Commit Graph

1240 Commits (6e7cbe793c01be87cafdaa67088fe484d8b0bf93)

Author SHA1 Message Date
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
sinn3r 53a9a8afce Awww, typo! Nice catch, @Agarri_FR! :-) 2012-08-31 14:23:51 -05:00
sinn3r 638d9d1095 Fix nil res bug, change action name, etc 2012-08-25 02:41:50 -05:00
Ewerson Guimaraes (Crash) cad590488d Update modules/auxiliary/scanner/http/http_traversal.rb 2012-08-24 15:47:07 -03:00
Tod Beardsley 586d937161 Msftidy fix and adding OSVDB 2012-08-15 13:43:50 -05:00
sinn3r e5666d70e2 Merge branch 'glassfish-uri' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-glassfish-uri 2012-08-13 11:53:03 -05:00
HD Moore f72f334124 Fix an odd issue with search due to use of the builtin Proxies option 2012-08-12 23:22:38 -05:00
RageLtMan 33c74c97e2 Add Opt::Proxies and opthash[:proxies] to ssh mods 2012-08-12 16:23:22 -04:00
RageLtMan c9690033c7 This commit allows ssh_login to use socks proxies. Net::SSH::Transport::Session could take a :proxy option,
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.

Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
2012-08-12 16:01:52 -04:00
Daniel Miller db4f31de76 Fix use of URI option for glassfish_login
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
2012-08-10 15:44:53 -05:00
jvazquez-r7 d04fdc9382 Added aux module for CVE-2009-1730 2012-08-08 16:26:41 +02:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
sinn3r 99d3ee6fc4 Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal 2012-08-06 03:15:16 -05:00
sinn3r f1e7ef06cc Add webpagetest dir traversal module
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules.
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
sinn3r 87aae548e6 Final cleanup 2012-07-24 13:11:04 -05:00
Bruno Morisson dbc779e02d implemented fixes requested by sinn3r
Implemented the fixes, and re-tested the modules
2012-07-24 11:02:49 +01:00
Bruno Morisson 397d708340 Added bulk file retrieval to sap_mgmt_con_getlogfiles, and new module to get SAP process list from remote host
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.

* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
2012-07-23 16:26:33 +01:00
HD Moore 9bff1c913b Merge pull request #592 from alexmaloteaux/ipv6arpfix
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
HD Moore c887e0aaff Re-add AFP changes due to mangled merge 2012-07-17 00:42:49 -05:00
HD Moore f62e0b1cca AFP fixes and JTR typo fix 2012-07-16 21:45:45 -05:00
HD Moore bc2edeace2 Cleanup AFP module output 2012-07-16 21:02:40 -05:00
jvazquez-r7 2da984d700 Added module for OSVDB 83275 2012-07-12 13:12:31 +02:00
Alexandre Maloteaux 81ba60169f ipv6 and arp_scanner fix 2012-07-10 18:28:24 +01:00
sinn3r b817070545 Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui 2012-07-09 20:14:25 -05:00
Alexandre Maloteaux e509c72574 better handle company name 2012-07-10 00:24:30 +01:00
Alexandre Maloteaux e949b8c2c8 mac_oui 2012-07-09 23:46:57 +01:00
jvazquez-r7 b33220bf90 Added module for CVE-2012-2215 2012-07-09 17:32:55 +02:00
sinn3r d626de66f7 Print out where the scheme info is stored.
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
sinn3r ecb4e20c92 Instead of deleting the "/", here's a different approach 2012-07-06 01:23:41 -05:00
sinn3r 7876d7fd60 Delete the extra "/" 2012-07-06 01:20:31 -05:00
sinn3r 686f176a99 Correct path 2012-07-06 01:12:47 -05:00
sinn3r 0c18662d46 Make msftidy happy and change the traversal option 2012-07-06 01:10:39 -05:00
sinn3r 3b7e1cd73a Add Dillion's module for Wangkongbao 2012-07-06 00:54:55 -05:00
sinn3r 68c582873b Add the MSF license text 2012-06-27 17:11:00 -05:00
jvazquez-r7 d3bc78c53b applied changes proposed by sinn3r 2012-06-27 23:55:51 +02:00
jvazquez-r7 2c5cc697c9 Added auxiliary module for CVE-2012-2926 2012-06-27 10:21:18 +02:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
sinn3r 05eaac9085 Fix possible param duplicates 2012-06-24 19:05:42 -05:00
James Lee 3e974415d9 Give some verbose feedback if connection failed 2012-06-23 00:58:27 -06:00
HD Moore 073205a875 Merge branch 'master' into feature/vuln-info 2012-06-18 20:21:36 -05:00
RageLtMan 909614569a Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.

Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
HD Moore dd476f8c5d Merge branch 'master' into feature/vuln-info 2012-06-18 01:32:49 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
Thomas Grainger 78876b74dd Maintain scanner module standard 2012-06-17 20:09:01 +02:00
Thomas Grainger 74cbca5809 Print out successful mysql connection URI 2012-06-17 13:19:53 +02:00
HD Moore 5006db7550 The cert module now defaults SSL to true (didnt make sense) 2012-06-15 10:55:53 -05:00