aushack
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
wchen-r7
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
wchen-r7
b6379b4d24
Update drupal_views_user_enum
2015-06-16 00:02:02 -05:00
wchen-r7
0b88e86a49
Using the new cred API for multiple auxiliary modules
2015-06-15 16:06:57 -05:00
wchen-r7
907f596de6
Land #5520 , Update titan_ftp_admin_pwd to use the new creds API
2015-06-15 03:26:19 -05:00
wchen-r7
940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
wchen-r7
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
jvazquez-r7
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
jvazquez-r7
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
root
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
root
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
root
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
root
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
root
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
root
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
wchen-r7
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
Roberto Soares
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
Roberto Soares
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
wchen-r7
80c3022dc1
Deprecate cold_fusion_version. Please use coldfusion_version.
...
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Tod Beardsley
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Roberto Soares
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00
Roberto Soares
0135b3639f
Add WordPress Simple Backup File Read Vulnerability.
2015-05-21 12:23:24 -03:00
Brent Cook
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
Brent Cook
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
Stuart Morgan
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
jvazquez-r7
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
jvazquez-r7
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
jvazquez-r7
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
wchen-r7
24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
wchen-r7
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
wchen-r7
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
wchen-r7
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
wchen-r7
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
jvazquez-r7
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
Stuart Morgan
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
Stuart Morgan
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
Stuart Morgan
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
Stuart Morgan
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
Stuart Morgan
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
Stuart Morgan
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
Stuart Morgan
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
Stuart Morgan
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
Stuart Morgan
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
Stuart Morgan
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
Stuart Morgan
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
Stuart Morgan
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
Stuart Morgan
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
wchen-r7
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
Denis Kolegov
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
jvazquez-r7
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
jvazquez-r7
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
jvazquez-r7
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
jvazquez-r7
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
jvazquez-r7
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
jvazquez-r7
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
jvazquez-r7
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
jvazquez-r7
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
void-in
a7988f9e93
Change credentials to service:service
2015-05-08 22:52:59 +05:00
Tod Beardsley
e8913e5620
Addressed most of @wvu's issues with #5312
2015-05-06 14:47:08 -05:00
Tod Beardsley
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
Denis Kolegov
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
Denis Kolegov
f95774c6b4
Fixed bugs
2015-05-02 05:09:03 -04:00
jvazquez-r7
93ac8b48e3
Land #5178 , @jboss_vulnscan check for console default admin
...
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7
697c6c20cb
Do minor cleanup
2015-05-01 17:37:45 -05:00
jvazquez-r7
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
jvazquez-r7
b037560c90
Do minor style fixes
2015-05-01 15:01:13 -05:00
William Vu
9b17191e48
Remove unnecessary {,dis}connect
2015-04-28 15:09:16 -05:00
William Vu
28e661e204
Fix false positive in POODLE scanner
...
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
Christian Mehlmauer
7523e592d2
Land #5198 , WordPress contus video gallery 2.7 scanner
2015-04-27 23:24:57 +02:00
Brandon Perry
7a2084cdc5
Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb
2015-04-26 16:54:21 -05:00
Roberto Soares
c41c7a1ba2
Rewrote the conditions of res.
2015-04-25 17:18:38 -03:00
Roberto Soares
d01da0c522
Changed if conditions and exception handling
2015-04-25 15:08:36 -03:00
Roberto Soares
3a84396f32
Removed authorization header.
2015-04-25 14:30:21 -03:00
Roberto Soares
b810a96dac
Add Module for Enum on InfluxDB database.
2015-04-25 04:41:33 -03:00
Brent Cook
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
jvazquez-r7
896d6e8cb7
Fix title
2015-04-24 11:09:39 -05:00
jvazquez-r7
7af6f31c3a
Fix message
2015-04-24 11:08:00 -05:00
jvazquez-r7
5ca6fe3cb0
Do code cleanup
2015-04-24 11:07:13 -05:00
Roberto Soares
e51897d64e
Filepath option
2015-04-24 04:35:59 -03:00
Roberto Soares
7b0b59b5f6
Add WordPress GI-Media Library Plugin File Read.
2015-04-24 04:24:16 -03:00
Brandon Perry
e9f8b25987
Update wordpress_contus_video_gallery_sqli.rb
...
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry
26d208f089
Update wordpress_contus_video_gallery_sqli.rb
...
remove 'uri'
2015-04-22 14:42:03 -05:00
jvazquez-r7
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
Brent Cook
073850c5ad
Land #5158 , OWA internal IP disclosure scanner
2015-04-21 11:10:39 -05:00
Brent Cook
5296c6507d
Land #5157 , OWA login scanner auth timing logs
2015-04-21 11:06:08 -05:00
Brandon Perry
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
Brandon Perry
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
Christian Mehlmauer
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
Brandon Perry
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
Christian Mehlmauer
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
Christian Mehlmauer
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
Christian Mehlmauer
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
Christian Mehlmauer
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
Roberto Soares
ed588e335b
Changed the print_error output.
2015-04-16 17:32:59 -03:00
Roberto Soares
bf3bdcffb4
Changed the deph value to 7.
2015-04-16 17:30:28 -03:00
Roberto Soares
dd474757fe
Changed the print_error output.
2015-04-16 17:26:44 -03:00
Roberto Soares
f50cedeafd
Changed the depth value to 7.
2015-04-16 17:22:49 -03:00
Christian Mehlmauer
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
William Vu
1455d4e94d
Fix AUTH_TIME
2015-04-16 11:39:33 -05:00
William Vu
7c572777e1
Fix whitespace
2015-04-16 11:34:50 -05:00
William Vu
7a9167b235
Fix comments
2015-04-16 11:34:47 -05:00
Nate Power
9bcc988266
Update owa_login
2015-04-16 11:23:04 -05:00
Brandon Perry
75b88f199a
Create wordpress_cp_calendar_sqli.rb
2015-04-16 09:53:00 -05:00
Roberto Soares
ecc67b1a57
Fix loot name
2015-04-16 10:42:20 -03:00
Roberto Soares
d898af5513
Add check version and removed HttpClient
2015-04-16 10:40:35 -03:00
Roberto Soares
768294710b
Add check and removed HttpClient
2015-04-16 10:22:10 -03:00
Roberto Soares
890561bff3
Rewriting the condition 'if' for only one line
2015-04-16 09:23:56 -03:00
Roberto Soares
b90ff36ef4
Rewriting the condition 'if' for only one line
2015-04-16 09:15:17 -03:00
Roberto Soares
21e964e699
Add Author and references..
2015-04-16 07:20:48 -03:00
Roberto Soares
f6f4bd0746
Add WordPress Dukapress File Read Vulnerability
2015-04-16 07:17:46 -03:00
Roberto Soares
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
William Vu
bec6270f07
Fix regex
2015-04-15 23:47:03 -05:00
William Vu
01ae7002cf
Fix EOF whitespace
2015-04-15 21:27:53 -05:00
Roberto Soares
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
Roberto Soares
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
William Vu
66b7179a97
Rename module to owa_iis_internal_ip
2015-04-15 17:10:01 -05:00
William Vu
a109dae033
Fix EOL whitespace
2015-04-15 16:58:59 -05:00
William Vu
cc422eeeea
Fix splat
2015-04-15 16:58:18 -05:00
Nate Power
34ce4edacb
Add exchange_iis_internal_ip
2015-04-15 16:55:19 -05:00
Tod Beardsley
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
sinn3r
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
Roberto Soares
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
Roberto Soares
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
Roberto Soares
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
Zach Grace
42e82cc644
Rubocop fixes
2015-04-07 18:21:08 -05:00
Zach Grace
7275d5745f
Fixes, refactoring and adding JBoss AS default creds scanning
2015-04-07 17:40:25 -05:00
William Vu
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
jvazquez-r7
79b2a23dff
Land #5015 , @espreto file traversal scanner for RIPS
2015-04-03 15:35:58 -05:00
jvazquez-r7
ce6e5e12d8
Make depth an option
2015-04-03 15:33:27 -05:00
jvazquez-r7
70fad73092
Add metadata
2015-04-03 15:27:28 -05:00
root
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
Denis Kolegov
c9e8f9cbea
Add BigIP HTTP VS scanner and fix connection errors
2015-04-03 02:30:03 -04:00
Tod Beardsley
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
sinn3r
a592f645f0
Land #5039 , Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner
2015-04-01 14:34:58 -05:00
Brandon Perry
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
sinn3r
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
Brandon Perry
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
Brandon Perry
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
Brandon Perry
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
Brandon Perry
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
Brandon Perry
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
Roberto Soares
3e104fd8e6
Add Directory Traversal for RIPS Scanner
2015-03-27 05:08:43 -03:00
dnkolegov
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
Tod Beardsley
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
dnkolegov
ee17d6e606
Deleted spaces at EOL
2015-03-23 04:34:38 -04:00
dnkolegov
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
William Vu
6f51946aa0
Land #4969 , GitLab module references
2015-03-20 17:26:51 -05:00
William Vu
99f3de0843
Clean up info hash formatting
2015-03-20 17:26:21 -05:00
jvazquez-r7
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
jvazquez-r7
2f35fcff99
Fix require
2015-03-20 14:43:42 -05:00
Meatballs
8ee520e749
Add reference
2015-03-20 19:17:34 +00:00
sinn3r
b19f766728
Land #4942 , Gitlab Login Scanner
2015-03-20 13:02:12 -05:00
sinn3r
a2ce14a31e
Land #4941 , Gitlab Unauth User Enumeration
2015-03-20 12:28:35 -05:00
sinn3r
235124a40a
Fix typo
2015-03-20 12:27:23 -05:00
sinn3r
84164b44b2
Should also rescue JSON::ParserError for banner parsing
2015-03-20 12:27:02 -05:00
sinn3r
94ab2f94fd
Remove symbols that aren't used
...
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
William Vu
d1d6378179
Land #4566 , Misfortune Cookie scanner improvements
2015-03-17 12:32:35 -05:00
sinn3r
f95b783193
I don't need these eitehr
2015-03-17 11:33:49 -05:00
Meatballs
e1ebc6c7fe
Update date, remove URL (will replace later)
2015-03-17 12:50:47 +00:00
Meatballs
0cd85cb052
Correct capitilzation of GitLab
2015-03-17 11:33:57 +00:00
Meatballs
d18224e3cb
Correct capitilzation of GitLab
2015-03-17 11:32:14 +00:00
Meatballs
f4a1e981ab
Add gitlab login scanner
2015-03-17 11:19:23 +00:00
Meatballs
878247f495
Small modifications
2015-03-17 10:03:32 +00:00
Meatballs
f1d5d8f1ce
Store to loot as well
2015-03-17 09:55:28 +00:00
Meatballs
9f40826f8e
Store creds in database
2015-03-17 09:17:08 +00:00
Meatballs
3830e71257
Catch 7.5 401
2015-03-17 09:17:08 +00:00
Meatballs
1b565b0290
Check revision
2015-03-17 09:17:07 +00:00
Meatballs
7216f2a971
Initial commit
2015-03-17 09:17:07 +00:00
sinn3r
14296826f7
A cleaner way to set datastore options
2015-03-17 03:07:49 -05:00
sinn3r
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
dnkolegov
e01f824b2c
Fix capitalization warnings
2015-03-17 03:46:00 -04:00
dnkolegov
78be03623f
Fix indent warnings
2015-03-17 03:39:04 -04:00
dnkolegov
34c30502fd
Add SSL/TLS support, fix minor errors, change default parameters
2015-03-17 02:49:11 -04:00
Sven Vetsch
4d3a1a2f71
fix all duplicated keys in modules
2015-03-14 13:10:42 +01:00
dnkolegov
bc0276a9c8
Add scanner for F5 web management interfaces
2015-03-12 06:50:29 -04:00
aushack
2f4df39dc9
Fixed typo
2015-03-05 17:40:51 +11:00
William Vu
f3cad229d3
Fix duplicate hash key "References"
...
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
William Vu
8c5ff858d0
Land #4812 , hp_sys_mgmt_login configurable URIs
2015-02-23 19:04:14 -06:00
HD Moore
bf103def9e
Add the /ews/ path to enable easy OWA brute force
2015-02-23 14:03:39 -06:00
William Vu
bcfbcb7eea
Clean up whitespace
2015-02-23 13:15:21 -06:00
HD Moore
ea54696d99
Remove redundant params now provided by the mixin helper
2015-02-22 02:32:28 -06:00
HD Moore
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
sinn3r
f4e512e0ff
Should be an array
2015-02-20 21:56:49 -06:00
sinn3r
40c237f507
Fix #3982 , allow URIs to be user configurable
...
Fix #3982
2015-02-20 21:54:03 -06:00
David Maloney
ffa6550aec
Land #4787 , HD's new Zabbix and Chef LoginScanners
...
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney
804db0ff0c
add leixcal sorting to methods
...
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
William Vu
35511636cc
Land #4788 , splunk_web_login new version support
2015-02-18 11:54:54 -06:00
HD Moore
cc6899d783
Fix a stack trace on null response, thanks @jlee-r7
2015-02-18 00:38:55 -06:00
HD Moore
f4d8a25981
Add support for newer Splunk versions
2015-02-18 00:30:47 -06:00
HD Moore
2847507f03
Add a chef brute force module
2015-02-17 23:49:57 -06:00
HD Moore
27d5ab45b4
Add a zabbix brute force module
2015-02-17 22:56:08 -06:00
HD Moore
f0e69cb526
Fix two cosmetic typos in the axis/glassfish modules
2015-02-17 21:01:35 -06:00
Tod Beardsley
a8108cfc17
Be less stupid in the description
...
[See #4774 ]
2015-02-17 13:04:26 -06:00
Tod Beardsley
14e764ff5a
Move to http subdirectory
...
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
HD Moore
8d982e3286
Pass the framework/module down into LoginScanner
2015-02-07 11:50:30 -06:00
Tod Beardsley
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
Christian Mehlmauer
c8864c93d7
remove unused code
2015-02-02 20:04:10 +01:00
Christian Mehlmauer
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
Christian Mehlmauer
9ce2dd9815
msftidy
2015-01-30 15:41:11 +01:00
Christian Mehlmauer
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
sinn3r
f3a2d6663f
Fix #4616 and Fix #3798 - Correctly use OptRegexp
...
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616 ).
It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.
I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798 . The way I see it, #3798 is actually a module-specific issue.
Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
Jon Hart
a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text
2015-01-20 13:55:48 -08:00
Jon Hart
14fc8d4cd0
Only allow 401/403/404
2015-01-20 13:36:06 -08:00
Jon Hart
d68b62cf21
Make canary value (URI) configurable
2015-01-15 13:12:32 -08:00
Jon Hart
2dca18265e
Track and vprint canary value and code
2015-01-15 12:34:53 -08:00
Jon Hart
3489ea540e
Make status code checking configurable
2015-01-15 12:22:16 -08:00
Jon Hart
4641b02646
Base canary path from TARGET_URI
2015-01-15 12:05:10 -08:00
Jon Hart
1f6defda73
Use more correct check codes
2015-01-14 13:10:35 -08:00
Jon Hart
9e76e0b0d8
Simplify. Document. Handle edge cases
...
Simplify detection logic.
Document testing method better
Ensure that body doesn't include canary cookie name too
Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
Jon Hart
d4843f46ed
Make auth checking optional and off by default
2015-01-11 12:15:57 -08:00
Jon Hart
9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer
2015-01-11 12:10:40 -08:00
Jon Hart
b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...)
2015-01-09 13:20:18 -08:00
Jon Hart
831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner
2015-01-09 12:58:35 -08:00
dmooray
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
Brandon Perry
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
Brandon Perry
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
jvazquez-r7
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
jvazquez-r7
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
Christian Mehlmauer
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Tod Beardsley
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
Tod Beardsley
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
Jonathan Claudius
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
William Vu
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
jvazquez-r7
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
jvazquez-r7
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
jvazquez-r7
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
jvazquez-r7
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
jvazquez-r7
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
jvazquez-r7
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
jvazquez-r7
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
Roberto Soares Espreto
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
Roberto Soares Espreto
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
Roberto Soares Espreto
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
Roberto Soares Espreto
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
Roberto Soares Espreto
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
Tiago Sintra
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
Roberto Soares Espreto
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
Roberto Soares Espreto
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
jvazquez-r7
d4e5cd25e1
Report credentials for new login level 15
2014-11-25 16:35:16 -06:00
jvazquez-r7
dc253efa19
Use Rex::Text.rand_text*
2014-11-25 16:35:06 -06:00
jvazquez-r7
f20afff1a8
Do return instead of abort
2014-11-25 16:34:57 -06:00
jvazquez-r7
d876efaa0f
Delete ssh_socket attribute
2014-11-25 16:34:47 -06:00
jvazquez-r7
5091bc76ad
Do minor cleanup
2014-11-25 16:34:22 -06:00
jvazquez-r7
c92a26e967
Update from upstream master
2014-11-25 16:30:45 -06:00
Tod Beardsley
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
Jon Hart
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
Jon Hart
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
Tod Beardsley
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
Tod Beardsley
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
Jon Hart
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
Jon Hart
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
Jon Hart
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
Jon Hart
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
Jon Hart
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
Tod Beardsley
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
Jonathan Claudius
d799625507
Switch to vprint_good for verbose good things
2014-10-28 01:53:54 -04:00
Jonathan Claudius
0fa461737e
Fix null arguments syntax
2014-10-28 01:49:54 -04:00
Jonathan Claudius
7a727f9bff
Make msftidy happy
2014-10-28 01:48:13 -04:00
Jonathan Claudius
595b4d2bbd
Clean up aux check review comments
2014-10-28 01:44:52 -04:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
jvazquez-r7
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
Jon Hart
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
William Vu
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
William Vu
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
Tod Beardsley
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
James Lee
40b360555f
Make the error message a little more useful
2014-10-16 12:47:13 -05:00
Tod Beardsley
8cf10be779
Don't assume SSLv3 is set (kill FP+s)
2014-10-16 10:43:58 -05:00
Tod Beardsley
0b67efd51e
Add a POODLE scanner and general SSL version scan
2014-10-16 10:27:37 -05:00
James Lee
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
Tod Beardsley
592f1e9893
Land #3999 , errors on login suppressed by default
...
This also solved the merge conflict on:
modules/auxiliary/scanner/http/jenkins_login.rb
Fixes #3995 .
2014-10-14 16:35:09 -05:00
Tod Beardsley
56534e7ad3
Changed a login failed to vprint instead of print
...
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995 .
This module was introduced in PR #3947 .
2014-10-14 12:01:09 -05:00
sinn3r
9500038695
Fix #3995 - Make negative messages less verbose
...
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
sinn3r
260aa8dc22
Fix #3984 - Fix broken check for drupal_views_user_enum
2014-10-10 10:23:20 -05:00
nstarke
472985a8a8
Adding Buffalo Linkstation NAS Login Scanner
...
I have added a login scanner for the Buffalo Linkstation
NAS. I have been testing against version 1.68 of the
firmware. Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
sinn3r
7d8eadada6
Fix #3974 - Validate and normalize URI for axis_login
2014-10-09 14:33:39 -05:00
sinn3r
c9c34beafa
Fix #3975 - Register TARGETURI, not URI
...
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
sinn3r
d366cdcd6e
Fix #3976 - validate and normalize user-supplied URI for http_login.rb
...
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
Spencer McIntyre
a535d236f6
Land #3947 , login scanner for jenkins by @nstarke
2014-10-09 12:59:02 -04:00
Spencer McIntyre
6ea530988e
Apply rubocop changes and remove multiline print
2014-10-09 12:57:39 -04:00
sinn3r
df0d4f9fb2
Fix #3973 - Unneeded datastore option URI
...
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
nstarke
328be3cf34
Fine Tuning Jenkins Login Module
...
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
nstarke
e1b0ba5d3d
Removing 'require pry'
...
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
sinn3r
d3354d01f0
Fix #3808 - NoMethodError undefined method `map'
...
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
nstarke
69400cf280
Fixing Author Declaration
...
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke
c0a3691817
Adding Jenkins-CI Login Scanner
...
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
William Vu
5ea968f3ee
Update description to prefer the exploit module
2014-09-30 11:34:28 -05:00
William Vu
162e42080a
Update title to reflect scanner status
2014-09-30 11:04:17 -05:00
William Vu
12d7073086
Use idiomatic Ruby for the marker
2014-09-29 22:32:07 -05:00
William Vu
71d6b37088
Fix bad header error from pure Bash CGI script
2014-09-29 22:25:42 -05:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
HD Moore
64dbc396dd
Add header specification to check module, lands #3902
2014-09-27 12:58:29 -05:00
William Vu
044eeb87a0
Add variable HTTP header
...
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
sinn3r
c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec
2014-09-26 17:06:23 -05:00
jvazquez-r7
80d9af9b49
Fix spacing in description
2014-09-26 17:03:28 -05:00
jvazquez-r7
9e540637ba
Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials
2014-09-26 17:02:27 -05:00
jvazquez-r7
3259509a9c
Use return
2014-09-26 16:04:15 -05:00
jvazquez-r7
0a3735fab4
Make it better
2014-09-26 16:01:10 -05:00
jvazquez-r7
3538b84693
Try to make a better check
2014-09-26 15:55:26 -05:00
William Vu
f66c854ad6
Fix description to be less lulzy
2014-09-25 07:09:08 -05:00
William Vu
9ed28408e1
Favor check_host for a scanner
2014-09-25 07:06:12 -05:00
William Vu
62b74aeaed
Reimplement old check code I was testing before
...
I would like to credit @wchen-r7 for providing advice and feedback.
@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
William Vu
d9120cd586
Fix typo in description
...
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu
790df96396
Fix missed var
2014-09-25 01:19:14 -05:00
William Vu
e051cf020d
Add missed mixin
2014-09-25 01:14:58 -05:00
William Vu
27b8580f8d
Add protip to description
...
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
William Vu
b1e9b3664e
Improve false positive check
2014-09-25 01:01:11 -05:00
William Vu
8daf8d4339
Report vuln for apache_mod_cgi_bash_env
...
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
William Vu
5a59b7cd89
Fix formatting
2014-09-24 23:12:11 -05:00
William Vu
e6f0736797
Add peer
2014-09-24 22:48:51 -05:00
William Vu
8b6519b5b4
Revert shortened reference
...
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu
ecb10ebe28
Add variable HTTP method and other stuff
2014-09-24 22:41:01 -05:00
William Vu
a600a0655d
Scannerify the module
2014-09-24 18:58:39 -05:00
Brendan Coles
5f6e84580c
Clean up and use Metasploit::Credential
2014-09-24 01:00:23 +00:00
Brendan Coles
6cad5d9aeb
Add ManageEngine DeviceExpert User Credentials
2014-09-18 19:18:59 +00:00
Tod Beardsley
5dad73a28f
Explicitly require credential_collection
...
Otherwise, you run into a require ordering problem on some platforms.
This is not a great way to fix this -- but it's a fast way, and possibly
even a good way, since you're being explicit about what your module
requirements are.
2014-09-17 15:47:30 -05:00
sinn3r
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner)
2014-09-16 14:51:24 -05:00
sinn3r
4ed1fa55f5
Don't need this header
2014-09-16 14:50:32 -05:00
jvazquez-r7
7d4c4c3658
Land #3699 , @dmaloney-r7's ipboard login refactor
2014-09-15 08:29:42 -05:00
jvazquez-r7
373861abb0
Land #3526 , @jhart-r7's soap_xml scanner cleanup
2014-09-12 13:29:52 -05:00
jvazquez-r7
12f949781a
Use double quote for xml strings
2014-09-12 13:18:48 -05:00
jvazquez-r7
67c0ee654b
Use Gem::Version
2014-09-12 10:35:12 -05:00
jvazquez-r7
0d054d8354
Update with master changes
2014-09-12 09:52:32 -05:00
James Lee
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
James Lee
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
James Lee
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
James Lee
b8000517cf
Land #3746 , reinstate DB_ALL_CREDS
2014-09-08 17:24:12 -05:00
David Maloney
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
Tod Beardsley
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
David Maloney
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
sinn3r
0ccb39c057
Land #3726 - Fix typos in wordpress login
2014-09-08 09:40:57 -05:00