a37f9c9eda
Clarify note type
2016-04-08 18:35:43 -07:00
44a98cc36f
Correct overly aggressive style cleanup
2016-04-08 18:00:03 -07:00
7ce5c07c03
Minor style cleanup
2016-04-08 17:39:32 -07:00
7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing
2016-04-08 16:56:38 -07:00
616bb8399f
remove db_filter / format a json data
2016-04-06 18:39:34 +08:00
51b8b4a4d1
Bring #6404 up to date with upstream-master
2016-04-04 16:35:58 -05:00
da3388248a
Uses #blank?
2016-04-04 16:34:49 -05:00
5a6d1ee0a9
Uses MetasploitModule class name
2016-04-04 16:30:55 -05:00
8bf039a69e
ignore_items! should not be used in a loop
...
because it's not necessary.
2016-03-22 15:56:38 -05:00
8836393cb1
Add aux module to gather browser information.
2016-03-22 13:56:12 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
38153d227c
Move apache_karaf_command_execution to the SSH directory
...
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
d14ec657e2
Land #6564 , Add Apache Karaf Command Execution Module
2016-02-25 14:47:40 -06:00
1d2ec7a239
Rescue OpenSSL::Cipher::CipherError
...
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
2016-02-25 14:46:53 -06:00
6ef4026698
get_ptr - save_note(ip, 'get_ptr', records)
2016-02-25 21:43:13 +08:00
dfff94a243
save ip/domain relationships
2016-02-25 21:14:40 +08:00
f0da8e9adf
bing_search - ConnectionTimeout
2016-02-23 18:56:34 +08:00
91822f2861
Merge pull request #12 from jhart-r7/pr/fixup-6187
...
More fixup for #6187 (auxiliary/gather/enum_dns)
2016-02-19 19:12:17 +08:00
1f5285bca7
Better handling of AXFR if ns records won't resolve on target NS
2016-02-18 22:15:06 -08:00
0e185a34bf
get_ns / notes nameservers
2016-02-19 14:03:05 +08:00
42c64b51bb
Remove all report_host instances in enum_dns
...
the forced resolution of names won't fly
2016-02-18 21:41:51 -08:00
65a3cc2921
Remove duplicated SIP SRV record lookup
2016-02-18 21:41:09 -08:00
da3c382869
add function domain2ip
2016-02-19 12:35:31 +08:00
4ef5cf420c
rename the module
2016-02-19 11:18:55 +08:00
a87c503ae4
merge bing/yahoo subdomains search
2016-02-19 11:17:08 +08:00
9afe5517f7
return unless domains -> return if domains.empty?
2016-02-18 10:26:45 +08:00
15f6992aec
add yahoo_search_domain(domain) / yahoo_search_ip(ip)
2016-02-18 00:03:28 +08:00
29185271a7
report domains/ips to (notes / hosts)
2016-02-17 11:41:59 +08:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
2428d5127c
add Yahoo Search Engine Subdomains Collector
2016-02-16 03:11:38 +08:00
3416a24dda
Adding vprint_status for loot path
...
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
2016-02-14 11:19:20 -06:00
cdaa2a8c43
Adding Apache Karaf Command Execution Module
...
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command. This is part of GitHub Issue #4358 .
2016-02-10 16:48:08 -06:00
55c8d23e1f
Handle refused connections during axfr
2016-02-04 09:23:49 -08:00
52d81f7e93
More/better status printing for big query types
2016-02-04 09:18:26 -08:00
c025458d22
More consistent record type printing
2016-02-04 09:12:36 -08:00
c630f791c3
Remove loot storage from enum_dns. Loot is appropriate for this use case
2016-02-04 09:10:08 -08:00
4408742930
Fix storage of SRV record notes
2016-02-04 09:08:21 -08:00
ef75845d01
Better fetching/saving of SRV records
2016-02-03 13:07:20 -08:00
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
1749932bb4
Cleanup loot saving output
2016-01-28 14:16:47 -08:00
6646785902
Don't enumerate other possible domains via TLD expansion by default
2016-01-28 14:09:09 -08:00
86e7cd92c0
Minor style nit on printed NS records
2016-01-28 14:08:20 -08:00
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
643ebfed7e
format print_status output for get_srv/get_tld
2016-01-16 11:21:16 +08:00
e491502023
handle exception - ResolverArgumentError
2016-01-12 00:48:02 +08:00
408b8fa4fd
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:54:03 +08:00
eecd75262c
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:25:28 +08:00
71acff5733
output scan results (set VERBOSE false)
2016-01-06 23:55:48 +08:00
a477868efb
add ENUM_BRT switch to def get_a(domain)
2015-12-30 13:15:43 +08:00
5bd380c7bd
remove vprint_status / zone transfer - Handle Errno::ETIMEDOUT Exception
2015-12-30 12:06:54 +08:00
e172d60e8e
rename STOP_STORE_LOOT to STORE_LOOT
2015-12-30 10:13:05 +08:00
3edd00f2ec
(description) dns MX to DNS MX / change default options from false to true
2015-12-30 10:07:38 +08:00
7d3978b146
Fix: save_root - Auxiliary failed: ArgumentError wrong number of arguments (5 for 7)
2015-12-29 19:59:56 +08:00
8830a0630d
Review - add options / threads / report_service / STORE_LOOT / ...
2015-12-29 19:43:52 +08:00
9bed78701d
Replace module actions with REG_DUMP_* options
2015-12-28 21:10:43 +00:00
ceef02e8b2
Add Snare Lite for Windows Registry Access module
2015-12-28 15:16:21 +00:00
74e1b8d5ac
Fix res nil
2015-11-24 00:15:05 -06:00
95ca288f9d
Modify check
2015-11-23 20:33:14 -06:00
09e6a54886
In case anonymous is not allowed for decryption
2015-11-23 20:26:41 -06:00
20ba10d46c
Spaces, how dare you
2015-11-23 16:45:02 -06:00
faab28f1d6
Add Jenkins Domain Credential Discovery Auxiliary Module
2015-11-23 16:23:59 -06:00
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
32faf7a8d4
Fix #6183 , hard tabs fix
2015-11-10 16:48:03 -06:00
a9fe09497e
Fix hard tabs
...
Mixing tabs and spaces? Seriously?
2015-11-10 16:47:29 -06:00
8dc636507b
Land #6183 , dns_srv_enum updates
2015-11-10 16:44:27 -06:00
e98570cbd1
Clean up module
2015-11-10 16:44:10 -06:00
970c5da9a6
Update dns_srv_enum.rb
2015-11-07 20:01:26 +01:00
730f6b2326
Update dns_srv_enum.rb
...
Remove some comment following message on pull-request.
2015-11-07 15:23:32 +01:00
2adcd0a0d2
add references
2015-11-05 23:45:29 +00:00
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
d63f7c843e
enum_dns - review
2015-11-05 10:09:54 +00:00
3739a2fb72
Update dns_srv_enum.rb
2015-11-03 16:59:55 +01:00
f1feccfd7c
Update dns_srv_enum.rb
2015-11-03 16:53:26 +01:00
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
93df45eff1
Land #6138 , Land joomla plugin com_realestatemanager Error Based SQLi
2015-10-28 13:36:14 -05:00
09b79414ee
Report hash
2015-10-28 13:33:00 -05:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
9041f95511
Perform final cleanup
2015-10-27 11:21:17 -05:00
132cbf0cd7
joomla plugin com_realestatemanager Error Based SQL Ijnection
2015-10-27 15:18:17 +00:00
c7fe014854
remove global variables
2015-10-26 17:13:51 -05:00
8b4f2290ed
no more session ids in desc
2015-10-25 11:01:17 -05:00
f738dd2acb
replace print_* with vprint_* / fix check method
2015-10-25 06:57:56 +00:00
a6628110f6
rebuild joomla_contenthistory_sqli (cve-2015-7297)
2015-10-25 03:56:36 +00:00
949a4c797b
Update joomla_contenthistory_sqli.rb
2015-10-23 09:33:12 -05:00
07d549d783
Update joomla_contenthistory_sqli.rb
...
Remove sessions for now
2015-10-23 09:32:15 -05:00
e4281dd1fb
Create joomla_contenthistory_sqli.rb
2015-10-22 15:05:02 -05:00
4e50f3ebde
Update dns_srv_enum.rb
...
Patch for :
- Split record srvrcd one entry by line for readability.
- Add record for Default-First-Site-Name :
(according to https://technet.microsoft.com/en-us/library/cc759550%28v=ws.10%29.aspx )
'_gc._tcp.Default-First-Site-Name._sites.',
'_kerberos._tcp.Default-First-Site-Name._sites.',
'_kerberos.tcp.Default-First-Site-Name._sites.dc._msdcs.',
'_ldap._tcp.Default-First-Site-Name._sites.',
'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.',
'_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.',
- Remove double entry '_kerberos.tcp.dc._msdcs.'
- Add fqdn query in logs.
- Add report_note to store and preserve the fqdn query.
Ps : I'm not very familiar with the code and patch rules for modules. Thank you to excuse my eventual errors.
2015-10-21 18:27:14 +02:00
cf9ddbb701
Update moduels using Msf::HTTP::Wordpress
2015-10-15 11:47:13 -05:00
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
2e2d27d53a
Land #5935 , final creds refactor
2015-10-01 00:25:14 -05:00
cddf72cd57
Show errors when no results are found
2015-09-10 14:05:40 -07:00
5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
4df622c76b
Oops, one last for #5312 .
2015-05-06 14:48:17 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
83288ff391
Fix typo
2015-04-30 17:58:26 -05:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
bb0b2eee37
Fix missing . in SRV query
...
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
9d78aa96d9
Add output of API errors to console
2015-03-30 02:42:09 -04:00
45f8738cfe
Fix stdout errors
2015-03-27 07:53:59 -04:00
3515a0a71f
Initial commit for supporting SSL Labs API
2015-03-27 07:34:11 -04:00
f996c5a888
Update description
2015-03-27 02:31:36 -05:00
67dc46791d
Limit the module to IE 8 and IE9
2015-03-27 02:30:04 -05:00
f88d9651b6
I don't think it's worth putting the js in ie_addons.js
2015-03-27 02:26:50 -05:00
bd2763292a
Properly credit Soroush Dalili
2015-03-26 23:36:16 -05:00
560f31c34d
Minor changes
2015-03-26 23:29:44 -05:00
68624dd56e
Final for ie_files_disclosure.rb
2015-03-26 22:49:22 -05:00
b0b17775c2
First working version
2015-03-26 21:53:26 -05:00
5d80ef9325
Fix minor issues
2015-03-25 02:53:36 -04:00
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
b839547dc3
Add documentation for Registry modules and methods
2015-03-19 17:57:21 -05:00
a7f1244251
Finish the java_rmi_registry gather module
2015-03-19 17:33:45 -05:00
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS
2015-03-18 22:34:52 +10:00
d1a2f58303
Fix of regex for file capture and format tweaks
2015-03-18 22:17:44 +10:00
fa7242388b
Move the module to the correct location
2015-03-18 18:18:54 +10:00
dd751a3371
Add ssl/tls support, change default parameters
2015-03-17 02:23:13 -04:00
0d36115112
Update MS15-018 MSB reference
2015-03-12 10:13:37 -05:00
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
ccd0712d43
Use ===, doh.
2015-03-06 12:29:34 -06:00
fefd4e271a
Don't hardcode the hex.
2015-03-06 12:16:03 -06:00
3fb4fbe8e6
Add 'not allowed' check instead of magic check.
2015-03-06 00:01:31 -06:00
7db3277731
Actually hide the iframe.
2015-03-05 23:52:29 -06:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
3c5d7b3ef0
Okay, putting source code in a quoted string is horrible.
2015-03-05 23:25:37 -06:00
5f3ed83922
Land #4836 , Solarwinds Core Orion Service SQL injection
2015-03-02 11:44:26 -06:00
f8e3874203
add nil check
2015-02-28 20:43:19 -06:00
ceb92cdf5e
update login method
2015-02-26 07:33:51 -06:00
c4b85603d2
Fix encoding, oops.
2015-02-25 22:56:33 -06:00
d486d17302
Add reference to 2014 fix.
2015-02-25 21:04:01 -06:00
a410d2ec25
Add android 4.3 stock browser cookie/password theft.
2015-02-25 21:02:15 -06:00
6feae9524b
Fix up funny indent on description
...
[See #4770 ]
2015-02-24 12:25:48 -06:00
1134b0a6fa
fix dataastore to datastore
2015-02-24 10:34:33 -06:00
c9439addf8
fix url
2015-02-23 16:50:58 -06:00
3d82c7755b
add solarwinds module
2015-02-22 15:35:42 -06:00
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
f9dbff8a6c
Add store path output
2015-02-21 23:41:26 +00:00
c9ddd0dac9
Land #4795 , f5_bigip_cookie_disclosure update
2015-02-20 13:11:42 -06:00
b676f5a07e
Clean up #4795
2015-02-20 13:10:31 -06:00
f6c871a8e5
Deleted spaces at EOL
2015-02-19 05:06:00 -05:00
caabb82975
Fixed indentation errors
2015-02-19 05:02:10 -05:00
2a584da6d9
Added cookie value in print function
2015-02-19 00:43:57 -05:00
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
19cd00e6d5
Fix cookit name split
2015-02-16 23:53:32 +07:00
a44e858bd7
Fixed minor errors in F5 BigIP cookie disclosure module
2015-02-16 01:31:52 -05:00
73bac94fa8
Add Ultimate CSV Importer extract module
2015-02-15 15:27:27 +00:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
fd441d2c5e
Fix #4764 , NameError unitialized constant Net::DNS in shodan_search
2015-02-13 14:40:23 -06:00
19144e143a
Fixed some errors in F5 BigIP cookie disclosure module
2015-02-13 03:29:23 -05:00
29163db7fc
Add CVE reference for ie_uxss_injection
2015-02-12 17:16:59 -06:00
f8c81e601c
Land #4710 for real.
...
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.
This should fix #4710 .
2015-02-05 17:18:51 -06:00
0a587c9f5a
Land #4710 , really
...
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.
Conflicts:
modules/auxiliary/gather/ie_uxss_injection.rb
2015-02-05 17:13:53 -06:00
79e0ddadf6
Rename file again
2015-02-05 17:09:11 -06:00
97aa9f9dd2
Credit @joevennix
2015-02-05 17:09:11 -06:00
7585c625fa
Another update
...
Thanks @joevennix
2015-02-05 17:09:11 -06:00
12aadb3132
Another update
2015-02-05 17:09:10 -06:00
17f2d8048d
Another update
2015-02-05 17:09:10 -06:00
01252078ea
Use store_loot to store coookie
2015-02-05 17:09:10 -06:00
6fd38307e7
An update
2015-02-05 17:09:10 -06:00
Jon Hart
all3g
wchen-r7
James Lee
Adam Cammack
Christian Mehlmauer
Brent Cook
Vex Woo
Nicholas Starke
Brendan Coles
aushack
William Vu
fraf0
dmohanty-r7
Louis Sato
Brandon Perry
fraf0
jvazquez-r7
HD Moore
Tod Beardsley
joev
rastating
Mo Sadek
cldrn
Donny Maasland
Denis Kolegov
kaospunk
root
OJ
Nikita Oleksov