infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,484 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

459 Commits (8a0249cdbfde4cfcaa5f7a9c066bace0b06f98ff)

Author SHA1 Message Date
jvazquez-r7 4a9294e3bf Mark module as not executable 2014-09-19 14:36:44 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes 
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
 2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive 
See #3759
 2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS 
See #3759
 2014-09-11 14:05:50 -05:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb 
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
 2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb 
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
 2014-09-04 21:34:24 -04:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return 
This eliminates the protracted if statement and aligns the code body.
 2014-09-04 15:05:30 -05:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Jon Hart 246f021437 Update natpmp_external_address to use Msf::Auxiliary::UDPScanner 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart ca11eae3a9 Show a useful failure message when the external address probe fails 2014-08-26 10:49:52 -07:00
John Sawyer 0a27a18104 Committing changes from r7 comments 2014-08-23 00:08:27 -04:00
John Sawyer 1959f7a235 Updated shodan_search for new API 2014-08-20 00:48:13 -04:00
jvazquez-r7 674c3ca260 Use [] for references 2014-07-30 10:44:42 -05:00
Christian Mehlmauer 3d2a62bc29
Updated W3 Total Cache Hash extract module 2014-07-29 19:49:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
Meatballs 615aeb66a5
Dont use or 2014-06-23 23:11:04 +01:00
Meatballs 752007848b
Tidy up code 
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
 2014-06-23 23:08:33 +01:00
HD Moore 2772d84a18 Major rework of this module, please see the diff 2014-06-23 16:13:42 -05:00
William Vu a0aca251f5
Land #3472, releae fixes 2014-06-23 11:41:35 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
William Vu 1394ad1431
Break my double quote habit 
Doesn't it feel better? C doesn't love me anymore.
 2014-06-17 14:22:55 -05:00
William Vu 8376b4aa2b
Map constants to readable values 
Thanks, @zeroSteiner and @kernelsmith. :)
 2014-06-17 13:10:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
Tod Beardsley 1ab379a0fe
Land #3448, ident =! indent 2014-06-12 14:15:06 -05:00
Tod Beardsley e9783200f2
Land #3447, fix variable typo 2014-06-12 14:07:34 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Jon Cave a647246148 Use correct variable name 2014-06-12 19:38:41 +01:00
Tod Beardsley 3f5e50d18f
Aux modules don't have ranking. 
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
 2014-06-12 13:21:59 -05:00
joev 6bc37cca0c
Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb 
some @jvennix-r7 fixes
 2014-06-11 17:07:57 -05:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb 
Fix some logic bugs that caused incorrect results.
 2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb 
No need to make extra requests. Off by one.
 2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb 
This adds a bit more error handling, and better decision making in regards to false responses.
 2014-06-07 19:58:12 -05:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb 
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
 2014-06-07 11:20:34 -05:00
jvazquez-r7 69e8286838 Fix title 2014-05-27 10:29:32 -05:00
jvazquez-r7 1316365c2f Fix description 2014-05-27 10:22:39 -05:00
jvazquez-r7 abe1d6ffc7
Land #3190, @Karmanovskii's module to fingerprint MyBB database 2014-05-27 10:20:24 -05:00
jvazquez-r7 86221de10e Fix message 2014-05-27 10:18:27 -05:00
jvazquez-r7 b96c2dd0ca Change module filename 2014-05-27 10:15:39 -05:00
jvazquez-r7 1d8c46155b Do last code cleaning 2014-05-27 10:14:55 -05:00
Karmanovskii eacf70af83 Update mybb_get_type_db.rb 
26.05.2014  23:26
I deleted mimicking IE11
 2014-05-26 23:26:28 +04:00
Chris Hebert 99046ba12a Update alienvault_newpolicyform_sqli.rb 
Added EDB link - should be ready now.
 2014-05-23 10:07:45 -04:00
Tod Beardsley fa353e6bd9
Add CVE, IBM ref for SameTime modules 2014-05-22 11:34:04 -05:00
Karmanovskii e26dee5e22 Update mybb_get_type_db.rb 
19/05/2014
I deleted      -     #return Exploit::CheckCode::Unknown  # necessary ????
 2014-05-19 21:32:30 +04:00
Karmanovskii 06912ac2b6 Update mybb_get_type_db.rb 
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
 2014-05-17 16:30:29 +04:00
Karmanovskii cbb84e854c Update mybb_get_type_db.rb 
14.05.2014
Eliminated notes jvazquez-r7
 2014-05-14 14:56:40 +04:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
Chris Hebert 681e4194ea Update alienvault_newpolicyform_sqli.rb 
and the new variable as well.
 2014-05-10 20:19:40 -04:00
Chris Hebert 3ae3c478bd Update alienvault_newpolicyform_sqli.rb 
enhanced as requested by Christian Mehlmauer 
changed xnDa to a random string to make IDS harder to detect.
 2014-05-10 20:17:30 -04:00
Chris Hebert 1affbfbe9d Update alienvault_newpolicyform_sqli.rb 
fixed reinitialize i=0, full = '' and filename .....
 spotted by Spencer McIntyre - thanks.
 2014-05-10 18:49:41 -04:00
Chris Hebert 8e79663001 Update alienvault_newpolicyform_sqli.rb 
Added vendor advisory
 2014-05-10 18:31:12 -04:00
Chris Hebert ec1df58bf7 Update alienvault_newpolicyform_sqli.rb 
Changed reference --  OSVDB # 106815
(waiting for EDB - no response yet)
 2014-05-10 18:14:09 -04:00
Chris Hebert 473efe1040 Update alienvault_newpolicyform_sqli.rb 2014-05-10 17:28:50 -04:00
mvdevnull 117e0b839b Add module - alienvault_newpolicyform_sqli 2014-05-09 15:10:58 -04:00
Tod Beardsley c6affcd6d3
Fix caps, description on F5 module 
The product name isn't "Load Balancer" as far as I can tell.
 2014-05-05 13:38:53 -05:00
jvazquez-r7 9cd6c5ef2b
Land #3297, @Th4nat0s's F6 backends disclosure module 2014-04-30 09:31:37 -05:00
jvazquez-r7 4e80e1c239 Clean up pull request code 2014-04-30 09:31:07 -05:00
Thanat0s 70314494ca test nil of port & host 2014-04-28 23:33:01 +02:00
Thanat0s fe3f7fd76a Obey to reviewer.. code fix 2014-04-28 23:26:29 +02:00
Thanat0s 2396d497d8 move scanner to gather 2014-04-28 12:57:54 +02:00
Spencer McIntyre 9ccb9397e3
Land #3264, throttl and csv output support for module 2014-04-23 19:00:28 -04:00
Spencer McIntyre e2b92a824f Change white space for authors in dns_reverse_lookup 2014-04-23 18:56:27 -04:00
Thanat0s 457c48b89b Error on sleep 2014-04-23 11:38:23 +02:00
sinn3r d7513b0eb2 Handle nil properly when no results are found 2014-04-15 18:19:29 -05:00
Tod Beardsley 40a359f312 Include a vhost for Shodan or else it complains 
Works now. The rhost option was not keeping the custom vhost option.

````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...

[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*]     Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...

IP Results
==========
````
 2014-04-14 21:23:27 -05:00
Tod Beardsley 1436f68955
Fix shodan to not muck with datastore 2014-04-14 21:21:11 -05:00
Thanat0s 176204d62d With implemented remarks 2014-04-14 21:11:04 +02:00
Thanat0s dd7bceee56 fix threaded issues 2014-04-12 17:43:39 +02:00
Thanat0s d493c48cc6 add thottling,notes insert and output to dns_rev_lookup 2014-04-12 16:36:18 +02:00
Tod Beardsley 56662bd89b
Correct corpwatch_lookup_name datastore usage 
[SeeRM #8498]
 2014-04-10 16:56:55 -05:00
Tod Beardsley 06dedeec8f
Update corpwatch_lookup_id to run correctly 
[SeeRM #8498]
 2014-04-10 16:52:34 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
Karmanovskii 5dbd124ef9 Update mybb_get_type_db.rb 2014-04-05 02:53:43 -07:00
Karmanovskii c035715a71 Update mybb_get_type_db.rb 
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
 2014-04-05 02:50:53 -07:00
jvazquez-r7 e2cbcf3c5d
Land #3179, @brandonprry AlienVault sqli aux module 2014-04-04 09:17:11 -05:00
jvazquez-r7 ff6105e55d Add check codes 2014-04-04 09:13:43 -05:00
Brandon Perry 44db611845 defaultoptions, not option 2014-04-04 05:55:35 -07:00