Brent Cook
47682e3f37
Land #9404 , update module author
2018-01-24 17:12:34 -06:00
Wei Chen
ab610f599b
Land #9442 , Remove NoMethod Rescue for cerberus_sftp_enumusers
...
Land #9442
2018-01-24 17:12:25 -06:00
Wei Chen
10fafb62bb
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil
...
Land #9436
Thanks Steve!
2018-01-24 17:12:16 -06:00
William Vu
eb8429cbd3
Revert "umlaut"
...
This reverts commit ffd7073420
.
2018-01-12 22:57:22 -06:00
Brendan Coles
ffd7073420
umlaut
2018-01-13 15:48:45 +11:00
Wei Chen
dd737c3bc8
Land #9317 , remove multiple deprecated modules
...
Land #9317
The following modules are replaced by the following:
auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
2018-01-10 15:47:20 -06:00
jgor
51e5fb450f
Detect and return on bad VNC negotiations
2018-01-05 10:12:13 -06:00
Aaron Soto
7849155347
Land #9359 , Improve DCE/RPC fault handling
2018-01-03 20:42:17 -06:00
Adam Cammack
a98de2d9a3
Land #9358 , Support password protected key files
2018-01-03 15:12:28 -06:00
bka-dev
086f657c56
Fix early termination of auxiliary/scanner/dcerpc/hidden
...
This commit fixes an issue, where auxiliary/scanner/dcerpc/hidden terminates directly, once an endpoint can't be reached or access is denied. Instead the next endpoint in list should be checked, instead of terminating directly.
2017-12-31 14:41:33 +01:00
RageLtMan
f2a8d68a1f
Permit encrypted SSH keys for login scanner
...
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.
Testing:
None yet
2017-12-31 02:53:06 -05:00
Brent Cook
8de760f1f7
Land #9348 , Only use basic auth in couchdb_enum when credentials are provided
2017-12-28 21:24:45 -06:00
Brent Cook
c2bb144d0f
Land #9302 , Implement ARD auth and add remote CVE-2017-13872 (iamroot) module
2017-12-28 14:11:26 -06:00
james
fad4ccece9
Only use basic auth in couchdb_enum when credentials are provided
2017-12-27 20:16:01 -06:00
Jon Hart
bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login
2017-12-27 13:08:44 -08:00
Tod Beardsley
e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya
...
These cover several of the CVEs mentioned in
https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
2017-12-26 12:39:51 -06:00
Tod Beardsley
1bb2bb9d2c
Oops, no admin in that path
2017-12-26 12:06:45 -06:00
Tod Beardsley
9af88681a2
Move deprecation out 60 days
2017-12-26 11:56:47 -06:00
juushya
038119d9df
Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more
2017-12-23 00:14:27 +05:30
Tod Beardsley
5dfb5d581a
Switch get_cookies to get_cookies_parsed
...
Am I doing it right? See #9333
2017-12-21 09:00:56 -06:00
Jon Hart
962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login
2017-12-20 18:58:36 -08:00
Jon Hart
298cb16b1a
Set default USER/PASS files
2017-12-20 18:44:43 -08:00
Jon Hart
b9af835d06
Style
2017-12-20 18:05:00 -08:00
Jon Hart
d0b3abc14b
Better handling of MQTT endpoints which don't require authentication
...
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
2017-12-20 18:02:52 -08:00
Jon Hart
495c649c7d
Better printing
2017-12-20 14:40:42 -08:00
Jon Hart
ed5f177fcd
syntax
2017-12-20 14:20:08 -08:00
Jon Hart
e66ec85677
Set default u/p
2017-12-20 14:18:33 -08:00
Jeffrey Martin
8cd7185a7f
Land #9313 , Add DirectAdmin login_scanner module
2017-12-20 15:23:24 -06:00
Jeffrey Martin
7f8a5d3834
improved credential reporting
2017-12-20 15:09:11 -06:00
Jon Hart
14c779b945
Fix rubocop warning
2017-12-20 12:44:27 -08:00
Jon Hart
c817df0bbc
Add module for bruteforcing authentication on MQTT endpoints
2017-12-20 12:30:21 -08:00
Jon Hart
7e91274796
Add module for connecting to/discovering MQTT endpoints
2017-12-20 12:29:50 -08:00
Brent Cook
9fb445fbf0
Land #9300 , Add private data type to auxiliary scanner ftp_login and telnet_login
2017-12-20 00:30:43 -06:00
Tod Beardsley
216d00e39f
Use a random fname destination for /etc/passwd
2017-12-19 17:02:16 -06:00
Tod Beardsley
e93282b71d
Drop calls to vprint_*
2017-12-19 16:53:02 -06:00
Tod Beardsley
2dc2ac134e
Don't default verbose
2017-12-19 16:48:41 -06:00
Jon Hart
a2c5cc0ffb
Remove old deprecated modules
2017-12-19 07:56:16 -08:00
Nick Marcoccio
acc6951bf3
fixed typo
2017-12-19 08:35:11 -05:00
Tod Beardsley
85350a9645
Add Rapid7 blog references
2017-12-18 17:11:47 -06:00
Tod Beardsley
ae4edd65e1
Hard wrap descriptions
2017-12-18 17:03:13 -06:00
Tod Beardsley
27a324237b
Initial commit for Cambium issues from @juushya
...
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
Jon Hart
a33ed82a40
Land #9214 , @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs
2017-12-18 12:22:26 -08:00
Nick Marcoccio
6d565b6c33
added author information
2017-12-18 09:18:36 -05:00
Nick Marcoccio
f447fa1a12
Added DirectAdmin Login Utillity
2017-12-17 22:43:37 -05:00
jgor
0b3a5567a4
Add module for CVE-2017-13872 iamroot remote exploit via ARD (VNC)
2017-12-14 13:59:35 -06:00
nromsdahl
384b250659
Add credential data type
...
Added credential data type so that successful passwords are stored in the database and accessible via the creds command.
2017-12-14 08:07:59 -06:00
nromsdahl
be4939b56a
Add credential data type
...
Added credential data type so a successful ftp login stores the password in the database to be accessed later by the creds command.
2017-12-14 08:05:57 -06:00
William Vu
3cd287ddd6
Update the MS17-010 scanner to use dcerpc_getarch
2017-12-14 02:08:30 -06:00
Wei Chen
deacebc46b
Land #9264 , Add private type when storing SSH password
...
Land #9264
2017-12-13 18:24:31 -06:00
nromsdahl
b24f70c7c6
Update ssh_login.rb
...
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
Brendan Coles
283b7c5145
Add WS-Discovery Information Discovery module
2017-11-29 12:21:22 +00:00
attackdebris
ae43883e2b
Fix mongodb_login typo
2017-11-22 08:03:12 -05:00
Austin
99555dde02
sleep! per feedback
2017-11-21 21:33:29 -05:00
Jon Hart
5484ee840e
Correct port when eating cisco config
2017-11-21 18:09:51 -08:00
Jon Hart
bdc822c67d
Improve logging when requesting config
2017-11-21 18:09:02 -08:00
Jon Hart
5a358db260
Clean up shutdown messaging
2017-11-21 17:55:17 -08:00
Jon Hart
93c424c255
Remove unused
2017-11-21 17:54:31 -08:00
Jon Hart
b0d8b0a191
Clean up incoming file handling
2017-11-21 17:54:02 -08:00
Austin
cfd06ab24a
what was i thinking?
2017-11-20 16:08:48 -05:00
Austin
b6e2e2aa45
adjust delay
2017-11-19 09:43:18 -05:00
Austin
1087b8ca16
cleanup
2017-11-18 20:09:29 -05:00
Austin
35567e3e23
Fix - copy system:running-config tftp://ip/file
...
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
Austin
f84f824a71
remove ?
2017-11-17 16:15:18 -05:00
Austin
b457c60542
WORK IN PROGRESS - "GET"
...
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00
Austin
8b59c4615b
Update cisco_smart_install.rb
2017-11-17 07:09:41 -05:00
Austin
feb24efd27
add DOWNLOAD action
...
Adds DOWNLOAD function, to download config and send to attacker TFTP server.
2017-11-16 12:58:54 -05:00
Austin
4a8d32af85
Update cisco_smart_install.rb
2017-11-16 12:53:27 -05:00
Patrick Webster
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
William Vu
972f9c08eb
Land #9135 , peer print for jenkins_enum
2017-11-01 15:33:13 -05:00
William Vu
77181bcc9c
Prefer peer over rhost/rport
2017-11-01 15:32:32 -05:00
William Vu
0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
...
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
lvarela-r7
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
Brent Cook
f1e6e7eed5
Land #9107 , add MinRID to complement MaxRID
2017-10-31 12:18:28 -05:00
Brent Cook
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
Brent Cook
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
sho-luv
587c9673c6
Added host and port to output
...
I added the host and port number to reporting when instances are found.
2017-10-27 09:34:49 -07:00
Jon Hart
9658776adf
Land #9079 , adding @h00die's gopher scanner
2017-10-20 17:16:08 -07:00
Brent Cook
d715f53604
add MinRID to complement MaxRID, allowing continuing or starting from a higher value
...
from @lvarela-r7
2017-10-20 15:32:25 -05:00
Jon Hart
664e774a33
style/rubocop cleanup
2017-10-20 09:44:07 -07:00
William Vu
7e338fdd8c
Land #9086 , proxying fix for nessus_rest_login
2017-10-16 11:52:04 -05:00
Hanno Heinrichs
9597157e26
Make nessus_rest_login scanner proxy-aware again
2017-10-14 11:16:41 +02:00
Hanno Heinrichs
f4ae2e6cdc
Make pop3_login scanner proxy-aware again
2017-10-14 11:05:54 +02:00
h00die
a63c947768
gopher proto
2017-10-12 21:32:01 -04:00
Adam Cammack
deb2d76678
Land #9058 , Add proxies back to smb_login
2017-10-12 17:31:45 -05:00
William Vu
ab63caef7b
Land #9009 , Apache Optionsbleed module
2017-10-10 12:13:40 -05:00
Hanno Heinrichs
15adb82b96
Make smb_login scanner proxy-aware again
2017-10-09 23:01:25 +02:00
h00die
7fc9be846a
bcoles suggestions
2017-09-29 20:29:30 -04:00
h00die
6cc5324e5b
oe is all umlaut
2017-09-28 19:52:02 -04:00
h00die
2295146dcd
working optionsbleed module
2017-09-27 22:07:57 -04:00
h00die
997b831b52
implement regexes
2017-09-27 19:33:50 -04:00
h00die
0649d0d356
wip optionsbleed
2017-09-26 22:09:07 -04:00
bwatters-r7
579342c4f6
Land #8955 , Fix error messages on telnet_encrypt_overflow.rb
2017-09-26 16:08:58 -05:00
bwatters-r7
66d6ac418a
Land #8978 , Add smb1 scanner
2017-09-26 16:06:41 -05:00
Brent Cook
7924667e51
appease alignists
2017-09-25 09:10:10 -05:00
Brent Cook
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
h00die
273d49bffd
Land #8891 login scanner for Inedo BuildMaster
2017-09-24 13:30:17 -04:00
loftwing
c953842c96
Added docs and additional dialects
2017-09-18 15:02:38 -05:00
loftwing
d07fe2f1e7
Added reporting back, removed wfw dialect
2017-09-18 13:15:19 -05:00
loftwing
6f5eb5a18f
update
2017-09-15 12:07:28 -05:00
james
4e81a68108
Simplify saving valid credentials by calling store_valid_credential
2017-09-15 00:18:33 -05:00
loftwing
646dda7958
Add initial smbv1 scanner code
2017-09-14 16:59:39 -05:00
Erik Lenoir
27a517e0f6
Fix #8060 , cf #8061
2017-09-12 18:41:51 +02:00
james
861f4a6201
Changes to buildmaster_login from code review
...
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
james
47adfb9956
Fixes from code review to buildmaster_login
...
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
Brent Cook
c67e407c9c
Land #8880 , added Cisco Smart Install (SMI) scanner
2017-09-07 08:06:03 -05:00
Tod Beardsley
8a045e65aa
Spaces between commas
2017-08-31 14:29:23 -05:00
Jon Hart
eec5d2ada9
Update description and add link to SIET
2017-08-30 11:52:11 -07:00
h00die
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
james
7dfde651ea
Add login scanner module for Inedo BuildMaster
...
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.
More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
Jon Hart
7b18c17445
Appease rubocop
2017-08-22 14:53:21 -07:00
Jon Hart
2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner
2017-08-22 14:39:44 -07:00
Brent Cook
e3265c4b1b
Land #8697 , fix oracle_hashdump and jtr_oracle_fast modules
2017-08-14 17:36:18 -04:00
Brent Cook
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
William Vu
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
Brendan Coles
fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
zerosum0x0
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
Christian Mehlmauer
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
William Vu
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
William Vu
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Brent Cook
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
Brent Cook
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
g0tmi1k
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
Evgeny Naumov
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
g0tmi1k
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
g0tmi1k
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
g0tmi1k
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
g0tmi1k
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
g0tmi1k
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
g0tmi1k
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
g0tmi1k
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
g0tmi1k
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
Jon Hart
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
Jon Hart
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
Jon Hart
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
David Maloney
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
Jon Hart
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
g0tmi1k
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
g0tmi1k
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
g0tmi1k
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
g0tmi1k
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
bwatters-r7
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
Jon Hart
e52e9c147d
First commit for Cisco Smart Install Scanner
2017-07-12 19:12:06 -07:00
Brent Cook
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
David Maloney
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
William Vu
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
dmohanty-r7
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
Brendan Coles
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
Brent Cook
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
Brent Cook
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00