787deb4b23
Change service name to something more appropriate
...
Technically, it's part of DIAL, but we don't want to confuse the user
even more.
2015-02-17 12:41:31 -06:00
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
e16614abb9
Program a bit more defensively
...
Even though /setup/eureka_info should always be JSON...
2015-02-17 05:04:26 -06:00
ea4dd023ae
Add SSID to report_service info
2015-02-17 04:46:11 -06:00
e5d6af6b23
Gather info from /setup/eureka_info
...
Looks better with SSID.
2015-02-17 04:37:16 -06:00
b6f83937ef
Add chromecast_webserver scanner
2015-02-17 03:27:48 -06:00
22664e63ca
Increase default timeout
2015-02-16 19:07:55 +00:00
5fba54db99
Add addtional timing options
2015-02-16 19:07:55 +00:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
b07ef333e9
Fix java_rmi_server include
2015-02-10 12:52:19 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
0a42ac947a
Land #4737 , fix Socket Context usages
2015-02-09 17:34:03 -06:00
7ee5fd9b32
Fix lotus_domino to use get_cookies correctly.
2015-02-09 17:29:44 -06:00
b1726fd609
Missing comma
2015-02-07 11:56:22 -06:00
8d982e3286
Pass the framework/module down into LoginScanner
2015-02-07 11:50:30 -06:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
54a5dd69a9
Land #4698 , WP GHOST scanner dead code removal
2015-02-02 16:54:09 -06:00
c8864c93d7
remove unused code
2015-02-02 20:04:10 +01:00
8740fd9015
Convert #find_all_by_X to #where
2015-01-31 21:07:50 -06:00
efd7a8c962
Land #4670 , dns_amp RA flag fix
2015-01-30 14:46:15 -06:00
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
9ce2dd9815
msftidy
2015-01-30 15:41:11 +01:00
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
42ef5716e8
Don't test ra flag to get upward referrals/additional RRs
2015-01-30 02:20:24 +01:00
2c05b1ee50
Use QUERYTYPE instead of hardcode ANY type
2015-01-29 22:54:06 +01:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
f3a2d6663f
Fix #4616 and Fix #3798 - Correctly use OptRegexp
...
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616 ).
It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.
I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798 . The way I see it, #3798 is actually a module-specific issue.
Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text
2015-01-20 13:55:48 -08:00
14fc8d4cd0
Only allow 401/403/404
2015-01-20 13:36:06 -08:00
d68b62cf21
Make canary value (URI) configurable
2015-01-15 13:12:32 -08:00
2dca18265e
Track and vprint canary value and code
2015-01-15 12:34:53 -08:00
3489ea540e
Make status code checking configurable
2015-01-15 12:22:16 -08:00
4641b02646
Base canary path from TARGET_URI
2015-01-15 12:05:10 -08:00
621cada2ac
Undo build_gc_call_data refactoring
2015-01-14 16:47:28 -06:00
1f6defda73
Use more correct check codes
2015-01-14 13:10:35 -08:00
b7eb4d24aa
Squash another rogue 5009
2015-01-13 10:36:43 -08:00
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
01a9fb1483
Spelling
2015-01-12 19:29:41 -08:00
a076a9ab89
report_vuln
2015-01-12 19:23:08 -08:00
d5cdfe73ed
Big style cleanup
2015-01-12 19:11:14 -08:00
9721993b8f
Allow blank password, remote more unused opts, print private
2015-01-12 18:43:54 -08:00
44059a6e34
Disable more unused options
2015-01-12 14:15:40 -08:00
ec506af8ea
Make ACPP login work
2015-01-12 14:01:23 -08:00
e9557ffe58
Simplify module in prep for some authbrute cleanups
2015-01-12 13:08:12 -08:00
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
9e76e0b0d8
Simplify. Document. Handle edge cases
...
Simplify detection logic.
Document testing method better
Ensure that body doesn't include canary cookie name too
Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
d4843f46ed
Make auth checking optional and off by default
2015-01-11 12:15:57 -08:00
9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer
2015-01-11 12:10:40 -08:00
b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...)
2015-01-09 13:20:18 -08:00
831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner
2015-01-09 12:58:35 -08:00
ca765e2cc5
Refactor client mixin
2015-01-08 15:46:24 -06:00
3debcef00b
Fix call from aux module
2015-01-08 14:24:27 -06:00
c205ef28d4
Refactor build_gc_call
2015-01-08 14:01:04 -06:00
73e3cd19c3
Convert java_rmi_server aux mod to use new mixin
2015-01-08 00:29:50 -06:00
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
6b0a98b69c
Resolve #4408 - bad uncaught nil get_once
2014-12-17 14:02:42 -06:00
f6af86a06d
Land #4402 , ms12_020_check NilClass fix
2014-12-16 15:34:25 -06:00
2604746fb7
Land #4361 , Kippo detector
2014-12-15 14:54:48 -06:00
8394cc13a8
Perform final cleanup of detect_kippo
2014-12-15 14:38:38 -06:00
c611249723
Take full advantage of the check command
2014-12-15 12:50:59 -06:00
9edb2b4fab
Fix #4378 - Do exception handling
...
Fix #4378
2014-12-15 12:37:36 -06:00
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
8dd5da9d64
added blog post reference
2014-12-12 18:53:26 -08:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
338cce02c9
Downcase the service name for consistency
2014-12-12 16:40:42 -06:00
f5374d1552
Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs
2014-12-12 11:57:35 -08:00
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
de88908493
code style
2014-12-11 23:30:20 +01:00
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
7afa87f168
screwed up formatting. updated indention at the end. ok seriously, going to bed now
2014-12-11 01:05:56 -08:00
291166e1ff
forgot to run through msftidy.rb. made a few minor corrections
2014-12-11 00:47:39 -08:00
a1624c15ae
Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc.
2014-12-11 00:40:20 -08:00
22c9db5818
added detect_kippo.rb
2014-12-10 19:37:35 -08:00
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
916503390d
use get_data
2014-12-08 22:49:02 +01:00
fb9724e89d
fix heartbleed cert parsing, fix #4309
2014-12-08 21:58:38 +01:00
85e0d72711
Land #4229 , @tatehansen's module for CVE-2014-7992
2014-12-04 17:20:49 -08:00
f0cfcd4faf
Update dlsw_leak_capture name and print_
...
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
3aecd3a10e
added DLSw v1 and v2 check, added check for \x00 in leak segment
2014-12-03 23:27:11 -07:00
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
79b2b5e231
RPORT is required by UDPScanner; deregister instead
2014-11-26 07:39:14 -08:00
d4e5cd25e1
Report credentials for new login level 15
2014-11-25 16:35:16 -06:00
dc253efa19
Use Rex::Text.rand_text*
2014-11-25 16:35:06 -06:00
f20afff1a8
Do return instead of abort
2014-11-25 16:34:57 -06:00
d876efaa0f
Delete ssh_socket attribute
2014-11-25 16:34:47 -06:00
5091bc76ad
Do minor cleanup
2014-11-25 16:34:22 -06:00
c92a26e967
Update from upstream master
2014-11-25 16:30:45 -06:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
77b1f2d2f0
Fixup for release
...
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061 .
2014-11-24 10:50:43 -06:00
e9750e2df8
Minor style/usability cleanups
2014-11-24 06:57:31 -08:00
57419bb0fc
Fix #4253 - Print access level for snmp_login
...
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
9828598cb7
removing timeout method and option
2014-11-22 00:28:56 -07:00
57b04f96a7
working with DLSw protocol check
2014-11-21 23:54:00 -07:00
b9a274f869
improving DLSw detection
2014-11-21 18:58:02 -07:00
3ac1f7d4fb
Land #4242 , @Meatballs1 fix for sap_service_discovery report_note
...
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
e30ee9fee2
Update with :unique_data
2014-11-21 10:14:39 -06:00
99a23ada5c
Module cleanup, error handling, and reporting
2014-11-20 16:18:20 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
2f6c4a9ba4
Slight tweak to description/author email formatting
2014-11-20 14:53:52 -06:00
ee15179441
Fix service discovery errors
2014-11-20 18:22:33 +00:00
8306d739e3
add scanner module to extract domain from NTLM challenge
2014-11-20 11:02:21 -05:00
a4a1048f95
modified to get data collection off sock working
2014-11-19 11:17:58 -07:00
7d6e7a6bfa
Minor Ruby style and module usability cleanup
2014-11-18 16:33:05 -08:00
6b8b49ff98
improving metasploit module based on feedback
2014-11-18 15:03:18 -07:00
542eb6e301
Handle exception in brute force exploits
2014-11-18 12:17:10 -08:00
82f89e620b
Clean up nfs mount scanner to *print_* better
2014-11-18 12:17:10 -08:00
b2f9307e0a
vprint # of RPC programs, since the table comes right after
2014-11-18 12:17:10 -08:00
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
c7794a7ed9
Clean up Ruby style in sunrpc_portmapper
2014-11-18 12:17:09 -08:00
059d84e4ca
More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper
2014-11-18 12:17:09 -08:00
703e0486fb
Add DLSw leak capture module for CVE-2014-7992
2014-11-17 20:35:54 -07:00
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
54158c8662
Land #4005 , TNS poison checker
2014-11-12 13:29:59 -06:00
d242bc220b
Minor fixups and disclosure date for TNS module
2014-11-12 13:25:10 -06:00
William Vu
Brent Cook
Meatballs
jvazquez-r7
Tod Beardsley
HD Moore
Christian Mehlmauer
Christian Catalan
Guillaume Delacour
sinn3r
Jon Hart
dmooray
Brandon Perry
Andrew Morris
dmaloney-r7
Jonathan Claudius
tate
Roberto Soares Espreto
Tiago Sintra
Rich Whitcroft