Commit Graph

473 Commits (d938959e97caae70408aeb6f93d433d94772425d)

Author SHA1 Message Date
HD Moore 59ecc8584d Force http_version to always make a new request, even if the information is in the DB 2012-04-23 02:39:02 -05:00
sinn3r b955569b10 Update the use of get2() in order to support ruby 1.9.3 2012-04-20 01:37:24 -05:00
sinn3r 45997b8dd4 Fix typos 2012-04-19 10:54:05 -05:00
Tod Beardsley ce3d98bc88 vcms_login.rb description 2012-04-19 07:44:28 -05:00
sinn3r 5fde6b759f Add VCMS brute-force module 2012-04-19 02:25:03 -05:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
sinn3r 9cec9639c7 Add an aux module to brute force Dolibarr's login interface 2012-04-08 18:16:38 -05:00
Tod Beardsley 9cf896ffa1 Pre-release fixups on titles and grammar
Fixing squid_pivot_scanning and enum_xchat
2012-04-02 11:24:49 -05:00
Tod Beardsley 220ad7875f Merge pull request #285 from wvandevanter-r7/squid_pivot_scanning
Squid pivot scanning
2012-03-29 05:02:05 -07:00
Willis Vandevanter f5e05461f6 changed the false positive check IP to a user set variable 2012-03-28 22:18:56 -04:00
Willis Vandevanter 0fcab521d2 fixed print_bad 2012-03-28 02:32:03 -04:00
Tod Beardsley fb9163caf9 Merge pull request #278 from wchen-r7/manageengine_deviceexpert
Add OSVDB-80262 ManageEngine DeviceExpert
2012-03-26 14:42:36 -07:00
sinn3r 79d74b8768 ADD OSVDB-80262 2012-03-26 12:58:18 -05:00
sinn3r 19fc8d9883 Add OSVDB-80262 2012-03-26 12:42:24 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
Gregory Man ba6928cbf1 sockso_traversal 1.8 compatibility fix 2012-03-16 18:12:09 +02:00
sinn3r 46dbaf8283 Fix typos and output 2012-03-15 16:10:05 -05:00
sinn3r 81b3eaa482 Fix typo 2012-03-15 15:56:24 -05:00
sinn3r db4538389c Add sockso dir traversal 2012-03-15 15:55:54 -05:00
James Lee 74e40763d6 Fix syntax error in 1.8, thanks Jun Koi for the patch 2012-03-15 14:32:16 -06:00
sinn3r d5f83be2d0 Cosmetic changes 2012-03-15 11:21:41 -05:00
Gregory Man 9928b102b5 Added rails_mass_assignment module. 2012-03-15 16:56:38 +02:00
sinn3r 65bde7ec99 Add OSVDB-79863 NetDecision Directory Traversal 2012-03-14 16:50:54 -05:00
James Lee 2b9acb61ad Clean up some incosistent verbosity
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
sinn3r 003fa3e22c Apply patch for #6495 2012-03-06 11:43:28 -06:00
Willis Vandevanter 461a59e28d modified description and lowered the number of required requests 2012-03-06 00:48:54 -05:00
Willis Vandevanter 0f17bbdfdd squid pivot scanning module 2012-03-06 00:30:30 -05:00
sinn3r 1005de0523 Port should not contain a non-numeric value or even empty when assigned to :port 2012-03-05 11:10:16 -06:00
Tod Beardsley 7447052b38 Convert WMAP constant name to the new format. 2012-03-02 10:18:32 -06:00
Tod Beardsley 302853f5a4 Unpolluting SVN Revision keyword
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
Tod Beardsley 3626d48db2 Un-polluting SVN Id keyword
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
Efrain Torres 36a3341acd Fix body cero. 2012-03-02 10:18:32 -06:00
Efrain Torres 6fba0698e5 Adding another detection method for blind sqli 2012-03-02 10:18:32 -06:00
Efrain Torres 02f6e3fcb2 Improving report on blind sqli module 2012-03-02 10:18:32 -06:00
Efrain Torres 126a6133cd Improving blind sql inj. detection 2012-03-02 10:18:32 -06:00
Efrain Torres b608aeeeb7 Migrating modules to use report_web_vulns and minor fixes 2012-03-02 10:18:32 -06:00
Efrain Torres 1a09a49f69 Starting getting rid of report_note to use report_web_vuln on all http aux modules 2012-03-02 10:18:32 -06:00
Efrain Torres 2ce7dc9331 One more module. 2012-03-02 10:18:32 -06:00
Efrain Torres 9c6fec3c33 First step on module cleaning. 2012-03-02 10:18:32 -06:00
Efrain Torres eaecdb487c Fix sname in report_ calls to check the use of ssl and report http or
https
2012-03-02 10:18:31 -06:00
Efrain Torres 6d80aa0a44 Renaming duh. 2012-03-02 10:18:31 -06:00
Efrain Torres 3cb65e24a1 Fix blind sqli module description and bug with http_method 2012-03-02 10:18:31 -06:00
Efrain Torres 6938b91d07 Execute tests agains a specific path and bug fix in blind sqli module 2012-03-02 10:18:31 -06:00
Efrain Torres a2e5a4d9d5 New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention 2012-03-02 10:18:31 -06:00
sinn3r e9df9d6c2c Increase default depth 2012-02-29 16:24:18 -06:00
HD Moore 8d212849dc Fix typos that result in stack traces when matching the response codes 2012-02-22 16:04:24 -06:00
James Lee 464cf7f65f Normalize service names
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
2012-02-21 22:59:20 -07:00
HD Moore acb4446e45 Fix #6407 by treating redirects as successful authentication 2012-02-21 16:02:21 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
sinn3r ea698864bd Add aux module to disclose IIS internal IP (Feature #6405) 2012-02-19 22:44:30 -06:00
sinn3r 95fa97cbd7 This module should be using store_loot() to save downloaded data 2012-02-19 20:48:00 -06:00
sinn3r 6037a2fc7a Correct type and name for store_loot 2012-02-19 20:20:44 -06:00
sinn3r 825ea01f79 Correct report_web_vuln 2012-02-19 16:37:42 -06:00
sinn3r 199e9c518b Add Generic HTTP Directory Traversal Utility (Feature #6338) 2012-02-19 00:30:18 -06:00
sinn3r ebd5438984 Add POST to method 2012-02-17 22:36:33 -06:00
sinn3r 3390bdf312 Validate METHOD with OptEnum 2012-02-17 18:54:53 -06:00
sinn3r ec58b4669e This module only handles GET, so that's the only option we'll allow 2012-02-17 18:20:16 -06:00
sinn3r 9e17b09632 This module is only meant to handle GET and PUT, so let's be strict on that 2012-02-17 18:17:28 -06:00
sinn3r 7ae58bfd9d Make sure the HTTP method is always upper-case to make Apache happy 2012-02-17 18:15:23 -06:00
sinn3r ae57a8d9fd Make sure the HTTP method is always uppercase so we don't get a 501 2012-02-17 03:34:39 -06:00
Tod Beardsley e371f0f64c MSFTidy commits
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.

Squashed commit of the following:

commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:58:53 2012 -0600

    Break up the multiline SOAP thing

commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:48:16 2012 -0600

    More whitespace and indent

commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:39:36 2012 -0600

    Whitespace fixes

commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:35:37 2012 -0600

    Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
sinn3r a0ac4125cd Add aux module CMS400 default pass scanner (feature #6301) 2012-01-30 10:40:59 -06:00
Jonathan Cran 54ffb01080 This module should use the default list of tomcat users 2012-01-28 18:13:34 -06:00
Tod Beardsley f6a6963726 Msftidy run over the recent changed+added modules 2012-01-24 15:52:41 -06:00
James Lee 455bcda6e8 Print the port so we know which http service 2012-01-23 10:17:32 -07:00
HD Moore bb035bfec2 Fix up API option names so they can be set globally 2012-01-18 15:05:39 -06:00
Jon Hart 6a057560fa Improvements to auxiiliary/scanner/http/soap_xml to:
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints

https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r b76767669c Update Nenad's author name and e-mail 2012-01-09 20:14:47 -06:00
David Maloney e12d5588c6 Set data on webdav scanner notes to include webdav path.
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
sinn3r 6d401b48d1 Fix typo 2012-01-07 00:02:51 -06:00
sinn3r b7e29191f5 Add Drupal 'Views' module username enumeration (Feature #6194) 2012-01-06 23:51:32 -06:00
sinn3r 6ceb2f04a3 Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability 2012-01-06 14:24:49 -06:00
David Maloney ba86e8a04f Added PROPFIND support to http_login
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
sinn3r ce6b1d6b8c Improve:
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
HD Moore 4736cb1cbe Merge pull request #48 from swtornio/master
add osvdb ref
2011-12-11 20:37:43 -08:00
HD Moore a9db05e53b Fix regular expression 2011-12-10 13:24:58 -06:00
Steve Tornio 25685c4c74 add osvdb ref 2011-12-10 08:07:21 -06:00
sinn3r d6d9ac17d2 use store_loot() instead of store_local() 2011-12-08 11:10:31 -06:00
sinn3r aa5c0c46b6 Fix indent level 2011-12-07 18:44:49 -06:00
sinn3r feab7f5077 Add CVE-2011-4350 2011-12-07 18:42:52 -06:00
HD Moore cf28713f9a Mark specific modules as incompatible due to use of quad-dot code 2011-12-05 13:07:36 -06:00
sinn3r 897731f3a5 Check creds (feature #6025). Also bringing the 'Inbox' regex back 2011-11-29 11:01:39 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r 3a84c31326 Using a better regex for a successful login. Thanks Borys. 2011-11-28 14:29:42 -06:00
sinn3r 5165865560 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-28 14:07:19 -06:00
sinn3r 59ab0c3a18 Fix bug #6021, Thanks Borys 2011-11-28 14:06:56 -06:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status
messages.
2011-11-28 13:31:54 -06:00
sinn3r a578db7f56 Apply fix for #6019 2011-11-28 01:12:18 -06:00
sinn3r 5e08c93ac9 Apply patch #5580 2011-11-26 15:32:43 -06:00
David Maloney c61d02686a HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
David Maloney 9e40fac8b1 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
Tod Beardsley 96d2209ca2 Minor fixups for trace report_note patch 2011-11-14 10:40:11 -06:00
andurin 5d5c9464cc Do some report_note while TRACE detection 2011-11-14 12:10:53 +01:00
Andurin 71599f5ef9 Fix sqlmap aux to work with actual sqlmap.py
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
sinn3r e4ebb890d8 Apply patch for bug #5963 2011-11-12 13:17:26 -06:00
sinn3r 35f84f5e42 yo, ruby 1.8 fix 2011-11-11 11:38:28 -06:00