263a42707e
Fix a typo
2017-07-09 16:34:51 +02:00
8510cda5ae
Implement @bcoles advices
2017-07-09 16:34:10 +02:00
f10cf75ae0
Fix some stuff
2017-07-09 10:45:15 +02:00
5fe805aaca
s/\t/ /g
2017-07-09 02:29:37 +02:00
968fa0c244
Add even more references
2017-07-09 02:27:54 +02:00
ae930ae7c1
Add a module for CVE-2017-7615
2017-07-09 02:14:21 +02:00
b3be89b508
Land #8663 , typo fix for zoomeye_search
2017-07-07 16:53:48 -05:00
8f464e17a1
Land #8658 , Add Gather PDF Authors auxiliary module
2017-07-07 16:20:29 -05:00
e5244f3113
Fixed typo
2017-07-07 15:26:37 -04:00
683ce10167
Add URL option
2017-07-07 18:42:00 +00:00
d864ce16b1
Add Gather PDF Authors auxiliary module
2017-07-06 23:29:17 +00:00
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
38b1e56bbd
negated wording regarding legacy auth
...
According to the docs this variable means the opposite:
https://dev.mysql.com/doc/refman/5.5/en/mysql-command-options.html#option_mysql_secure-auth
OFF -> insecure
ON -> secure
2017-07-03 14:29:07 +02:00
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
3d4d03c9b4
Land #8575 , Cerberus Helpdesk hash disclosure
2017-06-30 16:02:53 -05:00
40f0d36f6b
Land #8615 , add @artkond's DoS module for Cisco CVE-2017-3881
2017-06-30 11:17:09 -04:00
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
0d9f57ad7c
add @artkond's DoS module for Cisco CVE-2017-3881
...
This makes a few improvements, adds module docs.
2017-06-27 01:53:23 -05:00
05c72214ae
Land #8205 , Add Satel SenNet Command Exec Module
2017-06-25 18:01:44 -05:00
07e7baebb8
sign my name
2017-06-25 14:59:01 -05:00
7bc0dcea42
add ipv6 support for CHOST
2017-06-25 14:57:15 -05:00
269597f994
add initial CHOST support
2017-06-24 18:57:43 -05:00
eee1eff034
improve resolve / add / delete logic
2017-06-24 18:36:01 -05:00
b36d56bed3
handle RXDomain on lookup failure
2017-06-24 18:10:50 -05:00
c8755a3a7a
add pre-flight checks, log a lot more info
2017-06-24 12:32:15 -05:00
cc9326d946
bcoles updates and table printing
2017-06-24 13:01:39 -04:00
8f3c470bb3
make usage more intuitive, remove weird defaults
2017-06-24 11:52:52 -05:00
24c43b1822
reregister rhost
2017-06-22 18:33:19 -05:00
ca813e7a5c
fix message formatting
2017-06-22 18:21:33 -05:00
823260cc04
fix error message
2017-06-22 18:11:07 -05:00
3cf722a45d
use correct preqrequisites
2017-06-22 18:08:20 -05:00
5e48a11e60
handle specific exceptions, update docs
2017-06-22 18:01:52 -05:00
6a261b172f
move from scanner to admin
2017-06-22 17:47:04 -05:00
125d14f81e
simplify module, add AAAA support
2017-06-22 17:44:55 -05:00
b618e5ca6f
Add more exception handling, fix tidy rules
2017-06-22 15:55:04 -05:00
ce124e6090
Add CNAME record
2017-06-22 15:55:04 -05:00
5528084e27
add Dnsruby
2017-06-22 15:55:04 -05:00
2410a3232f
Adding DNS Server Dynamic Update Record Injection module
2017-06-22 15:41:25 -05:00
3b248c78f3
resurrect old example modules, integrate into module tree
2017-06-22 11:36:35 -05:00
47a659f554
Land #8185 , Convert ntp modules to bindata
2017-06-22 09:37:58 -05:00
ceba4e6d61
Add pointer to CDX API
2017-06-21 12:34:40 -05:00
c12056d242
Fix enum_wayback using CDX API
2017-06-21 12:29:15 -05:00
b82051757d
Add SurgeNews User Credentials scanner module
2017-06-17 01:49:47 +00:00
c9e000e379
add new version
2017-06-16 20:59:19 -04:00
652e237131
add missing .to_binary_s calls
2017-06-16 13:39:04 -05:00
f008f2aa8f
working code
2017-06-16 08:24:54 -04:00
0e38823a8f
Add NNTP Login Utility scanner module
2017-06-15 20:25:40 +00:00
549f9e74d8
Fix AMT scanner for mangled HTML (no </p>)
...
Also stores proof using the correct :info for report_vuln (not :proof).
2017-06-14 16:54:32 -05:00
c1372456e2
Land #8326 , support LLMNR ANY responses
2017-06-14 14:01:44 -05:00
cbbb57d1a5
Land #8526 , Refactor QNAP and airOS modules for creds
2017-06-12 14:46:11 -05:00
a40e7164d8
Refactor QNAP module for traditional creds
2017-06-12 14:41:58 -05:00
bb9d1a6768
Land #8507 , Riverbed SteelHead VCX file read
2017-06-12 10:39:48 -05:00
704a1218fa
Land #8498 , store more specific credential wordpress_directory_traversal_dos
2017-06-12 10:13:52 -05:00
80e91e9de2
Minor fixups.
2017-06-12 09:51:30 -05:00
a349eb9a0d
fixes per peer review
2017-06-10 14:29:53 -04:00
aa00661fd0
Land #8518 , update CVE references where modules report_vuln
2017-06-08 13:38:12 -05:00
e22334343e
Use store_valid_credential in my modules
...
I used report_note because using the creds API was a pain in the ass.
2017-06-08 00:57:51 -05:00
b932aae82e
reference typo fix
2017-06-06 11:50:07 -05:00
1558db375d
update CVE reference in where modules report_vuln
2017-06-05 16:36:44 -05:00
bc3b883758
Add docs, fix typo, add missing report mixin to avoid error.
2017-06-05 13:49:59 -05:00
a5805a55dc
make this a UDPScanner, rewrite
2017-06-05 12:39:48 -05:00
8c39c92245
Add description and loop capability.
2017-06-05 11:27:13 -05:00
a571834c4d
Initial commit of rpcbomb DoS aux module.
...
This just brings the code in as-in, next step is to update to use our mixins and such.
2017-06-05 10:23:39 -05:00
de86c5d991
add storing creds and loot name consistency
2017-06-04 17:46:43 -04:00
ea5db9a039
working module
2017-06-02 23:09:19 -04:00
e7fa4c2d06
Land #8504 , print_good for ipmi_dumphashes
2017-06-02 18:49:41 -05:00
34e9b2c04b
Change ipmi_dumphashes to have non-verbose output, ever
2017-06-02 14:27:21 -06:00
2924318ca5
update java_rmi_server modules with CVE
2017-06-02 12:59:48 -05:00
d68365d8df
store more specific credential wordpress_directory_traversal_dos
2017-05-31 18:55:35 -05:00
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
5698896672
Land #8323 wordpress pre4.6 dos
2017-05-29 07:59:43 -04:00
c811c6a8c0
Add PASS_FILE option
2017-05-28 23:26:51 +00:00
72a5142e37
Update directory traversal DoS module and docs
2017-05-29 00:30:23 +02:00
8fce94b3cd
Add ScadaBR Credentials Dumper module
2017-05-28 01:24:53 +00:00
eebfd9b7f2
Switch to the mixin-provided SMB share enumeration methods
2017-05-26 17:02:06 -05:00
9b9d2f2345
Final version of configurable depth
2017-05-26 16:23:22 +02:00
33ddef9303
Add documentation, add configurable depth path
2017-05-26 16:14:03 +02:00
af4eafdf70
Updated module and doc
2017-05-24 06:33:08 +05:30
a6f416e8df
Land #8290 , Hwbridge Automotive Fix and Extension Enhancements
2017-05-19 13:46:54 -05:00
4def7ce6cc
Land #8327 , Simplify storing credentials
2017-05-18 16:49:01 -05:00
11da7c7c81
Land #8394 , Add Moxa Credential Recovery Module
2017-05-16 16:45:22 -05:00
8025eb573a
Enforce check
...
Because we are not able to get our hands on the hardware for testing,
and that this module may trigger a backtrace if the UDP server isn't
Moxa, we force check to make sure that doesn't happen.
2017-05-16 16:43:22 -05:00
2d7f7f9aec
Pass msftidy
2017-05-16 15:05:12 -05:00
20b682b2e4
Land #8391 , fix a typo in vmware_enum_permissions module description
...
orts
2017-05-16 09:33:26 -05:00
4a0535c2d0
add moxa credential recovery module
2017-05-16 10:21:44 -04:00
b2f69e9018
spelling
2017-05-15 21:11:19 -04:00
bee36ca90f
Fix edge case
2017-05-11 16:22:21 -05:00
68f13808e7
Fix msftidy warnings for the WNR2000 module
2017-05-11 16:16:10 -05:00
d00685a802
Don't run a DoS during wmap scans
2017-05-10 14:41:24 -05:00
faf01ed5ef
Land #8353 , add aux scanner for Intel AMT digest bypass
2017-05-09 18:45:21 -05:00
f7ff840ef0
Add missing return, thanks bperry!
2017-05-08 14:08:59 -05:00
9392e48b72
Add a scanner for Intel AMT auth bypass (CVE-2017-5689)
2017-05-08 13:24:00 -05:00
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
635a7a42e6
Update style lotus_domino_hashes
2017-05-07 16:37:48 +10:00
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
cf74cb81a7
Removed unnecessary 'msf/core' include.
2017-05-03 09:02:05 -04:00
012081eed2
Added support for ANY queries. Silently ignore unsupported queries instead of spamming stdout.
2017-05-01 17:28:56 -04:00
0b62a6478a
Modification for Travis (remove require msf/core, and self.class in register)
2017-04-30 17:05:11 +02:00
3f348150c6
Modification of description
2017-04-30 16:38:39 +02:00
52ec448511
Add WordPress Directory Traversal DoS Module
2017-04-30 15:03:48 +02:00
1a402ed1d8
Add arch to smb_ms17_010 DOUBLEPULSAR detection
2017-04-26 20:59:13 -05:00
f8792956ee
fix one module for testing
2017-04-26 16:21:13 -05:00
4019a14865
The local HWBridge now does not print out status for each URI request per default. This can be enabled by setting verbose to true.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
55f01d3fc7
made the plugin less spammy with more vprintf
2017-04-24 13:33:05 -06:00
453ca6e3bf
added OS printing on vulnerable systems
2017-04-24 13:20:44 -06:00
a69aba0eab
added XOR Key calculation
2017-04-22 23:54:30 -06:00
8a77bf7b60
removed wrong comments
2017-04-21 08:27:13 -06:00
9fab64c60e
added references
2017-04-20 15:22:37 -06:00
dd12afd717
added DoublePulsar detection
2017-04-20 15:03:29 -06:00
942959f7e8
Land #8255 , fixes for smb_ms17_010
2017-04-17 11:38:34 -05:00
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
6f70efcfa1
add module documentation
2017-04-17 07:39:43 -05:00
b1c7f1302b
Fix report_vuln and prefer vprint_error
2017-04-17 02:48:56 -05:00
a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
d75f852d01
Land #8167 , Add MS17-010 auxiliary detection module
2017-04-14 13:00:16 -05:00
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
adeb4d10d7
smb2 login scanner admin check now working
...
we can now check for admin privs in the smb2
login scanner
MS-2636
2017-04-13 14:40:32 -05:00
c21d78b23b
Land #8186 , Convert DNS Fuzzer to use bindata
2017-04-11 23:27:08 -05:00
c867b7e228
Land #8204 , Add Cambian ePMP SNMP Configuration download
2017-04-11 10:59:13 -05:00
f7c8bd2464
add rescue for ::Rex::Proto::SMB::Exceptions::LoginError
2017-04-07 15:37:56 -06:00
e65eacce49
Add Satel SenNet Command Exec Module
2017-04-07 02:22:11 +05:30
3c189f0cb0
Adding Cambium SNMP Loot module
2017-04-07 01:32:45 +05:30
891e7e465e
convert DNS fuzzer to bindata
2017-04-04 03:03:32 -05:00
5f88971ca9
convert NTP modules to bindata
2017-04-04 02:57:38 -05:00
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
a34c01ebd2
Land #8137 shodan honeyscore module
2017-04-02 21:37:36 -04:00
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
f870f94fa9
Land #8163 , Add Cambium ePMP Arbitrary Command Execution
2017-03-31 19:06:19 -05:00
4bd50b0ad2
Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010
2017-03-30 10:10:08 -06:00
a125566fc7
removed unnecessary arguments
2017-03-30 10:09:31 -06:00
a13d6a7810
Land #8166 , Add new SMB LoginScanner using RubySMB for SMB1/SMB2 Support
2017-03-30 11:08:17 -05:00
ac83ff7e48
Land #8155 , Style fixes for HWBridge RF and a couple small bug fixes
2017-03-29 20:37:13 -05:00
ef7de6d49e
added MSB to description, moved a print statement
2017-03-29 17:43:49 -06:00
4bdbdc0e00
Fix response parsing
2017-03-29 18:21:12 -05:00
68f5c0e663
removed a print statement
2017-03-29 16:24:59 -06:00
7e6b8b02b8
replaced magic constant with setup_count
2017-03-29 15:37:28 -06:00
9923c39799
removed superfluous status
2017-03-29 15:32:29 -06:00
f0a1e12a7e
small typos
2017-03-29 15:30:35 -06:00
ffa376c514
added MS17-010 auxiliary detection module
2017-03-29 14:33:02 -06:00
a571bcdba4
update module description
2017-03-29 13:58:36 -05:00
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
30896d1fab
Add Cambium ePMP Arbitrary Command Execution Module
2017-03-28 00:17:36 +05:30
66a585ab41
Land #8050 , Add Cambium ePMP System Hash Dumper
2017-03-27 12:08:53 -05:00
935c59306b
Land #7897 , Add Cambium ePMP 1000 Device Configuration file dumper
2017-03-27 12:05:11 -05:00
d705949b37
Land #7784 , Cambium ePMP 1000 Login Scanner
2017-03-27 12:01:56 -05:00
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
dd7cf39678
updated references
2017-03-25 12:31:08 +05:30
63d88c159a
updated references
2017-03-25 12:27:38 +05:30
fd5e25bcc2
restored version check
2017-03-25 12:08:00 +05:30
68e4b8a855
Updated user data param to load aggregator
2017-03-24 22:58:04 -07:00
82ebbfb9a7
Fix msftidy warnings
2017-03-24 23:12:48 -04:00
3e2173d4f9
Add key length check and remove mixin
...
Also add a reference to the original honeyscore website
2017-03-24 22:33:09 -04:00
581d523d5b
Fix things from review
2017-03-24 21:22:23 -04:00
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
8dd0f953b0
remove unnecessary require
2017-03-22 19:48:24 -04:00
420df11c44
Change up the way shodan is reached
2017-03-22 19:39:45 -04:00
2200c9faee
Create moxa_discover.rb
2017-03-22 10:49:26 -04:00
fa61d67761
Fix score comparison
2017-03-21 19:17:20 -04:00
fef8ec10bc
Fix author formatting
2017-03-21 13:23:41 -04:00
d7640713df
Add more checks and formatting
2017-03-21 13:23:06 -04:00
1f68a3bda6
Rename honeypot.rb to shodan_honeyscore.rb
2017-03-21 13:10:31 -04:00
79c7b84f08
Create honeypot.rb
2017-03-21 11:15:12 -04:00
2fde287424
Initial patch for rftransceiver (RfCat / YardstickOne)
2017-03-20 17:36:16 -05:00
2acd941b16
Merge branch 'master' into dtc_fix
2017-03-20 14:10:01 -05:00
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
aa1e76f28e
Land #8128 , ensure there is a response before deferencing
2017-03-19 22:17:31 -05:00
534ca8c5cb
fix: URL encoding userdata
2017-03-18 21:52:49 -07:00
26d344a0ef
Initial checkin of launch instances module
2017-03-18 21:52:49 -07:00
f88a522bf5
fix #8121
2017-03-18 14:50:24 -04:00
06e6a973ce
land #7944 a scanner for Carlo Gavazzi energy meters
2017-03-18 10:35:43 -04:00
ea4ca7ecc5
Land #8116 , Handle ::Errno::ECONNRESET in telnet_version
2017-03-17 12:32:02 -05:00
db6bc6c784
Land #8100 , msfcrawler improvements
...
Does anyone use this anymore??
2017-03-16 21:31:23 -05:00
ab75794cd4
Land #8071 , Add API to send an MMS message to mobile devices
2017-03-16 11:57:34 -05:00
a1d7748d82
Fix #8061 , Handle ::Errno::ECONNRESET in telnet_version
...
Fix #8061
2017-03-15 16:33:37 -05:00
d4ee254057
Land #8076 , Add Easy File Sharing FTP Server Version 3.6 traversal
2017-03-15 16:17:13 -05:00
8afe6a9061
Update easy_file_sharing_ftp and add documentation
2017-03-15 16:14:41 -05:00
b65919e7b1
Land #7956 , Add QNAP NAS/NVR administrator hash disclosure
2017-03-15 11:12:59 -05:00
0a71e4a903
Update check with Exploit::CheckCode::Appears
2017-03-15 05:13:30 -05:00
86d2217f4d
Fix whitespace and clarify options
2017-03-15 04:27:30 -05:00
a0bff5c8c3
Bump RETRIES to 10
...
3 was a bit too low. I was using 10 and had more success with it.
2017-03-15 03:18:09 -05:00
cf8b4a78fa
Bring branch up to date with upstream-master
2017-03-14 16:48:33 -05:00
bb4d6e17c8
Resolve #8026 , Add a plugin to notify new sessions via SMS
...
This plugin will notify you of a new session via SMS.
It also changes the SMS text format to MIME.
Resolve #8026
2017-03-13 16:13:59 -05:00
665adec298
Patching storedb function (adding host/port/ssl for correct report_web_page)
2017-03-13 17:37:47 +01:00
9f76b4d99c
Change default RPORT to 443 with SSL
...
I never really tested port 80, so I wonder why I didn't change this.
Turns out 80 isn't even the vuln service. Welp. Hat tip @bcoles.
2017-03-12 21:03:31 -05:00
e7c920db44
Remove DEBEUG/print_debeug :(
2017-03-12 21:01:48 -05:00
d57b772ac9
Bump default RETRIES to 3
2017-03-12 21:00:38 -05:00
25bfa88c46
Land #7877 , Add mDNS query spoofing service
2017-03-10 15:44:57 -06:00
ed22902fd4
Support the subject field
2017-03-08 11:40:08 -06:00
jvoisin
William Vu
dmohanty-r7
MD5HashBrowns
Brendan Coles
Roman
Pearce Barry
Brent Cook
h00die
KINGSABRI
William Webb
James Lee
Jeffrey Martin
Dylan Davis
root
HD Moore
juushya
wchen-r7
Patrick DeSantis
darkbushido
Joe Testa
reanar
Craig Smith
zerosum0x0
zerosum0x0
David Maloney
Brent Cook
Carter
Javier Godinez
bwatters-r7
Jon P