infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make auth checking optional and off by default

bug/bundler_fix
Jon Hart 2015-01-11 12:15:57 -08:00
parent 9491e4c977
commit d4843f46ed
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb
View File

@ -40,6 +40,12 @@ class Metasploit4 < Msf::Auxiliary
OptString.new('TARGETURI', [true, 'URI to test', '/']) OptString.new('TARGETURI', [true, 'URI to test', '/'])
], Exploit::Remote::HttpClient ], Exploit::Remote::HttpClient
) )
register_advanced_options(
[
OptBool.new('REQUIRE_AUTH', [true, 'Require that the tested URI require authentication', false])
], self.class
)
end end
def check_host(_ip) def check_host(_ip)
@ -98,7 +104,9 @@ class Metasploit4 < Msf::Auxiliary
end end
def test_misfortune def test_misfortune
return Exploit::CheckCode::Unknown unless requires_auth? if datastore['REQUIRE_AUTH']
return Exploit::CheckCode::Unknown unless requires_auth?
end
# find a usable canary URI (one that 401/404s already) # find a usable canary URI (one that 401/404s already)
unless canary = find_canary_uri unless canary = find_canary_uri