60aa1181ca
Add IBM WebSphere MQ Login Bruteforce module
...
Used to bruteforce usernames that can connect to the Queue Manager. The name of a valid server-connection channel without SSL configured is required, as well as a list of usernames to try.
* IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
* Tested on IBM MQ 7.5, 8 and 9
* Usage:
* Download and install MQ Server from the above link
* Create a new Queue Manager
* Create a new channel (without SSL)
* Allow remote connections for admin users by removing the CHLAUTH record that denies all users or configure access for a specific username.
* Run the module
2018-10-28 19:29:45 +00:00
92d5ab469c
Update ibm_mq_channel_brute.rb
2018-10-28 18:21:54 +00:00
296d9a08eb
Removing unnecessary line
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:10:51 +00:00
3e3be18189
Using print_line instead of print("\n")
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:10:14 +00:00
f8c829dc81
Using print_line instead of print("\n")
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:10:09 +00:00
67e8a7ce13
Changing CHANNELS_FILE option type
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:08:12 +00:00
f51a95465e
Changed http to https in metasploit url
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:07:20 +00:00
a6135e3738
Added "increase timeout" message
2018-10-28 17:48:15 +00:00
02d9d0f006
Add IBM WebSphere MQ Queue Manager Name and MQ Version Enumeration module
...
Run this auxiliary against the listening port of an IBM MQ Queue Manager to identify its name and version. Any channel type can be used to get this information as long as the name of the channel is valid.
* IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
* Tested on IBM MQ 7.5, 8 and 9
* Usage:
* Download and install MQ Server from the above link
* Create a new Queue Manager
* Create a new channel (without SSL)
* Run the module
2018-10-28 16:09:17 +00:00
a23cb7dfe8
Add IBM WebSphere MQ Channel Name Bruteforce module
...
Uses a dictionary to bruteforce MQ channel names. For all identified channels it also returns if SSL is used and whether it is a server-connection channel.
* IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
* Tested on IBM MQ 7.5, 8 and 9
* Usage:
** Download and install MQ Server
** Create a Queue Manager
** Create a new channel (without SSL)
** Run the module
2018-10-28 15:22:27 +00:00
e1a7c35834
Clean up check_banner
2018-10-25 05:20:20 -05:00
f90992dc08
Fix typo.
2018-10-25 17:55:01 +08:00
760b14e71d
Update the version match code.
2018-10-25 15:33:54 +08:00
d1111ace5d
fixes
2018-10-23 17:19:14 -04:00
9c49acb924
Fail scanner instead of returning
2018-10-23 10:07:38 -05:00
58a1b65e60
Update Exploit::CheckCode::Unknown
...
Brain fart.
2018-10-23 09:34:48 -05:00
899238a4e3
Update libssh_auth_bypass with command output
2018-10-23 09:34:42 -05:00
e6bbc6dbd6
Land #10845 , glassfish_traversal typo fix
2018-10-22 15:32:14 -05:00
6125ef06ad
fix small typo
2018-10-23 00:01:13 +08:00
accf9edf89
Land #10835 , libssh fingerprint improvements
2018-10-19 19:48:23 -05:00
abd425c863
Land #10819 , os_name population for ssh_login*
2018-10-19 15:53:38 -05:00
db7bd3d50c
Update style
2018-10-19 15:52:26 -05:00
e4c71265fb
Improve banner checking in libssh_auth_bypass
...
Now we do the right thing when libssh is patched.
2018-10-19 15:21:12 -05:00
21397330f8
Refactor fortinet_backdoor copypasta
2018-10-19 00:07:18 -05:00
863ab3447f
Add libssh auth bypass module
2018-10-18 23:03:23 -05:00
763506f28d
ssh_login now populates the os_name field
2018-10-16 22:02:44 -04:00
4a06fe1d4b
use store_valid_credential instead
2018-10-16 14:01:49 -04:00
f675ba5243
password not username
2018-10-11 17:08:03 -04:00
20a376130e
cat variable name
2018-10-11 17:04:57 -04:00
7cc46df6db
add docs and update cisco_device_manager
2018-10-11 17:01:38 -04:00
7bc98e0ea8
Fix formatting and convert a missed AKA reference
2018-10-05 03:22:08 -05:00
6967f461f1
Fixes
2018-09-22 10:04:59 +05:30
56b01dcf00
Land #10534 , Add FrontPage Credential Dump Module
...
This module downloads and parses the '_vti_pvt/service.pwd',
'_vti_pvt/administrators.pwd', and '_vti_pvt/authors.pwd' files
used by FrontPage to find credentials.
2018-09-22 04:13:24 +00:00
132008cd0e
fixes
2018-09-21 17:31:26 +00:00
17c7d828c1
fixes
2018-09-21 17:16:04 +00:00
02b2559953
Update documentation to match new output.
2018-09-21 12:50:13 -04:00
0746ab5847
Create credential table.
2018-09-21 12:44:10 -04:00
a603c04da5
Create credential table.
2018-09-21 12:42:32 -04:00
5842f0c012
Msftidy
2018-09-21 10:15:31 -04:00
02f4fc1876
Prefer to_s.empty?
...
Oh, hell, do it here, too.
2018-09-20 21:26:41 -05:00
c875f66154
Prefer to_s over || ''
...
Oops, I wasn't thinking clearly. to_s is cleaner.
2018-09-20 21:26:41 -05:00
9da87a600f
Add LEAK_COUNT option to Heartbleed
...
I should have done this in 2014, but I'm a slacker.
2018-09-20 19:49:07 -05:00
185931ca91
Land #10625 , repeat command to repeat commands
2018-09-20 15:24:03 -05:00
549440595f
Land #10627 , Add SMB2 support to smb_enumshares
2018-09-17 22:34:42 -05:00
6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
91edebb2ef
Add references, clean up code.
2018-09-17 10:30:54 -04:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
1ed3c0b001
Added Green-M to author list
2018-09-15 23:34:04 +02:00
4a72a2872f
Changes in couchdb_enum now includes versio checks
2018-09-15 21:19:51 +02:00
aed609d6f0
Changes in couchdb_enum to also include fill database enumeration
2018-09-15 13:58:54 +02:00
04cc7843a4
Typo fixes
2018-09-13 11:19:13 -05:00
d0e67c5b60
Add SMB2 support to smb_enumshares
2018-09-11 19:05:26 -05:00
a8f766cfd5
Update heartbleed description to mention `repeat`
2018-09-11 17:41:06 -05:00
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
552ff027cd
fixes
2018-09-07 15:18:11 +05:30
bc1173a857
code fixes
2018-09-07 15:11:49 +05:30
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
3546b9388c
correct CVE Reference
2018-09-05 10:29:49 -04:00
b8687d501c
msftidy corrections
2018-08-31 18:55:20 -04:00
69a785ff46
Update json for python modules
2018-08-31 16:56:22 -05:00
eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
2304c377db
Add IIS ShortName Scanner module
2018-08-30 08:46:22 +00:00
d21c108adf
Fix syntax error.
2018-08-28 12:00:31 -04:00
44df7939e9
Added docs. Made suggested code changes.
2018-08-28 10:56:05 -04:00
0ba1d11218
Add FrontPage Credential Dump
2018-08-27 15:02:39 -04:00
4e45100251
Add FrontPage Credential Dump
2018-08-27 14:20:26 -04:00
6df235062b
Land #10505 , post-auth and default creds info
2018-08-24 18:08:15 -05:00
578d2375d7
Add full disclosure for CVE-2018-15473
2018-08-22 14:49:13 -05:00
2780ae6ba9
Update false negatives
2018-08-21 08:50:26 -05:00
06582a00a0
Add module doc for ssh_enumusers
...
And update description in module.
2018-08-20 19:26:51 -05:00
819b8504e2
Add a little better randomization
2018-08-20 17:10:14 -05:00
b38a442bb0
Refactor once more with feeling
...
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
2018-08-20 16:25:32 -05:00
75403d7e05
Add testing note about logging
2018-08-17 20:20:12 -05:00
7287779555
Make false positive check optional
...
I couldn't repro this with pubkey-only auth. It also goes to the log.
2018-08-17 20:05:04 -05:00
8e3af2dcfc
Add CVE-2018-15473 to ssh_enumusers
2018-08-17 18:48:44 -05:00
60c0272270
Make style consistent
2018-08-15 21:27:40 -05:00
45e0b53fc8
Fix spacing issue with rocket
2018-08-15 14:59:52 -07:00
09434bd57c
Fix tabbing caused by incorrect VM nvim configuration
2018-08-15 07:00:45 -07:00
905f26372d
Remove host key checks on ssh scanner modules
2018-08-15 06:48:35 -07:00
85a137e0a0
Land #10420 , cgit < 1.2.1 Directory Traversal
2018-08-13 16:25:23 -05:00
5a3d040d71
Fix module, Add documentation
2018-08-13 15:48:21 -05:00
ce8cbd64d4
Land #10404 , Add Path Traversal Oracle GlassFish
2018-08-13 11:15:26 -05:00
14b12f38d0
Fixing
2018-08-05 23:26:18 +05:30
9502c26dc1
Updated
2018-08-05 19:14:12 +05:30
8a175f50cd
Indentation
2018-08-05 00:15:04 +05:30
ebcc9a3c20
Fixing Indentation
2018-08-04 19:16:12 +05:30
502c103d37
cgit < 1.2.1 Directory Traversal
2018-08-04 18:52:24 +05:30
458fca6ff0
Fixing
...
Thanks bcoles
2018-08-04 13:15:25 +05:30
1c82592882
Land #10358 , Add Dicoogle PACS Directory Traversal scanner module
2018-08-04 05:31:16 +00:00
e5dcfa62c9
remove encoding and escaping
2018-08-03 20:23:33 -04:00
0785d59146
Land #10412 , Add Cisco directory traversal auxiliary module
2018-08-02 16:44:59 -05:00
10d4061672
changed default port
2018-08-01 13:30:19 -05:00
de83926e6c
separated list_users into two functions
2018-08-01 12:59:53 -05:00
0264eb2ea3
cleaned up module
2018-08-01 09:51:45 -05:00
021264fd5a
listing files and grabbing logged in user names
2018-07-31 16:03:17 -05:00
090624fe17
Correctly set proto and sname in joomla_pages
2018-07-31 11:51:34 -05:00
41ce96b19d
Clean up module
2018-07-31 11:01:02 -05:00
323c814abf
Fixing some tweaks
2018-07-31 19:52:39 +05:30
55dce52bea
Fixing some tabbed indent
2018-07-31 18:24:28 +05:30
3a7d18a98d
Fixing, Warning of EOL
2018-07-31 18:11:09 +05:30
d9e94f94dc
Oracle GlassFish
2018-07-31 17:59:03 +05:30
a0b7a4986e
Making sure we connect to RMI
2018-07-30 23:25:32 -07:00
80d5d1d4ee
use variable port instead of datastore
2018-07-31 07:38:09 +02:00
b0fa17ccfb
Better output added to joomla_pages
2018-07-31 07:29:56 +02:00
ca8a01d27c
getting filenames in http responses
2018-07-30 16:25:45 -05:00
c3534a479e
JMX scanner
2018-07-30 13:25:15 -07:00
7cf2c840a3
metadata set up
2018-07-30 14:25:58 -05:00
d58785f959
Land #10247 , add WordPress Arbitrary File Deletion
2018-07-30 09:05:23 -05:00
c440eeaa31
rogue end
2018-07-29 10:35:33 -04:00
53cca07442
bcoles suggestions
2018-07-29 10:31:01 -04:00
c1418955f5
Land #10319 , enable VHOST for ms15_034_http_sys_memory_dump
2018-07-25 18:51:57 -05:00
5a7c25b498
Fix description
2018-07-25 15:13:41 -05:00
1105474fb9
Modify options for smb_login
...
Change default value for DETECT_ANY_AUTH
and add option for DETECT_ANY_DOMAIN
2018-07-25 14:53:06 -05:00
9fde9127ad
Land #10370 , minor CouchDB fix
2018-07-25 01:11:23 -05:00
d3b7dffcdc
Prefer res.body over res
2018-07-25 01:05:18 -05:00
bc89d7fe52
Land #10357 , CouchDB improvements and docs
2018-07-25 00:54:55 -05:00
625ea87ea9
Land #10368 , PhpMyAdmin Login Scanner Module
2018-07-24 23:25:27 -05:00
5df5ab30f6
Use store_valid_credential to save good credentials
2018-07-24 23:21:59 -05:00
efa3a77adc
modified name
2018-07-24 15:00:14 -05:00
4f81fcdc87
retn versions in chk_setup, tests to reflect, doc
2018-07-24 14:51:00 -05:00
976a3464e1
added phpmyadmin login scanner and aux module
2018-07-24 09:47:01 -05:00
aaf664db42
Update jboss_vulnscan.rb
...
Fixed a paste error, or sneaked in character in the app url.
2018-07-24 04:24:49 -07:00
dac5780feb
Land #10176 , creds data service CRUD operations
2018-07-23 23:36:32 -04:00
01acaa3ad9
Changed the app scan layout to reduce the complexity of the app_check branch. (as of suggestion by bcoles)
2018-07-23 00:41:49 -07:00
83ae5cb14d
fix backup_file.rb and add a few docs
2018-07-22 20:50:22 -04:00
2a969d70db
dicoogle
2018-07-21 21:31:45 -04:00
abfed97e03
remove EOL spaces
2018-07-21 11:21:11 -04:00
8b324c19d8
update couchdb scanner
2018-07-21 11:02:50 -04:00
c9e47d6d2b
Added check and response for CVE-2017-12149 in jboss_vulnscan.rb
2018-07-20 03:52:29 -07:00
65d42380d3
Merge branch 'master' into remote_creds_data
2018-07-19 16:25:06 -05:00
8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST
...
Added VHOST to cater to targets that require virtual hostname to be defined
2018-07-16 15:13:23 +08:00
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
cce3b6f369
Clean up module
2018-07-12 02:57:14 -05:00
7d8b9a90d7
Add more reporting
2018-07-11 17:22:48 -04:00
30c43e22d9
Fix typo
2018-07-11 17:04:31 -04:00
bb8ac4a7ab
Add info & update_info
2018-07-11 16:52:16 -04:00
c26fcc0af1
Merge branch 'master' into remote_creds_data
2018-07-11 10:27:49 -05:00
1f0045fa03
Improve Description
2018-07-11 01:27:10 -04:00
00f4d3967c
Add basic reporting
2018-07-11 00:47:43 -04:00
d488b51264
Use peer instead of ip & port
2018-07-11 00:41:55 -04:00
5a89642ddd
Simplify the module greatly
2018-07-11 00:15:56 -04:00
ffc2f044cc
Remove lines that were not required
2018-07-11 00:04:44 -04:00
7b1e7eb085
Minor improvement to description
2018-07-11 00:04:12 -04:00
2b2029b487
Align Hashrockets
2018-07-11 00:03:26 -04:00
9491c63778
Fix several minor details
2018-07-10 23:56:05 -04:00
66c207a124
Remove timeout of 25 seconds
2018-07-10 23:53:13 -04:00
718606c9f2
Add Auxiliary module to enumerate the Docker Server Version
2018-07-10 19:34:49 -04:00
4403a4ab47
Fix CVE number
2018-07-09 12:56:00 -05:00
bbc16e1873
Merge branch 'master' into remote_creds_data
2018-07-09 09:49:14 -05:00
aff39e65d5
Update missing CVE references for auxiliary modules
...
Based on existing references such as BID, OSVDB, blog posts, etc
2018-07-08 19:00:11 -05:00
1c448de882
Land #10107 , Add the scanner/smb/impacket/secretsdump module
2018-07-06 14:59:33 -05:00
e1a9aae109
Add Wordress Arbitrary File Deletion module
2018-07-03 12:21:38 +02:00
ce7d4cd280
Land #10109 , Teradata login scanner and SQL runner
2018-06-27 15:35:57 -05:00
9d8294fcc9
Mark Teradata login scanner executable
2018-06-27 15:35:13 -05:00
3985191e0f
Add `userpass` option to Teradata login scanner
2018-06-27 15:10:02 -05:00
ef309e0d5f
Fixup metadata whitespace
2018-06-27 15:09:23 -05:00
76535b5e51
Check hidden val && check auth requirement
2018-06-25 17:24:13 -05:00
10c36bbd7d
modified get_creds, renamed make_request
2018-06-25 12:45:06 -05:00
81bdbd712c
added disclosureDate and modified style
2018-06-22 15:58:21 -05:00
510c2d04ef
add auxiliary module and documentation - SickRage
2018-06-22 11:18:02 -05:00
b315886f9b
Update option description
2018-06-19 14:55:53 -05:00
9be8aa6877
Be more verbose on error handling
2018-06-19 14:54:27 -05:00
a0189cc3f6
made suggested changes to module
2018-06-19 12:22:44 -05:00
b78bb78f95
added auxiliary module and documentation
2018-06-18 10:25:33 -05:00
2ded48a510
Merge branch 'master' into remote_creds_data
2018-06-15 10:26:10 -05:00
9f2f61c481
Implement create_credential_and_login in the dataproxy
2018-06-14 13:28:03 -05:00
3b2889cd77
Land #10106 , Add the scanner/smb/impacket/wmiexec module
2018-06-05 08:33:34 -05:00
2bf5e26bfe
Removed `Deprecated` include from `udp_probe`
2018-05-31 14:32:31 -05:00
918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot`
2018-05-31 14:31:58 -05:00
b0d8e93e79
Added Teradata ODBC Login and SQL modules and documentation
2018-05-29 10:12:43 -05:00
7ac8af03d2
Remove the LD_PRELOAD hook for proxychains
2018-05-27 17:12:06 -04:00
28d15a113f
Add the secretsdump impacket module and docs
2018-05-27 17:09:59 -04:00
9fab2316c5
Add the wmiexec impacket module and documentation
2018-05-27 16:24:56 -04:00
0472b9df3f
Land #10024 , Fix find_or_create_* methods for remote data service
...
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
2018-05-22 17:08:46 -05:00
4ecc1ff551
Modify loots, notes and services search methods
...
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
2018-05-21 17:37:51 -04:00
7af7587519
Land #9999 , Optionally test empty group in cisco_ssl_vpn
2018-05-18 10:57:15 -05:00
999b895735
Land #9816 , Add the scanner/smb/impacket/dcomexec module
2018-05-16 07:15:32 -05:00
cc0fdee788
EmptyGroup advanced option, just in case...
2018-05-10 09:57:50 -05:00
79a0610436
remove empty group
2018-05-09 11:11:03 -05:00
a4ecd43a8f
remove unused constants
2018-05-07 00:24:38 -05:00
273e25265b
Add a QUERY OPTION
2018-04-23 20:51:04 -05:00
6ac30d1987
update influxdb_enum
2018-04-23 04:56:28 -05:00
0a3bcf570c
Add the scanner/smb/impacket/dcomexec module
2018-04-04 17:34:41 -04:00
63aabc00f1
etcd rubocop style
2018-04-04 11:01:38 -07:00
a8c76638d3
Rename
2018-04-04 10:54:20 -07:00
518e17118a
Add DisclosureDate
2018-04-04 10:52:47 -07:00
a6c31aceb2
Refactor common etc capabilities; add separate version scanner
2018-04-04 10:48:27 -07:00
3a54f0d5f8
Land #9776 , if data is nil, stop reading the heartbleed socket
2018-03-29 11:23:08 -05:00
a1e83ce835
Land #9760 , @h00die's etcd scanner
2018-03-28 10:41:22 -07:00
5cdfadd0df
Fix more style issues
2018-03-28 09:43:30 -07:00
7767505678
Fix some style issues
2018-03-28 09:43:22 -07:00
c97743925f
jhart suggestions
2018-03-27 18:46:31 -04:00
288bd28d3a
if data is nil stop reading the heartbleed socket
2018-03-27 15:51:14 -05:00
862a3ff74d
Land #9618 , pipe auditing improvements
2018-03-26 17:01:48 -05:00
327b2176c0
change and
2018-03-26 17:35:58 -04:00
217dea60fc
Update blog link to up-to-date blog post
2018-03-26 15:43:10 -04:00
e462cb49a2
updated docs
2018-03-25 14:53:30 -04:00
root
pkb1s
Brendan Coles
William Vu
Green-m
egre55
blue-bird1
Brent Cook
h00die
Shaksham Jaiswal
AverageSecurityGuy
Erin Bleiweiss
Hendrik Van Belleghem
Adam Cammack
Jacob Robles
BrianWGray
egre55
Wei Chen
Kevin Kirsche
Shelby Pace
Dhiraj Mishra
Sergey Gorbaty
Alexander Halbarth
timoles
Matthew Kienow
Timo
James Barnett
Sunny Neo
asoto-r7
Agora Security
Aloïs Thévenot
actuated
Spencer McIntyre
nixawk
Jon Hart
Jeffrey Martin
Andrew Morris