Commit Graph

885 Commits (b51ecda9d6262dfbb888d4bdad2e2ccadcf14baa)

Author SHA1 Message Date
Metasploit 9edc08cd36
Bump version of framework to 4.14.8 2017-03-31 14:38:29 -07:00
David Maloney 7b9772376a
deregeister smb2_login from pro bruteforce
this loginscanner is temporary while we continue
to add the smb2 support and so we don't want the
Metasploit Pro bruteforcer picking it up

MS-2609
2017-03-31 13:34:10 -05:00
Metasploit b6085e188d
Bump version of framework to 4.14.7 2017-03-31 10:02:19 -07:00
David Maloney 418e371e35
add SMB2 login scanner and module
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity

MS-2557
2017-03-29 11:36:33 -05:00
Metasploit 51646e44a1
Bump version of framework to 4.14.6 2017-03-24 10:02:24 -07:00
Metasploit 8976faa3d1
Bump version of framework to 4.14.5 2017-03-23 08:41:49 -07:00
Metasploit df181c1792
Bump version of framework to 4.14.4 2017-03-21 14:58:37 -07:00
Metasploit 6200a3abb8
Bump version of framework to 4.14.3 2017-03-17 10:02:41 -07:00
Metasploit db581a040a
Bump version of framework to 4.14.2 2017-03-07 07:01:57 -08:00
Metasploit f9e4fd54fe
Bump version of framework to 4.14.1 2017-02-24 13:31:17 -08:00
Jeffrey Martin a954521d75
bump minor version 2017-02-24 15:07:07 -06:00
Metasploit 0f4e03be7b
Bump version of framework to 4.13.27 2017-02-24 10:03:33 -08:00
Metasploit 01558d3d51
Bump version of framework to 4.13.26 2017-02-21 14:01:15 -08:00
James Barnett 93f75746c4
Fix logic error in #7985
The check_setup method expects an error message if the
web server is not compatible with the module, and false otherwise.
We were previously returning the opposite of the expected behavior.
2017-02-21 13:49:59 -06:00
wchen-r7 adf1385427 Fix #7984, Fix NoMethodError `match' for bavision_cameras.rb
Fix #7984
2017-02-21 12:00:01 -06:00
Metasploit 647020289f
Bump version of framework to 4.13.25 2017-02-17 17:03:42 -08:00
Brent Cook 17b88da080
Land #7964, fix running a scanner with USER_AS_PASS and USER_FILE 2017-02-17 17:16:49 -06:00
Metasploit 6e62899e1c
Bump version of framework to 4.13.24 2017-02-17 10:02:51 -08:00
Rich Whitcroft 4e5dabf35f fix cred_scanner's has_privates? method 2017-02-15 16:05:49 -05:00
Metasploit 184707c6fc
Bump version of framework to 4.13.23 2017-02-13 16:04:35 -08:00
Metasploit 44d229ad49
Bump version of framework to 4.13.22 2017-02-10 10:02:43 -08:00
James Lee 4f13bde471
Override `empty?` for the weird ones
Fixes #7899
2017-02-09 14:57:20 -06:00
Metasploit d81bdc1c02
Bump version of framework to 4.13.21 2017-02-07 17:27:47 -08:00
Metasploit 9a5d5eec2e
Bump version of framework to 4.13.20 2017-02-03 10:04:05 -08:00
Jeffrey Martin 1bb8c9bd93
missed userpass_file on CredentialCollection.empty? 2017-02-01 15:42:21 -06:00
Metasploit 321fa91c75
Bump version of framework to 4.13.19 2017-02-01 11:28:53 -08:00
wchen-r7 f925793d70
Land #7894, refactor empty test on CredentialCollection 2017-02-01 11:57:31 -06:00
Metasploit be170ab8b2
Bump version of framework to 4.13.18 2017-01-31 14:20:40 -08:00
Jeffrey Martin 0dcf0002ae
refactor empty test on CredentialCollection 2017-01-31 15:16:26 -06:00
Brent Cook 4480ea7877
Land #7827, Cisco Firepower Management Console LoginScanner 2017-01-27 16:26:40 -06:00
Metasploit 95449a846b
Bump version of framework to 4.13.17 2017-01-27 10:02:17 -08:00
wchen-r7 781bc8420a Add Advantech WebAccess LoginScanner module 2017-01-26 13:54:50 -06:00
bwatters 253e39e18c
Land #7680, Fix #7679, LoginScanner should abort if there is no creds to try 2017-01-23 14:08:32 -06:00
wchen-r7 5de09d3455 Check username & password options 2017-01-23 11:42:04 -06:00
Brent Cook 9581f18392 handle nil pathname 2017-01-22 10:20:04 -06:00
Brent Cook dc506c1dd6 present? is not a method of Pathname 2017-01-22 10:20:04 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Metasploit c2e4a50924
Bump version of framework to 4.13.16 2017-01-20 10:02:29 -08:00
wchen-r7 a687073416 Add Cisco Firepower Management Console LoginScanner 2017-01-13 16:59:20 -06:00
Metasploit 56ed8bc021
Bump version of framework to 4.13.15 2017-01-13 10:05:02 -08:00
Metasploit f311511e6d
Bump version of framework to 4.13.14 2017-01-10 14:03:16 -08:00
wchen-r7 99f47158b3 Update base.rb for checking empty creds 2017-01-09 17:23:11 -06:00
wchen-r7 bdb99bbcf2 Check cred_details for empty creds 2017-01-09 17:16:09 -06:00
dmohanty-r7 5cba9b0034
Land #7747, Add LoginScanner module for BAVision IP cameras 2017-01-06 16:25:44 -06:00
Metasploit b074042b99
Bump version of framework to 4.13.13 2017-01-06 12:00:26 -08:00
Metasploit 1ef2e54539
Bump version of framework to 4.13.12 2017-01-06 10:03:13 -08:00
Metasploit 7ef4db1465
Bump version of framework to 4.13.11 2017-01-04 14:53:33 -08:00
wchen-r7 81b310f928
Up to date 2016-12-23 17:24:01 -06:00
wchen-r7 5e5aa8cd03 Fix a typo 2016-12-23 16:23:24 -06:00
wchen-r7 144f886e8b Add LoginScanner module for BAVision IP cameras 2016-12-23 16:22:17 -06:00
Metasploit f50fa516f4
Bump version of framework to 4.13.10 2016-12-23 10:01:58 -08:00
Metasploit 3a998fada2
Bump version of framework to 4.13.9 2016-12-18 13:22:52 -08:00
dmohanty-r7 f74fd9e5dd
Land #7672, support LOCKED_OUT and DISABLED login status 2016-12-16 15:11:05 -06:00
Metasploit c5c710f837
Bump version of framework to 4.13.8 2016-12-16 10:02:02 -08:00
Metasploit 12af07d8cb
Bump version of framework to 4.13.7 2016-12-09 10:03:22 -08:00
Jon Hart 4614b7023d
Land #7604, @godinezj's post module for creating AWS IAM accounts 2016-12-08 14:26:22 -08:00
wchen-r7 ce5c1f07c3 Fix rspecs 2016-12-08 16:11:06 -06:00
wchen-r7 b537146393 Fix #7679, LoginScanner should abort if there is no creds to try
Fix #7679
2016-12-08 15:01:30 -06:00
Jon Hart aaa49550a7
Move call_api printing to verbose 2016-12-08 11:20:53 -08:00
wchen-r7 0110b97fa2 Fix #7671, support LOCKED_OUT and DISABLED login status
This allows login scanner modules to skip a user if it is
locked out, or disabled.

Fix #7671
2016-12-07 16:49:16 -06:00
wchen-r7 ba9ce3fcfb
Land #7665, Add ABORT_ON_LOCKOUT option for smb_login 2016-12-07 15:52:50 -06:00
Javier Godinez 99ba1e45ff Removed unused params 2016-12-07 10:10:09 -08:00
Metasploit a54c0c4e1f
Bump version of framework to 4.13.6 2016-12-07 09:00:16 -08:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
Jon Hart 0b46e90bbb
Only print out AWS API responses when in verbose mode 2016-12-06 17:32:48 -08:00
Jon Hart a13382c80b
Address most of rubocop's nits 2016-12-06 17:10:34 -08:00
Metasploit 7edb5e19e2
Bump version of framework to 4.13.5 2016-12-05 15:09:06 -08:00
h00die 3d09e283cf module ready 2016-12-02 22:03:23 -05:00
Metasploit 76db530a86
Bump version of framework to 4.13.4 2016-12-02 10:02:53 -08:00
h00die 260f793f2c y no update challenge 2016-11-30 22:57:12 -05:00
h00die 8369855e4f pushing for help 2016-11-30 20:47:47 -05:00
h00die c190cc775e pushing for help 2016-11-30 19:45:24 -05:00
Metasploit f46ca66858
Bump version of framework to 4.13.3 2016-11-28 06:35:44 -08:00
Metasploit 79e8ffd983
Bump version of framework to 4.13.2 2016-11-25 10:03:24 -08:00
Javier Godinez 0700b17f7e Added sanity checks 2016-11-24 21:04:10 -08:00
Javier Godinez b4add59a3d Moved metadata_creds() so Client can be included in Aux/Post modules 2016-11-24 21:03:38 -08:00
Javier Godinez 0eaeeb4aa7 Adds a generic AWS client module 2016-11-22 14:54:18 -08:00
h00die 372cf740da saving before changing branches 2016-11-21 22:06:20 -05:00
h00die 05e59bbe19 non-working copy of varnish 2016-11-19 22:09:19 -05:00
Metasploit 643a5511cf
Bump version of framework to 4.13.1 2016-11-18 10:01:48 -08:00
h00die cd01b07682
Land #7565
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
Metasploit 383314530a
Bump version of framework to 4.13.0 2016-11-16 07:48:26 -08:00
Tod Beardsley 1deacad2be
Add a print_bad alias for print_error
Came up on Twitter, where Justin may have been trolling a little:

https://twitter.com/jstnkndy/status/798671298302017536

We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.

Anyway, I went with alias_method, thanks to the compelling argument at

https://github.com/bbatsov/ruby-style-guide#alias-method

...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.

Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
Metasploit f116ad2c59
Bump version of framework to 4.12.42 2016-11-11 10:02:14 -08:00
Metasploit 2c39a14ada
Bump version of framework to 4.12.41 2016-11-04 10:02:13 -07:00
Brent Cook 6577728fa9 enable auto-negotiation for TLS version with SQL Server 2016-11-01 05:45:27 -05:00
Metasploit ffc62964d6
Bump version of framework to 4.12.40 2016-10-28 10:02:36 -07:00
Metasploit 6a23168800
Bump version of framework to 4.12.39 2016-10-25 12:22:52 -07:00
Metasploit e29567f390
Bump version of framework to 4.12.38 2016-10-24 14:25:47 -07:00
Metasploit bf59ba526a
Bump version of framework to 4.12.37 2016-10-24 07:35:41 -07:00
Metasploit 8e0d866976
Bump version of framework to 4.12.36 2016-10-21 10:02:09 -07:00
Metasploit 74340e9eb7
Bump version of framework to 4.12.35 2016-10-14 15:13:45 -07:00
Metasploit b3666ff7ab
Bump version of framework to 4.12.34 2016-10-14 10:04:05 -07:00
Metasploit adb6f31e36
Bump version of framework to 4.12.33 2016-10-08 20:57:08 -07:00
Metasploit 8a6426df48
Bump version of framework to 4.12.32 2016-10-07 10:04:32 -07:00
Metasploit a0ebf5ea2d
Bump version of framework to 4.12.31 2016-10-06 11:23:08 -07:00
Metasploit 73c11a63b4
Bump version of framework to 4.12.30 2016-09-30 10:03:42 -07:00
Metasploit 5ea1e7b379
Bump version of framework to 4.12.29 2016-09-26 12:06:21 -07:00
Metasploit 3ddf80dd7a
Bump version of framework to 4.12.28 2016-09-23 10:02:37 -07:00
Metasploit 5acc17a800
Bump version of framework to 4.12.27 2016-09-16 10:02:52 -07:00
Metasploit 32998d938f
Bump version of framework to 4.12.26 2016-09-13 16:59:37 -07:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Metasploit 8eb2c926f3
Bump version of framework to 4.12.25 2016-09-13 13:37:08 -07:00
Adam Cammack aa193bf372
Set defaults in WordpressMulticall login scanner
This login scanner would crash it was used like a normal login scanner.

MS-2007
2016-09-12 11:22:15 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
Metasploit 58112d7b4d
Bump version of framework to 4.12.24 2016-09-02 10:02:44 -07:00
Metasploit ea32c313d3
Bump version of framework to 4.12.23 2016-08-26 10:06:44 -07:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
Metasploit 87d34cfbba
Bump version of framework to 4.12.22 2016-08-19 10:02:28 -07:00
Metasploit a6ba386728
Bump version of framework to 4.12.21 2016-08-12 10:02:36 -07:00
Metasploit d57e4d6349
Bump version of framework to 4.12.20 2016-08-10 15:30:37 -07:00
Metasploit 280216d74d
Bump version of framework to 4.12.19 2016-08-09 14:49:58 -07:00
Metasploit e7aa658893
Bump version of framework to 4.12.18 2016-08-05 10:05:03 -07:00
Metasploit 190bac6e0a
Bump version of framework to 4.12.17 2016-07-29 10:02:06 -07:00
Metasploit 4cbb3bb9b6
Bump version of framework to 4.12.16 2016-07-22 10:02:00 -07:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Metasploit b954b6d5c1
Bump version of framework to 4.12.15 2016-07-18 08:42:20 -07:00
Metasploit b13d0f879a
Bump version of framework to 4.12.14 2016-07-15 10:03:28 -07:00
David Maloney b6b52952f4
set ssh to non-interactive
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Metasploit 48410f3ab2
Bump version of framework to 4.12.13 2016-07-08 10:01:58 -07:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
Metasploit 82e092c2df
Bump version of framework to 4.12.12 2016-07-05 14:57:43 -07:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Metasploit 054ac5ac19
Bump version of framework to 4.12.11 2016-07-05 07:49:37 -07:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
David Maloney d90f0779f8
Land #7009, egypt's rubyntlm cleanup
Land egypt's PR to replace all of our NTLM code with
the rubyntlm gem
2016-06-28 14:15:34 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
Metasploit e3e360cc83
Bump version of framework to 4.12.10 2016-06-28 12:13:26 -07:00
Metasploit fd07da3519
Bump version of framework to 4.12.9 2016-06-27 11:54:04 -07:00
David Maloney 6072697126
continued 2016-06-22 14:54:00 -05:00
James Lee 0126ec61d8
Style 2016-06-22 10:15:23 -05:00
James Lee b3f59ebd19
Whitespace 2016-06-22 10:15:23 -05:00
James Lee 07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
James Lee 4b3f6c5d29
Use rubyntlm for mssql login scanner 2016-06-22 10:15:22 -05:00
Metasploit fd4a51cadb
Bump version of framework to 4.12.8 2016-06-10 10:01:27 -07:00
Metasploit 815685992a
Bump version of framework to 4.12.7 2016-06-07 13:14:34 -07:00
Metasploit c35322ec3f
Bump version of framework to 4.12.6 2016-05-30 22:34:13 -07:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
2016-05-27 16:25:42 -05:00
Metasploit 54f4389d31
Bump version of framework to 4.12.5 2016-05-24 08:54:14 -07:00
Metasploit 100300c819
Bump version of framework to 4.12.4 2016-05-18 07:04:09 -07:00
Jenkins c9dd863085
Bump version of framework to 4.12.3 2016-05-17 10:18:08 -07:00
Jenkins 621a908b2d
Bump version of framework to 4.12.2 2016-05-13 12:51:58 -07:00
David Maloney ba4bfca806 Revert "arg bad build, resetting version back one"
This reverts commit d86392e96b.
2016-05-13 14:48:35 -05:00
David Maloney d86392e96b
arg bad build, resetting version back one 2016-05-13 14:44:02 -05:00
Jenkins b6a83f734d
Bump version of framework to 4.12.1 2016-05-13 12:39:43 -07:00
David Maloney 31050a8da7
Rails upgrade to 4.2.6
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
2016-05-13 14:34:50 -05:00
Jenkins 6c11054d5a
Bump version of framework to 4.12.0 2016-05-13 11:46:03 -07:00