306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
ffd90a3d38
Add confirmation datastore option
2014-02-03 12:40:58 -06:00
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
a92256e8d1
Clean a10networks_ax_directory_traversal
2014-02-03 08:41:23 -06:00
53c2a737e9
Don't register rport again
2014-01-31 09:42:41 -06:00
452042e757
Land #2925 , @xistence aux module for Support Center Plus traversal
2014-01-31 09:38:01 -06:00
e9f04d9203
Do final cleanup for Support Center Plus module
2014-01-31 09:37:40 -06:00
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
e81a0ed22b
Changes as requested for SupportCenterPlus module
2014-01-31 13:28:45 +07:00
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
c8296298b3
added A10Networks AX loadbalancer Dir Traversal Auxiliary Module
2014-01-28 16:37:25 +07:00
32d7f15a5c
added ManageEngine Support Center Plus directory traversal auxiliary module
2014-01-28 15:45:23 +07:00
f766a74150
Land #2920 , @wvu-r7's author metadata update for printer aux modules
2014-01-27 13:02:31 -06:00
d19e9307c6
Fix missing colon in :caller_host symbol
...
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
0dbaeb6742
Add Matteo's email
2014-01-27 08:40:44 -06:00
f471f50092
ms08_067_check.rb is deprecated.
...
[SeeRM #8755 ]
2014-01-26 12:22:13 -06:00
52371be52a
Clarify why contributors are listed as authors
...
Also adding @mcantoni to the list of authors. Sorry we missed you!
Dear contributors,
Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!
https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
eaeb2af97f
Use opts hash for h323_version
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:32:37 -06:00
f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection
2014-01-24 15:03:07 -06:00
c8e2301111
Be more informative about why CheckCode::Unknown
...
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
82bf02910d
Land #2911 , correct author name for PJL credit
2014-01-24 11:00:12 -06:00
fdaa172cc5
Land #2896 , @wchen-r7's check's normalization for auxiliary modules
2014-01-24 08:53:53 -06:00
e8b591ef54
Delete registering of check on bailiwicked modules
2014-01-24 08:47:04 -06:00
9ba72ffc71
Remove check support
...
Actually, you can't support check because in check mode the module
doesn't know the IP
2014-01-23 21:30:11 -06:00
dc52d00be6
Modify vmware_http_login to work with check
2014-01-23 21:27:36 -06:00
cf17bf2e72
Small fix
2014-01-23 19:34:50 -06:00
43de7eb74f
Use REXML
2014-01-23 19:32:42 -06:00
a67068f019
Correct author name
...
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
5a59e3d4e4
Fix typo
2014-01-23 18:53:58 -06:00
f529eb1d4b
Clean code
2014-01-23 18:51:24 -06:00
8e17d38c77
Add check method
2014-01-23 18:30:18 -06:00
b0deb45fad
Add Drupal advisory as reference
2014-01-23 18:10:57 -06:00
6d0d7eda10
Delete garbage comment
2014-01-23 18:09:05 -06:00
72b72effa6
Add module for CVE-2012-4554
2014-01-23 18:04:31 -06:00
7faa41dac0
Change Unknown to Safe because it's just a banner check
2014-01-23 15:36:19 -06:00
81a3b2934e
Fix prints
2014-01-23 15:33:24 -06:00
f5a935a186
Support check for bailiwicked_host
2014-01-23 15:31:37 -06:00
8d411d2037
Fix bailiwicked_domain to allow support of check()
2014-01-23 15:29:40 -06:00
f5809423a3
Let's spell right in my spellcheck PR
...
Updates #2900
2014-01-21 15:57:59 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
5025736d87
Fix check for modicon_password_recovery
2014-01-19 17:20:20 -06:00
a239e14084
Fix nodejs_popelining check
2014-01-19 17:06:35 -06:00
7080bb336c
Update ColdFusion check
2014-01-19 17:05:03 -06:00
4fdd2c19a1
Update vbulletin check
2014-01-19 16:54:27 -06:00
0a8aa07131
Fix check method
...
This isn't a check, so shouldn't be using the check method
2014-01-19 16:47:15 -06:00
01ab6fd545
Do small fixes
2014-01-17 17:59:03 -06:00
5ec062ea1c
Beautify print message
2014-01-17 17:42:26 -06:00
d96772ead1
Clean multi-threading on ibm_sametime_enumerate_users
2014-01-17 17:38:16 -06:00
bb3d9da0bb
Do first cleaning on ibm_sametime_enumerate_users
2014-01-17 16:33:25 -06:00
584401dc3f
Clean ibm_sametime_room_brute code
2014-01-17 15:57:12 -06:00
4d079d47b8
Enable SSL by default
2014-01-17 15:34:33 -06:00
277711b578
Fix metadata
2014-01-17 15:31:51 -06:00
10fd5304ce
Parse response body just one time
2014-01-17 15:17:25 -06:00
fe64dbde83
Use rhost and rport methods
2014-01-17 14:49:50 -06:00
5e8ab6fb89
Clea ibm_sametime_version
2014-01-17 12:23:11 -06:00
bce321c628
Do response handling a little better, fake test
2014-01-17 11:02:35 -06:00
11d613f1a7
Clean ibm_sametime_webplayer_dos
2014-01-17 10:52:42 -06:00
51b3d164f7
Move the DoS module to the correct location
2014-01-17 09:30:51 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
d0d82fe405
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
87648476e1
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
55d4ad1b6a
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
7c52f9b496
Update description to use %q{}
2014-01-13 14:42:25 -06:00
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
207e9c413d
Add the test info for sercomm_dump_config
2014-01-13 14:27:03 -06:00
fe6d10ac5d
Land #2852 , @mandreko's scanner for OSVDB 101653
2014-01-13 14:07:07 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
8c3a71a2e7
Clean sercomm_backdoor scanner according to feedback
2014-01-13 13:53:47 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
4a64c4651e
Land #2822 , @mandreko's aux module for OSVDB 101653
2014-01-09 15:15:37 -06:00
410302d6d1
Fix indentation
2014-01-09 15:14:52 -06:00
b1073b3dbb
Code Review Feedback
...
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
d69b658de0
Land #2848 , @sho-luv's MS08-067 scanner
2014-01-09 14:39:25 -06:00
2a0f2acea4
Made fixes from the PR from jvazquez-r7
...
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
fc616c4413
Clean up formatting
2014-01-09 14:16:31 -06:00
93668b3286
Code Review Feedback
...
Made it less verbose, converting to vprint_error
2014-01-09 14:53:33 -05:00
be6958c965
Clean sercomm_dump_config
2014-01-09 13:42:11 -06:00
e21c97fd4d
Added missing metadata
...
Add credit where due
Add disclosure date and references
2014-01-09 14:33:54 -05:00
9456d26467
Added Scanner module for SerComm backdoor
2014-01-09 14:25:28 -05:00
01c5585d44
Moved auxiliary module to a more appropriate folder
2014-01-09 10:17:26 -05:00
d9e737c3ab
Code Review Feedback
...
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
sinn3r
jvazquez-r7
kicks4kittens
William Vu
Tod Beardsley
bcoles
xistence
Matt Andreko