James Lee
6a41697955
Add require
2014-04-30 15:03:49 -05:00
James Lee
ea8dc4db5d
Handle connection errors
...
Also fix up some yardoc issues
2014-04-30 13:33:39 -05:00
James Lee
b617be3dda
Move doc to the right place
2014-04-30 13:30:42 -05:00
James Lee
e8e5a7f72b
Add initial stab at LoginScanner::HTTP
2014-04-30 00:55:45 -05:00
Lance Sanchez
ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
...
MSP-9684 #land
2014-04-29 15:21:56 -05:00
Lance Sanchez
53a212a790
Merge branch 'feature/login_scanner/ftp' into staging/electro_release
...
MSP-9669 #land
2014-04-29 15:04:26 -05:00
David Maloney
00b9c99c89
fix class documentation copypasta
2014-04-29 10:13:11 -05:00
David Maloney
08b2974454
fix class documentation
2014-04-29 10:12:26 -05:00
David Maloney
cea12c9d0c
remove metasploit-credential dep
...
remove from the Gemfile for now. we don't need it
just yet, and there are dependency resolution issues
2014-04-28 11:09:31 -05:00
David Maloney
c02fb21c3b
Finalized specs for sshkey
...
shkey loginscanner now compelte along
with specs
2014-04-25 15:20:33 -05:00
David Maloney
e2d6a57db1
fix spec filename
...
had an extra underscore
2014-04-25 14:27:10 -05:00
David Maloney
8430851a98
Add metasploit-credential to gemfile
...
add a temp reference to the metasploit-credential
gem to the gemfile. Need this for access to ssh key
factories for tests
2014-04-25 14:22:52 -05:00
David Maloney
0fcfb9d655
add proxies to ssh scanner
...
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
David Maloney
35a039848c
add sshkey loginscanner
...
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
David Maloney
19ba4cc859
Merge branch 'master' into staging/electro_release
2014-04-25 11:38:36 -05:00
David Maloney
2346d583ed
touchups and specsfor FTP Scanner
...
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
David Maloney
838a444b23
first pass of FTP LoginScanner
...
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
William Vu
c2bb26590c
Land #3250 , version handling for Heartbleed server
2014-04-25 00:17:26 -05:00
Ramon de C Valle
fd232b1acd
Use the protocol version from the handshake
...
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282 , which is how it should
have been initially.
Thanks to @wvu-r7 for finding this out!
2014-04-25 01:48:17 -03:00
Tod Beardsley
fb3b6f577d
Land #3279 , upper bound check for AR
2014-04-24 15:09:07 -05:00
sinn3r
1353c62967
Land #3295 - Fix NoMethodError undefined method `body' for nil:NilClass
2014-04-24 13:53:58 -05:00
sinn3r
ba4b507cc7
Land #3280 - Multiplatform WLAN Enumeration and Geolocation
2014-04-24 13:52:32 -05:00
sinn3r
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
David Maloney
1f9cf8c68f
add the mixins for tcp and ftp
...
skimmed down, non-module dependent mixins
for TCP client and Ftp client. neccesary for
loginscanner work
2014-04-24 13:39:04 -05:00
sinn3r
656e60c35c
Land #3254 - Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack BoF
2014-04-24 13:20:50 -05:00
sinn3r
cde9080a6a
Move module to fileformat
2014-04-24 13:17:08 -05:00
sinn3r
a39855e20d
Works for XP SP3 too
2014-04-24 13:16:24 -05:00
sinn3r
ba8d7801f4
Remove default target because there is no auto-select
2014-04-24 13:15:49 -05:00
sinn3r
2e76db01d7
Try to stick to the 100 columns per line rule
2014-04-24 13:15:12 -05:00
Tom Sellers
8f47edb899
JBoss_Maindeployer: improve feedback against CVE-2010-0738
...
The exploit against CVE-2010-0738 won't work when using GET or POST. In the existing code the request would fail and the function would return a nil. This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:
Exploit failed: NoMethodError undefined method `body' for nil:NilClass
The first changes detect a 401 authentication message and provide useful feedback. Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.
I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
Christian Mehlmauer
ef815ca992
Land #3288 , Postgres support for Heartbleed scanner
2014-04-24 18:03:13 +02:00
David Maloney
087bcbdce1
Merge branch 'master' into staging/electro_release
2014-04-24 09:50:18 -05:00
David Maloney
83a9f37241
Merge branch 'feature/ssh_login_scanner' into staging/electro_release
2014-04-24 09:48:09 -05:00
David Maloney
3a66723741
nake scan! more generic
...
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
Trevor Rosen
5904aa45e6
Merge pull request #1 from rapid7/feature/ssh_login_scanner
...
SSH LoginScanner class
2014-04-24 09:39:28 -05:00
Trevor Rosen
e556997bf7
Land #3269 (Pro) fix report import issue
2014-04-24 08:27:06 -05:00
Tom Sellers
d4c0d015c1
Update wlan_geolocate.rb
...
Updated based on feedback. Also added enumeration only support for BSD and Solaris.
2014-04-24 07:04:50 -05:00
Spencer McIntyre
9ccb9397e3
Land #3264 , throttl and csv output support for module
2014-04-23 19:00:28 -04:00
Spencer McIntyre
e2b92a824f
Change white space for authors in dns_reverse_lookup
2014-04-23 18:56:27 -04:00
David Maloney
ed8f87d3cf
allow scan! to take a blcok
...
by allowing scan! to take block
and yield the result of each attempt
we can do things like have a module print out
status messages
2014-04-23 12:41:10 -05:00
JoseMi
fd95d9ef38
Added english windows xp sp2 target
2014-04-23 17:32:56 +01:00
William Vu
15bd92dd50
Fix OpenSSH timing attack module
2014-04-23 10:10:37 -05:00
William Vu
0a108acea3
Fix missing comma
...
Commas will be the death of me.
2014-04-23 10:10:12 -05:00
William Vu
6d7fde4302
Land #3157 , OpenSSH user enumeration timing attack
2014-04-23 10:01:10 -05:00
William Vu
1a2899d57b
Fix up whitespace 'n' stuff
2014-04-23 10:00:34 -05:00
Thanat0s
457c48b89b
Error on sleep
2014-04-23 11:38:23 +02:00
Joe Vennix
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
David Maloney
d25f0d8f6c
cash host resolution
...
if we successfuly resolve the host during
the validation, then alter host to the resolved
address to avoid the overhead of subsequent
DNS requests.
2014-04-22 15:34:16 -05:00
kenkeiras
96f042110f
return is not needed when it's the last lifunction line
2014-04-22 22:33:47 +02:00
kenkeiras
c9d8da991a
Use Rex.sleep instead of select
2014-04-22 22:33:19 +02:00