3626d48db2
Un-polluting SVN Id keyword
...
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
36a3341acd
Fix body cero.
2012-03-02 10:18:32 -06:00
6fba0698e5
Adding another detection method for blind sqli
2012-03-02 10:18:32 -06:00
02f6e3fcb2
Improving report on blind sqli module
2012-03-02 10:18:32 -06:00
126a6133cd
Improving blind sql inj. detection
2012-03-02 10:18:32 -06:00
b608aeeeb7
Migrating modules to use report_web_vulns and minor fixes
2012-03-02 10:18:32 -06:00
1a09a49f69
Starting getting rid of report_note to use report_web_vuln on all http aux modules
2012-03-02 10:18:32 -06:00
2ce7dc9331
One more module.
2012-03-02 10:18:32 -06:00
9c6fec3c33
First step on module cleaning.
2012-03-02 10:18:32 -06:00
eaecdb487c
Fix sname in report_ calls to check the use of ssl and report http or
...
https
2012-03-02 10:18:31 -06:00
6d80aa0a44
Renaming duh.
2012-03-02 10:18:31 -06:00
3cb65e24a1
Fix blind sqli module description and bug with http_method
2012-03-02 10:18:31 -06:00
6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
e9df9d6c2c
Increase default depth
2012-02-29 16:24:18 -06:00
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
455bcda6e8
Print the port so we know which http service
2012-01-23 10:17:32 -07:00
bb035bfec2
Fix up API option names so they can be set globally
2012-01-18 15:05:39 -06:00
6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
b76767669c
Update Nenad's author name and e-mail
2012-01-09 20:14:47 -06:00
e12d5588c6
Set data on webdav scanner notes to include webdav path.
...
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
6d401b48d1
Fix typo
2012-01-07 00:02:51 -06:00
b7e29191f5
Add Drupal 'Views' module username enumeration (Feature #6194 )
2012-01-06 23:51:32 -06:00
6ceb2f04a3
Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability
2012-01-06 14:24:49 -06:00
ba86e8a04f
Added PROPFIND support to http_login
...
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
ce6b1d6b8c
Improve:
...
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
4736cb1cbe
Merge pull request #48 from swtornio/master
...
add osvdb ref
2011-12-11 20:37:43 -08:00
a9db05e53b
Fix regular expression
2011-12-10 13:24:58 -06:00
25685c4c74
add osvdb ref
2011-12-10 08:07:21 -06:00
d6d9ac17d2
use store_loot() instead of store_local()
2011-12-08 11:10:31 -06:00
aa5c0c46b6
Fix indent level
2011-12-07 18:44:49 -06:00
feab7f5077
Add CVE-2011-4350
2011-12-07 18:42:52 -06:00
cf28713f9a
Mark specific modules as incompatible due to use of quad-dot code
2011-12-05 13:07:36 -06:00
897731f3a5
Check creds (feature #6025 ). Also bringing the 'Inbox' regex back
2011-11-29 11:01:39 -06:00
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
3a84c31326
Using a better regex for a successful login. Thanks Borys.
2011-11-28 14:29:42 -06:00
5165865560
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-11-28 14:07:19 -06:00
59ab0c3a18
Fix bug #6021 , Thanks Borys
2011-11-28 14:06:56 -06:00
44a47f9913
Fixing up OWA bruteforce module to conform with the usual print_status
...
messages.
2011-11-28 13:31:54 -06:00
a578db7f56
Apply fix for #6019
2011-11-28 01:12:18 -06:00
5e08c93ac9
Apply patch #5580
2011-11-26 15:32:43 -06:00
c61d02686a
HTTP login scanners need to set duplicate_ok to true
...
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
9e40fac8b1
Added a check to the Axis login scanner to ensure
...
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
67120d4263
msftidy on aux modules, see #5749
2011-11-20 13:12:07 +11:00
96d2209ca2
Minor fixups for trace report_note patch
2011-11-14 10:40:11 -06:00
5d5c9464cc
Do some report_note while TRACE detection
2011-11-14 12:10:53 +01:00
71599f5ef9
Fix sqlmap aux to work with actual sqlmap.py
...
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
e4ebb890d8
Apply patch for bug #5963
2011-11-12 13:17:26 -06:00
35f84f5e42
yo, ruby 1.8 fix
2011-11-11 11:38:28 -06:00
e972234629
yo, owa bruteforce utility in the house (Feature #4725 )
2011-11-11 11:23:35 -06:00
c984ea41d1
Quick fix to cred sourcing to eliminate spaces in the source type
2011-11-10 20:39:13 -08:00
a88f954640
More Cred Sourcing
...
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
16fc275853
whitespace cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@14191 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 16:09:31 +00:00
77a3edbb4f
Added squiz_matrix_user_enum aux module.
...
git-svn-id: file:///home/svn/framework3/trunk@14185 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:14:39 +00:00
12378b45d6
Fix #5502
...
git-svn-id: file:///home/svn/framework3/trunk@14180 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 07:44:02 +00:00
585a7cc4a2
Adding the HTTP Trace scanner from CG
...
Fixes #3390
git-svn-id: file:///home/svn/framework3/trunk@14150 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 20:09:11 +00:00
d5cee2dedf
Apply patch #5411 to allow user-specified path
...
git-svn-id: file:///home/svn/framework3/trunk@14137 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 17:57:11 +00:00
d55dc551b6
syntax issue
...
git-svn-id: file:///home/svn/framework3/trunk@14131 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 20:22:02 +00:00
e14668ece9
Add ColdFusion version scanner - feature #4079
...
git-svn-id: file:///home/svn/framework3/trunk@14127 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 18:18:11 +00:00
fb56e23197
Apply fix for bug #5516 to correct a possible false positive on Apache Tomcat
...
(yup, tomcats are tricky like that)
git-svn-id: file:///home/svn/framework3/trunk@14124 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 16:39:03 +00:00
dd72e1ce9d
Longer timeout. #5851
...
git-svn-id: file:///home/svn/framework3/trunk@14074 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 19:35:03 +00:00
ab4f9d65c7
Add PATH option. Feature #5412
...
git-svn-id: file:///home/svn/framework3/trunk@14067 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 18:32:02 +00:00
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
14cf0deb29
Add feature #5398
...
git-svn-id: file:///home/svn/framework3/trunk@14032 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 22:20:55 +00:00
1f698e09c9
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14004 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 11:19:59 +00:00
0a661ec227
Add CVE-2011-3305 ( #5673 )
...
git-svn-id: file:///home/svn/framework3/trunk@13985 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 04:40:21 +00:00
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
e9461c766e
Msftidy run against a bunch of whitespace violations, a few line too longs.
...
git-svn-id: file:///home/svn/framework3/trunk@13962 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:42:01 +00:00
ea2c9d1a46
Adding missing Id and Rev SVN keywords.
...
git-svn-id: file:///home/svn/framework3/trunk@13961 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 01:27:28 +00:00
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
53b807abee
Adding the "this file is part of" comment to the top of the module and proper comment formatting
...
git-svn-id: file:///home/svn/framework3/trunk@13886 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:36:55 +00:00
df56110dd9
Fixing $Id so that it is prefaced by a comment.
...
git-svn-id: file:///home/svn/framework3/trunk@13885 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:32:14 +00:00
667c00161d
Remembering to Propset and include $Id: $ this time. Also, switching from BSD_LICENSE to MSF_LICENSE.
...
git-svn-id: file:///home/svn/framework3/trunk@13884 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:30:25 +00:00
558894e100
Test cases don't live in the module directory
...
git-svn-id: file:///home/svn/framework3/trunk@13871 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 15:51:22 +00:00
9414747945
jruby was barfing on super(a, b, c,), so I changed the syntax and wrote a very simple unit test for rewrite_proxy_bypass.
...
git-svn-id: file:///home/svn/framework3/trunk@13870 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 13:52:39 +00:00
dcb6de2b58
Fixes #5667 this module scans for reverse proxy servers that exhibit a misconfiguration like the one detailed in www.contextis.com/research/blog/reverseproxybypass/. By default it requests a URI of @... and checks for a 502
...
git-svn-id: file:///home/svn/framework3/trunk@13864 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 22:34:50 +00:00
612cdc8c73
No need to check if version is 'unknown' if nothing else (other than default) is assigned to it
...
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 19:12:31 +00:00
8d1763484d
Fix metadata format
...
git-svn-id: file:///home/svn/framework3/trunk@13792 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-26 03:21:37 +00:00
5d4b562e62
Add GlassFish BruteForce auxiliary module by Josh (See #5515 )
...
git-svn-id: file:///home/svn/framework3/trunk@13790 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-25 19:24:53 +00:00
2cb5dbdb10
fix a silly output bug, thanks mezzendo for noticing
...
git-svn-id: file:///home/svn/framework3/trunk@13785 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 22:28:11 +00:00
Tod Beardsley
Efrain Torres
sinn3r
HD Moore
James Lee
HD Moore
Jonathan Cran
Jon Hart
David Maloney
Steve Tornio
Rob Fuller
andurin
Wei Chen
Patrick Webster
Mario Ceballos
Joshua Drake
Tod Beardsley
Chao Mu
James Lee