John Sawyer
|
0a27a18104
|
Committing changes from r7 comments
|
2014-08-23 00:08:27 -04:00 |
John Sawyer
|
1959f7a235
|
Updated shodan_search for new API
|
2014-08-20 00:48:13 -04:00 |
jvazquez-r7
|
674c3ca260
|
Use [] for references
|
2014-07-30 10:44:42 -05:00 |
Christian Mehlmauer
|
3d2a62bc29
|
Updated W3 Total Cache Hash extract module
|
2014-07-29 19:49:48 +02:00 |
jvazquez-r7
|
8937fbb2f5
|
Fix email format
|
2014-07-11 12:45:23 -05:00 |
William Vu
|
43f41de124
|
Land #3508, CVE-2014-4671 Flash JSONP disclosure
|
2014-07-11 10:11:48 -05:00 |
joev
|
b8225ae2dc
|
Remove unnecessary ||= and ivars.
|
2014-07-10 16:06:28 -05:00 |
joev
|
e0389dfbc3
|
Update code as per @wvu's code review.
|
2014-07-10 15:03:40 -05:00 |
joev
|
dd439066ca
|
Patch rhost to display hostname of JSONP_URL.
|
2014-07-10 12:02:22 -05:00 |
joev
|
841cb6a590
|
STEAL_URL -> STEAL_URLS.
|
2014-07-10 09:14:32 -05:00 |
joev
|
fad30bc874
|
Add flash rosetta exploit module for stealing URLs.
|
2014-07-10 09:09:10 -05:00 |
HD Moore
|
002234993f
|
SMB lib fixes, unattend.xml cred gathering
|
2014-06-23 20:08:42 -05:00 |
Meatballs
|
615aeb66a5
|
Dont use or
|
2014-06-23 23:11:04 +01:00 |
Meatballs
|
752007848b
|
Tidy up code
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
|
2014-06-23 23:08:33 +01:00 |
HD Moore
|
2772d84a18
|
Major rework of this module, please see the diff
|
2014-06-23 16:13:42 -05:00 |
William Vu
|
a0aca251f5
|
Land #3472, releae fixes
|
2014-06-23 11:41:35 -05:00 |
Tod Beardsley
|
0219c4974a
|
Release fixups, word choice, refs, etc.
|
2014-06-23 11:17:00 -05:00 |
William Vu
|
40d1ec551e
|
Add WEP, PSK, and MGT
|
2014-06-21 23:15:20 -05:00 |
Spencer McIntyre
|
c685e0d06e
|
Land #3444, chromecast wifi enumeration
|
2014-06-17 22:09:58 -04:00 |
William Vu
|
1394ad1431
|
Break my double quote habit
Doesn't it feel better? C doesn't love me anymore.
|
2014-06-17 14:22:55 -05:00 |
William Vu
|
8376b4aa2b
|
Map constants to readable values
Thanks, @zeroSteiner and @kernelsmith. :)
|
2014-06-17 13:10:08 -05:00 |
Tod Beardsley
|
2aa26fa290
|
Minor spacing and word choice fixups
|
2014-06-16 11:40:21 -05:00 |
Tod Beardsley
|
1ab379a0fe
|
Land #3448, ident =! indent
|
2014-06-12 14:15:06 -05:00 |
Tod Beardsley
|
e9783200f2
|
Land #3447, fix variable typo
|
2014-06-12 14:07:34 -05:00 |
William Vu
|
cb91b2b094
|
Fix broken table indent (s/Ident/Indent/ hash key)
|
2014-06-12 13:41:44 -05:00 |
Jon Cave
|
a647246148
|
Use correct variable name
|
2014-06-12 19:38:41 +01:00 |
Tod Beardsley
|
3f5e50d18f
|
Aux modules don't have ranking.
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
|
2014-06-12 13:21:59 -05:00 |
joev
|
6bc37cca0c
|
Land #3430, @brandonprry's generic MongoDB injection enum.
|
2014-06-11 21:41:23 -05:00 |
William Vu
|
23f7fe45ed
|
Add Chromecast wifi enumeration module
|
2014-06-11 21:00:47 -05:00 |
Brandon Perry
|
cca91dd7c5
|
Update mongodb_js_inject_collection_enum.rb
some @jvennix-r7 fixes
|
2014-06-11 17:07:57 -05:00 |
Brandon Perry
|
4367e8ef0c
|
Update mongodb_js_inject_collection_enum.rb
Fix some logic bugs that caused incorrect results.
|
2014-06-07 21:03:28 -05:00 |
Brandon Perry
|
dc89621d5c
|
Update mongodb_js_inject_collection_enum.rb
No need to make extra requests. Off by one.
|
2014-06-07 20:09:00 -05:00 |
Brandon Perry
|
2663af986b
|
Update mongodb_js_inject_collection_enum.rb
This adds a bit more error handling, and better decision making in regards to false responses.
|
2014-06-07 19:58:12 -05:00 |
Brandon Perry
|
4071fb332b
|
Create mongodb_js_inject_collection_enum.rb
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
|
2014-06-07 11:20:34 -05:00 |
jvazquez-r7
|
69e8286838
|
Fix title
|
2014-05-27 10:29:32 -05:00 |
jvazquez-r7
|
1316365c2f
|
Fix description
|
2014-05-27 10:22:39 -05:00 |
jvazquez-r7
|
abe1d6ffc7
|
Land #3190, @Karmanovskii's module to fingerprint MyBB database
|
2014-05-27 10:20:24 -05:00 |
jvazquez-r7
|
86221de10e
|
Fix message
|
2014-05-27 10:18:27 -05:00 |
jvazquez-r7
|
b96c2dd0ca
|
Change module filename
|
2014-05-27 10:15:39 -05:00 |
jvazquez-r7
|
1d8c46155b
|
Do last code cleaning
|
2014-05-27 10:14:55 -05:00 |
Karmanovskii
|
eacf70af83
|
Update mybb_get_type_db.rb
26.05.2014 23:26
I deleted mimicking IE11
|
2014-05-26 23:26:28 +04:00 |
Chris Hebert
|
99046ba12a
|
Update alienvault_newpolicyform_sqli.rb
Added EDB link - should be ready now.
|
2014-05-23 10:07:45 -04:00 |
Tod Beardsley
|
fa353e6bd9
|
Add CVE, IBM ref for SameTime modules
|
2014-05-22 11:34:04 -05:00 |
Karmanovskii
|
e26dee5e22
|
Update mybb_get_type_db.rb
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
|
2014-05-19 21:32:30 +04:00 |
Karmanovskii
|
06912ac2b6
|
Update mybb_get_type_db.rb
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
|
2014-05-17 16:30:29 +04:00 |
Karmanovskii
|
cbb84e854c
|
Update mybb_get_type_db.rb
14.05.2014
Eliminated notes jvazquez-r7
|
2014-05-14 14:56:40 +04:00 |
Christian Mehlmauer
|
3f3283ba06
|
Resolved some msftidy warnings (Set-Cookie)
|
2014-05-12 21:23:30 +02:00 |
Chris Hebert
|
681e4194ea
|
Update alienvault_newpolicyform_sqli.rb
and the new variable as well.
|
2014-05-10 20:19:40 -04:00 |
Chris Hebert
|
3ae3c478bd
|
Update alienvault_newpolicyform_sqli.rb
enhanced as requested by Christian Mehlmauer
changed xnDa to a random string to make IDS harder to detect.
|
2014-05-10 20:17:30 -04:00 |
Chris Hebert
|
1affbfbe9d
|
Update alienvault_newpolicyform_sqli.rb
fixed reinitialize i=0, full = '' and filename .....
spotted by Spencer McIntyre - thanks.
|
2014-05-10 18:49:41 -04:00 |
Chris Hebert
|
8e79663001
|
Update alienvault_newpolicyform_sqli.rb
Added vendor advisory
|
2014-05-10 18:31:12 -04:00 |
Chris Hebert
|
ec1df58bf7
|
Update alienvault_newpolicyform_sqli.rb
Changed reference -- OSVDB # 106815
(waiting for EDB - no response yet)
|
2014-05-10 18:14:09 -04:00 |
Chris Hebert
|
473efe1040
|
Update alienvault_newpolicyform_sqli.rb
|
2014-05-10 17:28:50 -04:00 |
mvdevnull
|
117e0b839b
|
Add module - alienvault_newpolicyform_sqli
|
2014-05-09 15:10:58 -04:00 |
Tod Beardsley
|
c6affcd6d3
|
Fix caps, description on F5 module
The product name isn't "Load Balancer" as far as I can tell.
|
2014-05-05 13:38:53 -05:00 |
jvazquez-r7
|
9cd6c5ef2b
|
Land #3297, @Th4nat0s's F6 backends disclosure module
|
2014-04-30 09:31:37 -05:00 |
jvazquez-r7
|
4e80e1c239
|
Clean up pull request code
|
2014-04-30 09:31:07 -05:00 |
Thanat0s
|
70314494ca
|
test nil of port & host
|
2014-04-28 23:33:01 +02:00 |
Thanat0s
|
fe3f7fd76a
|
Obey to reviewer.. code fix
|
2014-04-28 23:26:29 +02:00 |
Thanat0s
|
2396d497d8
|
move scanner to gather
|
2014-04-28 12:57:54 +02:00 |
Spencer McIntyre
|
9ccb9397e3
|
Land #3264, throttl and csv output support for module
|
2014-04-23 19:00:28 -04:00 |
Spencer McIntyre
|
e2b92a824f
|
Change white space for authors in dns_reverse_lookup
|
2014-04-23 18:56:27 -04:00 |
Thanat0s
|
457c48b89b
|
Error on sleep
|
2014-04-23 11:38:23 +02:00 |
sinn3r
|
d7513b0eb2
|
Handle nil properly when no results are found
|
2014-04-15 18:19:29 -05:00 |
Tod Beardsley
|
40a359f312
|
Include a vhost for Shodan or else it complains
Works now. The rhost option was not keeping the custom vhost option.
````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...
[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*] Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...
IP Results
==========
````
|
2014-04-14 21:23:27 -05:00 |
Tod Beardsley
|
1436f68955
|
Fix shodan to not muck with datastore
|
2014-04-14 21:21:11 -05:00 |
Thanat0s
|
176204d62d
|
With implemented remarks
|
2014-04-14 21:11:04 +02:00 |
Thanat0s
|
dd7bceee56
|
fix threaded issues
|
2014-04-12 17:43:39 +02:00 |
Thanat0s
|
d493c48cc6
|
add thottling,notes insert and output to dns_rev_lookup
|
2014-04-12 16:36:18 +02:00 |
Tod Beardsley
|
56662bd89b
|
Correct corpwatch_lookup_name datastore usage
[SeeRM #8498]
|
2014-04-10 16:56:55 -05:00 |
Tod Beardsley
|
06dedeec8f
|
Update corpwatch_lookup_id to run correctly
[SeeRM #8498]
|
2014-04-10 16:52:34 -05:00 |
Tod Beardsley
|
062175128b
|
Update @Meatballs and @FireFart in authors.rb
|
2014-04-09 10:46:10 -05:00 |
Tod Beardsley
|
7572d6612e
|
Spelling and grammar on new release modules
|
2014-04-07 12:18:13 -05:00 |
Karmanovskii
|
5dbd124ef9
|
Update mybb_get_type_db.rb
|
2014-04-05 02:53:43 -07:00 |
Karmanovskii
|
c035715a71
|
Update mybb_get_type_db.rb
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
|
2014-04-05 02:50:53 -07:00 |
jvazquez-r7
|
e2cbcf3c5d
|
Land #3179, @brandonprry AlienVault sqli aux module
|
2014-04-04 09:17:11 -05:00 |
jvazquez-r7
|
ff6105e55d
|
Add check codes
|
2014-04-04 09:13:43 -05:00 |
Brandon Perry
|
44db611845
|
defaultoptions, not option
|
2014-04-04 05:55:35 -07:00 |
jvazquez-r7
|
6f14cd225d
|
Do minor clean up
|
2014-04-03 23:22:44 -05:00 |
Christian Mehlmauer
|
253a1c1f87
|
Land #3180, EMC Cloud Tiering Appliance Unauthed XXE with root perms
|
2014-04-03 22:02:13 +02:00 |
Brandon Perry
|
a57da00932
|
fix refs line
|
2014-04-03 14:07:00 -07:00 |
Brandon Perry
|
51f83fccde
|
add some checks in vase the file wasn't retrievable
|
2014-04-03 14:04:05 -07:00 |
Brandon Perry
|
e2ded663a6
|
make more robust
|
2014-04-03 06:15:09 -07:00 |
Brandon Perry
|
53b8148438
|
make more random
|
2014-04-03 05:52:35 -07:00 |
Brandon Perry
|
77b64ee77d
|
make more random
|
2014-04-03 05:41:00 -07:00 |
Brandon Perry
|
75dc4c459b
|
msftidy
|
2014-04-02 13:22:21 -07:00 |
Brandon Perry
|
bb82277a41
|
msftidy
|
2014-04-02 13:20:13 -07:00 |
Brandon Perry
|
abc0b31f26
|
exploithub wat
|
2014-04-02 13:18:48 -07:00 |
Brandon Perry
|
765657d55a
|
alienvault module
|
2014-04-02 13:09:46 -07:00 |
Brandon Perry
|
d3f353118a
|
edb update
|
2014-04-02 13:06:54 -07:00 |
Brandon Perry
|
32cd846fe4
|
emc cta xxe module
|
2014-04-02 13:05:53 -07:00 |
Karmanovskii
|
b11df0eaf0
|
Update and rename myBB_GetTypeDB.rb to mybb_get_type_db.rb
|
2014-03-28 16:47:49 -07:00 |
William Vu
|
2344a9368e
|
Fix warnings generated by #3158
Keeping ManualRanking for DoS modules.
|
2014-03-31 12:35:15 -05:00 |
Karmanovskii
|
0b51e7459c
|
Update myBB_GetTypeDB.rb
I have added detection MyBB forum.
|
2014-03-24 12:19:51 -07:00 |
Tod Beardsley
|
cd9182c77f
|
Msftidy warning fix on Joomla module.
Pre-commit hooks people.
|
2014-03-24 12:03:12 -05:00 |
sinn3r
|
93ad818358
|
Fix header and e-mail format for author
|
2014-03-20 12:07:50 -05:00 |
Brandon Perry
|
9b2cfb6c84
|
change default targeturi to something more universal
|
2014-03-19 21:03:50 -05:00 |
Brandon Perry
|
b52a535609
|
add official url
|
2014-03-19 20:41:32 -05:00 |
Brandon Perry
|
ab42cb1bff
|
better error handling for the user
|
2014-03-19 18:46:57 -05:00 |
Brandon Perry
|
2ef2f9b47c
|
use vars_get
|
2014-03-19 07:51:34 -07:00 |
Brandon Perry
|
920b2da720
|
Merge branch 'master' into joomla_sqli
|
2014-03-19 07:43:32 -07:00 |
Brandon Perry
|
a01dd48640
|
a bit better error message if injection works but no file
|
2014-03-13 13:38:43 -07:00 |
Brandon Perry
|
b0688e0fca
|
clarify LOAD_FILE perms in description
|
2014-03-13 13:11:27 -07:00 |
Brandon Perry
|
2734b89062
|
update normalize_uri calls
|
2014-03-13 06:55:15 -07:00 |
Brandon Perry
|
7540dd83eb
|
randomize markers
|
2014-03-12 20:11:55 -05:00 |
Brandon Perry
|
3fedafb530
|
whoops, extra char
|
2014-03-12 19:54:58 -05:00 |
Brandon Perry
|
aa00a5d550
|
check method
|
2014-03-12 19:47:39 -05:00 |
Brandon Perry
|
9cb1c1a726
|
whoops, typoed the markers
|
2014-03-12 10:58:34 -07:00 |
Brandon Perry
|
6636d43dc5
|
initial module
|
2014-03-12 10:46:56 -07:00 |
William Vu
|
170608e97b
|
Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
|
2014-03-11 11:18:54 -05:00 |
Karmanovskii
|
6d748f49d3
|
Update myBB_GetTypeDB.rb
1.I added comment header;
2.I made a link to your account as a comment;
3.I added a link https://github.com/rapid7/metasploit-framework/pull/3070
Items 2 and 3 on the advice wchen-r7
|
2014-03-07 10:49:30 -08:00 |
Karmanovskii
|
162527c0e4
|
Update and rename modules/auxiliary/analyze/myBB_GetTypeDB.rb to modules/auxiliary/gather/myBB_GetTypeDB.rb
Minor changes and bug: "Msf :: Auxiliary" - forgot to change
|
2014-03-06 09:43:23 -08:00 |
sinn3r
|
f0e97207b7
|
Fix email format
|
2014-03-04 17:51:24 -06:00 |
Brandon Perry
|
c86764d414
|
update default password to root
|
2014-03-04 11:55:30 -08:00 |
Brandon Perry
|
2b06791ea6
|
updates regarding PR comments
|
2014-03-04 10:08:31 -08:00 |
Brandon Perry
|
a3523bdcb9
|
Update mantisbt_admin_sqli.rb
remove extra new line and fix author line
|
2014-03-04 08:44:53 -06:00 |
Brandon Perry
|
98b59c4103
|
update desc
|
2014-03-03 12:40:58 -08:00 |
Brandon Perry
|
c5d1071456
|
add mantisbt aux module
|
2014-03-03 12:36:38 -08:00 |
James Lee
|
d2945b55c1
|
Fix typo
inside_workspace_boundary() -> inside_workspace_boundary?()
|
2014-02-24 14:46:08 -06:00 |
Tod Beardsley
|
1236a4eb07
|
Fixup on description and some option descrips
|
2014-02-10 14:41:59 -06:00 |
sinn3r
|
8a8bc74687
|
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
|
2014-02-10 13:49:02 -06:00 |
sinn3r
|
306b31eee3
|
Small changes before merging
|
2014-02-10 13:47:31 -06:00 |
jvazquez-r7
|
ac52edabd5
|
Land #2801, Land @kicks4kittens IBM Sametime modules
|
2014-02-06 10:17:03 -06:00 |
jvazquez-r7
|
30c325c22e
|
Make better json check
|
2014-02-06 10:16:26 -06:00 |
kicks4kittens
|
564f9bccc8
|
Correct print output
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
|
2014-02-05 22:00:02 +01:00 |
kicks4kittens
|
445cd7be5a
|
remove "on {peer}
line already includes {peer} info
|
2014-02-05 21:57:58 +01:00 |
kicks4kittens
|
4c0c9101aa
|
Correct check, reinstate print
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
|
2014-02-05 21:56:56 +01:00 |
kicks4kittens
|
60cf68f899
|
added default SSL
|
2014-02-05 21:54:02 +01:00 |
kicks4kittens
|
3560b41eb2
|
correct variable name
body isn't valid, replaced with res.body and tested
|
2014-02-05 21:51:55 +01:00 |
Tod Beardsley
|
9953821451
|
Fix desc on Drupal module, some peer prints
|
2014-02-03 12:16:06 -06:00 |
bcoles
|
9b9b2fab58
|
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
|
2014-02-04 02:00:11 +10:30 |
sinn3r
|
f7ecae3f75
|
Land #2909 - Drupal OpenID External Entity Injection
|
2014-01-24 15:03:07 -06:00 |
sinn3r
|
c8e2301111
|
Be more informative about why CheckCode::Unknown
This is just kind of personal preference here. In case users wonder
why Unknown.
|
2014-01-24 15:01:52 -06:00 |
jvazquez-r7
|
cf17bf2e72
|
Small fix
|
2014-01-23 19:34:50 -06:00 |
jvazquez-r7
|
43de7eb74f
|
Use REXML
|
2014-01-23 19:32:42 -06:00 |
jvazquez-r7
|
5a59e3d4e4
|
Fix typo
|
2014-01-23 18:53:58 -06:00 |
jvazquez-r7
|
f529eb1d4b
|
Clean code
|
2014-01-23 18:51:24 -06:00 |
jvazquez-r7
|
8e17d38c77
|
Add check method
|
2014-01-23 18:30:18 -06:00 |
jvazquez-r7
|
b0deb45fad
|
Add Drupal advisory as reference
|
2014-01-23 18:10:57 -06:00 |
jvazquez-r7
|
6d0d7eda10
|
Delete garbage comment
|
2014-01-23 18:09:05 -06:00 |
jvazquez-r7
|
72b72effa6
|
Add module for CVE-2012-4554
|
2014-01-23 18:04:31 -06:00 |
sinn3r
|
7080bb336c
|
Update ColdFusion check
|
2014-01-19 17:05:03 -06:00 |
sinn3r
|
4fdd2c19a1
|
Update vbulletin check
|
2014-01-19 16:54:27 -06:00 |
jvazquez-r7
|
01ab6fd545
|
Do small fixes
|
2014-01-17 17:59:03 -06:00 |
jvazquez-r7
|
5ec062ea1c
|
Beautify print message
|
2014-01-17 17:42:26 -06:00 |
jvazquez-r7
|
d96772ead1
|
Clean multi-threading on ibm_sametime_enumerate_users
|
2014-01-17 17:38:16 -06:00 |
jvazquez-r7
|
bb3d9da0bb
|
Do first cleaning on ibm_sametime_enumerate_users
|
2014-01-17 16:33:25 -06:00 |
jvazquez-r7
|
584401dc3f
|
Clean ibm_sametime_room_brute code
|
2014-01-17 15:57:12 -06:00 |
jvazquez-r7
|
4d079d47b8
|
Enable SSL by default
|
2014-01-17 15:34:33 -06:00 |
jvazquez-r7
|
277711b578
|
Fix metadata
|
2014-01-17 15:31:51 -06:00 |