d6e9f891ea
Proposal for joomla-scanner
2013-01-25 20:44:49 +01:00
0490b4a853
I wanna know where this thing is stored.
2013-01-25 13:18:28 -06:00
f5182b4e6b
Merge branch 'titanftp_xcrc_traversal' of github.com:zeknox/metasploit-framework into zeknox-titanftp_xcrc_traversal
2013-01-25 13:15:18 -06:00
0a4fadcb09
Comments don't seem to align properly w/ tabs
2013-01-25 13:07:13 -06:00
7d4e7676ce
This file has a MSF license, needs the header
2013-01-25 13:04:20 -06:00
a14cd71047
Merge branch 'ms12-020_check.rb' of github.com:zeknox/metasploit-framework into zeknox-ms12-020_check.rb
2013-01-25 12:56:02 -06:00
4824d11ff3
removed white space
2013-01-25 12:14:41 -06:00
3742fd5a17
duplicate include
2013-01-25 11:58:04 -06:00
8578e7cf85
renamed file
2013-01-25 11:55:54 -06:00
fc3d87ed4c
added ms12-020 checker
2013-01-25 10:43:43 -06:00
e32bd8d4e0
Comma deleted
2013-01-25 11:44:08 +01:00
a204f6fd1b
variable typo
2013-01-25 02:18:20 -05:00
976e59954c
update description
2013-01-25 02:14:42 -05:00
a9821fce29
add action option for domain user enum
2013-01-25 02:08:30 -05:00
dd1ce34ecc
Made recommended changes removed short timeout added returns and other small changes
2013-01-24 17:04:22 -05:00
15253f23bf
added RHOSTS funct
2013-01-24 15:29:35 -06:00
af3a1db4c1
Make better use of ruby regex
2013-01-24 14:16:01 -06:00
077c04d13a
Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version
2013-01-24 13:51:27 -06:00
6cdb1a80de
Remove app from fingerprint and blank line
2013-01-24 09:47:20 -05:00
bf2b01f8ef
Delete a file and strip space
2013-01-24 09:30:04 -05:00
8e09247703
Rename to match the OEM vendor
2013-01-23 21:10:25 -06:00
2c12666f4e
Update the vendor to match the OEM source
2013-01-23 21:10:05 -06:00
6e94c04a52
Code Corrections and Enhancements
2013-01-23 20:26:23 -05:00
3418457b9a
Small changes (extra comma + typo)
2013-01-23 16:29:25 -06:00
cfde24785c
Adds a password grabber module for Swann DVRs
2013-01-23 14:23:58 -06:00
5cfabb0443
Apply the changes I suggested before
2013-01-23 00:15:09 -06:00
1e39c31cc2
Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal
2013-01-23 00:06:35 -06:00
20b36cdf7a
added extra checking for strict databases
2013-01-22 15:42:23 +00:00
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
5cfe58e8d5
General code review and corrections
2013-01-20 22:33:04 -05:00
4d5a7a3d4d
Brute force directory and file names with MySQL
2013-01-20 21:32:02 +00:00
e7604f80b2
added a warning and using optpath
2013-01-20 21:24:00 +00:00
6da4b72d85
added a warning and using optpath
2013-01-20 21:23:59 +00:00
ebb0635e0a
stopped using fixed table name
2013-01-20 21:23:59 +00:00
fce58ad96d
Fixed msftidy stuff
2013-01-20 21:23:58 +00:00
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
e613c860a5
Added Name and Emailadress
2013-01-17 23:17:14 +01:00
a43b218917
Line full of whitespace
2013-01-17 12:43:06 -08:00
ffd8890ba2
Merge branch 'smb_login_option' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-smb_login_option
2013-01-17 18:15:41 +01:00
0b61d28e0e
added Joomla scanner and url wordlist
2013-01-17 11:36:59 -05:00
a701b5eb79
fixed an error that occurred when patching.
2013-01-16 18:21:19 -05:00
ddd2dbc17b
Updated coldfusion_local_traversal as described in Redmine Feature #6822
2013-01-16 17:54:15 -05:00
481f2eb791
updated cold_fusion_version from Redmine Feature #6822
2013-01-16 17:23:35 -05:00
9dc42e93e7
Reduce unnecessary indent level
2013-01-15 14:36:41 -06:00
5109cc97fe
Add more verbs
...
[SeeRM: #7138 ] by jabra
2013-01-15 14:11:53 -06:00
6e6e90d733
Cosmetic changes
2013-01-15 11:36:49 -06:00
a06d49a8be
Return symbols
...
STOP_ON_SUCCESS is being ignored because the module's login function
doesn't pass a symbol to the mixin. This addresses that.
2013-01-15 11:25:02 -06:00
ef6eec949c
Move impersonate_ssl
...
To 'gather', because it grabs stuff, not scans.
2013-01-11 17:22:27 -06:00
8c5847a13c
Make output compatible with an scanner module
2013-01-11 00:10:15 +01:00
0e950997e6
Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access
2013-01-10 23:57:22 +01:00
0c58a118ff
Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex
2013-01-10 11:32:48 -05:00
fc5a0e22b2
stupid push, forgot to remove test puts
2013-01-10 10:43:57 -05:00
ed9d290a85
added status messages, made var blog_posts initalize as nil rather than empty string
2013-01-10 10:41:25 -05:00
5bafd6ddcc
added status message
2013-01-10 09:43:37 -05:00
5fe2f967da
this rescue is done in the mixin
2013-01-09 21:28:06 +01:00
07f8eb6a07
Fix up a typo
2013-01-09 13:05:27 -06:00
adb4c89602
Add a scanner module for CVE-2013-0156
2013-01-09 12:50:38 -06:00
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
a0a4ef843b
added error msgs to rescue
2013-01-09 11:22:36 -05:00
4e70f7d888
Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive
2013-01-09 01:13:43 -06:00
f45739933e
Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb
...
Changed name var in initialize
2013-01-08 19:20:02 -05:00
69485ba261
made changes as specified in Redmine Bug #7139
2013-01-08 12:14:57 -05:00
8e80f5e82c
Public key size determined properly
2013-01-08 16:39:27 +01:00
3ceb313752
Fixes format string issue in smb_login - FixRM #7657
2013-01-07 22:17:49 -06:00
c74d258509
Revert "Fixes format string issue in smb_login - FixRM #7657"
...
Will replay on separate branch.
This reverts commit a12b628ccc
2013-01-07 22:03:57 -06:00
60987de854
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-07 21:20:20 -06:00
a12b628ccc
Fixes format string issue in smb_login - FixRM #7657
2013-01-07 21:20:09 -06:00
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
9f69dbbd30
update unless statements, targeturi, and resolve var
2013-01-07 13:17:49 -05:00
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
6a9445966a
Caught missing paren
2013-01-07 11:21:55 -06:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
0de23a7edb
fixed description
2013-01-04 21:16:56 -05:00
e35afdce5d
added wordpress-pingback scanner
2013-01-04 20:59:33 -05:00
3936725958
added wordpress-pingback scanner
2013-01-04 20:44:40 -05:00
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
6f50410e5f
Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1
2013-01-03 17:51:54 -06:00
9e912a23ff
Merge branch 'rapid7' into FireFart-msftidy_aux_1
2013-01-03 16:54:25 -06:00
39e81fb07f
Update modules/auxiliary/scanner/http/wordpress_login_enum.rb
...
Simple fix for msfconsole start error.
2013-01-03 21:52:10 +01:00
1406f7cb0a
Msftidy on sap_router_info_request
2013-01-03 10:55:11 -06:00
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
88d12da3db
hilight positive results in WebDAV scanner
...
As suggested by Lee Baird
2013-01-02 13:27:25 -05:00
33ea21e415
Merge branch '403labs-zgrace-wordpress_login_enum'
2012-12-28 17:47:05 -06:00
d92b3bd2e1
Apply fixes
2012-12-28 17:46:17 -06:00
e5eb8c6301
Fix connected in sap_router_info_request
...
See #1028 comments
2012-12-28 16:34:59 -06:00
2746a57093
Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum
2012-12-28 15:42:09 -06:00
3daea913b1
Merge branch 'sap_router_info_request'
2012-12-28 15:22:44 -06:00
35604ac1aa
Normalizing caps and expanding description a bit
...
Be nice to have a couple more lines on the description
2012-12-28 15:12:40 -06:00
5d7197d8ba
Moved shout outs, organized includes
...
include Msf::Exploit::Remote::Tcp must precede the include for the
Scanner mixin -- otherwise you end up with some undesired effects, like
having an RHOST and RHOSTS on the datastore.
Also, took out the block of shout outs and gave references and credits
to the people / url's mentioned.
2012-12-28 14:51:23 -06:00
d4bdf1b6b4
Added user name enumeration based on author id enumeration
2012-12-24 16:09:03 -06:00
2c4d517e75
Merge branch 'useragent_cleanup' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-useragent_cleanup
2012-12-21 11:14:06 -06:00
413b75cd8b
Fixed crash issues with unescape
...
Added better formatting to avoid pages of output
2012-12-21 12:07:14 +01:00
e237512bd7
Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate)
2012-12-21 10:47:45 +01:00
cad8abef48
msftidy cleanup
2012-12-18 11:46:27 -06:00
860ebbcfb1
Merge branch 'master' into averagesecurityguy-master
2012-12-18 11:45:41 -06:00
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
9825b07df8
Merge branch 'sap_soap_rfc_dbmcli_sxpg_command_exec' of git://github.com/nmonkee/metasploit-framework into nmonkee-sap_soap_rfc_dbmcli_sxpg_command_exec
2012-12-18 01:12:50 -06:00
37f7122006
NameError undefined local variable or method output - fixed
2012-12-17 19:34:36 +00:00
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
3da4c4f743
Add author's email
2012-12-14 10:38:22 +01:00
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
67b4675d01
comply to code conventions
2012-12-13 14:58:33 +01:00
94fdd4c6fe
fix typo
2012-12-13 14:42:16 +01:00
eea4770521
warns about key size and valid time
2012-12-13 14:40:43 +01:00
8f388eb226
fixing if typo
2012-12-11 23:28:21 +01:00
b5b5667539
Merge branch 'symantec_brightmail' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_brightmail
2012-12-11 23:27:56 +01:00
0ca1dbd14e
Account for the timeout condition
2012-12-11 16:24:42 -06:00
461f057c95
Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users
2012-12-11 17:33:31 +01:00
25d888bebb
Add CVE-2012-4347 Symantec Messaging Gateway Log File Download
2012-12-10 18:09:29 -06:00
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
f56ef52ffc
Fixed path error when BASE_PATH is nil.
2012-12-06 23:55:34 -05:00
761e735a55
Store wc.db file in loot. Add BASE_PATH option.
2012-12-06 23:38:03 -05:00
600121c36a
Fixed issue involing static path to Windows directory
2012-12-06 16:28:59 -06:00
8a149b3ea3
Removed Version.
2012-12-06 17:24:16 -05:00
4ce51fe889
Made changes requested by sinn3r.
2012-12-06 17:18:50 -05:00
d938959e97
Module to find SVN wc.db files.
2012-12-06 16:30:23 -05:00
232eb7bf2d
Final cleanup plus name change
2012-12-05 00:32:42 +01:00
9cff72af72
Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users
2012-12-05 00:31:24 +01:00
a1136be59e
Fixed last ip changed it to peer
2012-12-02 19:17:59 -06:00
2b171bb003
Added report_note functionality
2012-12-02 18:49:50 -06:00
e4e3ec8fdd
Fixed module to use clean psexec method
2012-12-02 18:35:23 -06:00
476a5dc58c
Fixed return without disconnect
2012-12-02 18:27:27 -06:00
4276279dd8
Fixed print_status to use peer instead of ip
2012-12-02 18:25:09 -06:00
1085357dbb
Talked to Todb, we like "." better
2012-11-30 14:53:57 -06:00
61a74bf257
Minor changes here and there
...
Changes include:
* Some corrections in metadata
* report_note()
* Removes connect(), usually don't need it in modules
2012-11-30 14:24:27 -06:00
a73d8792ee
Changed RPORT definition per egypt
2012-11-30 13:57:25 -05:00
40b8c93ef8
Added HSTS scanner for HTTPS sites
2012-11-30 09:30:11 -05:00
7d4982b47b
Fixed description area and authoer section
2012-11-29 14:21:27 -06:00
d6a3f6666d
Fixed simple return form get_output method
2012-11-29 14:15:57 -06:00
cf53588ab7
Removed Version
2012-11-29 14:14:41 -06:00
3ebbee5b1f
Removed generic URLs
2012-11-29 14:13:49 -06:00
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
82dc8e8814
Added check for LOGONSERVER and HOMEPATH
2012-11-28 09:02:19 -06:00
a24ebde3e3
Fix syntax on @@loaded_msfrpc
2012-11-27 14:10:46 -06:00
84294655aa
Update the require, error handling, casing
2012-11-27 11:44:51 -08:00
b008eb93c9
Fix msgpack issue
2012-11-27 12:45:01 -06:00
0440708453
I missed this sucker: var in a quote
2012-11-27 11:57:51 -06:00
24f44e7a82
Lots of small changes
...
Basically the same changes I've been correcting like the rest of
other modules.
2012-11-27 11:52:58 -06:00
4dbb82d0bc
Merge branch 'aux-scan-nexpose' of git://github.com/kost/metasploit-framework into kost-aux-scan-nexpose
2012-11-27 11:25:44 -06:00
139c149583
This variable doesn't have to be in a quote
2012-11-27 11:19:04 -06:00
673c519fa3
msg() isn't needed, because it's already implemented in HttpClient
2012-11-27 11:18:27 -06:00
7c3e478070
Final changes
2012-11-27 11:16:12 -06:00
bb34fb8dec
Actually, this is the exact reason why res can be nil
2012-11-27 11:14:52 -06:00
eb30765509
Use vars_post instead of data
2012-11-27 11:13:21 -06:00
4796fb4415
These don't need to be in a quote
2012-11-27 11:12:15 -06:00
5b787406b9
Correct output messages
...
When HttpClient is used, it's actually not necessary to put the
target's IP/port and the module name in the output, because it's
already included in there.
2012-11-27 11:10:31 -06:00
jvazquez-r7
sinn3r
Brandon McCann
Rob Fuller
f8lerror
HD Moore
Robin Wood
Christian Mehlmauer
Tod Beardsley
lmercer
smilingraccoon
luh2
Joshua J. Drake
James Lee
Tonimir Kisasondi
Zach Grace
Chris John Riley
nmonkee
Stephen Haywood
Royce Davis
Matt Andreko
Alexandre Maloteaux