KarnGaneshen
ba59434261
added infovista module
2013-06-15 17:16:26 +05:30
jvazquez-r7
7a11077834
Land #1923 , @juushya's module for rfcode brute forcing
2013-06-14 13:36:14 -05:00
jvazquez-r7
ae027a9efb
Final cleanup for rfcode_reader_enum
2013-06-14 13:09:48 -05:00
KarnGaneshen
6188df1b3a
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken.
2013-06-13 14:03:55 +05:30
jvazquez-r7
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
KarnGaneshen
871f1b7c1f
updated prints with ip-port reference. msftidy check. module load check. go rf reader..
2013-06-12 00:53:58 +05:30
KarnGaneshen
736bf120d9
added sname in report data, corrected :host to rhost, :port to rport. msftidy check. module load check. upping it.
2013-06-12 00:25:50 +05:30
jvazquez-r7
0578572d98
Change sevone_enum because it's an Scanner
2013-06-11 08:51:15 -05:00
KarnGaneshen
5c078f5139
added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up.
2013-06-11 12:57:26 +05:30
jvazquez-r7
c641184e37
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 13:30:36 -05:00
jvazquez-r7
0c6dbe9885
Add final cleanup for sevone_enum
2013-06-10 13:16:22 -05:00
KarnGaneshen
72a9c8612b
setting rfcode_reader_enum straight. more updates.
2013-06-10 22:57:00 +05:30
KarnGaneshen
5c988d99fe
more updates to sevone.rb. hopefully all is covered..
2013-06-10 21:59:18 +05:30
KarnGaneshen
04171c46ec
more updates to sevone.rb. hopefully all is covered.
2013-06-10 21:47:56 +05:30
Karn Ganeshen
ffa18d413f
Updated rfcode_reader_enum.rb ...
...
Updated as per review comments.
Removed loot of network configuration.
Used JSON.parse to bring cleaner loot output
Changed some print_goods to vprint_status
Changed if not to unless
2013-06-08 03:21:43 +05:30
Karn Ganeshen
74bddcf339
Update sevone_enum.rb
...
New updates as per review comments
2013-06-08 02:28:09 +05:30
Karn Ganeshen
1ca8fd2cf1
Update sevone_enum.rb
...
Updated as per initial review comments.
2013-06-08 01:14:43 +05:30
Karn Ganeshen
eb0ae6ed27
Update rfcode_reader_enum.rb
...
Updated as per review comments
2013-06-08 01:00:18 +05:30
Karn Ganeshen
6b8e6b3f0c
Create rfcode_reader_enum.rb
...
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
2013-06-07 23:53:09 +05:30
Karn Ganeshen
fcc600aa3e
Create sevone_enum.rb
...
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
2013-06-07 23:39:22 +05:30
jvazquez-r7
e5a17ba227
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-05 09:41:23 -05:00
sinn3r
a3b25fd7c9
Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary
2013-06-05 02:45:45 -05:00
sinn3r
307773b6a1
Extra space - die!
2013-06-05 02:44:56 -05:00
sinn3r
0c1d46c465
Add more references
2013-06-05 02:43:43 -05:00
sinn3r
5d90c6cd71
Make msftidy happy
2013-06-05 02:11:23 -05:00
sinn3r
ca5155f01d
Final touchup novell_mdm_creds
2013-06-05 02:08:55 -05:00
sinn3r
a5a3f40394
Report auth info
2013-06-05 02:06:32 -05:00
steponequit
ed4766dc46
initial commit of novell mdm modules
2013-06-04 09:20:10 -07:00
jvazquez-r7
4079484968
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 15:27:36 -05:00
CG
571b62d19d
svn scanner added print_good and rport
2013-06-02 18:05:11 -04:00
jvazquez-r7
9d91596e46
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-29 16:21:32 -05:00
Tod Beardsley
10d8bebe73
Start with a random username to test 401 codes
...
SeeRM #7991
While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
2013-05-29 12:36:28 -05:00
jvazquez-r7
aa688c4313
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-29 10:47:04 -05:00
Samuel Huckins
f0e3b0c124
Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http
...
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
2013-05-29 07:44:18 -07:00
jvazquez-r7
6401d557fd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 19:57:16 -05:00
jvazquez-r7
96888455a7
Add new signature for CF9
2013-05-28 16:04:08 -05:00
sinn3r
a6a46f82bb
Updates the description a little bit
2013-05-28 14:31:56 -05:00
sinn3r
e4e5edc619
Looks like we don't need to check MD5, let's keep it that way then.
2013-05-28 14:31:15 -05:00
sinn3r
8ab90e657c
Adds a check for Cold Fusion 10
2013-05-28 14:21:29 -05:00
Matt Andreko
5695994432
Added module to enumerate Canon printer Wifi settings
2013-05-27 18:02:37 -04:00
jvazquez-r7
094a5f1b18
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-26 16:03:33 -05:00
Matt Andreko
ea7805d3c8
Fixed a bug in the HSTS module around null headers
2013-05-23 15:02:39 -04:00
dmaloney-r7
ee28a3a8d7
Update http_login.rb
...
add parens around conditional to make bikeshed prettier
2013-05-21 11:28:23 -05:00
David Maloney
4503a7af50
Don't save creds of anyuser:anypass
...
If http accepts any user and any pass, it's not a real auth
there is no reason to create cred objects for this.
These creds have been confusing our users
2013-05-16 10:25:32 -05:00
jvazquez-r7
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
sinn3r
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
jvazquez-r7
d1c5179b83
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 17:48:12 -05:00
jvazquez-r7
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
Christian Mehlmauer
eaff87879e
added text
2013-04-19 22:03:05 +02:00
Christian Mehlmauer
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
jvazquez-r7
d4fa2ba96d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 14:14:36 -05:00
jvazquez-r7
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
Tod Beardsley
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
Tod Beardsley
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
jvazquez-r7
79620ed660
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:12:16 +02:00
Tod Beardsley
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
jvazquez-r7
d65bf8bab9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 18:19:41 +02:00
sinn3r
d24371eaff
Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal
2013-04-08 10:18:30 -05:00
sinn3r
1b5c34db1a
Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal
2013-04-08 10:17:19 -05:00
sinn3r
11253c8f3e
Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal
2013-04-08 10:16:52 -05:00
jvazquez-r7
daba48035d
fix DEPTH description and basename
2013-04-05 11:05:46 +02:00
jvazquez-r7
b6edad1f1d
fix DEPTH description and basename
2013-04-05 11:04:43 +02:00
jvazquez-r7
d163e96d6a
fix DEPTH description and basename
2013-04-05 11:02:59 +02:00
jvazquez-r7
d823f724cd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 22:16:35 +02:00
jvazquez-r7
30f44c3a24
final cleanup for dlink_dir_615h_http_login
2013-04-04 22:02:45 +02:00
jvazquez-r7
8f60d12e46
Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_615H
2013-04-04 22:01:49 +02:00
jvazquez-r7
b75d038fc2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 21:54:36 +02:00
jvazquez-r7
7d1e9af728
final cleanup for dlink_dir_session_cgi_http_login
2013-04-04 21:41:42 +02:00
jvazquez-r7
0b9fe53919
module filename changed
2013-04-04 21:41:10 +02:00
jvazquez-r7
6ec6638568
Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B
2013-04-04 21:40:21 +02:00
jvazquez-r7
498a0dc309
final cleanup for dlink_dir_300_615_http_login
2013-04-04 21:15:22 +02:00
jvazquez-r7
cff70e41be
Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login
2013-04-04 21:14:56 +02:00
m-1-k-3
7b4cdf4671
make msftidy happy
2013-04-04 13:22:01 +02:00
m-1-k-3
78c492da20
is_dlink, more feedback included, msftidy
2013-04-04 13:18:32 +02:00
m-1-k-3
2f96a673cd
is_dlink, more feedback included
2013-04-04 13:17:45 +02:00
m-1-k-3
64f3e68310
is_dlink and some more feedback included
2013-04-04 13:01:18 +02:00
jvazquez-r7
89de9fdf22
cleanup for dlink_dir_300_615_http_login
2013-04-03 10:04:01 +02:00
jvazquez-r7
b4b3c82c86
delete space
2013-04-03 00:31:00 +02:00
jvazquez-r7
54120a2d3a
delete space
2013-04-03 00:30:24 +02:00
jvazquez-r7
85d9e3e9ee
delete space
2013-04-03 00:29:38 +02:00
jvazquez-r7
0b4eab2499
added module for ZDI-13-053
2013-04-03 00:24:11 +02:00
jvazquez-r7
018e147063
added module for ZDI-13-052
2013-04-03 00:22:38 +02:00
jvazquez-r7
dc17b4931c
added module for ZDI-13-051
2013-04-03 00:21:01 +02:00
jvazquez-r7
070fd399f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-31 20:23:08 +02:00
m-1-k-3
587170ae52
fixed author details - next try
2013-03-30 12:43:55 +01:00
m-1-k-3
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
m-1-k-3
8032a33cd5
report_auth_info - proof
2013-03-29 22:06:25 +01:00
m-1-k-3
1156194a6b
feedback included, server fingerprinting
2013-03-29 22:04:22 +01:00
m-1-k-3
2b4d6eb455
feedback included, server header check
2013-03-29 21:30:45 +01:00
m-1-k-3
b6a50da394
feedback included, server header check
2013-03-29 21:20:51 +01:00
m-1-k-3
aa981cc991
DIR-645 also working
2013-03-27 12:11:14 +01:00
m-1-k-3
615aa57399
Dlink DIR615 HW rev B login module
2013-03-27 09:26:23 +01:00
m-1-k-3
680b551215
default to user admin
2013-03-27 08:59:19 +01:00
m-1-k-3
032214fb1d
default to user admin
2013-03-27 08:49:04 +01:00
m-1-k-3
e1a719a6c0
http login module for DLink DIR300revB, DIR600revB, DIR815
2013-03-26 20:57:24 +01:00
m-1-k-3
c4fe21865c
user fix
2013-03-26 20:15:19 +01:00
jvazquez-r7
3c12459703
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:33:36 +01:00
jvazquez-r7
9717a8c3b4
cleanup for tplink_traversal_noauth
2013-03-25 19:20:18 +01:00
jvazquez-r7
543b401a55
Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal
2013-03-25 19:18:53 +01:00
jvazquez-r7
393d5d8bf5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:09:42 +01:00
sinn3r
dcce23d23d
Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check
2013-03-25 12:19:52 -05:00
Nathan Einwechter
aad0eed485
Fix whitespace EOL
2013-03-25 13:00:37 -04:00
Nathan Einwechter
3f79b2fd3b
Use :abort for scanner mixin
2013-03-25 12:59:18 -04:00
sinn3r
0d56da0511
Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d
2013-03-25 11:45:40 -05:00
Nathan Einwechter
99fe2a33d7
Deregister USER_AS_PASS and stop on connect error
2013-03-25 12:35:52 -04:00
jvazquez-r7
53b862300e
cleanup for linksys_e1500_traversal
2013-03-25 17:33:38 +01:00
jvazquez-r7
ea804d433e
change file name
2013-03-25 17:33:16 +01:00
m-1-k-3
e57498190b
dlink dir 300/600 login module - initial commit
2013-03-25 08:48:24 +01:00
m-1-k-3
7ff9c70e38
10 to 0 is good :)
2013-03-23 22:46:26 +01:00
m-1-k-3
47d458a294
replacement of the netgear-sph200d module
2013-03-23 22:40:32 +01:00
m-1-k-3
bd522a03e3
replace module to the scanner directory
2013-03-23 22:29:44 +01:00
m-1-k-3
8f59999f82
replace module to the scanner directory
2013-03-23 22:25:04 +01:00
jvazquez-r7
b498bf9b71
up to date
2013-03-12 16:50:35 +01:00
jvazquez-r7
074ea7dee4
Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl
2013-03-11 15:36:20 +01:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
David Maloney
71ba044d03
remove debugging aid
2013-03-04 11:25:34 -06:00
David Maloney
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
James Lee
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
J.Townsend
cbce1bdff2
update module description
...
This adds the version of wordpress the issue was fixed in to the description
2013-02-26 00:24:46 +00:00
James Lee
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
jvazquez-r7
a19da61177
deleting trailing comma
2013-02-16 00:53:28 +01:00
sinn3r
4eca6e5502
Merge branch 'feature/web_crawler_skip_paths' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/web_crawler_skip_paths
2013-02-13 14:07:20 -06:00
jvazquez-r7
167f5970c1
minor cleanup for rails_json_yaml_scanner
2013-02-13 00:07:58 +01:00
jvazquez-r7
3e2a368823
Merge branch 'rails_json_yaml_scanner' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_json_yaml_scanner
2013-02-13 00:07:11 +01:00
Jeff Jarmoc
846052a34d
s/URIPATH/TARGETURI/g per @jvasquez-r7 comments on another pull.
2013-02-12 15:13:06 -06:00
Tasos Laskos
f2cf4304d2
Merge remote-tracking branch 'upstream/master' into feature/web_crawler_skip_paths
2013-02-12 22:10:40 +02:00
Tasos Laskos
9efd3f6c5e
scanner/http/crawler: added ExcludePathPatterns opt
...
Option 'ExcludePathPatterns' allows users to specify which paths should
be excluded from the crawl (and which forms to ignore) by passing a
list of patterns (only allows '*' wildcards).
2013-02-12 21:47:12 +02:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
Jeff Jarmoc
ddd7d307e6
Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333
2013-02-11 16:48:44 -06:00
David Maloney
a43b902b5c
Fix tomcat_mgr_login auth
2013-02-11 12:00:40 -06:00
sinn3r
7370d7d31b
Final touchup
2013-02-08 18:21:06 -06:00
Spencer McIntyre
7522a87cf9
Adding an auxiliary scanner module for Titan FTP password disclosure.
2013-02-08 15:43:02 -05:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
sinn3r
035e8b7100
Merge branch 'groupwise_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-groupwise_traversal
2013-02-07 17:33:34 -06:00
jvazquez-r7
e9912496d8
nice check learned from sinn3r
2013-02-07 22:05:39 +01:00
jvazquez-r7
0d3c32b0a4
Added module for CVE-2012-0419
2013-02-07 21:15:49 +01:00
sinn3r
7f746e1caa
That's what he said.
2013-02-07 11:13:18 -06:00
sinn3r
d554c3a56a
Don't really need the bottom comment
2013-02-07 10:46:42 -06:00
sinn3r
98559d4d51
Do a check and make sure this is Simple Web Server
2013-02-07 10:45:53 -06:00
sinn3r
b11f052746
Allow arbitrary depth
2013-02-07 10:32:29 -06:00
sinn3r
a3264e18e2
There aint no fail_with(), must use print_error
2013-02-07 10:30:17 -06:00
sinn3r
b09f819e4b
Add Simple Web Server dir traversal
2013-02-06 17:02:07 -06:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
Jeff Jarmoc
39cafd0cde
Use OptEnum instead of OptString
2013-02-04 15:08:34 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney
8b1febb4cf
add myself to the blame list for the module =P
2013-02-04 12:32:43 -06:00
David Maloney
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
Jeff Jarmoc
5e0c18af2f
adding self to credits
2013-02-03 16:14:42 -06:00
Jeff Jarmoc
57c8e41846
Re-order probes and checks.
...
This causes module to exit if error conditions are found, before sending unecessary probes.
2013-02-03 16:10:46 -06:00
Jeff Jarmoc
8dff427776
Allow 4xx codes, display codes in verbose output
2013-02-03 16:07:07 -06:00
Jeff Jarmoc
810470de3b
Make HTTP_METHOD Configurable
2013-02-03 16:05:45 -06:00
David Maloney
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley
b1f8b87f14
Chmod -x the joomla modules. Also fix a title typo
...
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
2013-01-29 17:02:43 -06:00
sinn3r
1ea1ad3166
Fix the forgotten path()
2013-01-28 14:48:22 -06:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
jvazquez-r7
01b7e3554e
fix issue found by newpid0
2013-01-25 22:05:09 +01:00
jvazquez-r7
d0ecb617c3
Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner
2013-01-25 21:47:05 +01:00
jvazquez-r7
d6e9f891ea
Proposal for joomla-scanner
2013-01-25 20:44:49 +01:00
f8lerror
dd1ce34ecc
Made recommended changes removed short timeout added returns and other small changes
2013-01-24 17:04:22 -05:00
sinn3r
af3a1db4c1
Make better use of ruby regex
2013-01-24 14:16:01 -06:00
sinn3r
077c04d13a
Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version
2013-01-24 13:51:27 -06:00
f8lerror
6cdb1a80de
Remove app from fingerprint and blank line
2013-01-24 09:47:20 -05:00
f8lerror
bf2b01f8ef
Delete a file and strip space
2013-01-24 09:30:04 -05:00
f8lerror
6e94c04a52
Code Corrections and Enhancements
2013-01-23 20:26:23 -05:00
sinn3r
5cfabb0443
Apply the changes I suggested before
2013-01-23 00:15:09 -06:00
sinn3r
1e39c31cc2
Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal
2013-01-23 00:06:35 -06:00
f8lerror
5cfe58e8d5
General code review and corrections
2013-01-20 22:33:04 -05:00
Christian Mehlmauer
e613c860a5
Added Name and Emailadress
2013-01-17 23:17:14 +01:00
Tod Beardsley
a43b218917
Line full of whitespace
2013-01-17 12:43:06 -08:00
f8lerror
0b61d28e0e
added Joomla scanner and url wordlist
2013-01-17 11:36:59 -05:00
lmercer
a701b5eb79
fixed an error that occurred when patching.
2013-01-16 18:21:19 -05:00
lmercer
ddd2dbc17b
Updated coldfusion_local_traversal as described in Redmine Feature #6822
2013-01-16 17:54:15 -05:00
lmercer
481f2eb791
updated cold_fusion_version from Redmine Feature #6822
2013-01-16 17:23:35 -05:00
sinn3r
9dc42e93e7
Reduce unnecessary indent level
2013-01-15 14:36:41 -06:00
sinn3r
5109cc97fe
Add more verbs
...
[SeeRM: #7138 ] by jabra
2013-01-15 14:11:53 -06:00
sinn3r
ef6eec949c
Move impersonate_ssl
...
To 'gather', because it grabs stuff, not scans.
2013-01-11 17:22:27 -06:00
jvazquez-r7
8c5847a13c
Make output compatible with an scanner module
2013-01-11 00:10:15 +01:00
jvazquez-r7
0e950997e6
Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access
2013-01-10 23:57:22 +01:00
smilingraccoon
0c58a118ff
Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex
2013-01-10 11:32:48 -05:00
smilingraccoon
fc5a0e22b2
stupid push, forgot to remove test puts
2013-01-10 10:43:57 -05:00
smilingraccoon
ed9d290a85
added status messages, made var blog_posts initalize as nil rather than empty string
2013-01-10 10:41:25 -05:00
smilingraccoon
5bafd6ddcc
added status message
2013-01-10 09:43:37 -05:00
jvazquez-r7
5fe2f967da
this rescue is done in the mixin
2013-01-09 21:28:06 +01:00
HD Moore
07f8eb6a07
Fix up a typo
2013-01-09 13:05:27 -06:00
HD Moore
adb4c89602
Add a scanner module for CVE-2013-0156
2013-01-09 12:50:38 -06:00
smilingraccoon
a0a4ef843b
added error msgs to rescue
2013-01-09 11:22:36 -05:00
Thomas McCarthy
f45739933e
Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb
...
Changed name var in initialize
2013-01-08 19:20:02 -05:00
luh2
8e80f5e82c
Public key size determined properly
2013-01-08 16:39:27 +01:00
smilingraccoon
9f69dbbd30
update unless statements, targeturi, and resolve var
2013-01-07 13:17:49 -05:00
Tod Beardsley
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
Tod Beardsley
6a9445966a
Caught missing paren
2013-01-07 11:21:55 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
smilingraccoon
0de23a7edb
fixed description
2013-01-04 21:16:56 -05:00
smilingraccoon
e35afdce5d
added wordpress-pingback scanner
2013-01-04 20:59:33 -05:00
smilingraccoon
3936725958
added wordpress-pingback scanner
2013-01-04 20:44:40 -05:00
sinn3r
6f50410e5f
Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1
2013-01-03 17:51:54 -06:00
James Lee
9e912a23ff
Merge branch 'rapid7' into FireFart-msftidy_aux_1
2013-01-03 16:54:25 -06:00
Tonimir Kisasondi
39e81fb07f
Update modules/auxiliary/scanner/http/wordpress_login_enum.rb
...
Simple fix for msfconsole start error.
2013-01-03 21:52:10 +01:00
Christian Mehlmauer
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
Christian Mehlmauer
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
Christian Mehlmauer
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
Christian Mehlmauer
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
Rob Fuller
88d12da3db
hilight positive results in WebDAV scanner
...
As suggested by Lee Baird
2013-01-02 13:27:25 -05:00
sinn3r
d92b3bd2e1
Apply fixes
2012-12-28 17:46:17 -06:00
sinn3r
2746a57093
Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum
2012-12-28 15:42:09 -06:00
Zach Grace
d4bdf1b6b4
Added user name enumeration based on author id enumeration
2012-12-24 16:09:03 -06:00
Chris John Riley
e237512bd7
Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate)
2012-12-21 10:47:45 +01:00
sinn3r
cad8abef48
msftidy cleanup
2012-12-18 11:46:27 -06:00
sinn3r
860ebbcfb1
Merge branch 'master' into averagesecurityguy-master
2012-12-18 11:45:41 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
luh2
3da4c4f743
Add author's email
2012-12-14 10:38:22 +01:00
luh2
67b4675d01
comply to code conventions
2012-12-13 14:58:33 +01:00
luh2
94fdd4c6fe
fix typo
2012-12-13 14:42:16 +01:00
luh2
eea4770521
warns about key size and valid time
2012-12-13 14:40:43 +01:00
jvazquez-r7
8f388eb226
fixing if typo
2012-12-11 23:28:21 +01:00
sinn3r
0ca1dbd14e
Account for the timeout condition
2012-12-11 16:24:42 -06:00
sinn3r
25d888bebb
Add CVE-2012-4347 Symantec Messaging Gateway Log File Download
2012-12-10 18:09:29 -06:00
sinn3r
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
Stephen Haywood
f56ef52ffc
Fixed path error when BASE_PATH is nil.
2012-12-06 23:55:34 -05:00
Stephen Haywood
761e735a55
Store wc.db file in loot. Add BASE_PATH option.
2012-12-06 23:38:03 -05:00
Stephen Haywood
8a149b3ea3
Removed Version.
2012-12-06 17:24:16 -05:00
Stephen Haywood
4ce51fe889
Made changes requested by sinn3r.
2012-12-06 17:18:50 -05:00
Stephen Haywood
d938959e97
Module to find SVN wc.db files.
2012-12-06 16:30:23 -05:00
sinn3r
1085357dbb
Talked to Todb, we like "." better
2012-11-30 14:53:57 -06:00
sinn3r
61a74bf257
Minor changes here and there
...
Changes include:
* Some corrections in metadata
* report_note()
* Removes connect(), usually don't need it in modules
2012-11-30 14:24:27 -06:00
Matt Andreko
a73d8792ee
Changed RPORT definition per egypt
2012-11-30 13:57:25 -05:00
Matt Andreko
40b8c93ef8
Added HSTS scanner for HTTPS sites
2012-11-30 09:30:11 -05:00
sinn3r
472ec35adb
Merge branch 'kost-aux-scan-splunk-login'
2012-11-26 16:16:02 -06:00
sinn3r
af451df864
Lots of changes made
...
These changes include:
* More description
* Checks if auth is actually required.
* Collects the default credential on the webpage, and then tries it.
* Fixes possible nil 'Set-Cookie' header.
* Supports more options (USERPASS_FILE, USER_FILE, PASS_FILE)
* Removes the msg() function.
2012-11-26 16:12:11 -06:00
Tasos Laskos
7795dc58f4
auxiliary/scanner/http/crawler#form_from_url: rescue => rescue URI::Error
2012-11-26 20:54:20 +02:00
Tasos Laskos
c17cffdece
auxiliary/scanner/http: wrapped an exception-prone URL parse in a begin/rescue block
2012-11-26 18:58:06 +02:00
Vlatko Kosturjak
7bafc97fec
Remove non needed and redundant checks
2012-11-24 23:01:08 +01:00
Vlatko Kosturjak
cdfe663675
initial import of splunk password guesser
2012-11-24 22:05:57 +01:00
Tod Beardsley
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
James Lee
c65f37782d
Merge branch 'rapid7' into tasos-r7-web-modules
2012-11-16 13:52:18 -06:00
jvazquez-r7
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
jvazquez-r7
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
Tasos Laskos
8a9f0a0890
Merge remote-tracking branch 'upstream/master' into web-modules
2012-11-14 18:10:41 +02:00
sinn3r
ee7e502e89
Merge branch 'impersonate_ssl_tweak' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-impersonate_ssl_tweak
2012-11-13 09:36:28 -06:00
sinn3r
72f0a5613f
Add more improvements
2012-11-12 15:40:12 -06:00
sinn3r
8fe3f289bf
Merge branch 'drupal_views_user_enum.rb' of git://github.com/zeknox/metasploit-framework into zeknox-drupal_views_user_enum.rb
2012-11-12 14:48:13 -06:00
Chris John Riley
94120604f2
Set back to target_uri.to_s per original module
2012-11-11 12:07:27 +01:00
Chris John Riley
76ba770872
fixed target_uri.path vs target_uri.to_s issue
2012-11-11 11:59:10 +01:00
Chris John Riley
38b25f01f7
Corrected bad coding (sorry)
...
Added OptEnum and OptPath
Checks for nil and empty
Added reference
Made AlterSerial an advanced option instead of always on
2012-11-10 20:24:50 +01:00
Tod Beardsley
1b9d45e106
Test for subdom_list existence first
...
Otherwise, you get
````
[11/09/2012 14:50:38] [e(0)] core: Error running against host
173.236.237.136: can't convert nil into String
````
Other than that, looks good.
[Fixes #851 ]
2012-11-09 15:01:36 -06:00