Matt Andreko
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
Matt Andreko
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
Tod Beardsley
44540e6d00
Land #3437 , CSS Injection MITM scanner
2014-06-10 13:36:35 -05:00
Tod Beardsley
521284253f
Be more clear about the vuln and impact
2014-06-10 10:29:23 -05:00
jvazquez-r7
9b55f5143a
Add module for CVE-2014-0224
2014-06-09 17:38:11 -05:00
William Vu
92a9519fd9
Remove EOL spaces
2014-05-09 18:34:12 -05:00
Christian Mehlmauer
f7d8a5e3a3
rework the openssl_heartbleed module
2014-05-01 21:43:58 +02:00
Wiesław Kielas
8f6567967d
Heartbleed PostgreSQL TLS support improvements
2014-04-22 17:36:06 +02:00
Wiesław Kielas
fbe392a896
Add PostgreSQL TLS support to the Heartbleed scanner
2014-04-21 23:27:40 +02:00
jvazquez-r7
2366f77226
Clean timeout handling code
2014-04-18 08:16:28 -05:00
Zinterax
e38f4cbfa0
Apply response_timeout to get_once, code cleanup
...
Add response_timeout to get_once
Change timeout output in establish_connect()
Add disconnect ater timeout output
Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
Zinterax
fab091ca88
Fix Action => DUMP
...
Fix for when Action is set to DUMP. Modifed the check to use action.name.
Console output:
msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
Zinterax
1cf1616341
Rebase. Add timeout option support
...
Rebase to account for the KEYS merge.
Modify bleed() to work with timeout option.
Modify establish_connect() to work with timeout option.
Modify loot_and_report() to work with timeout option.
---Test Console Output---
Client Hello Timeout:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Patched Apache:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Vulnerable Server:
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
Zinterax
021ac53911
remove me
2014-04-18 07:03:36 -04:00
Tod Beardsley
845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
...
Whoops.
2014-04-17 17:47:47 -05:00
Tod Beardsley
2aa2cb17f3
Reimplement a check.
2014-04-17 17:10:54 -05:00
Tod Beardsley
d40ab039e4
Clean up whitespace. Protip: use commit hooks
2014-04-17 16:28:07 -05:00
Tod Beardsley
c34d548e50
First, undo #3252 . Sorry about that.
...
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
Jeff Jarmoc
e3daf6daf7
Singular 'TLS_CALLBACK' option
2014-04-17 15:51:37 -05:00
Jeff Jarmoc
6c832e22d6
rename scan to loot_and_report
2014-04-17 15:47:57 -05:00
Jeff Jarmoc
c12eae66b3
Error and return if public key wasn't retrieved.
2014-04-17 15:44:40 -05:00
Jeff Jarmoc
578002e016
KEYS action gets it's own function
2014-04-17 15:39:05 -05:00
Tod Beardsley
5b0b5d9476
Land #3252 , check() functionality for Heartbleed
2014-04-17 15:34:35 -05:00
Tod Beardsley
a2d6c58374
Changing << to + per @jlee-r7
2014-04-17 15:34:13 -05:00
Jeff Jarmoc
9f30976b83
Heartbleed RSA Keydump
...
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
Tom Sellers
1f452aab48
Code cleanup
...
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
Tom Sellers
9e2285619e
Additional cleanup
...
Whitespace cleanup
2014-04-17 10:46:33 -05:00
Tom Sellers
ee0d30a1f3
Whitespace fix
...
Removing extra line feeds
2014-04-16 17:27:39 -05:00
Tom Sellers
92eab6c54b
Attribution addition
...
Per comment from Firefart
2014-04-16 17:26:09 -05:00
Tom Sellers
1f3ec46b8a
Heartbleed - Add autodetection of XMPP hostname (round 2)
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
Tom Sellers
0360d1177f
Heartbleed - Add autodetection of XMPP hostname
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
2014-04-14 20:09:21 -05:00
David Chan
1a73206034
Add detection for GnuTLS with with multiple records
2014-04-14 17:09:25 -07:00
Tom Sellers
634a03a852
Update to openssl_heartbleed to deal with SMTP RFC
...
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response '550 esmtp: protocol deviation'
Reference:
http://www.symantec.com/business/support/index?page=content&id=TECH96829
http://tools.ietf.org/html/rfc5321#section-2.3.8
2014-04-14 13:27:33 -05:00
David Chan
6fafc10184
Add HeartBleed check functionality
2014-04-12 00:07:00 -07:00
Sebastiano Di Paola
a63f020a68
Fixing coding style
2014-04-11 19:39:57 +02:00
Sebastiano Di Paola
4acacb005d
Fixed a bug...referring to wrong variable after filtering with regexp
2014-04-11 19:33:23 +02:00
Sebastiano Di Paola
83fe1cec65
Cleaned up Array.join call
2014-04-11 19:24:32 +02:00
Sebastiano Di Paola
55ec969bd9
Renamed FILTER -> DUMPFILTER, more intuitive and coherent
2014-04-11 19:07:57 +02:00
Sebastiano Di Paola
8268009b36
Renamed PATTERN_FILTER -> FILTER
2014-04-11 19:03:25 +02:00
Sebastiano Di Paola
c378fe95c1
Added missing space in comment
2014-04-11 19:01:01 +02:00
Sebastiano Di Paola
f8f710547c
Fixed call to String.match with regexp pattern
2014-04-11 18:59:59 +02:00
Sebastiano Di Paola
638cb41a3f
Remove Spaces at EOL, fixed if test on pattern variable
2014-04-11 18:58:05 +02:00
Sebastiano Di Paola
34fa4e29d9
Restored FTP option
2014-04-11 18:16:19 +02:00
Sebastiano Di Paola
eb0e35bf25
Fixed store on file option
2014-04-11 18:07:14 +02:00
Sebastiano Di Paola
4315ad2987
Fixed conflict and used OptRegexp type for pattern
2014-04-11 17:15:39 +02:00
jvazquez-r7
813e0eab89
Land #3233 , @wvu-r7's improvements fort heartbleed modules
2014-04-11 09:33:57 -05:00
jvazquez-r7
e2ec53272e
Fix also negative numbers
2014-04-11 09:33:27 -05:00
jvazquez-r7
fb5881d8e2
Land #2324 , @sensepost and @Firefart's sftp support for heartbleed
2014-04-11 08:47:22 -05:00
jvazquez-r7
2134d676b4
Use verbose by default
2014-04-11 07:58:56 -05:00