763506f28d
ssh_login now populates the os_name field
2018-10-16 22:02:44 -04:00
4a06fe1d4b
use store_valid_credential instead
2018-10-16 14:01:49 -04:00
f675ba5243
password not username
2018-10-11 17:08:03 -04:00
20a376130e
cat variable name
2018-10-11 17:04:57 -04:00
7cc46df6db
add docs and update cisco_device_manager
2018-10-11 17:01:38 -04:00
c0aff8f134
Description update / typo fix
...
fix typo in module description (added one word)
2018-10-10 17:56:17 -04:00
7bc98e0ea8
Fix formatting and convert a missed AKA reference
2018-10-05 03:22:08 -05:00
9f30512532
Land #10707 , module traits to augment module rank
2018-10-04 13:26:14 -05:00
6f5a8f8f42
Fix outdated metadata
2018-10-01 18:59:09 +01:00
086e2b311b
Update constants
2018-09-27 12:31:04 -05:00
583874d370
Update use of reliability/side-effects/stability metadata
2018-09-26 18:54:08 -05:00
04ff0931d7
Add metadata place holders for reliability/side-effects/stability
2018-09-26 17:42:54 -05:00
738665e56f
Add documentation for #10652
2018-09-24 17:11:24 +08:00
6967f461f1
Fixes
2018-09-22 10:04:59 +05:30
56b01dcf00
Land #10534 , Add FrontPage Credential Dump Module
...
This module downloads and parses the '_vti_pvt/service.pwd',
'_vti_pvt/administrators.pwd', and '_vti_pvt/authors.pwd' files
used by FrontPage to find credentials.
2018-09-22 04:13:24 +00:00
132008cd0e
fixes
2018-09-21 17:31:26 +00:00
17c7d828c1
fixes
2018-09-21 17:16:04 +00:00
02b2559953
Update documentation to match new output.
2018-09-21 12:50:13 -04:00
0746ab5847
Create credential table.
2018-09-21 12:44:10 -04:00
a603c04da5
Create credential table.
2018-09-21 12:42:32 -04:00
5842f0c012
Msftidy
2018-09-21 10:15:31 -04:00
02f4fc1876
Prefer to_s.empty?
...
Oh, hell, do it here, too.
2018-09-20 21:26:41 -05:00
c875f66154
Prefer to_s over || ''
...
Oops, I wasn't thinking clearly. to_s is cleaner.
2018-09-20 21:26:41 -05:00
9da87a600f
Add LEAK_COUNT option to Heartbleed
...
I should have done this in 2014, but I'm a slacker.
2018-09-20 19:49:07 -05:00
185931ca91
Land #10625 , repeat command to repeat commands
2018-09-20 15:24:03 -05:00
6e51eb6c53
Rename Pimcore and Dolibarr SQLi modules
2018-09-19 22:15:14 -05:00
c5f6d4b8a5
Land #10670 , Pimcore SQLi module
2018-09-19 20:50:21 -05:00
5477220106
Update documentation
2018-09-19 20:48:42 -05:00
53f78cb7c3
Land #10673 , dolibarr_list_creds{,_sqli} rename
2018-09-19 18:55:05 -05:00
dd942ab23c
Land #10652 , iOS Safari blur denial of service
2018-09-19 15:12:22 -05:00
7698b7d7db
changed location of dolibarr module/documentation
2018-09-19 11:17:27 -05:00
b6ca8cac7f
renamed/relocated files, changed uri
2018-09-19 08:11:45 -05:00
0c842b852b
changed available? expression
2018-09-18 15:47:25 -05:00
e9faf305b2
randomize number, use vars_get
2018-09-18 15:03:32 -05:00
d83e108e74
added check for valid apikey, changed available?
2018-09-18 14:19:16 -05:00
2cf1fbcb2c
storing user credentials
2018-09-18 13:27:46 -05:00
549440595f
Land #10627 , Add SMB2 support to smb_enumshares
2018-09-17 22:34:42 -05:00
6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
a814899dc2
Land #10660 , deregister RHOSTS as well as RHOST
2018-09-17 22:26:37 -05:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
fef728dccd
getting user credentials
2018-09-17 12:39:58 -05:00
30d8a38897
deregister_options RHOSTS
2018-09-17 16:58:57 +00:00
91edebb2ef
Add references, clean up code.
2018-09-17 10:30:54 -04:00
a9b9e7420b
update description
2018-09-16 19:51:15 +08:00
1d2519978d
improve div tags
2018-09-16 18:57:09 +08:00
2eb97ea07b
add ios blur dos module
2018-09-16 13:44:43 +08:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
1ed3c0b001
Added Green-M to author list
2018-09-15 23:34:04 +02:00
f5f76a609d
Clean up - old couchdb module
2018-09-15 23:31:17 +02:00
4a72a2872f
Changes in couchdb_enum now includes versio checks
2018-09-15 21:19:51 +02:00
aed609d6f0
Changes in couchdb_enum to also include fill database enumeration
2018-09-15 13:58:54 +02:00
d2f587894b
Initial metadata setup
2018-09-14 09:37:23 -05:00
33037b6b26
Fixes for CouchDB CVE 2017-12635 module
2018-09-14 00:15:11 +02:00
e3178faa9a
Add metadata for teradata_odbc_sql.py
2018-09-13 13:09:01 -05:00
04cc7843a4
Typo fixes
2018-09-13 11:19:13 -05:00
3e4c3478f6
Small fixes in couchdb_2017-12635
2018-09-12 23:48:23 +02:00
537e12ea7e
Added CouchDB user creation with Admin role Auxiliary module - 2017_12635
2018-09-12 23:17:34 +02:00
5b81ebd81b
Land #10589 , multidrop support for word xml docs
2018-09-12 11:00:11 -05:00
d0e67c5b60
Add SMB2 support to smb_enumshares
2018-09-11 19:05:26 -05:00
a8f766cfd5
Update heartbleed description to mention `repeat`
2018-09-11 17:41:06 -05:00
a3d74d926c
Land #9897 , Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer
2018-09-10 16:25:55 -05:00
ea2fcb6fc4
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 15:38:53 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
56cb853014
Make Output and Log Files Optional
...
Change the 'required' attribute of the output and logfile options to
False.
Open output file for appending immediately before use and only if output
file name is configured.
2018-09-07 16:26:33 -04:00
552ff027cd
fixes
2018-09-07 15:18:11 +05:30
bc1173a857
code fixes
2018-09-07 15:11:49 +05:30
ac144e027a
Add office365userenum.py as external module
...
External python module compatible with v2 and v3.
Enumerate valid usernames (email addresses) from Office 365 using
ActiveSync.
Differences in the HTTP Response code and HTTP Headers can be used to
differentiate between:
- Valid Username (Response code 401)
- Valid Username and Password without 2FA (Response Code 200)
- Valid Username and Password with 2FA (Response Code 403)
- Invalid Username (Response code 404 with Header X-CasErrorCode: UserNotFound)
Note this behaviour appears to be limited to Office365, MS Exchange
does not appear to be affected.
Microsoft Security Response Center stated on 2017-06-28 that this issue
does not "meet the bar for security servicing". As such it is not
expected to be fixed any time soon.
This script is maintaing the ability to run independently of MSF.
2018-09-06 16:42:31 -04:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
14aee3a822
Added auxiliary/fileformat/multidrop support for Word XML documents
2018-09-05 11:51:48 -05:00
3546b9388c
correct CVE Reference
2018-09-05 10:29:49 -04:00
b8687d501c
msftidy corrections
2018-08-31 18:55:20 -04:00
69a785ff46
Update json for python modules
2018-08-31 16:56:22 -05:00
eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
0dea5fcfd9
Land #10565 , Add Dolibarr ERP/CRM Auxiliary Module
2018-08-31 13:47:46 -05:00
aa9d0d7c6c
using uri_encode
2018-08-31 08:41:25 -05:00
b1151b9d12
modified login_uri
2018-08-31 08:08:46 -05:00
42af28a86a
printing and storing credentials
2018-08-30 14:17:37 -05:00
85c4abac99
storing credentials
2018-08-30 13:59:00 -05:00
2304c377db
Add IIS ShortName Scanner module
2018-08-30 08:46:22 +00:00
7915c4ac6c
getting user credentials in response
2018-08-29 13:59:06 -05:00
bb4a4b8839
initial module setup
2018-08-29 10:28:10 -05:00
14fa41a376
merge changes
2018-08-29 06:09:40 +02:00
ed60b767a7
Correct claymore_dos.py's CVE reference
...
The CVE reference shouldn't include the `CVE-` prefix
2018-08-28 13:34:02 -05:00
d21c108adf
Fix syntax error.
2018-08-28 12:00:31 -04:00
44df7939e9
Added docs. Made suggested code changes.
2018-08-28 10:56:05 -04:00
7431ae401b
fix more errors
2018-08-28 13:49:31 +02:00
a66556b436
fix msftidy errors
2018-08-28 13:12:43 +02:00
0ba1d11218
Add FrontPage Credential Dump
2018-08-27 15:02:39 -04:00
4e45100251
Add FrontPage Credential Dump
2018-08-27 14:20:26 -04:00
6df235062b
Land #10505 , post-auth and default creds info
2018-08-24 18:08:15 -05:00
51c024982c
Land #8914 , refactor auxiliary/admin/http credential storage
2018-08-24 13:18:32 -05:00
0141fc109d
don't backtrace if there is not a response
2018-08-24 13:17:06 -05:00
578d2375d7
Add full disclosure for CVE-2018-15473
2018-08-22 14:49:13 -05:00
2780ae6ba9
Update false negatives
2018-08-21 08:50:26 -05:00
06582a00a0
Add module doc for ssh_enumusers
...
And update description in module.
2018-08-20 19:26:51 -05:00
819b8504e2
Add a little better randomization
2018-08-20 17:10:14 -05:00
b38a442bb0
Refactor once more with feeling
...
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
2018-08-20 16:25:32 -05:00
75403d7e05
Add testing note about logging
2018-08-17 20:20:12 -05:00
7287779555
Make false positive check optional
...
I couldn't repro this with pubkey-only auth. It also goes to the log.
2018-08-17 20:05:04 -05:00
8e3af2dcfc
Add CVE-2018-15473 to ssh_enumusers
2018-08-17 18:48:44 -05:00
5096eee2ec
Land #10120 , npm "marked" ReDoS module
2018-08-16 15:01:12 -05:00
3c1befdacb
Clean up module
2018-08-16 15:00:56 -05:00
60c0272270
Make style consistent
2018-08-15 21:27:40 -05:00
45e0b53fc8
Fix spacing issue with rocket
2018-08-15 14:59:52 -07:00
09434bd57c
Fix tabbing caused by incorrect VM nvim configuration
2018-08-15 07:00:45 -07:00
905f26372d
Remove host key checks on ssh scanner modules
2018-08-15 06:48:35 -07:00
85a137e0a0
Land #10420 , cgit < 1.2.1 Directory Traversal
2018-08-13 16:25:23 -05:00
5a3d040d71
Fix module, Add documentation
2018-08-13 15:48:21 -05:00
ce8cbd64d4
Land #10404 , Add Path Traversal Oracle GlassFish
2018-08-13 11:15:26 -05:00
6223685c37
Update auth requirement for json metadata
2018-08-07 16:42:00 -05:00
14b12f38d0
Fixing
2018-08-05 23:26:18 +05:30
9502c26dc1
Updated
2018-08-05 19:14:12 +05:30
8a175f50cd
Indentation
2018-08-05 00:15:04 +05:30
ebcc9a3c20
Fixing Indentation
2018-08-04 19:16:12 +05:30
502c103d37
cgit < 1.2.1 Directory Traversal
2018-08-04 18:52:24 +05:30
78f66986e9
Land #10386 , Add IEC104 client module
2018-08-04 07:43:15 -05:00
919da41aab
Land #9692 , Add DoS module for Siemens Siprotec 4
2018-08-04 07:20:57 -05:00
458fca6ff0
Fixing
...
Thanks bcoles
2018-08-04 13:15:25 +05:30
1c82592882
Land #10358 , Add Dicoogle PACS Directory Traversal scanner module
2018-08-04 05:31:16 +00:00
e5dcfa62c9
remove encoding and escaping
2018-08-03 20:23:33 -04:00
dc2f893b31
Amended code formating
...
This commit incorporates suggested formatting changes based on feedback and rubocop tool run:
Corrected indentation issues
Using "<<" instead of "+=" for string append
Modified if/else branches as per tool suggestion
2018-08-03 20:13:48 +02:00
0785d59146
Land #10412 , Add Cisco directory traversal auxiliary module
2018-08-02 16:44:59 -05:00
10d4061672
changed default port
2018-08-01 13:30:19 -05:00
de83926e6c
separated list_users into two functions
2018-08-01 12:59:53 -05:00
0264eb2ea3
cleaned up module
2018-08-01 09:51:45 -05:00
021264fd5a
listing files and grabbing logged in user names
2018-07-31 16:03:17 -05:00
090624fe17
Correctly set proto and sname in joomla_pages
2018-07-31 11:51:34 -05:00
41ce96b19d
Clean up module
2018-07-31 11:01:02 -05:00
323c814abf
Fixing some tweaks
2018-07-31 19:52:39 +05:30
55dce52bea
Fixing some tabbed indent
2018-07-31 18:24:28 +05:30
3a7d18a98d
Fixing, Warning of EOL
2018-07-31 18:11:09 +05:30
d9e94f94dc
Oracle GlassFish
2018-07-31 17:59:03 +05:30
a0b7a4986e
Making sure we connect to RMI
2018-07-30 23:25:32 -07:00
80d5d1d4ee
use variable port instead of datastore
2018-07-31 07:38:09 +02:00
b0fa17ccfb
Better output added to joomla_pages
2018-07-31 07:29:56 +02:00
ca8a01d27c
getting filenames in http responses
2018-07-30 16:25:45 -05:00
c3534a479e
JMX scanner
2018-07-30 13:25:15 -07:00
7cf2c840a3
metadata set up
2018-07-30 14:25:58 -05:00
d58785f959
Land #10247 , add WordPress Arbitrary File Deletion
2018-07-30 09:05:23 -05:00
c440eeaa31
rogue end
2018-07-29 10:35:33 -04:00
53cca07442
bcoles suggestions
2018-07-29 10:31:01 -04:00
7b5e8463ba
msftidy-final
2018-07-27 14:52:10 +02:00
4e42834be3
msftidy 538
2018-07-27 14:48:04 +02:00
44c1fa9197
msftidy558
2018-07-27 14:29:32 +02:00
da1363721f
msftidy 90-91-2
2018-07-27 14:07:10 +02:00
07896b0a3c
msftidy 90-91
2018-07-27 13:58:15 +02:00
5435c7a5eb
msftidy fix
2018-07-27 13:43:37 +02:00
09320ece91
iec104 client
2018-07-27 11:46:26 +02:00
c1418955f5
Land #10319 , enable VHOST for ms15_034_http_sys_memory_dump
2018-07-25 18:51:57 -05:00
5a7c25b498
Fix description
2018-07-25 15:13:41 -05:00
1105474fb9
Modify options for smb_login
...
Change default value for DETECT_ANY_AUTH
and add option for DETECT_ANY_DOMAIN
2018-07-25 14:53:06 -05:00
9fde9127ad
Land #10370 , minor CouchDB fix
2018-07-25 01:11:23 -05:00
d3b7dffcdc
Prefer res.body over res
2018-07-25 01:05:18 -05:00
bc89d7fe52
Land #10357 , CouchDB improvements and docs
2018-07-25 00:54:55 -05:00
625ea87ea9
Land #10368 , PhpMyAdmin Login Scanner Module
2018-07-24 23:25:27 -05:00
5df5ab30f6
Use store_valid_credential to save good credentials
2018-07-24 23:21:59 -05:00
efa3a77adc
modified name
2018-07-24 15:00:14 -05:00
4f81fcdc87
retn versions in chk_setup, tests to reflect, doc
2018-07-24 14:51:00 -05:00
976a3464e1
added phpmyadmin login scanner and aux module
2018-07-24 09:47:01 -05:00
aaf664db42
Update jboss_vulnscan.rb
...
Fixed a paste error, or sneaked in character in the app url.
2018-07-24 04:24:49 -07:00
dac5780feb
Land #10176 , creds data service CRUD operations
2018-07-23 23:36:32 -04:00
01acaa3ad9
Changed the app scan layout to reduce the complexity of the app_check branch. (as of suggestion by bcoles)
2018-07-23 00:41:49 -07:00
83ae5cb14d
fix backup_file.rb and add a few docs
2018-07-22 20:50:22 -04:00
2a969d70db
dicoogle
2018-07-21 21:31:45 -04:00
abfed97e03
remove EOL spaces
2018-07-21 11:21:11 -04:00
8b324c19d8
update couchdb scanner
2018-07-21 11:02:50 -04:00
c9e47d6d2b
Added check and response for CVE-2017-12149 in jboss_vulnscan.rb
2018-07-20 03:52:29 -07:00
65d42380d3
Merge branch 'master' into remote_creds_data
2018-07-19 16:25:06 -05:00
8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST
...
Added VHOST to cater to targets that require virtual hostname to be defined
2018-07-16 15:13:23 +08:00
7524af35ec
Check if IPRANGE was supplied - Fix #10316
2018-07-15 15:38:56 +00:00
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
cce3b6f369
Clean up module
2018-07-12 02:57:14 -05:00
7d8b9a90d7
Add more reporting
2018-07-11 17:22:48 -04:00
30c43e22d9
Fix typo
2018-07-11 17:04:31 -04:00
bb8ac4a7ab
Add info & update_info
2018-07-11 16:52:16 -04:00
c26fcc0af1
Merge branch 'master' into remote_creds_data
2018-07-11 10:27:49 -05:00
1f0045fa03
Improve Description
2018-07-11 01:27:10 -04:00
00f4d3967c
Add basic reporting
2018-07-11 00:47:43 -04:00
d488b51264
Use peer instead of ip & port
2018-07-11 00:41:55 -04:00
5a89642ddd
Simplify the module greatly
2018-07-11 00:15:56 -04:00
ffc2f044cc
Remove lines that were not required
2018-07-11 00:04:44 -04:00
7b1e7eb085
Minor improvement to description
2018-07-11 00:04:12 -04:00
2b2029b487
Align Hashrockets
2018-07-11 00:03:26 -04:00
9491c63778
Fix several minor details
2018-07-10 23:56:05 -04:00
66c207a124
Remove timeout of 25 seconds
2018-07-10 23:53:13 -04:00
718606c9f2
Add Auxiliary module to enumerate the Docker Server Version
2018-07-10 19:34:49 -04:00
4403a4ab47
Fix CVE number
2018-07-09 12:56:00 -05:00
bbc16e1873
Merge branch 'master' into remote_creds_data
2018-07-09 09:49:14 -05:00
aff39e65d5
Update missing CVE references for auxiliary modules
...
Based on existing references such as BID, OSVDB, blog posts, etc
2018-07-08 19:00:11 -05:00
1c448de882
Land #10107 , Add the scanner/smb/impacket/secretsdump module
2018-07-06 14:59:33 -05:00
e1a9aae109
Add Wordress Arbitrary File Deletion module
2018-07-03 12:21:38 +02:00
ce7d4cd280
Land #10109 , Teradata login scanner and SQL runner
2018-06-27 15:35:57 -05:00
9d8294fcc9
Mark Teradata login scanner executable
2018-06-27 15:35:13 -05:00
8b2bd35659
Fixup option references in Teradata SQL
2018-06-27 15:34:29 -05:00
1dbcf0fd09
Cleanup Teradata SQL options
2018-06-27 15:12:21 -05:00
3985191e0f
Add `userpass` option to Teradata login scanner
2018-06-27 15:10:02 -05:00
ef309e0d5f
Fixup metadata whitespace
2018-06-27 15:09:23 -05:00
76535b5e51
Check hidden val && check auth requirement
2018-06-25 17:24:13 -05:00
10c36bbd7d
modified get_creds, renamed make_request
2018-06-25 12:45:06 -05:00
h00die
Patrick DeSantis
William Vu
Rob
Wei Chen
Tim W
Shaksham Jaiswal
Brendan Coles
root
AverageSecurityGuy
Adam Cammack
Shelby Pace
Brent Cook
Erin Bleiweiss
Hendrik Van Belleghem
Jacob Robles
Oliver Morton
asoto-r7
BrianWGray
egre55
Christian Mehlmauer
Ben Schmeckpeper
Kevin Kirsche
Dhiraj Mishra
Michael John
Sergey Gorbaty
Alexander Halbarth
michaelj0hn
timoles
Matthew Kienow
Timo
James Barnett
Sunny Neo
Agora Security
Aloïs Thévenot