Brendan
b9de73e803
Land #7334 , Add aux module to exploit WINDOWS based (java) Colorado
...
FTP server directory traversal
2016-09-26 14:15:23 -05:00
Tijl Deneut
2fab62b14d
Update profinet_siemens.rb
...
Removed unnecessary rescue, gave "timeout" variable a better name.
2016-09-23 18:05:45 +02:00
Brent Cook
a9a1146155
fix more ssh option hashes
2016-09-20 01:30:35 -05:00
David Maloney
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
David Maloney
06ff7303a6
make pubkey verifier work with old module
...
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together
7321
2016-09-19 15:20:35 -05:00
h00die
9c922d111f
colorado ftp
2016-09-18 20:03:16 -04:00
William Vu
4ba1ed2e00
Fix formatting in fortinet_backdoor
...
Also add :config and :use_agent options.
2016-09-16 12:32:30 -05:00
David Maloney
26491eed1a
pass the public key in as a file instead of data
...
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this
7321
2016-09-16 11:48:51 -05:00
David Maloney
dfcd5742c1
some more minor fixes
...
some more minor fixes around broken
ssh modules
7321
2016-09-15 14:25:17 -05:00
David Maloney
e10c133eef
fix the exagrid exploit module
...
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used
7321
2016-09-15 11:44:19 -05:00
Brent Cook
7352029497
first round of SSL damage fixes
2016-09-13 17:42:31 -05:00
wchen-r7
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
Tijl Deneut
8df8f7dda0
Initial commit of profinet_siemens.rb
2016-09-11 09:15:41 +02:00
Brent Cook
a81f351cb3
Land #7274 , Remove deprecated modules
2016-09-09 12:01:59 -05:00
Brent Cook
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
Brendan
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
aushack
7632c74aba
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2016-09-07 14:15:57 +10:00
aushack
6e21684ff7
Fix typo.
2016-09-07 14:08:46 +10:00
james-otten
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
William Vu
fed2ed444f
Remove deprecated modules
...
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
Jon Hart
b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing
...
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
2016-08-31 14:27:18 -07:00
Brendan
b21ea2ba3f
Added code to assign CPORT value to the parent scanner object
2016-08-29 13:17:10 -05:00
Pearce Barry
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
William Vu
cd858a149f
Add DETECT_ANY_AUTH to make bogus login optional
2016-08-23 23:05:47 -05:00
David Maloney
20947cd6cd
remove old dependency on net-ssh moneykpatch
...
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
2016-08-22 10:54:09 -05:00
wchen-r7
5f8ef6682a
Fix #7202 , Make print_brute print ip:rport if available
...
Fix #7202
2016-08-16 15:34:30 -05:00
David Maloney
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
Jon Hart
554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b
2016-08-02 17:36:22 -07:00
wchen-r7
cce1ae6026
Fix #6989 , scanner modules printing RHOST in progress messages
...
Fix #6989
2016-07-25 23:15:59 -05:00
James Lee
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00
David Maloney
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
David Maloney
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
Brent Cook
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
Brent Cook
128f802928
use the regex source when generating or displaying a regex
2016-07-11 22:05:50 -05:00
James Lee
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
.
2016-07-07 15:00:41 -05:00
James Lee
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8
, reversing
changes made to e3e360cc83
.
2016-07-05 15:22:44 -05:00
David Maloney
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
Pearce Barry
159446ce92
Ensure http_login scanner module saves passwds.
...
Fixes #6983 . When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
David Maloney
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
David Maloney
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
David Maloney
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
David Maloney
6c3871bd0c
update ssh modules to use new SSHFactory
...
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH
MS-1688
2016-06-24 13:55:28 -05:00
David Maloney
5bc513d6cd
get ssh sessions working properly
...
ssh sessions now working correctly
MD-1688
2016-06-24 12:14:48 -05:00
David Maloney
3e94abe555
put net:ssh::commandstream back
...
this was apparently our own creation for doing
ssh sessions
MD-1688
2016-06-22 15:02:36 -05:00
James Lee
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
Interference Security
0fa1fc50f8
Fixed false positive bug
...
Checking for "(ERROR_STACK=(ERROR=" is not enough to mark a target as vulnerable. TNS response packet bytes for "Accept" and "Refuse" are required to be sure.
Reference: https://thesprawl.org/research/oracle-tns-protocol/
2016-06-19 17:33:05 +05:30
Brendan Watters
c02a05f913
Removed code that was already commented out
2016-06-17 15:47:15 -05:00
Brendan Watters
1225a93179
Moved ClamAV scanner to scanning module
...
s
2016-06-17 15:40:33 -05:00
Brent Cook
b0bf901b22
Land #6950 , avoid printing rhost:rport twice when using Msf::Exploit::Remote::SMB::Client
2016-06-09 16:35:09 -05:00
Brent Cook
199ae04b57
fix more duplicate port/ip things
2016-06-09 16:26:41 -05:00
wchen-r7
7143095b4b
Land #6947 , add auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum
2016-06-09 14:21:55 -05:00
wchen-r7
207d92a125
Use scan to do regex capture
2016-06-09 11:07:00 -05:00
wchen-r7
1b4a6a7981
Use the UDP mixin to it can cleanup properly
2016-06-09 11:04:50 -05:00
wchen-r7
f0bb125556
Should be print_error
2016-06-08 14:22:36 -05:00
William Vu
600704c053
Merge remote-tracking branch 'upstream/pr/6939'
2016-06-08 14:22:33 -05:00
wchen-r7
52bcade72c
Fix #6948 , Modules using the SMB client are printing peer twice
...
Fix #6948
2016-06-08 12:16:50 -05:00
Adam Compton
158176aa05
replaced "if !" on line 41 with "unless"
...
replaced "$1" on line 51 with "Regexp.last_match(1)
restructed the print statement on line 56 to more closely match suggestion
removed "self." from line 71
changed line 78 to loop for 2 seconds insetead of 1 second
2016-06-08 09:28:08 -04:00
wchen-r7
f13d91f685
Fix a prob of printing an empty rhost from the scanner mixin
2016-06-07 19:19:39 -05:00
wchen-r7
e8304e684c
Bring #6793 up to date with upstream-master
2016-06-07 19:04:32 -05:00
wchen-r7
6ae4d1576e
Apply fixes to symantec_brightmail_ldapcreds.rb
2016-06-07 19:01:58 -05:00
Adam Compton
75a34c4aca
added a new aux module to quickly scan for Jenkins servers on the local broadcast network by sending out a udp packet to port 33848 on the broadcast address. Any Jenkins server should respond with XML data containing the Jenkins server version.
2016-06-07 16:57:06 -04:00
dmohanty-r7
9450906ca4
Correctly set Dummy param
2016-06-07 14:42:51 -05:00
dmohanty-r7
f47128ccdd
Cleanup canon_irav_pwd_extract module
2016-06-07 14:31:37 -05:00
Brent Cook
f034952852
Land #6918 , Added additional SAP TCP/IP ports into the sap_port_info function.
2016-06-03 08:01:04 -05:00
dmohanty-r7
a15c79347b
Add canon printer credential harvest module
...
Praedasploit
2016-06-02 16:07:28 -05:00
sho-luv
98cfcc65ae
Added IP address to returned information.
...
This scanner module doesn't tell you the location of the found information. So when using the -R option to fill the RHOSTS all you get is a bunch of successful findings, however you won't know to which systems they belong.
2016-05-31 19:47:00 -07:00
wchen-r7
504a94bf76
Technically, this is form auth, not http auth
2016-05-27 18:39:25 -05:00
wchen-r7
14adcce8bf
Missed the HTTPUSERNAME fix
2016-05-27 18:37:04 -05:00
wchen-r7
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
wchen-r7
7f643a7b8d
Fix syntax error
2016-05-27 18:05:24 -05:00
wchen-r7
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
Bruno Morisson
01a691a46c
Update sap_router_portscanner.rb
...
Added additional SAP TCP/IP ports for sap_port_info function.
ref: https://wiki.scn.sap.com/wiki/display/TCPIP/Services
2016-05-27 14:43:16 +01:00
William Vu
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
Jon Hart
48c25dd863
Remove need for expand_path in this module; normalize handles it now
2016-05-24 13:30:12 -07:00
Jon Hart
3df4c38e82
Use correct key file var
2016-05-24 13:28:08 -07:00
Brent Cook
b613dfefb4
Land #6896 , fix spelling in caidao_bruteforce_login
2016-05-19 21:54:06 -05:00
h00die
706d51389e
spelling fix
2016-05-19 19:30:18 -04:00
William Vu
9c61490676
Fix some inconsistencies
...
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
Jon Hart
92d07f74ff
Remove unnecessary double expand_path
2016-05-16 17:34:12 -07:00
Jon Hart
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
Christian Mehlmauer
9357a30725
remove duplicate key
2016-05-04 22:15:33 +02:00
Brian Patterson
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
wchen-r7
4a95e675ae
Rm empty references
2016-04-24 11:46:08 -05:00
wchen-r7
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
Fakhir Karim Reda zirsalem
f0d403124c
Update symantec_brightmail_ldapcreds.rb
2016-04-20 18:58:12 +02:00
Karim Reda Fakhir
cda104920e
delete telisca abuse
2016-04-20 17:09:13 +01:00
Karim Reda Fakhir
c322a4b314
added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-04-20 17:01:18 +01:00
Karim Reda Fakhir
5adf5be983
add symantec bright mail ldap creds
2016-04-20 16:05:24 +01:00
Karim Reda Fakhir
dfb2b95e46
Merge remote-tracking branch 'upstream/master'
...
Merge
2016-04-20 12:21:16 +01:00
Brent Cook
99b4d0a2d5
remove more regex-style bool checks
2016-04-09 13:49:16 -05:00
Brent Cook
af7eef231c
Fix a few issues with the SSL scanner
...
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.
Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
William Vu
41b802a8a2
Clean up module
2016-04-01 13:54:27 -05:00
wchen-r7
75ebd08153
Land #6731 , Add CVE-2015-7755 juniper backdoor
2016-03-31 17:30:38 -05:00
wchen-r7
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
wchen-r7
4d76b0e6a5
Rm auxiliary/scanner/misc/redis_server
...
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
wchen-r7
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
wchen-r7
545cb11736
Bring #6409 up to date with upstream-master
2016-03-31 17:00:56 -05:00
wchen-r7
5fdea91e93
Change naming
2016-03-31 17:00:29 -05:00
wchen-r7
f33e994050
Delete anything related to configuring/saving username
2016-03-31 16:56:54 -05:00
wchen-r7
101775a5ba
Bring #6545 up to date with upstream-master
2016-03-30 16:07:24 -05:00
h00die
7fc2c860e9
remove comment
2016-03-29 21:26:36 -04:00
h00die
d35b5e9c2a
First add of CVE-2015-7755
2016-03-29 21:20:12 -04:00
wchen-r7
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
James Lee
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
James Lee
9e7a330ac8
OptInt -> OptPort
2016-03-16 15:47:29 -05:00
James Lee
af642379e6
Fix some OptInts
2016-03-16 14:13:18 -05:00
Spencer McIntyre
4e3a188f75
Land #6401 , EasyCafe server file retrieval module
2016-03-16 13:24:54 -04:00
Spencer McIntyre
9ac4ec4bfc
Update the class name to MetasploitModule
2016-03-16 13:22:06 -04:00
Spencer McIntyre
53f1338ad0
Update module to remove references to print peer
2016-03-16 13:10:39 -04:00
Adam Cammack
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
rwhitcroft
c12cc10416
change class Metasploit to MetasploitModule
2016-03-14 17:57:29 -04:00
rwhitcroft
dd53625f4a
change Metasploit3 to Metasploit to satisfy travis
2016-03-14 16:52:02 -04:00
rwhitcroft
a26c90fd41
fix RPORT option
2016-03-14 16:27:44 -04:00
wchen-r7
38153d227c
Move apache_karaf_command_execution to the SSH directory
...
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
William Vu
6323f7f872
Fix a couple overlooked issues
2016-03-13 23:35:05 -05:00
Brent Cook
df0ff30468
Land #6642 , make ipv6_neighbor_router_advertisement discovery smarter
2016-03-13 16:53:11 -05:00
Brent Cook
635e31961a
generate valid prefixes
2016-03-13 16:44:57 -05:00
Fakhri Zulkifli
45c7e4b6ae
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:24 +08:00
Fakhri Zulkifli
e417909111
Update ipv6_neighbor_router_advertisement.rb
2016-03-09 11:21:07 +08:00
rwhitcroft
f155477edf
improve description and change behavior to keep trying on connection errors
2016-03-08 12:33:17 -05:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
wchen-r7
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
.
2016-03-07 13:19:55 -06:00
Brent Cook
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
.
2016-03-07 13:19:48 -06:00
Brent Cook
aa5b201427
Revert "revert ssl_login_pubkey for now"
...
This reverts commit 7d773b65b6
.
2016-03-07 13:19:33 -06:00
Christian Mehlmauer
7d773b65b6
revert ssl_login_pubkey for now
2016-03-07 14:44:23 +01:00
Christian Mehlmauer
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
Christian Mehlmauer
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
Brent Cook
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook
66c697d2e4
Land #6602 , update author info for dahua_dvr_auth_bypass
2016-03-06 15:13:01 -06:00
Brent Cook
4711191def
remove non-specific URL
2016-03-06 15:12:25 -06:00
Brent Cook
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
Fakhri Zulkifli
b1e9f44ca2
IPv6 Neighbor Advertisement Enhancement
...
http://seclists.org/nmap-dev/2011/q2/79
1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
2016-03-06 03:23:37 +08:00
rwhitcroft
ded5b58733
one more style fix
2016-03-01 10:20:39 -05:00
rwhitcroft
4b10331cf0
style fixups
2016-03-01 10:18:25 -05:00
William Vu
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
William Vu
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu
a6a37b3089
Land #6612 , missing commits included
2016-02-29 14:06:21 -06:00
William Vu
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
wchen-r7
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
William Vu
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
rwhitcroft
f735a904ff
create owa_ews_login module, modify HttpClient to accept preferred_auth option
2016-02-28 22:01:05 -05:00
wchen-r7
051506694f
Land #6574 , add Linknat Vos Manager Traversal aux module
2016-02-25 22:02:56 -06:00
wchen-r7
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
wchen-r7
aa7c3f01a8
Update name and description
2016-02-25 14:39:19 -06:00
wchen-r7
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
William Vu
7d20e26a35
Move to aux/scanner/ssh
2016-02-25 11:22:50 -06:00
William Vu
f52f44cde0
Remove session_setup, since we're not in a shell
...
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00