Commit Graph

6352 Commits (888208678a80aadd751319227b0dfacbc8c026a5)

Author SHA1 Message Date
jvazquez-r7 dd5060e08c
Land #5340, @wchen-r7's change to the symantec_web_gateway_login writing style 2015-05-15 13:18:35 -05:00
jvazquez-r7 cf5fa6752e
Use parenthesis 2015-05-15 13:17:54 -05:00
jvazquez-r7 d05cae5faf
Land #5329, @wchen-r7's add configurable options to jenkins_login 2015-05-15 11:38:21 -05:00
wchen-r7 24a989b8a3
Land #5249, Add Module for Enum on InfluxDB database 2015-05-14 11:22:54 -05:00
wchen-r7 005c36b2a6 If data is empty, don't save (or even continue) 2015-05-14 11:22:10 -05:00
wchen-r7 ac0e4e747a Change writing style of symantec_web_gateway_login 2015-05-13 00:23:37 -05:00
wchen-r7 202c5e0121
Land #5333, HTML Title Grabber 2015-05-12 11:19:06 -05:00
wchen-r7 faec5844cb Some fixes 2015-05-12 11:18:21 -05:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Stuart Morgan f0048b9a6d Apparently you don't quote the keys with the new syntax 2015-05-12 11:00:18 +01:00
Stuart Morgan 7c81adbd89 MSFTidy is now quiet and happy 2015-05-12 10:47:49 +01:00
Stuart Morgan 1f6bd3e2be Updated to new ruby hash syntax and removed <> from title 2015-05-12 10:43:32 +01:00
Stuart Morgan 518e28674e Removed CGI dependency (@hmoore-r7, @wchen-r7) 2015-05-11 21:10:18 +01:00
Stuart Morgan 78e310562b Readability style change 2015-05-11 19:48:12 +01:00
Stuart Morgan 8e3d803e74 Updated style as per @void-in's comments 2015-05-11 19:46:10 +01:00
Stuart Morgan 62d67469da Updated code style as per @hmoore-r7's instructions 2015-05-11 19:34:23 +01:00
Stuart Morgan b8f7c80fd2 Rubocop 2015-05-11 18:50:03 +01:00
Stuart Morgan 8308c2a925 Added check for nonsensical options 2015-05-11 18:48:55 +01:00
Stuart Morgan 99133deabb Reran tests, sorted out strip problem 2015-05-11 18:29:44 +01:00
Stuart Morgan c25a5d3859 Fixed a bunch of rubocop errors 2015-05-11 18:14:37 +01:00
Stuart Morgan 34cf90af59 Removed unnecessary include 2015-05-11 17:31:31 +01:00
Stuart Morgan c001f014ce HTML Title Grabber 2015-05-11 17:29:22 +01:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 a8adcda941
Redo port checks 2015-05-08 15:29:30 -05:00
jvazquez-r7 156aac1dff
Use timeout options 2015-05-08 15:23:08 -05:00
jvazquez-r7 bf9ca1f88f
Change module filename 2015-05-08 15:08:59 -05:00
jvazquez-r7 f56115552f
Do code cleanup 2015-05-08 14:56:39 -05:00
jvazquez-r7 b73241882b
Use datastore option 2015-05-08 14:48:19 -05:00
jvazquez-r7 b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin 2015-05-08 14:46:08 -05:00
jvazquez-r7 9fdbfd7031
Use vprint_error 2015-05-08 14:21:36 -05:00
jvazquez-r7 017ae463ed
Fix description style 2015-05-08 14:18:29 -05:00
jvazquez-r7 2e01eb519d
Do minor fixes 2015-05-08 14:04:44 -05:00
jvazquez-r7 5588ad36b3
Print status message 2015-05-08 13:51:00 -05:00
jvazquez-r7 7e62ba85a1
Do code cleanup 2015-05-08 13:33:28 -05:00
jvazquez-r7 60c2c7a7cd
Delete unused variable 2015-05-08 13:19:39 -05:00
jvazquez-r7 c0f21c3ae1
Fix metadata 2015-05-08 13:19:23 -05:00
void-in a7988f9e93 Change credentials to service:service 2015-05-08 22:52:59 +05:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu c9cb9ad564 Fix extraneous comma 2015-05-07 15:32:48 -05:00
Tod Beardsley 4df622c76b
Oops, one last for #5312. 2015-05-06 14:48:17 -05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
Mike dc053aeb58 Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
root fc1c0028a8 moved array definition to avoid error 2015-05-05 21:16:23 -05:00
root 7949daf42b brocade_enable_login msftidy success 2015-05-05 21:16:23 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
jvazquez-r7 93ac8b48e3
Land #5178, @jboss_vulnscan check for console default admin
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7 697c6c20cb
Do minor cleanup 2015-05-01 17:37:45 -05:00
jvazquez-r7 04fa626eab
Save credentials as UNTRIED 2015-05-15 14:58:55 -05:00
jvazquez-r7 16c3bf91a1
Do code cleanup 2015-05-15 14:46:34 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 b037560c90
Do minor style fixes 2015-05-01 15:01:13 -05:00
William Vu 83288ff391 Fix typo 2015-04-30 17:58:26 -05:00
James Lee ee5dc1d6e4
Land #5277, typo in telnet_encrypt_overflow 2015-04-30 10:44:55 -05:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer"
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu 9b17191e48 Remove unnecessary {,dis}connect 2015-04-28 15:09:16 -05:00
William Vu 28e661e204 Fix false positive in POODLE scanner
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
m-1-k-3 0a4554a204 reporting included, extract device details 2015-04-28 13:01:51 +02:00
Christian Mehlmauer 7523e592d2
Land #5198, WordPress contus video gallery 2.7 scanner 2015-04-27 23:24:57 +02:00
m-1-k-3 ce697ee44c netgear soap password extractor 2015-04-27 17:56:30 +02:00
Brandon Perry 7a2084cdc5 Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb 2015-04-26 16:54:21 -05:00
m-1-k-3 b330b1d41c typo in title of telnet_encrypt_overflow.rb 2015-04-26 02:32:14 +02:00
Roberto Soares c41c7a1ba2 Rewrote the conditions of res. 2015-04-25 17:18:38 -03:00
Roberto Soares d01da0c522 Changed if conditions and exception handling 2015-04-25 15:08:36 -03:00
Roberto Soares 3a84396f32 Removed authorization header. 2015-04-25 14:30:21 -03:00
Roberto Soares b810a96dac Add Module for Enum on InfluxDB database. 2015-04-25 04:41:33 -03:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
jvazquez-r7 896d6e8cb7
Fix title 2015-04-24 11:09:39 -05:00
jvazquez-r7 1825b45ac3
Land #5242, @espreto's module for GI-Media Library Plugin Directory Traversal 2015-04-24 11:08:52 -05:00
jvazquez-r7 7af6f31c3a
Fix message 2015-04-24 11:08:00 -05:00
jvazquez-r7 5ca6fe3cb0
Do code cleanup 2015-04-24 11:07:13 -05:00
Brent Cook f457f36cdd
Land #5213, improvements to MS15-035 DoS 2015-04-24 10:54:48 -05:00
kaospunk bb0b2eee37 Fix missing . in SRV query
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
Roberto Soares e51897d64e Filepath option 2015-04-24 04:35:59 -03:00
Roberto Soares 7b0b59b5f6 Add WordPress GI-Media Library Plugin File Read. 2015-04-24 04:24:16 -03:00
Brandon Perry e9f8b25987 Update wordpress_contus_video_gallery_sqli.rb
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry 26d208f089 Update wordpress_contus_video_gallery_sqli.rb
remove 'uri'
2015-04-22 14:42:03 -05:00
Brent Cook 3963289519
Land #4888, @h00die's brocade credential bruteforcer 2015-04-21 18:27:03 -05:00
Mike 3a1778ef7c Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
jvazquez-r7 3db0e12b67
Modify autopwn comment 2015-04-21 14:19:15 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Brent Cook 073850c5ad
Land #5158, OWA internal IP disclosure scanner 2015-04-21 11:10:39 -05:00
Brent Cook 5296c6507d
Land #5157, OWA login scanner auth timing logs 2015-04-21 11:06:08 -05:00
wchen-r7 a44da8e6d7 URL refs 2015-04-21 09:29:08 -05:00
Brent Cook 9a49538c1a
Land #5016, add SSL Labs scanner 2015-04-20 21:34:16 -05:00
Brent Cook 752c3243f6 wrap print* functions in report_* wrappers
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
wchen-r7 ff32d6cee3 Improve MS15-034 DOS 2015-04-20 20:36:08 -05:00
jvazquez-r7 c6c7560aed
Land #4846, @joevennix's android 4.3 uxss module 2015-04-20 18:43:24 -05:00
jvazquez-r7 9b240e1d8f Use parenthesis 2015-04-20 18:42:34 -05:00
William Vu 79ca0a56f9
Land #4171, Steam protocol support 2015-04-20 15:35:06 -05:00
jvazquez-r7 f762873a31
Land #5192, @joevennix's module for Safari CVE-2015-1126
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
jvazquez-r7 e2eaff6b3a
Don't modify datastore options 2015-04-20 15:16:21 -05:00
jvazquez-r7 88c52ae7ae
Delete second stop_service, the mixin should had done the job 2015-04-20 15:13:11 -05:00
jvazquez-r7 dc0549d2dd
Use #wait 2015-04-20 15:06:01 -05:00
jvazquez-r7 c1234e05e2
Delete parenthesis from condition 2015-04-20 14:56:37 -05:00
jvazquez-r7 0283ac05e5
Do minor style fixes 2015-04-20 14:54:39 -05:00
jvazquez-r7 69b8edda4a
Use single quotes 2015-04-20 14:53:38 -05:00
jvazquez-r7 16daa935dd
Do minor code cleanup 2015-04-20 13:08:51 -05:00
Brandon Perry b622aae97f Update wordpress_contus_video_gallery_sqli.rb 2015-04-19 18:24:12 -05:00
Brandon Perry c393f7c398 add contus video gallery scanner 2015-04-19 17:58:08 -05:00
Christian Mehlmauer ed9175d73f
Land #5167, WordPress CP Multi-View Calendar SQLI Scanner 2015-04-19 23:36:23 +02:00
Brandon Perry 8c0bcd2e03 Update wordpress_cp_calendar_sqli.rb
Use the new WPVDB
2015-04-19 16:32:57 -05:00
joev 2010e966b3 Add non-httponly cookie theft module for ios/osx safari. 2015-04-19 11:32:37 -05:00
wchen-r7 4f903a604c Fix #5103, Revert unwanted URI encoding
Fix #5103. By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Christian Mehlmauer 6653c9e33d
Land #5162, WordPress Dukapress File Read Vulnerability 2015-04-17 11:20:55 +02:00
Christian Mehlmauer 6c77b64dae
wrong method name 2015-04-17 11:20:14 +02:00
Christian Mehlmauer aef464fc2e
Land #5159, WordPress Mobile Edition Plugin File Read Vuln 2015-04-17 11:13:00 +02:00
William Vu 3422501d91
Land #5174, deprecated module cleanup 2015-04-16 17:43:28 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Christian Mehlmauer 2b9fd93729
remove deprecated modules 2015-04-16 22:49:22 +02:00
Roberto Soares ed588e335b Changed the print_error output. 2015-04-16 17:32:59 -03:00
Roberto Soares bf3bdcffb4 Changed the deph value to 7. 2015-04-16 17:30:28 -03:00
Roberto Soares dd474757fe Changed the print_error output. 2015-04-16 17:26:44 -03:00
Roberto Soares f50cedeafd Changed the depth value to 7. 2015-04-16 17:22:49 -03:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer b4b8ac0849
moar fail_with's 2015-04-16 21:26:37 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
William Vu 1455d4e94d Fix AUTH_TIME 2015-04-16 11:39:33 -05:00
William Vu 7c572777e1 Fix whitespace 2015-04-16 11:34:50 -05:00
William Vu 7a9167b235 Fix comments 2015-04-16 11:34:47 -05:00
Nate Power 9bcc988266 Update owa_login 2015-04-16 11:23:04 -05:00
Brandon Perry 75b88f199a Create wordpress_cp_calendar_sqli.rb 2015-04-16 09:53:00 -05:00
Roberto Soares ecc67b1a57 Fix loot name 2015-04-16 10:42:20 -03:00
Roberto Soares d898af5513 Add check version and removed HttpClient 2015-04-16 10:40:35 -03:00
Roberto Soares 768294710b Add check and removed HttpClient 2015-04-16 10:22:10 -03:00
Roberto Soares 890561bff3 Rewriting the condition 'if' for only one line 2015-04-16 09:23:56 -03:00
Roberto Soares b90ff36ef4 Rewriting the condition 'if' for only one line 2015-04-16 09:15:17 -03:00
Roberto Soares 21e964e699 Add Author and references.. 2015-04-16 07:20:48 -03:00
Roberto Soares f6f4bd0746 Add WordPress Dukapress File Read Vulnerability 2015-04-16 07:17:46 -03:00
Roberto Soares c8e1185a04 Included Wordpress mixin. 2015-04-16 05:02:39 -03:00
William Vu 42ff0decc7
Land #4722, timing options for snmp_login 2015-04-16 02:25:29 -05:00
William Vu 88062a578d Clean up PR 2015-04-16 02:25:06 -05:00
William Vu bec6270f07 Fix regex 2015-04-15 23:47:03 -05:00
William Vu 0a4ab99aa5
Land #5149, couchdb_enum cleanup 2015-04-15 21:50:30 -05:00
William Vu 4410f8da6e Clean up module some more 2015-04-15 21:48:19 -05:00
Brent Cook 30d60975ba
Land #5144, add missing report_note in apache_range_dos 2015-04-15 21:47:18 -05:00
William Vu 01ae7002cf Fix EOF whitespace 2015-04-15 21:27:53 -05:00
William Vu 20d4d1ce3f Move report_goods before the return 2015-04-15 21:22:41 -05:00
Roberto Soares 0031f09d60 Add author, EDB, WPVDB and fix loot. 2015-04-15 20:03:36 -03:00
Roberto Soares 0f1cf1d1b1 Add Module WP Mobile Edition Plugin File Read Vuln 2015-04-15 19:45:08 -03:00
William Vu 66b7179a97 Rename module to owa_iis_internal_ip 2015-04-15 17:10:01 -05:00
William Vu a109dae033 Fix EOL whitespace 2015-04-15 16:58:59 -05:00
William Vu cc422eeeea Fix splat 2015-04-15 16:58:18 -05:00
Nate Power 34ce4edacb Add exchange_iis_internal_ip 2015-04-15 16:55:19 -05:00
sinn3r 7cc80c418b Correct a bad spelling in ms15_034_ulonglongadd.rb 2015-04-15 15:32:55 -05:00
sinn3r 76d36a46dc Missing a checkcode 2015-04-15 14:04:18 -05:00
sinn3r 8a542b841c Don't check Server header 2015-04-15 13:33:09 -05:00
sinn3r 90ed6ee0b6 No "vhost" 2015-04-15 13:32:11 -05:00
sinn3r 3aa8e6908d Converted to a DOS module 2015-04-15 13:13:16 -05:00
sinn3r 19ab71aa43 Final update i swear 2015-04-15 10:20:15 -05:00
sinn3r 7a77dbc9f0 Update description 2015-04-15 10:15:40 -05:00
sinn3r 2206ae48a1 Match the PR title 2015-04-15 01:50:59 -05:00
sinn3r 63048a7385 Newline
-_-
2015-04-15 01:38:09 -05:00
sinn3r 6f874b81ff Add MS15-034 check (CVE-2015-1635) 2015-04-15 01:37:43 -05:00
Roberto Soares 1d6300991c Clean the code of the module couchdb_enum. 2015-04-15 02:58:51 -03:00
William Vu 3cdc84bf27 Fix missing type in report_note 2015-04-14 14:02:20 -05:00
Tod Beardsley d87483b28d
Squashed commit of the following:
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:42:13 2015 -0500

    Fix funny punctuation on rootpipe exploit title

    See #5119

commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:37:39 2015 -0500

    Fix vendor caps

    Trusting the github repo README at

    https://github.com/embedthis/goahead

    See #5101
2015-04-13 10:46:47 -05:00
sinn3r 284ef5bbbb
Land #5112, Nessus REST Login Module 2015-04-10 13:32:53 -05:00
Jon Cave b2b7da2dc5 Fix spelling of Microsoft in module name 2015-04-10 11:09:16 +01:00
root 7810f3d9a3 Add previous nessus_xmlrpc_login file 2015-04-10 12:32:42 +05:00
root bbbd4d3634 change name to keep both XML and REST modules 2015-04-10 12:20:43 +05:00
root b6e750d7eb Nessus auxiliary scanner for updated REST API 2015-04-09 11:36:17 +05:00
William Vu c9bf8f3140
Land #5105, @joevennix's cable modem 0day 2015-04-08 16:09:46 -05:00
William Vu 831a59b10b Fix whitespace 2015-04-08 16:09:28 -05:00
Tod Beardsley 52f1b95222 Add disclosure link 2015-04-08 16:07:33 -05:00
sinn3r 1bfda9e78f
Land #5101, Add Directory Traversal for GoAhead Web Server 2015-04-08 15:30:23 -05:00
Brent Cook e03f2df691
Land #5002, RMI/JMX improvements 2015-04-08 15:23:29 -05:00
Tod Beardsley 7ed1655976
Adding module for R7-2015-01
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
sinn3r 5f389cf3c2 Add ManageEngine Desktop Central Login Utility 2015-04-08 02:05:56 -05:00
Roberto Soares dc14c770be Changed the traversal variable to just one line 2015-04-08 02:26:59 -03:00
Roberto Soares 441042ed37 Removed the segments variable 2015-04-08 01:29:45 -03:00
Roberto Soares d399d05383 Add Directory Traversal for GoAhead Web Server 2015-04-07 20:22:06 -03:00
Zach Grace 42e82cc644 Rubocop fixes 2015-04-07 18:21:08 -05:00
Zach Grace 7275d5745f Fixes, refactoring and adding JBoss AS default creds scanning 2015-04-07 17:40:25 -05:00
William Vu e1af495d21 Add extra release fixes 2015-04-06 13:08:40 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
jvazquez-r7 79b2a23dff
Land #5015, @espreto file traversal scanner for RIPS 2015-04-03 15:35:58 -05:00
jvazquez-r7 ce6e5e12d8
Make depth an option 2015-04-03 15:33:27 -05:00
jvazquez-r7 70fad73092
Add metadata 2015-04-03 15:27:28 -05:00
jvazquez-r7 e3bbb7c297 Solve conflicts 2015-04-03 14:57:49 -05:00
jvazquez-r7 e729185804
Land #5051, @nullbind's new options for mssql_enum_domain_accounts_sqli 2015-04-03 14:44:20 -05:00
jvazquez-r7 fe9fbfd157
Make calculations easier 2015-04-03 14:43:01 -05:00
root 452ebcf9ad travis 2015-04-03 16:29:35 +05:00
root be829e77ba cravis error solve 2015-04-03 16:25:18 +05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
Denis Kolegov c9e8f9cbea Add BigIP HTTP VS scanner and fix connection errors 2015-04-03 02:30:03 -04:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
2015-04-02 15:12:22 -05:00
sinn3r a592f645f0
Land #5039, Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner 2015-04-01 14:34:58 -05:00
nullbind 91aeef0a8a added startrid and endrid 2015-04-01 10:09:13 -05:00
Tod Beardsley d1318d1b48
Fixups for release 2015-03-31 11:02:12 -05:00
Brandon Perry e73286cfa5 update stale references 2015-03-30 17:17:48 -05:00
sinn3r 613f4777ce Land #5024, add joomla_ecommercewd_sqli_scanner.rb 2015-03-30 12:45:09 -05:00
jvazquez-r7 8ff54ff98d
Add msb reference 2015-03-30 10:58:08 -05:00
sinn3r 9af1e76bf7 Obfuscate js 2015-03-30 10:52:01 -05:00
sinn3r c7fa01c5ae Rename file 2015-03-30 10:39:33 -05:00
Denis Kolegov 9d78aa96d9 Add output of API errors to console 2015-03-30 02:42:09 -04:00
Brandon Perry de2bf0181c add first pass at gallerywd sqli scanner 2015-03-28 16:15:51 -05:00
Brandon Perry 9f0483248c add TARGETURI datastore option 2015-03-28 15:46:41 -05:00
Brandon Perry 6ede476423 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-28 08:38:12 -05:00
Brandon Perry 0dbd8544b4 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-27 21:20:59 -05:00
Brandon Perry 31be47d5bc Create joomla_ecommercewd_sqli_scanner.rb 2015-03-27 20:25:33 -05:00
Denis Kolegov 45f8738cfe Fix stdout errors 2015-03-27 07:53:59 -04:00
Denis Kolegov 3515a0a71f Initial commit for supporting SSL Labs API 2015-03-27 07:34:11 -04:00
Roberto Soares 3e104fd8e6
Add Directory Traversal for RIPS Scanner 2015-03-27 05:08:43 -03:00
sinn3r f996c5a888 Update description 2015-03-27 02:31:36 -05:00
sinn3r 67dc46791d Limit the module to IE 8 and IE9 2015-03-27 02:30:04 -05:00
sinn3r f88d9651b6 I don't think it's worth putting the js in ie_addons.js 2015-03-27 02:26:50 -05:00
sinn3r bd2763292a Properly credit Soroush Dalili 2015-03-26 23:36:16 -05:00
sinn3r 560f31c34d Minor changes 2015-03-26 23:29:44 -05:00
sinn3r 68624dd56e Final for ie_files_disclosure.rb 2015-03-26 22:49:22 -05:00
sinn3r b0b17775c2 First working version 2015-03-26 21:53:26 -05:00
jvazquez-r7 0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically 2015-03-25 11:29:07 -05:00
dnkolegov 5d80ef9325 Fix minor issues 2015-03-25 02:53:36 -04:00
dnkolegov 040a1af9c5 Delete useless ecnryption cookie detection, fix minor issues 2015-03-25 02:34:33 -04:00
rastating 7a0fe05803 Add CVE-ID to module references 2015-03-24 22:30:43 +00:00
Christian Mehlmauer 7bf00f8f47
Land #4789, @rastating WPLMS wordpress module 2015-03-24 20:46:38 +01:00
jvazquez-r7 39e87f927a
Make code consistent 2015-03-24 11:44:26 -05:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
dnkolegov ee17d6e606 Deleted spaces at EOL 2015-03-23 04:34:38 -04:00
dnkolegov 2a0deaa6c8 Deleted default options and SYN scan 2015-03-23 04:31:08 -04:00
jvazquez-r7 8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation 2015-03-20 18:23:05 -05:00
jvazquez-r7 349d7cb9ee
Do minor cleanup 2015-03-20 18:20:45 -05:00
William Vu 6f51946aa0
Land #4969, GitLab module references 2015-03-20 17:26:51 -05:00
William Vu 99f3de0843 Clean up info hash formatting 2015-03-20 17:26:21 -05:00
jvazquez-r7 1226b3656f
Land #4945, @wchen-r7's login scanner for Symantec web gateway 2015-03-20 14:44:05 -05:00
jvazquez-r7 2f35fcff99
Fix require 2015-03-20 14:43:42 -05:00
Meatballs 8ee520e749
Add reference 2015-03-20 19:17:34 +00:00
sinn3r b19f766728
Land #4942, Gitlab Login Scanner 2015-03-20 13:02:12 -05:00
sinn3r a2ce14a31e
Land #4941, Gitlab Unauth User Enumeration 2015-03-20 12:28:35 -05:00
sinn3r 235124a40a Fix typo 2015-03-20 12:27:23 -05:00
sinn3r 84164b44b2 Should also rescue JSON::ParserError for banner parsing 2015-03-20 12:27:02 -05:00
jvazquez-r7 b839547dc3 Add documentation for Registry modules and methods 2015-03-19 17:57:21 -05:00
jvazquez-r7 a7f1244251
Finish the java_rmi_registry gather module 2015-03-19 17:33:45 -05:00
sinn3r 94ab2f94fd Remove symbols that aren't used
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
jvazquez-r7 5c3134a616
Add first support to gather information from RMI registries 2015-03-19 11:16:04 -05:00
OJ e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS 2015-03-18 22:34:52 +10:00
OJ d1a2f58303 Fix of regex for file capture and format tweaks 2015-03-18 22:17:44 +10:00
OJ fa7242388b Move the module to the correct location 2015-03-18 18:18:54 +10:00
jvazquez-r7 14be07a2c4
Update java_rmi_server modules 2015-03-17 21:29:52 -05:00
James Lee bd4738b93e
Land #4827, capture and nbns fixups 2015-03-17 17:37:55 -05:00
James Lee d7fa0ec669
Let IPAddr#hton do the calculating 2015-03-17 17:36:45 -05:00
jvazquez-r7 1242404085
Delete comment 2015-03-17 14:18:07 -05:00
William Vu d1d6378179
Land #4566, Misfortune Cookie scanner improvements 2015-03-17 12:32:35 -05:00