArch64 execute command payload bcoles adfoster-r7 payload ⚠ Needs Review 2 months ago 1 week ago
#21235 Add RISC-V XOR encoders for riscv32le and riscv64le bcoles bwatters-r7 riscv ⚠ Needs Review 2 months ago 2 days ago
#21184 Fix service inconsistencies in create_credential vs report_service Hemang360 unassigned ⚠ Needs Review 2 months ago 2 months ago
#21141 Meterpreter Loader Improvements jbx81-1337 smcintyre-r7 ⚠ Needs Review 3 months ago 1 month ago
#21125 DHCP mixin: Make DHCP use report_host() and add verbose option g0tmi1k unassigned ⚠ Needs Review 3 months ago 1 month ago
#21106 Adds support for Linux x86/x64 migrate msutovsky-r7 dledda-r7 ⚠ Needs Review 3 months ago 2 months ago
#21072 Add module for CVE-2000-0979 Windows 9x/Me SMB share password enumeration Z6543 smcintyre-r7 module rn-modules ⚠ Needs Review 3 months ago 1 month ago
#20963 Add SQL session upgrade to meterpreter for PostgreSQL rudraditya21 smcintyre-r7 module ⚠ Needs Review 4 months ago 2 months ago
#21580 Add CSR tracing to CertificateTrace for AD CS enrollment Pushpenderrathore unassigned 1 comment 1 day ago 1 day ago
#21569 Prevent file descriptor leaks in user input handling dwelch-r7 unassigned rn-fix additional-testing-required 7 comments 4 days ago 4 days ago
#21568 Add Kerberos ticket trace verbosity levels eve0805 unassigned additional-testing-required 1 comment 4 days ago 4 days ago
#21567 Add LiteLLM proxy pre-auth SQL injection scanner (CVE-2026-42208) kenlacroix unassigned 12 comments 5 days ago today
#21566 Add Next.js middleware authorization bypass scanner (CVE-2025-29927) kenlacroix jheysel-r7 module docs rn-modules 2 comments 6 days ago today
#21562 Align UDP #recvfrom usage with the stdlib zeroSteiner unassigned additional-testing-required 22 comments 1 week ago today
#21552 Fix LHOST validation rejecting tunnel hostnames when DNS lookup fails stzifkas unassigned library rn-fix 29 comments 1 week ago 1 week ago
#21551 Metasploit Reverse Handler Detector h00die unassigned module rn-modules 1 comment 1 week ago 1 week ago
#21541 Add OpenBullet2 modules (CVE-2026-25856 and CVE-2026-39908) vognik unassigned module rn-modules 1 comment 2 weeks ago 3 days ago
#21536 fix: handle ActiveRecord::RecordInvalid in ssh_creds when workspace is reset 4ravind-b unassigned 2 comments 2 weeks ago 1 week ago
#21534 Spike Windows version checks in exploit targets and payloads sjanusz-r7 unassigned 3 comments 2 weeks ago 3 days ago
#21531 Add documentation for printer scanner modules u7k4rs6 unassigned 3 comments 2 weeks ago 2 weeks ago
#21529 Fixes de-registering datastore options validation cgranleese-r7 unassigned rn-fix additional-testing-required 29 comments 2 weeks ago 1 day ago
#21522 Add Windows Time Provider persistence module M4nu02 unassigned 8 comments 2 weeks ago 3 days ago
#21521 Add Windows Defender BlueHammer LPE exploit (CVE-2026-33825) anasabugaddara-ux unassigned module rn-modules 26 comments 2 weeks ago 3 days ago
#21516 pam auth backdoor h00die unassigned module docs 8 comments 3 weeks ago 2 days ago
#21510 ssh_key_persistence: Bug fixes g0tmi1k unassigned 4 comments 3 weeks ago 3 weeks ago
#21501 Add Windows Print Processor persistence module M4nu02 jheysel-r7 module docs 15 comments 3 weeks ago 2 weeks ago
#21499 osx priv-esc cve-2024-27822 h00die msutovsky-r7 module docs 4 comments 3 weeks ago 1 day ago
#21496 Persistence Module Updates (create_process, mkdir, attck) h00die unassigned enhancement additional-testing-required 1 comment 3 weeks ago 3 weeks ago
#21493 Add Dalfox Unauthenticated RCE module (CVE-2026-45087) Takahiro-Yoko unassigned module docs 1 comment 3 weeks ago 1 day ago
#21483 Stageless PHP/Python/Java/Windows/Mettle with Malleable C2 profile support OJ smcintyre-r7, dledda-r7 9 comments 1 month ago 1 day ago
#21479 SSH mixin: New functions to help populate workspaces g0tmi1k unassigned 6 comments 1 month ago 2 weeks ago
#21477 Add Windows support to docker_image persistence M4nu02 unassigned enhancement 8 comments 1 month ago 1 week ago
#21470 fix: filter deregistered options from datastore on validation 4ravind-b unassigned 3 comments 1 month ago 1 week ago
#21453 Be more specific in pinning ActionView and pin railties to prevent er… bwatters-r7 adfoster-r7 2 comments 1 month ago 3 weeks ago
#21452 Add Pterodactyl Panel locale.json RCE [CVE-2025-49132] jheysel-r7 unassigned module docs rn-modules 9 comments 1 month ago 1 day ago
#21450 ssh_identify_pubkeys -> ssh_key_login g0tmi1k unassigned 1 comment 1 month ago 3 weeks ago
#21446 Terminal save state h00die dledda-r7 module docs 2 comments 1 month ago 1 week ago
#21442 Add readline support to interactive shells ShorterKing unassigned 12 comments 1 month ago 3 weeks ago
#21438 ssh_enumusers: Update workspace g0tmi1k unassigned enhancement 1 comment 1 month ago 3 weeks ago
#21436 reload_lib: Misc improvements g0tmi1k unassigned 12 comments 1 month ago 3 days ago
#21435 reload_lib: Stop caching results since startup g0tmi1k unassigned 2 comments 1 month ago 4 days ago
#21433 detect_kippo -> ssh_honeypot & Add Cowrie support g0tmi1k unassigned 1 comment 1 month ago 3 weeks ago
#21427 TCP mixin: Add report_host() to Exploit::Remote::Tcp g0tmi1k unassigned 2 comments 1 month ago 1 month ago
#21426 Strip out same address in msg (#2) g0tmi1k unassigned additional-testing-required 1 comment 1 month ago 1 month ago
#21423 ollama auto update persistence h00die dledda-r7 module docs 15 comments 1 month ago 1 week ago
#21422 ftp_anonymous: Fixes & improvements g0tmi1k unassigned enhancement 2 comments 1 month ago 3 weeks ago
#21416 FTP mixin: Fixes & improvements g0tmi1k cdelafuente-r7 enhancement 37 comments 1 month ago 3 days ago
#21407 Add Flowise CSV Agent Prompt Injection RCE module (CVE-2026-41264) Takahiro-Yoko msutovsky-r7 module docs 11 comments 1 month ago 1 week ago
#21396 Auth_Brute mixin: Add report_host/report_service & remove dup IP:PORT g0tmi1k jheysel-r7 7 comments 1 month ago 2 days ago
#21393 ssh_version: Various improvements g0tmi1k unassigned 2 comments 1 month ago 3 weeks ago
#21388 ftp_bounce: Various improvements g0tmi1k unassigned additional-testing-required 2 comments 1 month ago 4 weeks ago
#21386 OSX AV Hunter gardnerapp unassigned module needs-docs 11 comments 1 month ago 3 weeks ago
#21382 reload_lib -a: [Bug fix] Compares against default branch g0tmi1k unassigned 3 comments 1 month ago 1 month ago
#21379 ftp_login: Various improvements g0tmi1k cdelafuente-r7 rn-enhancement 103 comments 1 month ago 3 days ago
#21378 ftp_version: Use FTP mixin g0tmi1k unassigned blocked enhancement 8 comments 1 month ago 3 days ago
#21377 vsftpd_234_backdoor: Port to FTP mixin g0tmi1k unassigned enhancement 12 comments 1 month ago 3 weeks ago
#21312 Removes redundant callings of cleanup msutovsky-r7 bwatters-r7 bug rn-fix 2 comments 2 months ago 1 week ago
#21237 Add staged RISC-V (riscv64le/riscv32le) Linux payloads bcoles bwatters-r7 payload riscv 24 comments 2 months ago 3 days ago
#21234 Add Ghost CMS RCE Exploit (CVE-2026-29053) vognik msutovsky-r7 module docs 30 comments 2 months ago 2 weeks ago
#21191 Add an initial module graph database in neo4j zeroSteiner unassigned 10 comments 2 months ago 3 days ago
#21128 Add Persistence Technique: Windows Port Monitor Nayeraneru dledda-r7 27 comments 3 months ago 1 month ago
#21126 Naming Consistencies g0tmi1k unassigned 2 comments 3 months ago 1 week ago
#21123 Add RAP fallback to smb_enumshares for legacy SMB hosts Z6543 smcintyre-r7 module docs rn-modules 1 comment 3 months ago 1 month ago
#21050 New module For LDAP Signing Check bhaskarbhar unassigned additional-testing-required 6 comments 3 months ago 2 weeks ago
#21036 Adds specs for post/auxiliary module cleanup EclipseAditya msutovsky-r7 blocked bug rn-fix 6 comments 3 months ago 1 month ago
#20944 Add Specs for mkdir post API to behave consistently across session types Nayeraneru msutovsky-r7 tests blocked 9 comments 4 months ago 3 months ago
#20918 Add AssemblyObfuscator class jbx81-1337 msutovsky-r7 payload 13 comments 4 months ago 2 months ago
#20862 add compat check to msftidy h00die unassigned 6 comments 5 months ago 5 months ago
#20037 Add Apport Symlink Hijacking: CVE-2020-8831 gardnerapp jheysel-r7 module needs-docs needs-linting 86 comments 1 year ago 2 weeks ago

Open Pull Requests (12)

# Title Author Assignees Labels Review Age Updated
#644 Fix to build metasploitable3 on kali Lackierer unassigned ⚠ Needs Review 4 months ago 4 months ago
#636 Skip packing option serious-toothache unassigned ⚠ Needs Review 1 year ago 1 month ago
#628 Fix libvirt guests alarmfox unassigned ⚠ Needs Review 1 year ago 1 year ago
#623 when I run build.ps1 file I face some errors, so if found solution tha… abhinayjangde unassigned ⚠ Needs Review 1 year ago 1 year ago
#603 remove expired DST root CA deargle unassigned ⚠ Needs Review 2 years ago 2 years ago
#489 only fetch apache continuum if missing deargle unassigned ⚠ Needs Review 5 years ago 4 years ago
#474 Fixed Issue 281 finnlestrange unassigned ⚠ Needs Review 5 years ago 5 years ago
#406 Fix sudo issues with packer build for ub1404 rhythmize unassigned ⚠ Needs Review 6 years ago 6 years ago
#604 add a status function to proftpd service file deargle unassigned 1 comment 2 years ago 2 years ago
#488 add ingreslock vuln deargle unassigned 1 comment 5 years ago 2 years ago
#332 Hyperv 1803 OptmizerLLC unassigned 10 comments 7 years ago 6 years ago
#174 Converted to Chef provisioning 0xbadshah unassigned delayed 13 comments 8 years ago 6 years ago

Open Pull Requests (7)

# Title Author Assignees Labels Review Age Updated
#800 Fix incorrect `Py_XDECREF/Py_DECREF` call on stolen reference after `PyList_SetItem` failure wr-web unassigned ⚠ Needs Review 1 month ago 1 month ago
#797 Reflective Loader for extensions in metsrv msutovsky-r7 bwatters-r7, dledda-r7 ⚠ Needs Review 2 months ago 1 month ago
#792 Adds support for nested directories msutovsky-r7 dledda-r7 ⚠ Needs Review 4 months ago 2 months ago
#791 Extension Encryption xHector1337 unassigned ⚠ Needs Review 4 months ago 1 month ago
#773 Remove references to Visual Studio < 2019 zeroSteiner bwatters-r7 ⚠ Needs Review 9 months ago 8 months ago
#801 Stageless PHP/Python/Java/Windows with Malleable C2 profile support OJ dledda-r7 15 comments 1 month ago 1 day ago
#794 Add ARM64 cross-compilation support for Windows Meterpreter SilentSobs unassigned 10 comments 3 months ago 1 day ago

Open Pull Requests (4)

# Title Author Assignees Labels Review Age Updated
#295 Fix MacOS CI jbx81-1337 dledda-r7 ⚠ Needs Review 2 days ago today
#292 Update Metasploit URL adfoster-r7 unassigned ⚠ Needs Review 4 months ago 4 months ago
#287 Adds migrate command for Linux x64/x86 msutovsky-r7 dledda-r7 ⚠ Needs Review 7 months ago 2 months ago
#294 Stageless Mettle with Malleable C2 profile support OJ dledda-r7 27 comments 1 month ago today

Open Pull Requests (3)

# Title Author Assignees Labels Review Age Updated
#300 Ignore inherited methods in BinData field-name guard (#261) arpitjain099 unassigned ⚠ Needs Review 2 weeks ago 2 weeks ago
#299 Fix SECURITY_DESCRIPTOR Control bitfield ordering arpitjain099 unassigned ⚠ Needs Review 2 weeks ago 2 weeks ago
#296 Add NetBIOS name resolution fallback for session_request Z6543 smcintyre-r7 12 comments 1 month ago 1 month ago

Open Pull Requests (3)

# Title Author Assignees Labels Review Age Updated
#244 Bump addressable from 2.8.8 to 2.9.0 dependabot[bot] unassigned dependencies ruby ⚠ Needs Review 2 months ago 2 months ago
#241 Bump json from 2.18.1 to 2.19.2 dependabot[bot] unassigned dependencies ruby ⚠ Needs Review 3 months ago 3 months ago
#199 Test m1 building adfoster-r7 unassigned 9 comments 2 years ago 1 year ago

Open Pull Requests (2)

# Title Author Assignees Labels Review Age Updated
#83 Fix #recvfrom to match stdlib zeroSteiner sjanusz-r7 ⚠ Needs Review 1 month ago 2 days ago
#82 Add #send, deprecate #sendto in UDP zeroSteiner sjanusz-r7 ⚠ Needs Review 1 month ago 2 days ago

Open Pull Requests (2)

# Title Author Assignees Labels Review Age Updated
#24 Add install active directory install command adfoster-r7 unassigned 5 comments 3 years ago 2 years ago
#5 Initial swag at VirtualBox support pbarry-r7 unassigned 11 comments 8 years ago 8 years ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#228 Add ModuleExecution and related data models cdelafuente-r7 unassigned enhancement ⚠ Needs Review 3 days ago 3 days ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#162 Update jtr formats adfoster-r7 unassigned 5 comments 4 years ago 4 years ago

Top items this last week

New Open Pull Requests

Check out some of the new Open Pull Requests for this week!
Add Kopia server SFTP ProxyCommand argument injection exploit (CVE-2026-45695) 2026-06-19T15:38:37+00:00 kenlacroix
Add Splunk PostgreSQL sidecar unauthenticated file operation scanner (CVE-2026-20253) 2026-06-19T13:59:54+00:00 kenlacroix
Add LiteLLM MCP test endpoint command execution exploit (CVE-2026-42271) 2026-06-19T12:35:54+00:00 kenlacroix
Smb meterpreter upgrade 2026-06-18T13:05:05+00:00 dwelch-r7
Add CSR tracing to CertificateTrace for AD CS enrollment 2026-06-18T10:10:48+00:00 Pushpenderrathore
Add extra fields to MCP tools 2026-06-17T18:14:25+00:00 zeroSteiner
Fixed issue #21572, rescued ActiveRecord::NoDatabaseError 2026-06-16T23:06:09+00:00 arpan-pramanik
Reporting refactor - first iteration 2026-06-16T17:48:35+00:00 cdelafuente-r7
FTP mixin: Report if host is up but service doesn't match 2026-06-16T14:45:52+00:00 g0tmi1k
FTP mixin: Check for complete response 2026-06-16T12:02:58+00:00 g0tmi1k
Add Support for Windows .writable? in Post Mixin 2026-06-15T21:56:52+00:00 jheysel-r7
Prevent file descriptor leaks in user input handling 2026-06-15T11:40:12+00:00 dwelch-r7
Add Kerberos ticket trace verbosity levels 2026-06-15T09:52:18+00:00 eve0805
Add LiteLLM proxy pre-auth SQL injection scanner (CVE-2026-42208) 2026-06-14T13:02:12+00:00 kenlacroix
Add Next.js middleware authorization bypass scanner (CVE-2025-29927) 2026-06-13T15:25:45+00:00 kenlacroix
Add Audiobookshelf authentication bypass scanner (CVE-2025-25205) 2026-06-13T14:23:20+00:00 kenlacroix
Fixed issue #21572 - Catch NoDatabaseError on msfconsole exit 2026-06-16T18:16:39+00:00 arpan-pramanik
Exclude deleted files from modified files list 2026-06-15T13:05:54+00:00 dwelch-r7
Fix undefined call to ArmBE to_linux_armbe_elf 2026-06-15T13:04:37+00:00 sjanusz-r7
Fix SMB version crash on smb1 2026-06-13T09:38:25+00:00 adfoster-r7
Add ModuleExecution and related data models 2026-06-16T15:53:25+00:00 cdelafuente-r7
Fix MacOS CI 2026-06-17T15:29:09+00:00 jbx81-1337

New Open Features and Enhancements

Check out some of the new Open Features and Enhancements for this week!

New Open Bugs

Check out some of the new Open Bugs for this week!
# MSSQL modules appear broken in 6.4.x releases with `undefined method 'length' for false` 2026-06-18T13:31:27+00:00 koptufilim
Cannot quit msfconsole if you start the docker database after starting msfconsole. 2026-06-15T20:17:40+00:00 bwatters-r7