infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,154 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

576 Commits (5171e7edd27afcdf64bb1c49e4d0bd455d7b73a2)

Author SHA1 Message Date
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
Brent Cook 0d9f57ad7c add @artkond's DoS module for Cisco CVE-2017-3881 
This makes a few improvements, adds module docs.
 2017-06-27 01:53:23 -05:00
Pearce Barry 704a1218fa
Land #8498, store more specific credential wordpress_directory_traversal_dos 2017-06-12 10:13:52 -05:00
Pearce Barry 80e91e9de2
Minor fixups. 2017-06-12 09:51:30 -05:00
Pearce Barry bc3b883758
Add docs, fix typo, add missing report mixin to avoid error. 2017-06-05 13:49:59 -05:00
Brent Cook a5805a55dc
make this a UDPScanner, rewrite 2017-06-05 12:39:48 -05:00
Pearce Barry 8c39c92245
Add description and loop capability. 2017-06-05 11:27:13 -05:00
Pearce Barry a571834c4d
Initial commit of rpcbomb DoS aux module. 
This just brings the code in as-in, next step is to update to use our mixins and such.
 2017-06-05 10:23:39 -05:00
Jeffrey Martin d68365d8df
store more specific credential wordpress_directory_traversal_dos 2017-05-31 18:55:35 -05:00
h00die 5698896672
Land #8323 wordpress pre4.6 dos 2017-05-29 07:59:43 -04:00
root 72a5142e37 Update directory traversal DoS module and docs 2017-05-29 00:30:23 +02:00
root 9b9d2f2345 Final version of configurable depth 2017-05-26 16:23:22 +02:00
root 33ddef9303 Add documentation, add configurable depth path 2017-05-26 16:14:03 +02:00
James Lee 4def7ce6cc
Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
James Lee d00685a802
Don't run a DoS during wmap scans 2017-05-10 14:41:24 -05:00
Jeffrey Martin a1efa30fa2
comments adjustments & enum better 2017-05-08 11:57:06 -05:00
Jeffrey Martin e2fe70d531
convert store_valid_credential to named params 2017-05-05 18:23:15 -05:00
Jeffrey Martin 63b6ab5355
simplify valid credential storage 2017-05-04 22:51:40 -05:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
reanar 0b62a6478a Modification for Travis (remove require msf/core, and self.class in register) 2017-04-30 17:05:11 +02:00
reanar 3f348150c6 Modification of description 2017-04-30 16:38:39 +02:00
reanar 52ec448511 Add WordPress Directory Traversal DoS Module 2017-04-30 15:03:48 +02:00
Cantoni Matteo 30f7006b5b Fixed typos of an old commit 2016-11-17 14:39:33 +01:00
“lvarela” 8749eaf097 Fix the default num to be 0 when not specified. 2016-10-05 14:52:43 -05:00
Ale c4c133dff8 Fix Web URL 2016-10-03 17:11:04 -03:00
Ale 066df5f1a9 Fix msftidy warnings 2016-09-30 14:19:43 -03:00
Ale bd96380d19 Fix in ScannerRecvWindow Declaration 2016-09-30 13:50:58 -03:00
Ale c699c7c506 Fixing MSF Code Style 2016-09-30 13:42:30 -03:00
Ale 143a4af73d DoS exploit for CVE-2016-2776 2016-09-29 22:14:13 -03:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
dmohanty-r7 6a462d5f60
Land #6703, Make ms09_065_eot_integer passive 2016-03-23 13:39:41 -05:00
wchen-r7 8c5c0086e6 Change cve_2012_6301 module path & make passive 
This addresses two things:

1. The module is in the wrong directory. dos/http is for http
   servers, not browsers.
2. PassiveActions should not be a 2D array.
 2016-03-23 11:10:23 -05:00
wchen-r7 53860bef1f Make ms09_065_eot_integer passive 
MS-932
 2016-03-23 10:50:24 -05:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names" 
This reverts commit 3da9535e22.
 2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins 
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
 2016-03-06 22:06:27 -06:00
wchen-r7 a82ce40c40 Update ibm_tsm_dos name 
For some reason I actually modified the name, but I didn't mean
to.
 2016-02-18 16:07:46 -06:00
James Lee adb175136e Fix extra whitespace and unused vars in call 2016-02-18 15:18:29 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
wchen-r7 3121093898 Update metadata, plus other minor changes 2016-02-11 22:04:05 -06:00
William Webb c874699b82 removed ranking 2016-02-10 11:45:09 -06:00
William Webb 4c6cb03548 more build errors 2016-02-10 11:40:21 -06:00
William Webb 72f5a33804 addressed CI errors 2016-02-10 11:34:05 -06:00
William Webb 51604fa24a made necessary inheritance changes 2016-02-10 10:59:11 -06:00
William Webb eadbb6b582 moved module to modules/auxiliary/dos/misc 2016-02-09 11:44:01 -06:00
James Lee 8094eb631b
Do the same for aux modules 2016-02-01 16:06:34 -06:00
Jon Hart efdb6a8885
Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Jon Hart e3eafff7c9
Land #6237, @jww519's aux module for Android CVE-2012-6301 2015-12-23 13:27:09 -08:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly 
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
 2015-12-23 11:44:55 -06:00
Jon Hart a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module 2015-12-17 13:45:32 -08:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
wchen-r7 e7d6493311 Replace links 2015-10-28 10:45:02 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links) 
These links are no longer available. They are dead links.
 2015-10-27 12:41:32 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
William Vu ddea0ea708
Fix #5797, extraneous nil fix 2015-10-07 01:11:51 -05:00
William Vu 0182f394b4 Remove extraneous nil 
Didn't need it, forgot to remove it.
 2015-10-07 01:10:33 -05:00
William Vu 2ab779ad3d
Land #6010, capture_sendto fixes 2015-10-01 10:54:24 -05:00
Jon Hart 989fe49750
Fix #6008 for synflood 2015-09-27 14:50:59 -07:00
Jon Hart 7b026676f1
Fix #6008 for avahi_portzero 2015-09-27 14:47:05 -07:00
wchen-r7 cf6d5fac2a Use the latest cred API, no more report_auth_info 2015-09-04 13:43:15 -05:00
Tod Beardsley cebcf72a99
Add discoverer credit, blog ref, longer desc 2015-08-01 10:31:41 -05:00
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
William Vu d86c21e94a
Land #5567, author fix 2015-06-19 10:41:41 -05:00
aushack 76cd9590a4 Fix author 2015-06-19 19:13:51 +10:00
wchen-r7 f9f35db7f3 Update description 2015-05-28 14:52:03 -05:00
erwanlr a74c3372c0 Uses vprint instead of print in #check_host 2015-05-28 15:46:51 +01:00
erwanlr 6d01d7f986 Uses peer instead of ip:port across all the module 2015-05-28 09:32:05 +01:00
erwanlr 447c4ee7df Allows the targetèuri to be shared between the #check and #dos 2015-05-28 09:30:04 +01:00
erwanlr d9d8634948 Changes the message displayed when vulnerable 2015-05-21 08:46:16 +01:00
erwanlr 4f6fe2abce Avoids swallowing exceptions 2015-05-20 21:36:03 +01:00
erwanlr 202a77fc12 Improves detection of the MS15-034 2015-05-20 18:08:00 +01:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 5588ad36b3
Print status message 2015-05-08 13:51:00 -05:00
jvazquez-r7 7e62ba85a1
Do code cleanup 2015-05-08 13:33:28 -05:00
jvazquez-r7 60c2c7a7cd
Delete unused variable 2015-05-08 13:19:39 -05:00
jvazquez-r7 c0f21c3ae1
Fix metadata 2015-05-08 13:19:23 -05:00
William Vu c9cb9ad564 Fix extraneous comma 2015-05-07 15:32:48 -05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups 
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
 2015-05-06 11:39:15 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
wchen-r7 a44da8e6d7 URL refs 2015-04-21 09:29:08 -05:00
wchen-r7 ff32d6cee3 Improve MS15-034 DOS 2015-04-20 20:36:08 -05:00
Brent Cook 30d60975ba
Land #5144, add missing report_note in apache_range_dos 2015-04-15 21:47:18 -05:00
sinn3r 7cc80c418b Correct a bad spelling in ms15_034_ulonglongadd.rb 2015-04-15 15:32:55 -05:00
sinn3r 76d36a46dc Missing a checkcode 2015-04-15 14:04:18 -05:00
sinn3r 8a542b841c Don't check Server header 2015-04-15 13:33:09 -05:00