infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,524 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

664 Commits (454dd59da8abbaf69563c5d8cd9ce9a4dc52760c)

Author SHA1 Message Date
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
jvazquez-r7 c00094ba6e
Land #3345, @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli 2014-09-19 15:01:21 -05:00
jvazquez-r7 62414e2214 Add Timeout to exploit sqli 2014-09-19 15:00:54 -05:00
jvazquez-r7 db6372ec8b Do minor module cleanup 2014-09-19 14:43:35 -05:00
jvazquez-r7 4a9294e3bf Mark module as not executable 2014-09-19 14:36:44 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes 
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
 2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive 
See #3759
 2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS 
See #3759
 2014-09-11 14:05:50 -05:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb 
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
 2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb 
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
 2014-09-04 21:34:24 -04:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return 
This eliminates the protracted if statement and aligns the code body.
 2014-09-04 15:05:30 -05:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Jon Hart 246f021437 Update natpmp_external_address to use Msf::Auxiliary::UDPScanner 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart ca11eae3a9 Show a useful failure message when the external address probe fails 2014-08-26 10:49:52 -07:00
John Sawyer 0a27a18104 Committing changes from r7 comments 2014-08-23 00:08:27 -04:00
John Sawyer 1959f7a235 Updated shodan_search for new API 2014-08-20 00:48:13 -04:00
jvazquez-r7 674c3ca260 Use [] for references 2014-07-30 10:44:42 -05:00
Christian Mehlmauer 3d2a62bc29
Updated W3 Total Cache Hash extract module 2014-07-29 19:49:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
Meatballs 615aeb66a5
Dont use or 2014-06-23 23:11:04 +01:00
Meatballs 752007848b
Tidy up code 
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
 2014-06-23 23:08:33 +01:00
HD Moore 2772d84a18 Major rework of this module, please see the diff 2014-06-23 16:13:42 -05:00
William Vu a0aca251f5
Land #3472, releae fixes 2014-06-23 11:41:35 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
William Vu 1394ad1431
Break my double quote habit 
Doesn't it feel better? C doesn't love me anymore.
 2014-06-17 14:22:55 -05:00
William Vu 8376b4aa2b
Map constants to readable values 
Thanks, @zeroSteiner and @kernelsmith. :)
 2014-06-17 13:10:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
Tod Beardsley 1ab379a0fe
Land #3448, ident =! indent 2014-06-12 14:15:06 -05:00
Tod Beardsley e9783200f2
Land #3447, fix variable typo 2014-06-12 14:07:34 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Jon Cave a647246148 Use correct variable name 2014-06-12 19:38:41 +01:00
Tod Beardsley 3f5e50d18f
Aux modules don't have ranking. 
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
 2014-06-12 13:21:59 -05:00
joev 6bc37cca0c
Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb 
some @jvennix-r7 fixes
 2014-06-11 17:07:57 -05:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb 
Fix some logic bugs that caused incorrect results.
 2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb 
No need to make extra requests. Off by one.
 2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb 
This adds a bit more error handling, and better decision making in regards to false responses.
 2014-06-07 19:58:12 -05:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb 
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
 2014-06-07 11:20:34 -05:00
jvazquez-r7 69e8286838 Fix title 2014-05-27 10:29:32 -05:00
jvazquez-r7 1316365c2f Fix description 2014-05-27 10:22:39 -05:00
jvazquez-r7 abe1d6ffc7
Land #3190, @Karmanovskii's module to fingerprint MyBB database 2014-05-27 10:20:24 -05:00
jvazquez-r7 86221de10e Fix message 2014-05-27 10:18:27 -05:00
jvazquez-r7 b96c2dd0ca Change module filename 2014-05-27 10:15:39 -05:00
jvazquez-r7 1d8c46155b Do last code cleaning 2014-05-27 10:14:55 -05:00
Karmanovskii eacf70af83 Update mybb_get_type_db.rb 
26.05.2014  23:26
I deleted mimicking IE11
 2014-05-26 23:26:28 +04:00
Chris Hebert 99046ba12a Update alienvault_newpolicyform_sqli.rb 
Added EDB link - should be ready now.
 2014-05-23 10:07:45 -04:00
Tod Beardsley fa353e6bd9
Add CVE, IBM ref for SameTime modules 2014-05-22 11:34:04 -05:00
Karmanovskii e26dee5e22 Update mybb_get_type_db.rb 
19/05/2014
I deleted      -     #return Exploit::CheckCode::Unknown  # necessary ????
 2014-05-19 21:32:30 +04:00
Karmanovskii 06912ac2b6 Update mybb_get_type_db.rb 
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
 2014-05-17 16:30:29 +04:00
Karmanovskii cbb84e854c Update mybb_get_type_db.rb 
14.05.2014
Eliminated notes jvazquez-r7
 2014-05-14 14:56:40 +04:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
Chris Hebert 681e4194ea Update alienvault_newpolicyform_sqli.rb 
and the new variable as well.
 2014-05-10 20:19:40 -04:00
Chris Hebert 3ae3c478bd Update alienvault_newpolicyform_sqli.rb 
enhanced as requested by Christian Mehlmauer 
changed xnDa to a random string to make IDS harder to detect.
 2014-05-10 20:17:30 -04:00
Chris Hebert 1affbfbe9d Update alienvault_newpolicyform_sqli.rb 
fixed reinitialize i=0, full = '' and filename .....
 spotted by Spencer McIntyre - thanks.
 2014-05-10 18:49:41 -04:00
Chris Hebert 8e79663001 Update alienvault_newpolicyform_sqli.rb 
Added vendor advisory
 2014-05-10 18:31:12 -04:00
Chris Hebert ec1df58bf7 Update alienvault_newpolicyform_sqli.rb 
Changed reference --  OSVDB # 106815
(waiting for EDB - no response yet)
 2014-05-10 18:14:09 -04:00
Chris Hebert 473efe1040 Update alienvault_newpolicyform_sqli.rb 2014-05-10 17:28:50 -04:00
mvdevnull 117e0b839b Add module - alienvault_newpolicyform_sqli 2014-05-09 15:10:58 -04:00
Tod Beardsley c6affcd6d3
Fix caps, description on F5 module 
The product name isn't "Load Balancer" as far as I can tell.
 2014-05-05 13:38:53 -05:00
jvazquez-r7 9cd6c5ef2b
Land #3297, @Th4nat0s's F6 backends disclosure module 2014-04-30 09:31:37 -05:00
jvazquez-r7 4e80e1c239 Clean up pull request code 2014-04-30 09:31:07 -05:00
Thanat0s 70314494ca test nil of port & host 2014-04-28 23:33:01 +02:00
Thanat0s fe3f7fd76a Obey to reviewer.. code fix 2014-04-28 23:26:29 +02:00
Thanat0s 2396d497d8 move scanner to gather 2014-04-28 12:57:54 +02:00
Spencer McIntyre 9ccb9397e3
Land #3264, throttl and csv output support for module 2014-04-23 19:00:28 -04:00
Spencer McIntyre e2b92a824f Change white space for authors in dns_reverse_lookup 2014-04-23 18:56:27 -04:00
Thanat0s 457c48b89b Error on sleep 2014-04-23 11:38:23 +02:00
sinn3r d7513b0eb2 Handle nil properly when no results are found 2014-04-15 18:19:29 -05:00
Tod Beardsley 40a359f312 Include a vhost for Shodan or else it complains 
Works now. The rhost option was not keeping the custom vhost option.

````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...

[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*]     Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...

IP Results
==========
````
 2014-04-14 21:23:27 -05:00
Tod Beardsley 1436f68955
Fix shodan to not muck with datastore 2014-04-14 21:21:11 -05:00
Thanat0s 176204d62d With implemented remarks 2014-04-14 21:11:04 +02:00
Thanat0s dd7bceee56 fix threaded issues 2014-04-12 17:43:39 +02:00
Thanat0s d493c48cc6 add thottling,notes insert and output to dns_rev_lookup 2014-04-12 16:36:18 +02:00
Tod Beardsley 56662bd89b
Correct corpwatch_lookup_name datastore usage 
[SeeRM #8498]
 2014-04-10 16:56:55 -05:00
Tod Beardsley 06dedeec8f
Update corpwatch_lookup_id to run correctly 
[SeeRM #8498]
 2014-04-10 16:52:34 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
Karmanovskii 5dbd124ef9 Update mybb_get_type_db.rb 2014-04-05 02:53:43 -07:00
Karmanovskii c035715a71 Update mybb_get_type_db.rb 
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
 2014-04-05 02:50:53 -07:00
jvazquez-r7 e2cbcf3c5d
Land #3179, @brandonprry AlienVault sqli aux module 2014-04-04 09:17:11 -05:00
jvazquez-r7 ff6105e55d Add check codes 2014-04-04 09:13:43 -05:00
Brandon Perry 44db611845 defaultoptions, not option 2014-04-04 05:55:35 -07:00
jvazquez-r7 6f14cd225d Do minor clean up 2014-04-03 23:22:44 -05:00
Christian Mehlmauer 253a1c1f87
Land #3180, EMC Cloud Tiering Appliance Unauthed XXE with root perms 2014-04-03 22:02:13 +02:00
Brandon Perry a57da00932 fix refs line 2014-04-03 14:07:00 -07:00
Brandon Perry 51f83fccde add some checks in vase the file wasn't retrievable 2014-04-03 14:04:05 -07:00
Brandon Perry e2ded663a6 make more robust 2014-04-03 06:15:09 -07:00
Brandon Perry 53b8148438 make more random 2014-04-03 05:52:35 -07:00
Brandon Perry 77b64ee77d make more random 2014-04-03 05:41:00 -07:00
Brandon Perry 75dc4c459b msftidy 2014-04-02 13:22:21 -07:00
Brandon Perry bb82277a41 msftidy 2014-04-02 13:20:13 -07:00
Brandon Perry abc0b31f26 exploithub wat 2014-04-02 13:18:48 -07:00
Brandon Perry 765657d55a alienvault module 2014-04-02 13:09:46 -07:00
Brandon Perry d3f353118a edb update 2014-04-02 13:06:54 -07:00
Brandon Perry 32cd846fe4 emc cta xxe module 2014-04-02 13:05:53 -07:00
Karmanovskii b11df0eaf0 Update and rename myBB_GetTypeDB.rb to mybb_get_type_db.rb 2014-03-28 16:47:49 -07:00
William Vu 2344a9368e
Fix warnings generated by #3158 
Keeping ManualRanking for DoS modules.
 2014-03-31 12:35:15 -05:00
Karmanovskii 0b51e7459c Update myBB_GetTypeDB.rb 
I have added detection MyBB forum.
 2014-03-24 12:19:51 -07:00
Tod Beardsley cd9182c77f
Msftidy warning fix on Joomla module. 
Pre-commit hooks people.
 2014-03-24 12:03:12 -05:00
sinn3r 93ad818358 Fix header and e-mail format for author 2014-03-20 12:07:50 -05:00
Brandon Perry 9b2cfb6c84 change default targeturi to something more universal 2014-03-19 21:03:50 -05:00
Brandon Perry b52a535609 add official url 2014-03-19 20:41:32 -05:00
Brandon Perry ab42cb1bff better error handling for the user 2014-03-19 18:46:57 -05:00
Brandon Perry 2ef2f9b47c use vars_get 2014-03-19 07:51:34 -07:00
Brandon Perry 920b2da720 Merge branch 'master' into joomla_sqli 2014-03-19 07:43:32 -07:00
Brandon Perry a01dd48640 a bit better error message if injection works but no file 2014-03-13 13:38:43 -07:00
Brandon Perry b0688e0fca clarify LOAD_FILE perms in description 2014-03-13 13:11:27 -07:00
Brandon Perry 2734b89062 update normalize_uri calls 2014-03-13 06:55:15 -07:00
Brandon Perry 7540dd83eb randomize markers 2014-03-12 20:11:55 -05:00
Brandon Perry 3fedafb530 whoops, extra char 2014-03-12 19:54:58 -05:00
Brandon Perry aa00a5d550 check method 2014-03-12 19:47:39 -05:00
Brandon Perry 9cb1c1a726 whoops, typoed the markers 2014-03-12 10:58:34 -07:00
Brandon Perry 6636d43dc5 initial module 2014-03-12 10:46:56 -07:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
Karmanovskii 6d748f49d3 Update myBB_GetTypeDB.rb 
1.I added comment header;
2.I made ​​a link to your account as a comment;
3.I added a link https://github.com/rapid7/metasploit-framework/pull/3070
Items 2 and 3 on the advice wchen-r7
 2014-03-07 10:49:30 -08:00
Karmanovskii 162527c0e4 Update and rename modules/auxiliary/analyze/myBB_GetTypeDB.rb to modules/auxiliary/gather/myBB_GetTypeDB.rb 
Minor changes and bug: "Msf :: Auxiliary" - forgot to change
 2014-03-06 09:43:23 -08:00
sinn3r f0e97207b7 Fix email format 2014-03-04 17:51:24 -06:00
Brandon Perry c86764d414 update default password to root 2014-03-04 11:55:30 -08:00
Brandon Perry 2b06791ea6 updates regarding PR comments 2014-03-04 10:08:31 -08:00
Brandon Perry a3523bdcb9 Update mantisbt_admin_sqli.rb 
remove extra new line and fix author line
 2014-03-04 08:44:53 -06:00
Brandon Perry 98b59c4103 update desc 2014-03-03 12:40:58 -08:00
Brandon Perry c5d1071456 add mantisbt aux module 2014-03-03 12:36:38 -08:00
James Lee d2945b55c1
Fix typo 
inside_workspace_boundary() -> inside_workspace_boundary?()
 2014-02-24 14:46:08 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
sinn3r 8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials 2014-02-10 13:49:02 -06:00
sinn3r 306b31eee3
Small changes before merging 2014-02-10 13:47:31 -06:00
jvazquez-r7 ac52edabd5
Land #2801, Land @kicks4kittens IBM Sametime modules 2014-02-06 10:17:03 -06:00
jvazquez-r7 30c325c22e Make better json check 2014-02-06 10:16:26 -06:00
kicks4kittens 564f9bccc8 Correct print output 
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
 2014-02-05 22:00:02 +01:00
kicks4kittens 445cd7be5a remove "on {peer} 
line already includes {peer} info
 2014-02-05 21:57:58 +01:00
kicks4kittens 4c0c9101aa Correct check, reinstate print 
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
 2014-02-05 21:56:56 +01:00
kicks4kittens 60cf68f899 added default SSL 2014-02-05 21:54:02 +01:00
kicks4kittens 3560b41eb2 correct variable name 
body isn't valid, replaced with res.body and tested
 2014-02-05 21:51:55 +01:00
Tod Beardsley 9953821451
Fix desc on Drupal module, some peer prints 2014-02-03 12:16:06 -06:00
bcoles 9b9b2fab58 Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module 2014-02-04 02:00:11 +10:30
sinn3r f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection 2014-01-24 15:03:07 -06:00
sinn3r c8e2301111 Be more informative about why CheckCode::Unknown 
This is just kind of personal preference here. In case users wonder
why Unknown.
 2014-01-24 15:01:52 -06:00
jvazquez-r7 cf17bf2e72 Small fix 2014-01-23 19:34:50 -06:00
jvazquez-r7 43de7eb74f Use REXML 2014-01-23 19:32:42 -06:00
jvazquez-r7 5a59e3d4e4 Fix typo 2014-01-23 18:53:58 -06:00
jvazquez-r7 f529eb1d4b Clean code 2014-01-23 18:51:24 -06:00
jvazquez-r7 8e17d38c77 Add check method 2014-01-23 18:30:18 -06:00
jvazquez-r7 b0deb45fad Add Drupal advisory as reference 2014-01-23 18:10:57 -06:00
jvazquez-r7 6d0d7eda10 Delete garbage comment 2014-01-23 18:09:05 -06:00
jvazquez-r7 72b72effa6 Add module for CVE-2012-4554 2014-01-23 18:04:31 -06:00
sinn3r 7080bb336c Update ColdFusion check 2014-01-19 17:05:03 -06:00
sinn3r 4fdd2c19a1 Update vbulletin check 2014-01-19 16:54:27 -06:00
jvazquez-r7 01ab6fd545 Do small fixes 2014-01-17 17:59:03 -06:00
jvazquez-r7 5ec062ea1c Beautify print message 2014-01-17 17:42:26 -06:00
jvazquez-r7 d96772ead1 Clean multi-threading on ibm_sametime_enumerate_users 2014-01-17 17:38:16 -06:00
jvazquez-r7 bb3d9da0bb Do first cleaning on ibm_sametime_enumerate_users 2014-01-17 16:33:25 -06:00
jvazquez-r7 584401dc3f Clean ibm_sametime_room_brute code 2014-01-17 15:57:12 -06:00
jvazquez-r7 4d079d47b8 Enable SSL by default 2014-01-17 15:34:33 -06:00
jvazquez-r7 277711b578 Fix metadata 2014-01-17 15:31:51 -06:00
jvazquez-r7 10fd5304ce Parse response body just one time 2014-01-17 15:17:25 -06:00
jvazquez-r7 fe64dbde83 Use rhost and rport methods 2014-01-17 14:49:50 -06:00
jvazquez-r7 5e8ab6fb89 Clea ibm_sametime_version 2014-01-17 12:23:11 -06:00
kicks4kittens d0d82fe405 Fixed code issues as requested in PR2801 
Mostly coding style issues
Re-tested in testbed - output as expected
 2014-01-15 13:53:14 +01:00
kicks4kittens 87648476e1 Fixed code issues as requested in PR2801 
Mostly coding style issues
Re-tested in testbed - output as expected
 2014-01-15 13:52:45 +01:00
kicks4kittens 55d4ad1b6a Fixed code issues as requested in PR2801 
Mostly coding style issues
Re-tested in testbed - output as expected
 2014-01-15 13:51:19 +01:00
Tod Beardsley feaf6c23cf
Merge and Unconflict client.rb, new module splat 
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421

Also fixes the module with the new license splat.

Conflicts:
	lib/rex/proto/smb/client.rb
 2013-12-30 16:53:13 -06:00
kicks4kittens 17c0751677 Create ibm_sametime_room_brute.rb 
init
 2013-12-26 13:02:52 +01:00
kicks4kittens 7ba1950424 Create ibm_sametime_enumerate_users.rb 
init
 2013-12-26 13:01:48 +01:00
kicks4kittens 2d6f41d67f Create ibm_sametime_version.rb 
init
 2013-12-26 13:00:39 +01:00
OJ 5e4c395f86 Fix small spacing issue 2013-12-18 17:14:47 +10:00
zeknox 2eee34babf added timeout options and rescue timeout 2013-12-16 20:00:13 -06:00
zeknox fe34d0e36e fixed syntax 2013-12-16 19:26:40 -06:00
zeknox 7b8de95f6b fixed database overwriting issues 2013-12-16 19:16:12 -06:00
zeknox 07f686bb1a added ResolverArgumentError rescue statement 2013-12-16 18:46:14 -06:00
zeknox e6f1f648be modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required 2013-12-13 10:49:44 -06:00
zeknox d6e19df8e2 added additional url reference 2013-12-12 22:57:23 -06:00
zeknox 9f18c57fce added period to description and changed tester to user 2013-12-12 22:11:02 -06:00
zeknox dba0e9bf77 msftidy done 2013-12-12 20:30:46 -06:00
zeknox 554cd41403 added dns_cache_scraper and useful wordlists 2013-12-12 20:18:18 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
sinn3r 92412279ae Account for failed cred gathering attempts 
Sometimes the SQL error doesn't contain the info we need.
 2013-12-09 02:11:46 -06:00
jvazquez-r7 f2f8c08c8e Use blank? method 2013-12-05 16:36:44 -06:00
jvazquez-r7 a380d9b4f2 Add aux module for CVE-2013-3522 2013-12-05 15:58:05 -06:00
joev 0612f340f1 Commas are good. 2013-11-13 14:38:50 -06:00
joev ad5f82d211 Add missing refs to aux/gather/android_htmlfileprovider. 2013-11-13 14:36:18 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
sinn3r c10f0253bc Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection 2013-10-07 15:47:28 -05:00
Tod Beardsley 293927aff0
msftidy fix for coldfusion exploit 2013-10-07 12:22:48 -05:00
joev 47e7a2de83 Kill stray debugger statement. 2013-10-06 19:32:22 -05:00
joev c2a81907ba Clean up the way Apple Safari UXSS aux module does data collection. 
[FIXRM #7918]
 2013-10-06 19:28:16 -05:00
jvazquez-r7 1fe0c50df0 Ignore unexpected answers 2013-10-02 20:41:02 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 2741983158 Update description 2013-09-13 18:31:11 -05:00
jvazquez-r7 40aeaf445b Add auxiliary module for HP SNAC Auth Bypass 2013-09-13 18:29:57 -05:00
Tab Assassin 785c2eeb95 Retab changes for PR #1421 2013-09-05 16:20:04 -05:00
Tab Assassin a5cf67a9af Merge for retab 2013-09-05 16:19:51 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 6b8feaff8c Type conversion 2013-08-26 13:56:11 -05:00
sinn3r 50e7d8015a Validate datastore option "YEAR" 
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.

[FixRM #8345]
[FixRM #8344]
 2013-08-21 01:38:16 -05:00
sinn3r 8806e76e4d Fix undefined method error 
[FixRM #8343]
 2013-08-21 00:44:10 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks 
Fix file handle leaks for [SeeRM #8312]
 2013-08-18 20:31:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
sinn3r 4a3dc2e365 Print all the creds! All your base belong to me. 
After a short discussion with Tod, we think it's best to print the
creds by default.  If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
 2013-07-09 19:56:44 -05:00
sinn3r d3433a017b Print hash too 2013-07-09 16:39:24 -05:00
jvazquez-r7 234624793c Add module for CVE-2013-1814 2013-07-09 14:03:35 -05:00
sinn3r 0ecffea66f Updates fingerprint() for CF10 2013-05-28 14:42:11 -05:00
ringt 54eeb8f000 Adding new version...old version does not work in windows, doesnt fingerprint, and a few other minor things 2013-05-21 13:13:21 -05:00
jvazquez-r7 f04ca17bb9 Fix default action 2013-05-13 11:56:02 -05:00
jvazquez-r7 5b64379553 Add Coldfusion 9 target, OSVDB ref and review 2013-05-13 11:55:11 -05:00
sinn3r 60299c2adb Add EDB-25305 - That ColdFusion 10 sub0 0day stuff 
This is just an aux module that extract passwords from
password.properties. Yes, this can leverage a shell too, but
obviously that's best implemented in #1737, or as a new exploit.
We'll see.
 2013-05-12 21:23:53 -05:00
HD Moore 63b0eace32 Add a missing require 2013-05-04 22:39:57 -05:00
Tod Beardsley 4227c23133 Add a reference for Safari module 2013-04-29 14:07:55 -05:00
Joe Vennix 431cba8f36 Update print_status labels. 2013-04-29 11:13:53 -05:00
Joe Vennix c2a1d296a2 Rename DOWNLOAD_URI -> DOWNLOAD_PATH. 
Conflicts:
	modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
 2013-04-29 11:11:06 -05:00
Joe Vennix 55e0ec3187 Add support for DOWNLOAD_URI option. 
* Fixes some comments that were no longer accurate.

Conflicts:
	modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
 2013-04-29 11:10:19 -05:00
Tod Beardsley c27245e092 Touch descriptions for module and options 2013-04-26 13:05:16 -05:00
Joe Vennix b4606ba60a Remove unnecessary puts call. 2013-04-26 12:55:02 -05:00
Tod Beardsley ca6d6fbc84 msftidy for whitespace 2013-04-26 12:44:11 -05:00
Tod Beardsley 16769a9260 Fixing path normalization 2013-04-26 12:40:24 -05:00
Joe Vennix 2fa16f4d36 Rewrite relative script URLs to be absolute. 
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
 2013-04-26 11:25:20 -05:00
Joe Vennix 993356c73e Add safari webarchive uxss to framework as an aux module. 2013-04-25 11:14:16 -05:00
Tod Beardsley e377e30873 unscrewing syntax error 2013-03-20 15:04:31 -05:00
Tod Beardsley fd20eba35e Expanding the title and desc for external_ip 
Also allowing the capitalization on "via" to be small.
 2013-03-20 14:42:12 -05:00
jvazquez-r7 2684e6103c use of send_request_cgi 2013-03-11 20:36:47 +01:00
jvazquez-r7 9c89599737 cleanup before merge external_ip 2013-03-11 20:35:25 +01:00
jvazquez-r7 546e24a9c6 Merge branch 'external_ip_discovery' of https://github.com/sempervictus/metasploit-framework into sempervictus-external_ip_discovery 2013-03-11 20:35:07 +01:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
RageLtMan 25f3f935c4 Apply Egypt's cleanup 
Remove revision, raise the exception itself, remove scanner mixin,
datastore['RHOST'] unstead of RHOSTS, and useles agent var removed.
 2013-03-07 18:34:12 -05:00
RageLtMan dfe3a4f394 msftidy and module placement per todb 2013-03-06 17:36:01 -05:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
sinn3r cae1939914 Kinda too long 2013-02-25 13:44:11 -06:00
Matt Andreko 2c0a916c83 Made the password optional 2013-02-23 17:14:30 -05:00
Matt Andreko b221711ecd Added basic error handling 2013-02-23 10:24:04 -05:00
Matt Andreko 67c2c3da20 Code Review Feedback 
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
 2013-02-23 10:09:23 -05:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
jvazquez-r7 829cf0f076 name changed to dns_srv_enum 2013-02-15 16:20:55 +01:00
jvazquez-r7 d1ba860409 changing filename for dns_srv 2013-02-15 16:20:33 +01:00
jvazquez-r7 374faf9b02 cleanup for dns_srv 2013-02-15 16:19:48 +01:00
jvazquez-r7 9d4bd763a6 Merge branch 'darkoperator-dnsenum2dnssrv' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnssrv 2013-02-15 16:19:31 +01:00
jvazquez-r7 38f5fbced3 cleanup for dns_reverse_lookup 2013-02-15 12:56:01 +01:00
jvazquez-r7 f1e3dab45f Merge branch 'darkoperator-dnsenum2dnsreverselookup' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsreverselookup 2013-02-15 12:55:39 +01:00
jvazquez-r7 6aed858f80 cleanup for dns_bruteforce 2013-02-15 12:37:46 +01:00
jvazquez-r7 1be003a4d0 Merge branch 'darkoperator-dnsenum2dnsbruteforce' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsbruteforce 2013-02-15 12:37:27 +01:00
jvazquez-r7 57e1d1baa5 cleanup for dns_info 2013-02-15 12:03:08 +01:00
Carlos Perez bcd59aa8fa Typo word module does not go in the name. 2013-02-14 21:56:24 -04:00
Carlos Perez 1d64de6c11 Typo word module does not go in the name. 2013-02-14 21:55:38 -04:00
Carlos Perez 7f7b4e5a97 more changes to description and name 2013-02-14 21:49:57 -04:00
Carlos Perez faf970cf1f more changes to description and name 2013-02-14 21:47:43 -04:00
Carlos Perez 1b8610042a more changes to description and name 2013-02-14 21:46:21 -04:00
Carlos Perez 0b9d4d976f more changes to description and name 2013-02-14 21:44:31 -04:00
Carlos Perez 23320a5dde Fix spelling problems 2013-02-14 15:48:11 -04:00
Carlos Perez a7d4f5ff4a Fix spelling problems 2013-02-14 15:46:36 -04:00
Carlos Perez 7f97ff271f Fix spelling problems 2013-02-14 15:44:32 -04:00
Carlos Perez 1872b137f5 Fix spelling problems 2013-02-14 15:41:17 -04:00
Carlos Perez e8ccfae048 Fix spelling problems 2013-02-14 15:38:17 -04:00
Carlos Perez 6c85e5242e change wildcard message to print_warning 2013-02-11 12:04:30 -04:00
Carlos Perez 431641fec9 added check for retry options 2013-02-11 12:02:15 -04:00
Carlos Perez fd6f00f641 added report note for wildcard 2013-02-11 11:37:20 -04:00
Carlos Perez 5f10704697 applied fixes 2013-02-11 11:31:13 -04:00
Carlos Perez 55efe01bf7 Applied fixes 2013-02-11 11:23:06 -04:00
Carlos Perez fd15436a96 Added new line to end of file. 2013-02-08 20:52:49 -04:00
Carlos Perez 78f81843f6 Added new line to end of file. 2013-02-08 20:51:37 -04:00
Carlos Perez eda3fc0715 Added new line to end of file. 2013-02-08 20:50:23 -04:00
Carlos Perez 166b59b61a Added new line to end of file. 2013-02-08 20:48:57 -04:00
Carlos Perez ac8194ed07 Split of DNS SRV Record Enumeration from enum_dns 2013-02-08 10:09:34 -04:00
Carlos Perez 256ab7f737 Split of DNS Reverse Lookup from enum_dns 2013-02-08 09:50:21 -04:00
Carlos Perez 906585798d Split of DNS General Info from enum_dns 2013-02-08 09:49:19 -04:00
Carlos Perez 2186db5295 Split of DNS Name Brutforce from enum_dns 2013-02-08 09:48:32 -04:00
sinn3r 39cdb89831 Oh don't be so sensitive about it. 
Fixnum vs String
 2013-01-31 15:04:13 -06:00