a87c503ae4
merge bing/yahoo subdomains search
2016-02-19 11:17:08 +08:00
9afe5517f7
return unless domains -> return if domains.empty?
2016-02-18 10:26:45 +08:00
15f6992aec
add yahoo_search_domain(domain) / yahoo_search_ip(ip)
2016-02-18 00:03:28 +08:00
29185271a7
report domains/ips to (notes / hosts)
2016-02-17 11:41:59 +08:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
2428d5127c
add Yahoo Search Engine Subdomains Collector
2016-02-16 03:11:38 +08:00
3416a24dda
Adding vprint_status for loot path
...
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
2016-02-14 11:19:20 -06:00
cdaa2a8c43
Adding Apache Karaf Command Execution Module
...
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command. This is part of GitHub Issue #4358 .
2016-02-10 16:48:08 -06:00
55c8d23e1f
Handle refused connections during axfr
2016-02-04 09:23:49 -08:00
52d81f7e93
More/better status printing for big query types
2016-02-04 09:18:26 -08:00
c025458d22
More consistent record type printing
2016-02-04 09:12:36 -08:00
c630f791c3
Remove loot storage from enum_dns. Loot is appropriate for this use case
2016-02-04 09:10:08 -08:00
4408742930
Fix storage of SRV record notes
2016-02-04 09:08:21 -08:00
ef75845d01
Better fetching/saving of SRV records
2016-02-03 13:07:20 -08:00
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
1749932bb4
Cleanup loot saving output
2016-01-28 14:16:47 -08:00
6646785902
Don't enumerate other possible domains via TLD expansion by default
2016-01-28 14:09:09 -08:00
86e7cd92c0
Minor style nit on printed NS records
2016-01-28 14:08:20 -08:00
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
643ebfed7e
format print_status output for get_srv/get_tld
2016-01-16 11:21:16 +08:00
e491502023
handle exception - ResolverArgumentError
2016-01-12 00:48:02 +08:00
408b8fa4fd
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:54:03 +08:00
eecd75262c
handle exception - (get_tld - ArgumentError / get_mx - SocketError)
2016-01-07 00:25:28 +08:00
71acff5733
output scan results (set VERBOSE false)
2016-01-06 23:55:48 +08:00
a477868efb
add ENUM_BRT switch to def get_a(domain)
2015-12-30 13:15:43 +08:00
5bd380c7bd
remove vprint_status / zone transfer - Handle Errno::ETIMEDOUT Exception
2015-12-30 12:06:54 +08:00
e172d60e8e
rename STOP_STORE_LOOT to STORE_LOOT
2015-12-30 10:13:05 +08:00
3edd00f2ec
(description) dns MX to DNS MX / change default options from false to true
2015-12-30 10:07:38 +08:00
7d3978b146
Fix: save_root - Auxiliary failed: ArgumentError wrong number of arguments (5 for 7)
2015-12-29 19:59:56 +08:00
8830a0630d
Review - add options / threads / report_service / STORE_LOOT / ...
2015-12-29 19:43:52 +08:00
9bed78701d
Replace module actions with REG_DUMP_* options
2015-12-28 21:10:43 +00:00
ceef02e8b2
Add Snare Lite for Windows Registry Access module
2015-12-28 15:16:21 +00:00
74e1b8d5ac
Fix res nil
2015-11-24 00:15:05 -06:00
95ca288f9d
Modify check
2015-11-23 20:33:14 -06:00
09e6a54886
In case anonymous is not allowed for decryption
2015-11-23 20:26:41 -06:00
20ba10d46c
Spaces, how dare you
2015-11-23 16:45:02 -06:00
faab28f1d6
Add Jenkins Domain Credential Discovery Auxiliary Module
2015-11-23 16:23:59 -06:00
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
32faf7a8d4
Fix #6183 , hard tabs fix
2015-11-10 16:48:03 -06:00
a9fe09497e
Fix hard tabs
...
Mixing tabs and spaces? Seriously?
2015-11-10 16:47:29 -06:00
8dc636507b
Land #6183 , dns_srv_enum updates
2015-11-10 16:44:27 -06:00
e98570cbd1
Clean up module
2015-11-10 16:44:10 -06:00
970c5da9a6
Update dns_srv_enum.rb
2015-11-07 20:01:26 +01:00
730f6b2326
Update dns_srv_enum.rb
...
Remove some comment following message on pull-request.
2015-11-07 15:23:32 +01:00
2adcd0a0d2
add references
2015-11-05 23:45:29 +00:00
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
d63f7c843e
enum_dns - review
2015-11-05 10:09:54 +00:00
3739a2fb72
Update dns_srv_enum.rb
2015-11-03 16:59:55 +01:00
f1feccfd7c
Update dns_srv_enum.rb
2015-11-03 16:53:26 +01:00
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
93df45eff1
Land #6138 , Land joomla plugin com_realestatemanager Error Based SQLi
2015-10-28 13:36:14 -05:00
09b79414ee
Report hash
2015-10-28 13:33:00 -05:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
9041f95511
Perform final cleanup
2015-10-27 11:21:17 -05:00
132cbf0cd7
joomla plugin com_realestatemanager Error Based SQL Ijnection
2015-10-27 15:18:17 +00:00
c7fe014854
remove global variables
2015-10-26 17:13:51 -05:00
8b4f2290ed
no more session ids in desc
2015-10-25 11:01:17 -05:00
f738dd2acb
replace print_* with vprint_* / fix check method
2015-10-25 06:57:56 +00:00
a6628110f6
rebuild joomla_contenthistory_sqli (cve-2015-7297)
2015-10-25 03:56:36 +00:00
949a4c797b
Update joomla_contenthistory_sqli.rb
2015-10-23 09:33:12 -05:00
07d549d783
Update joomla_contenthistory_sqli.rb
...
Remove sessions for now
2015-10-23 09:32:15 -05:00
e4281dd1fb
Create joomla_contenthistory_sqli.rb
2015-10-22 15:05:02 -05:00
4e50f3ebde
Update dns_srv_enum.rb
...
Patch for :
- Split record srvrcd one entry by line for readability.
- Add record for Default-First-Site-Name :
(according to https://technet.microsoft.com/en-us/library/cc759550%28v=ws.10%29.aspx )
'_gc._tcp.Default-First-Site-Name._sites.',
'_kerberos._tcp.Default-First-Site-Name._sites.',
'_kerberos.tcp.Default-First-Site-Name._sites.dc._msdcs.',
'_ldap._tcp.Default-First-Site-Name._sites.',
'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.',
'_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.',
- Remove double entry '_kerberos.tcp.dc._msdcs.'
- Add fqdn query in logs.
- Add report_note to store and preserve the fqdn query.
Ps : I'm not very familiar with the code and patch rules for modules. Thank you to excuse my eventual errors.
2015-10-21 18:27:14 +02:00
cf9ddbb701
Update moduels using Msf::HTTP::Wordpress
2015-10-15 11:47:13 -05:00
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
2e2d27d53a
Land #5935 , final creds refactor
2015-10-01 00:25:14 -05:00
cddf72cd57
Show errors when no results are found
2015-09-10 14:05:40 -07:00
5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
4df622c76b
Oops, one last for #5312 .
2015-05-06 14:48:17 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
83288ff391
Fix typo
2015-04-30 17:58:26 -05:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
bb0b2eee37
Fix missing . in SRV query
...
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
nixawk
Brent Cook
Nicholas Starke
Jon Hart
James Lee
Christian Mehlmauer
Brendan Coles
wchen-r7
aushack
William Vu
fraf0
dmohanty-r7
Louis Sato
Brandon Perry
fraf0
jvazquez-r7
HD Moore
Tod Beardsley
joev
rastating
Mo Sadek
cldrn
Donny Maasland
Denis Kolegov
kaospunk
root