Commit Graph

4574 Commits (52f56527d80b1435c85d832f559d967417c6d007)

Author SHA1 Message Date
h00die b5beb2eb93 throw errors 2016-12-12 21:48:08 -05:00
h00die 2dca7c871b applying #7582 to all ftp aux traversals 2016-12-10 16:05:09 -05:00
William Vu f0dca7abbf
Land #7692, print_error for error_sql_injection 2016-12-09 17:09:52 -06:00
William Vu 2b0bce6459
Land #7690, drupal_views_user_enum user count fix 2016-12-09 16:55:01 -06:00
William Vu 4e235be484 Ensure a trailing slash for base_uri
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
2016-12-09 16:53:58 -06:00
Jin Qian 8780c325a7 Fixed issues #7691, silent exit.
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
2016-12-09 16:20:44 -06:00
dmohanty-r7 77dd952370
Land #7592, check nil return value when using redis_command 2016-12-09 16:07:12 -06:00
Jin Qian 17c12a78f5 Fixed issue #7689, count of found users not accurate
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
2016-12-09 15:19:43 -06:00
wchen-r7 7e0b224eb2 Make ABORT_ON_LOCKOUT non default 2016-12-08 15:07:53 -06:00
wchen-r7 0110b97fa2 Fix #7671, support LOCKED_OUT and DISABLED login status
This allows login scanner modules to skip a user if it is
locked out, or disabled.

Fix #7671
2016-12-07 16:49:16 -06:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
h00die 3d09e283cf module ready 2016-12-02 22:03:23 -05:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash
Add check for presence of Server header.
2016-12-02 18:07:18 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed
Add "res" (http response) when trying to retrieve the cookie
2016-12-01 15:38:26 -06:00
William Vu 54684d31bd
Land #7641, check_conn? fix for cisco_ssl_vpn 2016-11-30 21:14:19 -06:00
William Vu 032312d40b Properly check res 2016-11-30 21:03:29 -06:00
Jin Qian ec83a861c8 Fix issue #7640 where cisco SSL VPN not move despite server responded
Add the "return true" statement that was missing.
2016-11-30 16:25:13 -06:00
wchen-r7 56505d2cc1 Resolve merge conflict 2016-11-30 14:33:23 -06:00
wchen-r7 c70c3701c5 Fix #7628, concrete5_member_list HTML parser
Fix #7628
2016-11-30 14:20:36 -06:00
wchen-r7 530e9a9bc6
Land #7633, fix dell_idrac to stop trying on a user after a valid login 2016-11-30 11:46:31 -06:00
Jin Qian afed1f465e Fix issue 7632 where MSF keeps trying after success.
Thanks to Wei who suggested adding "return :next_user" after success.
2016-11-29 14:57:15 -06:00
Jin Qian 1beeb99d44 Fix issue 7628, username extracted became garbled
Make the regular expression less aggressive.
2016-11-29 12:52:57 -06:00
William Vu c39c53b102 Prefer DefaultOptions to reregistering SSL option 2016-11-28 14:29:02 -06:00
Pearce Barry 8c54b0e5f4
Land #7622, Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:19:02 -06:00
William Vu 777d5c1820 Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:02:39 -06:00
wchen-r7 4eb109b22f
Land #7609, set SSL to true by default for cisco_nac_manager_traversal 2016-11-28 11:30:41 -06:00
John Q. Public 0935d31de1 Changed print_status to print_good
Changed line 315 print type to good instead of the general status indication, so that the result output is easier to see.
2016-11-25 16:54:58 -06:00
John Q. Public c286c708d9 Print file contents
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
2016-11-25 15:57:37 -06:00
h00die efa191dd10 fixed some spacing 2016-11-25 11:50:56 -05:00
h00die 00d9e69a98 potential double fix for #7582 2016-11-24 12:14:09 -05:00
Pearce Barry ec020e3d07
Land #7611, cisco_ironport_enum falsely claimed connection failed
Fixes #7610
2016-11-24 09:54:09 -06:00
Jin Qian 65b858ac06 Fix issue 7610, cisco_ironport_enum falsely claimed connection failed.
Make sure we return 1 in check_conn method.
2016-11-23 14:59:07 -06:00
Jin Qian b7ae7a47be Fix issue #7608 where the SSL option was not turned on by default
Set the SSL option to be on by default.
2016-11-23 14:45:42 -06:00
Jin Qian 0df3e17e0c Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error.
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
2016-11-23 09:56:27 -06:00
h00die 372cf740da saving before changing branches 2016-11-21 22:06:20 -05:00
wchen-r7 83a3a4e348 Fix #7463, check nil return value when using redis_command
Fix #7463
2016-11-21 15:52:12 -06:00
William Vu 6f8660f345
Land #7586, NameError fix for brute_dirs 2016-11-21 14:46:19 -06:00
William Vu c8320d661f
Land #7590, mixin order fix for buffalo_login 2016-11-21 13:57:27 -06:00
Jin Qian 90d360a592 Fix the issue 7589, both RHOST and RHOSTS options are quired
Thanks to Will who found it's due to the order of mixin.
2016-11-21 11:06:32 -06:00
Jin Qian 18b873be47 Fix the exception issue reported in issue #7585
Fix the exception by initialize a key variable that caused the exception.
2016-11-21 10:00:23 -06:00
h00die 05e59bbe19 non-working copy of varnish 2016-11-19 22:09:19 -05:00
h00die 774d363220 direct copy 2016-11-18 16:43:53 -05:00
wchen-r7 00e4a8881f
Land #7574, Update open_proxy aux module 2016-11-18 11:41:43 -06:00
wchen-r7 d3adfff663 Change syntax 2016-11-18 11:41:04 -06:00
wchen-r7 f894b9a4c5 Fix typo 2016-11-18 11:39:26 -06:00
Brendan f2b9498643
Land #7576, Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal 2016-11-17 13:06:29 -06:00
Jin Qian c03f35ef13 Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
2016-11-17 10:08:59 -06:00
Cantoni Matteo c9b9be9328 Update open_proxy aux module 2016-11-17 15:44:03 +01:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
Jon Hart 342bfd628a Dont' set default PORTS or PROBE options. Require user configuration. 2016-10-25 15:58:46 -05:00
Jon Hart 2a18ea0e33 Initial commit of generic module for detecting UDP amplification vulnerabilities 2016-10-25 15:58:46 -05:00
Jon Hart 7f65b28483
Deprecate udp_probe in favor of udp_sweep 2016-10-23 13:06:58 -07:00
Brendan b5a41c3011 Convert ANSI data to UTF-8 char by char because MS might
put an invalid character in the WORKGROUP name during SMB
handshake
2016-10-19 17:42:26 -05:00
William Vu 2668a4a1cd
Fix #6993, tnspoison_checker cleanup 2016-10-19 00:53:33 -05:00
William Webb 8e2ff8df80
Land #7433, Add IP Addresses to HTTP PUT/DELETE scanner output 2016-10-14 13:27:17 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
nixawk b74539be44 check if isakmp payload is same to IKE Leak data 2016-10-13 04:20:23 -05:00
nixawk 7536d1d94a print leak data 2016-10-12 02:42:50 -05:00
nixawk 70d4833654 Fix report_vuln 2016-10-12 02:16:00 -05:00
Alton J 98d7b19ab9 Passed IP parameter to additional functions. 2016-10-11 15:09:50 -05:00
Alton J acff0fa9cf Added IP addresses to output. 2016-10-11 14:43:42 -05:00
Alton J f0ff4a0721 Added IP addresses to output. 2016-10-11 14:42:06 -05:00
Sonny Gonzalez 3fd806b87f Merge remote-tracking branch 'upstream/pr/6993' into land-6993 2016-10-11 09:33:26 -05:00
Brent Cook e074669406
Land #7296, Added a SCADA module for detecting Profinet devices, e.g. Siemens controllers 2016-10-08 21:34:40 -05:00
Stephen Haywood 2d361fabc6 No need to interpolate when using .to_s 2016-10-03 11:38:36 -04:00
Stephen Haywood 95f9b778bd Use standard status messages instead of verbose. 2016-10-03 11:01:51 -04:00
Stephen Haywood d088005d95 TABLE_NAME option not needed. 2016-10-03 10:58:13 -04:00
Stephen Haywood 5f12c8e026 Incorrect warning message
The filename is not always test so the warning message and the note in the description are incorrect.
2016-10-03 10:57:25 -04:00
Stephen Haywood 25996a16bb Fixed file read block. 2016-10-03 10:47:03 -04:00
Stephen Haywood 708eb0eb4f Fixed syntax error. 2016-10-03 10:17:29 -04:00
Stephen Haywood fac03570d1 Use File.open block. 2016-10-03 10:09:45 -04:00
Stephen Haywood bc57537205 Add warning statement. 2016-10-03 10:07:40 -04:00
Stephen Haywood a627c3cd5e Removed unnecessary return statements. 2016-10-03 10:02:26 -04:00
Stephen Haywood 6fa8f40b31 Use unless instead of if (not ...) 2016-10-03 10:00:56 -04:00
Interference Security 3e01dbfded Fixed Space-Tab mixed indent warning 2016-10-01 15:13:26 +05:30
Interference Security 4227cb76a8 Fixed stack trace bug & verified logic
- Fixed stack trace bug when value of "packet" is nill.
- Verified logic of Oracle TNS Listener poisoning which requires an ACCEPT response to be marked as vulnerable.
2016-10-01 15:01:02 +05:30
Stephen Haywood 63c0b6f569 Login failure message. 2016-09-30 17:09:41 -04:00
Stephen Haywood 7996c4b048 Warning about leaving files on disk. 2016-09-30 14:53:15 -04:00
Stephen Haywood 3e4a23cdf6 Removed unnecessary require statement. 2016-09-30 14:51:43 -04:00
nixawk ac76c3591a reference urls 2016-09-29 22:43:00 -05:00
nixawk 5929d72266 CVE-2016-6415 - cisco_ike_benigncertain.rb 2016-09-29 22:25:57 -05:00
averagesecurityguy f7e588cdeb Initial commit of module. 2016-09-28 14:55:32 -04:00
Brendan b9de73e803
Land #7334, Add aux module to exploit WINDOWS based (java) Colorado
FTP server directory traversal
2016-09-26 14:15:23 -05:00
Tijl Deneut 2fab62b14d Update profinet_siemens.rb
Removed unnecessary rescue, gave "timeout" variable a better name.
2016-09-23 18:05:45 +02:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
2016-09-19 15:20:35 -05:00
h00die 9c922d111f colorado ftp 2016-09-18 20:03:16 -04:00
William Vu 4ba1ed2e00
Fix formatting in fortinet_backdoor
Also add :config and :use_agent options.
2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a
pass the public key in as a file instead of data
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1
some more minor fixes
some more minor fixes around broken
ssh modules

7321
2016-09-15 14:25:17 -05:00
David Maloney e10c133eef
fix the exagrid exploit module
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
2016-09-15 11:44:19 -05:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
William Vu fed2ed444f Remove deprecated modules
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
Jon Hart b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
2016-08-31 14:27:18 -07:00
Brendan b21ea2ba3f Added code to assign CPORT value to the parent scanner object 2016-08-29 13:17:10 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu cd858a149f Add DETECT_ANY_AUTH to make bogus login optional 2016-08-23 23:05:47 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
2016-08-22 10:54:09 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available
Fix #7202
2016-08-16 15:34:30 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Jon Hart 554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b 2016-08-02 17:36:22 -07:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages
Fix #6989
2016-07-25 23:15:59 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4
set ssh to non-interactive
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 128f802928 use the regex source when generating or displaying a regex 2016-07-11 22:05:50 -05:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Pearce Barry 159446ce92 Ensure http_login scanner module saves passwds.
Fixes #6983.  When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
David Maloney 3d93c55174
move sshfactory into a mixin method
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
2016-06-28 15:23:12 -05:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
David Maloney 6c3871bd0c
update ssh modules to use new SSHFactory
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
2016-06-24 13:55:28 -05:00
David Maloney 5bc513d6cd
get ssh sessions working properly
ssh sessions now working correctly

MD-1688
2016-06-24 12:14:48 -05:00
David Maloney 3e94abe555
put net:ssh::commandstream back
this was apparently our own creation for doing
ssh sessions

MD-1688
2016-06-22 15:02:36 -05:00
James Lee 07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
Interference Security 0fa1fc50f8 Fixed false positive bug
Checking for "(ERROR_STACK=(ERROR=" is not enough to mark a target as vulnerable. TNS response packet bytes for "Accept" and "Refuse" are required to be sure.
Reference: https://thesprawl.org/research/oracle-tns-protocol/
2016-06-19 17:33:05 +05:30
Brendan Watters c02a05f913 Removed code that was already commented out 2016-06-17 15:47:15 -05:00
Brendan Watters 1225a93179 Moved ClamAV scanner to scanning module
s
2016-06-17 15:40:33 -05:00
Brent Cook b0bf901b22
Land #6950, avoid printing rhost:rport twice when using Msf::Exploit::Remote::SMB::Client 2016-06-09 16:35:09 -05:00
Brent Cook 199ae04b57 fix more duplicate port/ip things 2016-06-09 16:26:41 -05:00
wchen-r7 7143095b4b
Land #6947, add auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum 2016-06-09 14:21:55 -05:00
wchen-r7 207d92a125 Use scan to do regex capture 2016-06-09 11:07:00 -05:00
wchen-r7 1b4a6a7981 Use the UDP mixin to it can cleanup properly 2016-06-09 11:04:50 -05:00
wchen-r7 f0bb125556 Should be print_error 2016-06-08 14:22:36 -05:00
William Vu 600704c053 Merge remote-tracking branch 'upstream/pr/6939' 2016-06-08 14:22:33 -05:00
wchen-r7 52bcade72c Fix #6948, Modules using the SMB client are printing peer twice
Fix #6948
2016-06-08 12:16:50 -05:00
Adam Compton 158176aa05 replaced "if !" on line 41 with "unless"
replaced "$1" on line 51 with "Regexp.last_match(1)
restructed the print statement on line 56 to more closely match suggestion
removed "self." from line 71
changed line 78 to loop for 2 seconds insetead of 1 second
2016-06-08 09:28:08 -04:00
wchen-r7 f13d91f685 Fix a prob of printing an empty rhost from the scanner mixin 2016-06-07 19:19:39 -05:00
wchen-r7 e8304e684c
Bring #6793 up to date with upstream-master 2016-06-07 19:04:32 -05:00
wchen-r7 6ae4d1576e Apply fixes to symantec_brightmail_ldapcreds.rb 2016-06-07 19:01:58 -05:00
Adam Compton 75a34c4aca added a new aux module to quickly scan for Jenkins servers on the local broadcast network by sending out a udp packet to port 33848 on the broadcast address. Any Jenkins server should respond with XML data containing the Jenkins server version. 2016-06-07 16:57:06 -04:00
dmohanty-r7 9450906ca4
Correctly set Dummy param 2016-06-07 14:42:51 -05:00
dmohanty-r7 f47128ccdd
Cleanup canon_irav_pwd_extract module 2016-06-07 14:31:37 -05:00
Brent Cook f034952852
Land #6918, Added additional SAP TCP/IP ports into the sap_port_info function. 2016-06-03 08:01:04 -05:00
dmohanty-r7 a15c79347b
Add canon printer credential harvest module
Praedasploit
2016-06-02 16:07:28 -05:00
sho-luv 98cfcc65ae Added IP address to returned information.
This scanner module doesn't tell you the location of the found information. So when using the -R option to fill the RHOSTS all you get is a bunch of successful findings, however you won't know to which systems they belong.
2016-05-31 19:47:00 -07:00
wchen-r7 504a94bf76 Technically, this is form auth, not http auth 2016-05-27 18:39:25 -05:00
wchen-r7 14adcce8bf Missed the HTTPUSERNAME fix 2016-05-27 18:37:04 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 7f643a7b8d Fix syntax error 2016-05-27 18:05:24 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
2016-05-27 16:25:42 -05:00
Bruno Morisson 01a691a46c Update sap_router_portscanner.rb
Added additional SAP TCP/IP ports for sap_port_info function.

ref: https://wiki.scn.sap.com/wiki/display/TCPIP/Services
2016-05-27 14:43:16 +01:00
William Vu 3dfdf1d936
Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Jon Hart 48c25dd863
Remove need for expand_path in this module; normalize handles it now 2016-05-24 13:30:12 -07:00
Jon Hart 3df4c38e82
Use correct key file var 2016-05-24 13:28:08 -07:00
Brent Cook b613dfefb4
Land #6896, fix spelling in caidao_bruteforce_login 2016-05-19 21:54:06 -05:00
h00die 706d51389e spelling fix 2016-05-19 19:30:18 -04:00
William Vu 9c61490676 Fix some inconsistencies
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
Jon Hart 92d07f74ff
Remove unnecessary double expand_path 2016-05-16 17:34:12 -07:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
Christian Mehlmauer 9357a30725
remove duplicate key 2016-05-04 22:15:33 +02:00
Brian Patterson be363411de
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
wchen-r7 4a95e675ae Rm empty references 2016-04-24 11:46:08 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Fakhir Karim Reda zirsalem f0d403124c Update symantec_brightmail_ldapcreds.rb 2016-04-20 18:58:12 +02:00
Karim Reda Fakhir cda104920e delete telisca abuse 2016-04-20 17:09:13 +01:00
Karim Reda Fakhir c322a4b314 added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb 2016-04-20 17:01:18 +01:00
Karim Reda Fakhir 5adf5be983 add symantec bright mail ldap creds 2016-04-20 16:05:24 +01:00
Karim Reda Fakhir dfb2b95e46 Merge remote-tracking branch 'upstream/master'
Merge
2016-04-20 12:21:16 +01:00
Brent Cook 99b4d0a2d5 remove more regex-style bool checks 2016-04-09 13:49:16 -05:00
Brent Cook af7eef231c Fix a few issues with the SSL scanner
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.

Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
William Vu 41b802a8a2 Clean up module 2016-04-01 13:54:27 -05:00
wchen-r7 75ebd08153
Land #6731, Add CVE-2015-7755 juniper backdoor 2016-03-31 17:30:38 -05:00
wchen-r7 618f379488 Update auxiliary/scanner/redis/redis_server and mixin 2016-03-31 17:14:49 -05:00
wchen-r7 4d76b0e6a5 Rm auxiliary/scanner/misc/redis_server
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
wchen-r7 2e7d07ff53 Fix PASSWORD datastore option 2016-03-31 17:12:00 -05:00
wchen-r7 545cb11736
Bring #6409 up to date with upstream-master 2016-03-31 17:00:56 -05:00
wchen-r7 5fdea91e93 Change naming 2016-03-31 17:00:29 -05:00
wchen-r7 f33e994050 Delete anything related to configuring/saving username 2016-03-31 16:56:54 -05:00
wchen-r7 101775a5ba
Bring #6545 up to date with upstream-master 2016-03-30 16:07:24 -05:00
h00die 7fc2c860e9 remove comment 2016-03-29 21:26:36 -04:00
h00die d35b5e9c2a First add of CVE-2015-7755 2016-03-29 21:20:12 -04:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
James Lee 9e7a330ac8
OptInt -> OptPort 2016-03-16 15:47:29 -05:00
James Lee af642379e6
Fix some OptInts 2016-03-16 14:13:18 -05:00
Spencer McIntyre 4e3a188f75
Land #6401, EasyCafe server file retrieval module 2016-03-16 13:24:54 -04:00
Spencer McIntyre 9ac4ec4bfc Update the class name to MetasploitModule 2016-03-16 13:22:06 -04:00
Spencer McIntyre 53f1338ad0 Update module to remove references to print peer 2016-03-16 13:10:39 -04:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
rwhitcroft c12cc10416 change class Metasploit to MetasploitModule 2016-03-14 17:57:29 -04:00
rwhitcroft dd53625f4a change Metasploit3 to Metasploit to satisfy travis 2016-03-14 16:52:02 -04:00
rwhitcroft a26c90fd41 fix RPORT option 2016-03-14 16:27:44 -04:00
wchen-r7 38153d227c Move apache_karaf_command_execution to the SSH directory
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
William Vu 6323f7f872 Fix a couple overlooked issues 2016-03-13 23:35:05 -05:00
Brent Cook df0ff30468
Land #6642, make ipv6_neighbor_router_advertisement discovery smarter 2016-03-13 16:53:11 -05:00
Brent Cook 635e31961a generate valid prefixes 2016-03-13 16:44:57 -05:00
Fakhri Zulkifli 45c7e4b6ae Update ipv6_neighbor_router_advertisement.rb 2016-03-09 11:21:24 +08:00
Fakhri Zulkifli e417909111 Update ipv6_neighbor_router_advertisement.rb 2016-03-09 11:21:07 +08:00
rwhitcroft f155477edf improve description and change behavior to keep trying on connection errors 2016-03-08 12:33:17 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
wchen-r7 c2f99b559c Add documentation for auxiliary/scanner/http/tomcat_enum
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Brent Cook aa5b201427 Revert "revert ssl_login_pubkey for now"
This reverts commit 7d773b65b6.
2016-03-07 13:19:33 -06:00
Christian Mehlmauer 7d773b65b6
revert ssl_login_pubkey for now 2016-03-07 14:44:23 +01:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook 66c697d2e4
Land #6602, update author info for dahua_dvr_auth_bypass 2016-03-06 15:13:01 -06:00
Brent Cook 4711191def remove non-specific URL 2016-03-06 15:12:25 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Fakhri Zulkifli b1e9f44ca2 IPv6 Neighbor Advertisement Enhancement
http://seclists.org/nmap-dev/2011/q2/79

1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
2016-03-06 03:23:37 +08:00
rwhitcroft ded5b58733 one more style fix 2016-03-01 10:20:39 -05:00
rwhitcroft 4b10331cf0 style fixups 2016-03-01 10:18:25 -05:00
William Vu c5a9d59455
Land #6612, one final missing change 2016-02-29 15:08:42 -06:00
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu a6a37b3089
Land #6612, missing commits included 2016-02-29 14:06:21 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
rwhitcroft f735a904ff create owa_ews_login module, modify HttpClient to accept preferred_auth option 2016-02-28 22:01:05 -05:00
wchen-r7 051506694f
Land #6574, add Linknat Vos Manager Traversal aux module 2016-02-25 22:02:56 -06:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 aa7c3f01a8 Update name and description 2016-02-25 14:39:19 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
William Vu 7d20e26a35 Move to aux/scanner/ssh 2016-02-25 11:22:50 -06:00
William Vu f52f44cde0 Remove session_setup, since we're not in a shell
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
Tyler Bennett ff3a554b4d added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank 2016-02-24 13:53:30 -05:00
Tyler Bennett 16d7b2e6ff cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank 2016-02-23 17:37:47 -05:00
dmohanty-r7 6aa6280eff
Try USERNAME before DEFAULTCRED 2016-02-23 13:44:44 -06:00
Tyler Bennett 4eabe43273 fixed issues with capturing regex 2016-02-23 12:27:07 -05:00
Tyler Bennett c191e5b8e1 corrected authors file and cleaned up debug statements 2016-02-23 11:41:12 -05:00
Jon Hart c79eab2c7f
Land #6241, @talos-arch3y's aux module for Dahua DVR CVE-2013-6117 2016-02-23 08:20:54 -08:00
dmohanty-r7 07ac13326e
Allow user to try other login credentials 2016-02-22 17:47:32 -06:00
dmohanty-r7 c0180b23fa
Update description 2016-02-19 13:39:13 -06:00
dmohanty-r7 33aaeb4ac9
Update authors 2016-02-19 11:53:17 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
nixawk 7ca0255ea1 Module should not be marked executable 2016-02-15 12:57:43 +08:00
nixawk f35230b908 add Linknat Vos Manager Traversal 2016-02-15 12:39:40 +08:00
Spencer McIntyre c9c4f49aca Add get_file method and parse the server response 2016-02-13 17:20:37 -05:00
William Vu 5f0add2a8b
Land #6541, typo fix for cisco_ssl_vpn 2016-02-09 17:13:24 -06:00
William Vu 240cbb91be s/resp/res/ 2016-02-09 17:12:09 -06:00
alexandrinetorrents c0a8b01c2b Addition of multiple read/write to auxiliary/scanner/scada/modbusclient.rb 2016-02-08 13:13:51 +01:00
wchen-r7 cd7046f233 Change method name "method" to "http_method" for http_traversal.rb
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
Brendan Coles 40633ea7cd Check filepath length 2016-02-08 01:11:18 +00:00
Brendan Coles df825913b8 Use default timeout 2016-02-07 07:11:47 +00:00
Brendan Coles e0e67f5507 Remove unnecessary check for FILEPATH 2016-02-07 02:05:15 +00:00
wchen-r7 2171c344e5 Fix #6539, correct a typo in report_cred
Fix #6539
2016-02-06 13:23:21 -06:00
Jon Hart cd86db2734
Update ssh_identify_pubkeys to support symbolic path names 2016-02-03 14:21:54 -08:00
Jon Hart 53d4e31844
Allow OptPath to valid symbolic paths that need expansion 2016-02-03 14:12:03 -08:00
Jon Hart 49beca4e40
Fix ssh_identify_pubkeys to accept keyfiles with authorized commands
Previously, something like this would fail:

command="/some/script.sh" ssh-rsa adsfadfa root@whatever

This format is valid authorized_keys and should work here too.  It does
now.
2016-02-03 13:50:17 -08:00
Jon Hart dbcef2c755
Deregister unused options 2016-02-03 13:20:30 -08:00
James Lee 47c0a3b4a7
Get some stragglers that had a different format 2016-02-01 16:21:10 -06:00
James Lee 8094eb631b
Do the same for aux modules 2016-02-01 16:06:34 -06:00
wchen-r7 f5ee6ce2f3 Better service reporting for snmp_login
Report the snmp string and update the module title & description
to better clarify what the module really does.
2016-02-01 12:24:19 -06:00
Brent Cook cd56470759
Land #6493, move SSL to the default options, other fixes 2016-01-29 11:09:51 -06:00
Brent Cook 115c63e4ba karaf default credential scanner PoC 2016-01-27 03:27:48 -05:00
wchen-r7 6187354392
Land #6226, Add Wordpress XML-RPC system.multicall Credential BF 2016-01-23 00:12:46 -06:00
wchen-r7 064af0d670 Remove unwanted comment 2016-01-23 00:11:58 -06:00
KINGSABRI ad3eed525b Handing newer version of WP, fallback CHUNKSIE to 1 2016-01-23 08:06:27 +03:00
wchen-r7 53e9bd7f51 This line does nothing 2016-01-22 18:55:45 -06:00
wchen-r7 0f9cf812b7 Bring wordpress_xmlrpc_login back, make wordpress_multicall as new 2016-01-22 18:54:20 -06:00
wchen-r7 91db2597c7 normalize URIs 2016-01-22 11:27:26 -06:00
wchen-r7 b02c762b93 Grab zeroSteiner's module/jenkins-cmd branch 2016-01-22 10:17:32 -06:00
Christian Mehlmauer 484d57614a
remove re-registered ssl options 2016-01-22 09:54:52 +01:00
wchen-r7 216986f7af Do API documentation, rspec, and other small changes 2016-01-21 17:22:14 -06:00
KINGSABRI a8feb8cad5 make passwords faster for reading huge wordlest files 2016-01-21 03:32:50 +03:00
KINGSABRI 4cb19c75a6 Enhance the module and add version check 2016-01-21 03:19:31 +03:00
wchen-r7 fcaef76215 Do a version check
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
nixawk ad107a2d1c Show - No Auth Required - Just Once 2016-01-19 08:29:33 +08:00
nixawk 0b78406d29 clear Metasploit::Framework::LoginScanner::REDIS.new 2016-01-16 13:12:04 +08:00
nixawk b2983e1ee7 replace #{rhost}: #{rport} with #{peer} 2016-01-16 13:05:35 +08:00
nixawk 2abaca3f6b include Msf::Auxiliary::Redis / Remove default RPORT option 2016-01-16 12:58:02 +08:00
Karim Reda Fakhir d5dd5d55a6 modified: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
modified:   modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 11:06:26 +00:00
Fakhir Karim Reda aae86d8bc0 new file: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-14 00:12:55 +00:00
Fakhir Karim Reda 01b8302db1 delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-13 23:19:35 +00:00
Karim Reda Fakhir 8b03b719e8 Adding auxialiary modules :
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
Jonathan Harms 5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
Tyler Bennett c245e64239 added peer to each print statement and rex table 2016-01-06 13:22:30 -05:00
wchen-r7 6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
nixawk a54a7aeb02 redis only need password for authentication 2016-01-06 17:05:49 +08:00
wchen-r7 bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
Jon Hart d626d7f0c9
Land #6416, @all3g's rewrite/improvements to redis_server 2016-01-05 19:02:26 -08:00
Jon Hart 90ea88e5ba
Make command used configurable 2016-01-05 16:23:10 -08:00
Jon Hart 3ccdd12ecb
Put peer first in all prints 2016-01-05 16:09:50 -08:00
Jon Hart 1d997234cb
Remove unnecessary degistering of RHOST 2016-01-05 16:08:18 -08:00
Tyler Bennett aa2922e6c3 added in verbose mode for ddns and fixed report_email_creds issue 2016-01-05 14:54:48 -05:00
nixawk 8a76bbafff Add peer to vprint_error 2016-01-06 01:51:23 +08:00
Jon Hart eef154420b This is a scanner, so vprint things that occur frequently 2016-01-05 09:06:36 -08:00
Jon Hart 63324bd77d Rescue correct exceptions 2016-01-05 09:05:32 -08:00
Jon Hart 1b48556456 Use cleaner hash syntax 2016-01-05 09:05:32 -08:00
nixawk 9714923824 ensure disconnect / remove self.class from register_options 2016-01-06 00:54:54 +08:00
William Vu 6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00