93f66a1f22
uppercase
2019-01-15 08:04:11 -05:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
24f807490f
revisionism
2019-01-10 19:19:14 +00:00
9f8bac59f7
Land #11215 , success
2019-01-10 12:57:46 -06:00
86850e7062
Land #11217 , fix syntax and logic errors in badpdf module
2019-01-10 12:52:08 -06:00
4bfb90ce06
new PCOM module to send admin commands
2019-01-09 20:27:15 +00:00
913c80c352
Land #11106 , Allen-Bradley legacy protocol DoS
2019-01-09 12:12:02 -06:00
0f156140fe
Clean up module
2019-01-09 12:11:50 -06:00
cf1b4b43cb
auxiliary/fileformat/badpdf: fix syntax and logic error in options handling
2019-01-09 14:30:24 +01:00
0c984fa232
Fix messages /successfuly/successfully
2019-01-09 06:32:22 -06:00
f96514528b
Land #10648 , auth bypass for couchdb_enum
2019-01-07 12:53:11 -06:00
3a726554e9
Fix review comments
2019-01-07 12:51:52 -06:00
50b7d93a18
java_jmx_scanner: Incorporate @bcoles suggestions
2018-12-19 12:56:53 -06:00
51ce96a2b4
Merge branch 'jmx_scanner' of https://github.com/sgorbaty/metasploit-framework into sgorbaty-jmx_scanner
2018-12-18 16:05:03 -06:00
b2b410cbbe
DoS Exploitation of Allen-Bradley legacy protocol (PCCC)
2018-12-18 16:49:53 +00:00
8b79634338
Update a few stragglers
...
And since eaton_xpert_backdoor was copied from my fortinet_backdoor
module, update the error handling there, too.
2018-12-12 15:47:18 -06:00
6e77ae7e3e
Update my SSH scanner modules
...
Especially with proper error handling for Net::SSH::CommandStream.
2018-12-12 15:36:54 -06:00
7cffbac65b
Update additional scanner modules.
2018-12-12 15:32:31 -06:00
fa2164ebb9
Update to match coding style.
2018-12-12 15:32:31 -06:00
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
904f342848
Option to not create shell on login.
2018-12-12 15:32:30 -06:00
b109321b44
Kill `unless not`
2018-12-11 10:16:16 -06:00
ac88c604fd
Remove copy/pasta'd funtion that was never called
2018-12-11 10:02:36 -06:00
3f18ffa224
Land #10318 , Oracle function-based index privesc
2018-12-10 11:32:39 -06:00
d0f1f72426
Clean up module
2018-12-10 11:21:16 -06:00
7f4d97ef46
don't embed status characters in messages, use correct logging instead
2018-12-07 13:29:56 -06:00
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
55a9a12670
Land #10964 , add initial golang modules for enumerating owa/o365
2018-12-04 10:33:37 -06:00
b11bcd92a4
Broken into 3 modules, addressed review comments
2018-12-03 10:25:21 -06:00
ab1bea1b22
Land #10798 , Cisco device manager update
2018-12-03 01:39:19 -06:00
5b926bcbcf
Addressed feedback
2018-11-30 13:18:02 -06:00
6225c04b99
Address review feedback, fix bugs
2018-11-30 11:36:39 -06:00
bd41895fc4
Removed "randomizer"
2018-11-30 09:44:14 -05:00
1eeb1005db
Update modules/auxiliary/admin/oracle/oracle_index_privesc.rb
...
Use print_error for errors and print the error details,
Co-Authored-By: moshekaplan <me@moshekaplan.com>
2018-11-30 09:39:57 -05:00
8047bf2b09
Add authenticating... message
2018-11-30 07:24:35 -06:00
b31afb4e3d
Spaces at EOL fixes
2018-11-29 17:29:05 -06:00
fcbc0cddba
Land #11035 , improve fingerprinting for Cisco ASA VPN scanner
2018-11-29 16:41:22 -06:00
88ca775fd3
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 13:31:31 -06:00
3de07f1bff
Add Notes metadata and warning
2018-11-29 06:35:37 -06:00
bfaa6cb416
Add module suggestion
2018-11-29 06:23:45 -06:00
6845f44a2e
Logic...
2018-11-28 20:26:27 -06:00
2864c30965
Fix fail_with issue
2018-11-28 20:18:03 -06:00
e142f5716e
Update documentation
2018-11-28 19:08:01 -06:00
1af7cf2b3b
Update print statements
2018-11-28 18:03:55 -06:00
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
9c0c9b3ba9
Use warnings when changing config options
2018-11-28 17:44:02 -06:00
43cef24f6b
Fix version check
2018-11-28 17:43:33 -06:00
bff261616c
improve fingerprinting for Cisco ASA VPN scanner
2018-11-28 14:30:17 -06:00
504237c77a
Land #10877 , ibm-mq-login username/password checker
2018-11-28 11:36:53 -06:00
84f0a59fe6
ibm_mq_login: Added support for WebSphere 9 via the PASSWORD option
2018-11-28 11:08:37 -06:00
1f2827c3d0
Land #10975 , More Capture Docs
2018-11-26 13:51:57 -06:00
7b4b573942
Land #9915 , Cleanup and improvements to influxdb_enum
2018-11-26 10:25:07 -06:00
f4cbdc8e3e
No Threads in datastore
2018-11-23 17:15:33 +08:00
0a2c0751fa
Randomize more
2018-11-22 15:25:51 -05:00
5d9195fe72
Land #10981 , start printjob docs and bug fixes
2018-11-21 16:35:02 -06:00
96ede80dc4
Land #10876 , ibm_mq_enum: IBM WebSphere MQ Name and Version Enumeration
2018-11-21 16:10:59 -06:00
a3131f15de
ibm_mq_enum: Code cleanup, server channel and general exception handling improvements
2018-11-21 16:09:18 -06:00
188d94027c
Land #10996 , Check `check` code for ms15-034
2018-11-21 14:45:56 -06:00
ae3538952a
Fix ms15-034 module
2018-11-21 12:31:56 +08:00
7084538b8c
ibm_mq_channel_brute: Exception handling when channel.length > 20 chars
2018-11-20 16:24:17 -06:00
d2a5b966f3
Land #10875 , IBM WebSphere MQ Channel Name Bruteforce auxiliary module
2018-11-20 16:23:23 -06:00
288d78d372
Land #10352 , Add check/response for CVE-2017-12149
2018-11-20 13:11:05 -06:00
bccb0972cf
Land #10984 , don't examine a nil object in ms15_034_ulonglongadd
2018-11-20 08:37:48 -06:00
63a2396626
updated testing branch to branch off master
2018-11-20 08:14:19 -06:00
901b51f247
Update modules/auxiliary/scanner/http/iis_shortname_scanner.rb
...
Co-Authored-By: egre55 <34132245+egre55@users.noreply.github.com>
2018-11-20 11:13:17 +00:00
6c382ba711
Update modules/auxiliary/scanner/http/iis_shortname_scanner.rb
...
Co-Authored-By: egre55 <34132245+egre55@users.noreply.github.com>
2018-11-20 11:13:05 +00:00
5e513b209d
Update modules/auxiliary/scanner/http/iis_shortname_scanner.rb
...
Co-Authored-By: egre55 <34132245+egre55@users.noreply.github.com>
2018-11-20 11:12:51 +00:00
52df29ebcc
test on branch off master
2018-11-19 15:08:38 -06:00
509e1c2587
Land #10973 , Rework DisclosureDate check in msftidy, including ISO 8601 support
2018-11-19 10:46:18 -06:00
d904b93ec9
fixed is_vul
2018-11-19 13:39:08 +05:30
4a22656005
fixes
2018-11-18 21:56:51 +00:00
8b63c85bd2
fixes
2018-11-18 21:21:28 +00:00
467e0877f5
res.code
2018-11-18 12:40:09 +00:00
7ecdaa09c5
start printjob docs and bug fixes
2018-11-17 21:17:12 -05:00
2deaf198b3
Added module docs
2018-11-16 13:29:22 -06:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
189f29e534
Land #10572 eaton ssh private key scanner
2018-11-15 17:16:36 -05:00
de014f0599
remove variable only used once
2018-11-15 17:14:13 -05:00
8b4cf2c3e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into capture_docs2
2018-11-15 17:02:50 -05:00
3d53170694
fail_with instead of error and return
2018-11-15 17:01:52 -05:00
38bea6c29c
Added msmailprobe to msf
2018-11-14 16:15:11 -06:00
4987f67b9b
Land #10925 , smb_login error/status message
2018-11-14 13:19:04 -06:00
3849d5de18
resolve description update request
2018-11-13 16:21:43 -05:00
f2712ecdf6
Land #10607 , Add External Module: office365userenum.py
2018-11-13 10:57:05 -06:00
7a4770790c
Land #10938 , add docs for modules and fix bug.
...
Add docs for auxiliary module http_basic/imap/mysql, and fix a bug
in modules/auxiliary/server/capture/mysql.rb
2018-11-13 16:22:03 +08:00
11a2fa7f0d
Space at EOL removed from description
2018-11-13 00:23:21 +01:00
9d1554498d
WP GDPR Compliance plugin exploit - privsec to admin registering
2018-11-12 23:33:47 +01:00
1c2da8a5c8
correct trailing space issue
2018-11-10 15:40:03 -05:00
33f624bbb2
Module updated to reflect requested changes
2018-11-10 14:36:06 -05:00
bf15fa0770
hash not password for mysql
2018-11-09 18:32:21 -05:00
c31c75c790
fix mysql capture store creds
2018-11-09 18:18:50 -05:00
792b451f40
capture server docs and updates
2018-11-08 21:23:27 -05:00
f192b50a8e
Catch exceptions
2018-11-08 18:47:56 +00:00
1fbf779f9c
Added more verbose output
2018-11-08 18:35:15 +00:00
88e4d384d2
increased default timeout value
2018-11-08 16:13:55 +00:00
3c6f2157ae
land #10895 fix vmware_http_login undefined variables
2018-11-07 08:45:51 -05:00
682433f62e
smb_login error/status message
2018-11-05 17:49:58 -06:00
cb229411bc
Land #10888 , Fix Net::SSH::CommandStream session open failure
2018-11-05 11:15:09 -06:00
708d067e65
Land #10919 , Add doc for ftp capture module.
...
And add a custom option banner for it.
2018-11-05 14:15:52 +08:00
04218cff39
ftp capture
2018-11-04 21:46:01 -05:00
e3246a9b88
made fixes
2018-11-04 18:07:43 +05:30
e9b3502f98
Fix Net::SSH::CommandStream session open failure
...
I suspected this might be a problem for libssh servers.
2018-11-02 01:08:05 -05:00
a80e571355
Update style
2018-11-01 07:26:12 +00:00
ca16e93200
rescue => e
2018-11-01 07:24:28 +00:00
ffecd189ee
Report rhost, as ip is undefined
2018-11-01 07:23:44 +00:00
b705059bca
Added channel name length check
2018-10-28 20:18:58 +00:00
60aa1181ca
Add IBM WebSphere MQ Login Bruteforce module
...
Used to bruteforce usernames that can connect to the Queue Manager. The name of a valid server-connection channel without SSL configured is required, as well as a list of usernames to try.
* IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
* Tested on IBM MQ 7.5, 8 and 9
* Usage:
* Download and install MQ Server from the above link
* Create a new Queue Manager
* Create a new channel (without SSL)
* Allow remote connections for admin users by removing the CHLAUTH record that denies all users or configure access for a specific username.
* Run the module
2018-10-28 19:29:45 +00:00
92d5ab469c
Update ibm_mq_channel_brute.rb
2018-10-28 18:21:54 +00:00
296d9a08eb
Removing unnecessary line
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:10:51 +00:00
3e3be18189
Using print_line instead of print("\n")
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:10:14 +00:00
f8c829dc81
Using print_line instead of print("\n")
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:10:09 +00:00
67e8a7ce13
Changing CHANNELS_FILE option type
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:08:12 +00:00
f51a95465e
Changed http to https in metasploit url
...
Co-Authored-By: pkb1s <petkoutroubis@gmail.com>
2018-10-28 18:07:20 +00:00
a6135e3738
Added "increase timeout" message
2018-10-28 17:48:15 +00:00
02d9d0f006
Add IBM WebSphere MQ Queue Manager Name and MQ Version Enumeration module
...
Run this auxiliary against the listening port of an IBM MQ Queue Manager to identify its name and version. Any channel type can be used to get this information as long as the name of the channel is valid.
* IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
* Tested on IBM MQ 7.5, 8 and 9
* Usage:
* Download and install MQ Server from the above link
* Create a new Queue Manager
* Create a new channel (without SSL)
* Run the module
2018-10-28 16:09:17 +00:00
a23cb7dfe8
Add IBM WebSphere MQ Channel Name Bruteforce module
...
Uses a dictionary to bruteforce MQ channel names. For all identified channels it also returns if SSL is used and whether it is a server-connection channel.
* IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
* Tested on IBM MQ 7.5, 8 and 9
* Usage:
** Download and install MQ Server
** Create a Queue Manager
** Create a new channel (without SSL)
** Run the module
2018-10-28 15:22:27 +00:00
e1a7c35834
Clean up check_banner
2018-10-25 05:20:20 -05:00
f90992dc08
Fix typo.
2018-10-25 17:55:01 +08:00
760b14e71d
Update the version match code.
2018-10-25 15:33:54 +08:00
2ab9a003d4
Land #10864 , Add Cisco WebEx RCE Modules
2018-10-24 16:20:00 -05:00
f52cbdf9d7
Change option types
2018-10-24 16:18:17 -05:00
4ec7e41f9e
Change option type
2018-10-24 16:16:03 -05:00
3729e9ed7b
added description, references
2018-10-24 09:46:00 -05:00
d1111ace5d
fixes
2018-10-23 17:19:14 -04:00
34ae9c38f9
added WebEx modules, arch check
2018-10-23 15:51:23 -05:00
9c49acb924
Fail scanner instead of returning
2018-10-23 10:07:38 -05:00
58a1b65e60
Update Exploit::CheckCode::Unknown
...
Brain fart.
2018-10-23 09:34:48 -05:00
899238a4e3
Update libssh_auth_bypass with command output
2018-10-23 09:34:42 -05:00
e6bbc6dbd6
Land #10845 , glassfish_traversal typo fix
2018-10-22 15:32:14 -05:00
6125ef06ad
fix small typo
2018-10-23 00:01:13 +08:00
accf9edf89
Land #10835 , libssh fingerprint improvements
2018-10-19 19:48:23 -05:00
abd425c863
Land #10819 , os_name population for ssh_login*
2018-10-19 15:53:38 -05:00
db7bd3d50c
Update style
2018-10-19 15:52:26 -05:00
2a1dec45ed
Land #10832 , TARGETURI for tomcat_utf8_traversal
2018-10-19 15:47:37 -05:00
e4c71265fb
Improve banner checking in libssh_auth_bypass
...
Now we do the right thing when libssh is patched.
2018-10-19 15:21:12 -05:00
21397330f8
Refactor fortinet_backdoor copypasta
2018-10-19 00:07:18 -05:00
863ab3447f
Add libssh auth bypass module
2018-10-18 23:03:23 -05:00
02c916b1b4
Update modules/auxiliary/admin/http/tomcat_utf8_traversal.rb
2018-10-19 04:16:26 +11:00
175e5e5adf
Added module TARGETURI support.
2018-10-19 03:55:45 +11:00
763506f28d
ssh_login now populates the os_name field
2018-10-16 22:02:44 -04:00
4a06fe1d4b
use store_valid_credential instead
2018-10-16 14:01:49 -04:00
f675ba5243
password not username
2018-10-11 17:08:03 -04:00
20a376130e
cat variable name
2018-10-11 17:04:57 -04:00
7cc46df6db
add docs and update cisco_device_manager
2018-10-11 17:01:38 -04:00
c0aff8f134
Description update / typo fix
...
fix typo in module description (added one word)
2018-10-10 17:56:17 -04:00
7bc98e0ea8
Fix formatting and convert a missed AKA reference
2018-10-05 03:22:08 -05:00
9f30512532
Land #10707 , module traits to augment module rank
2018-10-04 13:26:14 -05:00
5af2131fdf
Add additional target checks
2018-10-03 02:12:13 -05:00
c37b6ade84
Add response checking and printing
2018-10-03 00:10:40 -05:00
52b0606656
Add internet-connected Crock-Pot remote control
2018-10-02 20:20:09 -05:00
6f5a8f8f42
Fix outdated metadata
2018-10-01 18:59:09 +01:00
086e2b311b
Update constants
2018-09-27 12:31:04 -05:00
583874d370
Update use of reliability/side-effects/stability metadata
2018-09-26 18:54:08 -05:00
04ff0931d7
Add metadata place holders for reliability/side-effects/stability
2018-09-26 17:42:54 -05:00
738665e56f
Add documentation for #10652
2018-09-24 17:11:24 +08:00
6967f461f1
Fixes
2018-09-22 10:04:59 +05:30
56b01dcf00
Land #10534 , Add FrontPage Credential Dump Module
...
This module downloads and parses the '_vti_pvt/service.pwd',
'_vti_pvt/administrators.pwd', and '_vti_pvt/authors.pwd' files
used by FrontPage to find credentials.
2018-09-22 04:13:24 +00:00
132008cd0e
fixes
2018-09-21 17:31:26 +00:00
17c7d828c1
fixes
2018-09-21 17:16:04 +00:00
02b2559953
Update documentation to match new output.
2018-09-21 12:50:13 -04:00
0746ab5847
Create credential table.
2018-09-21 12:44:10 -04:00
a603c04da5
Create credential table.
2018-09-21 12:42:32 -04:00
5842f0c012
Msftidy
2018-09-21 10:15:31 -04:00
02f4fc1876
Prefer to_s.empty?
...
Oh, hell, do it here, too.
2018-09-20 21:26:41 -05:00
c875f66154
Prefer to_s over || ''
...
Oops, I wasn't thinking clearly. to_s is cleaner.
2018-09-20 21:26:41 -05:00
9da87a600f
Add LEAK_COUNT option to Heartbleed
...
I should have done this in 2014, but I'm a slacker.
2018-09-20 19:49:07 -05:00
185931ca91
Land #10625 , repeat command to repeat commands
2018-09-20 15:24:03 -05:00
6e51eb6c53
Rename Pimcore and Dolibarr SQLi modules
2018-09-19 22:15:14 -05:00
c5f6d4b8a5
Land #10670 , Pimcore SQLi module
2018-09-19 20:50:21 -05:00
5477220106
Update documentation
2018-09-19 20:48:42 -05:00
53f78cb7c3
Land #10673 , dolibarr_list_creds{,_sqli} rename
2018-09-19 18:55:05 -05:00
dd942ab23c
Land #10652 , iOS Safari blur denial of service
2018-09-19 15:12:22 -05:00
7698b7d7db
changed location of dolibarr module/documentation
2018-09-19 11:17:27 -05:00
b6ca8cac7f
renamed/relocated files, changed uri
2018-09-19 08:11:45 -05:00
0c842b852b
changed available? expression
2018-09-18 15:47:25 -05:00
e9faf305b2
randomize number, use vars_get
2018-09-18 15:03:32 -05:00
d83e108e74
added check for valid apikey, changed available?
2018-09-18 14:19:16 -05:00
2cf1fbcb2c
storing user credentials
2018-09-18 13:27:46 -05:00
549440595f
Land #10627 , Add SMB2 support to smb_enumshares
2018-09-17 22:34:42 -05:00
6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
a814899dc2
Land #10660 , deregister RHOSTS as well as RHOST
2018-09-17 22:26:37 -05:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
fef728dccd
getting user credentials
2018-09-17 12:39:58 -05:00
30d8a38897
deregister_options RHOSTS
2018-09-17 16:58:57 +00:00
91edebb2ef
Add references, clean up code.
2018-09-17 10:30:54 -04:00
a9b9e7420b
update description
2018-09-16 19:51:15 +08:00
1d2519978d
improve div tags
2018-09-16 18:57:09 +08:00
2eb97ea07b
add ios blur dos module
2018-09-16 13:44:43 +08:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
1ed3c0b001
Added Green-M to author list
2018-09-15 23:34:04 +02:00
f5f76a609d
Clean up - old couchdb module
2018-09-15 23:31:17 +02:00
4a72a2872f
Changes in couchdb_enum now includes versio checks
2018-09-15 21:19:51 +02:00
aed609d6f0
Changes in couchdb_enum to also include fill database enumeration
2018-09-15 13:58:54 +02:00
d2f587894b
Initial metadata setup
2018-09-14 09:37:23 -05:00
33037b6b26
Fixes for CouchDB CVE 2017-12635 module
2018-09-14 00:15:11 +02:00
e3178faa9a
Add metadata for teradata_odbc_sql.py
2018-09-13 13:09:01 -05:00
04cc7843a4
Typo fixes
2018-09-13 11:19:13 -05:00
3e4c3478f6
Small fixes in couchdb_2017-12635
2018-09-12 23:48:23 +02:00
537e12ea7e
Added CouchDB user creation with Admin role Auxiliary module - 2017_12635
2018-09-12 23:17:34 +02:00
5b81ebd81b
Land #10589 , multidrop support for word xml docs
2018-09-12 11:00:11 -05:00
d0e67c5b60
Add SMB2 support to smb_enumshares
2018-09-11 19:05:26 -05:00
a8f766cfd5
Update heartbleed description to mention `repeat`
2018-09-11 17:41:06 -05:00
a3d74d926c
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 16:25:55 -05:00
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
56cb853014
Make Output and Log Files Optional
...
Change the 'required' attribute of the output and logfile options to
False.
Open output file for appending immediately before use and only if output
file name is configured.
2018-09-07 16:26:33 -04:00
552ff027cd
fixes
2018-09-07 15:18:11 +05:30
bc1173a857
code fixes
2018-09-07 15:11:49 +05:30
ac144e027a
Add office365userenum.py as external module
...
External python module compatible with v2 and v3.
Enumerate valid usernames (email addresses) from Office 365 using
ActiveSync.
Differences in the HTTP Response code and HTTP Headers can be used to
differentiate between:
- Valid Username (Response code 401)
- Valid Username and Password without 2FA (Response Code 200)
- Valid Username and Password with 2FA (Response Code 403)
- Invalid Username (Response code 404 with Header X-CasErrorCode: UserNotFound)
Note this behaviour appears to be limited to Office365, MS Exchange
does not appear to be affected.
Microsoft Security Response Center stated on 2017-06-28 that this issue
does not "meet the bar for security servicing". As such it is not
expected to be fixed any time soon.
This script is maintaing the ability to run independently of MSF.
2018-09-06 16:42:31 -04:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
14aee3a822
Added auxiliary/fileformat/multidrop support for Word XML documents
2018-09-05 11:51:48 -05:00
3546b9388c
correct CVE Reference
2018-09-05 10:29:49 -04:00
b8687d501c
msftidy corrections
2018-08-31 18:55:20 -04:00
69a785ff46
Update json for python modules
2018-08-31 16:56:22 -05:00
eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
0dea5fcfd9
Land #10565 , Add Dolibarr ERP/CRM Auxiliary Module
2018-08-31 13:47:46 -05:00
aa9d0d7c6c
using uri_encode
2018-08-31 08:41:25 -05:00
b1151b9d12
modified login_uri
2018-08-31 08:08:46 -05:00
42af28a86a
printing and storing credentials
2018-08-30 14:17:37 -05:00
85c4abac99
storing credentials
2018-08-30 13:59:00 -05:00
2304c377db
Add IIS ShortName Scanner module
2018-08-30 08:46:22 +00:00
7915c4ac6c
getting user credentials in response
2018-08-29 13:59:06 -05:00
bb4a4b8839
initial module setup
2018-08-29 10:28:10 -05:00
14fa41a376
merge changes
2018-08-29 06:09:40 +02:00
ed60b767a7
Correct claymore_dos.py's CVE reference
...
The CVE reference shouldn't include the `CVE-` prefix
2018-08-28 13:34:02 -05:00
d21c108adf
Fix syntax error.
2018-08-28 12:00:31 -04:00
44df7939e9
Added docs. Made suggested code changes.
2018-08-28 10:56:05 -04:00
7431ae401b
fix more errors
2018-08-28 13:49:31 +02:00
a66556b436
fix msftidy errors
2018-08-28 13:12:43 +02:00
0ba1d11218
Add FrontPage Credential Dump
2018-08-27 15:02:39 -04:00
4e45100251
Add FrontPage Credential Dump
2018-08-27 14:20:26 -04:00
6df235062b
Land #10505 , post-auth and default creds info
2018-08-24 18:08:15 -05:00
51c024982c
Land #8914 , refactor auxiliary/admin/http credential storage
2018-08-24 13:18:32 -05:00
0141fc109d
don't backtrace if there is not a response
2018-08-24 13:17:06 -05:00
578d2375d7
Add full disclosure for CVE-2018-15473
2018-08-22 14:49:13 -05:00
2780ae6ba9
Update false negatives
2018-08-21 08:50:26 -05:00
06582a00a0
Add module doc for ssh_enumusers
...
And update description in module.
2018-08-20 19:26:51 -05:00
819b8504e2
Add a little better randomization
2018-08-20 17:10:14 -05:00
b38a442bb0
Refactor once more with feeling
...
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
2018-08-20 16:25:32 -05:00
75403d7e05
Add testing note about logging
2018-08-17 20:20:12 -05:00
7287779555
Make false positive check optional
...
I couldn't repro this with pubkey-only auth. It also goes to the log.
2018-08-17 20:05:04 -05:00
8e3af2dcfc
Add CVE-2018-15473 to ssh_enumusers
2018-08-17 18:48:44 -05:00
5096eee2ec
Land #10120 , npm "marked" ReDoS module
2018-08-16 15:01:12 -05:00
3c1befdacb
Clean up module
2018-08-16 15:00:56 -05:00
60c0272270
Make style consistent
2018-08-15 21:27:40 -05:00
45e0b53fc8
Fix spacing issue with rocket
2018-08-15 14:59:52 -07:00
09434bd57c
Fix tabbing caused by incorrect VM nvim configuration
2018-08-15 07:00:45 -07:00
905f26372d
Remove host key checks on ssh scanner modules
2018-08-15 06:48:35 -07:00
h00die
William Vu
Brendan Coles
Brent Cook
Luis Rosa
Clément Notin
Jacob Robles
asoto-r7
jdiog0
Stephen Haywood
bwatters
Christopher Lee
Jeffrey Martin
Moshe Kaplan
Wei Chen
L
Adam Cammack
Shelby Pace
Shaksham Jaiswal
egre55
Chris Higgins
BrianWGray
Green-m
thomas.labadie
root
pkb1s
egre55
blue-bird1
Patrick Webster
Patrick DeSantis
Rob
Tim W
Erin Bleiweiss
Hendrik Van Belleghem
Oliver Morton
egre55
Christian Mehlmauer
Ben Schmeckpeper
Kevin Kirsche