infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First step on module cleaning.

unstable
Efrain Torres 2012-02-20 16:28:19 -06:00 committed by Tod Beardsley
parent 237038dca4
commit 9c6fec3c33
14 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
data/wmap/wmap_dirs.txt
View File

@ -459,6 +459,7 @@ api
aponline
app
appeals
appl
apple
applet
applets
@ -525,6 +526,8 @@ aw
awStats
awardsearch
awstatsoutput
axis
axis2
axis-cgi
ayuda
b
@ -855,6 +858,7 @@ connect
connected
conquer
console
consola
consumer
contact
contact-us
@ -1801,6 +1805,7 @@ marketing
mary
master
mastergate
mastercraft
math
math-ph
matrix

1
modules/auxiliary/scanner/http/backup_file.rb
View File

@ -44,6 +44,7 @@ class Metasploit3 < Msf::Auxiliary
'.backup',
'.bak',
'.copy',
'.copia',
'.old',
'.orig',
'.temp',

4
modules/auxiliary/scanner/http/brute_dirs.rb
View File

@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
register_options(
[
OptString.new('PATH', [ true, "The path to identify directories", '/']),
OptString.new('FORMAT', [ true, "The expected directory format (a alpha, d digit, A upperalpha)", 'aaa'])
OptString.new('FORMAT', [ true, "The expected directory format (a alpha, d digit, A upperalpha)", 'a,aa,aaa'])
], self.class)
register_advanced_options(
@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
# You may add multiple formats in the array
forma = []
forma << datastore['FORMAT']
forma = datastore['FORMAT'].split(',')
ecode = datastore['ErrorCode'].to_i
extens.each do |exte|

1
modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb
View File

@ -14,7 +14,6 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanServer
include Msf::Auxiliary::Scanner
def initialize

5
modules/auxiliary/scanner/http/drupal_views_user_enum.rb
View File

@ -10,6 +10,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanServer
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
@ -35,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
register_options(
[
OptString.new('URIPATH', [true, "Drupal Path", "/"]),
OptString.new('PATH', [true, "Drupal Path", "/"]),
], self.class)
end
@ -70,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
# Check if remote host is available or appears vulnerable
if not check(enum_uri)
print_error("#{ip} does not appear to be vulnerable, will not continue")
print_status("#{ip} does not appear to be vulnerable, will not continue")
return
end

1
modules/auxiliary/scanner/http/files_dir.rb
View File

@ -67,6 +67,7 @@ class Metasploit3 < Msf::Auxiliary
'.exe',
'.html',
'.htm',
'.ini',
'.log',
'.old',
'.orig',

2
modules/auxiliary/scanner/http/frontpage_login.rb
View File

@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
if (fpversion = res.match(/FPVersion="(.*)"/))
fpversion = $1
print_status("#{info} FrontPage Version: #{fpversion}")
report_service(:host => target_host, :port => port, :name => "http", :info => "#{server_version} FrontPage Version: #{fpversion}")
if (fpauthor = res.match(/FPAuthorScriptUrl="([^"]*)/))
fpauthor = $1
print_status("#{info} FrontPage Author: #{info}#{fpauthor}")

14
modules/auxiliary/scanner/http/http_put.rb
View File

@ -14,6 +14,7 @@ require 'msf/core'
class Metasploit4 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanDir
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
@ -49,8 +50,9 @@ class Metasploit4 < Msf::Auxiliary
register_options(
[
OptString.new('PATH', [true, "The path to attempt to write or delete", "/msf_http_put_test.txt"]),
OptString.new('DATA', [false, "The data to upload into the file", "msf test file"]),
OptString.new('PATH', [true, "The path to attempt to write or delete", "/"]),
OptString.new('FILENAME', [true, "The file to attempt to write or delete", "msf_http_put_test.txt"]),
OptString.new('FILEDATA', [false, "The data to upload into the file", "msf test file"]),
OptString.new('ACTION', [true, "PUT or DELETE", "PUT"])
], self.class)
end
@ -123,10 +125,16 @@ class Metasploit4 < Msf::Auxiliary
#
def run_host(ip)
path = datastore['PATH']
data = datastore['DATA']
data = datastore['FILEDATA']
#Add "/" if necessary
path = "/#{path}" if path[0,1] != '/'
if path[-1,1] != '/'
path += '/'
end
path += datastore['FILENAME']
case action.name
when 'PUT'

5
modules/auxiliary/scanner/http/lucky_punch.rb
View File

@ -17,7 +17,6 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanUniqueQuery
include Msf::Auxiliary::Scanner
@ -45,10 +44,6 @@ class Metasploit3 < Msf::Auxiliary
end
def wmap_enabled
false
end
def run_host(ip)
# Weird to indent for practical reasons.

5
modules/auxiliary/scanner/http/replace_ext.rb
View File

@ -64,13 +64,16 @@ class Metasploit3 < Msf::Auxiliary
'.tmp',
'.old',
'.htm',
'.ini',
'.cfg',
'.html',
'.php',
'.temp',
'.tmp',
'.java',
'.doc',
'.log'
'.log',
'.xml'
]

1
modules/auxiliary/scanner/http/scraper.rb
View File

@ -17,6 +17,7 @@ class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanServer
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report

1
modules/auxiliary/scanner/http/trace.rb
View File

@ -11,6 +11,7 @@ class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanServer
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner

3
modules/auxiliary/scanner/http/verb_auth_bypass.rb
View File

@ -17,7 +17,8 @@ class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanServer
include Msf::Auxiliary::WmapScanDir
include Msf::Auxiliary::WmapScanFile
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report

5
modules/auxiliary/scanner/http/web_vulndb.rb
View File

@ -48,6 +48,11 @@ class Metasploit3 < Msf::Auxiliary
], self.class)
end
# Modify to true if you have sqlmap installed.
def wmap_enabled
false
end
def run_host(ip)
conn = false