infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,128 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3124 Commits (db7c420d8d7455e4f823346122a10a7de483df7f)

Author SHA1 Message Date
sinn3r db7c420d8d Merge the latest changes 2014-10-21 13:49:42 -05:00
James Lee f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies 2014-10-21 13:28:13 -05:00
sinn3r 79d393c5aa Resolve merge conflicts 
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
 2014-10-21 13:06:35 -05:00
jvazquez-r7 d6f4c02c2a
Land #3979, @wchen-r7 fixes #3976, http_login not using TARGETURI, neither uri normalization 2014-10-20 18:10:57 -05:00
jvazquez-r7 74ac16081f
Land #3981, @wchen-r7 Fixes #3974, axis_login.rb does not normalize URI 2014-10-20 17:51:13 -05:00
HD Moore 935a23296d
Updates to NAT-PMP, lands #4041 2014-10-20 11:26:26 -05:00
James Lee 3051b6c5ba
Clean up exceptions 
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
 2014-10-20 10:27:02 -05:00
James Lee b7d69bec83
Restore proxies to ssh scanners 2014-10-20 10:19:06 -05:00
Jon Hart 2985b39267
Land #3980, @wchen-r7 fixed #3975 2014-10-19 17:11:06 -07:00
ikkini c2174c7910 return if no version response received 2014-10-19 00:29:36 +02:00
James Lee 329a600b84
Add tcp evasion options to mssql_login 2014-10-17 17:40:21 -05:00
William Vu 10f3969079
Land #4043, s/http/http:/ splat 
What is a splat?
 2014-10-17 13:41:07 -05:00
William Vu 367ea5d3db
Add disclosure date 2014-10-17 12:35:28 -05:00
Tod Beardsley ccdaf2b576
Fix the banner 
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
 2014-10-17 12:23:23 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Tod Beardsley ad501b25e4
Filename move to be less redundant 2014-10-17 11:25:14 -05:00
Jon Hart 8fdae8fbfb Move protocol and lifetime to mixin, use correct map_target if CHOST 2014-10-16 13:24:17 -07:00
James Lee 40b360555f
Make the error message a little more useful 2014-10-16 12:47:13 -05:00
Tod Beardsley 8cf10be779
Don't assume SSLv3 is set (kill FP+s) 2014-10-16 10:43:58 -05:00
Tod Beardsley 0b67efd51e
Add a POODLE scanner and general SSL version scan 2014-10-16 10:27:37 -05:00
James Lee 41a57b7ba5
Re-enable proxies for HTTP-based login scanners 2014-10-15 17:00:44 -05:00
Jon Hart 07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful 2014-10-15 06:39:38 -07:00
Tod Beardsley 592f1e9893
Land #3999, errors on login suppressed by default 
This also solved the merge conflict on:

	modules/auxiliary/scanner/http/jenkins_login.rb

Fixes #3995.
 2014-10-14 16:35:09 -05:00
Jon Hart ea6824c46f WIP of NAT-PMP rework 2014-10-14 14:20:24 -07:00
William Vu bdbad5a81d
Fix misaligned bracket 2014-10-14 13:43:59 -05:00
Tod Beardsley 9f6008e275
A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 56534e7ad3
Changed a login failed to vprint instead of print 
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995.

This module was introduced in PR #3947.
 2014-10-14 12:01:09 -05:00
sinn3r 9500038695 Fix #3995 - Make negative messages less verbose 
As an user testing against a large network, I only want to see
good news, not bad news.
 2014-10-11 11:11:09 -05:00
sinn3r 260aa8dc22 Fix #3984 - Fix broken check for drupal_views_user_enum 2014-10-10 10:23:20 -05:00
Tod Beardsley aefd15c185
Land #3376, ARRIS SNMP enumerator from @inokii 2014-10-09 15:28:06 -05:00
sinn3r 7d8eadada6 Fix #3974 - Validate and normalize URI for axis_login 2014-10-09 14:33:39 -05:00
sinn3r c9c34beafa Fix #3975 - Register TARGETURI, not URI 
The module should register TARGETURI and call #target_uri for
URI validation.
 2014-10-09 14:10:29 -05:00
sinn3r d366cdcd6e Fix #3976 - validate and normalize user-supplied URI for http_login.rb 
URI should be validated and normalized before being used in an HTTP
request.
 2014-10-09 12:14:33 -05:00
Spencer McIntyre a535d236f6
Land #3947, login scanner for jenkins by @nstarke 2014-10-09 12:59:02 -04:00
Spencer McIntyre 6ea530988e Apply rubocop changes and remove multiline print 2014-10-09 12:57:39 -04:00
sinn3r df0d4f9fb2 Fix #3973 - Unneeded datastore option URI 
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
 2014-10-09 00:06:15 -05:00
nstarke 328be3cf34 Fine Tuning Jenkins Login Module 
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
 2014-10-08 17:53:21 -05:00
William Vu 399a61d52e
Land #3946, ntp_readvar updates 2014-10-06 21:57:57 -05:00
nstarke e1b0ba5d3d Removing 'require pry' 
I accidentally left a reference to pry in my code.
Removing
 2014-10-06 21:40:39 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs 
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
 2014-10-06 21:14:10 -05:00
sinn3r d3354d01f0 Fix #3808 - NoMethodError undefined method `map' 
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
 2014-10-06 15:42:51 -05:00
Jon Hart 8c8ccc1d54
Update Authors 2014-10-06 11:30:39 -07:00
nstarke 69400cf280 Fixing Author Declaration 
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
 2014-10-05 23:17:28 -05:00
nstarke c0a3691817 Adding Jenkins-CI Login Scanner 
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
 2014-10-05 22:08:34 -05:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
Jon Hart a341756e83
Support spoofing source IPs for NTP readvar, include status messages 2014-10-03 14:05:57 -07:00
Jon Hart fa4414155a
Only include the exact readvar payload, not any padding 2014-10-03 13:58:13 -07:00
Jon Hart 65c1a8230a
Address most Rubocop complaints 2014-10-03 13:47:29 -07:00
Jon Hart 0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster 2014-10-03 13:28:30 -07:00
HD Moore 77bb2df215 Adds support for both CVEs, lands #3931 2014-10-01 17:06:59 -05:00