83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
d19c2e7206
Land #5544 , track updates to SSL Labs API
2015-06-19 11:39:38 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
7f56b4635c
Land #5546 , Use the new cred API for auxiliary/server/capture/telnet
2015-06-19 10:46:01 -05:00
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
a6c7f93bbe
changed text to show support for RFB version 4.001
2015-06-17 13:09:03 -04:00
fcf6212d2f
Update telnet capture module to use the new creds API
2015-06-16 16:37:36 +05:00
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
b6379b4d24
Update drupal_views_user_enum
2015-06-16 00:02:02 -05:00
0b88e86a49
Using the new cred API for multiple auxiliary modules
2015-06-15 16:06:57 -05:00
fd0b42be4a
Properly store quake service info
2015-06-15 12:45:14 -07:00
079a9d449c
Use peer
2015-06-15 11:45:55 -07:00
feb7263137
Wire in recog support for ssh_version
2015-06-15 11:42:20 -07:00
80f1173fcf
Style and scanner usability cleanup for ssh_version
2015-06-15 10:12:07 -07:00
907f596de6
Land #5520 , Update titan_ftp_admin_pwd to use the new creds API
2015-06-15 03:26:19 -05:00
940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
ebce415957
Land #5507 , Update nessus_xmlrpc_logic to use the new creds API
2015-06-15 02:59:01 -05:00
c20cf15104
Msut have last_attempted_at key
2015-06-15 02:58:31 -05:00
c801e52f60
Update smb_enumusers_domain.rb
2015-06-13 17:02:43 -04:00
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
8dad739c76
Land #5508 , Get Ready to Move VMware modules to the VMware directory
2015-06-10 11:59:40 -05:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
3fe6ddd10a
Change credential status from untried to successful
2015-06-10 10:09:57 +05:00
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
1b3f911f84
Change credential status from untried to successful
2015-06-10 09:54:10 +05:00
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
a48d79a2e7
Add jsse_skiptls_mitm_proxy.rb
...
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
8381d4f994
update smb_enumusers_domain to store enumerated users in the DB
2015-06-08 19:42:03 -04:00
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
245c76374d
Update nessus_xmlrpc_logic to use the new creds API
2015-06-08 14:40:15 +05:00
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
135958a225
Cleanup the udp_(sweep|probe) SNMP generators
2015-06-06 00:54:08 -05:00
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
b6936febbe
Update pcanywhere_login to use the new cred API
2015-06-05 12:16:00 +05:00
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
d3c3741478
Use run_host so that we can use THREADS
...
- The refactor left the module using run_batch even though the
features of the code that made this desirable were removed (i.e.,
it was no longer doing one batch per community string). By now
switching back to run_host, we can again take advantage of the
built-in metasploit multithreading capabilities.
- Also, added back in the display of the result.proof field. This
aids in identifying false positives (which have a blank response)
and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
7f35c3b4f5
Update sysaid_sql_creds.rb
2015-06-03 22:00:08 +01:00
54bfe29527
Update and rename sysaid_file_ to sysaid_file_download.rb
2015-06-03 21:59:45 +01:00
42e84cd7d5
Update sysaid_admin_acct.rb
2015-06-03 21:59:04 +01:00
6683b86822
Create sysaid_sql_creds.rb
2015-06-03 21:46:48 +01:00
72b7982e7a
Create sysaid_file_
2015-06-03 21:46:13 +01:00
765077d741
Create sysaid_admin_acct.rb
2015-06-03 21:38:43 +01:00
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
6669665d6d
Land #5402 , @nstarke's module to extract accouns information from a AVTECH744_DVR device
2015-05-29 16:14:50 -05:00
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
b6b055a5f2
Land #5431 , deprecate cold_fusion_version, use coldfusion_version instead.
2015-05-28 15:40:34 -05:00
80c3022dc1
Deprecate cold_fusion_version. Please use coldfusion_version.
...
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
52e30d4fc2
Land #5434 , OSVDB reference
2015-05-28 22:00:44 +02:00
068198c980
Land #5386 , automatically find file for ms15_034
2015-05-28 14:52:31 -05:00
f9f35db7f3
Update description
2015-05-28 14:52:03 -05:00
818dbf58f0
Adding an OSVDB number to the Netgear module
2015-05-28 14:37:39 -05:00
a74c3372c0
Uses vprint instead of print in #check_host
2015-05-28 15:46:51 +01:00
6d01d7f986
Uses peer instead of ip:port across all the module
2015-05-28 09:32:05 +01:00
447c4ee7df
Allows the targetèuri to be shared between the #check and #dos
2015-05-28 09:30:04 +01:00
2ae9e39719
Land #5376 , Report ipmi_dumphashes credentials with create_credential_login
2015-05-27 13:11:07 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
e1f10772b3
Use create_cracked_credential
2015-05-21 16:30:42 -05:00
305da46491
Land #5301 , @m-1-k-3's aux module to extract passwords from Netgear soap interfaces
2015-05-21 16:07:05 -05:00
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00
0135b3639f
Add WordPress Simple Backup File Read Vulnerability.
2015-05-21 12:23:24 -03:00
d9d8634948
Changes the message displayed when vulnerable
2015-05-21 08:46:16 +01:00
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
4f6fe2abce
Avoids swallowing exceptions
2015-05-20 21:36:03 +01:00
202a77fc12
Improves detection of the MS15-034
2015-05-20 18:08:00 +01:00
23c77adc68
Land #5377 , Update cred reporting method for http_ntlm
2015-05-20 11:57:42 -05:00
55c07b1bdd
Report credentials with create_credential_login
2015-05-19 00:14:55 -05:00
d564a85f6f
Fix jtr_format
2015-05-18 19:55:48 -05:00
f49362492a
Report hash's username correctly
2015-05-18 19:46:17 -05:00
c6fcb9c6c5
Report credentials with create_credential_login
2015-05-18 19:39:03 -05:00
69a7a89936
use the correct print_error message
...
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead
5266
2015-05-18 13:51:23 -05:00
09d735e855
remove proof from failure message
...
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting
5266
2015-05-18 13:45:01 -05:00
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
5588ad36b3
Print status message
2015-05-08 13:51:00 -05:00
7e62ba85a1
Do code cleanup
2015-05-08 13:33:28 -05:00
60c2c7a7cd
Delete unused variable
2015-05-08 13:19:39 -05:00
c0f21c3ae1
Fix metadata
2015-05-08 13:19:23 -05:00
a7988f9e93
Change credentials to service:service
2015-05-08 22:52:59 +05:00
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
c9cb9ad564
Fix extraneous comma
2015-05-07 15:32:48 -05:00
4df622c76b
Oops, one last for #5312 .
2015-05-06 14:48:17 -05:00
e8913e5620
Addressed most of @wvu's issues with #5312
2015-05-06 14:47:08 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
dc053aeb58
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
fc1c0028a8
moved array definition to avoid error
2015-05-05 21:16:23 -05:00
7949daf42b
brocade_enable_login msftidy success
2015-05-05 21:16:23 -05:00
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
f95774c6b4
Fixed bugs
2015-05-02 05:09:03 -04:00
93ac8b48e3
Land #5178 , @jboss_vulnscan check for console default admin
...
* And minor fixes
2015-05-01 17:38:20 -05:00
697c6c20cb
Do minor cleanup
2015-05-01 17:37:45 -05:00
04fa626eab
Save credentials as UNTRIED
2015-05-15 14:58:55 -05:00
16c3bf91a1
Do code cleanup
2015-05-15 14:46:34 -05:00
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
b037560c90
Do minor style fixes
2015-05-01 15:01:13 -05:00
83288ff391
Fix typo
2015-04-30 17:58:26 -05:00
ee5dc1d6e4
Land #5277 , typo in telnet_encrypt_overflow
2015-04-30 10:44:55 -05:00
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
9b17191e48
Remove unnecessary {,dis}connect
2015-04-28 15:09:16 -05:00
28e661e204
Fix false positive in POODLE scanner
...
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
0a4554a204
reporting included, extract device details
2015-04-28 13:01:51 +02:00
7523e592d2
Land #5198 , WordPress contus video gallery 2.7 scanner
2015-04-27 23:24:57 +02:00
ce697ee44c
netgear soap password extractor
2015-04-27 17:56:30 +02:00
7a2084cdc5
Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb
2015-04-26 16:54:21 -05:00
b330b1d41c
typo in title of telnet_encrypt_overflow.rb
2015-04-26 02:32:14 +02:00
c41c7a1ba2
Rewrote the conditions of res.
2015-04-25 17:18:38 -03:00
d01da0c522
Changed if conditions and exception handling
2015-04-25 15:08:36 -03:00
3a84396f32
Removed authorization header.
2015-04-25 14:30:21 -03:00
b810a96dac
Add Module for Enum on InfluxDB database.
2015-04-25 04:41:33 -03:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
896d6e8cb7
Fix title
2015-04-24 11:09:39 -05:00
1825b45ac3
Land #5242 , @espreto's module for GI-Media Library Plugin Directory Traversal
2015-04-24 11:08:52 -05:00
7af6f31c3a
Fix message
2015-04-24 11:08:00 -05:00
5ca6fe3cb0
Do code cleanup
2015-04-24 11:07:13 -05:00
f457f36cdd
Land #5213 , improvements to MS15-035 DoS
2015-04-24 10:54:48 -05:00
bb0b2eee37
Fix missing . in SRV query
...
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
e51897d64e
Filepath option
2015-04-24 04:35:59 -03:00
7b0b59b5f6
Add WordPress GI-Media Library Plugin File Read.
2015-04-24 04:24:16 -03:00
e9f8b25987
Update wordpress_contus_video_gallery_sqli.rb
...
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
26d208f089
Update wordpress_contus_video_gallery_sqli.rb
...
remove 'uri'
2015-04-22 14:42:03 -05:00
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
3a1778ef7c
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
3db0e12b67
Modify autopwn comment
2015-04-21 14:19:15 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
073850c5ad
Land #5158 , OWA internal IP disclosure scanner
2015-04-21 11:10:39 -05:00
5296c6507d
Land #5157 , OWA login scanner auth timing logs
2015-04-21 11:06:08 -05:00
a44da8e6d7
URL refs
2015-04-21 09:29:08 -05:00
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
ff32d6cee3
Improve MS15-034 DOS
2015-04-20 20:36:08 -05:00
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
3422501d91
Land #5174 , deprecated module cleanup
2015-04-16 17:43:28 -05:00
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
2b9fd93729
remove deprecated modules
2015-04-16 22:49:22 +02:00
ed588e335b
Changed the print_error output.
2015-04-16 17:32:59 -03:00
bf3bdcffb4
Changed the deph value to 7.
2015-04-16 17:30:28 -03:00
dd474757fe
Changed the print_error output.
2015-04-16 17:26:44 -03:00
f50cedeafd
Changed the depth value to 7.
2015-04-16 17:22:49 -03:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
1455d4e94d
Fix AUTH_TIME
2015-04-16 11:39:33 -05:00
7c572777e1
Fix whitespace
2015-04-16 11:34:50 -05:00
7a9167b235
Fix comments
2015-04-16 11:34:47 -05:00
9bcc988266
Update owa_login
2015-04-16 11:23:04 -05:00
75b88f199a
Create wordpress_cp_calendar_sqli.rb
2015-04-16 09:53:00 -05:00
ecc67b1a57
Fix loot name
2015-04-16 10:42:20 -03:00
d898af5513
Add check version and removed HttpClient
2015-04-16 10:40:35 -03:00
768294710b
Add check and removed HttpClient
2015-04-16 10:22:10 -03:00
890561bff3
Rewriting the condition 'if' for only one line
2015-04-16 09:23:56 -03:00
b90ff36ef4
Rewriting the condition 'if' for only one line
2015-04-16 09:15:17 -03:00
21e964e699
Add Author and references..
2015-04-16 07:20:48 -03:00
f6f4bd0746
Add WordPress Dukapress File Read Vulnerability
2015-04-16 07:17:46 -03:00
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
bec6270f07
Fix regex
2015-04-15 23:47:03 -05:00
0a4ab99aa5
Land #5149 , couchdb_enum cleanup
2015-04-15 21:50:30 -05:00
4410f8da6e
Clean up module some more
2015-04-15 21:48:19 -05:00
30d60975ba
Land #5144 , add missing report_note in apache_range_dos
2015-04-15 21:47:18 -05:00
01ae7002cf
Fix EOF whitespace
2015-04-15 21:27:53 -05:00
20d4d1ce3f
Move report_goods before the return
2015-04-15 21:22:41 -05:00
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
66b7179a97
Rename module to owa_iis_internal_ip
2015-04-15 17:10:01 -05:00
a109dae033
Fix EOL whitespace
2015-04-15 16:58:59 -05:00
cc422eeeea
Fix splat
2015-04-15 16:58:18 -05:00
34ce4edacb
Add exchange_iis_internal_ip
2015-04-15 16:55:19 -05:00
7cc80c418b
Correct a bad spelling in ms15_034_ulonglongadd.rb
2015-04-15 15:32:55 -05:00
76d36a46dc
Missing a checkcode
2015-04-15 14:04:18 -05:00
8a542b841c
Don't check Server header
2015-04-15 13:33:09 -05:00
90ed6ee0b6
No "vhost"
2015-04-15 13:32:11 -05:00
3aa8e6908d
Converted to a DOS module
2015-04-15 13:13:16 -05:00
19ab71aa43
Final update i swear
2015-04-15 10:20:15 -05:00
7a77dbc9f0
Update description
2015-04-15 10:15:40 -05:00
2206ae48a1
Match the PR title
2015-04-15 01:50:59 -05:00
63048a7385
Newline
...
-_-
2015-04-15 01:38:09 -05:00
6f874b81ff
Add MS15-034 check (CVE-2015-1635)
2015-04-15 01:37:43 -05:00
1d6300991c
Clean the code of the module couchdb_enum.
2015-04-15 02:58:51 -03:00
3cdc84bf27
Fix missing type in report_note
2015-04-14 14:02:20 -05:00
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
284ef5bbbb
Land #5112 , Nessus REST Login Module
2015-04-10 13:32:53 -05:00
b2b7da2dc5
Fix spelling of Microsoft in module name
2015-04-10 11:09:16 +01:00
7810f3d9a3
Add previous nessus_xmlrpc_login file
2015-04-10 12:32:42 +05:00
bbbd4d3634
change name to keep both XML and REST modules
2015-04-10 12:20:43 +05:00
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
c9bf8f3140
Land #5105 , @joevennix's cable modem 0day
2015-04-08 16:09:46 -05:00
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
1bfda9e78f
Land #5101 , Add Directory Traversal for GoAhead Web Server
2015-04-08 15:30:23 -05:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
42e82cc644
Rubocop fixes
2015-04-07 18:21:08 -05:00
7275d5745f
Fixes, refactoring and adding JBoss AS default creds scanning
2015-04-07 17:40:25 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
e729185804
Land #5051 , @nullbind's new options for mssql_enum_domain_accounts_sqli
2015-04-03 14:44:20 -05:00
fe9fbfd157
Make calculations easier
2015-04-03 14:43:01 -05:00
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
c9e8f9cbea
Add BigIP HTTP VS scanner and fix connection errors
2015-04-03 02:30:03 -04:00
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
a592f645f0
Land #5039 , Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner
2015-04-01 14:34:58 -05:00
91aeef0a8a
added startrid and endrid
2015-04-01 10:09:13 -05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
9d78aa96d9
Add output of API errors to console
2015-03-30 02:42:09 -04:00
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
45f8738cfe
Fix stdout errors
2015-03-27 07:53:59 -04:00
3515a0a71f
Initial commit for supporting SSL Labs API
2015-03-27 07:34:11 -04:00
3e104fd8e6
Add Directory Traversal for RIPS Scanner
2015-03-27 05:08:43 -03:00
f996c5a888
Update description
2015-03-27 02:31:36 -05:00
67dc46791d
Limit the module to IE 8 and IE9
2015-03-27 02:30:04 -05:00
f88d9651b6
I don't think it's worth putting the js in ie_addons.js
2015-03-27 02:26:50 -05:00
bd2763292a
Properly credit Soroush Dalili
2015-03-26 23:36:16 -05:00
560f31c34d
Minor changes
2015-03-26 23:29:44 -05:00
68624dd56e
Final for ie_files_disclosure.rb
2015-03-26 22:49:22 -05:00
b0b17775c2
First working version
2015-03-26 21:53:26 -05:00
0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically
2015-03-25 11:29:07 -05:00
5d80ef9325
Fix minor issues
2015-03-25 02:53:36 -04:00
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
7a0fe05803
Add CVE-ID to module references
2015-03-24 22:30:43 +00:00
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
ee17d6e606
Deleted spaces at EOL
2015-03-23 04:34:38 -04:00
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation
2015-03-20 18:23:05 -05:00
349d7cb9ee
Do minor cleanup
2015-03-20 18:20:45 -05:00
6f51946aa0
Land #4969 , GitLab module references
2015-03-20 17:26:51 -05:00
99f3de0843
Clean up info hash formatting
2015-03-20 17:26:21 -05:00
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
2f35fcff99
Fix require
2015-03-20 14:43:42 -05:00
8ee520e749
Add reference
2015-03-20 19:17:34 +00:00
b19f766728
Land #4942 , Gitlab Login Scanner
2015-03-20 13:02:12 -05:00
a2ce14a31e
Land #4941 , Gitlab Unauth User Enumeration
2015-03-20 12:28:35 -05:00
235124a40a
Fix typo
2015-03-20 12:27:23 -05:00
84164b44b2
Should also rescue JSON::ParserError for banner parsing
2015-03-20 12:27:02 -05:00
b839547dc3
Add documentation for Registry modules and methods
2015-03-19 17:57:21 -05:00
a7f1244251
Finish the java_rmi_registry gather module
2015-03-19 17:33:45 -05:00
94ab2f94fd
Remove symbols that aren't used
...
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS
2015-03-18 22:34:52 +10:00
d1a2f58303
Fix of regex for file capture and format tweaks
2015-03-18 22:17:44 +10:00
fa7242388b
Move the module to the correct location
2015-03-18 18:18:54 +10:00
14be07a2c4
Update java_rmi_server modules
2015-03-17 21:29:52 -05:00
bd4738b93e
Land #4827 , capture and nbns fixups
2015-03-17 17:37:55 -05:00
d7fa0ec669
Let IPAddr#hton do the calculating
2015-03-17 17:36:45 -05:00
1242404085
Delete comment
2015-03-17 14:18:07 -05:00
d1d6378179
Land #4566 , Misfortune Cookie scanner improvements
2015-03-17 12:32:35 -05:00
f95b783193
I don't need these eitehr
2015-03-17 11:33:49 -05:00
ebe7ad07b0
Add specs, plus modify java_rmi_server modules
2015-03-17 11:26:27 -05:00
e1ebc6c7fe
Update date, remove URL (will replace later)
2015-03-17 12:50:47 +00:00
0cd85cb052
Correct capitilzation of GitLab
2015-03-17 11:33:57 +00:00
wchen-r7
jvazquez-r7
Brent Cook
William Vu
aushack
g0tmi1k
Th3R3p0
root
Denis Kolegov
Jon Hart
Joshua Abraham
Tod Beardsley
Ramon de C Valle
HD Moore
John Sherwood
Pedro Ribeiro
Roberto Soares
Christian Mehlmauer
erwanlr
Nicholas Starke
David Maloney
Stuart Morgan
void-in
Mike
root
James Lee
m-1-k-3
Brandon Perry
kaospunk
Brandon Perry
joev
Nate Power
Jon Cave
Zach Grace
nullbind
rastating
Meatballs
OJ