William Vu
23f7fe45ed
Add Chromecast wifi enumeration module
2014-06-11 21:00:47 -05:00
Brandon Perry
cca91dd7c5
Update mongodb_js_inject_collection_enum.rb
...
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
Brandon Perry
4367e8ef0c
Update mongodb_js_inject_collection_enum.rb
...
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry
dc89621d5c
Update mongodb_js_inject_collection_enum.rb
...
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry
2663af986b
Update mongodb_js_inject_collection_enum.rb
...
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Brandon Perry
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
jvazquez-r7
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
jvazquez-r7
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
jvazquez-r7
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
jvazquez-r7
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
jvazquez-r7
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
jvazquez-r7
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
Karmanovskii
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
Chris Hebert
99046ba12a
Update alienvault_newpolicyform_sqli.rb
...
Added EDB link - should be ready now.
2014-05-23 10:07:45 -04:00
Tod Beardsley
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
Karmanovskii
e26dee5e22
Update mybb_get_type_db.rb
...
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
2014-05-19 21:32:30 +04:00
Karmanovskii
06912ac2b6
Update mybb_get_type_db.rb
...
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
Karmanovskii
cbb84e854c
Update mybb_get_type_db.rb
...
14.05.2014
Eliminated notes jvazquez-r7
2014-05-14 14:56:40 +04:00
Christian Mehlmauer
3f3283ba06
Resolved some msftidy warnings (Set-Cookie)
2014-05-12 21:23:30 +02:00
Chris Hebert
681e4194ea
Update alienvault_newpolicyform_sqli.rb
...
and the new variable as well.
2014-05-10 20:19:40 -04:00
Chris Hebert
3ae3c478bd
Update alienvault_newpolicyform_sqli.rb
...
enhanced as requested by Christian Mehlmauer
changed xnDa to a random string to make IDS harder to detect.
2014-05-10 20:17:30 -04:00
Chris Hebert
1affbfbe9d
Update alienvault_newpolicyform_sqli.rb
...
fixed reinitialize i=0, full = '' and filename .....
spotted by Spencer McIntyre - thanks.
2014-05-10 18:49:41 -04:00
Chris Hebert
8e79663001
Update alienvault_newpolicyform_sqli.rb
...
Added vendor advisory
2014-05-10 18:31:12 -04:00
Chris Hebert
ec1df58bf7
Update alienvault_newpolicyform_sqli.rb
...
Changed reference -- OSVDB # 106815
(waiting for EDB - no response yet)
2014-05-10 18:14:09 -04:00
Chris Hebert
473efe1040
Update alienvault_newpolicyform_sqli.rb
2014-05-10 17:28:50 -04:00
mvdevnull
117e0b839b
Add module - alienvault_newpolicyform_sqli
2014-05-09 15:10:58 -04:00
Tod Beardsley
c6affcd6d3
Fix caps, description on F5 module
...
The product name isn't "Load Balancer" as far as I can tell.
2014-05-05 13:38:53 -05:00
jvazquez-r7
9cd6c5ef2b
Land #3297 , @Th4nat0s's F6 backends disclosure module
2014-04-30 09:31:37 -05:00
jvazquez-r7
4e80e1c239
Clean up pull request code
2014-04-30 09:31:07 -05:00
Thanat0s
70314494ca
test nil of port & host
2014-04-28 23:33:01 +02:00
Thanat0s
fe3f7fd76a
Obey to reviewer.. code fix
2014-04-28 23:26:29 +02:00
Thanat0s
2396d497d8
move scanner to gather
2014-04-28 12:57:54 +02:00
Spencer McIntyre
9ccb9397e3
Land #3264 , throttl and csv output support for module
2014-04-23 19:00:28 -04:00
Spencer McIntyre
e2b92a824f
Change white space for authors in dns_reverse_lookup
2014-04-23 18:56:27 -04:00
Thanat0s
457c48b89b
Error on sleep
2014-04-23 11:38:23 +02:00
sinn3r
d7513b0eb2
Handle nil properly when no results are found
2014-04-15 18:19:29 -05:00
Tod Beardsley
40a359f312
Include a vhost for Shodan or else it complains
...
Works now. The rhost option was not keeping the custom vhost option.
````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...
[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*] Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...
IP Results
==========
````
2014-04-14 21:23:27 -05:00
Tod Beardsley
1436f68955
Fix shodan to not muck with datastore
2014-04-14 21:21:11 -05:00
Thanat0s
176204d62d
With implemented remarks
2014-04-14 21:11:04 +02:00
Thanat0s
dd7bceee56
fix threaded issues
2014-04-12 17:43:39 +02:00
Thanat0s
d493c48cc6
add thottling,notes insert and output to dns_rev_lookup
2014-04-12 16:36:18 +02:00
Tod Beardsley
56662bd89b
Correct corpwatch_lookup_name datastore usage
...
[SeeRM #8498 ]
2014-04-10 16:56:55 -05:00
Tod Beardsley
06dedeec8f
Update corpwatch_lookup_id to run correctly
...
[SeeRM #8498 ]
2014-04-10 16:52:34 -05:00
Tod Beardsley
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
Tod Beardsley
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
Karmanovskii
5dbd124ef9
Update mybb_get_type_db.rb
2014-04-05 02:53:43 -07:00
Karmanovskii
c035715a71
Update mybb_get_type_db.rb
...
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
2014-04-05 02:50:53 -07:00
jvazquez-r7
e2cbcf3c5d
Land #3179 , @brandonprry AlienVault sqli aux module
2014-04-04 09:17:11 -05:00
jvazquez-r7
ff6105e55d
Add check codes
2014-04-04 09:13:43 -05:00
Brandon Perry
44db611845
defaultoptions, not option
2014-04-04 05:55:35 -07:00
jvazquez-r7
6f14cd225d
Do minor clean up
2014-04-03 23:22:44 -05:00
Christian Mehlmauer
253a1c1f87
Land #3180 , EMC Cloud Tiering Appliance Unauthed XXE with root perms
2014-04-03 22:02:13 +02:00
Brandon Perry
a57da00932
fix refs line
2014-04-03 14:07:00 -07:00
Brandon Perry
51f83fccde
add some checks in vase the file wasn't retrievable
2014-04-03 14:04:05 -07:00
Brandon Perry
e2ded663a6
make more robust
2014-04-03 06:15:09 -07:00
Brandon Perry
53b8148438
make more random
2014-04-03 05:52:35 -07:00
Brandon Perry
77b64ee77d
make more random
2014-04-03 05:41:00 -07:00
Brandon Perry
75dc4c459b
msftidy
2014-04-02 13:22:21 -07:00
Brandon Perry
bb82277a41
msftidy
2014-04-02 13:20:13 -07:00
Brandon Perry
abc0b31f26
exploithub wat
2014-04-02 13:18:48 -07:00
Brandon Perry
765657d55a
alienvault module
2014-04-02 13:09:46 -07:00
Brandon Perry
d3f353118a
edb update
2014-04-02 13:06:54 -07:00
Brandon Perry
32cd846fe4
emc cta xxe module
2014-04-02 13:05:53 -07:00
Karmanovskii
b11df0eaf0
Update and rename myBB_GetTypeDB.rb to mybb_get_type_db.rb
2014-03-28 16:47:49 -07:00
William Vu
2344a9368e
Fix warnings generated by #3158
...
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
Karmanovskii
0b51e7459c
Update myBB_GetTypeDB.rb
...
I have added detection MyBB forum.
2014-03-24 12:19:51 -07:00
Tod Beardsley
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
sinn3r
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
Brandon Perry
9b2cfb6c84
change default targeturi to something more universal
2014-03-19 21:03:50 -05:00
Brandon Perry
b52a535609
add official url
2014-03-19 20:41:32 -05:00
Brandon Perry
ab42cb1bff
better error handling for the user
2014-03-19 18:46:57 -05:00
Brandon Perry
2ef2f9b47c
use vars_get
2014-03-19 07:51:34 -07:00
Brandon Perry
920b2da720
Merge branch 'master' into joomla_sqli
2014-03-19 07:43:32 -07:00
Brandon Perry
a01dd48640
a bit better error message if injection works but no file
2014-03-13 13:38:43 -07:00
Brandon Perry
b0688e0fca
clarify LOAD_FILE perms in description
2014-03-13 13:11:27 -07:00
Brandon Perry
2734b89062
update normalize_uri calls
2014-03-13 06:55:15 -07:00
Brandon Perry
7540dd83eb
randomize markers
2014-03-12 20:11:55 -05:00
Brandon Perry
3fedafb530
whoops, extra char
2014-03-12 19:54:58 -05:00
Brandon Perry
aa00a5d550
check method
2014-03-12 19:47:39 -05:00
Brandon Perry
9cb1c1a726
whoops, typoed the markers
2014-03-12 10:58:34 -07:00
Brandon Perry
6636d43dc5
initial module
2014-03-12 10:46:56 -07:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Karmanovskii
6d748f49d3
Update myBB_GetTypeDB.rb
...
1.I added comment header;
2.I made a link to your account as a comment;
3.I added a link https://github.com/rapid7/metasploit-framework/pull/3070
Items 2 and 3 on the advice wchen-r7
2014-03-07 10:49:30 -08:00
Karmanovskii
162527c0e4
Update and rename modules/auxiliary/analyze/myBB_GetTypeDB.rb to modules/auxiliary/gather/myBB_GetTypeDB.rb
...
Minor changes and bug: "Msf :: Auxiliary" - forgot to change
2014-03-06 09:43:23 -08:00
sinn3r
f0e97207b7
Fix email format
2014-03-04 17:51:24 -06:00
Brandon Perry
c86764d414
update default password to root
2014-03-04 11:55:30 -08:00
Brandon Perry
2b06791ea6
updates regarding PR comments
2014-03-04 10:08:31 -08:00
Brandon Perry
a3523bdcb9
Update mantisbt_admin_sqli.rb
...
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
Brandon Perry
98b59c4103
update desc
2014-03-03 12:40:58 -08:00
Brandon Perry
c5d1071456
add mantisbt aux module
2014-03-03 12:36:38 -08:00
James Lee
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
Tod Beardsley
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
sinn3r
8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
2014-02-10 13:49:02 -06:00
sinn3r
306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00
jvazquez-r7
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
jvazquez-r7
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
kicks4kittens
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
kicks4kittens
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
Tod Beardsley
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
bcoles
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
sinn3r
f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection
2014-01-24 15:03:07 -06:00
sinn3r
c8e2301111
Be more informative about why CheckCode::Unknown
...
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
jvazquez-r7
cf17bf2e72
Small fix
2014-01-23 19:34:50 -06:00
jvazquez-r7
43de7eb74f
Use REXML
2014-01-23 19:32:42 -06:00
jvazquez-r7
5a59e3d4e4
Fix typo
2014-01-23 18:53:58 -06:00
jvazquez-r7
f529eb1d4b
Clean code
2014-01-23 18:51:24 -06:00
jvazquez-r7
8e17d38c77
Add check method
2014-01-23 18:30:18 -06:00
jvazquez-r7
b0deb45fad
Add Drupal advisory as reference
2014-01-23 18:10:57 -06:00
jvazquez-r7
6d0d7eda10
Delete garbage comment
2014-01-23 18:09:05 -06:00
jvazquez-r7
72b72effa6
Add module for CVE-2012-4554
2014-01-23 18:04:31 -06:00
sinn3r
7080bb336c
Update ColdFusion check
2014-01-19 17:05:03 -06:00
sinn3r
4fdd2c19a1
Update vbulletin check
2014-01-19 16:54:27 -06:00
jvazquez-r7
01ab6fd545
Do small fixes
2014-01-17 17:59:03 -06:00
jvazquez-r7
5ec062ea1c
Beautify print message
2014-01-17 17:42:26 -06:00
jvazquez-r7
d96772ead1
Clean multi-threading on ibm_sametime_enumerate_users
2014-01-17 17:38:16 -06:00
jvazquez-r7
bb3d9da0bb
Do first cleaning on ibm_sametime_enumerate_users
2014-01-17 16:33:25 -06:00
jvazquez-r7
584401dc3f
Clean ibm_sametime_room_brute code
2014-01-17 15:57:12 -06:00
jvazquez-r7
4d079d47b8
Enable SSL by default
2014-01-17 15:34:33 -06:00
jvazquez-r7
277711b578
Fix metadata
2014-01-17 15:31:51 -06:00
jvazquez-r7
10fd5304ce
Parse response body just one time
2014-01-17 15:17:25 -06:00
jvazquez-r7
fe64dbde83
Use rhost and rport methods
2014-01-17 14:49:50 -06:00
jvazquez-r7
5e8ab6fb89
Clea ibm_sametime_version
2014-01-17 12:23:11 -06:00
kicks4kittens
d0d82fe405
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
kicks4kittens
87648476e1
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
kicks4kittens
55d4ad1b6a
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
Tod Beardsley
feaf6c23cf
Merge and Unconflict client.rb, new module splat
...
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421
Also fixes the module with the new license splat.
Conflicts:
lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
kicks4kittens
17c0751677
Create ibm_sametime_room_brute.rb
...
init
2013-12-26 13:02:52 +01:00
kicks4kittens
7ba1950424
Create ibm_sametime_enumerate_users.rb
...
init
2013-12-26 13:01:48 +01:00
kicks4kittens
2d6f41d67f
Create ibm_sametime_version.rb
...
init
2013-12-26 13:00:39 +01:00
OJ
5e4c395f86
Fix small spacing issue
2013-12-18 17:14:47 +10:00
zeknox
2eee34babf
added timeout options and rescue timeout
2013-12-16 20:00:13 -06:00
zeknox
fe34d0e36e
fixed syntax
2013-12-16 19:26:40 -06:00
zeknox
7b8de95f6b
fixed database overwriting issues
2013-12-16 19:16:12 -06:00
zeknox
07f686bb1a
added ResolverArgumentError rescue statement
2013-12-16 18:46:14 -06:00
zeknox
e6f1f648be
modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required
2013-12-13 10:49:44 -06:00
zeknox
d6e19df8e2
added additional url reference
2013-12-12 22:57:23 -06:00
zeknox
9f18c57fce
added period to description and changed tester to user
2013-12-12 22:11:02 -06:00
zeknox
dba0e9bf77
msftidy done
2013-12-12 20:30:46 -06:00
zeknox
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
Tod Beardsley
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
sinn3r
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
jvazquez-r7
f2f8c08c8e
Use blank? method
2013-12-05 16:36:44 -06:00
jvazquez-r7
a380d9b4f2
Add aux module for CVE-2013-3522
2013-12-05 15:58:05 -06:00
joev
0612f340f1
Commas are good.
2013-11-13 14:38:50 -06:00
joev
ad5f82d211
Add missing refs to aux/gather/android_htmlfileprovider.
2013-11-13 14:36:18 -06:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00