7af6f31c3a
Fix message
2015-04-24 11:08:00 -05:00
5ca6fe3cb0
Do code cleanup
2015-04-24 11:07:13 -05:00
e51897d64e
Filepath option
2015-04-24 04:35:59 -03:00
7b0b59b5f6
Add WordPress GI-Media Library Plugin File Read.
2015-04-24 04:24:16 -03:00
e9f8b25987
Update wordpress_contus_video_gallery_sqli.rb
...
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
26d208f089
Update wordpress_contus_video_gallery_sqli.rb
...
remove 'uri'
2015-04-22 14:42:03 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
073850c5ad
Land #5158 , OWA internal IP disclosure scanner
2015-04-21 11:10:39 -05:00
5296c6507d
Land #5157 , OWA login scanner auth timing logs
2015-04-21 11:06:08 -05:00
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
ed588e335b
Changed the print_error output.
2015-04-16 17:32:59 -03:00
bf3bdcffb4
Changed the deph value to 7.
2015-04-16 17:30:28 -03:00
dd474757fe
Changed the print_error output.
2015-04-16 17:26:44 -03:00
f50cedeafd
Changed the depth value to 7.
2015-04-16 17:22:49 -03:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
1455d4e94d
Fix AUTH_TIME
2015-04-16 11:39:33 -05:00
7c572777e1
Fix whitespace
2015-04-16 11:34:50 -05:00
7a9167b235
Fix comments
2015-04-16 11:34:47 -05:00
9bcc988266
Update owa_login
2015-04-16 11:23:04 -05:00
75b88f199a
Create wordpress_cp_calendar_sqli.rb
2015-04-16 09:53:00 -05:00
ecc67b1a57
Fix loot name
2015-04-16 10:42:20 -03:00
d898af5513
Add check version and removed HttpClient
2015-04-16 10:40:35 -03:00
768294710b
Add check and removed HttpClient
2015-04-16 10:22:10 -03:00
890561bff3
Rewriting the condition 'if' for only one line
2015-04-16 09:23:56 -03:00
b90ff36ef4
Rewriting the condition 'if' for only one line
2015-04-16 09:15:17 -03:00
21e964e699
Add Author and references..
2015-04-16 07:20:48 -03:00
f6f4bd0746
Add WordPress Dukapress File Read Vulnerability
2015-04-16 07:17:46 -03:00
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
bec6270f07
Fix regex
2015-04-15 23:47:03 -05:00
01ae7002cf
Fix EOF whitespace
2015-04-15 21:27:53 -05:00
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
66b7179a97
Rename module to owa_iis_internal_ip
2015-04-15 17:10:01 -05:00
a109dae033
Fix EOL whitespace
2015-04-15 16:58:59 -05:00
cc422eeeea
Fix splat
2015-04-15 16:58:18 -05:00
34ce4edacb
Add exchange_iis_internal_ip
2015-04-15 16:55:19 -05:00
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
42e82cc644
Rubocop fixes
2015-04-07 18:21:08 -05:00
7275d5745f
Fixes, refactoring and adding JBoss AS default creds scanning
2015-04-07 17:40:25 -05:00
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
c9e8f9cbea
Add BigIP HTTP VS scanner and fix connection errors
2015-04-03 02:30:03 -04:00
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
a592f645f0
Land #5039 , Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner
2015-04-01 14:34:58 -05:00
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
3e104fd8e6
Add Directory Traversal for RIPS Scanner
2015-03-27 05:08:43 -03:00
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
ee17d6e606
Deleted spaces at EOL
2015-03-23 04:34:38 -04:00
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
6f51946aa0
Land #4969 , GitLab module references
2015-03-20 17:26:51 -05:00
99f3de0843
Clean up info hash formatting
2015-03-20 17:26:21 -05:00
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
2f35fcff99
Fix require
2015-03-20 14:43:42 -05:00
8ee520e749
Add reference
2015-03-20 19:17:34 +00:00
b19f766728
Land #4942 , Gitlab Login Scanner
2015-03-20 13:02:12 -05:00
a2ce14a31e
Land #4941 , Gitlab Unauth User Enumeration
2015-03-20 12:28:35 -05:00
235124a40a
Fix typo
2015-03-20 12:27:23 -05:00
84164b44b2
Should also rescue JSON::ParserError for banner parsing
2015-03-20 12:27:02 -05:00
94ab2f94fd
Remove symbols that aren't used
...
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
d1d6378179
Land #4566 , Misfortune Cookie scanner improvements
2015-03-17 12:32:35 -05:00
f95b783193
I don't need these eitehr
2015-03-17 11:33:49 -05:00
e1ebc6c7fe
Update date, remove URL (will replace later)
2015-03-17 12:50:47 +00:00
0cd85cb052
Correct capitilzation of GitLab
2015-03-17 11:33:57 +00:00
d18224e3cb
Correct capitilzation of GitLab
2015-03-17 11:32:14 +00:00
f4a1e981ab
Add gitlab login scanner
2015-03-17 11:19:23 +00:00
878247f495
Small modifications
2015-03-17 10:03:32 +00:00
f1d5d8f1ce
Store to loot as well
2015-03-17 09:55:28 +00:00
9f40826f8e
Store creds in database
2015-03-17 09:17:08 +00:00
3830e71257
Catch 7.5 401
2015-03-17 09:17:08 +00:00
1b565b0290
Check revision
2015-03-17 09:17:07 +00:00
7216f2a971
Initial commit
2015-03-17 09:17:07 +00:00
14296826f7
A cleaner way to set datastore options
2015-03-17 03:07:49 -05:00
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
e01f824b2c
Fix capitalization warnings
2015-03-17 03:46:00 -04:00
78be03623f
Fix indent warnings
2015-03-17 03:39:04 -04:00
34c30502fd
Add SSL/TLS support, fix minor errors, change default parameters
2015-03-17 02:49:11 -04:00
4d3a1a2f71
fix all duplicated keys in modules
2015-03-14 13:10:42 +01:00
bc0276a9c8
Add scanner for F5 web management interfaces
2015-03-12 06:50:29 -04:00
2f4df39dc9
Fixed typo
2015-03-05 17:40:51 +11:00
f3cad229d3
Fix duplicate hash key "References"
...
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
8c5ff858d0
Land #4812 , hp_sys_mgmt_login configurable URIs
2015-02-23 19:04:14 -06:00
bf103def9e
Add the /ews/ path to enable easy OWA brute force
2015-02-23 14:03:39 -06:00
bcfbcb7eea
Clean up whitespace
2015-02-23 13:15:21 -06:00
ea54696d99
Remove redundant params now provided by the mixin helper
2015-02-22 02:32:28 -06:00
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
f4e512e0ff
Should be an array
2015-02-20 21:56:49 -06:00
40c237f507
Fix #3982 , allow URIs to be user configurable
...
Fix #3982
2015-02-20 21:54:03 -06:00
ffa6550aec
Land #4787 , HD's new Zabbix and Chef LoginScanners
...
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
804db0ff0c
add leixcal sorting to methods
...
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
35511636cc
Land #4788 , splunk_web_login new version support
2015-02-18 11:54:54 -06:00
cc6899d783
Fix a stack trace on null response, thanks @jlee-r7
2015-02-18 00:38:55 -06:00
f4d8a25981
Add support for newer Splunk versions
2015-02-18 00:30:47 -06:00
2847507f03
Add a chef brute force module
2015-02-17 23:49:57 -06:00
27d5ab45b4
Add a zabbix brute force module
2015-02-17 22:56:08 -06:00
f0e69cb526
Fix two cosmetic typos in the axis/glassfish modules
2015-02-17 21:01:35 -06:00
a8108cfc17
Be less stupid in the description
...
[See #4774 ]
2015-02-17 13:04:26 -06:00
14e764ff5a
Move to http subdirectory
...
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
8d982e3286
Pass the framework/module down into LoginScanner
2015-02-07 11:50:30 -06:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
c8864c93d7
remove unused code
2015-02-02 20:04:10 +01:00
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
9ce2dd9815
msftidy
2015-01-30 15:41:11 +01:00
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
f3a2d6663f
Fix #4616 and Fix #3798 - Correctly use OptRegexp
...
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616 ).
It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.
I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798 . The way I see it, #3798 is actually a module-specific issue.
Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text
2015-01-20 13:55:48 -08:00
14fc8d4cd0
Only allow 401/403/404
2015-01-20 13:36:06 -08:00
d68b62cf21
Make canary value (URI) configurable
2015-01-15 13:12:32 -08:00
2dca18265e
Track and vprint canary value and code
2015-01-15 12:34:53 -08:00
3489ea540e
Make status code checking configurable
2015-01-15 12:22:16 -08:00
4641b02646
Base canary path from TARGET_URI
2015-01-15 12:05:10 -08:00
1f6defda73
Use more correct check codes
2015-01-14 13:10:35 -08:00
9e76e0b0d8
Simplify. Document. Handle edge cases
...
Simplify detection logic.
Document testing method better
Ensure that body doesn't include canary cookie name too
Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
d4843f46ed
Make auth checking optional and off by default
2015-01-11 12:15:57 -08:00
9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer
2015-01-11 12:10:40 -08:00
b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...)
2015-01-09 13:20:18 -08:00
831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner
2015-01-09 12:58:35 -08:00
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
jvazquez-r7
Roberto Soares
Brandon Perry
Brent Cook
Brandon Perry
Christian Mehlmauer
William Vu
Nate Power
Tod Beardsley
sinn3r
Zach Grace
root
Denis Kolegov
Meatballs
Sven Vetsch
aushack
HD Moore
David Maloney
Jon Hart
dmooray