Metasploit
9edc08cd36
Bump version of framework to 4.14.8
2017-03-31 14:38:29 -07:00
David Maloney
7b9772376a
deregeister smb2_login from pro bruteforce
...
this loginscanner is temporary while we continue
to add the smb2 support and so we don't want the
Metasploit Pro bruteforcer picking it up
MS-2609
2017-03-31 13:34:10 -05:00
Metasploit
b6085e188d
Bump version of framework to 4.14.7
2017-03-31 10:02:19 -07:00
David Maloney
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
Metasploit
51646e44a1
Bump version of framework to 4.14.6
2017-03-24 10:02:24 -07:00
Metasploit
8976faa3d1
Bump version of framework to 4.14.5
2017-03-23 08:41:49 -07:00
Metasploit
df181c1792
Bump version of framework to 4.14.4
2017-03-21 14:58:37 -07:00
Metasploit
6200a3abb8
Bump version of framework to 4.14.3
2017-03-17 10:02:41 -07:00
Metasploit
db581a040a
Bump version of framework to 4.14.2
2017-03-07 07:01:57 -08:00
Metasploit
f9e4fd54fe
Bump version of framework to 4.14.1
2017-02-24 13:31:17 -08:00
Jeffrey Martin
a954521d75
bump minor version
2017-02-24 15:07:07 -06:00
Metasploit
0f4e03be7b
Bump version of framework to 4.13.27
2017-02-24 10:03:33 -08:00
Metasploit
01558d3d51
Bump version of framework to 4.13.26
2017-02-21 14:01:15 -08:00
James Barnett
93f75746c4
Fix logic error in #7985
...
The check_setup method expects an error message if the
web server is not compatible with the module, and false otherwise.
We were previously returning the opposite of the expected behavior.
2017-02-21 13:49:59 -06:00
wchen-r7
adf1385427
Fix #7984 , Fix NoMethodError `match' for bavision_cameras.rb
...
Fix #7984
2017-02-21 12:00:01 -06:00
Metasploit
647020289f
Bump version of framework to 4.13.25
2017-02-17 17:03:42 -08:00
Brent Cook
17b88da080
Land #7964 , fix running a scanner with USER_AS_PASS and USER_FILE
2017-02-17 17:16:49 -06:00
Metasploit
6e62899e1c
Bump version of framework to 4.13.24
2017-02-17 10:02:51 -08:00
Rich Whitcroft
4e5dabf35f
fix cred_scanner's has_privates? method
2017-02-15 16:05:49 -05:00
Metasploit
184707c6fc
Bump version of framework to 4.13.23
2017-02-13 16:04:35 -08:00
Metasploit
44d229ad49
Bump version of framework to 4.13.22
2017-02-10 10:02:43 -08:00
James Lee
4f13bde471
Override `empty?` for the weird ones
...
Fixes #7899
2017-02-09 14:57:20 -06:00
Metasploit
d81bdc1c02
Bump version of framework to 4.13.21
2017-02-07 17:27:47 -08:00
Metasploit
9a5d5eec2e
Bump version of framework to 4.13.20
2017-02-03 10:04:05 -08:00
Jeffrey Martin
1bb8c9bd93
missed userpass_file on CredentialCollection.empty?
2017-02-01 15:42:21 -06:00
Metasploit
321fa91c75
Bump version of framework to 4.13.19
2017-02-01 11:28:53 -08:00
wchen-r7
f925793d70
Land #7894 , refactor empty test on CredentialCollection
2017-02-01 11:57:31 -06:00
Metasploit
be170ab8b2
Bump version of framework to 4.13.18
2017-01-31 14:20:40 -08:00
Jeffrey Martin
0dcf0002ae
refactor empty test on CredentialCollection
2017-01-31 15:16:26 -06:00
Brent Cook
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
Metasploit
95449a846b
Bump version of framework to 4.13.17
2017-01-27 10:02:17 -08:00
wchen-r7
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
bwatters
253e39e18c
Land #7680 , Fix #7679 , LoginScanner should abort if there is no creds to try
2017-01-23 14:08:32 -06:00
wchen-r7
5de09d3455
Check username & password options
2017-01-23 11:42:04 -06:00
Brent Cook
9581f18392
handle nil pathname
2017-01-22 10:20:04 -06:00
Brent Cook
dc506c1dd6
present? is not a method of Pathname
2017-01-22 10:20:04 -06:00
Brent Cook
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
Metasploit
c2e4a50924
Bump version of framework to 4.13.16
2017-01-20 10:02:29 -08:00
wchen-r7
a687073416
Add Cisco Firepower Management Console LoginScanner
2017-01-13 16:59:20 -06:00
Metasploit
56ed8bc021
Bump version of framework to 4.13.15
2017-01-13 10:05:02 -08:00
Metasploit
f311511e6d
Bump version of framework to 4.13.14
2017-01-10 14:03:16 -08:00
wchen-r7
99f47158b3
Update base.rb for checking empty creds
2017-01-09 17:23:11 -06:00
wchen-r7
bdb99bbcf2
Check cred_details for empty creds
2017-01-09 17:16:09 -06:00
dmohanty-r7
5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
Metasploit
b074042b99
Bump version of framework to 4.13.13
2017-01-06 12:00:26 -08:00
Metasploit
1ef2e54539
Bump version of framework to 4.13.12
2017-01-06 10:03:13 -08:00
Metasploit
7ef4db1465
Bump version of framework to 4.13.11
2017-01-04 14:53:33 -08:00
wchen-r7
81b310f928
Up to date
2016-12-23 17:24:01 -06:00
wchen-r7
5e5aa8cd03
Fix a typo
2016-12-23 16:23:24 -06:00
wchen-r7
144f886e8b
Add LoginScanner module for BAVision IP cameras
2016-12-23 16:22:17 -06:00
Metasploit
f50fa516f4
Bump version of framework to 4.13.10
2016-12-23 10:01:58 -08:00
Metasploit
3a998fada2
Bump version of framework to 4.13.9
2016-12-18 13:22:52 -08:00
dmohanty-r7
f74fd9e5dd
Land #7672 , support LOCKED_OUT and DISABLED login status
2016-12-16 15:11:05 -06:00
Metasploit
c5c710f837
Bump version of framework to 4.13.8
2016-12-16 10:02:02 -08:00
Metasploit
12af07d8cb
Bump version of framework to 4.13.7
2016-12-09 10:03:22 -08:00
Jon Hart
4614b7023d
Land #7604 , @godinezj's post module for creating AWS IAM accounts
2016-12-08 14:26:22 -08:00
wchen-r7
ce5c1f07c3
Fix rspecs
2016-12-08 16:11:06 -06:00
wchen-r7
b537146393
Fix #7679 , LoginScanner should abort if there is no creds to try
...
Fix #7679
2016-12-08 15:01:30 -06:00
Jon Hart
aaa49550a7
Move call_api printing to verbose
2016-12-08 11:20:53 -08:00
wchen-r7
0110b97fa2
Fix #7671 , support LOCKED_OUT and DISABLED login status
...
This allows login scanner modules to skip a user if it is
locked out, or disabled.
Fix #7671
2016-12-07 16:49:16 -06:00
wchen-r7
ba9ce3fcfb
Land #7665 , Add ABORT_ON_LOCKOUT option for smb_login
2016-12-07 15:52:50 -06:00
Javier Godinez
99ba1e45ff
Removed unused params
2016-12-07 10:10:09 -08:00
Metasploit
a54c0c4e1f
Bump version of framework to 4.13.6
2016-12-07 09:00:16 -08:00
Rich Whitcroft
d3a8409a49
prevent further lockouts in smb_login
2016-12-06 21:53:08 -05:00
Jon Hart
0b46e90bbb
Only print out AWS API responses when in verbose mode
2016-12-06 17:32:48 -08:00
Jon Hart
a13382c80b
Address most of rubocop's nits
2016-12-06 17:10:34 -08:00
Metasploit
7edb5e19e2
Bump version of framework to 4.13.5
2016-12-05 15:09:06 -08:00
h00die
3d09e283cf
module ready
2016-12-02 22:03:23 -05:00
Metasploit
76db530a86
Bump version of framework to 4.13.4
2016-12-02 10:02:53 -08:00
h00die
260f793f2c
y no update challenge
2016-11-30 22:57:12 -05:00
h00die
8369855e4f
pushing for help
2016-11-30 20:47:47 -05:00
h00die
c190cc775e
pushing for help
2016-11-30 19:45:24 -05:00
Metasploit
f46ca66858
Bump version of framework to 4.13.3
2016-11-28 06:35:44 -08:00
Metasploit
79e8ffd983
Bump version of framework to 4.13.2
2016-11-25 10:03:24 -08:00
Javier Godinez
0700b17f7e
Added sanity checks
2016-11-24 21:04:10 -08:00
Javier Godinez
b4add59a3d
Moved metadata_creds() so Client can be included in Aux/Post modules
2016-11-24 21:03:38 -08:00
Javier Godinez
0eaeeb4aa7
Adds a generic AWS client module
2016-11-22 14:54:18 -08:00
h00die
372cf740da
saving before changing branches
2016-11-21 22:06:20 -05:00
h00die
05e59bbe19
non-working copy of varnish
2016-11-19 22:09:19 -05:00
Metasploit
643a5511cf
Bump version of framework to 4.13.1
2016-11-18 10:01:48 -08:00
h00die
cd01b07682
Land #7565
...
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
Metasploit
383314530a
Bump version of framework to 4.13.0
2016-11-16 07:48:26 -08:00
Tod Beardsley
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
Metasploit
f116ad2c59
Bump version of framework to 4.12.42
2016-11-11 10:02:14 -08:00
Metasploit
2c39a14ada
Bump version of framework to 4.12.41
2016-11-04 10:02:13 -07:00
Brent Cook
6577728fa9
enable auto-negotiation for TLS version with SQL Server
2016-11-01 05:45:27 -05:00
Metasploit
ffc62964d6
Bump version of framework to 4.12.40
2016-10-28 10:02:36 -07:00
Metasploit
6a23168800
Bump version of framework to 4.12.39
2016-10-25 12:22:52 -07:00
Metasploit
e29567f390
Bump version of framework to 4.12.38
2016-10-24 14:25:47 -07:00
Metasploit
bf59ba526a
Bump version of framework to 4.12.37
2016-10-24 07:35:41 -07:00
Metasploit
8e0d866976
Bump version of framework to 4.12.36
2016-10-21 10:02:09 -07:00
Metasploit
74340e9eb7
Bump version of framework to 4.12.35
2016-10-14 15:13:45 -07:00
Metasploit
b3666ff7ab
Bump version of framework to 4.12.34
2016-10-14 10:04:05 -07:00
Metasploit
adb6f31e36
Bump version of framework to 4.12.33
2016-10-08 20:57:08 -07:00
Metasploit
8a6426df48
Bump version of framework to 4.12.32
2016-10-07 10:04:32 -07:00
Metasploit
a0ebf5ea2d
Bump version of framework to 4.12.31
2016-10-06 11:23:08 -07:00
Metasploit
73c11a63b4
Bump version of framework to 4.12.30
2016-09-30 10:03:42 -07:00
Metasploit
5ea1e7b379
Bump version of framework to 4.12.29
2016-09-26 12:06:21 -07:00
Metasploit
3ddf80dd7a
Bump version of framework to 4.12.28
2016-09-23 10:02:37 -07:00
Metasploit
5acc17a800
Bump version of framework to 4.12.27
2016-09-16 10:02:52 -07:00
Metasploit
32998d938f
Bump version of framework to 4.12.26
2016-09-13 16:59:37 -07:00
wchen-r7
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
Metasploit
8eb2c926f3
Bump version of framework to 4.12.25
2016-09-13 13:37:08 -07:00
Adam Cammack
aa193bf372
Set defaults in WordpressMulticall login scanner
...
This login scanner would crash it was used like a normal login scanner.
MS-2007
2016-09-12 11:22:15 -05:00
Brendan
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
james-otten
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
Metasploit
58112d7b4d
Bump version of framework to 4.12.24
2016-09-02 10:02:44 -07:00
Metasploit
ea32c313d3
Bump version of framework to 4.12.23
2016-08-26 10:06:44 -07:00
Pearce Barry
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
Metasploit
87d34cfbba
Bump version of framework to 4.12.22
2016-08-19 10:02:28 -07:00
Metasploit
a6ba386728
Bump version of framework to 4.12.21
2016-08-12 10:02:36 -07:00
Metasploit
d57e4d6349
Bump version of framework to 4.12.20
2016-08-10 15:30:37 -07:00
Metasploit
280216d74d
Bump version of framework to 4.12.19
2016-08-09 14:49:58 -07:00
Metasploit
e7aa658893
Bump version of framework to 4.12.18
2016-08-05 10:05:03 -07:00
Metasploit
190bac6e0a
Bump version of framework to 4.12.17
2016-07-29 10:02:06 -07:00
Metasploit
4cbb3bb9b6
Bump version of framework to 4.12.16
2016-07-22 10:02:00 -07:00
James Lee
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
Metasploit
b954b6d5c1
Bump version of framework to 4.12.15
2016-07-18 08:42:20 -07:00
Metasploit
b13d0f879a
Bump version of framework to 4.12.14
2016-07-15 10:03:28 -07:00
David Maloney
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
David Maloney
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
Metasploit
48410f3ab2
Bump version of framework to 4.12.13
2016-07-08 10:01:58 -07:00
James Lee
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
.
2016-07-07 15:00:41 -05:00
Metasploit
82e092c2df
Bump version of framework to 4.12.12
2016-07-05 14:57:43 -07:00
James Lee
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8
, reversing
changes made to e3e360cc83
.
2016-07-05 15:22:44 -05:00
David Maloney
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
Metasploit
054ac5ac19
Bump version of framework to 4.12.11
2016-07-05 07:49:37 -07:00
David Maloney
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
David Maloney
d90f0779f8
Land #7009 , egypt's rubyntlm cleanup
...
Land egypt's PR to replace all of our NTLM code with
the rubyntlm gem
2016-06-28 14:15:34 -05:00
David Maloney
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
Metasploit
e3e360cc83
Bump version of framework to 4.12.10
2016-06-28 12:13:26 -07:00
Metasploit
fd07da3519
Bump version of framework to 4.12.9
2016-06-27 11:54:04 -07:00
David Maloney
6072697126
continued
2016-06-22 14:54:00 -05:00
James Lee
0126ec61d8
Style
2016-06-22 10:15:23 -05:00
James Lee
b3f59ebd19
Whitespace
2016-06-22 10:15:23 -05:00
James Lee
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
James Lee
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
Metasploit
fd4a51cadb
Bump version of framework to 4.12.8
2016-06-10 10:01:27 -07:00
Metasploit
815685992a
Bump version of framework to 4.12.7
2016-06-07 13:14:34 -07:00
Metasploit
c35322ec3f
Bump version of framework to 4.12.6
2016-05-30 22:34:13 -07:00
wchen-r7
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
Metasploit
54f4389d31
Bump version of framework to 4.12.5
2016-05-24 08:54:14 -07:00
Metasploit
100300c819
Bump version of framework to 4.12.4
2016-05-18 07:04:09 -07:00
Jenkins
c9dd863085
Bump version of framework to 4.12.3
2016-05-17 10:18:08 -07:00
Jenkins
621a908b2d
Bump version of framework to 4.12.2
2016-05-13 12:51:58 -07:00
David Maloney
ba4bfca806
Revert "arg bad build, resetting version back one"
...
This reverts commit d86392e96b
.
2016-05-13 14:48:35 -05:00
David Maloney
d86392e96b
arg bad build, resetting version back one
2016-05-13 14:44:02 -05:00
Jenkins
b6a83f734d
Bump version of framework to 4.12.1
2016-05-13 12:39:43 -07:00
David Maloney
31050a8da7
Rails upgrade to 4.2.6
...
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
2016-05-13 14:34:50 -05:00
Jenkins
6c11054d5a
Bump version of framework to 4.12.0
2016-05-13 11:46:03 -07:00