Commit Graph

195 Commits (2fddf333ed752c664814a22ef3a41ceb377fee1c)

Author SHA1 Message Date
Brian Patterson 4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported. 2016-02-04 10:30:56 -06:00
William Vu 1828b7fda6
Land #6512, Acunetix importer missing scheme fix 2016-01-29 13:17:44 -06:00
Brent Cook b6bc862c1b
Land #6267, fix Rex::Parser::Ini#each_group 2016-01-29 11:19:40 -06:00
Adam Cammack e542a6c8cf
Fix importing with Acunetix
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
BAZIN-HSC 070a156925 -Recovrey +Recovery 2015-11-27 13:58:19 +01:00
Jon Hart 07767cd803
Fix #6265 2015-11-20 15:17:15 -08:00
BAZIN-HSC 5592e4e4ea seek_relative suppression (use seek instead) 2015-11-20 18:30:51 +01:00
BAZIN-HSC f49d6905a6 Fix comments by @jhart-r7 2015-11-20 18:30:50 +01:00
BAZIN-HSC c8847182d7 Add module to dump Bitlocker master key (FVEK) 2015-11-20 18:30:48 +01:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
HD Moore 0cc6b53d59
Land #5905, support newer OpenVAS formats. 2015-09-21 10:30:25 -05:00
Manuel Mancera e97056a367 When the port state is open|filtered should be unknown, no open 2015-09-07 22:52:03 +02:00
Meatballs 2cd6b1c2df
Update parser, fix UseMasterPassword bug 2015-09-01 22:05:47 +01:00
jvazquez-r7 fba751a986
Disable early returns 2015-08-31 12:13:42 -05:00
jvazquez-r7 80f21b50c9
Fix #4227 by improving parsing of nested elements 2015-08-31 11:47:43 -05:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
William Vu 1a66786d1b Fix Nmap XML parser for tunnel attribute 2015-04-20 17:04:19 -05:00
Samuel Huckins 13fc498523
Land #4948, fixes several AppScan import issues 2015-03-29 23:33:01 -05:00
David Maloney 60966f3d2a
handle a blank response body
sometimes the response body itself can be blank
so we need to handle that properly.

MSP-9972
2015-03-23 16:03:30 -05:00
OJ 9c9d333a1b Create verify ssl mixin, adjust some formatting 2015-03-23 13:21:08 +10:00
oj@buffered.io fd4ad9bd2e Rework changes on top of HD's PR
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
David Maloney 4293af01b1
make sure we strip leading whitespace
in the aforementiond record_request_and_response method
we need to still make sure to strip leading whitespace
from the front of our data before saving it

MSP-9972
2015-03-18 11:23:45 -05:00
David Maloney dacaa9e82b
simplify request-response parsing in apsscan
the record_request_and_response method for the
nokogiri appscan parser was way overcomplicated
it was trying to do way too much trickiness
when the data could be very simply split and consumed

MSP-9972
2015-03-18 11:19:00 -05:00
David Maloney 3269817b29
remove bad truthiness checks
truthy checks were used here, but you'll get
an empty hash which will be treated as true causing
the test to be invalid and allowing for errors further in the method

MSP-9972
2015-03-18 10:52:24 -05:00
HD Moore 11593800b6 Move X509 PEM parsing into Rex::Parser::X509Certificate 2015-03-14 15:52:23 -05:00
HD Moore 7252ba284a Tweak memory usage from 64Mb to 4Mb 2015-03-11 23:58:13 -05:00
Bazin Danil 3aa68c30b0 => not => ! 2015-02-26 21:31:01 +01:00
Bazin Danil a427e417a3 -consomation +consumption 2015-02-26 21:23:09 +01:00
BAZIN-HSC d8132f86ff ajust buffer size 2015-02-22 08:51:16 +01:00
BAZIN-HSC 0d53dc1d13 use a buffer to avoid memory use on victims machine
use a buffer to avoid memory use on victims machine
use attacker memory to store files
avoid bugs on large files
2015-02-20 20:02:09 +01:00
BAZIN-HSC fe75a31a59 NTFS parser optimisation
NTFS Parser does not gather automaticaly non resident attribute
that were not necessary
Railgun is called 17 times instead of 32 on an examples on ntds.dit
2015-02-20 13:11:53 +01:00
Bazin Danil 8cefe637df bug with testing Win2k8 correction 2015-02-08 17:28:33 +01:00
Meatballs 358ab2590e
Small tidyup 2015-02-07 11:35:47 +00:00
Bazin Danil 970c5d115a spellcheck 2015-02-05 22:08:39 +01:00
Bazin Danil fbb85c0391 using string concatenation for performence 2015-01-31 05:13:44 +01:00
Bazin Danil d9c64397fd shorter the line, using more variables 2015-01-31 04:32:32 +01:00
Bazin Danil 0fce908045 add constant class 2015-01-31 04:19:27 +01:00
Bazin Danil f4ec6bdc78 - use non-native pack/unpack directives
- coding: binary
- use constant for data_attribute
2015-01-31 03:59:23 +01:00
Bazin Danil 68b735dbda Add a NTFS parser and a post module to dump files
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
2015-01-30 19:16:44 +01:00
nstarke 55a746eeb7 Changing code to catch everything extraneous 2015-01-17 15:46:26 +00:00
nstarke 9baae6e494 Potential Fix For OpenVAS DB Import Issue 2015-01-13 02:46:13 +00:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Meatballs 4ef3de84f3
get some more test cases 2014-08-01 14:34:17 +01:00
Meatballs 92669cd4d6
Use parser 2014-05-20 22:26:13 +01:00
Meatballs 0a2b79ccd1
Tidyup parser 2014-05-20 22:04:59 +01:00
Meatballs 09af023a71
Merge in parser 2014-05-20 21:56:35 +01:00
HD Moore 231138da1b Fix a typo in the nexpose raw importer 2014-04-03 07:12:45 -07:00