Roberto Soares Espreto
|
bd315d7655
|
Changed print_good and OptEnum
|
2014-10-10 13:54:42 -03:00 |
Roberto Soares Espreto
|
08fdb4fab2
|
Add module to enumerate environment HP via perfd daemon
|
2014-10-10 13:09:36 -03:00 |
Pedro Ribeiro
|
8163b7de96
|
Thanks for helping me clean up Todd!
|
2014-10-09 18:20:31 +01:00 |
Pedro Ribeiro
|
9d1e206e43
|
Incorporate cred changes and other minor fixes
|
2014-10-09 17:59:38 +01:00 |
Pedro Ribeiro
|
4817e1e953
|
Update trackit_sql_domain_creds.rb
|
2014-10-08 21:41:04 +01:00 |
Brendan Coles
|
3c7be9c4c5
|
Remove hash rockets from references #3766
[SeeRM #8776]
|
2014-10-08 09:01:19 +00:00 |
Pedro Ribeiro
|
6af6b502c3
|
Remove spaces at EOL
|
2014-10-08 08:30:30 +01:00 |
Pedro Ribeiro
|
713ff5134a
|
Add OSVDB id
|
2014-10-08 08:24:44 +01:00 |
Pedro Ribeiro
|
bd812c593c
|
Add full disclosure URL
|
2014-10-08 08:24:04 +01:00 |
Pedro Ribeiro
|
bbac61397d
|
Restore :address to rhost and explain why
|
2014-10-08 08:23:43 +01:00 |
Pedro Ribeiro
|
9cb0ad1ac2
|
Change the reporting address to the real value
|
2014-10-08 01:18:17 +01:00 |
Pedro Ribeiro
|
6e9bebdaf9
|
Fix noob mistake in assignment
|
2014-10-08 01:04:15 +01:00 |
Pedro Ribeiro
|
7dbfa19e65
|
Add exploit for Track-It! domain/sql creds vuln
|
2014-10-07 23:54:43 +01:00 |
Christian Mehlmauer
|
f45b89503d
|
change WPVULNDBID to WPVDB
|
2014-10-03 17:13:18 +02:00 |
Christian Mehlmauer
|
33b37727c7
|
Added wpvulndb links
|
2014-10-02 23:03:31 +02:00 |
jvazquez-r7
|
c00094ba6e
|
Land #3345, @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli
|
2014-09-19 15:01:21 -05:00 |
jvazquez-r7
|
62414e2214
|
Add Timeout to exploit sqli
|
2014-09-19 15:00:54 -05:00 |
jvazquez-r7
|
db6372ec8b
|
Do minor module cleanup
|
2014-09-19 14:43:35 -05:00 |
jvazquez-r7
|
4a9294e3bf
|
Mark module as not executable
|
2014-09-19 14:36:44 -05:00 |
Joe Vennix
|
59dfa624c4
|
Add a REMOTE_JS datastore option for BeEf hooks etc.
|
2014-09-16 13:31:03 -05:00 |
Tod Beardsley
|
4fc1ec09c7
|
Land #3759, Android UXSS, with ref/desc fixes
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)
Also fixes #3782 (opened by accident).
|
2014-09-11 14:27:51 -05:00 |
Tod Beardsley
|
fbba4b32e0
|
Update the title and desc to be more descriptive
See #3759
|
2014-09-11 14:06:14 -05:00 |
Tod Beardsley
|
d627ab7628
|
Add refs for Android UXSS
See #3759
|
2014-09-11 14:05:50 -05:00 |
sinn3r
|
280e16c241
|
Land #3677 - Updated shodan_search for new API
|
2014-09-10 11:39:00 -05:00 |
sinn3r
|
006393360e
|
Add conditions to check healthy shodan results
|
2014-09-10 11:38:06 -05:00 |
Joe Vennix
|
7793ed4fea
|
Add some common UXSS scripts.
|
2014-09-09 02:31:27 -05:00 |
Joe Vennix
|
27889ea411
|
Add a safety fallback on js load.
|
2014-09-08 00:46:47 -05:00 |
Joe Vennix
|
8407d45c9c
|
Rework the timers.
|
2014-09-08 00:40:00 -05:00 |
Joe Vennix
|
5c9c8edfcf
|
Fix refs.
|
2014-09-07 23:33:45 -05:00 |
Joe Vennix
|
5efaf7d4cf
|
rename module, handle asyncness.
|
2014-09-07 23:25:08 -05:00 |
Joe Vennix
|
1bf89fb6bd
|
Add Android <= 4.3 AOSP UXSS module.
|
2014-09-07 20:44:03 -05:00 |
Chris Hebert
|
abffdd8705
|
Update alienvault_newpolicyform_sqli.rb
cleaned up according to msftidy.rb suggestions
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
|
2014-09-04 21:46:37 -04:00 |
Chris Hebert
|
664cc131e3
|
Update alienvault_newpolicyform_sqli.rb
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
|
2014-09-04 21:34:24 -04:00 |
jvazquez-r7
|
ff210a7c0a
|
delete parenthesis
|
2014-09-04 16:16:29 -05:00 |
William Vu
|
2d8c7a7a4d
|
Refactor if statement to early return
This eliminates the protracted if statement and aligns the code body.
|
2014-09-04 15:05:30 -05:00 |
John Sawyer
|
3281781f6a
|
Addressed r7 comments, fixed bug in results loop
|
2014-09-01 13:43:31 -04:00 |
Jon Hart
|
246f021437
|
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
|
2014-08-26 10:49:53 -07:00 |
Jon Hart
|
162508f532
|
Update NAT-PMP modules to use new/updated mixins
|
2014-08-26 10:49:53 -07:00 |
Jon Hart
|
816404bb88
|
Move common NAT-PMP functionality into a central place
|
2014-08-26 10:49:53 -07:00 |
Jon Hart
|
ca11eae3a9
|
Show a useful failure message when the external address probe fails
|
2014-08-26 10:49:52 -07:00 |
John Sawyer
|
0a27a18104
|
Committing changes from r7 comments
|
2014-08-23 00:08:27 -04:00 |
John Sawyer
|
1959f7a235
|
Updated shodan_search for new API
|
2014-08-20 00:48:13 -04:00 |
jvazquez-r7
|
674c3ca260
|
Use [] for references
|
2014-07-30 10:44:42 -05:00 |
Christian Mehlmauer
|
3d2a62bc29
|
Updated W3 Total Cache Hash extract module
|
2014-07-29 19:49:48 +02:00 |
jvazquez-r7
|
8937fbb2f5
|
Fix email format
|
2014-07-11 12:45:23 -05:00 |
William Vu
|
43f41de124
|
Land #3508, CVE-2014-4671 Flash JSONP disclosure
|
2014-07-11 10:11:48 -05:00 |
joev
|
b8225ae2dc
|
Remove unnecessary ||= and ivars.
|
2014-07-10 16:06:28 -05:00 |
joev
|
e0389dfbc3
|
Update code as per @wvu's code review.
|
2014-07-10 15:03:40 -05:00 |
joev
|
dd439066ca
|
Patch rhost to display hostname of JSONP_URL.
|
2014-07-10 12:02:22 -05:00 |
joev
|
841cb6a590
|
STEAL_URL -> STEAL_URLS.
|
2014-07-10 09:14:32 -05:00 |
joev
|
fad30bc874
|
Add flash rosetta exploit module for stealing URLs.
|
2014-07-10 09:09:10 -05:00 |
HD Moore
|
002234993f
|
SMB lib fixes, unattend.xml cred gathering
|
2014-06-23 20:08:42 -05:00 |
Meatballs
|
615aeb66a5
|
Dont use or
|
2014-06-23 23:11:04 +01:00 |
Meatballs
|
752007848b
|
Tidy up code
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
|
2014-06-23 23:08:33 +01:00 |
HD Moore
|
2772d84a18
|
Major rework of this module, please see the diff
|
2014-06-23 16:13:42 -05:00 |
William Vu
|
a0aca251f5
|
Land #3472, releae fixes
|
2014-06-23 11:41:35 -05:00 |
Tod Beardsley
|
0219c4974a
|
Release fixups, word choice, refs, etc.
|
2014-06-23 11:17:00 -05:00 |
William Vu
|
40d1ec551e
|
Add WEP, PSK, and MGT
|
2014-06-21 23:15:20 -05:00 |
Spencer McIntyre
|
c685e0d06e
|
Land #3444, chromecast wifi enumeration
|
2014-06-17 22:09:58 -04:00 |
William Vu
|
1394ad1431
|
Break my double quote habit
Doesn't it feel better? C doesn't love me anymore.
|
2014-06-17 14:22:55 -05:00 |
William Vu
|
8376b4aa2b
|
Map constants to readable values
Thanks, @zeroSteiner and @kernelsmith. :)
|
2014-06-17 13:10:08 -05:00 |
Tod Beardsley
|
2aa26fa290
|
Minor spacing and word choice fixups
|
2014-06-16 11:40:21 -05:00 |
Tod Beardsley
|
1ab379a0fe
|
Land #3448, ident =! indent
|
2014-06-12 14:15:06 -05:00 |
Tod Beardsley
|
e9783200f2
|
Land #3447, fix variable typo
|
2014-06-12 14:07:34 -05:00 |
William Vu
|
cb91b2b094
|
Fix broken table indent (s/Ident/Indent/ hash key)
|
2014-06-12 13:41:44 -05:00 |
Jon Cave
|
a647246148
|
Use correct variable name
|
2014-06-12 19:38:41 +01:00 |
Tod Beardsley
|
3f5e50d18f
|
Aux modules don't have ranking.
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
|
2014-06-12 13:21:59 -05:00 |
joev
|
6bc37cca0c
|
Land #3430, @brandonprry's generic MongoDB injection enum.
|
2014-06-11 21:41:23 -05:00 |
William Vu
|
23f7fe45ed
|
Add Chromecast wifi enumeration module
|
2014-06-11 21:00:47 -05:00 |
Brandon Perry
|
cca91dd7c5
|
Update mongodb_js_inject_collection_enum.rb
some @jvennix-r7 fixes
|
2014-06-11 17:07:57 -05:00 |
Brandon Perry
|
4367e8ef0c
|
Update mongodb_js_inject_collection_enum.rb
Fix some logic bugs that caused incorrect results.
|
2014-06-07 21:03:28 -05:00 |
Brandon Perry
|
dc89621d5c
|
Update mongodb_js_inject_collection_enum.rb
No need to make extra requests. Off by one.
|
2014-06-07 20:09:00 -05:00 |
Brandon Perry
|
2663af986b
|
Update mongodb_js_inject_collection_enum.rb
This adds a bit more error handling, and better decision making in regards to false responses.
|
2014-06-07 19:58:12 -05:00 |
Brandon Perry
|
4071fb332b
|
Create mongodb_js_inject_collection_enum.rb
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
|
2014-06-07 11:20:34 -05:00 |
jvazquez-r7
|
69e8286838
|
Fix title
|
2014-05-27 10:29:32 -05:00 |
jvazquez-r7
|
1316365c2f
|
Fix description
|
2014-05-27 10:22:39 -05:00 |
jvazquez-r7
|
abe1d6ffc7
|
Land #3190, @Karmanovskii's module to fingerprint MyBB database
|
2014-05-27 10:20:24 -05:00 |
jvazquez-r7
|
86221de10e
|
Fix message
|
2014-05-27 10:18:27 -05:00 |
jvazquez-r7
|
b96c2dd0ca
|
Change module filename
|
2014-05-27 10:15:39 -05:00 |
jvazquez-r7
|
1d8c46155b
|
Do last code cleaning
|
2014-05-27 10:14:55 -05:00 |
Karmanovskii
|
eacf70af83
|
Update mybb_get_type_db.rb
26.05.2014 23:26
I deleted mimicking IE11
|
2014-05-26 23:26:28 +04:00 |
Chris Hebert
|
99046ba12a
|
Update alienvault_newpolicyform_sqli.rb
Added EDB link - should be ready now.
|
2014-05-23 10:07:45 -04:00 |
Tod Beardsley
|
fa353e6bd9
|
Add CVE, IBM ref for SameTime modules
|
2014-05-22 11:34:04 -05:00 |
Karmanovskii
|
e26dee5e22
|
Update mybb_get_type_db.rb
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
|
2014-05-19 21:32:30 +04:00 |
Karmanovskii
|
06912ac2b6
|
Update mybb_get_type_db.rb
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
|
2014-05-17 16:30:29 +04:00 |
Karmanovskii
|
cbb84e854c
|
Update mybb_get_type_db.rb
14.05.2014
Eliminated notes jvazquez-r7
|
2014-05-14 14:56:40 +04:00 |
Christian Mehlmauer
|
3f3283ba06
|
Resolved some msftidy warnings (Set-Cookie)
|
2014-05-12 21:23:30 +02:00 |
Chris Hebert
|
681e4194ea
|
Update alienvault_newpolicyform_sqli.rb
and the new variable as well.
|
2014-05-10 20:19:40 -04:00 |
Chris Hebert
|
3ae3c478bd
|
Update alienvault_newpolicyform_sqli.rb
enhanced as requested by Christian Mehlmauer
changed xnDa to a random string to make IDS harder to detect.
|
2014-05-10 20:17:30 -04:00 |
Chris Hebert
|
1affbfbe9d
|
Update alienvault_newpolicyform_sqli.rb
fixed reinitialize i=0, full = '' and filename .....
spotted by Spencer McIntyre - thanks.
|
2014-05-10 18:49:41 -04:00 |
Chris Hebert
|
8e79663001
|
Update alienvault_newpolicyform_sqli.rb
Added vendor advisory
|
2014-05-10 18:31:12 -04:00 |
Chris Hebert
|
ec1df58bf7
|
Update alienvault_newpolicyform_sqli.rb
Changed reference -- OSVDB # 106815
(waiting for EDB - no response yet)
|
2014-05-10 18:14:09 -04:00 |
Chris Hebert
|
473efe1040
|
Update alienvault_newpolicyform_sqli.rb
|
2014-05-10 17:28:50 -04:00 |
mvdevnull
|
117e0b839b
|
Add module - alienvault_newpolicyform_sqli
|
2014-05-09 15:10:58 -04:00 |
Tod Beardsley
|
c6affcd6d3
|
Fix caps, description on F5 module
The product name isn't "Load Balancer" as far as I can tell.
|
2014-05-05 13:38:53 -05:00 |
jvazquez-r7
|
9cd6c5ef2b
|
Land #3297, @Th4nat0s's F6 backends disclosure module
|
2014-04-30 09:31:37 -05:00 |
jvazquez-r7
|
4e80e1c239
|
Clean up pull request code
|
2014-04-30 09:31:07 -05:00 |
Thanat0s
|
70314494ca
|
test nil of port & host
|
2014-04-28 23:33:01 +02:00 |
Thanat0s
|
fe3f7fd76a
|
Obey to reviewer.. code fix
|
2014-04-28 23:26:29 +02:00 |
Thanat0s
|
2396d497d8
|
move scanner to gather
|
2014-04-28 12:57:54 +02:00 |