jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
Brent Cook
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
Brent Cook
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
jvazquez-r7
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
jvazquez-r7
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
jvazquez-r7
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
jvazquez-r7
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
jvazquez-r7
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
jvazquez-r7
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
jvazquez-r7
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
jvazquez-r7
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
jvazquez-r7
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
jvazquez-r7
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
joev
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
Christian Mehlmauer
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
Christian Mehlmauer
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
Christian Mehlmauer
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
Christian Mehlmauer
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
Brent Cook
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
William Vu
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
jvazquez-r7
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
root
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
root
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
root
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
Tod Beardsley
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
jvazquez-r7
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
sinn3r
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
sinn3r
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
Denis Kolegov
9d78aa96d9
Add output of API errors to console
2015-03-30 02:42:09 -04:00
Denis Kolegov
45f8738cfe
Fix stdout errors
2015-03-27 07:53:59 -04:00
Denis Kolegov
3515a0a71f
Initial commit for supporting SSL Labs API
2015-03-27 07:34:11 -04:00
sinn3r
f996c5a888
Update description
2015-03-27 02:31:36 -05:00
sinn3r
67dc46791d
Limit the module to IE 8 and IE9
2015-03-27 02:30:04 -05:00
sinn3r
f88d9651b6
I don't think it's worth putting the js in ie_addons.js
2015-03-27 02:26:50 -05:00
sinn3r
bd2763292a
Properly credit Soroush Dalili
2015-03-26 23:36:16 -05:00
sinn3r
560f31c34d
Minor changes
2015-03-26 23:29:44 -05:00
sinn3r
68624dd56e
Final for ie_files_disclosure.rb
2015-03-26 22:49:22 -05:00
sinn3r
b0b17775c2
First working version
2015-03-26 21:53:26 -05:00
dnkolegov
5d80ef9325
Fix minor issues
2015-03-25 02:53:36 -04:00
dnkolegov
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
jvazquez-r7
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
dnkolegov
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
jvazquez-r7
b839547dc3
Add documentation for Registry modules and methods
2015-03-19 17:57:21 -05:00
jvazquez-r7
a7f1244251
Finish the java_rmi_registry gather module
2015-03-19 17:33:45 -05:00
jvazquez-r7
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
OJ
e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS
2015-03-18 22:34:52 +10:00
OJ
d1a2f58303
Fix of regex for file capture and format tweaks
2015-03-18 22:17:44 +10:00
OJ
fa7242388b
Move the module to the correct location
2015-03-18 18:18:54 +10:00
dnkolegov
dd751a3371
Add ssl/tls support, change default parameters
2015-03-17 02:23:13 -04:00
sinn3r
0d36115112
Update MS15-018 MSB reference
2015-03-12 10:13:37 -05:00
Tod Beardsley
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
joev
ccd0712d43
Use ===, doh.
2015-03-06 12:29:34 -06:00
joev
fefd4e271a
Don't hardcode the hex.
2015-03-06 12:16:03 -06:00
joev
3fb4fbe8e6
Add 'not allowed' check instead of magic check.
2015-03-06 00:01:31 -06:00
joev
7db3277731
Actually hide the iframe.
2015-03-05 23:52:29 -06:00
joev
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
joev
3c5d7b3ef0
Okay, putting source code in a quoted string is horrible.
2015-03-05 23:25:37 -06:00
sinn3r
5f3ed83922
Land #4836 , Solarwinds Core Orion Service SQL injection
2015-03-02 11:44:26 -06:00
Brandon Perry
f8e3874203
add nil check
2015-02-28 20:43:19 -06:00
Brandon Perry
ceb92cdf5e
update login method
2015-02-26 07:33:51 -06:00
joev
c4b85603d2
Fix encoding, oops.
2015-02-25 22:56:33 -06:00
joev
d486d17302
Add reference to 2014 fix.
2015-02-25 21:04:01 -06:00
joev
a410d2ec25
Add android 4.3 stock browser cookie/password theft.
2015-02-25 21:02:15 -06:00
Tod Beardsley
6feae9524b
Fix up funny indent on description
...
[See #4770 ]
2015-02-24 12:25:48 -06:00
Brandon Perry
1134b0a6fa
fix dataastore to datastore
2015-02-24 10:34:33 -06:00
Brandon Perry
c9439addf8
fix url
2015-02-23 16:50:58 -06:00
Brandon Perry
3d82c7755b
add solarwinds module
2015-02-22 15:35:42 -06:00
Christian Mehlmauer
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
rastating
f9dbff8a6c
Add store path output
2015-02-21 23:41:26 +00:00
William Vu
c9ddd0dac9
Land #4795 , f5_bigip_cookie_disclosure update
2015-02-20 13:11:42 -06:00
William Vu
b676f5a07e
Clean up #4795
2015-02-20 13:10:31 -06:00
dnkolegov
f6c871a8e5
Deleted spaces at EOL
2015-02-19 05:06:00 -05:00
dnkolegov
caabb82975
Fixed indentation errors
2015-02-19 05:02:10 -05:00
dnkolegov
2a584da6d9
Added cookie value in print function
2015-02-19 00:43:57 -05:00
rastating
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
Nikita Oleksov
19cd00e6d5
Fix cookit name split
2015-02-16 23:53:32 +07:00
dnkolegov
a44e858bd7
Fixed minor errors in F5 BigIP cookie disclosure module
2015-02-16 01:31:52 -05:00
rastating
73bac94fa8
Add Ultimate CSV Importer extract module
2015-02-15 15:27:27 +00:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
sinn3r
fd441d2c5e
Fix #4764 , NameError unitialized constant Net::DNS in shodan_search
2015-02-13 14:40:23 -06:00
dnkolegov
19144e143a
Fixed some errors in F5 BigIP cookie disclosure module
2015-02-13 03:29:23 -05:00
sinn3r
29163db7fc
Add CVE reference for ie_uxss_injection
2015-02-12 17:16:59 -06:00
Tod Beardsley
f8c81e601c
Land #4710 for real.
...
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.
This should fix #4710 .
2015-02-05 17:18:51 -06:00
Tod Beardsley
0a587c9f5a
Land #4710 , really
...
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.
Conflicts:
modules/auxiliary/gather/ie_uxss_injection.rb
2015-02-05 17:13:53 -06:00
sinn3r
79e0ddadf6
Rename file again
2015-02-05 17:09:11 -06:00
sinn3r
97aa9f9dd2
Credit @joevennix
2015-02-05 17:09:11 -06:00
sinn3r
7585c625fa
Another update
...
Thanks @joevennix
2015-02-05 17:09:11 -06:00
sinn3r
12aadb3132
Another update
2015-02-05 17:09:10 -06:00
sinn3r
17f2d8048d
Another update
2015-02-05 17:09:10 -06:00
sinn3r
01252078ea
Use store_loot to store coookie
2015-02-05 17:09:10 -06:00
sinn3r
6fd38307e7
An update
2015-02-05 17:09:10 -06:00
sinn3r
727fc51c0b
Don't need this line
2015-02-05 17:09:10 -06:00
sinn3r
4924749b96
Try to make the filename more self explanatory
2015-02-05 17:09:09 -06:00
sinn3r
26af10c3b6
Change public ip option name and store cookie to db
2015-02-05 17:09:09 -06:00
sinn3r
bfa7b61663
Final
2015-02-05 17:09:09 -06:00
sinn3r
b90515ae5d
IE UXSS
2015-02-05 17:09:09 -06:00
sinn3r
d16cc843b2
Correct disclosure date
2015-02-05 15:00:13 -06:00
sinn3r
0955e14dad
Final, really, I think
2015-02-05 14:59:24 -06:00
sinn3r
578423501a
Another update
2015-02-05 13:08:33 -06:00
sinn3r
562063c4d5
Rename file again
2015-02-05 12:26:17 -06:00
sinn3r
80ebde4fe1
Credit @joevennix
2015-02-05 12:25:38 -06:00
sinn3r
27b8d1057f
Another update
...
Thanks @joevennix
2015-02-05 12:23:32 -06:00
sinn3r
988b54f594
Another update
2015-02-05 12:01:19 -06:00
sinn3r
53134aeb17
Another update
2015-02-05 11:46:38 -06:00
sinn3r
871c8aa8d0
Use store_loot to store coookie
2015-02-05 11:36:35 -06:00
sinn3r
dbe99014f2
An update
2015-02-05 11:29:52 -06:00
sinn3r
08d796c5e3
Don't need this line
2015-02-05 10:53:29 -06:00
sinn3r
d6fe077f79
Try to make the filename more self explanatory
2015-02-05 09:53:38 -06:00
sinn3r
ed6ee27896
Change public ip option name and store cookie to db
2015-02-05 09:48:45 -06:00
sinn3r
75c697c4dc
Final
2015-02-05 04:36:44 -06:00
sinn3r
1ccfb6cb43
IE UXSS
2015-02-05 03:03:28 -06:00
William Vu
46210a4963
Fix punctuation
2015-01-26 12:05:54 -06:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
jvazquez-r7
c6901caf39
Change module location
2015-01-24 10:14:46 -06:00
Jon Hart
e46395f592
Land #4596 , @pdeardorff-r7's memcached extractor
2015-01-22 08:00:19 -08:00
Jon Hart
1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache
2015-01-22 07:59:48 -08:00
pdeardorff-r7
0d4d06fb83
Print table for all scans, add preview size option
2015-01-20 11:12:47 -08:00
Jon Hart
f1bf607386
Minor Ruby style cleanup
2015-01-20 08:47:47 -08:00
Jon Hart
ef89a3d323
Add protocol reference
2015-01-20 08:34:08 -08:00
Jon Hart
9c97824d5c
Move MAXKEYS to advanced
2015-01-20 08:28:49 -08:00
Jon Hart
9d430eb1d5
Use the simpler 'version' command to get the version
2015-01-20 08:16:22 -08:00
Jon Hart
6588f92206
Move rex connection errors to vprint since this is a Scanner
2015-01-20 08:11:09 -08:00
Jon Hart
10100df054
report_service
2015-01-20 08:09:35 -08:00
Jon Hart
b0bbce1190
Include peer in most prints
2015-01-20 08:00:02 -08:00
William Vu
84ecde30d1
Land #4586 , mcafee_epo_xxe aux module
2015-01-18 00:50:10 -06:00
William Vu
57ca285f8a
Fix msftidy warnings
2015-01-18 00:49:52 -06:00
pdeardorff-r7
db3185231a
add maxkeys option, dont store loot if localhost and improve streaming
2015-01-17 09:25:32 -08:00
pdeardorff-r7
f1bcbb7d78
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-16 09:57:17 -08:00
Brent Cook
7ef721bdd6
Might as well format the url all at once.
2015-01-16 09:01:25 -06:00
Brandon Perry
1929f36050
Update mcafee_epo_xxe.rb
2015-01-15 16:50:14 -06:00
Joe Vennix
8c3d4c8d07
Spelling tweak.
2015-01-15 15:19:46 -06:00
Joe Vennix
35c9a13199
Handle the usage of // (same-scheme) URLs.
2015-01-15 15:09:50 -06:00
pdeardorff-r7
507050b316
rescue from down memcached server or timeout
2015-01-15 09:51:42 -08:00
pdeardorff-r7
0e893cd772
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-15 09:40:21 -08:00
pdeardorff-r7
4d2ad8865f
remove debug line
2015-01-15 09:37:51 -08:00
pdeardorff-r7
154eb7956c
fix storing of loot and support localhost session
2015-01-15 09:36:15 -08:00
Brandon Perry
4e4ca15422
Update mcafee_epo_xxe.rb
2015-01-15 11:02:11 -06:00
Brandon Perry
e53522b64b
Update mcafee_epo_xxe.rb
2015-01-15 10:28:52 -06:00
Brandon Perry
86d5358299
Update mcafee_epo_xxe.rb
2015-01-15 09:56:02 -06:00
Brandon Perry
53e1304afb
Update mcafee_epo_xxe.rb
2015-01-14 18:19:27 -06:00
Brandon Perry
1ed07bac32
Update mcafee_epo_xxe.rb
2015-01-14 11:01:14 -06:00
Brandon Perry
794bb65817
Create mcafee_epo_xxe.rb
2015-01-14 10:54:58 -06:00
pdeardorff-r7
99cf668441
add memcached extractor module
2015-01-12 16:40:06 -08:00
sinn3r
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
Tod Beardsley
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
Tod Beardsley
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
Tod Beardsley
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
Joe Vennix
8d73794cc8
Add hint for exploit on old devices.
2014-12-23 12:29:08 -06:00
Joe Vennix
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00