Jon Hart
7e91274796
Add module for connecting to/discovering MQTT endpoints
2017-12-20 12:29:50 -08:00
Brent Cook
a8b845fff9
Land #9283 , Add node.js ws websocket library DoS module
2017-12-20 14:20:42 -06:00
Brent Cook
9fb445fbf0
Land #9300 , Add private data type to auxiliary scanner ftp_login and telnet_login
2017-12-20 00:30:43 -06:00
Tod Beardsley
216d00e39f
Use a random fname destination for /etc/passwd
2017-12-19 17:02:16 -06:00
Tod Beardsley
e93282b71d
Drop calls to vprint_*
2017-12-19 16:53:02 -06:00
Tod Beardsley
2dc2ac134e
Don't default verbose
2017-12-19 16:48:41 -06:00
Jon Hart
a2c5cc0ffb
Remove old deprecated modules
2017-12-19 07:56:16 -08:00
Nick Marcoccio
acc6951bf3
fixed typo
2017-12-19 08:35:11 -05:00
Tod Beardsley
f0df1750de
Land #9180
...
Land @RootUp's Samsung browser SOP module
2017-12-18 17:28:03 -06:00
Tod Beardsley
85350a9645
Add Rapid7 blog references
2017-12-18 17:11:47 -06:00
Tod Beardsley
ae4edd65e1
Hard wrap descriptions
2017-12-18 17:03:13 -06:00
Tod Beardsley
27a324237b
Initial commit for Cambium issues from @juushya
...
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
Jon Hart
a33ed82a40
Land #9214 , @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs
2017-12-18 12:22:26 -08:00
Nick Marcoccio
6d565b6c33
added author information
2017-12-18 09:18:36 -05:00
Nick Marcoccio
f447fa1a12
Added DirectAdmin Login Utillity
2017-12-17 22:43:37 -05:00
RootUp
917dd8e846
Update samsung_browser_sop_bypass.rb
2017-12-16 22:10:02 +05:30
RootUp
8f91377acb
Update samsung_browser_sop_bypass.rb
2017-12-16 22:09:21 +05:30
Tod Beardsley
3b3b0e6e96
And this is why I hate using single quotes
...
Also, restored the store_cred call.
This will fix up RootUp/metasploit-framework#3 for PR #9180
2017-12-14 14:28:25 -06:00
jgor
0b3a5567a4
Add module for CVE-2017-13872 iamroot remote exploit via ARD (VNC)
2017-12-14 13:59:35 -06:00
nromsdahl
384b250659
Add credential data type
...
Added credential data type so that successful passwords are stored in the database and accessible via the creds command.
2017-12-14 08:07:59 -06:00
nromsdahl
be4939b56a
Add credential data type
...
Added credential data type so a successful ftp login stores the password in the database to be accessed later by the creds command.
2017-12-14 08:05:57 -06:00
William Vu
3cd287ddd6
Update the MS17-010 scanner to use dcerpc_getarch
2017-12-14 02:08:30 -06:00
h00die
d7ad443be1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master
2017-12-13 19:33:05 -05:00
h00die
c0a534140d
Land #9284 a regex dos for ua_parser_js npm module
2017-12-13 19:31:49 -05:00
Wei Chen
deacebc46b
Land #9264 , Add private type when storing SSH password
...
Land #9264
2017-12-13 18:24:31 -06:00
Tod Beardsley
5226181d6d
Better conditionals from @bcoles
2017-12-13 16:48:05 -06:00
Tod Beardsley
966060d470
Nits picked by @bcoles: commas, quotes, and <head>
2017-12-13 16:38:17 -06:00
Nicholas Starke
dd5532c5de
Addressing Formatting Issues
...
There were several formatting and layout issues
that are fixed in this commit. Also changing
`RHOSTS` to `RHOST`.
2017-12-13 14:26:27 -06:00
Tod Beardsley
622050ddfc
Oops, leftover comment
2017-12-12 14:48:00 -06:00
Tod Beardsley
efa46efb48
Actually save creds, or fail through sanely
...
This incidentally also allows for a custom collector to be implemented
by the user -- for example, if they'd rather pick up a session ID or
inject a browser hook or something along those lines. It's a little
clunky, using the advanced option of CUSTOM_JS, but it seems to work
fine.
2017-12-12 14:06:18 -06:00
RootUp
5f70199218
Update samsung_browser_sop_bypass.rb
2017-12-12 15:52:55 +05:30
Nicholas Starke
2d23054a1f
Changes as per comments
...
A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.
2017-12-11 14:11:40 -06:00
Ryan Knell
c5f218c84c
Addressing comments
...
1. Updated documentation
2. Made the Sec-WebSocket-Key header a random value
2017-12-11 11:49:31 -05:00
Tod Beardsley
cba5c7cb0f
Rename to actually call out the browser name
2017-12-08 13:53:13 -06:00
Tod Beardsley
0a9dcafb77
Actually collect the creds, sort of
...
Instead of an alert() (which the attacker won't see), this collects the
offered credentials in a POST action, and displays them in the console.
This should further store the creds somewhere handy, but this is good
enough for now for testing from @RootUp
2017-12-08 13:51:02 -06:00
Tod Beardsley
aee883a706
Fixed up description to be descriptive
2017-12-08 12:24:58 -06:00
Nicholas Starke
306c5d20d9
Adding ua_parser_js ReDoS Module
...
"ua-parser-js" is an npm module for parsing browser
user-agent strings. Vulnerable version of this module
have a problematic regular expression that can be exploited
to cause the entire application processing thread to "pause"
as it tries to apply the regular expression to the input.
This is problematic for single-threaded application environments
such as nodejs. The end result is a denial of service
condition for vulnerable applications, where no further
requests can be processed.
2017-12-07 10:25:29 -06:00
Ryan Knell
c992837f0d
Adding ws DoS module
...
This module verifies if ws is vulnerable
to DoS by sending a request to the server
containing a specific header value.
ws is a npm module which handles websockets.
2017-12-07 10:45:57 -05:00
nromsdahl
b24f70c7c6
Update ssh_login.rb
...
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
Brendan Coles
283b7c5145
Add WS-Discovery Information Discovery module
2017-11-29 12:21:22 +00:00
Adam Cammack
778e69f929
Land #9229 , Randomize slowloris HTTP headers
2017-11-22 14:42:24 -06:00
attackdebris
ae43883e2b
Fix mongodb_login typo
2017-11-22 08:03:12 -05:00
Austin
99555dde02
sleep! per feedback
2017-11-21 21:33:29 -05:00
Jon Hart
5484ee840e
Correct port when eating cisco config
2017-11-21 18:09:51 -08:00
Jon Hart
bdc822c67d
Improve logging when requesting config
2017-11-21 18:09:02 -08:00
Jon Hart
5a358db260
Clean up shutdown messaging
2017-11-21 17:55:17 -08:00
Jon Hart
93c424c255
Remove unused
2017-11-21 17:54:31 -08:00
Jon Hart
b0d8b0a191
Clean up incoming file handling
2017-11-21 17:54:02 -08:00
Matthew Kienow
785e5944d6
Enhanced slowloris HTTP headers and minor cleanup
2017-11-21 18:19:20 -05:00
Matthew Kienow
b6c81e6da0
Reimplement slowloris as external module
2017-11-21 16:21:01 -05:00
Daniel Teixeira
db2bd22d86
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Matthew Kienow
e07fe77a69
Close sockets to resolve file handle error
2017-11-21 15:49:45 -05:00
Daniel Teixeira
52f56527d8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Daniel Teixeira
74becb69e8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
Daniel Teixeira
b7bc68c843
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
53123d92e2
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
21a6d0bd6e
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
Daniel Teixeira
60878215e0
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
9457359b11
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
29017b8926
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
Daniel Teixeira
f79b41edde
Slow Loris
2017-11-21 15:48:11 -05:00
Austin
cfd06ab24a
what was i thinking?
2017-11-20 16:08:48 -05:00
Austin
b6e2e2aa45
adjust delay
2017-11-19 09:43:18 -05:00
Austin
1087b8ca16
cleanup
2017-11-18 20:09:29 -05:00
Austin
35567e3e23
Fix - copy system:running-config tftp://ip/file
...
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
Austin
f84f824a71
remove ?
2017-11-17 16:15:18 -05:00
Austin
b457c60542
WORK IN PROGRESS - "GET"
...
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00
Austin
8b59c4615b
Update cisco_smart_install.rb
2017-11-17 07:09:41 -05:00
Austin
feb24efd27
add DOWNLOAD action
...
Adds DOWNLOAD function, to download config and send to attacker TFTP server.
2017-11-16 12:58:54 -05:00
Austin
4a8d32af85
Update cisco_smart_install.rb
2017-11-16 12:53:27 -05:00
Patrick Webster
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
RootUp
03cd8af29a
Update browser_sop_bypass.rb
2017-11-08 12:50:49 +05:30
RootUp
0c247d5635
Update browser_sop_bypass.rb
2017-11-08 12:38:37 +05:30
Pearce Barry
fc87ee08d9
Land #9060 , IBM Lotus Notes DoS (CVE-2017-1130).
2017-11-07 11:20:12 -06:00
RootUp
872894f743
Update browser_sop_bypass.rb
2017-11-07 21:29:16 +05:30
RootUp
2fad61101e
Update browser_sop_bypass.rb
2017-11-07 21:13:06 +05:30
RootUp
3dad025b8c
Create browser_sop_bypass.rb
2017-11-07 14:24:50 +05:30
RootUp
88db98c381
Update ibm_lotus_notes2.rb
2017-11-06 20:45:50 +05:30
Pearce Barry
77c13286e0
Ensure closing script tag has necessary escape.
2017-11-05 13:41:29 -06:00
William Vu
87934b8194
Convert tnftp_savefile from auxiliary to exploit
...
This has been a long time coming. Fixes #4109 .
2017-11-01 17:37:41 -05:00
William Vu
972f9c08eb
Land #9135 , peer print for jenkins_enum
2017-11-01 15:33:13 -05:00
William Vu
77181bcc9c
Prefer peer over rhost/rport
2017-11-01 15:32:32 -05:00
William Vu
0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
...
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
lvarela-r7
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
Brent Cook
f1e6e7eed5
Land #9107 , add MinRID to complement MaxRID
2017-10-31 12:18:28 -05:00
Brent Cook
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
Brent Cook
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
RootUp
9c16da9c98
Update ibm_lotus_notes2.rb
2017-10-28 18:53:15 +05:30
sho-luv
587c9673c6
Added host and port to output
...
I added the host and port number to reporting when instances are found.
2017-10-27 09:34:49 -07:00
RootUp
80aba7264c
Update ibm_lotus_notes2.rb
2017-10-25 10:33:25 +05:30
Jon Hart
9658776adf
Land #9079 , adding @h00die's gopher scanner
2017-10-20 17:16:08 -07:00
Brent Cook
d715f53604
add MinRID to complement MaxRID, allowing continuing or starting from a higher value
...
from @lvarela-r7
2017-10-20 15:32:25 -05:00
Jon Hart
664e774a33
style/rubocop cleanup
2017-10-20 09:44:07 -07:00
William Vu
7e338fdd8c
Land #9086 , proxying fix for nessus_rest_login
2017-10-16 11:52:04 -05:00
Hanno Heinrichs
9597157e26
Make nessus_rest_login scanner proxy-aware again
2017-10-14 11:16:41 +02:00
Hanno Heinrichs
f4ae2e6cdc
Make pop3_login scanner proxy-aware again
2017-10-14 11:05:54 +02:00
h00die
a63c947768
gopher proto
2017-10-12 21:32:01 -04:00
Adam Cammack
deb2d76678
Land #9058 , Add proxies back to smb_login
2017-10-12 17:31:45 -05:00
William Vu
ab63caef7b
Land #9009 , Apache Optionsbleed module
2017-10-10 12:13:40 -05:00
RootUp
2b85eb17dd
Create ibm_lotus_notes2.rb
2017-10-10 12:22:06 +05:30
Pearce Barry
a3d47ea838
Land #8989 , IBM Lotus Notes DoS (CVE-2017-1129)
2017-10-09 19:37:59 -05:00
Pearce Barry
fd8b72ca66
Minor tweaks.
2017-10-09 17:02:24 -05:00
Hanno Heinrichs
15adb82b96
Make smb_login scanner proxy-aware again
2017-10-09 23:01:25 +02:00
h00die
7fc9be846a
bcoles suggestions
2017-09-29 20:29:30 -04:00
h00die
6cc5324e5b
oe is all umlaut
2017-09-28 19:52:02 -04:00
h00die
2295146dcd
working optionsbleed module
2017-09-27 22:07:57 -04:00
h00die
997b831b52
implement regexes
2017-09-27 19:33:50 -04:00
h00die
0649d0d356
wip optionsbleed
2017-09-26 22:09:07 -04:00
bwatters-r7
579342c4f6
Land #8955 , Fix error messages on telnet_encrypt_overflow.rb
2017-09-26 16:08:58 -05:00
bwatters-r7
66d6ac418a
Land #8978 , Add smb1 scanner
2017-09-26 16:06:41 -05:00
Brent Cook
7924667e51
appease alignists
2017-09-25 09:10:10 -05:00
Brent Cook
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
h00die
273d49bffd
Land #8891 login scanner for Inedo BuildMaster
2017-09-24 13:30:17 -04:00
RootUp
e4f79879ba
Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb
2017-09-23 18:27:50 +05:30
RootUp
669b6771e3
Update ibm_lotus_notes.rb
2017-09-22 17:16:42 +05:30
RootUp
a71edb33be
Create ibm_lotus_notes.rb
2017-09-22 17:08:05 +05:30
bwatters-r7
5a62e779aa
Land #8954 , fix internal usage of bindata objects when generating NTP messages
2017-09-19 09:01:49 -05:00
loftwing
c953842c96
Added docs and additional dialects
2017-09-18 15:02:38 -05:00
loftwing
7d07f7054d
Merge remote-tracking branch 'origin/master' into add_smb1_scanner
2017-09-18 13:16:06 -05:00
loftwing
d07fe2f1e7
Added reporting back, removed wfw dialect
2017-09-18 13:15:19 -05:00
loftwing
6f5eb5a18f
update
2017-09-15 12:07:28 -05:00
james
4e81a68108
Simplify saving valid credentials by calling store_valid_credential
2017-09-15 00:18:33 -05:00
loftwing
646dda7958
Add initial smbv1 scanner code
2017-09-14 16:59:39 -05:00
Pearce Barry
200a1b400a
Remove spaces to appease msftidy.
2017-09-14 09:28:38 -05:00
Erik Lenoir
27a517e0f6
Fix #8060 , cf #8061
2017-09-12 18:41:51 +02:00
Brent Cook
a7a17c677c
fix internal usage of bindata objects when generating NTP messages
2017-09-12 09:54:09 -04:00
Craig Smith
e4465c9350
Fixed a bug where flowcontrol caused the first packet to get lost
2017-09-11 19:00:53 -07:00
Craig Smith
b218cc3c7f
Merge branch 'master' into hw_auto_padding_fix
2017-09-11 18:30:34 -07:00
Craig Smith
ad9329993d
Added better padding and flowcontrol support.
2017-09-11 18:20:57 -07:00
james
861f4a6201
Changes to buildmaster_login from code review
...
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
james
47adfb9956
Fixes from code review to buildmaster_login
...
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
Brent Cook
c67e407c9c
Land #8880 , added Cisco Smart Install (SMI) scanner
2017-09-07 08:06:03 -05:00
Adam Cammack
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
Tod Beardsley
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
Tod Beardsley
8a045e65aa
Spaces between commas
2017-08-31 14:29:23 -05:00
Pearce Barry
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
Jon Hart
eec5d2ada9
Update description and add link to SIET
2017-08-30 11:52:11 -07:00
Pearce Barry
d5124fdc94
Land #8759 , Add TeamTalk Gather Credentials auxiliary module
2017-08-29 13:17:28 -05:00
Brendan Coles
c9e32fbb18
Remove last_attempted_at
2017-08-29 05:05:04 +00:00
h00die
a40429158f
40% done
2017-08-28 20:17:58 -04:00
h00die
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
james
7dfde651ea
Add login scanner module for Inedo BuildMaster
...
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.
More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
William Vu
924c3de9f3
Land #7382 , BIND TSIG DoS
2017-08-26 10:42:35 -05:00
William Vu
f9a2c3406f
Clean up module
2017-08-26 10:41:10 -05:00
h00die
3420633f29
@NickTyrer corrected my correction
2017-08-26 08:43:10 -04:00
h00die
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
Jon Hart
7b18c17445
Appease rubocop
2017-08-22 14:53:21 -07:00
Jon Hart
2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner
2017-08-22 14:39:44 -07:00
Brent Cook
cbd7790e95
Land #8751 , Add Asterisk Gather Credentials auxiliary module
2017-08-20 18:34:27 -05:00
Brent Cook
aa797588e8
Land #8847 , Look for sp_execute_external_script in mssql_enum
2017-08-20 14:32:35 -05:00
h00die
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
james
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
Brent Cook
e3265c4b1b
Land #8697 , fix oracle_hashdump and jtr_oracle_fast modules
2017-08-14 17:36:18 -04:00
Brent Cook
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
William Vu
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
Brent Cook
9fdf2ca1f4
Land #8830 , Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 02:47:08 -04:00
Brendan Coles
fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
Brent Cook
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
Brent Cook
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
zerosum0x0
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
Pearce Barry
bb5fffebc4
Land #8796 , SMBLoris Denial of Service Module.
2017-08-09 16:24:55 -05:00
Pearce Barry
901a1fdd1b
Minor tweaks.
2017-08-09 15:44:32 -05:00
Christian Mehlmauer
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
William Vu
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
William Vu
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
David Maloney
67e86da50b
make SMBLoris run continuously as requested
...
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
2017-08-08 10:16:16 -05:00
David Maloney
289f03241b
add module documentation
...
add module docs for the new smbloris DoS
2017-08-04 16:10:44 -05:00
David Maloney
15cc2a9dc0
removedthreading stuff, tried keepalives
...
still seem to be topping out at
about 1.3GB allocated
2017-08-04 15:28:01 -05:00
David Maloney
e73ffe648e
tried adding supervisor model to smbloris
...
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
2017-08-03 14:19:35 -05:00
David Maloney
c9da2d56b9
first pass at SMBLoris DoS module
...
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
2017-08-03 11:32:57 -05:00
TC Johnson
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
Brendan Coles
d66e8062e7
Add TeamTalk Gather Credentials auxiliary module
2017-07-24 14:24:38 +00:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Brent Cook
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
Brent Cook
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
Brent Cook
df22e098ed
Land #8695 , Fix #8675 , Add Cache-Control header, also meta tag for BAP2
2017-07-23 07:17:45 -07:00
Brent Cook
8c8dbc6d38
Land #8692 , Fix #8685 , Check nil condition for #wordlist_file in jtr modules
2017-07-23 07:12:21 -07:00
Brendan Coles
109fd8b6d3
Add Asterisk Gather Credentials auxiliary module
2017-07-23 09:55:12 +00:00
g0tmi1k
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
Evgeny Naumov
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
g0tmi1k
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
g0tmi1k
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
g0tmi1k
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
g0tmi1k
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
g0tmi1k
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
g0tmi1k
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
g0tmi1k
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
g0tmi1k
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
Jon Hart
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
Jon Hart
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
Jon Hart
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
David Maloney
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
Jon Hart
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
g0tmi1k
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
g0tmi1k
9309115627
OCD - Banner clean up
2017-07-14 08:19:50 +01:00
g0tmi1k
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
g0tmi1k
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
g0tmi1k
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
bwatters-r7
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
Jon Hart
e52e9c147d
First commit for Cisco Smart Install Scanner
2017-07-12 19:12:06 -07:00
Pearce Barry
59de7d3635
Land #8671 , Add a module for CVE-2017-7615
2017-07-12 14:58:02 -05:00
Pearce Barry
580219695a
Oof, missed the parens...
2017-07-12 13:52:59 -05:00
Pearce Barry
aa22651340
Few style/spelling tweaks, nothing to see here...
2017-07-12 13:41:20 -05:00
Brent Cook
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
RageLtMan
5473b2132d
Implement :request_url for Msf HttpClient mixin
...
To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.
Example usage of functionality is implemented in http_pdf_authors.
2017-07-11 16:07:13 -04:00
David Maloney
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
wchen-r7
50b1ec4044
Fix #8675 , Add Cache-Control header, also meta tag for BAP2
...
Hopefully that browsers will respect this.
Fix #8675
2017-07-10 16:05:09 -05:00
wchen-r7
fe360e3e2a
Fix #8685 , Check nil condition for #wordlist_file in jtr modules
...
JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.
Fix #8685
2017-07-10 11:18:20 -05:00
RageLtMan
df697aa23c
Implement HttpClient options generation from URL
...
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.
Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.
Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.
Testing:
Local to this module only, and in Pry of course. Seems to work...
2017-07-10 04:19:26 -04:00
RageLtMan
997150a215
Use Msf::Exploit::Remote::HttpClient
...
Replace Net::HTTP usage with proper Rex::Proto::Http::Client via
the Msf module mixin. Generate the request opts from the same URI
parsed URL string, execute a one shot GET request, disconencting
after reciept of results. Depending on the response code, either
pass back an empty StringIO or if its 200, a StringIO(res.body).
2017-07-10 03:37:41 -04:00
jvoisin
263a42707e
Fix a typo
2017-07-09 16:34:51 +02:00
jvoisin
8510cda5ae
Implement @bcoles advices
2017-07-09 16:34:10 +02:00
jvoisin
f10cf75ae0
Fix some stuff
2017-07-09 10:45:15 +02:00
jvoisin
5fe805aaca
s/\t/ /g
2017-07-09 02:29:37 +02:00
jvoisin
968fa0c244
Add even more references
2017-07-09 02:27:54 +02:00
jvoisin
ae930ae7c1
Add a module for CVE-2017-7615
2017-07-09 02:14:21 +02:00
William Vu
b3be89b508
Land #8663 , typo fix for zoomeye_search
2017-07-07 16:53:48 -05:00
dmohanty-r7
8f464e17a1
Land #8658 , Add Gather PDF Authors auxiliary module
2017-07-07 16:20:29 -05:00
MD5HashBrowns
e5244f3113
Fixed typo
2017-07-07 15:26:37 -04:00
Brendan Coles
683ce10167
Add URL option
2017-07-07 18:42:00 +00:00
Brendan Coles
d864ce16b1
Add Gather PDF Authors auxiliary module
2017-07-06 23:29:17 +00:00
William Vu
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
dmohanty-r7
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
Roman
38b1e56bbd
negated wording regarding legacy auth
...
According to the docs this variable means the opposite:
https://dev.mysql.com/doc/refman/5.5/en/mysql-command-options.html#option_mysql_secure-auth
OFF -> insecure
ON -> secure
2017-07-03 14:29:07 +02:00
Brendan Coles
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
Pearce Barry
3d4d03c9b4
Land #8575 , Cerberus Helpdesk hash disclosure
2017-06-30 16:02:53 -05:00
Brent Cook
40f0d36f6b
Land #8615 , add @artkond's DoS module for Cisco CVE-2017-3881
2017-06-30 11:17:09 -04:00
Brent Cook
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
Brent Cook
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
Brent Cook
0d9f57ad7c
add @artkond's DoS module for Cisco CVE-2017-3881
...
This makes a few improvements, adds module docs.
2017-06-27 01:53:23 -05:00
Brent Cook
05c72214ae
Land #8205 , Add Satel SenNet Command Exec Module
2017-06-25 18:01:44 -05:00
Brent Cook
07e7baebb8
sign my name
2017-06-25 14:59:01 -05:00
Brent Cook
7bc0dcea42
add ipv6 support for CHOST
2017-06-25 14:57:15 -05:00
Brent Cook
269597f994
add initial CHOST support
2017-06-24 18:57:43 -05:00
Brent Cook
eee1eff034
improve resolve / add / delete logic
2017-06-24 18:36:01 -05:00
Brent Cook
b36d56bed3
handle RXDomain on lookup failure
2017-06-24 18:10:50 -05:00
Brent Cook
c8755a3a7a
add pre-flight checks, log a lot more info
2017-06-24 12:32:15 -05:00
h00die
cc9326d946
bcoles updates and table printing
2017-06-24 13:01:39 -04:00
Brent Cook
8f3c470bb3
make usage more intuitive, remove weird defaults
2017-06-24 11:52:52 -05:00
Brent Cook
24c43b1822
reregister rhost
2017-06-22 18:33:19 -05:00
Brent Cook
ca813e7a5c
fix message formatting
2017-06-22 18:21:33 -05:00
Brent Cook
823260cc04
fix error message
2017-06-22 18:11:07 -05:00
Brent Cook
3cf722a45d
use correct preqrequisites
2017-06-22 18:08:20 -05:00
Brent Cook
5e48a11e60
handle specific exceptions, update docs
2017-06-22 18:01:52 -05:00
Brent Cook
6a261b172f
move from scanner to admin
2017-06-22 17:47:04 -05:00
Brent Cook
125d14f81e
simplify module, add AAAA support
2017-06-22 17:44:55 -05:00
KINGSABRI
b618e5ca6f
Add more exception handling, fix tidy rules
2017-06-22 15:55:04 -05:00
KINGSABRI
ce124e6090
Add CNAME record
2017-06-22 15:55:04 -05:00
KINGSABRI
5528084e27
add Dnsruby
2017-06-22 15:55:04 -05:00
KINGSABRI
2410a3232f
Adding DNS Server Dynamic Update Record Injection module
2017-06-22 15:41:25 -05:00