53ff3051e1
Land #6531 , NETGEAR ProSafe Network Management System 300 auth'd File Download
2016-02-26 10:53:16 -06:00
bc050410a6
Allow max traversal depth as an option, and report cred
2016-02-26 10:52:30 -06:00
051506694f
Land #6574 , add Linknat Vos Manager Traversal aux module
2016-02-25 22:02:56 -06:00
d14ec657e2
Land #6564 , Add Apache Karaf Command Execution Module
2016-02-25 14:47:40 -06:00
1d2ec7a239
Rescue OpenSSL::Cipher::CipherError
...
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
2016-02-25 14:46:53 -06:00
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
aa7c3f01a8
Update name and description
2016-02-25 14:39:19 -06:00
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
7d20e26a35
Move to aux/scanner/ssh
2016-02-25 11:22:50 -06:00
f52f44cde0
Remove session_setup, since we're not in a shell
...
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
6ef4026698
get_ptr - save_note(ip, 'get_ptr', records)
2016-02-25 21:43:13 +08:00
dfff94a243
save ip/domain relationships
2016-02-25 21:14:40 +08:00
ff3a554b4d
added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank
2016-02-24 13:53:30 -05:00
16d7b2e6ff
cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank
2016-02-23 17:37:47 -05:00
6aa6280eff
Try USERNAME before DEFAULTCRED
2016-02-23 13:44:44 -06:00
4eabe43273
fixed issues with capturing regex
2016-02-23 12:27:07 -05:00
c191e5b8e1
corrected authors file and cleaned up debug statements
2016-02-23 11:41:12 -05:00
c79eab2c7f
Land #6241 , @talos-arch3y's aux module for Dahua DVR CVE-2013-6117
2016-02-23 08:20:54 -08:00
f0da8e9adf
bing_search - ConnectionTimeout
2016-02-23 18:56:34 +08:00
5710c85a9e
Style changes
2016-02-23 15:15:57 +07:00
07ac13326e
Allow user to try other login credentials
2016-02-22 17:47:32 -06:00
c0180b23fa
Update description
2016-02-19 13:39:13 -06:00
33aaeb4ac9
Update authors
2016-02-19 11:53:17 -06:00
91822f2861
Merge pull request #12 from jhart-r7/pr/fixup-6187
...
More fixup for #6187 (auxiliary/gather/enum_dns)
2016-02-19 19:12:17 +08:00
1f5285bca7
Better handling of AXFR if ns records won't resolve on target NS
2016-02-18 22:15:06 -08:00
0e185a34bf
get_ns / notes nameservers
2016-02-19 14:03:05 +08:00
42c64b51bb
Remove all report_host instances in enum_dns
...
the forced resolution of names won't fly
2016-02-18 21:41:51 -08:00
65a3cc2921
Remove duplicated SIP SRV record lookup
2016-02-18 21:41:09 -08:00
da3c382869
add function domain2ip
2016-02-19 12:35:31 +08:00
4ef5cf420c
rename the module
2016-02-19 11:18:55 +08:00
a87c503ae4
merge bing/yahoo subdomains search
2016-02-19 11:17:08 +08:00
a82ce40c40
Update ibm_tsm_dos name
...
For some reason I actually modified the name, but I didn't mean
to.
2016-02-18 16:07:46 -06:00
adb175136e
Fix extra whitespace and unused vars in call
2016-02-18 15:18:29 -06:00
9afe5517f7
return unless domains -> return if domains.empty?
2016-02-18 10:26:45 +08:00
15f6992aec
add yahoo_search_domain(domain) / yahoo_search_ip(ip)
2016-02-18 00:03:28 +08:00
29185271a7
report domains/ips to (notes / hosts)
2016-02-17 11:41:59 +08:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
2428d5127c
add Yahoo Search Engine Subdomains Collector
2016-02-16 03:11:38 +08:00
7ca0255ea1
Module should not be marked executable
2016-02-15 12:57:43 +08:00
f35230b908
add Linknat Vos Manager Traversal
2016-02-15 12:39:40 +08:00
3416a24dda
Adding vprint_status for loot path
...
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
2016-02-14 11:19:20 -06:00
c9c4f49aca
Add get_file method and parse the server response
2016-02-13 17:20:37 -05:00
b2765a296f
Land #6547 , IBM Tivoli Storage Manager Fastback Denial of Service
2016-02-11 22:05:21 -06:00
3121093898
Update metadata, plus other minor changes
2016-02-11 22:04:05 -06:00
cdaa2a8c43
Adding Apache Karaf Command Execution Module
...
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command. This is part of GitHub Issue #4358 .
2016-02-10 16:48:08 -06:00
c874699b82
removed ranking
2016-02-10 11:45:09 -06:00
4c6cb03548
more build errors
2016-02-10 11:40:21 -06:00
72f5a33804
addressed CI errors
2016-02-10 11:34:05 -06:00
51604fa24a
made necessary inheritance changes
2016-02-10 10:59:11 -06:00
5f0add2a8b
Land #6541 , typo fix for cisco_ssl_vpn
2016-02-09 17:13:24 -06:00
240cbb91be
s/resp/res/
2016-02-09 17:12:09 -06:00
eadbb6b582
moved module to modules/auxiliary/dos/misc
2016-02-09 11:44:01 -06:00
c0a8b01c2b
Addition of multiple read/write to auxiliary/scanner/scada/modbusclient.rb
2016-02-08 13:13:51 +01:00
cd7046f233
Change method name "method" to "http_method" for http_traversal.rb
...
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
40633ea7cd
Check filepath length
2016-02-08 01:11:18 +00:00
df825913b8
Use default timeout
2016-02-07 07:11:47 +00:00
e0e67f5507
Remove unnecessary check for FILEPATH
2016-02-07 02:05:15 +00:00
2171c344e5
Fix #6539 , correct a typo in report_cred
...
Fix #6539
2016-02-06 13:23:21 -06:00
55c8d23e1f
Handle refused connections during axfr
2016-02-04 09:23:49 -08:00
52d81f7e93
More/better status printing for big query types
2016-02-04 09:18:26 -08:00
c025458d22
More consistent record type printing
2016-02-04 09:12:36 -08:00
c630f791c3
Remove loot storage from enum_dns. Loot is appropriate for this use case
2016-02-04 09:10:08 -08:00
4408742930
Fix storage of SRV record notes
2016-02-04 09:08:21 -08:00
b64294abc9
Create file for CERT VU 777024 (auth download)
2016-02-04 07:57:48 +08:00
cd86db2734
Update ssh_identify_pubkeys to support symbolic path names
2016-02-03 14:21:54 -08:00
53d4e31844
Allow OptPath to valid symbolic paths that need expansion
2016-02-03 14:12:03 -08:00
49beca4e40
Fix ssh_identify_pubkeys to accept keyfiles with authorized commands
...
Previously, something like this would fail:
command="/some/script.sh" ssh-rsa adsfadfa root@whatever
This format is valid authorized_keys and should work here too. It does
now.
2016-02-03 13:50:17 -08:00
dbcef2c755
Deregister unused options
2016-02-03 13:20:30 -08:00
ef75845d01
Better fetching/saving of SRV records
2016-02-03 13:07:20 -08:00
47c0a3b4a7
Get some stragglers that had a different format
2016-02-01 16:21:10 -06:00
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
f5ee6ce2f3
Better service reporting for snmp_login
...
Report the snmp string and update the module title & description
to better clarify what the module really does.
2016-02-01 12:24:19 -06:00
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
1749932bb4
Cleanup loot saving output
2016-01-28 14:16:47 -08:00
6646785902
Don't enumerate other possible domains via TLD expansion by default
2016-01-28 14:09:09 -08:00
86e7cd92c0
Minor style nit on printed NS records
2016-01-28 14:08:20 -08:00
8af751be41
Land #6470 , Telisca IPS Lock (and Unlock)
2016-01-27 16:41:25 -06:00
86c025de25
Title and description fixes for #6470
2016-01-27 16:40:06 -06:00
115c63e4ba
karaf default credential scanner PoC
2016-01-27 03:27:48 -05:00
6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
064af0d670
Remove unwanted comment
2016-01-23 00:11:58 -06:00
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
53e9bd7f51
This line does nothing
2016-01-22 18:55:45 -06:00
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
91db2597c7
normalize URIs
2016-01-22 11:27:26 -06:00
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
a8feb8cad5
make passwords faster for reading huge wordlest files
2016-01-21 03:32:50 +03:00
4cb19c75a6
Enhance the module and add version check
2016-01-21 03:19:31 +03:00
fcaef76215
Do a version check
...
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
ad107a2d1c
Show - No Auth Required - Just Once
2016-01-19 08:29:33 +08:00
0b78406d29
clear Metasploit::Framework::LoginScanner::REDIS.new
2016-01-16 13:12:04 +08:00
b2983e1ee7
replace #{rhost}: #{rport} with #{peer}
2016-01-16 13:05:35 +08:00
2abaca3f6b
include Msf::Auxiliary::Redis / Remove default RPORT option
2016-01-16 12:58:02 +08:00
643ebfed7e
format print_status output for get_srv/get_tld
2016-01-16 11:21:16 +08:00
3d04f405b4
Update telisca_ips_lock_control.rb
...
commit the changes mad by sinn3r and replace headers on lock and unlock
2016-01-15 15:05:24 +00:00
477dc64e1e
Rename module
2016-01-14 19:45:00 -06:00
eb6cff77bc
Update the code to today's standards
...
Mainly making sure it is following the Ruby style guide, and
avoid unrecommended coding practices.
2016-01-14 19:38:59 -06:00
46f06516ad
Update /telisca_ips_lock_abuse
...
cleaning the code
2016-01-14 11:13:10 +00:00
d5dd5d55a6
modified: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
...
modified: modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 11:06:26 +00:00
aae86d8bc0
new file: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-14 00:12:55 +00:00
c18253d313
deleted: modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-01-14 00:03:25 +00:00
60ef1eae90
adding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 00:00:04 +00:00
25eb311518
readding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-13 23:53:02 +00:00
1e37ff9701
Merge branch 'master' of github:kfr-ma/metasploit-framework into test_telisca_ipslock
...
merge
2016-01-13 23:20:50 +00:00
01b8302db1
delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-13 23:19:35 +00:00
1b9563b82a
rm modules/auxiliary/voip/telisca_ips_lock_abuse
2016-01-13 23:09:35 +00:00
c68d2a8e0a
replace telisca_ips_lock_abuse.rb
2016-01-13 22:59:18 +00:00
457e569f3b
replacing telisca-ips-lock
2016-01-13 22:50:58 +00:00
8b03b719e8
Adding auxialiary modules :
...
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
e491502023
handle exception - ResolverArgumentError
2016-01-12 00:48:02 +08:00
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
c245e64239
added peer to each print statement and rex table
2016-01-06 13:22:30 -05:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
408b8fa4fd
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:54:03 +08:00
eecd75262c
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:25:28 +08:00
71acff5733
output scan results (set VERBOSE false)
2016-01-06 23:55:48 +08:00
a54a7aeb02
redis only need password for authentication
2016-01-06 17:05:49 +08:00
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
3ccdd12ecb
Put peer first in all prints
2016-01-05 16:09:50 -08:00
1d997234cb
Remove unnecessary degistering of RHOST
2016-01-05 16:08:18 -08:00
aa2922e6c3
added in verbose mode for ddns and fixed report_email_creds issue
2016-01-05 14:54:48 -05:00
8a76bbafff
Add peer to vprint_error
2016-01-06 01:51:23 +08:00
eef154420b
This is a scanner, so vprint things that occur frequently
2016-01-05 09:06:36 -08:00
63324bd77d
Rescue correct exceptions
2016-01-05 09:05:32 -08:00
1b48556456
Use cleaner hash syntax
2016-01-05 09:05:32 -08:00
9714923824
ensure disconnect / remove self.class from register_options
2016-01-06 00:54:54 +08:00
6cb9ad0d72
Land #6435 , unaligned def/end fix
2016-01-05 09:59:25 -06:00
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
cbbbd9a7e7
end is not aligned with def
2016-01-05 14:07:43 +08:00
20cd156047
replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server
2016-01-05 13:14:40 +08:00
3990c021c2
Land #6318 , updates for ssh_identify_pubkeys
2016-01-04 13:27:38 -06:00
6f01df3f79
Clean up module
2016-01-04 13:26:03 -06:00
58c047200d
Land #6305 , creds update for owa_login
2016-01-04 10:52:39 -06:00
a6914df3e3
rename LOGIN_URL to TARGETURI
2015-12-31 22:21:34 +08:00
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
a929dc0e35
add redis_login
2015-12-30 18:54:25 +08:00
a477868efb
add ENUM_BRT switch to def get_a(domain)
2015-12-30 13:15:43 +08:00
5bd380c7bd
remove vprint_status / zone transfer - Handle Errno::ETIMEDOUT Exception
2015-12-30 12:06:54 +08:00
e172d60e8e
rename STOP_STORE_LOOT to STORE_LOOT
2015-12-30 10:13:05 +08:00
3edd00f2ec
(description) dns MX to DNS MX / change default options from false to true
2015-12-30 10:07:38 +08:00
7d3978b146
Fix: save_root - Auxiliary failed: ArgumentError wrong number of arguments (5 for 7)
2015-12-29 19:59:56 +08:00
8830a0630d
Review - add options / threads / report_service / STORE_LOOT / ...
2015-12-29 19:43:52 +08:00
9bed78701d
Replace module actions with REG_DUMP_* options
2015-12-28 21:10:43 +00:00
ceef02e8b2
Add Snare Lite for Windows Registry Access module
2015-12-28 15:16:21 +00:00
47261c27d4
Add EasyCafe Server Remote File Access module
2015-12-27 12:00:50 +00:00
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
04f755dd51
Land #6367 , MS15-134 Microsoft Windows Media Center MCL Information Disclosure
2015-12-24 15:24:42 -06:00
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
e191bf8ac3
Update description, and fix a typo
2015-12-24 10:35:05 -06:00
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:23 -08:00
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb
2015-12-24 07:44:36 -08:00
e3eafff7c9
Land #6237 , @jww519's aux module for Android CVE-2012-6301
2015-12-23 13:27:09 -08:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
08bddab568
File name should be the same as the datastore option
2015-12-18 21:22:55 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
a8bb750db7
Address style/usability concerns in Android CVE-2012-6301 module
2015-12-17 13:45:32 -08:00
0c0219d7b7
Land #6357 , cleanup redis rdbcompression options
2015-12-17 10:45:11 -06:00
f3ac8a2cc0
Land #6360 , @pyllyukko's reference cleanup for ipmi_dumphashes
2015-12-16 22:03:40 -08:00
865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way
2015-12-16 11:20:13 -08:00
f616ee14a8
Dont abort if compression can't be disabled
2015-12-16 11:11:00 -08:00
12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION
2015-12-16 11:07:27 -08:00
d110c6cc73
Added few references to ipmi_dumphashes
2015-12-16 13:36:37 +02:00
342ce05ff7
add a DISABLE_RDBCOMPRESSION option for redis file_upload
2015-12-16 04:28:52 +00:00
5bb8dbcafc
added peer to users table
2015-12-15 16:45:45 -05:00
797bd9e04d
added peer to each table and added each users groups to the users table
2015-12-15 16:31:25 -05:00
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
bda6c940cf
fixed issues with printing of tables and cleaned up output a bit removed unecessary prints
2015-12-14 16:23:18 -05:00
e448bc3e27
If saving fails, print_error and mention permissions
2015-12-14 10:47:05 -08:00
19acd366d6
Rename redis file upload module; remove the 'auth' part
2015-12-14 10:40:28 -08:00
4e492a1b0c
Add an additional grammar change to the listener option
2015-12-13 12:04:20 -05:00
90a523fb0a
Typos inside parameters description.
2015-12-12 22:48:20 +01:00
dee23e4bda
Merge pull request #3 from jhart-r7/pr/fixup-6319
...
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
c000e590d4
verified table values are correctly typed as Strs, but it still fails to print the tables
2015-12-10 15:51:59 -05:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
48a27170c2
Document process better, delete correct key
2015-12-10 09:13:13 -08:00
d2f54af23f
Reset the dir and dbfilename back to their original settings
2015-12-10 08:56:24 -08:00
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
0d8fc78257
make code more clear
2015-12-10 15:13:50 +00:00
42013c18ba
add a password option - AUTH_KEY
2015-12-10 08:24:47 +00:00
28bc5b4d4f
move it from exploit to auxiliary
2015-12-10 08:23:38 +00:00
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service
2015-12-09 18:33:40 -08:00
624e5aeffa
First pass at converting redis module to aux; style cleanup
2015-12-09 17:59:48 -08:00
c2ef7be217
cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it
2015-12-09 17:49:38 -05:00
e574c844de
added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table
2015-12-08 18:19:30 -05:00
48cd350711
updated authors list with contributors
2015-12-08 16:29:00 -05:00
92d56cd050
cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels
2015-12-08 16:24:47 -05:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
75e31c252e
added rex table for nas settings, still working on users and hashes rex table
2015-12-07 14:48:28 -05:00
3d892bd1d6
added rex table for grab_email func instead of printing out values
2015-12-07 10:37:36 -05:00
069a50e1b8
Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
...
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
ca023b6499
Simplified do_report() to comply with msftidy
2015-12-05 23:27:28 +00:00
4f1f755c1d
msftidy
2015-12-05 22:49:40 +00:00
4469e9b5ef
Finalised module
2015-12-05 22:45:08 +00:00
bd1bf4aa72
Initial test, fixed noteswq
2015-12-05 21:19:34 +00:00
09c58e4097
Massive rework of the storage/notes/reporting
2015-12-05 21:18:29 +00:00
1101edbcd3
argh, forgot the comma!
2015-12-05 16:24:10 +00:00
28202745ab
Removed EOL spaces (msftidy)
2015-12-05 15:33:04 +00:00
12561e5cf9
Add delay/jitter to xmas scan
2015-12-05 15:32:47 +00:00
e190dcb61a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_delay_jitter_to_scan
2015-12-05 15:25:11 +00:00
5965867fdc
Added 'milliseconds' unit description to JITTER parameter for clarity
2015-12-05 15:23:31 +00:00
a46031a85c
Added delay/jitter to syn scan
2015-12-05 15:23:00 +00:00
40d3ebbc94
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
33563129c1
Added delay/jitter to ACK
2015-12-05 15:22:41 +00:00
efa2f5aa1c
Added delay/jitter feature to ACK scan
2015-12-05 15:14:22 +00:00
0e96a71232
Update
2015-12-05 15:12:40 +00:00
cc770ab120
Removed unneeded comments
2015-12-05 14:59:33 +00:00
734cb128e0
Changed jitter to be absolute, not relative, and put threads option back in
2015-12-05 14:57:47 +00:00
ba13b88aad
Apparently rand(2) will give you 0 and 1....rand(1) exclusively gives 0. Must read the man pages more....
2015-12-05 14:25:30 +00:00
d5e433df87
Removed THREADS option because it isn't used, and added DELAY and JITTER options
2015-12-05 14:23:33 +00:00
385e5a9fe1
fixed more rubocop issues with the rex table for ddns
2015-12-04 15:28:01 -05:00
4e0ab9b68f
fixed ddns_creds import issue, by using rhost and commenting why it needs to be used
2015-12-04 15:10:02 -05:00
6ce54f15ee
added rex table for ddns func
2015-12-04 14:46:26 -05:00
16e4d6a727
fixedd more rubocop errors, still needs work
2015-12-04 14:08:18 -05:00
72f7efd042
Lots of style cleanup
2015-12-03 15:39:27 -08:00
4b30a56f15
Add a few missing connects
2015-12-03 15:22:27 -08:00
7346c528cd
Fix indentation
2015-12-03 15:21:06 -08:00
6c31946995
Slightly simplify regex
2015-12-03 15:19:35 -08:00
98096ab71c
Remove useless assignment
2015-12-03 15:16:54 -08:00
504f6874f2
Convert to actions
2015-12-03 15:15:48 -08:00
93cd3446db
Minor cleanup of some print_ lines
2015-12-03 15:01:27 -08:00
753eddbbd6
Correct true/false for optional options, default values
2015-12-03 14:53:27 -08:00
9d71ff6b9d
cleaned up a few misc prints and added in logic if mailport is empty
2015-12-03 15:51:49 -05:00
3d617efa88
added code to parse mailport from config
2015-12-03 15:36:08 -05:00
0d89dde4a6
changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer
2015-12-03 12:51:48 -05:00
db5c69226e
Add Usernames to Creds Database with owa_login.rb
2015-12-03 09:31:36 -07:00
fdbd3cfc11
Fix minor style problems, call check() from run_host
2015-12-02 15:46:35 -08:00
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
a8887e6b77
firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well
2015-12-02 16:33:09 -05:00
ca496a376f
set username as a requirement and added note about randomly assinged password for user if not set
2015-12-02 14:16:36 -05:00
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
98a0ddebda
Land #6298 , Advantech shellshock module
2015-12-01 11:37:09 -06:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
36f48dc945
cleaned up required opts, only left needed vars to run the rest are optional based on user preference
2015-12-01 11:02:14 -05:00
5e9a0ab3ff
removed version var in initialize method
2015-12-01 10:57:16 -05:00
cb60b41d5d
added in fixes and missing typos, randomized the password for the user
2015-12-01 10:43:58 -05:00
bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
...
Land #6284 , fix for false negatives found in #6281
@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
920d8c6ad7
Land #6278 , wrong default option for RHOST
2015-11-26 06:49:25 +01:00
90fb3e0118
Land #6277 , jenkins domain cred recovery aux module
2015-11-25 22:58:43 -06:00
8fd2522a59
Land #6257 , @all3g's aux module for locating git repos over HTTP
2015-11-25 12:25:45 -08:00
a56571479f
Remove WmapScanServer mixin; not needed
2015-11-25 11:38:32 -08:00
2da9bb8578
Follow redirects in apache_userdir_enum
...
Found false negatives while testing a server for #6281 .
2015-11-25 13:27:06 -06:00
8f459de064
Fix tomcat_enum for full_uri
2015-11-25 11:28:56 -06:00
38a9efe4d6
Fix squiz_matrix_user_enum for full_uri
2015-11-25 11:28:53 -06:00
7d17c5741b
Fix nginx_source_disclosure for full_uri
2015-11-25 11:19:27 -06:00
035882702a
Fix barracuda_directory_traversal for full_uri
2015-11-25 11:18:17 -06:00
7a5f6495d0
Fix axis_local_file_include for full_uri
2015-11-25 11:16:59 -06:00
42d12a4d40
Fix apache_userdir_enum for full_uri
2015-11-25 11:16:22 -06:00
c09d8031c6
Remove default empty string
2015-11-25 12:19:16 +05:00
eac4f02b66
Spelling and correct description
2015-11-24 17:57:56 -08:00
3ad7ef9814
Modify the printed URL to add https:// when SSL is used.
2015-11-25 12:46:56 +11:00
b1abfe898d
Update wordpress_xmlrpc_login
...
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
ccdf814688
Use correct URIs in report_note
2015-11-24 09:52:07 -08:00
c66d56263a
Cleaner and more consistent print_ *
2015-11-24 09:43:05 -08:00
1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with /
2015-11-24 09:11:04 -08:00
afa4d9e74d
Add legit git UserAgent
2015-11-24 08:57:19 -08:00
d59c563ee3
Don't store index file
2015-11-24 08:51:43 -08:00
e29a229336
Minor style cleanup
2015-11-24 08:50:21 -08:00
2152c310fe
Remove the default true option of RHOST
2015-11-24 14:54:54 +05:00
74e1b8d5ac
Fix res nil
2015-11-24 00:15:05 -06:00
95ca288f9d
Modify check
2015-11-23 20:33:14 -06:00
09e6a54886
In case anonymous is not allowed for decryption
2015-11-23 20:26:41 -06:00
20ba10d46c
Spaces, how dare you
2015-11-23 16:45:02 -06:00
faab28f1d6
Add Jenkins Domain Credential Discovery Auxiliary Module
2015-11-23 16:23:59 -06:00
493e476a43
Land #6243 , check nil for sock.read
2015-11-23 11:15:51 -06:00
dc5e9a1d0a
Support CSRF token in the Jenkins aux cmd module
2015-11-22 17:51:27 -05:00
2dd8567741
remove GIT_HEAD / add description / git_config regex match / save index|config file(s)
2015-11-22 09:18:19 +00:00
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
e0386d6830
add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG
2015-11-21 03:06:37 +00:00
1795e09a27
scan git disclosure (.git/index)
2015-11-19 09:16:32 +00:00
0cda20c9e2
Fix everything pointed out by @jlee-r7
2015-11-18 12:02:28 -06:00
5acd9b283e
removed misc comments that arent needed
2015-11-18 11:54:32 -05:00
3d95bd7851
fixed issue with msftidy and fixed rubocop issues that broke the module
2015-11-18 10:40:50 -05:00
a9e8ab785e
Land #6220 , adds ATG client module
2015-11-17 13:31:17 -06:00
e107ec2d17
Change fail to fail_with, fix typo
2015-11-17 13:30:46 -06:00
e55ac99c12
fixed a bunch more rubocop errors
2015-11-17 14:30:33 -05:00
74f6ff7752
Rename to atg_client to match conventions
2015-11-17 12:59:37 -06:00
6e4ccb46e5
knocked out a few more rubocop errors
2015-11-17 11:44:11 -05:00
38c4e4ee6c
added a few more rubocop fixes
2015-11-17 10:48:57 -05:00
f499b822cd
added more rubocop fixes, still testing issue with RHOSTS
2015-11-17 10:30:50 -05:00
afd1e43226
added rubocop fixes
2015-11-17 09:41:12 -05:00
17a1f2ee8a
Fix #6242 , Check nil for sock.read
...
Fix #6242
2015-11-16 14:24:46 -06:00
f0da09090d
Land #6233 , Konica Minolta FTP Utility 1.00 Directory Traversal
2015-11-16 13:55:29 -06:00
740cacb4c0
Check nil
2015-11-16 13:54:36 -06:00
d677a8b871
Adding Dahua DVR auth bypass auxiliary scanner per CVE-2013-6117
2015-11-16 13:54:44 -05:00
fb14722ecb
Update android_stock_browser_iframe_dos.rb
...
Update Packetstorm reference
2015-11-14 13:51:18 -05:00
f172e5298a
Update android_stock_browser_iframe_dos.rb
2015-11-14 13:24:01 -05:00
c914c7b22c
Completely remove SET_TIME
2015-11-13 12:28:23 -08:00
ab3ae675ff
Hide TIME option since SET_TIME is not implemented
2015-11-13 12:26:42 -08:00
ad22eb8444
More cleanup
2015-11-13 12:24:28 -08:00
045bab052e
Add configurable timeout
2015-11-13 12:18:40 -08:00
6e9afc38ee
print_good when we get something
2015-11-13 12:12:37 -08:00
196a88c39a
Style nit
2015-11-13 12:06:00 -08:00
4401c6f1fd
Land #6178 , rsync modules_list improvements
2015-11-13 10:46:24 -06:00
44948a2ace
Add konica_ftp_traversal.rb ( CVE-2015-7603 )
...
This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//
2015-11-13 07:51:42 +08:00
ab71d94392
Make CHUNKSIZE user configurable. Thanks @jhart-r7
2015-11-12 23:02:48 +03:00
732563614b
Change connecting method to send for better code naming
2015-11-12 20:26:17 +03:00
881b12f0ab
Fix rebease conflic
2015-11-12 18:16:39 +03:00
c2c89124b4
Remove it :@
2015-11-12 08:58:07 +03:00
ee312f86f6
Fix peer, naming, and add resp check to the code check
2015-11-12 08:50:46 +03:00
530a7bb613
Fix peer, naming, and add resp check to the code check
2015-11-12 08:42:00 +03:00
2abfa1f241
Fix exceptions and XML parsing
2015-11-12 05:30:07 +03:00
e8dacf32fd
Land #6182 , Heartbleed scanner improvements
2015-11-11 16:59:20 -06:00
ce3f9e2fab
Fix minor style issues
2015-11-11 16:58:20 -06:00
99607e6e4d
Land #6205 , BisonWare BisonFTP Server Directory Traversal
...
CVE-2015-7602
2015-11-11 11:47:45 -06:00
40bdd2bd01
Do module cleanup for auxiliary/scanner/ftp/bison_ftp_traversal
2015-11-11 11:46:37 -06:00
c79a66be02
Land #6204 , directory traversal for PCMan FTP server
...
CVE-2015-7601
2015-11-11 11:07:34 -06:00
e6e5bde492
Do module cleanup for auxiliary/scanner/ftp/pcman_ftp_traversal
2015-11-11 11:06:54 -06:00
7ad42c2ba1
Land #6216 , remove duplicate keys for LoginScanner modules
2015-11-11 10:12:12 -06:00
75a0472db8
Update bison_ftp_traversal.rb
...
made some changes
2015-11-11 14:01:39 +08:00
4716e2e16b
Update pcman_ftp_traversal.rb
...
made some changes
2015-11-11 14:00:04 +08:00
0cfa67f58f
Stub out more of the set time, but disable it
2015-11-10 22:00:02 -08:00
c98ab1dad4
update SET_TANK_NAME opt to mention necessary opts
2015-11-10 21:49:40 -08:00
de570a1550
Improve output when setting tank names
2015-11-10 21:41:05 -08:00
0762b9fa9b
Fix option formatting
2015-11-10 21:24:58 -08:00
637e570b28
Add TLS-250 reference
2015-11-10 21:21:55 -08:00
e67057a5c9
Add great TLS-350 resource
2015-11-10 21:19:37 -08:00
8dd6003cc2
Add several untested but likely OK TLS-350 commands
2015-11-10 21:18:27 -08:00
d00eba23f9
Update references
2015-11-10 21:02:37 -08:00
b37fb3f34d
Add TARGETURI option
2015-11-11 06:25:20 +03:00
cf0cb2df9e
Add TARGETURI option
2015-11-11 06:24:52 +03:00
9894fe15bd
Remove unused advanced options
2015-11-11 06:02:37 +03:00
136fa12ac9
Remove unused advanced options
2015-11-11 06:02:13 +03:00
67ad5452e7
Merge branch 'msfdev'
2015-11-11 02:14:14 +03:00
7b3cfa79f3
Remove ip2location module
2015-11-11 02:13:34 +03:00
57cf535ec6
Fix the comment
2015-11-11 02:06:49 +03:00
137c2e214e
Fix the comment
2015-11-11 02:01:01 +03:00
32faf7a8d4
Fix #6183 , hard tabs fix
2015-11-10 16:48:03 -06:00
a9fe09497e
Fix hard tabs
...
Mixing tabs and spaces? Seriously?
2015-11-10 16:47:29 -06:00
143ac47484
Minor style cleanup
2015-11-10 14:47:12 -08:00
8dc636507b
Land #6183 , dns_srv_enum updates
2015-11-10 16:44:27 -06:00
e98570cbd1
Clean up module
2015-11-10 16:44:10 -06:00
dac7738f29
Clean up description; add more refs
2015-11-10 14:43:06 -08:00
4f4e4c734a
Handle ATGs w/ > 10 tanks, more strict
2015-11-10 14:36:59 -08:00
wchen-r7
William Vu
nixawk
Tyler Bennett
dmohanty-r7
Jon Hart
Pedro Ribeiro
Vex Woo
James Lee
Brent Cook
Nicholas Starke
Spencer McIntyre
William Webb
alexandrinetorrents
Brendan Coles
Tod Beardsley
KINGSABRI
Christian Mehlmauer
kfr-ma
Fakhir Karim Reda
Jonathan Harms
pyllyukko
radekk
Stuart Morgan
r3naissance
HD Moore
Kyle Gray
Louis Sato
Waqas Ali
aushack
jww519
JT