infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #8629, AKA (also known as) module reference

bug/bundler_fix
William Vu 2017-06-28 19:15:45 -05:00
parent 43d8c4c5e7 aa8c580aba
commit 7e1b50ab3b
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
17 changed files with 91 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/msf/core/module/reference.rb
View File

@ -95,26 +95,28 @@ class Msf::Module::SiteReference < Msf::Module::Reference
self.ctx_id = in_ctx_id self.ctx_id = in_ctx_id
self.ctx_val = in_ctx_val self.ctx_val = in_ctx_val
if (in_ctx_id == 'CVE') if in_ctx_id == 'CVE'
self.site = "https://cvedetails.com/cve/CVE-#{in_ctx_val}/" self.site = "https://cvedetails.com/cve/CVE-#{in_ctx_val}/"
elsif (in_ctx_id == 'CWE') elsif in_ctx_id == 'CWE'
self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html" self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
elsif (in_ctx_id == 'BID') elsif in_ctx_id == 'BID'
self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}" self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
elsif (in_ctx_id == 'MSB') elsif in_ctx_id == 'MSB'
self.site = "https://technet.microsoft.com/en-us/library/security/#{in_ctx_val}" self.site = "https://technet.microsoft.com/en-us/library/security/#{in_ctx_val}"
elsif (in_ctx_id == 'EDB') elsif in_ctx_id == 'EDB'
self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}" self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"
elsif (in_ctx_id == 'US-CERT-VU') elsif in_ctx_id == 'US-CERT-VU'
self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}" self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"
elsif (in_ctx_id == 'ZDI') elsif in_ctx_id == 'ZDI'
self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}" self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
elsif (in_ctx_id == 'WPVDB') elsif in_ctx_id == 'WPVDB'
self.site = "https://wpvulndb.com/vulnerabilities/#{in_ctx_val}" self.site = "https://wpvulndb.com/vulnerabilities/#{in_ctx_val}"
elsif (in_ctx_id == 'PACKETSTORM') elsif in_ctx_id == 'PACKETSTORM'
self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}" self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"
elsif (in_ctx_id == 'URL') elsif in_ctx_id == 'URL'
self.site = in_ctx_val.to_s self.site = in_ctx_val.to_s
elsif in_ctx_id == 'AKA'
self.site = "Also known as: #{in_ctx_val}"
else else
self.site = in_ctx_id self.site = in_ctx_id
self.site += " (#{in_ctx_val})" if (in_ctx_val) self.site += " (#{in_ctx_val})" if (in_ctx_val)

13
modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
View File

@ -32,12 +32,13 @@ class MetasploitModule < Msf::Auxiliary
'lcamtuf' # CVE-2014-6278 'lcamtuf' # CVE-2014-6278
], ],
'References' => [ 'References' => [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CVE', '2014-6278'], [ 'CVE', '2014-6271' ],
['OSVDB', '112004'], [ 'CVE', '2014-6278' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://access.redhat.com/articles/1200223'], [ 'EDB', '34765' ],
['URL', 'http://seclists.org/oss-sec/2014/q3/649'] [ 'URL', 'https://access.redhat.com/articles/1200223' ],
[ 'URL', 'http://seclists.org/oss-sec/2014/q3/649' ]
], ],
'DisclosureDate' => 'Sep 24 2014', 'DisclosureDate' => 'Sep 24 2014',
'License' => MSF_LICENSE 'License' => MSF_LICENSE

2
modules/auxiliary/scanner/smb/smb_ms17_010.rb
View File

@ -33,6 +33,8 @@ class MetasploitModule < Msf::Auxiliary
], ],
'References' => 'References' =>
[ [
[ 'AKA', 'DOUBLEPULSAR' ],
[ 'AKA', 'ETERNALBLUE' ],
[ 'CVE', '2017-0143'], [ 'CVE', '2017-0143'],
[ 'CVE', '2017-0144'], [ 'CVE', '2017-0144'],
[ 'CVE', '2017-0145'], [ 'CVE', '2017-0145'],

15
modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
View File

@ -130,13 +130,14 @@ class MetasploitModule < Msf::Auxiliary
], ],
'References' => 'References' =>
[ [
['CVE', '2014-0160'], [ 'AKA', 'Heartbleed' ],
['US-CERT-VU', '720951'], [ 'CVE', '2014-0160' ],
['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A'], [ 'US-CERT-VU', '720951' ],
['URL', 'http://heartbleed.com/'], [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],
['URL', 'https://github.com/FiloSottile/Heartbleed'], [ 'URL', 'http://heartbleed.com/' ],
['URL', 'https://gist.github.com/takeshixx/10107280'], [ 'URL', 'https://github.com/FiloSottile/Heartbleed' ],
['URL', 'http://filippo.io/Heartbleed/'] [ 'URL', 'https://gist.github.com/takeshixx/10107280' ],
[ 'URL', 'http://filippo.io/Heartbleed/' ]
], ],
'DisclosureDate' => 'Apr 7 2014', 'DisclosureDate' => 'Apr 7 2014',
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,

15
modules/auxiliary/server/dhclient_bash_env.rb
View File

@ -36,13 +36,14 @@ class MetasploitModule < Msf::Auxiliary
], ],
'DefaultAction' => 'Service', 'DefaultAction' => 'Service',
'References' => [ 'References' => [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CWE', '94'], [ 'CVE', '2014-6271' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/'], [ 'EDB', '34765' ],
['URL', 'http://seclists.org/oss-sec/2014/q3/649'], [ 'URL', 'https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/' ],
['URL', 'https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/'] [ 'URL', 'http://seclists.org/oss-sec/2014/q3/649' ],
[ 'URL', 'https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/' ]
], ],
'DisclosureDate' => 'Sep 24 2014' 'DisclosureDate' => 'Sep 24 2014'
) )

9
modules/auxiliary/server/openssl_heartbeat_client_memory.rb
View File

@ -30,10 +30,11 @@ class MetasploitModule < Msf::Auxiliary
'DefaultAction' => 'Capture', 'DefaultAction' => 'Capture',
'References' => 'References' =>
[ [
['CVE', '2014-0160'], [ 'AKA', 'Heartbleed' ],
['US-CERT-VU', '720951'], [ 'CVE', '2014-0160' ],
['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A'], [ 'US-CERT-VU', '720951' ],
['URL', 'http://heartbleed.com/'] [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],
[ 'URL', 'http://heartbleed.com/' ]
], ],
'DisclosureDate' => 'Apr 07 2014' 'DisclosureDate' => 'Apr 07 2014'
) )

1
modules/exploits/android/browser/stagefright_mp4_tx3g_64bit.rb
View File

@ -50,6 +50,7 @@ class MetasploitModule < Msf::Exploit::Remote
], ],
'References' => 'References' =>
[ [
[ 'AKA', 'stagefright' ],
[ 'CVE', '2015-3864' ], [ 'CVE', '2015-3864' ],
[ 'URL', 'https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/' ], [ 'URL', 'https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/' ],
[ 'URL', 'http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html' ], [ 'URL', 'http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html' ],

15
modules/exploits/linux/http/advantech_switch_bash_env_exec.rb
View File

@ -18,13 +18,14 @@ class MetasploitModule < Msf::Exploit::Remote
}, },
'Author' => 'hdm', 'Author' => 'hdm',
'References' => [ 'References' => [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CWE', '94'], [ 'CVE', '2014-6271' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://community.rapid7.com/community/infosec/blog/2015/12/01/r7-2015-25-advantech-eki-multiple-known-vulnerabilities'], [ 'EDB', '34765' ],
['URL', 'https://access.redhat.com/articles/1200223'], [ 'URL', 'https://community.rapid7.com/community/infosec/blog/2015/12/01/r7-2015-25-advantech-eki-multiple-known-vulnerabilities' ],
['URL', 'http://seclists.org/oss-sec/2014/q3/649'] [ 'URL', 'https://access.redhat.com/articles/1200223' ],
[ 'URL', 'http://seclists.org/oss-sec/2014/q3/649' ]
], ],
'Privileged' => false, 'Privileged' => false,
'Arch' => ARCH_CMD, 'Arch' => ARCH_CMD,

1
modules/exploits/linux/http/ipfire_bashbug_exec.rb
View File

@ -24,6 +24,7 @@ class MetasploitModule < Msf::Exploit::Remote
], ],
'References' => 'References' =>
[ [
[ 'AKA', 'Shellshock' ],
[ 'EDB', '34839' ], [ 'EDB', '34839' ],
[ 'CVE', '2014-6271'] [ 'CVE', '2014-6271']
], ],

13
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb
View File

@ -27,12 +27,13 @@ class MetasploitModule < Msf::Exploit::Remote
], ],
'References' => 'References' =>
[ [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CWE', '94'], [ 'CVE', '2014-6271' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc'], [ 'EDB', '34765' ],
['URL', 'http://download.pureftpd.org/pub/pure-ftpd/doc/README.Authentication-Modules'] [ 'URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc' ],
[ 'URL', 'http://download.pureftpd.org/pub/pure-ftpd/doc/README.Authentication-Modules' ]
], ],
'Payload' => 'Payload' =>
{ {

15
modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb
View File

@ -25,13 +25,14 @@ class MetasploitModule < Msf::Exploit::Remote
'lcamtuf' # CVE-2014-6278 'lcamtuf' # CVE-2014-6278
], ],
'References' => [ 'References' => [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CVE', '2014-6278'], [ 'CVE', '2014-6271' ],
['CWE', '94'], [ 'CVE', '2014-6278' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://access.redhat.com/articles/1200223'], [ 'EDB', '34765' ],
['URL', 'http://seclists.org/oss-sec/2014/q3/649'] [ 'URL', 'https://access.redhat.com/articles/1200223' ],
[ 'URL', 'http://seclists.org/oss-sec/2014/q3/649' ]
], ],
'Payload' => 'Payload' =>
{ {

15
modules/exploits/multi/http/cups_bash_env_exec.rb
View File

@ -22,13 +22,14 @@ class MetasploitModule < Msf::Exploit::Remote
'Brendan Coles <bcoles[at]gmail.com>' # msf 'Brendan Coles <bcoles[at]gmail.com>' # msf
], ],
'References' => [ 'References' => [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CVE', '2014-6278'], [ 'CVE', '2014-6271' ],
['CWE', '94'], [ 'CVE', '2014-6278' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://access.redhat.com/articles/1200223'], [ 'EDB', '34765' ],
['URL', 'http://seclists.org/oss-sec/2014/q3/649'] [ 'URL', 'https://access.redhat.com/articles/1200223' ],
[ 'URL', 'http://seclists.org/oss-sec/2014/q3/649' ]
], ],
'Privileged' => false, 'Privileged' => false,
'Arch' => ARCH_CMD, 'Arch' => ARCH_CMD,

9
modules/exploits/osx/local/vmware_bash_function_root.rb
View File

@ -28,10 +28,11 @@ class MetasploitModule < Msf::Exploit::Local
], ],
'References' => 'References' =>
[ [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CWE', '94'], [ 'CVE', '2014-6271' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'] [ 'OSVDB', '112004' ],
[ 'EDB', '34765' ]
], ],
'Platform' => 'osx', 'Platform' => 'osx',
'Arch' => [ ARCH_X64 ], 'Arch' => [ ARCH_X64 ],

15
modules/exploits/unix/dhcp/bash_environment.rb
View File

@ -32,13 +32,14 @@ class MetasploitModule < Msf::Exploit::Remote
'Arch' => ARCH_CMD, 'Arch' => ARCH_CMD,
'References' => 'References' =>
[ [
['CVE', '2014-6271'], [ 'AKA', 'Shellshock' ],
['CWE', '94'], [ 'CVE', '2014-6271' ],
['OSVDB', '112004'], [ 'CWE', '94' ],
['EDB', '34765'], [ 'OSVDB', '112004' ],
['URL', 'https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/'], [ 'EDB', '34765' ],
['URL', 'http://seclists.org/oss-sec/2014/q3/649'], [ 'URL', 'https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/' ],
['URL', 'https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/'] [ 'URL', 'http://seclists.org/oss-sec/2014/q3/649' ],
[ 'URL', 'https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/' ]
], ],
'Payload' => 'Payload' =>
{ {

1
modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb
View File

@ -34,6 +34,7 @@ class MetasploitModule < Msf::Exploit::Remote
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' =>
[ [
[ 'AKA', 'EXPLODINGCAN' ],
[ 'CVE', '2017-7269' ], [ 'CVE', '2017-7269' ],
[ 'BID', '97127' ], [ 'BID', '97127' ],
[ 'URL', 'https://github.com/edwardz246003/IIS_exploit' ], [ 'URL', 'https://github.com/edwardz246003/IIS_exploit' ],

1
modules/exploits/windows/smb/ms17_010_eternalblue.rb
View File

@ -47,6 +47,7 @@ class MetasploitModule < Msf::Exploit::Remote
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' =>
[ [
[ 'AKA', 'ETERNALBLUE' ],
[ 'MSB', 'MS17-010' ], [ 'MSB', 'MS17-010' ],
[ 'CVE', '2017-0143' ], [ 'CVE', '2017-0143' ],
[ 'CVE', '2017-0144' ], [ 'CVE', '2017-0144' ],

2
tools/dev/msftidy.rb
View File

@ -184,7 +184,7 @@ class Msftidy
warn("Invalid WPVDB reference") if value !~ /^\d+$/ warn("Invalid WPVDB reference") if value !~ /^\d+$/
when 'PACKETSTORM' when 'PACKETSTORM'
warn("Invalid PACKETSTORM reference") if value !~ /^\d+$/ warn("Invalid PACKETSTORM reference") if value !~ /^\d+$/
when 'URL' when 'URL' || 'AKA'
if value =~ /^http:\/\/cvedetails\.com\/cve/ if value =~ /^http:\/\/cvedetails\.com\/cve/
warn("Please use 'CVE' for '#{value}'") warn("Please use 'CVE' for '#{value}'")
elsif value =~ /^http:\/\/www\.securityfocus\.com\/bid\// elsif value =~ /^http:\/\/www\.securityfocus\.com\/bid\//