radekk
90a523fb0a
Typos inside parameters description.
2015-12-12 22:48:20 +01:00
Vex Woo
dee23e4bda
Merge pull request #3 from jhart-r7/pr/fixup-6319
...
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
Jon Hart
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
Jon Hart
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
Jon Hart
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
Tyler Bennett
c000e590d4
verified table values are correctly typed as Strs, but it still fails to print the tables
2015-12-10 15:51:59 -05:00
Jon Hart
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
Jon Hart
48a27170c2
Document process better, delete correct key
2015-12-10 09:13:13 -08:00
Jon Hart
d2f54af23f
Reset the dir and dbfilename back to their original settings
2015-12-10 08:56:24 -08:00
Jon Hart
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
nixawk
0d8fc78257
make code more clear
2015-12-10 15:13:50 +00:00
nixawk
42013c18ba
add a password option - AUTH_KEY
2015-12-10 08:24:47 +00:00
nixawk
28bc5b4d4f
move it from exploit to auxiliary
2015-12-10 08:23:38 +00:00
Jon Hart
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service
2015-12-09 18:33:40 -08:00
Jon Hart
624e5aeffa
First pass at converting redis module to aux; style cleanup
2015-12-09 17:59:48 -08:00
Tyler Bennett
c2ef7be217
cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it
2015-12-09 17:49:38 -05:00
Tyler Bennett
e574c844de
added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table
2015-12-08 18:19:30 -05:00
Tyler Bennett
48cd350711
updated authors list with contributors
2015-12-08 16:29:00 -05:00
Tyler Bennett
92d56cd050
cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels
2015-12-08 16:24:47 -05:00
wchen-r7
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
wchen-r7
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
Tyler Bennett
75e31c252e
added rex table for nas settings, still working on users and hashes rex table
2015-12-07 14:48:28 -05:00
Tyler Bennett
3d892bd1d6
added rex table for grab_email func instead of printing out values
2015-12-07 10:37:36 -05:00
Tyler Bennett
069a50e1b8
Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
...
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
Stuart Morgan
ca023b6499
Simplified do_report() to comply with msftidy
2015-12-05 23:27:28 +00:00
Stuart Morgan
4f1f755c1d
msftidy
2015-12-05 22:49:40 +00:00
Stuart Morgan
4469e9b5ef
Finalised module
2015-12-05 22:45:08 +00:00
Stuart Morgan
bd1bf4aa72
Initial test, fixed noteswq
2015-12-05 21:19:34 +00:00
Stuart Morgan
09c58e4097
Massive rework of the storage/notes/reporting
2015-12-05 21:18:29 +00:00
Tyler Bennett
385e5a9fe1
fixed more rubocop issues with the rex table for ddns
2015-12-04 15:28:01 -05:00
Tyler Bennett
4e0ab9b68f
fixed ddns_creds import issue, by using rhost and commenting why it needs to be used
2015-12-04 15:10:02 -05:00
Tyler Bennett
6ce54f15ee
added rex table for ddns func
2015-12-04 14:46:26 -05:00
Tyler Bennett
16e4d6a727
fixedd more rubocop errors, still needs work
2015-12-04 14:08:18 -05:00
Jon Hart
72f7efd042
Lots of style cleanup
2015-12-03 15:39:27 -08:00
Jon Hart
4b30a56f15
Add a few missing connects
2015-12-03 15:22:27 -08:00
Jon Hart
7346c528cd
Fix indentation
2015-12-03 15:21:06 -08:00
Jon Hart
6c31946995
Slightly simplify regex
2015-12-03 15:19:35 -08:00
Jon Hart
98096ab71c
Remove useless assignment
2015-12-03 15:16:54 -08:00
Jon Hart
504f6874f2
Convert to actions
2015-12-03 15:15:48 -08:00
Jon Hart
93cd3446db
Minor cleanup of some print_ lines
2015-12-03 15:01:27 -08:00
Jon Hart
753eddbbd6
Correct true/false for optional options, default values
2015-12-03 14:53:27 -08:00
Tyler Bennett
9d71ff6b9d
cleaned up a few misc prints and added in logic if mailport is empty
2015-12-03 15:51:49 -05:00
Tyler Bennett
3d617efa88
added code to parse mailport from config
2015-12-03 15:36:08 -05:00
Tyler Bennett
0d89dde4a6
changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer
2015-12-03 12:51:48 -05:00
r3naissance
db5c69226e
Add Usernames to Creds Database with owa_login.rb
2015-12-03 09:31:36 -07:00
Jon Hart
fdbd3cfc11
Fix minor style problems, call check() from run_host
2015-12-02 15:46:35 -08:00
wchen-r7
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
Tyler Bennett
a8887e6b77
firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well
2015-12-02 16:33:09 -05:00
Tyler Bennett
ca496a376f
set username as a requirement and added note about randomly assinged password for user if not set
2015-12-02 14:16:36 -05:00
Christian Mehlmauer
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
Christian Mehlmauer
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
Christian Mehlmauer
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
Christian Mehlmauer
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
James Lee
98a0ddebda
Land #6298 , Advantech shellshock module
2015-12-01 11:37:09 -06:00
HD Moore
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
Tyler Bennett
36f48dc945
cleaned up required opts, only left needed vars to run the rest are optional based on user preference
2015-12-01 11:02:14 -05:00
Tyler Bennett
5e9a0ab3ff
removed version var in initialize method
2015-12-01 10:57:16 -05:00
Tyler Bennett
cb60b41d5d
added in fixes and missing typos, randomized the password for the user
2015-12-01 10:43:58 -05:00
Kyle Gray
bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
...
Land #6284 , fix for false negatives found in #6281
@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Christian Mehlmauer
920d8c6ad7
Land #6278 , wrong default option for RHOST
2015-11-26 06:49:25 +01:00
Louis Sato
90fb3e0118
Land #6277 , jenkins domain cred recovery aux module
2015-11-25 22:58:43 -06:00
Jon Hart
8fd2522a59
Land #6257 , @all3g's aux module for locating git repos over HTTP
2015-11-25 12:25:45 -08:00
Jon Hart
a56571479f
Remove WmapScanServer mixin; not needed
2015-11-25 11:38:32 -08:00
William Vu
2da9bb8578
Follow redirects in apache_userdir_enum
...
Found false negatives while testing a server for #6281 .
2015-11-25 13:27:06 -06:00
William Vu
8f459de064
Fix tomcat_enum for full_uri
2015-11-25 11:28:56 -06:00
William Vu
38a9efe4d6
Fix squiz_matrix_user_enum for full_uri
2015-11-25 11:28:53 -06:00
William Vu
7d17c5741b
Fix nginx_source_disclosure for full_uri
2015-11-25 11:19:27 -06:00
William Vu
035882702a
Fix barracuda_directory_traversal for full_uri
2015-11-25 11:18:17 -06:00
William Vu
7a5f6495d0
Fix axis_local_file_include for full_uri
2015-11-25 11:16:59 -06:00
William Vu
42d12a4d40
Fix apache_userdir_enum for full_uri
2015-11-25 11:16:22 -06:00
Waqas Ali
c09d8031c6
Remove default empty string
2015-11-25 12:19:16 +05:00
Jon Hart
eac4f02b66
Spelling and correct description
2015-11-24 17:57:56 -08:00
aushack
3ad7ef9814
Modify the printed URL to add https:// when SSL is used.
2015-11-25 12:46:56 +11:00
wchen-r7
b1abfe898d
Update wordpress_xmlrpc_login
...
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Jon Hart
ccdf814688
Use correct URIs in report_note
2015-11-24 09:52:07 -08:00
Jon Hart
c66d56263a
Cleaner and more consistent print_ *
2015-11-24 09:43:05 -08:00
Jon Hart
1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with /
2015-11-24 09:11:04 -08:00
Jon Hart
afa4d9e74d
Add legit git UserAgent
2015-11-24 08:57:19 -08:00
Jon Hart
d59c563ee3
Don't store index file
2015-11-24 08:51:43 -08:00
Jon Hart
e29a229336
Minor style cleanup
2015-11-24 08:50:21 -08:00
Waqas Ali
2152c310fe
Remove the default true option of RHOST
2015-11-24 14:54:54 +05:00
wchen-r7
74e1b8d5ac
Fix res nil
2015-11-24 00:15:05 -06:00
wchen-r7
95ca288f9d
Modify check
2015-11-23 20:33:14 -06:00
wchen-r7
09e6a54886
In case anonymous is not allowed for decryption
2015-11-23 20:26:41 -06:00
wchen-r7
20ba10d46c
Spaces, how dare you
2015-11-23 16:45:02 -06:00
wchen-r7
faab28f1d6
Add Jenkins Domain Credential Discovery Auxiliary Module
2015-11-23 16:23:59 -06:00
Louis Sato
493e476a43
Land #6243 , check nil for sock.read
2015-11-23 11:15:51 -06:00
Spencer McIntyre
dc5e9a1d0a
Support CSRF token in the Jenkins aux cmd module
2015-11-22 17:51:27 -05:00
nixawk
2dd8567741
remove GIT_HEAD / add description / git_config regex match / save index|config file(s)
2015-11-22 09:18:19 +00:00
aushack
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
aushack
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
nixawk
e0386d6830
add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG
2015-11-21 03:06:37 +00:00
nixawk
1795e09a27
scan git disclosure (.git/index)
2015-11-19 09:16:32 +00:00
wchen-r7
0cda20c9e2
Fix everything pointed out by @jlee-r7
2015-11-18 12:02:28 -06:00
Tyler Bennett
5acd9b283e
removed misc comments that arent needed
2015-11-18 11:54:32 -05:00
Tyler Bennett
3d95bd7851
fixed issue with msftidy and fixed rubocop issues that broke the module
2015-11-18 10:40:50 -05:00
HD Moore
a9e8ab785e
Land #6220 , adds ATG client module
2015-11-17 13:31:17 -06:00
HD Moore
e107ec2d17
Change fail to fail_with, fix typo
2015-11-17 13:30:46 -06:00
Tyler Bennett
e55ac99c12
fixed a bunch more rubocop errors
2015-11-17 14:30:33 -05:00
HD Moore
74f6ff7752
Rename to atg_client to match conventions
2015-11-17 12:59:37 -06:00
Tyler Bennett
6e4ccb46e5
knocked out a few more rubocop errors
2015-11-17 11:44:11 -05:00
Tyler Bennett
38c4e4ee6c
added a few more rubocop fixes
2015-11-17 10:48:57 -05:00
Tyler Bennett
f499b822cd
added more rubocop fixes, still testing issue with RHOSTS
2015-11-17 10:30:50 -05:00
Tyler Bennett
afd1e43226
added rubocop fixes
2015-11-17 09:41:12 -05:00
wchen-r7
17a1f2ee8a
Fix #6242 , Check nil for sock.read
...
Fix #6242
2015-11-16 14:24:46 -06:00
wchen-r7
f0da09090d
Land #6233 , Konica Minolta FTP Utility 1.00 Directory Traversal
2015-11-16 13:55:29 -06:00
wchen-r7
740cacb4c0
Check nil
2015-11-16 13:54:36 -06:00
Tyler Bennett
d677a8b871
Adding Dahua DVR auth bypass auxiliary scanner per CVE-2013-6117
2015-11-16 13:54:44 -05:00
jww519
fb14722ecb
Update android_stock_browser_iframe_dos.rb
...
Update Packetstorm reference
2015-11-14 13:51:18 -05:00
jww519
f172e5298a
Update android_stock_browser_iframe_dos.rb
2015-11-14 13:24:01 -05:00
Jon Hart
c914c7b22c
Completely remove SET_TIME
2015-11-13 12:28:23 -08:00
Jon Hart
ab3ae675ff
Hide TIME option since SET_TIME is not implemented
2015-11-13 12:26:42 -08:00
Jon Hart
ad22eb8444
More cleanup
2015-11-13 12:24:28 -08:00
Jon Hart
045bab052e
Add configurable timeout
2015-11-13 12:18:40 -08:00
Jon Hart
6e9afc38ee
print_good when we get something
2015-11-13 12:12:37 -08:00
Jon Hart
196a88c39a
Style nit
2015-11-13 12:06:00 -08:00
William Vu
4401c6f1fd
Land #6178 , rsync modules_list improvements
2015-11-13 10:46:24 -06:00
JT
44948a2ace
Add konica_ftp_traversal.rb ( CVE-2015-7603 )
...
This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//
2015-11-13 07:51:42 +08:00
KINGSABRI
ab71d94392
Make CHUNKSIZE user configurable. Thanks @jhart-r7
2015-11-12 23:02:48 +03:00
KINGSABRI
732563614b
Change connecting method to send for better code naming
2015-11-12 20:26:17 +03:00
KINGSABRI
881b12f0ab
Fix rebease conflic
2015-11-12 18:16:39 +03:00
KINGSABRI
c2c89124b4
Remove it :@
2015-11-12 08:58:07 +03:00
KINGSABRI
ee312f86f6
Fix peer, naming, and add resp check to the code check
2015-11-12 08:50:46 +03:00
KINGSABRI
530a7bb613
Fix peer, naming, and add resp check to the code check
2015-11-12 08:42:00 +03:00
KINGSABRI
2abfa1f241
Fix exceptions and XML parsing
2015-11-12 05:30:07 +03:00
William Vu
e8dacf32fd
Land #6182 , Heartbleed scanner improvements
2015-11-11 16:59:20 -06:00
William Vu
ce3f9e2fab
Fix minor style issues
2015-11-11 16:58:20 -06:00
wchen-r7
99607e6e4d
Land #6205 , BisonWare BisonFTP Server Directory Traversal
...
CVE-2015-7602
2015-11-11 11:47:45 -06:00
wchen-r7
40bdd2bd01
Do module cleanup for auxiliary/scanner/ftp/bison_ftp_traversal
2015-11-11 11:46:37 -06:00
wchen-r7
c79a66be02
Land #6204 , directory traversal for PCMan FTP server
...
CVE-2015-7601
2015-11-11 11:07:34 -06:00
wchen-r7
e6e5bde492
Do module cleanup for auxiliary/scanner/ftp/pcman_ftp_traversal
2015-11-11 11:06:54 -06:00
wchen-r7
7ad42c2ba1
Land #6216 , remove duplicate keys for LoginScanner modules
2015-11-11 10:12:12 -06:00
JT
75a0472db8
Update bison_ftp_traversal.rb
...
made some changes
2015-11-11 14:01:39 +08:00
JT
4716e2e16b
Update pcman_ftp_traversal.rb
...
made some changes
2015-11-11 14:00:04 +08:00
Jon Hart
0cfa67f58f
Stub out more of the set time, but disable it
2015-11-10 22:00:02 -08:00
Jon Hart
c98ab1dad4
update SET_TANK_NAME opt to mention necessary opts
2015-11-10 21:49:40 -08:00
Jon Hart
de570a1550
Improve output when setting tank names
2015-11-10 21:41:05 -08:00
Jon Hart
0762b9fa9b
Fix option formatting
2015-11-10 21:24:58 -08:00
Jon Hart
637e570b28
Add TLS-250 reference
2015-11-10 21:21:55 -08:00
Jon Hart
e67057a5c9
Add great TLS-350 resource
2015-11-10 21:19:37 -08:00
Jon Hart
8dd6003cc2
Add several untested but likely OK TLS-350 commands
2015-11-10 21:18:27 -08:00
Jon Hart
d00eba23f9
Update references
2015-11-10 21:02:37 -08:00
KINGSABRI
b37fb3f34d
Add TARGETURI option
2015-11-11 06:25:20 +03:00
KINGSABRI
cf0cb2df9e
Add TARGETURI option
2015-11-11 06:24:52 +03:00
KINGSABRI
9894fe15bd
Remove unused advanced options
2015-11-11 06:02:37 +03:00
KINGSABRI
136fa12ac9
Remove unused advanced options
2015-11-11 06:02:13 +03:00
KINGSABRI
67ad5452e7
Merge branch 'msfdev'
2015-11-11 02:14:14 +03:00
KINGSABRI
7b3cfa79f3
Remove ip2location module
2015-11-11 02:13:34 +03:00
KINGSABRI
57cf535ec6
Fix the comment
2015-11-11 02:06:49 +03:00
KINGSABRI
137c2e214e
Fix the comment
2015-11-11 02:01:01 +03:00
William Vu
32faf7a8d4
Fix #6183 , hard tabs fix
2015-11-10 16:48:03 -06:00
William Vu
a9fe09497e
Fix hard tabs
...
Mixing tabs and spaces? Seriously?
2015-11-10 16:47:29 -06:00
Jon Hart
143ac47484
Minor style cleanup
2015-11-10 14:47:12 -08:00
William Vu
8dc636507b
Land #6183 , dns_srv_enum updates
2015-11-10 16:44:27 -06:00
William Vu
e98570cbd1
Clean up module
2015-11-10 16:44:10 -06:00
Jon Hart
dac7738f29
Clean up description; add more refs
2015-11-10 14:43:06 -08:00
Jon Hart
4f4e4c734a
Handle ATGs w/ > 10 tanks, more strict
2015-11-10 14:36:59 -08:00
Jon Hart
7c9b85551b
Support for setting ATG tank names
2015-11-10 14:24:11 -08:00
Jon Hart
9def67831c
Better printing
2015-11-10 13:20:45 -08:00
Jon Hart
97caf1d084
Add preliminary module for interacting with Veeder-Root ATGs
2015-11-10 13:15:08 -08:00
KINGSABRI
91867d344b
Refactoring..
2015-11-10 23:07:13 +03:00
KINGSABRI
d19942eae3
Add wordpress masive bruteforce using XMLRPC (wordpress API) fix
2015-11-10 23:07:12 +03:00
KINGSABRI
745738f065
Add wordpress masive bruteforce using XMLRPC (wordpress API)
2015-11-10 23:07:12 +03:00
KINGSABRI
b571a79b69
Add wordpress masive bruteforce using XMLRPC (wordpress API)
2015-11-10 23:07:12 +03:00
KINGSABRI
d498dc46a1
Add wordpress masive bruteforce using XMLRPC (wordpress API)
2015-11-10 23:07:12 +03:00
KINGSABRI
fffbb4106f
Refactoring..
2015-11-10 22:33:37 +03:00
Jon Hart
8f86b2519f
Resolve 'duplicate key warning' for some modules
2015-11-09 18:40:32 -08:00
Jon Hart
15eb135295
Resolve merge conflicts
2015-11-09 18:15:40 -08:00
KINGSABRI
46e7c53950
Add wordpress masive bruteforce using XMLRPC (wordpress API) fix
2015-11-09 19:04:33 +03:00
KINGSABRI
2bf57a3cf3
Add wordpress masive bruteforce using XMLRPC (wordpress API)
2015-11-09 18:23:15 +03:00
KINGSABRI
9586f416a1
Add wordpress masive bruteforce using XMLRPC (wordpress API)
2015-11-09 17:37:06 +03:00
KINGSABRI
9f4f478d2d
Add wordpress masive bruteforce using XMLRPC (wordpress API)
2015-11-09 17:28:58 +03:00
JT
e019aa12a0
Update pcman_ftp_traversal.rb
2015-11-08 13:40:23 +08:00
JT
f60f2336e3
Update bison_ftp_traversal.rb
2015-11-08 13:39:32 +08:00
JT
be85e85d40
Create bison_ftp_traversal.rb
2015-11-08 13:34:10 +08:00
JT
bb78025dde
Update pcman_ftp_traversal.rb
2015-11-08 13:27:45 +08:00
JT
bf362be0a4
Update pcman_ftp_traversal.rb
2015-11-08 13:17:57 +08:00
JT
bb9e820372
Create pcman_ftp_traversal.rb
...
Adding CVE-2015-7601
2015-11-08 13:08:23 +08:00
fraf0
970c5da9a6
Update dns_srv_enum.rb
2015-11-07 20:01:26 +01:00
fraf0
730f6b2326
Update dns_srv_enum.rb
...
Remove some comment following message on pull-request.
2015-11-07 15:23:32 +01:00
Jon Hart
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
Jon Hart
f408bca3f0
More correct exception handling
2015-11-06 12:25:27 -08:00
Jon Hart
f84e9a88b0
Credit for original vuln discovery
2015-11-06 10:40:07 -08:00
Jon Hart
1473f2cfa7
More consistent printing
2015-11-06 10:03:06 -08:00
Jon Hart
7101ff2ecc
Better handling of motd printing
2015-11-06 09:52:12 -08:00
Jon Hart
55e224b7e7
Improve auth handling
2015-11-06 09:50:39 -08:00
Jon Hart
fc97266588
Handle errors more carefully
2015-11-06 09:44:05 -08:00
Jon Hart
d3ebb8ae93
Style cleanup of auth checking
2015-11-06 08:34:17 -08:00
dmohanty-r7
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
Jon Hart
e96596e8eb
Credit Nixawk/all3g for some of the module review/improvements/ideas
...
From:
https://github.com/rapid7/metasploit-framework/pull/6191
https://github.com/jhart-r7/metasploit-framework/pull/5
2015-11-05 09:22:30 -08:00
Jon Hart
0ae2e64bc5
Only mark rsync as req'ing auth true/false if we are sure, otherwise vprint and unknown
2015-11-05 09:20:02 -08:00
Jon Hart
f1a79bd207
Make motd printing optional, off by default
2015-11-04 10:11:00 -08:00
Jon Hart
8f497faa09
Make read timeout configurable and shorter by default
...
This makes the time spent handling motd almost a non-issue
2015-11-04 10:01:38 -08:00
Jon Hart
3528bb2fa7
Remove optional motd handling; this is always necessary
...
without it, detecting authentication on systems w/ a motd does not work
2015-11-04 09:43:10 -08:00
Jon Hart
0d3232f93a
break if we get the rsync exit
2015-11-04 09:12:02 -08:00
Jon Hart
ba5a8e4806
style
2015-11-04 09:11:07 -08:00
Jon Hart
2cab70294e
sprinkle in peer
2015-11-04 09:05:33 -08:00
Jon Hart
9bcdd19e0a
Correct table
2015-11-04 09:01:07 -08:00
Jon Hart
8f4f187c70
More usable format for module metadata in notes
2015-11-04 08:47:37 -08:00
Jon Hart
b7ccee949e
Improve name and description; update authors
2015-11-04 08:42:29 -08:00
Jon Hart
c0993c3797
Appease rubocop
...
You have 20 seconds to comply
2015-11-04 08:28:35 -08:00
Jon Hart
c265a371d8
Make testing the rsync module for authentication optional,
...
but on by default
2015-11-04 08:25:38 -08:00
fraf0
3739a2fb72
Update dns_srv_enum.rb
2015-11-03 16:59:55 +01:00
fraf0
f1feccfd7c
Update dns_srv_enum.rb
2015-11-03 16:53:26 +01:00
Tom Spencer
557dffd8d2
Fixed extra space at end of line
2015-11-02 21:50:39 -08:00
Tom Spencer
4d97e33bc5
Dramatic speed-up in bleeding, improved verbose output of leaked data.
2015-11-02 16:07:21 -08:00
Jon Hart
dd91956c4a
ooops, puts
2015-11-02 15:07:26 -08:00
Jon Hart
de959ed62b
Remove actions; check and run_* will suffice
2015-11-02 13:54:42 -08:00
Jon Hart
1c3e4d2cbf
Refactor to use Scanner; add check; add beginnings of actions
2015-11-02 13:39:09 -08:00
Jon Hart
ced20ba51c
Refactor NTP symmetric packet creation; add vuln detection to NAK to the future
2015-11-02 12:46:58 -08:00
Jon Hart
17c4aa2348
Fill in description; style
2015-11-02 12:18:35 -08:00
Jon Hart
8fb0596888
Add more refs
2015-11-02 12:07:18 -08:00
Jon Hart
3c92b109d7
Don't wait for motd when testing for auth
2015-11-02 10:49:48 -08:00
Jon Hart
6c0034fba6
get_once for negotiation and trailing motd_lines
...
This feels hacky.
2015-11-02 09:32:54 -08:00
Jon Hart
a120dd1ea9
Return nil when no motd lines
2015-11-02 09:18:10 -08:00
Jon Hart
962cf77873
Not all modules have comments
2015-11-02 09:14:41 -08:00
Jon Hart
4effd3aa81
Handle case where motd comes after negotiation
2015-11-02 09:12:57 -08:00
Jon Hart
d18b6ff9cd
More doc, error handling
2015-10-30 13:13:44 -07:00
Jon Hart
ff1d0709e0
vprint if the thing isn't rsync
2015-10-30 12:39:06 -07:00
William Vu
f8a39ecc21
Land #6145 , better RPC exception handling
2015-10-30 13:25:52 -05:00
Jon Hart
eb99aaa216
Print out modules before building/reporting table
2015-10-30 09:49:07 -07:00
Jon Hart
86b48490f0
Merge branch 'master' into poc/rsunk
2015-10-30 09:42:41 -07:00
Louis Sato
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
wchen-r7
93df45eff1
Land #6138 , Land joomla plugin com_realestatemanager Error Based SQLi
2015-10-28 13:36:14 -05:00
wchen-r7
09b79414ee
Report hash
2015-10-28 13:33:00 -05:00
wchen-r7
1805774b16
Resolve #6020 , Better RPC exception handling
...
Resolve #6020 . Avoid trying to rescue RuntimeError.
2015-10-28 11:16:44 -05:00
wchen-r7
e7d6493311
Replace links
2015-10-28 10:45:02 -05:00
Jon Hart
b5d0804442
Detect if an rsync module requires authentication
2015-10-27 18:15:18 -07:00
Jon Hart
4a3848cc4f
Handle rsync motd
2015-10-27 18:15:18 -07:00
Jon Hart
73a6b47606
Split out negotiation and listing
2015-10-27 18:15:18 -07:00
Jon Hart
6dd40ec063
Better reporting
2015-10-27 18:15:18 -07:00
Jon Hart
caf848ddf4
Store table better
2015-10-27 18:15:18 -07:00
Jon Hart
3e7f7f2eec
Remove unnecessary table options, as these are the default
2015-10-27 18:15:18 -07:00
Jon Hart
4f468dbcd7
Usability improvements for rsync modules_list
2015-10-27 18:15:18 -07:00
Jon Hart
6781dfa6ee
Style cleanup for rsync modules_list
2015-10-27 18:15:18 -07:00
Jon Hart
78ad9908d2
Doc
2015-10-27 18:10:18 -07:00
Jon Hart
f2b6d37630
Add WIP module for Cisco Talos' NTP 'NAK to the future'
2015-10-27 18:10:07 -07:00
wchen-r7
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
William Vu
a65172bbcb
Land #6125 , Joomla SQLi creds gather module
2015-10-27 11:21:30 -05:00
William Vu
9041f95511
Perform final cleanup
2015-10-27 11:21:17 -05:00
nixawk
132cbf0cd7
joomla plugin com_realestatemanager Error Based SQL Ijnection
2015-10-27 15:18:17 +00:00
Brandon Perry
c7fe014854
remove global variables
2015-10-26 17:13:51 -05:00
Brandon Perry
8b4f2290ed
no more session ids in desc
2015-10-25 11:01:17 -05:00
nixawk
f738dd2acb
replace print_* with vprint_* / fix check method
2015-10-25 06:57:56 +00:00
nixawk
a6628110f6
rebuild joomla_contenthistory_sqli (cve-2015-7297)
2015-10-25 03:56:36 +00:00
Brandon Perry
949a4c797b
Update joomla_contenthistory_sqli.rb
2015-10-23 09:33:12 -05:00
Brandon Perry
07d549d783
Update joomla_contenthistory_sqli.rb
...
Remove sessions for now
2015-10-23 09:32:15 -05:00
William Vu
f00f90532a
Fix SSH_DEBUG for ssh_login{,_pubkey}
2015-10-22 15:14:45 -05:00
Brandon Perry
e4281dd1fb
Create joomla_contenthistory_sqli.rb
2015-10-22 15:05:02 -05:00