wchen-r7
14adcce8bf
Missed the HTTPUSERNAME fix
2016-05-27 18:37:04 -05:00
wchen-r7
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
wchen-r7
7f643a7b8d
Fix syntax error
2016-05-27 18:05:24 -05:00
wchen-r7
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
Bruno Morisson
01a691a46c
Update sap_router_portscanner.rb
...
Added additional SAP TCP/IP ports for sap_port_info function.
ref: https://wiki.scn.sap.com/wiki/display/TCPIP/Services
2016-05-27 14:43:16 +01:00
William Vu
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
Jon Hart
48c25dd863
Remove need for expand_path in this module; normalize handles it now
2016-05-24 13:30:12 -07:00
Jon Hart
3df4c38e82
Use correct key file var
2016-05-24 13:28:08 -07:00
Brent Cook
266d29ca4a
handle garbage better during probe
2016-05-23 22:28:31 -05:00
Brent Cook
a6020ca010
style fixes
2016-05-23 22:14:57 -05:00
Brent Cook
b613dfefb4
Land #6896 , fix spelling in caidao_bruteforce_login
2016-05-19 21:54:06 -05:00
h00die
706d51389e
spelling fix
2016-05-19 19:30:18 -04:00
Tijl Deneut
36a9ef83ab
Added phoenix_command.rb
2016-05-17 15:45:45 +02:00
William Vu
9c61490676
Fix some inconsistencies
...
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
Jon Hart
92d07f74ff
Remove unnecessary double expand_path
2016-05-16 17:34:12 -07:00
Jon Hart
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
sho-luv
5361aaadbd
Update nbns_response.rb
...
Just correcting the description section of this module
2016-05-14 15:24:38 -07:00
Brent Cook
c7cbaa08c8
Land #6576 , add Search Engine Subdomains Collector (Bing / Yahoo / ..)
2016-05-14 10:50:53 -05:00
Adam Cammack
2e460a87dd
Remove extra assignment
2016-05-05 11:24:19 -05:00
Christian Mehlmauer
9357a30725
remove duplicate key
2016-05-04 22:15:33 +02:00
Brian Patterson
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
wchen-r7
4a95e675ae
Rm empty references
2016-04-24 11:46:08 -05:00
wchen-r7
2edd6869fc
rm references key
2016-04-24 03:09:59 -05:00
wchen-r7
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
join-us
81af4d2675
Fix: merge error
2016-04-23 23:19:08 +08:00
join-us
1d99d08ac8
rebuild
2016-04-23 23:15:19 +08:00
join-us
de9ac28db1
class Metasploit4 -> class MetasploitModule
2016-04-23 23:03:48 +08:00
join-us
e2fcfc8d09
fix index / space
2016-04-23 23:02:41 +08:00
join-us
fca4d53a6f
add yahoo_search / bing_search exception handler
2016-04-23 22:58:39 +08:00
join-us
d9633078ec
merge yahoo_search_domain[ip] / bing_search_domain[ip]
2016-04-23 22:45:47 +08:00
join-us
66c0832f27
add Rex::Socket.getaddresses exception handler
2016-04-23 20:09:12 +08:00
join-us
b47b83dfaa
add results.nil? / results.empty? check
2016-04-23 19:47:33 +08:00
join-us
7579abb34e
report_note in a line
2016-04-23 19:43:44 +08:00
join-us
55e31bacee
add exception handler
2016-04-23 19:01:55 +08:00
join-us
73121f7e2f
add vprint_good
2016-04-23 18:50:48 +08:00
join-us
bc1f829fe5
class Metasploit4 -> class MetasploitModule
2016-04-23 17:36:22 +08:00
Brent Cook
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
Fakhir Karim Reda zirsalem
f0d403124c
Update symantec_brightmail_ldapcreds.rb
2016-04-20 18:58:12 +02:00
Karim Reda Fakhir
cda104920e
delete telisca abuse
2016-04-20 17:09:13 +01:00
Karim Reda Fakhir
c322a4b314
added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-04-20 17:01:18 +01:00
Karim Reda Fakhir
dc3a185519
delete modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-04-20 16:48:37 +01:00
Karim Reda Fakhir
5adf5be983
add symantec bright mail ldap creds
2016-04-20 16:05:24 +01:00
Karim Reda Fakhir
dfb2b95e46
Merge remote-tracking branch 'upstream/master'
...
Merge
2016-04-20 12:21:16 +01:00
join-us
815a918a72
deprecate auxiliary/gather/dns_srv_enum
2016-04-12 08:44:47 +08:00
join-us
2bbb58d57e
deprecate auxiliary/gather/dns_reverse_lookup
2016-04-12 08:44:21 +08:00
join-us
5e1c540d31
deprecate auxiliary/gather/dns_info
2016-04-12 08:43:50 +08:00
join-us
67f8b309c6
deprecate auxiliary/gather/dns_cache_scraper
2016-04-12 08:43:23 +08:00
join-us
66ec001110
deprecate auxiliary/gather/dns_bruteforce
2016-04-12 08:42:56 +08:00
Jon Hart
ca6beeb676
Land #6187 , @join-us' cleanup for enum_dns
2016-04-11 09:50:12 -07:00
Brent Cook
99b4d0a2d5
remove more regex-style bool checks
2016-04-09 13:49:16 -05:00
Jon Hart
a37f9c9eda
Clarify note type
2016-04-08 18:35:43 -07:00
Jon Hart
44a98cc36f
Correct overly aggressive style cleanup
2016-04-08 18:00:03 -07:00
Jon Hart
7ce5c07c03
Minor style cleanup
2016-04-08 17:39:32 -07:00
Jon Hart
7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing
2016-04-08 16:56:38 -07:00
Sonny Gonzalez
fa5acba400
TTL setting honors TTL option
...
* change hard-coded ttl value to TTL option
* set TTL option default to 30
2016-04-07 10:59:05 -05:00
all3g
616bb8399f
remove db_filter / format a json data
2016-04-06 18:39:34 +08:00
William Vu
dcb6da306c
Land #6720 , SSL scanner fixes
2016-04-04 23:37:52 -05:00
Brent Cook
af7eef231c
Fix a few issues with the SSL scanner
...
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.
Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
wchen-r7
51b8b4a4d1
Bring #6404 up to date with upstream-master
2016-04-04 16:35:58 -05:00
wchen-r7
da3388248a
Uses #blank?
2016-04-04 16:34:49 -05:00
wchen-r7
5a6d1ee0a9
Uses MetasploitModule class name
2016-04-04 16:30:55 -05:00
William Vu
41b802a8a2
Clean up module
2016-04-01 13:54:27 -05:00
wchen-r7
75ebd08153
Land #6731 , Add CVE-2015-7755 juniper backdoor
2016-03-31 17:30:38 -05:00
wchen-r7
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
wchen-r7
4d76b0e6a5
Rm auxiliary/scanner/misc/redis_server
...
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
wchen-r7
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
wchen-r7
545cb11736
Bring #6409 up to date with upstream-master
2016-03-31 17:00:56 -05:00
wchen-r7
5fdea91e93
Change naming
2016-03-31 17:00:29 -05:00
wchen-r7
f33e994050
Delete anything related to configuring/saving username
2016-03-31 16:56:54 -05:00
wchen-r7
101775a5ba
Bring #6545 up to date with upstream-master
2016-03-30 16:07:24 -05:00
h00die
7fc2c860e9
remove comment
2016-03-29 21:26:36 -04:00
h00die
d35b5e9c2a
First add of CVE-2015-7755
2016-03-29 21:20:12 -04:00
Brendan Watters
b84bf2290f
Land #6707 Print Response fix for HTTP NTLM
2016-03-29 13:35:49 -05:00
Brendan Watters
824a7837a2
LAND #6707 , Print Response Fix for HTTP NTLM
2016-03-29 13:08:43 -05:00
wchen-r7
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
dmohanty-r7
6a462d5f60
Land #6703 , Make ms09_065_eot_integer passive
2016-03-23 13:39:41 -05:00
Adam Cammack
8fb55eeb6b
Land #6700 , add aux module to gather browser info
2016-03-23 13:19:27 -05:00
wchen-r7
8c5c0086e6
Change cve_2012_6301 module path & make passive
...
This addresses two things:
1. The module is in the wrong directory. dos/http is for http
servers, not browsers.
2. PassiveActions should not be a 2D array.
2016-03-23 11:10:23 -05:00
wchen-r7
53860bef1f
Make ms09_065_eot_integer passive
...
MS-932
2016-03-23 10:50:24 -05:00
wchen-r7
8bf039a69e
ignore_items! should not be used in a loop
...
because it's not necessary.
2016-03-22 15:56:38 -05:00
wchen-r7
8836393cb1
Add aux module to gather browser information.
2016-03-22 13:56:12 -05:00
Lexus89
8028a9b5ce
Print response fix
2016-03-22 18:50:25 +01:00
James Lee
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
James Lee
9e7a330ac8
OptInt -> OptPort
2016-03-16 15:47:29 -05:00
James Lee
af642379e6
Fix some OptInts
2016-03-16 14:13:18 -05:00
James Lee
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
Spencer McIntyre
4e3a188f75
Land #6401 , EasyCafe server file retrieval module
2016-03-16 13:24:54 -04:00
Spencer McIntyre
9ac4ec4bfc
Update the class name to MetasploitModule
2016-03-16 13:22:06 -04:00
Spencer McIntyre
53f1338ad0
Update module to remove references to print peer
2016-03-16 13:10:39 -04:00
Adam Cammack
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
rwhitcroft
c12cc10416
change class Metasploit to MetasploitModule
2016-03-14 17:57:29 -04:00
rwhitcroft
dd53625f4a
change Metasploit3 to Metasploit to satisfy travis
2016-03-14 16:52:02 -04:00
rwhitcroft
a26c90fd41
fix RPORT option
2016-03-14 16:27:44 -04:00
wchen-r7
38153d227c
Move apache_karaf_command_execution to the SSH directory
...
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
William Vu
6323f7f872
Fix a couple overlooked issues
2016-03-13 23:35:05 -05:00
Brent Cook
df0ff30468
Land #6642 , make ipv6_neighbor_router_advertisement discovery smarter
2016-03-13 16:53:11 -05:00
Brent Cook
635e31961a
generate valid prefixes
2016-03-13 16:44:57 -05:00
Brent Cook
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
Fakhri Zulkifli
45c7e4b6ae
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:24 +08:00
Fakhri Zulkifli
e417909111
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:07 +08:00
rwhitcroft
f155477edf
improve description and change behavior to keep trying on connection errors
2016-03-08 12:33:17 -05:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
wchen-r7
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
.
2016-03-07 13:19:55 -06:00
Brent Cook
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
.
2016-03-07 13:19:48 -06:00
Brent Cook
aa5b201427
Revert "revert ssl_login_pubkey for now"
...
This reverts commit 7d773b65b6
.
2016-03-07 13:19:33 -06:00
Christian Mehlmauer
7d773b65b6
revert ssl_login_pubkey for now
2016-03-07 14:44:23 +01:00
Christian Mehlmauer
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
Christian Mehlmauer
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
Brent Cook
bb36cd016e
Fix #6643 , Pcap.lookupaddrs does not exist
2016-03-06 22:15:39 -06:00
Brent Cook
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook
66c697d2e4
Land #6602 , update author info for dahua_dvr_auth_bypass
2016-03-06 15:13:01 -06:00
Brent Cook
4711191def
remove non-specific URL
2016-03-06 15:12:25 -06:00
Brent Cook
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
Fakhri Zulkifli
b1e9f44ca2
IPv6 Neighbor Advertisement Enhancement
...
http://seclists.org/nmap-dev/2011/q2/79
1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
2016-03-06 03:23:37 +08:00
rwhitcroft
ded5b58733
one more style fix
2016-03-01 10:20:39 -05:00
rwhitcroft
4b10331cf0
style fixups
2016-03-01 10:18:25 -05:00
William Vu
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
William Vu
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
Brent Cook
8c2ce9687a
Land #6620 , fix typo in jtr_linux
2016-02-29 14:58:58 -06:00
William Vu
a6a37b3089
Land #6612 , missing commits included
2016-02-29 14:06:21 -06:00
wchen-r7
f5ad1286d2
Fix #6615 , fix typo "format"
...
Fix #6615
2016-02-29 12:44:25 -06:00
William Vu
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
wchen-r7
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
William Vu
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
rwhitcroft
f735a904ff
create owa_ews_login module, modify HttpClient to accept preferred_auth option
2016-02-28 22:01:05 -05:00
wchen-r7
53ff3051e1
Land #6531 , NETGEAR ProSafe Network Management System 300 auth'd File Download
2016-02-26 10:53:16 -06:00
wchen-r7
bc050410a6
Allow max traversal depth as an option, and report cred
2016-02-26 10:52:30 -06:00
wchen-r7
051506694f
Land #6574 , add Linknat Vos Manager Traversal aux module
2016-02-25 22:02:56 -06:00
wchen-r7
d14ec657e2
Land #6564 , Add Apache Karaf Command Execution Module
2016-02-25 14:47:40 -06:00
wchen-r7
1d2ec7a239
Rescue OpenSSL::Cipher::CipherError
...
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
2016-02-25 14:46:53 -06:00
wchen-r7
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
wchen-r7
aa7c3f01a8
Update name and description
2016-02-25 14:39:19 -06:00
wchen-r7
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
William Vu
7d20e26a35
Move to aux/scanner/ssh
2016-02-25 11:22:50 -06:00
William Vu
f52f44cde0
Remove session_setup, since we're not in a shell
...
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
nixawk
6ef4026698
get_ptr - save_note(ip, 'get_ptr', records)
2016-02-25 21:43:13 +08:00
nixawk
dfff94a243
save ip/domain relationships
2016-02-25 21:14:40 +08:00
Tyler Bennett
ff3a554b4d
added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank
2016-02-24 13:53:30 -05:00
Tyler Bennett
16d7b2e6ff
cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank
2016-02-23 17:37:47 -05:00
dmohanty-r7
6aa6280eff
Try USERNAME before DEFAULTCRED
2016-02-23 13:44:44 -06:00
Tyler Bennett
4eabe43273
fixed issues with capturing regex
2016-02-23 12:27:07 -05:00
Tyler Bennett
c191e5b8e1
corrected authors file and cleaned up debug statements
2016-02-23 11:41:12 -05:00
Jon Hart
c79eab2c7f
Land #6241 , @talos-arch3y's aux module for Dahua DVR CVE-2013-6117
2016-02-23 08:20:54 -08:00
nixawk
f0da8e9adf
bing_search - ConnectionTimeout
2016-02-23 18:56:34 +08:00
Pedro Ribeiro
5710c85a9e
Style changes
2016-02-23 15:15:57 +07:00
dmohanty-r7
07ac13326e
Allow user to try other login credentials
2016-02-22 17:47:32 -06:00
dmohanty-r7
c0180b23fa
Update description
2016-02-19 13:39:13 -06:00
dmohanty-r7
33aaeb4ac9
Update authors
2016-02-19 11:53:17 -06:00
Vex Woo
91822f2861
Merge pull request #12 from jhart-r7/pr/fixup-6187
...
More fixup for #6187 (auxiliary/gather/enum_dns)
2016-02-19 19:12:17 +08:00
Jon Hart
1f5285bca7
Better handling of AXFR if ns records won't resolve on target NS
2016-02-18 22:15:06 -08:00
nixawk
0e185a34bf
get_ns / notes nameservers
2016-02-19 14:03:05 +08:00
Jon Hart
42c64b51bb
Remove all report_host instances in enum_dns
...
the forced resolution of names won't fly
2016-02-18 21:41:51 -08:00
Jon Hart
65a3cc2921
Remove duplicated SIP SRV record lookup
2016-02-18 21:41:09 -08:00
nixawk
da3c382869
add function domain2ip
2016-02-19 12:35:31 +08:00
nixawk
4ef5cf420c
rename the module
2016-02-19 11:18:55 +08:00
nixawk
a87c503ae4
merge bing/yahoo subdomains search
2016-02-19 11:17:08 +08:00
wchen-r7
a82ce40c40
Update ibm_tsm_dos name
...
For some reason I actually modified the name, but I didn't mean
to.
2016-02-18 16:07:46 -06:00
James Lee
adb175136e
Fix extra whitespace and unused vars in call
2016-02-18 15:18:29 -06:00
nixawk
9afe5517f7
return unless domains -> return if domains.empty?
2016-02-18 10:26:45 +08:00
nixawk
15f6992aec
add yahoo_search_domain(domain) / yahoo_search_ip(ip)
2016-02-18 00:03:28 +08:00
nixawk
29185271a7
report domains/ips to (notes / hosts)
2016-02-17 11:41:59 +08:00
Brent Cook
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
nixawk
2428d5127c
add Yahoo Search Engine Subdomains Collector
2016-02-16 03:11:38 +08:00
nixawk
7ca0255ea1
Module should not be marked executable
2016-02-15 12:57:43 +08:00
nixawk
f35230b908
add Linknat Vos Manager Traversal
2016-02-15 12:39:40 +08:00
Nicholas Starke
3416a24dda
Adding vprint_status for loot path
...
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
2016-02-14 11:19:20 -06:00
Spencer McIntyre
c9c4f49aca
Add get_file method and parse the server response
2016-02-13 17:20:37 -05:00
wchen-r7
b2765a296f
Land #6547 , IBM Tivoli Storage Manager Fastback Denial of Service
2016-02-11 22:05:21 -06:00
wchen-r7
3121093898
Update metadata, plus other minor changes
2016-02-11 22:04:05 -06:00
Nicholas Starke
cdaa2a8c43
Adding Apache Karaf Command Execution Module
...
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command. This is part of GitHub Issue #4358 .
2016-02-10 16:48:08 -06:00
William Webb
c874699b82
removed ranking
2016-02-10 11:45:09 -06:00
William Webb
4c6cb03548
more build errors
2016-02-10 11:40:21 -06:00
William Webb
72f5a33804
addressed CI errors
2016-02-10 11:34:05 -06:00
William Webb
51604fa24a
made necessary inheritance changes
2016-02-10 10:59:11 -06:00
William Vu
5f0add2a8b
Land #6541 , typo fix for cisco_ssl_vpn
2016-02-09 17:13:24 -06:00
William Vu
240cbb91be
s/resp/res/
2016-02-09 17:12:09 -06:00
William Webb
eadbb6b582
moved module to modules/auxiliary/dos/misc
2016-02-09 11:44:01 -06:00
alexandrinetorrents
c0a8b01c2b
Addition of multiple read/write to auxiliary/scanner/scada/modbusclient.rb
2016-02-08 13:13:51 +01:00
wchen-r7
cd7046f233
Change method name "method" to "http_method" for http_traversal.rb
...
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
Brendan Coles
40633ea7cd
Check filepath length
2016-02-08 01:11:18 +00:00
Brendan Coles
df825913b8
Use default timeout
2016-02-07 07:11:47 +00:00
Brendan Coles
e0e67f5507
Remove unnecessary check for FILEPATH
2016-02-07 02:05:15 +00:00
wchen-r7
2171c344e5
Fix #6539 , correct a typo in report_cred
...
Fix #6539
2016-02-06 13:23:21 -06:00
Jon Hart
55c8d23e1f
Handle refused connections during axfr
2016-02-04 09:23:49 -08:00
Jon Hart
52d81f7e93
More/better status printing for big query types
2016-02-04 09:18:26 -08:00
Jon Hart
c025458d22
More consistent record type printing
2016-02-04 09:12:36 -08:00
Jon Hart
c630f791c3
Remove loot storage from enum_dns. Loot is appropriate for this use case
2016-02-04 09:10:08 -08:00
Jon Hart
4408742930
Fix storage of SRV record notes
2016-02-04 09:08:21 -08:00
Pedro Ribeiro
b64294abc9
Create file for CERT VU 777024 (auth download)
2016-02-04 07:57:48 +08:00
Jon Hart
cd86db2734
Update ssh_identify_pubkeys to support symbolic path names
2016-02-03 14:21:54 -08:00
Jon Hart
53d4e31844
Allow OptPath to valid symbolic paths that need expansion
2016-02-03 14:12:03 -08:00
Jon Hart
49beca4e40
Fix ssh_identify_pubkeys to accept keyfiles with authorized commands
...
Previously, something like this would fail:
command="/some/script.sh" ssh-rsa adsfadfa root@whatever
This format is valid authorized_keys and should work here too. It does
now.
2016-02-03 13:50:17 -08:00
Jon Hart
dbcef2c755
Deregister unused options
2016-02-03 13:20:30 -08:00
Jon Hart
ef75845d01
Better fetching/saving of SRV records
2016-02-03 13:07:20 -08:00
James Lee
47c0a3b4a7
Get some stragglers that had a different format
2016-02-01 16:21:10 -06:00
James Lee
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
wchen-r7
f5ee6ce2f3
Better service reporting for snmp_login
...
Report the snmp string and update the module title & description
to better clarify what the module really does.
2016-02-01 12:24:19 -06:00
Brent Cook
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
Jon Hart
1749932bb4
Cleanup loot saving output
2016-01-28 14:16:47 -08:00
Jon Hart
6646785902
Don't enumerate other possible domains via TLD expansion by default
2016-01-28 14:09:09 -08:00
Jon Hart
86e7cd92c0
Minor style nit on printed NS records
2016-01-28 14:08:20 -08:00
Tod Beardsley
8af751be41
Land #6470 , Telisca IPS Lock (and Unlock)
2016-01-27 16:41:25 -06:00
Tod Beardsley
86c025de25
Title and description fixes for #6470
2016-01-27 16:40:06 -06:00
Brent Cook
115c63e4ba
karaf default credential scanner PoC
2016-01-27 03:27:48 -05:00
wchen-r7
6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
wchen-r7
064af0d670
Remove unwanted comment
2016-01-23 00:11:58 -06:00
KINGSABRI
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
wchen-r7
53e9bd7f51
This line does nothing
2016-01-22 18:55:45 -06:00
wchen-r7
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
wchen-r7
91db2597c7
normalize URIs
2016-01-22 11:27:26 -06:00
wchen-r7
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
Christian Mehlmauer
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
wchen-r7
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
KINGSABRI
a8feb8cad5
make passwords faster for reading huge wordlest files
2016-01-21 03:32:50 +03:00
KINGSABRI
4cb19c75a6
Enhance the module and add version check
2016-01-21 03:19:31 +03:00
wchen-r7
fcaef76215
Do a version check
...
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
nixawk
ad107a2d1c
Show - No Auth Required - Just Once
2016-01-19 08:29:33 +08:00
nixawk
0b78406d29
clear Metasploit::Framework::LoginScanner::REDIS.new
2016-01-16 13:12:04 +08:00
nixawk
b2983e1ee7
replace #{rhost}: #{rport} with #{peer}
2016-01-16 13:05:35 +08:00
nixawk
2abaca3f6b
include Msf::Auxiliary::Redis / Remove default RPORT option
2016-01-16 12:58:02 +08:00
nixawk
643ebfed7e
format print_status output for get_srv/get_tld
2016-01-16 11:21:16 +08:00
kfr-ma
3d04f405b4
Update telisca_ips_lock_control.rb
...
commit the changes mad by sinn3r and replace headers on lock and unlock
2016-01-15 15:05:24 +00:00
wchen-r7
477dc64e1e
Rename module
2016-01-14 19:45:00 -06:00
wchen-r7
eb6cff77bc
Update the code to today's standards
...
Mainly making sure it is following the Ruby style guide, and
avoid unrecommended coding practices.
2016-01-14 19:38:59 -06:00
kfr-ma
46f06516ad
Update /telisca_ips_lock_abuse
...
cleaning the code
2016-01-14 11:13:10 +00:00
Karim Reda Fakhir
d5dd5d55a6
modified: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
...
modified: modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 11:06:26 +00:00
Fakhir Karim Reda
aae86d8bc0
new file: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-14 00:12:55 +00:00
Fakhir Karim Reda
c18253d313
deleted: modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-01-14 00:03:25 +00:00
Fakhir Karim Reda
60ef1eae90
adding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 00:00:04 +00:00
Fakhir Karim Reda
25eb311518
readding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-13 23:53:02 +00:00
Fakhir Karim Reda
1e37ff9701
Merge branch 'master' of github:kfr-ma/metasploit-framework into test_telisca_ipslock
...
merge
2016-01-13 23:20:50 +00:00
Fakhir Karim Reda
01b8302db1
delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-13 23:19:35 +00:00
Fakhir Karim Reda
1b9563b82a
rm modules/auxiliary/voip/telisca_ips_lock_abuse
2016-01-13 23:09:35 +00:00
Fakhir Karim Reda
c68d2a8e0a
replace telisca_ips_lock_abuse.rb
2016-01-13 22:59:18 +00:00
Fakhir Karim Reda
457e569f3b
replacing telisca-ips-lock
2016-01-13 22:50:58 +00:00
Karim Reda Fakhir
8b03b719e8
Adding auxialiary modules :
...
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
nixawk
e491502023
handle exception - ResolverArgumentError
2016-01-12 00:48:02 +08:00
Jonathan Harms
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
Tyler Bennett
c245e64239
added peer to each print statement and rex table
2016-01-06 13:22:30 -05:00
wchen-r7
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
nixawk
408b8fa4fd
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:54:03 +08:00
nixawk
eecd75262c
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:25:28 +08:00
nixawk
71acff5733
output scan results (set VERBOSE false)
2016-01-06 23:55:48 +08:00
nixawk
a54a7aeb02
redis only need password for authentication
2016-01-06 17:05:49 +08:00
wchen-r7
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
Jon Hart
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
Jon Hart
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
Jon Hart
3ccdd12ecb
Put peer first in all prints
2016-01-05 16:09:50 -08:00
Jon Hart
1d997234cb
Remove unnecessary degistering of RHOST
2016-01-05 16:08:18 -08:00