Commit Graph

1294 Commits (d1e8b160c7021529451cda3086ae03fa5ca012f1)

Author SHA1 Message Date
sinn3r f7bda738cf Fix file handle leak 2014-08-07 13:30:34 -05:00
sinn3r 711630d059 Fix datastore assignments 2014-08-07 13:28:51 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
David Maloney ab7111120b
and all the rest
finally!
2014-08-01 14:54:18 -05:00
David Maloney 2e7738c788
http and mssql now 2014-08-01 14:22:58 -05:00
David Maloney 439b893fea
refactor axislogin 2014-08-01 12:30:16 -05:00
Tod Beardsley adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.

Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
cx 7247f8879b Empty line fix
Details:
* Empty line fix added to each_user_pass function
2014-07-28 12:50:41 +03:00
cx 5679a72aa8 Added Fixes mentioned by jhart-r7
Details:
* res && res.body fix
  * empty return removed
* vprint added/changed
* is_? convention fixed
* Unknown error removed
* Minor styling issues are fixed
* VERBOSE Option Removed
2014-07-27 00:40:37 +03:00
cx cdabfb84f4 Add Wordpress XML-RPC Login Scanner
This module attempts to authenticate against a Wordpress-site (via
  XMLRPC) using username and password combinations indicated by the
  USER_FILE, PASS_FILE, and USERPASS_FILE options.

  The module, checks for XMLRPC response using `demo.sayHello` function
  and sweeps users with `wp.getUsers` function.

  If `verbose` is set `true`, the raw XML response will be printed.

  The module might be usefull when the target's administration page
  is protected.
2014-07-25 16:24:09 +03:00
Jon Hart bd1970ced9 Fix basic HTTP directory traversal detection 2014-07-24 13:22:58 -07:00
jvazquez-r7 fe0b6fa79e
Land #3532, @luisco's joomla login bruteforcer 2014-07-21 12:56:15 -05:00
jvazquez-r7 aefaa3dd96 Make rubocop more happy 2014-07-21 12:55:45 -05:00
jvazquez-r7 478e43170a Report credentials to database 2014-07-21 12:26:13 -05:00
jvazquez-r7 63fca1bfdd Make some datastore options required 2014-07-21 12:10:52 -05:00
jvazquez-r7 436ac706e8 Rescue Rex::ConnectionError while finding the uri 2014-07-21 12:00:24 -05:00
jvazquez-r7 30de4cdf8d Fix get_login_hidden 2014-07-21 11:57:37 -05:00
jvazquez-r7 ff3a21b520 Refactor do_web_login 2014-07-21 11:35:19 -05:00
jvazquez-r7 22f41e4435 Use vars_post 2014-07-21 11:07:00 -05:00
jvazquez-r7 92fd3bc72b Deleting REQUEST_TYPE option because I don't think has sense here 2014-07-21 10:53:43 -05:00
jvazquez-r7 986b8e5d02 First style issues cleanup 2014-07-21 09:49:05 -05:00
HD Moore 5ba96d6054 Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess 2014-07-19 15:56:41 -05:00
root 7a5f3b8991 Implementing Ruby Style Guide and replace send_request_raw send_request_cgi 2014-07-18 14:31:38 -05:00
root 1f02891dc7 Change name of module and implementation of the recommended changes 2 2014-07-18 00:17:35 -05:00
root 0168a99eaa Change name of module and implementation of the recommended changes 2014-07-17 23:49:25 -05:00
root f2eabdba94 implementation of the recommended changes 2014-07-17 23:36:37 -05:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
root ceff18de9d Add modifiable UserAgent and translations to English 2014-07-16 20:44:20 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
David Maloney 674447c891
final cleanup steps 2014-07-15 15:31:51 -05:00
David Maloney 34635ab968
module login status cleanup
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
root 3becfff41e Add Bruteforce Joomla 2014-07-14 14:07:23 -05:00
William Vu 2fd7bcf8bf
Land #3514, report_note for scraper 2014-07-11 17:17:10 -05:00
nodeofgithub 5d833cbb16 http_header report_note remove to_s 2014-07-11 17:14:45 -05:00
nodeofgithub 7e9eb84531 http_header report_note remove brackets, move rport 2014-07-11 17:14:45 -05:00
nodeofgithub a8ec733a3a Interpolate all the things! 2014-07-11 17:14:09 -05:00
nodeofgithub 4abe856fc1 Rescue http_header notes from getting truncated
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.

(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >

----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
nodeofgithub 6ef69b4014 scraper report_note, remove eol whitespace 2014-07-11 21:21:56 +02:00
nodeofgithub ad46c37988 scraper report_note, remove unnecessary to_s 2014-07-11 21:08:35 +02:00
nodeofgithub 7a7d149dc5 scraper report_note, change note type string 2014-07-11 21:01:20 +02:00
nodeofgithub 8b302cd472 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
nodeofgithub b834e7d3cb Update scraper.rb 2014-07-11 20:20:40 +02:00
nodeofgithub da67a63ad0 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00
HD Moore 4bff68ff2b Use the specified UA, dont duplicate ports 2014-06-30 00:49:21 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
HD Moore a9cd9c584a Respect RPORT even if additional ports are specified 2014-06-28 15:21:54 -05:00
HD Moore 43420aa984 Fix incorrect use of sock.get that can lead to an indefinite timeout
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```

console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```

After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore 3e1ac3fee1 This module was broken due to a hardcoded IP address for google.com 2014-06-28 15:14:29 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
jvazquez-r7 469fae7058
Land #3465, @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability 2014-06-20 17:22:28 -05:00
jvazquez-r7 252d917bbb Fix msftidy and favor && over and 2014-06-20 17:21:10 -05:00
David Maloney 4453dcdc8e
some minor fixes 2014-06-19 15:45:24 -05:00
HD Moore fa5fc724eb Fix the disclosure date 2014-06-19 15:36:17 -05:00
HD Moore f7fd17106a Add the final cari.net URL 2014-06-19 15:33:06 -05:00
James Lee 9421beedb3
Refactor http_login 2014-06-19 14:12:21 -05:00
dmaloney-r7 190923e9a7 Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
Refactor axis_login
2014-06-18 11:43:23 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
James Lee d6de0da5a7
Refactor axis_login 2014-06-17 17:07:53 -05:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
David Maloney 96e492f572
Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
jvazquez-r7 e85f829ee4 modules living inside scanner should include the Scanner mixin 2014-06-12 12:20:44 -05:00
HD Moore fa4e835804 Fix up scanner mixin usage, actual test/bug fix 2014-06-12 11:52:34 -05:00
jvazquez-r7 67d4097e1d
Land #3271, @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module 2014-06-12 11:27:23 -05:00
HD Moore 487bf219f0 Rename to match the title 2014-06-12 11:23:34 -05:00
jvazquez-r7 7650067b41 Fix metadata 2014-06-12 11:22:52 -05:00
jvazquez-r7 e76c85c5d1 Fix usage of print_* 2014-06-12 11:13:45 -05:00
HD Moore 81019ed850 Supermicro work 2014-06-11 15:03:54 -05:00
David Maloney c06fd21fb1
refactor tomcat_mgr_login
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
David Maloney 28bf29980e
Merge branch 'master' into staging/electro-release 2014-06-04 10:21:08 -05:00
Tod Beardsley b7dc89f569
I prefer "bruteforce" to "brute force" for search
Just makes it easier to search for, since it's an industry term of art.
2014-06-02 13:09:46 -05:00
David Maloney 34004908bb
Merge branch 'master' into staging/electro-release
Conflicts:
	.ruby-version
2014-06-02 11:10:33 -05:00
RageLtMan 74400549a1 Resolve undefined method `get_cookies'
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
2014-05-30 14:39:51 -04:00
jvazquez-r7 4a1fea7abb
Land #2948, @juushya's PocketPAD login bruteforce module 2014-05-30 11:47:16 -05:00
jvazquez-r7 b0bdfa7680 Clean up code 2014-05-30 11:44:42 -05:00
jvazquez-r7 fb59221189
Land #2494, @juushya's etherpadduo login module 2014-05-30 11:35:28 -05:00
jvazquez-r7 d92a7adc68 change module filename 2014-05-30 11:31:49 -05:00
jvazquez-r7 40a103967e Minor code cleanup 2014-05-30 11:28:37 -05:00
David Maloney 696d2b7e6b
Merge branch 'master' into staging/electro-release 2014-05-29 12:30:32 -05:00
William Vu 53ab2aefaa
Land #3386, a few datastore msftidy error fixes 2014-05-29 10:44:37 -05:00
William Vu 8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings 2014-05-29 04:42:49 -05:00
James Lee 05e24326a6
Style compliance 2014-05-28 14:31:34 -05:00
Tod Beardsley 1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
See the discussion on f7bfab5a26, PR #3386
2014-05-23 17:10:27 -05:00
Tod Beardsley 9f78bec457
Use normalize_uri (@wchen-r7)
Instead of editing the datastore['PATH'], use normalize_uri.

Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
Tod Beardsley f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
Tod Beardsley f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Christian Mehlmauer df4b832019
Resolved some more Set-Cookie warnings 2014-05-13 22:56:12 +02:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
William Vu 92a9519fd9
Remove EOL spaces 2014-05-09 18:34:12 -05:00
Pedro Laguna ab913a533e Update oracle_demantra_file_retrieval.rb
Fixed typo
2014-04-28 14:36:48 +01:00
Jonathan Claudius d70aa4cdbb Fix MSFTidy complaints 2014-04-22 22:07:25 -04:00
Jonathan Claudius b3cabaaa28 Clean up some formatting concerns 2014-04-22 21:58:14 -04:00
Jonathan Claudius f71ad111da Change return values from nil to false 2014-04-22 21:48:16 -04:00
Jonathan Claudius 3d793fc6f1 Add default VPN group fall back 2014-04-22 21:45:04 -04:00
Jonathan Claudius 4d9ece2f9a Add hyphens and digits to group regex 2014-04-22 21:34:08 -04:00
Tod Beardsley e514ff3607
Description and print_status fixes for release
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
Tod Beardsley 2a729c84f6
Fix disclosure date 2014-04-18 09:27:41 -05:00
jvazquez-r7 8a011ec9f6
Land #3197, @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880 2014-04-18 08:58:54 -05:00
jvazquez-r7 f3299e3ced Do minor code cleanup 2014-04-18 08:58:11 -05:00
Jonathan Claudius 01d843f78f Handle certificate auth nuances 2014-04-17 20:24:19 -04:00
Jonathan Claudius 6daae961cb Add parameterized requests for detection/enumeration 2014-04-17 19:40:27 -04:00
Jonathan Claudius 7ddd93cf5d Add redirect support to #is_app_ssl_vpn? 2014-04-17 12:06:29 -04:00
Jonathan Claudius 0c5fb8c0c2 Fix bug in group enumeration regex 2014-04-17 10:31:05 -04:00
Jonathan Claudius f53e7f84b8 Adds Cisco SSL VPN Bruteforce Aux Mod 2014-04-16 22:47:58 -04:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
coma 44640b126c Add Oracle Demantra 2013-5795 (Database Credentials Retrieval) 2014-04-07 11:42:47 -07:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
sinn3r 0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass 2014-04-07 11:11:55 -05:00
sinn3r 31dfae3a01 Follow the 100 columns per line guideline 2014-04-07 11:10:20 -05:00
sinn3r de242ecc00 Correct date format
Hmm weird, msftidy didn't pick this up
2014-04-07 11:09:27 -05:00
Spencer McIntyre 395f5beef8
Land #3178, http header scan module 2014-04-04 11:36:35 -04:00
Spencer McIntyre 2b6ae68cbf Minor modifications for http_header 2014-04-04 10:46:03 -04:00
Christian Mehlmauer b4aa08251f
changed option from string to regex 2014-04-03 19:34:40 +02:00
Christian Mehlmauer a4adfac312
Added feedback for http_header module 2014-04-02 23:01:23 +02:00
Christian Mehlmauer 69192edd4b
Added new http_header module 2014-04-02 22:04:54 +02:00
HD Moore b8c5e5ddb7 Refactor host/note reporting for the jenkins module
This prevents this module from blindly overwriting the host
fields and instead reports the information as a note that can
be used by the fingerprinting engine. Additionally, consolidate
all jenkins data bits into a single note vs a dozen.
2014-04-02 07:49:39 -07:00
coma 149948485a Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues 2014-04-01 12:28:41 -07:00
William Vu c37dbd104a
Clean up perms and whitespace for owa_login 2014-04-02 01:45:15 -05:00
Tod Beardsley 2972220f60
Land #3047 for real.
Merge branch 'land-3047-really' into upstream-master
2014-04-01 13:16:13 -05:00
Spencer McIntyre dfec2eb53f Cleanup an expression and avoid fail_with 2014-03-31 18:05:20 -04:00
Spencer McIntyre 07e04717c2 Allow using a single URI and/or a list of URIs 2014-03-31 18:05:20 -04:00
Joshua Smith b21d5c1801 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-31 18:05:20 -04:00
Spencer McIntyre 5e9e7e15c8 Return whether result is nil or not. 2014-03-31 18:05:20 -04:00
Spencer McIntyre 0ac112b5e7 Support checking a single URI for ntlm information. 2014-03-31 18:05:19 -04:00
Joshua Smith 159bc264a4 unretards the uri normalize loop 2014-03-31 15:58:21 -04:00
Joshua Smith 2290249a42 uses fail_with to bomb out on datastore probs 2014-03-31 15:52:05 -04:00
Joshua Smith 4f121e3e03 fixes if-logic for error condition 2014-03-31 15:38:05 -04:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Joshua Smith 2530fb9741 adds the return back in (forgot in prev commit) 2014-03-28 19:27:04 -04:00
Joshua Smith dc4b8461e8 unbreaks & DRYs my previous change. 2014-03-28 19:15:38 -04:00
jvazquez-r7 9374777da1
Land #2996, @mcantoni's jboss status aux module 2014-03-28 16:07:08 -05:00
jvazquez-r7 7689751c10 Module module location 2014-03-28 16:05:37 -05:00
coma 107901b481 Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix 2014-03-26 22:37:21 -07:00
coma 30da3575e8 Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra 2014-03-26 21:53:12 -07:00
Brandon Turner 460a1f551c
Fix for R7-2014-05 2014-03-24 14:12:12 -05:00
HD Moore 903af02e08 Store at most one http.fingerprint per host/port, revert http_version 2014-03-23 10:42:20 -07:00
HD Moore f80b9d50f0 Prevent duplicate signatures by using http_fingerprint() without args 2014-03-23 09:59:34 -07:00
Joshua Smith 312f117262 updates file read to close file more quickly 2014-03-21 14:53:15 -04:00
Spencer McIntyre aa26405c23 Cleanup an expression and avoid fail_with 2014-03-20 17:33:09 -04:00
Spencer McIntyre 74398c4b6e Allow using a single URI and/or a list of URIs 2014-03-20 09:54:02 -04:00
Joshua Smith a8d919feb0 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-19 23:32:04 -05:00
sinn3r fe0b76e24e
Land #2994 - OWA 2013 support 2014-03-19 13:16:37 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Spencer McIntyre 12e4e0e36d Return whether result is nil or not. 2014-02-28 10:17:37 -05:00
Spencer McIntyre dfa91310c2 Support checking a single URI for ntlm information. 2014-02-28 08:47:29 -05:00
Peter Arzamendi ea5fe9ec0a Updated to use get_cookie 2014-02-27 08:52:54 -06:00
Peter Arzamendi 9e52a10f2d Set SSL to default to true and removed SSL from register_options. Updated Author to include full name 2014-02-26 20:49:03 -06:00
sinn3r 5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests 2014-02-24 10:39:01 -06:00
Tod Beardsley f6be574453
Slightly better file checks on sqlmap.py 2014-02-15 09:58:03 -06:00
Tod Beardsley dacbf55fc1
Minor cleanup of title and desc on sqlmap 2014-02-15 09:55:06 -06:00
Peter Arzamendi 5ef40e3844 Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD'] 2014-02-12 13:31:03 -06:00
Peter Arzamendi 2b8a8259f9 Updates to support OWA 2013 and some syntax changes 2014-02-12 09:40:49 -06:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
Karn Ganeshen 4c01420f38 msftidy done 2014-02-06 16:52:39 +02:00
Karn Ganeshen 036ae2fd80 msftidy done 2014-02-06 16:25:41 +02:00
Karn Ganeshen 2c0ce2dffc PocketPAD login 2014-02-05 20:22:52 +02:00
Karn Ganeshen 32e46c00d3 Rename ehterpadduo_login.rb to etherpadduo_login.rb 2014-02-05 20:21:16 +02:00
Karn Ganeshen 73418a975a Rename ehterpadduo_login to ehterpadduo_login.rb 2014-02-05 20:20:30 +02:00
Karn Ganeshen 88b2e6b1c3 EtherPAD Duo Login
I've run it through retab. Msfpro loads the module fine. msftidy seems broken though. Gives this on run:
msftidy.rb:444: undefined (?...) sequence: /(?<!\.)datastore\[["'][^"']+["']\]\s*=(?![=~>])/

BR
2014-02-05 20:17:11 +02:00
jvazquez-r7 cccf2e4258
Land #2926, @xistence A10 Networks Loadbalancer dir traversal module 2014-02-04 07:28:51 -06:00
jvazquez-r7 cc09367c62 Change the datastore name option 2014-02-04 07:28:14 -06:00
jvazquez-r7 ffd90a3d38 Add confirmation datastore option 2014-02-03 12:40:58 -06:00
jvazquez-r7 a92256e8d1 Clean a10networks_ax_directory_traversal 2014-02-03 08:41:23 -06:00
jvazquez-r7 53c2a737e9 Don't register rport again 2014-01-31 09:42:41 -06:00
jvazquez-r7 e9f04d9203 Do final cleanup for Support Center Plus module 2014-01-31 09:37:40 -06:00
xistence e81a0ed22b Changes as requested for SupportCenterPlus module 2014-01-31 13:28:45 +07:00
xistence c8296298b3 added A10Networks AX loadbalancer Dir Traversal Auxiliary Module 2014-01-28 16:37:25 +07:00
xistence 32d7f15a5c added ManageEngine Support Center Plus directory traversal auxiliary module 2014-01-28 15:45:23 +07:00
sinn3r ee87f357b0 Raise Msf::OptionValidateError when the PORTS option is invalid
Instead of print_error for invalid ports, modules should be raising
Msf::OptionValidateError to warn the user about the invalid input.
2013-12-18 15:04:53 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
sinn3r 99dc9f9e7e Fix msftidy warning 2013-12-03 00:09:51 -06:00
Jonathan Claudius e37f7d3643 Use send_request_cgi instead of send_request_raw 2013-12-03 00:57:26 -05:00
Jonathan Claudius 14e600a431 Clean up res nil checking 2013-12-03 00:51:19 -05:00
Jonathan Claudius b796095582 Use peer vs. rhost and rport for prints 2013-12-03 00:49:05 -05:00
Jonathan Claudius 0480e01830 Account for nil res value 2013-12-03 00:45:57 -05:00
Jonathan Claudius c91d190d39 Add Cisco ASA ASDM Login 2013-12-03 00:16:04 -05:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
jvazquez-r7 8d6a534582
Change title 2013-12-02 08:54:37 -06:00
jvazquez-r7 24d09f2085
Land #2700, @juushya's Oracle ILO Brute Forcer login 2013-12-02 08:53:10 -06:00
Karn Ganeshen bc41120b75 Updated 2013-11-29 12:47:47 +05:30
Karn Ganeshen 1109a1d157 Updated 2013-11-28 11:30:02 +05:30
jvazquez-r7 cc60ca2e2a
Fix module title 2013-11-25 09:33:43 -06:00
jvazquez-r7 cc261d2c25
Land #2670, @juushya's aux brute forcer mod for OpenMind 2013-11-25 09:29:41 -06:00
Karn Ganeshen e157ff73d3 Oracle ILOM Login utility 2013-11-25 13:55:31 +05:30
Karn Ganeshen 266de2d27f Updated 2013-11-23 00:01:03 +03:00
Karn Ganeshen b5011891a0 corrected rport syntax 2013-11-21 08:57:45 +03:00
Karn Ganeshen 9539972340 Module for OpenMind Message-OS portal login 2013-11-21 06:33:05 +03:00
Tod Beardsley ded56f89c3
Fix caps in description 2013-11-18 16:15:50 -06:00
jvazquez-r7 f690667294
Land #2617, @FireFart's mixin and login bruteforcer for TYPO3 2013-11-18 13:37:16 -06:00
jvazquez-r7 0391ae2bc0 Delete general reference 2013-11-18 13:19:09 -06:00
jvazquez-r7 1c4dabaf34 Beautify typo3_bruteforce module 2013-11-18 13:17:15 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
sinn3r 970e70a853
Land #2626 - Add wordpress scanner 2013-11-12 11:30:23 -06:00
sinn3r 6a28f1f2a7
Change 4-space tabs to 2-space tabs 2013-11-12 11:29:28 -06:00