Pull Requests by Repository

Open Pull Requests (101)

# Title Author Assignees Labels Review Age Updated
#21168 added multi python support for payloads that lacked it jeanmtr unassigned ⚠ Needs Review 5 days ago 3 days ago
#21165 Repull of HUSTOJ CVE-2026-24479 exploit oxagast unassigned ⚠ Needs Review 6 days ago 1 day ago
#21153 Fix reused Datastore option visibility mutations Nayeraneru cdelafuente-r7 bug rn-fix ⚠ Needs Review 6 days ago 3 days ago
#21150 Enhance documentation for fetch adapter methods Nayeraneru unassigned ⚠ Needs Review 1 week ago 1 week ago
#21146 Style/RuboCop: Finalize YARD documentation and fix lints in Core/Modules dispatchers Ganesh-abc unassigned ⚠ Needs Review 1 week ago 6 days ago
#21145 Enhance method documentation in auth_brute.rb Nayeraneru unassigned ⚠ Needs Review 1 week ago 1 week ago
#21144 Enhance documentation for HTTP module methods Nayeraneru unassigned ⚠ Needs Review 1 week ago 1 week ago
#21141 Custom Meterpreter Loader jbx81-1337 unassigned ⚠ Needs Review 1 week ago 6 days ago
#21138 [Bug Fix] Auxiliary: Check if module is meant to have rhosts g0tmi1k unassigned ⚠ Needs Review 1 week ago 1 week ago
#21123 Add RAP fallback to smb_enumshares for legacy SMB hosts Z6543 unassigned ⚠ Needs Review 1 week ago 1 week ago
#21122 Camaleon CMS CVE 2024 46987 bootstrapbool unassigned ⚠ Needs Review 1 week ago 1 week ago
#21106 WIP: Adds support for Linux x86/x64 migrate msutovsky-r7 unassigned ⚠ Needs Review 1 week ago 1 week ago
#21103 [WIP - DO NOT MERGE] Spike evasion modules for Windows Exploits which use EXE files sjanusz-r7 unassigned ⚠ Needs Review 2 weeks ago 1 day ago
#21097 auxiliary/scanner/ftp/anonymous: Add report_service() g0tmi1k unassigned enhancement rn-enhancement ⚠ Needs Review 2 weeks ago 6 days ago
#21095 Adds exploit module for ChurchCRM authenticated RCE (CVE-2025-68109) LucasCsmt unassigned ⚠ Needs Review 2 weeks ago 2 weeks ago
#21093 Fix #18845: Centralize platform resolution and fix FileDropper bug svm1048 unassigned ⚠ Needs Review 2 weeks ago 2 weeks ago
#21075 Add AVideo catName blind SQLi credential dump (CVE-2026-28501) Chocapikk bwatters-r7 module ⚠ Needs Review 2 weeks ago 3 days ago
#21073 Fix duplicate handler jobs caused by stop_handler on repeated run Hemang360 unassigned ⚠ Needs Review 2 weeks ago 2 weeks ago
#21069 Add FreeScout ZWSP .htaccess unauthenticated RCE module (CVE-2026-28289) Chocapikk cdelafuente-r7 module docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21067 Upsonic unauthenticated cloudpickle deserialization RCE (CVE-2026-0773) exploitintel unassigned ⚠ Needs Review 3 weeks ago 6 days ago
#21066 smolagents RemotePythonExecutor rogue Jupyter server pickle RCE (CVE-2025-14931) exploitintel unassigned ⚠ Needs Review 3 weeks ago 6 days ago
#21065 Langflow /api/v1/validate/code exec() code injection RCE (CVE-2026-0768) exploitintel unassigned module docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21064 pyquokka FlightServer gRPC pickle deserialization RCE (CVE-2025-62515) exploitintel unassigned module docs rn-modules ⚠ Needs Review 3 weeks ago 6 days ago
#21061 Open WebUI Tools API exec() Code Injection RCE (CVE-2026-0766) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21060 FUXA SCADA/HMI Referer Authentication Bypass to RCE (CVE-2025-69985) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21059 Langflow custom_component eval_custom_component_code() RCE (CVE-2026-0769) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21058 Apache HugeGraph PD Hessian2 Deserialization RCE (CVE-2025-26866) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 6 days ago
#21057 LaRecipe Blade SSTI Unauthenticated RCE (CVE-2025-53833) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21056 CyberArk Conjur Policy Factory ERB SSTI RCE (CVE-2025-49828) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21055 Add Grafana Image Renderer arbitrary file write RCE module (CVE-2025-11539) exploitintel unassigned module needs-docs rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21053 Add Apache Dubbo Telnet JNDI Injection RCE module (CVE-2021-32824) exploitintel cdelafuente-r7 module rn-modules ⚠ Needs Review 3 weeks ago 3 days ago
#21048 Update the SOCKS proxy to use the new RelayManager zeroSteiner unassigned ⚠ Needs Review 3 weeks ago 1 week ago
#21039 Add Windows Kernel Pointer Exposure Enumerator (Info Gathering) CharlesQuinnDev msutovsky-r7 module rn-modules ⚠ Needs Review 3 weeks ago 1 week ago
#21023 Add: exploits/multi/http/os_cmd_exec g0tmi1k unassigned needs-docs needs-linting ⚠ Needs Review 4 weeks ago 1 day ago
#21004 Fix trailing backslash in shell registry operations EclipseAditya unassigned rn-fix ⚠ Needs Review 1 month ago 1 month ago
#20999 Remove obsolete windows/local/persistence in favor of windows/persistence/registry Aaditya1273 unassigned enhancement rn-enhancement ⚠ Needs Review 1 month ago 4 weeks ago
#20977 php_eval: Improve check, fix exploit, add POST support & more verbose g0tmi1k unassigned ⚠ Needs Review 1 month ago 2 weeks ago
#20973 HWBridge: support sessions -c execution and preserve non-200 JSON errors bitstr3m-48 unassigned enhancement ⚠ Needs Review 1 month ago 1 day ago
#20933 Windows Persistence: Powershell Profile madefourit dledda-r7 module docs ⚠ Needs Review 1 month ago 1 month ago
#20918 Add AssemblyObfuscator class jbx81-1337 msutovsky-r7 ⚠ Needs Review 1 month ago 1 month ago
#20881 Add Kerberos type hashes to cracking h00die jheysel-r7 enhancement ⚠ Needs Review 2 months ago 2 weeks ago
#20843 windows telemetry persistence h00die msutovsky-r7 module docs ⚠ Needs Review 2 months ago 4 weeks ago
#20839 New persistence module: Microsoft Bits h00die dledda-r7 module docs ⚠ Needs Review 2 months ago 1 month ago
#21179 Fix encoding issues in files adfoster-r7 unassigned rn-no-release-notes 1 comment 1 day ago 1 day ago
#21177 Tenable Security Center post gather module h00die unassigned module docs 1 comment 2 days ago 1 day ago
#21175 Add additional markdown notes adfoster-r7 unassigned 13 comments 2 days ago 1 day ago
#21174 Fix command parsing option frofrom msfconsole cli adfoster-r7 unassigned 1 comment 2 days ago 1 day ago
#21172 Add HTTP and HTTPS fetch payloads for Windows x86 bwatters-r7 unassigned payload 1 comment 2 days ago 2 days ago
#21158 Add auxiliary module for Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE-2026-20127) sfewer-r7 jheysel-r7 module docs rn-modules 4 comments 6 days ago 2 days ago
#21155 Add exploit module for Dompdf RCE (CVE-2022-28368) Adithyadspawar unassigned module docs 8 comments 6 days ago 1 day ago
#21149 Add documentation for auxiliary scanner modules Adithyadspawar unassigned 9 comments 1 week ago 6 days ago
#21147 Add documentation for auxiliary/scanner/http/wordpress_pingback_access Devansh7006 unassigned 1 comment 1 week ago 1 week ago
#21143 Php meterpreter tcp server tests SaiSakthidar smcintyre-r7 payload-testing-branch 4 comments 1 week ago 2 days ago
#21140 Fix NoMethodError in PKINIT extract_user_and_realm RiOxFRANKY unassigned additional-testing-required 1 comment 1 week ago 1 week ago
#21137 Add Kerberos trace subscriber support davidgvad unassigned additional-testing-required 1 comment 1 week ago 1 week ago
#21131 Fix 20875 linux exit payloads svm1048 unassigned 2 comments 1 week ago 1 week ago
#21128 Add Persistence Technique: Windows Port Monitor Nayeraneru unassigned 22 comments 1 week ago 5 days ago
#21127 sysgauge_client_bof: Updated initialize() g0tmi1k unassigned 2 comments 1 week ago 3 days ago
#21126 Naming Consistencies g0tmi1k unassigned 1 comment 1 week ago 1 week ago
#21125 Make DHCP use report_host() and add verbose option g0tmi1k unassigned 1 comment 1 week ago 1 week ago
#21104 Fix NoMethodError in Kerberos client decoding by adding ASN.1 structural validation Aaditya1273 unassigned additional-testing-required 7 comments 2 weeks ago 1 week ago
#21102 Reapply "This adjusts module options that need a routable address" zeroSteiner adfoster-r7, dledda-r7 additional-testing-required 10 comments 2 weeks ago 3 days ago
#21101 *brute deprecated in favour of *_brute g0tmi1k unassigned 1 comment 2 weeks ago 2 weeks ago
#21092 Fix syscall_inject compilation errors on MacOS with MinGW 15 sjanusz-r7 unassigned 2 comments 2 weeks ago 2 weeks ago
#21090 Add report_service() g0tmi1k unassigned enhancement rn-enhancement 5 comments 2 weeks ago 3 days ago
#21087 Payloads Manager Plugin jbx81-1337 msutovsky-r7 needs-docs 21 comments 2 weeks ago 6 days ago
#21085 Update block-api to prepare for a random IV dledda-r7 bwatters-r7, smcintyre-r7, msutovsky-r7 13 comments 2 weeks ago 3 days ago
#21082 Add documentation for msfconsole.rc automatic resource script #19727. Closes #19727. Ganesh-abc unassigned 7 comments 2 weeks ago 2 weeks ago
#21078 Fix ChurchCRM unauthenticated RCE module Chocapikk msutovsky-r7 2 comments 2 weeks ago 2 weeks ago
#21077 Fix choose_encoder fallback to properly update datastore Chocapikk unassigned 1 comment 2 weeks ago 2 weeks ago
#21072 Add module for CVE-2000-0979 Windows 9x/Me SMB share password enumeration Z6543 unassigned 4 comments 2 weeks ago 1 week ago
#21063 GNU inetutils telnetd CREDENTIALS_DIRECTORY privilege escalation (CVE-2026-28372) exploitintel cdelafuente-r7 module rn-modules 23 comments 3 weeks ago 1 week ago
#21054 Add Apache Zeppelin environment variable injection RCE module (CVE-2024-31866) exploitintel unassigned module needs-docs rn-modules 10 comments 3 weeks ago 1 week ago
#21050 New module For LDAP Signing Check bhaskarbhar unassigned additional-testing-required 5 comments 3 weeks ago 5 days ago
#21041 Add exploit module for Gestioip3.5.7 RCE (CVE 2024-48760) Odeez24 msutovsky-r7 module docs 26 comments 3 weeks ago 3 days ago
#21037 Add GL.iNet Router Exploit Chain (CVE-2025-67089, CVE-2025-67090) AleksaZatezalo unassigned module docs rn-modules 19 comments 3 weeks ago 1 week ago
#21036 Fix #18138: cleanup called twice when Post/Auxiliary modules fail EclipseAditya msutovsky-r7 bug 6 comments 3 weeks ago 3 weeks ago
#21035 Add Barracuda ESG Spreadsheet::ParseExcel RCE exploit (CVE-2023-7102) Alpenlol msutovsky-r7 module 1 comment 3 weeks ago 3 weeks ago
#21034 Add openDCIM install.php SQLi to RCE module Chocapikk unassigned 7 comments 3 weeks ago 1 week ago
#21032 windows persistence userinit_mpr_logon Nayeraneru unassigned 3 comments 3 weeks ago 1 week ago
#21031 LDAP Reporting Improvements zeroSteiner cdelafuente-r7 additional-testing-required 31 comments 3 weeks ago 1 day ago
#21030 Fix Nikto XML import: XPath, deprecated note data, and CVE/URL vuln reporting bitcoin4cashqc unassigned 5 comments 3 weeks ago 4 days ago
#21029 Adds exploit module for Grav CMS (CVE-2025-50286) x1o3 msutovsky-r7 module docs 25 comments 3 weeks ago 1 day ago
#21027 fix: correct ARM LE ELF SO entry point alignment #19668 SilentSobs msutovsky-r7 1 comment 3 weeks ago 3 weeks ago
#21019 phpmyadmin_config: Add check, support v3.1.x & CVE-2009-1285 g0tmi1k unassigned enhancement 31 comments 1 month ago 2 weeks ago
#21016 Add QuestDB SQL API Interaction Module (CNVD-2026-84827) ctkqiang unassigned module needs-docs 19 comments 1 month ago 1 week ago
#21008 Add kernel_rex_version for kernel parsing EclipseAditya msutovsky-r7 enhancement rn-enhancement 7 comments 1 month ago 4 weeks ago
#21003 Unified Selenium Grid/Selenoid RCE with Firefox + Chrome auto-detection Chocapikk msutovsky-r7 module docs enhancement rn-modules 1 comment 1 month ago 1 month ago
#20979 php_include: Improve check & Clean up g0tmi1k unassigned 2 comments 1 month ago 2 weeks ago
#20963 Add SQL session upgrade to meterpreter for PostgreSQL rudraditya21 smcintyre-r7 module 5 comments 1 month ago 1 week ago
#20948 Add initial osticket arbitraray file read auxiliary module ArkaprabhaChakraborty jheysel-r7 module docs 45 comments 1 month ago 2 days ago
#20944 Add Specs for mkdir post API to behave consistently across session types Nayeraneru msutovsky-r7 tests blocked 9 comments 1 month ago 4 weeks ago
#20862 add compat check to msftidy h00die unassigned 6 comments 2 months ago 2 months ago
#20814 s4u persistence updates h00die dledda-r7 docs enhancement 6 comments 2 months ago 1 month ago
#20813 Add Objective See Hunter Module: OSX Antivirus Enumeration and Disablement gardnerapp cdelafuente-r7 module needs-docs 37 comments 3 months ago 1 month ago
#20779 Add auxiliary module for Pterodactyl Panel CVE-2025-49132 n05ec jheysel-r7 module docs 13 comments 3 months ago 1 week ago
#20752 Add Authenticating Web Enrollment module for AD/CS bwatters-r7 smcintyre-r7 module docs rn-modules additional-testing-required 46 comments 3 months ago 1 week ago
#20618 fixes the "unsupported token: 169" error that occurs when executing stored procedures against Microsoft SQL Aaditya1273 jheysel-r7 3 comments 5 months ago 1 month ago
#20617 Add OptArray datastore option type Aaditya1273 jheysel-r7 7 comments 5 months ago 1 month ago
#20419 Initial support for Malleable C2 Profiles in HTTP Meterpreter OJ smcintyre-r7, dledda-r7 meterpreter blocked feature payload breaking change 48 comments 8 months ago 4 days ago
#20037 Add Apport Symlink Hijacking: CVE-2020-8831 gardnerapp bwatters-r7 module needs-docs needs-linting 66 comments 11 months ago 1 week ago

Open Pull Requests (12)

# Title Author Assignees Labels Review Age Updated
#644 Fix to build metasploitable3 on kali Lackierer unassigned ⚠ Needs Review 1 month ago 1 month ago
#636 Skip packing option serious-toothache unassigned ⚠ Needs Review 10 months ago 10 months ago
#628 Fix libvirt guests alarmfox unassigned ⚠ Needs Review 1 year ago 1 year ago
#623 when I run build.ps1 file I face some errors, so if found solution tha… abhinayjangde unassigned ⚠ Needs Review 1 year ago 1 year ago
#603 remove expired DST root CA deargle unassigned ⚠ Needs Review 2 years ago 2 years ago
#489 only fetch apache continuum if missing deargle unassigned ⚠ Needs Review 5 years ago 4 years ago
#474 Fixed Issue 281 finnlestrange unassigned ⚠ Needs Review 5 years ago 5 years ago
#406 Fix sudo issues with packer build for ub1404 rhythmize unassigned ⚠ Needs Review 6 years ago 6 years ago
#604 add a status function to proftpd service file deargle unassigned 1 comment 2 years ago 2 years ago
#488 add ingreslock vuln deargle unassigned 1 comment 5 years ago 2 years ago
#332 Hyperv 1803 OptmizerLLC unassigned 10 comments 7 years ago 6 years ago
#174 Converted to Chef provisioning 0xbadshah unassigned delayed 13 comments 8 years ago 6 years ago

Open Pull Requests (8)

# Title Author Assignees Labels Review Age Updated
#797 Reflective Loader for extensions in metsrv msutovsky-r7 unassigned ⚠ Needs Review 3 days ago 1 day ago
#794 Add ARM64 cross-compilation support for Windows Meterpreter SilentSobs unassigned ⚠ Needs Review 1 week ago 3 days ago
#773 Remove references to Visual Studio < 2019 zeroSteiner bwatters-r7 ⚠ Needs Review 6 months ago 6 months ago
#795 Fixing direct syscall to use new format jbx81-1337 bwatters-r7 6 comments 1 week ago 1 day ago
#793 Tcp support php meterpreter SaiSakthidar smcintyre-r7 metasploit-framework-testing-branch 6 comments 1 month ago 1 week ago
#792 Adds support for nested directories msutovsky-r7 dledda-r7 3 comments 1 month ago 1 month ago
#791 Extension Encryption xHector1337 unassigned 6 comments 1 month ago 4 days ago
#759 Initial support for Malleable C2 Profiles in Windows Metepreter OJ dledda-r7 windows feature 29 comments 8 months ago 1 day ago

Open Pull Requests (3)

# Title Author Assignees Labels Review Age Updated
#293 Adds support for nested directories msutovsky-r7 unassigned ⚠ Needs Review 1 month ago 1 month ago
#292 Update Metasploit URL adfoster-r7 unassigned ⚠ Needs Review 2 months ago 1 month ago
#287 Adds migrate command for Linux x64/x86 msutovsky-r7 dledda-r7 ⚠ Needs Review 5 months ago 1 week ago

Open Pull Requests (2)

# Title Author Assignees Labels Review Age Updated
#194 Bump rubyzip dependency to ~> 3.0 ptownes-r7 unassigned 1 comment 5 months ago 5 months ago
#162 Update jtr formats adfoster-r7 unassigned 5 comments 3 years ago 3 years ago

Open Pull Requests (2)

# Title Author Assignees Labels Review Age Updated
#241 Bump json from 2.18.1 to 2.19.2 dependabot[bot] unassigned dependencies ruby ⚠ Needs Review 1 week ago 1 week ago
#199 Test m1 building adfoster-r7 unassigned 9 comments 1 year ago 1 year ago

Open Pull Requests (2)

# Title Author Assignees Labels Review Age Updated
#24 Add install active directory install command adfoster-r7 unassigned 5 comments 3 years ago 2 years ago
#5 Initial swag at VirtualBox support pbarry-r7 unassigned 11 comments 8 years ago 8 years ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#294 Add Windows 95/98/ME SMB1 support Z6543 unassigned ⚠ Needs Review 1 week ago 1 week ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#74 Feat/block api iv dledda-r7 smcintyre-r7 3 comments 2 weeks ago 3 days ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#80 Add `Interface` socket option for binding to a network interface karandesai2005 unassigned 2 comments 1 week ago 1 week ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#45 Add and use #reset! zeroSteiner unassigned 6 comments 3 weeks ago 1 week ago

Open Pull Requests (1)

# Title Author Assignees Labels Review Age Updated
#12 Adapting to Regexp.new's New Signature in Ruby 3.3+ BinRacer unassigned ⚠ Needs Review 7 months ago 7 months ago

Top items this last week

New Open Pull Requests

Check out some of the new Open Pull Requests for this week!
Fix encoding issues in files 2026-03-25T16:31:07+00:00 adfoster-r7
Tenable Security Center post gather module 2026-03-24T21:28:42+00:00 h00die
Add additional markdown notes 2026-03-24T16:11:06+00:00 adfoster-r7
Fix command parsing option frofrom msfconsole cli 2026-03-24T14:12:14+00:00 adfoster-r7
Add HTTP and HTTPS fetch payloads for Windows x86 2026-03-24T00:23:28+00:00 bwatters-r7
added multi python support for payloads that lacked it 2026-03-21T19:17:41+00:00 jeanmtr
Repull of HUSTOJ CVE-2026-24479 exploit 2026-03-20T20:53:25+00:00 oxagast
Add auxiliary module for Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE-2026-20127) 2026-03-20T12:47:24+00:00 sfewer-r7
Add exploit module for Dompdf RCE (CVE-2022-28368) 2026-03-20T10:30:27+00:00 Adithyadspawar
Fix reused Datastore option visibility mutations 2026-03-20T07:49:09+00:00 Nayeraneru
Enhance documentation for fetch adapter methods 2026-03-19T19:49:32+00:00 Nayeraneru
Add documentation for auxiliary scanner modules 2026-03-19T17:10:58+00:00 Adithyadspawar
Add documentation for auxiliary/scanner/http/wordpress_pingback_access 2026-03-19T12:33:32+00:00 Devansh7006
Style/RuboCop: Finalize YARD documentation and fix lints in Core/Modules dispatchers 2026-03-19T08:23:40+00:00 Ganesh-abc
Enhance method documentation in auth_brute.rb 2026-03-19T05:46:18+00:00 Nayeraneru
Enhance documentation for HTTP module methods 2026-03-19T05:11:56+00:00 Nayeraneru
Add MITRE ATT&CK tags for two modules 2026-03-24T21:45:46+00:00 zeroSteiner
Bump the setup-php version to 2.37.0 2026-03-24T19:33:33+00:00 zeroSteiner
Fixes VBS payload format generating 2026-03-24T08:53:09+00:00 msutovsky-r7
Adds options to report summary to overide verbose output 2026-03-23T15:56:21+00:00 cgranleese-r7
Fix binary-safe Mach-O detection 2026-03-21T20:22:04+00:00 SaiSakthidar
fix: correct typo 'Authentification' to 'Authentication' in postgres and mssql files 2026-03-21T08:00:21+00:00 vatsalgargg
fix: correct typo 'recieved' to 'received' in two files 2026-03-21T07:55:48+00:00 vatsalgargg
Update SharpHound ingestors #19775 2026-03-20T11:39:48+00:00 Adithyadspawar
KerberosTicketTrace: Add centralized Kerberos tracing with metadata/full modes + module integration 2026-03-20T02:37:24+00:00 Pushpenderrathore
Update test_encoders.rb 2026-03-19T22:30:30+00:00 carloshslpaiva-cpu
Add global datastore option configuration 2026-03-19T12:58:31+00:00 adfoster-r7
Reflective Loader for extensions in metsrv 2026-03-23T09:38:27+00:00 msutovsky-r7
Bump json from 2.18.1 to 2.19.2 2026-03-19T12:54:29+00:00 dependabot[bot]

New Open Features and Enhancements

Check out some of the new Open Features and Enhancements for this week!

New Open Bugs

Check out some of the new Open Bugs for this week!
Service Inconsistencies in `report_service` vs `create_credential` 2026-03-20T11:13:08+00:00 h00die
msfvenom unable to generate VBS payloads 2026-03-23T12:37:20+00:00 OppressionBreedsResistance