24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
a7988f9e93
Change credentials to service:service
2015-05-08 22:52:59 +05:00
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
e8913e5620
Addressed most of @wvu's issues with #5312
2015-05-06 14:47:08 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
dc053aeb58
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
fc1c0028a8
moved array definition to avoid error
2015-05-05 21:16:23 -05:00
7949daf42b
brocade_enable_login msftidy success
2015-05-05 21:16:23 -05:00
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
f95774c6b4
Fixed bugs
2015-05-02 05:09:03 -04:00
93ac8b48e3
Land #5178 , @jboss_vulnscan check for console default admin
...
* And minor fixes
2015-05-01 17:38:20 -05:00
697c6c20cb
Do minor cleanup
2015-05-01 17:37:45 -05:00
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
b037560c90
Do minor style fixes
2015-05-01 15:01:13 -05:00
ee5dc1d6e4
Land #5277 , typo in telnet_encrypt_overflow
2015-04-30 10:44:55 -05:00
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
9b17191e48
Remove unnecessary {,dis}connect
2015-04-28 15:09:16 -05:00
28e661e204
Fix false positive in POODLE scanner
...
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
7523e592d2
Land #5198 , WordPress contus video gallery 2.7 scanner
2015-04-27 23:24:57 +02:00
7a2084cdc5
Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb
2015-04-26 16:54:21 -05:00
b330b1d41c
typo in title of telnet_encrypt_overflow.rb
2015-04-26 02:32:14 +02:00
c41c7a1ba2
Rewrote the conditions of res.
2015-04-25 17:18:38 -03:00
d01da0c522
Changed if conditions and exception handling
2015-04-25 15:08:36 -03:00
3a84396f32
Removed authorization header.
2015-04-25 14:30:21 -03:00
b810a96dac
Add Module for Enum on InfluxDB database.
2015-04-25 04:41:33 -03:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
896d6e8cb7
Fix title
2015-04-24 11:09:39 -05:00
7af6f31c3a
Fix message
2015-04-24 11:08:00 -05:00
5ca6fe3cb0
Do code cleanup
2015-04-24 11:07:13 -05:00
e51897d64e
Filepath option
2015-04-24 04:35:59 -03:00
7b0b59b5f6
Add WordPress GI-Media Library Plugin File Read.
2015-04-24 04:24:16 -03:00
e9f8b25987
Update wordpress_contus_video_gallery_sqli.rb
...
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
26d208f089
Update wordpress_contus_video_gallery_sqli.rb
...
remove 'uri'
2015-04-22 14:42:03 -05:00
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
3a1778ef7c
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
073850c5ad
Land #5158 , OWA internal IP disclosure scanner
2015-04-21 11:10:39 -05:00
5296c6507d
Land #5157 , OWA login scanner auth timing logs
2015-04-21 11:06:08 -05:00
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
ed588e335b
Changed the print_error output.
2015-04-16 17:32:59 -03:00
bf3bdcffb4
Changed the deph value to 7.
2015-04-16 17:30:28 -03:00
dd474757fe
Changed the print_error output.
2015-04-16 17:26:44 -03:00
f50cedeafd
Changed the depth value to 7.
2015-04-16 17:22:49 -03:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
1455d4e94d
Fix AUTH_TIME
2015-04-16 11:39:33 -05:00
7c572777e1
Fix whitespace
2015-04-16 11:34:50 -05:00
7a9167b235
Fix comments
2015-04-16 11:34:47 -05:00
9bcc988266
Update owa_login
2015-04-16 11:23:04 -05:00
75b88f199a
Create wordpress_cp_calendar_sqli.rb
2015-04-16 09:53:00 -05:00
ecc67b1a57
Fix loot name
2015-04-16 10:42:20 -03:00
d898af5513
Add check version and removed HttpClient
2015-04-16 10:40:35 -03:00
768294710b
Add check and removed HttpClient
2015-04-16 10:22:10 -03:00
890561bff3
Rewriting the condition 'if' for only one line
2015-04-16 09:23:56 -03:00
b90ff36ef4
Rewriting the condition 'if' for only one line
2015-04-16 09:15:17 -03:00
21e964e699
Add Author and references..
2015-04-16 07:20:48 -03:00
f6f4bd0746
Add WordPress Dukapress File Read Vulnerability
2015-04-16 07:17:46 -03:00
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
bec6270f07
Fix regex
2015-04-15 23:47:03 -05:00
0a4ab99aa5
Land #5149 , couchdb_enum cleanup
2015-04-15 21:50:30 -05:00
4410f8da6e
Clean up module some more
2015-04-15 21:48:19 -05:00
01ae7002cf
Fix EOF whitespace
2015-04-15 21:27:53 -05:00
20d4d1ce3f
Move report_goods before the return
2015-04-15 21:22:41 -05:00
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
66b7179a97
Rename module to owa_iis_internal_ip
2015-04-15 17:10:01 -05:00
a109dae033
Fix EOL whitespace
2015-04-15 16:58:59 -05:00
cc422eeeea
Fix splat
2015-04-15 16:58:18 -05:00
34ce4edacb
Add exchange_iis_internal_ip
2015-04-15 16:55:19 -05:00
1d6300991c
Clean the code of the module couchdb_enum.
2015-04-15 02:58:51 -03:00
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
284ef5bbbb
Land #5112 , Nessus REST Login Module
2015-04-10 13:32:53 -05:00
7810f3d9a3
Add previous nessus_xmlrpc_login file
2015-04-10 12:32:42 +05:00
bbbd4d3634
change name to keep both XML and REST modules
2015-04-10 12:20:43 +05:00
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
1bfda9e78f
Land #5101 , Add Directory Traversal for GoAhead Web Server
2015-04-08 15:30:23 -05:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
42e82cc644
Rubocop fixes
2015-04-07 18:21:08 -05:00
7275d5745f
Fixes, refactoring and adding JBoss AS default creds scanning
2015-04-07 17:40:25 -05:00
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
c9e8f9cbea
Add BigIP HTTP VS scanner and fix connection errors
2015-04-03 02:30:03 -04:00
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
a592f645f0
Land #5039 , Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner
2015-04-01 14:34:58 -05:00
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
3e104fd8e6
Add Directory Traversal for RIPS Scanner
2015-03-27 05:08:43 -03:00
0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically
2015-03-25 11:29:07 -05:00
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
ee17d6e606
Deleted spaces at EOL
2015-03-23 04:34:38 -04:00
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
6f51946aa0
Land #4969 , GitLab module references
2015-03-20 17:26:51 -05:00
99f3de0843
Clean up info hash formatting
2015-03-20 17:26:21 -05:00
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
wchen-r7
jvazquez-r7
Stuart Morgan
Denis Kolegov
void-in
William Vu
Tod Beardsley
Brent Cook
Mike
root
James Lee
Christian Mehlmauer
Brandon Perry
m-1-k-3
Roberto Soares
Brandon Perry
Nate Power
root
Zach Grace