infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,585 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

2777 Commits (42c8a2d2655609563133138d6e8dfc78046d4a28)

Author SHA1 Message Date
jvazquez-r7 5fe2f967da this rescue is done in the mixin 2013-01-09 21:28:06 +01:00
HD Moore 07f8eb6a07 Fix up a typo 2013-01-09 13:05:27 -06:00
HD Moore adb4c89602 Add a scanner module for CVE-2013-0156 2013-01-09 12:50:38 -06:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
smilingraccoon a0a4ef843b added error msgs to rescue 2013-01-09 11:22:36 -05:00
Meatballs 4cadffc06a msftidy 2013-01-09 10:37:40 +00:00
Meatballs 46139849a9 Move to .empty? over length 2013-01-09 10:36:06 +00:00
Meatballs a8400030f8 Also correct outut of hash when length is 0 2013-01-09 10:26:57 +00:00
Meatballs d36fcd5441 Fix smb capture error 2013-01-09 09:50:21 +00:00
sinn3r 4e70f7d888 Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive 2013-01-09 01:13:43 -06:00
Thomas McCarthy f45739933e Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb 
Changed name var in initialize
 2013-01-08 19:20:02 -05:00
lmercer 69485ba261 made changes as specified in Redmine Bug #7139 2013-01-08 12:14:57 -05:00
Joshua J. Drake 3ceb313752 Fixes format string issue in smb_login - FixRM #7657 2013-01-07 22:17:49 -06:00
Joshua J. Drake c74d258509 Revert "Fixes format string issue in smb_login - FixRM #7657" 
Will replay on separate branch.

This reverts commit a12b628ccc.
 2013-01-07 22:03:57 -06:00
Joshua J. Drake 60987de854 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-07 21:20:20 -06:00
Joshua J. Drake a12b628ccc Fixes format string issue in smb_login - FixRM #7657 2013-01-07 21:20:09 -06:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
smilingraccoon 9f69dbbd30 update unless statements, targeturi, and resolve var 2013-01-07 13:17:49 -05:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 6a9445966a Caught missing paren 2013-01-07 11:21:55 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
smilingraccoon 0de23a7edb fixed description 2013-01-04 21:16:56 -05:00
smilingraccoon e35afdce5d added wordpress-pingback scanner 2013-01-04 20:59:33 -05:00
smilingraccoon 3936725958 added wordpress-pingback scanner 2013-01-04 20:44:40 -05:00
Christian Mehlmauer 6654faf55e Msftidy fixes 2013-01-04 09:29:34 +01:00
sinn3r 6f50410e5f Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1 2013-01-03 17:51:54 -06:00
James Lee 9e912a23ff Merge branch 'rapid7' into FireFart-msftidy_aux_1 2013-01-03 16:54:25 -06:00
Tonimir Kisasondi 39e81fb07f Update modules/auxiliary/scanner/http/wordpress_login_enum.rb 
Simple fix for msfconsole start error.
 2013-01-03 21:52:10 +01:00
Tod Beardsley 1406f7cb0a Msftidy on sap_router_info_request 2013-01-03 10:55:11 -06:00
Christian Mehlmauer 8cada447b2 msftidy: remove $Id$ 2013-01-03 10:21:10 +01:00
Christian Mehlmauer e4a6669927 msftidy: remove $Revision$ 2013-01-03 01:05:45 +01:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
Rob Fuller 88d12da3db hilight positive results in WebDAV scanner 
As suggested by Lee Baird
 2013-01-02 13:27:25 -05:00
sinn3r 33ea21e415 Merge branch '403labs-zgrace-wordpress_login_enum' 2012-12-28 17:47:05 -06:00
sinn3r d92b3bd2e1 Apply fixes 2012-12-28 17:46:17 -06:00
Tod Beardsley e5eb8c6301 Fix connected in sap_router_info_request 
See #1028 comments
 2012-12-28 16:34:59 -06:00
sinn3r 2746a57093 Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum 2012-12-28 15:42:09 -06:00
Tod Beardsley 3daea913b1 Merge branch 'sap_router_info_request' 2012-12-28 15:22:44 -06:00
Tod Beardsley 35604ac1aa Normalizing caps and expanding description a bit 
Be nice to have a couple more lines on the description
 2012-12-28 15:12:40 -06:00
Tod Beardsley 5d7197d8ba Moved shout outs, organized includes 
include Msf::Exploit::Remote::Tcp must precede the include for the
Scanner mixin -- otherwise you end up with some undesired effects, like
having an RHOST and RHOSTS on the datastore.

Also, took out the block of shout outs and gave references and credits
to the people / url's mentioned.
 2012-12-28 14:51:23 -06:00
Tod Beardsley c2586d0907 Instead of raising, offer advice on BPF filtering 
Many people don't know how to disable ICMP echo responses off the top of
their head. However, the problem is solvable with a decent BPF filter.
 2012-12-27 15:18:18 -06:00
Tod Beardsley c6533621a0 Oops removing debug prints 2012-12-27 14:58:52 -06:00
Tod Beardsley c695f429d5 Mirror upstream PacketFu fix on ICMP size 2012-12-27 14:56:49 -06:00
Tod Beardsley 121353b360 Fixing EOLs to unix 
In vim:

:set fileformat=unix
:wq

ta-da
 2012-12-27 13:54:50 -06:00
Tod Beardsley 9fa6c9f4c4 Merge remote branch 'ChrisJohnRiley/icmp_exfil' into icmp_exfil 2012-12-27 13:52:19 -06:00
Zach Grace d4bdf1b6b4 Added user name enumeration based on author id enumeration 2012-12-24 16:09:03 -06:00
sinn3r 2c4d517e75 Merge branch 'useragent_cleanup' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-useragent_cleanup 2012-12-21 11:14:06 -06:00
Chris John Riley 413b75cd8b Fixed crash issues with unescape 
Added better formatting to avoid pages of output
 2012-12-21 12:07:14 +01:00
Chris John Riley e237512bd7 Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate) 2012-12-21 10:47:45 +01:00
sinn3r cad8abef48 msftidy cleanup 2012-12-18 11:46:27 -06:00
sinn3r 860ebbcfb1 Merge branch 'master' into averagesecurityguy-master 2012-12-18 11:45:41 -06:00
sinn3r 0344c568fd Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes 2012-12-18 11:38:14 -06:00
sinn3r 9825b07df8 Merge branch 'sap_soap_rfc_dbmcli_sxpg_command_exec' of git://github.com/nmonkee/metasploit-framework into nmonkee-sap_soap_rfc_dbmcli_sxpg_command_exec 2012-12-18 01:12:50 -06:00
nmonkee 37f7122006 NameError undefined local variable or method output - fixed 2012-12-17 19:34:36 +00:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes' 
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
 2012-12-17 13:29:19 -06:00
sinn3r d2885d9045 Correct US Cert references 2012-12-13 14:19:53 -06:00
jvazquez-r7 8f388eb226 fixing if typo 2012-12-11 23:28:21 +01:00
jvazquez-r7 b5b5667539 Merge branch 'symantec_brightmail' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_brightmail 2012-12-11 23:27:56 +01:00
sinn3r 0ca1dbd14e Account for the timeout condition 2012-12-11 16:24:42 -06:00
Rob Fuller 20ea56e4b9 fixed type @wchen-r7 found 
hopefully didn't miss any others
 2012-12-11 15:29:53 -05:00
Rob Fuller 717799cffd fix typos 
negotiate spelled wrong in a couple spots
and only 3 g's in loggging
 2012-12-11 15:00:21 -05:00
jvazquez-r7 461f057c95 Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users 2012-12-11 17:33:31 +01:00
sinn3r 25d888bebb Add CVE-2012-4347 Symantec Messaging Gateway Log File Download 2012-12-10 18:09:29 -06:00
Tod Beardsley 7ea188e02d Merge pull request #1147 from wchen-r7/cve_text_consistency 
Change CVE text format
 2012-12-09 14:48:08 -08:00
sinn3r 64a8b59ff9 Change CVE forma 
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
 2012-12-09 01:09:21 -06:00
HD Moore 69177105ab Handle a null reply properly, small bug fix 2012-12-07 10:54:08 -08:00
Stephen Haywood f56ef52ffc Fixed path error when BASE_PATH is nil. 2012-12-06 23:55:34 -05:00
Stephen Haywood 761e735a55 Store wc.db file in loot. Add BASE_PATH option. 2012-12-06 23:38:03 -05:00
Royce Davis 97c9dd0caf Extra file got added by mistake, removed it 2012-12-06 16:31:28 -06:00
Royce Davis 600121c36a Fixed issue involing static path to Windows directory 2012-12-06 16:28:59 -06:00
Stephen Haywood 8a149b3ea3 Removed Version. 2012-12-06 17:24:16 -05:00
Stephen Haywood 4ce51fe889 Made changes requested by sinn3r. 2012-12-06 17:18:50 -05:00
Royce Davis 4837ea38f5 Merge https://github.com/rapid7/metasploit-framework 2012-12-06 16:15:55 -06:00
sinn3r c66777d028 Merge branch 'command' of git://github.com/R3dy/metasploit-framework into R3dy-command 2012-12-06 16:08:04 -06:00
Royce Davis 205276c38f Update modules/auxiliary/admin/smb/psexec_command.rb 
Fixed static path to Windows directory.  This causes problems with directory is 'WINNT' for example.
 2012-12-06 16:03:44 -06:00
Stephen Haywood d938959e97 Module to find SVN wc.db files. 2012-12-06 16:30:23 -05:00
jvazquez-r7 232eb7bf2d Final cleanup plus name change 2012-12-05 00:32:42 +01:00
jvazquez-r7 9cff72af72 Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users 2012-12-05 00:31:24 +01:00
jvazquez-r7 3dada00f43 fix typo accor ding to redmine 7550 2012-12-04 22:37:08 +01:00
Royce Davis a1136be59e Fixed last ip changed it to peer 2012-12-02 19:17:59 -06:00
Royce Davis 2b171bb003 Added report_note functionality 2012-12-02 18:49:50 -06:00
Royce Davis e4e3ec8fdd Fixed module to use clean psexec method 2012-12-02 18:35:23 -06:00
Royce Davis 476a5dc58c Fixed return without disconnect 2012-12-02 18:27:27 -06:00
Royce Davis 4276279dd8 Fixed print_status to use peer instead of ip 2012-12-02 18:25:09 -06:00
sinn3r 1085357dbb Talked to Todb, we like "." better 2012-11-30 14:53:57 -06:00
sinn3r 61a74bf257 Minor changes here and there 
Changes include:
* Some corrections in metadata
* report_note()
* Removes connect(), usually don't need it in modules
 2012-11-30 14:24:27 -06:00
Matt Andreko a73d8792ee Changed RPORT definition per egypt 2012-11-30 13:57:25 -05:00
Matt Andreko 40b8c93ef8 Added HSTS scanner for HTTPS sites 2012-11-30 09:30:11 -05:00
Royce Davis 7d4982b47b Fixed description area and authoer section 2012-11-29 14:21:27 -06:00
Royce Davis d6a3f6666d Fixed simple return form get_output method 2012-11-29 14:15:57 -06:00
Royce Davis cf53588ab7 Removed Version 2012-11-29 14:14:41 -06:00
Royce Davis 3ebbee5b1f Removed generic URLs 2012-11-29 14:13:49 -06:00
sinn3r bf41d3d0fd Merge branch 'network_shutdown_creds' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-network_shutdown_creds 2012-11-29 10:43:03 -06:00
sinn3r b0e4931de8 When 'credentials' is empty, it is empty....... 2012-11-29 10:22:20 -06:00
HD Moore 93a69ea62e Fix instances of invalid lower-case datastore use 2012-11-29 00:05:36 -06:00
sinn3r b3a473aec0 Forgot to remove this option 2012-11-28 18:48:33 -06:00
sinn3r 0415d31c61 Update description 2012-11-28 16:07:21 -06:00
sinn3r 52c2437d5a Add OSVDB-83199 as a cred collecting aux module 
From #1102
 2012-11-28 15:56:13 -06:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
Royce Davis 82dc8e8814 Added check for LOGONSERVER and HOMEPATH 2012-11-28 09:02:19 -06:00
Tod Beardsley a24ebde3e3 Fix syntax on @@loaded_msfrpc 2012-11-27 14:10:46 -06:00
HD Moore 84294655aa Update the require, error handling, casing 2012-11-27 11:44:51 -08:00
sinn3r b008eb93c9 Fix msgpack issue 2012-11-27 12:45:01 -06:00
sinn3r 0440708453 I missed this sucker: var in a quote 2012-11-27 11:57:51 -06:00
sinn3r 0a0195e6c8 Merge branch 'kost-aux-scan-nexpose' 2012-11-27 11:57:11 -06:00
sinn3r 24f44e7a82 Lots of small changes 
Basically the same changes I've been correcting like the rest of
other modules.
 2012-11-27 11:52:58 -06:00
jvazquez-r7 6ccceedcb7 final cleanup for sip_deregister 2012-11-27 18:34:31 +01:00
jvazquez-r7 496fb63fad Merge branch 'sip_deregister' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sip_deregister 2012-11-27 18:34:05 +01:00
sinn3r 4dbb82d0bc Merge branch 'aux-scan-nexpose' of git://github.com/kost/metasploit-framework into kost-aux-scan-nexpose 2012-11-27 11:25:44 -06:00
sinn3r 139c149583 This variable doesn't have to be in a quote 2012-11-27 11:19:04 -06:00
sinn3r 673c519fa3 msg() isn't needed, because it's already implemented in HttpClient 2012-11-27 11:18:27 -06:00
sinn3r 7c3e478070 Final changes 2012-11-27 11:16:12 -06:00
sinn3r bb34fb8dec Actually, this is the exact reason why res can be nil 2012-11-27 11:14:52 -06:00
sinn3r eb30765509 Use vars_post instead of data 2012-11-27 11:13:21 -06:00
sinn3r 4796fb4415 These don't need to be in a quote 2012-11-27 11:12:15 -06:00
sinn3r 5b787406b9 Correct output messages 
When HttpClient is used, it's actually not necessary to put the
target's IP/port and the module name in the output, because it's
already included in there.
 2012-11-27 11:10:31 -06:00
sinn3r 46f86f46fa Merge branch 'aux-scan-nessus' of git://github.com/kost/metasploit-framework into kost-aux-scan-nessus 2012-11-27 11:01:36 -06:00
sinn3r 319fa04c16 Fix Ruby 1.8 comma of death 2012-11-26 16:45:43 -06:00
sinn3r 9ccc69c4c1 Mostly cosmetic changes. Plus a nil token bug fix. 2012-11-26 16:32:49 -06:00
sinn3r 32ea36916c Cosmetic changes 2012-11-26 16:28:16 -06:00
sinn3r 65ac56a7a7 Merge branch 'aux-scan-metasploit' of git://github.com/kost/metasploit-framework into kost-aux-scan-metasploit 2012-11-26 16:26:11 -06:00
sinn3r 472ec35adb Merge branch 'kost-aux-scan-splunk-login' 2012-11-26 16:16:02 -06:00
sinn3r af451df864 Lots of changes made 
These changes include:
* More description
* Checks if auth is actually required.
* Collects the default credential on the webpage, and then tries it.
* Fixes possible nil 'Set-Cookie' header.
* Supports more options (USERPASS_FILE, USER_FILE, PASS_FILE)
* Removes the msg() function.
 2012-11-26 16:12:11 -06:00
sinn3r 0ea63ca9c2 Merge branch 'web-modules' of git://github.com/tasos-r7/metasploit-framework into tasos-r7-web-modules 2012-11-26 12:59:29 -06:00
Tasos Laskos 7795dc58f4 auxiliary/scanner/http/crawler#form_from_url: rescue => rescue URI::Error 2012-11-26 20:54:20 +02:00
sinn3r 541ecd49d6 Merge branch 'web-modules' of git://github.com/tasos-r7/metasploit-framework into tasos-r7-web-modules 2012-11-26 12:17:24 -06:00
Tasos Laskos c17cffdece auxiliary/scanner/http: wrapped an exception-prone URL parse in a begin/rescue block 2012-11-26 18:58:06 +02:00
Vlatko Kosturjak c22335a2f5 Remove spaces at EOL 2012-11-24 23:32:32 +01:00
Vlatko Kosturjak 7bafc97fec Remove non needed and redundant checks 2012-11-24 23:01:08 +01:00
Vlatko Kosturjak bbe3659093 Import of MSF web interface guesser 2012-11-24 22:56:38 +01:00
Vlatko Kosturjak cdfe663675 initial import of splunk password guesser 2012-11-24 22:05:57 +01:00
Vlatko Kosturjak 860519099f Removed space at EOL 2012-11-24 19:34:42 +01:00
jvazquez-r7 414fd052c1 final cleanup 2012-11-24 15:03:14 +01:00
jvazquez-r7 fab3427b25 Merge branch 'command' of https://github.com/R3dy/metasploit-framework into R3dy-command 2012-11-24 15:02:39 +01:00
Vlatko Kosturjak 4ad0907c29 Wrap description to 80 cols 2012-11-24 08:13:36 +01:00
Vlatko Kosturjak 14ec0c8a60 Fix http code check + be more verbose 2012-11-24 08:09:26 +01:00
Vlatko Kosturjak 83168e8b56 Correct placement of autofilter ports statement 2012-11-24 07:38:27 +01:00
Vlatko Kosturjak d008fa0250 Make wrapping works and look better 2012-11-24 07:33:25 +01:00
Vlatko Kosturjak f88c4491b5 Added autofilter_port to 3790(metasploit web intf) 2012-11-24 07:28:39 +01:00
Vlatko Kosturjak 8608bebbe7 Wrapped module info to col80 2012-11-24 07:27:10 +01:00
sinn3r 965efc9c8d Last touch up 2012-11-23 18:51:51 -06:00
sinn3r ddee88bb03 Merge branch 'aux-scan-openvas' of git://github.com/kost/metasploit-framework into kost-aux-scan-openvas 2012-11-23 18:47:33 -06:00
Vlatko Kosturjak ec3ce499f1 Simplify variable assigment 2012-11-24 00:33:49 +01:00
Vlatko Kosturjak 17de7be1bf Fix exception handling block 2012-11-24 00:31:32 +01:00
Vlatko Kosturjak 505de0bfc6 Use vars_post instead of direct body construction 2012-11-24 00:21:35 +01:00
Vlatko Kosturjak a5db9331bc Simplify rescue handler 2012-11-24 00:15:39 +01:00
Vlatko Kosturjak d968a33e14 Simplify variable assigment 2012-11-24 00:13:28 +01:00
jvazquez-r7 2978775335 change default RPORT 2012-11-23 12:14:08 +01:00