06dedeec8f
Update corpwatch_lookup_id to run correctly
...
[SeeRM #8498 ]
2014-04-10 16:52:34 -05:00
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
5dbd124ef9
Update mybb_get_type_db.rb
2014-04-05 02:53:43 -07:00
c035715a71
Update mybb_get_type_db.rb
...
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
2014-04-05 02:50:53 -07:00
e2cbcf3c5d
Land #3179 , @brandonprry AlienVault sqli aux module
2014-04-04 09:17:11 -05:00
ff6105e55d
Add check codes
2014-04-04 09:13:43 -05:00
44db611845
defaultoptions, not option
2014-04-04 05:55:35 -07:00
6f14cd225d
Do minor clean up
2014-04-03 23:22:44 -05:00
253a1c1f87
Land #3180 , EMC Cloud Tiering Appliance Unauthed XXE with root perms
2014-04-03 22:02:13 +02:00
a57da00932
fix refs line
2014-04-03 14:07:00 -07:00
51f83fccde
add some checks in vase the file wasn't retrievable
2014-04-03 14:04:05 -07:00
e2ded663a6
make more robust
2014-04-03 06:15:09 -07:00
53b8148438
make more random
2014-04-03 05:52:35 -07:00
77b64ee77d
make more random
2014-04-03 05:41:00 -07:00
75dc4c459b
msftidy
2014-04-02 13:22:21 -07:00
bb82277a41
msftidy
2014-04-02 13:20:13 -07:00
abc0b31f26
exploithub wat
2014-04-02 13:18:48 -07:00
765657d55a
alienvault module
2014-04-02 13:09:46 -07:00
d3f353118a
edb update
2014-04-02 13:06:54 -07:00
32cd846fe4
emc cta xxe module
2014-04-02 13:05:53 -07:00
b11df0eaf0
Update and rename myBB_GetTypeDB.rb to mybb_get_type_db.rb
2014-03-28 16:47:49 -07:00
2344a9368e
Fix warnings generated by #3158
...
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
0b51e7459c
Update myBB_GetTypeDB.rb
...
I have added detection MyBB forum.
2014-03-24 12:19:51 -07:00
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
9b2cfb6c84
change default targeturi to something more universal
2014-03-19 21:03:50 -05:00
b52a535609
add official url
2014-03-19 20:41:32 -05:00
ab42cb1bff
better error handling for the user
2014-03-19 18:46:57 -05:00
2ef2f9b47c
use vars_get
2014-03-19 07:51:34 -07:00
920b2da720
Merge branch 'master' into joomla_sqli
2014-03-19 07:43:32 -07:00
a01dd48640
a bit better error message if injection works but no file
2014-03-13 13:38:43 -07:00
b0688e0fca
clarify LOAD_FILE perms in description
2014-03-13 13:11:27 -07:00
2734b89062
update normalize_uri calls
2014-03-13 06:55:15 -07:00
7540dd83eb
randomize markers
2014-03-12 20:11:55 -05:00
3fedafb530
whoops, extra char
2014-03-12 19:54:58 -05:00
aa00a5d550
check method
2014-03-12 19:47:39 -05:00
9cb1c1a726
whoops, typoed the markers
2014-03-12 10:58:34 -07:00
6636d43dc5
initial module
2014-03-12 10:46:56 -07:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
6d748f49d3
Update myBB_GetTypeDB.rb
...
1.I added comment header;
2.I made a link to your account as a comment;
3.I added a link https://github.com/rapid7/metasploit-framework/pull/3070
Items 2 and 3 on the advice wchen-r7
2014-03-07 10:49:30 -08:00
162527c0e4
Update and rename modules/auxiliary/analyze/myBB_GetTypeDB.rb to modules/auxiliary/gather/myBB_GetTypeDB.rb
...
Minor changes and bug: "Msf :: Auxiliary" - forgot to change
2014-03-06 09:43:23 -08:00
f0e97207b7
Fix email format
2014-03-04 17:51:24 -06:00
c86764d414
update default password to root
2014-03-04 11:55:30 -08:00
2b06791ea6
updates regarding PR comments
2014-03-04 10:08:31 -08:00
a3523bdcb9
Update mantisbt_admin_sqli.rb
...
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
98b59c4103
update desc
2014-03-03 12:40:58 -08:00
c5d1071456
add mantisbt aux module
2014-03-03 12:36:38 -08:00
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
2014-02-10 13:49:02 -06:00
306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection
2014-01-24 15:03:07 -06:00
c8e2301111
Be more informative about why CheckCode::Unknown
...
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
cf17bf2e72
Small fix
2014-01-23 19:34:50 -06:00
43de7eb74f
Use REXML
2014-01-23 19:32:42 -06:00
5a59e3d4e4
Fix typo
2014-01-23 18:53:58 -06:00
f529eb1d4b
Clean code
2014-01-23 18:51:24 -06:00
8e17d38c77
Add check method
2014-01-23 18:30:18 -06:00
b0deb45fad
Add Drupal advisory as reference
2014-01-23 18:10:57 -06:00
6d0d7eda10
Delete garbage comment
2014-01-23 18:09:05 -06:00
72b72effa6
Add module for CVE-2012-4554
2014-01-23 18:04:31 -06:00
7080bb336c
Update ColdFusion check
2014-01-19 17:05:03 -06:00
4fdd2c19a1
Update vbulletin check
2014-01-19 16:54:27 -06:00
01ab6fd545
Do small fixes
2014-01-17 17:59:03 -06:00
5ec062ea1c
Beautify print message
2014-01-17 17:42:26 -06:00
d96772ead1
Clean multi-threading on ibm_sametime_enumerate_users
2014-01-17 17:38:16 -06:00
bb3d9da0bb
Do first cleaning on ibm_sametime_enumerate_users
2014-01-17 16:33:25 -06:00
584401dc3f
Clean ibm_sametime_room_brute code
2014-01-17 15:57:12 -06:00
4d079d47b8
Enable SSL by default
2014-01-17 15:34:33 -06:00
277711b578
Fix metadata
2014-01-17 15:31:51 -06:00
10fd5304ce
Parse response body just one time
2014-01-17 15:17:25 -06:00
fe64dbde83
Use rhost and rport methods
2014-01-17 14:49:50 -06:00
5e8ab6fb89
Clea ibm_sametime_version
2014-01-17 12:23:11 -06:00
d0d82fe405
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
87648476e1
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
55d4ad1b6a
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
feaf6c23cf
Merge and Unconflict client.rb, new module splat
...
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421
Also fixes the module with the new license splat.
Conflicts:
lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
17c0751677
Create ibm_sametime_room_brute.rb
...
init
2013-12-26 13:02:52 +01:00
7ba1950424
Create ibm_sametime_enumerate_users.rb
...
init
2013-12-26 13:01:48 +01:00
2d6f41d67f
Create ibm_sametime_version.rb
...
init
2013-12-26 13:00:39 +01:00
5e4c395f86
Fix small spacing issue
2013-12-18 17:14:47 +10:00
2eee34babf
added timeout options and rescue timeout
2013-12-16 20:00:13 -06:00
fe34d0e36e
fixed syntax
2013-12-16 19:26:40 -06:00
7b8de95f6b
fixed database overwriting issues
2013-12-16 19:16:12 -06:00
07f686bb1a
added ResolverArgumentError rescue statement
2013-12-16 18:46:14 -06:00
e6f1f648be
modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required
2013-12-13 10:49:44 -06:00
d6e19df8e2
added additional url reference
2013-12-12 22:57:23 -06:00
9f18c57fce
added period to description and changed tester to user
2013-12-12 22:11:02 -06:00
dba0e9bf77
msftidy done
2013-12-12 20:30:46 -06:00
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
f2f8c08c8e
Use blank? method
2013-12-05 16:36:44 -06:00
a380d9b4f2
Add aux module for CVE-2013-3522
2013-12-05 15:58:05 -06:00
0612f340f1
Commas are good.
2013-11-13 14:38:50 -06:00
ad5f82d211
Add missing refs to aux/gather/android_htmlfileprovider.
2013-11-13 14:36:18 -06:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
c10f0253bc
Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection
2013-10-07 15:47:28 -05:00
293927aff0
msftidy fix for coldfusion exploit
2013-10-07 12:22:48 -05:00
47e7a2de83
Kill stray debugger statement.
2013-10-06 19:32:22 -05:00
c2a81907ba
Clean up the way Apple Safari UXSS aux module does data collection.
...
[FIXRM #7918 ]
2013-10-06 19:28:16 -05:00
1fe0c50df0
Ignore unexpected answers
2013-10-02 20:41:02 -05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
2741983158
Update description
2013-09-13 18:31:11 -05:00
40aeaf445b
Add auxiliary module for HP SNAC Auth Bypass
2013-09-13 18:29:57 -05:00
785c2eeb95
Retab changes for PR #1421
2013-09-05 16:20:04 -05:00
a5cf67a9af
Merge for retab
2013-09-05 16:19:51 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
6b8feaff8c
Type conversion
2013-08-26 13:56:11 -05:00
50e7d8015a
Validate datastore option "YEAR"
...
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.
[FixRM #8345 ]
[FixRM #8344 ]
2013-08-21 01:38:16 -05:00
8806e76e4d
Fix undefined method error
...
[FixRM #8343 ]
2013-08-21 00:44:10 -05:00
86d6bce8c4
[FixRM #8312 ] - Fix file handle leaks
...
Fix file handle leaks for [SeeRM #8312 ]
2013-08-18 20:31:13 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
4a3dc2e365
Print all the creds! All your base belong to me.
...
After a short discussion with Tod, we think it's best to print the
creds by default. If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
d3433a017b
Print hash too
2013-07-09 16:39:24 -05:00
234624793c
Add module for CVE-2013-1814
2013-07-09 14:03:35 -05:00
0ecffea66f
Updates fingerprint() for CF10
2013-05-28 14:42:11 -05:00
54eeb8f000
Adding new version...old version does not work in windows, doesnt fingerprint, and a few other minor things
2013-05-21 13:13:21 -05:00
f04ca17bb9
Fix default action
2013-05-13 11:56:02 -05:00
5b64379553
Add Coldfusion 9 target, OSVDB ref and review
2013-05-13 11:55:11 -05:00
60299c2adb
Add EDB-25305 - That ColdFusion 10 sub0 0day stuff
...
This is just an aux module that extract passwords from
password.properties. Yes, this can leverage a shell too, but
obviously that's best implemented in #1737 , or as a new exploit.
We'll see.
2013-05-12 21:23:53 -05:00
63b0eace32
Add a missing require
2013-05-04 22:39:57 -05:00
4227c23133
Add a reference for Safari module
2013-04-29 14:07:55 -05:00
431cba8f36
Update print_status labels.
2013-04-29 11:13:53 -05:00
c2a1d296a2
Rename DOWNLOAD_URI -> DOWNLOAD_PATH.
...
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:11:06 -05:00
55e0ec3187
Add support for DOWNLOAD_URI option.
...
* Fixes some comments that were no longer accurate.
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:10:19 -05:00
c27245e092
Touch descriptions for module and options
2013-04-26 13:05:16 -05:00
b4606ba60a
Remove unnecessary puts call.
2013-04-26 12:55:02 -05:00
ca6d6fbc84
msftidy for whitespace
2013-04-26 12:44:11 -05:00
16769a9260
Fixing path normalization
2013-04-26 12:40:24 -05:00
2fa16f4d36
Rewrite relative script URLs to be absolute.
...
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
2013-04-26 11:25:20 -05:00
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
e377e30873
unscrewing syntax error
2013-03-20 15:04:31 -05:00
fd20eba35e
Expanding the title and desc for external_ip
...
Also allowing the capitalization on "via" to be small.
2013-03-20 14:42:12 -05:00
2684e6103c
use of send_request_cgi
2013-03-11 20:36:47 +01:00
9c89599737
cleanup before merge external_ip
2013-03-11 20:35:25 +01:00
546e24a9c6
Merge branch 'external_ip_discovery' of https://github.com/sempervictus/metasploit-framework into sempervictus-external_ip_discovery
2013-03-11 20:35:07 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
25f3f935c4
Apply Egypt's cleanup
...
Remove revision, raise the exception itself, remove scanner mixin,
datastore['RHOST'] unstead of RHOSTS, and useles agent var removed.
2013-03-07 18:34:12 -05:00
dfe3a4f394
msftidy and module placement per todb
2013-03-06 17:36:01 -05:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
cae1939914
Kinda too long
2013-02-25 13:44:11 -06:00
2c0a916c83
Made the password optional
2013-02-23 17:14:30 -05:00
b221711ecd
Added basic error handling
2013-02-23 10:24:04 -05:00
67c2c3da20
Code Review Feedback
...
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
2013-02-23 10:09:23 -05:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
829cf0f076
name changed to dns_srv_enum
2013-02-15 16:20:55 +01:00
d1ba860409
changing filename for dns_srv
2013-02-15 16:20:33 +01:00
374faf9b02
cleanup for dns_srv
2013-02-15 16:19:48 +01:00
9d4bd763a6
Merge branch 'darkoperator-dnsenum2dnssrv' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnssrv
2013-02-15 16:19:31 +01:00
38f5fbced3
cleanup for dns_reverse_lookup
2013-02-15 12:56:01 +01:00
f1e3dab45f
Merge branch 'darkoperator-dnsenum2dnsreverselookup' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsreverselookup
2013-02-15 12:55:39 +01:00
6aed858f80
cleanup for dns_bruteforce
2013-02-15 12:37:46 +01:00
1be003a4d0
Merge branch 'darkoperator-dnsenum2dnsbruteforce' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsbruteforce
2013-02-15 12:37:27 +01:00
57e1d1baa5
cleanup for dns_info
2013-02-15 12:03:08 +01:00
bcd59aa8fa
Typo word module does not go in the name.
2013-02-14 21:56:24 -04:00
1d64de6c11
Typo word module does not go in the name.
2013-02-14 21:55:38 -04:00
7f7b4e5a97
more changes to description and name
2013-02-14 21:49:57 -04:00
faf970cf1f
more changes to description and name
2013-02-14 21:47:43 -04:00
1b8610042a
more changes to description and name
2013-02-14 21:46:21 -04:00
0b9d4d976f
more changes to description and name
2013-02-14 21:44:31 -04:00
23320a5dde
Fix spelling problems
2013-02-14 15:48:11 -04:00
a7d4f5ff4a
Fix spelling problems
2013-02-14 15:46:36 -04:00
7f97ff271f
Fix spelling problems
2013-02-14 15:44:32 -04:00
1872b137f5
Fix spelling problems
2013-02-14 15:41:17 -04:00
e8ccfae048
Fix spelling problems
2013-02-14 15:38:17 -04:00
6c85e5242e
change wildcard message to print_warning
2013-02-11 12:04:30 -04:00
431641fec9
added check for retry options
2013-02-11 12:02:15 -04:00
fd6f00f641
added report note for wildcard
2013-02-11 11:37:20 -04:00
5f10704697
applied fixes
2013-02-11 11:31:13 -04:00
55efe01bf7
Applied fixes
2013-02-11 11:23:06 -04:00
fd15436a96
Added new line to end of file.
2013-02-08 20:52:49 -04:00
78f81843f6
Added new line to end of file.
2013-02-08 20:51:37 -04:00
eda3fc0715
Added new line to end of file.
2013-02-08 20:50:23 -04:00
166b59b61a
Added new line to end of file.
2013-02-08 20:48:57 -04:00
ac8194ed07
Split of DNS SRV Record Enumeration from enum_dns
2013-02-08 10:09:34 -04:00
256ab7f737
Split of DNS Reverse Lookup from enum_dns
2013-02-08 09:50:21 -04:00
Tod Beardsley
Karmanovskii
jvazquez-r7
Brandon Perry
Christian Mehlmauer
William Vu
sinn3r
Brandon Perry
James Lee
kicks4kittens
bcoles
OJ
zeknox
joev
Meatballs
jvazquez-r7
Tab Assassin
HD Moore
ringt
Joe Vennix
Tod Beardsley
RageLtMan
David Maloney
sinn3r
Matt Andreko
Carlos Perez