6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
e9df9d6c2c
Increase default depth
2012-02-29 16:24:18 -06:00
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
6321ff7cb4
Change output message
2012-02-29 01:36:38 -06:00
bc8480715f
Add references to metadata. Do report_auth_info() when a credential is found. Plus other minor changes.
2012-02-29 01:32:21 -06:00
4c39cfd98a
Small tweak to the format of the type
2012-02-28 23:52:48 -06:00
bf07a6a027
Added auxiliary/scanner/mongodb/mongodb_login module
...
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
a6b10862bd
Adds a lantronix telnet discovery module
2012-02-23 17:22:32 -06:00
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
02d6089893
Fix a stack trace when an unexpected response from the server
...
Caused by a typo
2012-02-21 18:57:27 -07:00
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
89e0842b1e
Add vim_soap to the mixins list.
...
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
2012-02-19 18:55:49 -06:00
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
2012-02-19 18:53:03 -06:00
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
2012-02-19 18:52:39 -06:00
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
d58b8c7b69
Use OptEnum to validate enumeration method
2012-02-17 19:12:47 -06:00
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
ddb43774c9
Some metadata fixes
2012-02-17 12:21:38 -06:00
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
bbca09458f
Workaround for report_host/service issue
...
See #6370
2012-02-14 11:19:38 -06:00
03884ddb46
Fix to title from copy pasted init section.
2012-02-14 10:36:15 -06:00
ad0594ee5f
Cleanup and add debug for fingerprint_vmware
2012-02-13 19:07:26 -06:00
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
d036da627a
Clear lots of whitespace
2012-02-13 14:13:43 -06:00
31f001ed54
Improved vmware enumerate vm modules
...
now with screenshots!
2012-02-13 12:07:28 -06:00
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
a758462a32
Remove some whitespace
2012-02-13 11:01:26 -06:00
abb1548d9a
Fix extraneous print_status
2012-02-11 20:09:43 -06:00
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
fe69a27bf1
Fix indent level and type
2012-02-10 03:22:51 -06:00
4b47a9e66f
Be gone, whitespace.
2012-02-10 03:16:37 -06:00
52e7743b41
Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
2012-02-10 03:13:18 -06:00
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
0b8987f2af
Merge results initialization fix
2012-01-31 01:29:44 -06:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
dda3453ac7
Correct a typo
2012-01-28 23:33:26 -06:00
774862508e
Handle another common error type
2012-01-28 23:31:20 -06:00
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
ca7aa21202
Removed schema features from database hashdump modules
...
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
5a095e8ef5
Fixes for PCA modules
2012-01-28 14:35:07 -06:00
c63c7393e3
Print status output
2012-01-28 13:52:38 -06:00
f3eb78199b
Add TCP-based PCA probe
2012-01-28 13:52:38 -06:00
2d7852ddef
Merge PCA scans into udp_sweep/udp_probe
2012-01-28 13:05:24 -06:00
4cd38c5555
Adds login scanner module for VMware Server and ESX
2012-01-27 16:23:56 -06:00
a2d20e25d3
Fix a regression in the workspace inclusion code (only affected
...
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
fe22090a12
Correct e-mail format
2012-01-26 13:04:38 -06:00
d0d964d8ab
Adds an error message if the module couldn't conenct to the target.
...
Fixes #6278
2012-01-26 10:56:07 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
7ec5f98480
Adding jhart's natpimp libary and modules.
...
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See #106 ]
2012-01-24 10:32:30 -06:00
455bcda6e8
Print the port so we know which http service
2012-01-23 10:17:32 -07:00
34491970b3
Adds a new VMWare Authentication Daemon login scanner module.
2012-01-22 15:39:53 -06:00
bcb19ab0a3
Fixes an issue with smb_login not properly dealing with abritrary guest access
...
on Samba.
2012-01-22 01:35:36 -06:00
06b1bffcea
Addresses an issue with udp sweep module that recorded services
...
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
bb035bfec2
Fix up API option names so they can be set globally
2012-01-18 15:05:39 -06:00
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
7d9ba6f5e9
Fix bug #6256 : uninitialized class variable error
2012-01-17 17:58:53 -06:00
6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
Efrain Torres
sinn3r
Tod Beardsley
HD Moore
Gregory Man
David Maloney
HD Moore
James Lee
Matt Buck
bperry-r7
m-1-k-3
Jonathan Cran
Jon Hart