infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,792 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

24792 Commits (dcc4d25f15e9df6b59f09f4aa0983b94778d5c1f)

Author SHA1 Message Date
David Maloney 0fcfb9d655
add proxies to ssh scanner 
allow the SSH LoginScanner
to accept a proxy directive
 2014-04-25 14:22:21 -05:00
David Maloney 35a039848c
add sshkey loginscanner 
added the loginscanner class for SSHKey and
the base specs
 2014-04-25 14:21:08 -05:00
David Maloney 19ba4cc859
Merge branch 'master' into staging/electro_release 2014-04-25 11:38:36 -05:00
lsanchez-r7 8f43c229b1
Passing the Mdm::Task down the chain 
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
 2014-04-25 11:15:39 -05:00
David Maloney 2346d583ed
touchups and specsfor FTP Scanner 
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
 2014-04-25 11:02:15 -05:00
David Maloney 838a444b23
first pass of FTP LoginScanner 
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
 2014-04-25 10:14:48 -05:00
William Vu c2bb26590c
Land #3250, version handling for Heartbleed server 2014-04-25 00:17:26 -05:00
Ramon de C Valle fd232b1acd Use the protocol version from the handshake 
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282, which is how it should
have been initially.

Thanks to @wvu-r7 for finding this out!
 2014-04-25 01:48:17 -03:00
joev f94d1f6546 Refactors firefox js usage into a mixin. 2014-04-24 15:09:48 -05:00
Tod Beardsley fb3b6f577d
Land #3279, upper bound check for AR 2014-04-24 15:09:07 -05:00
sinn3r 1353c62967
Land #3295 - Fix NoMethodError undefined method `body' for nil:NilClass 2014-04-24 13:53:58 -05:00
sinn3r ba4b507cc7
Land #3280 - Multiplatform WLAN Enumeration and Geolocation 2014-04-24 13:52:32 -05:00
sinn3r 5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit 2014-04-24 13:43:20 -05:00
David Maloney 1f9cf8c68f
add the mixins for tcp and ftp 
skimmed down, non-module dependent mixins
for TCP client and Ftp client. neccesary for
loginscanner work
 2014-04-24 13:39:04 -05:00
sinn3r 656e60c35c
Land #3254 - Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack BoF 2014-04-24 13:20:50 -05:00
sinn3r cde9080a6a Move module to fileformat 2014-04-24 13:17:08 -05:00
sinn3r a39855e20d Works for XP SP3 too 2014-04-24 13:16:24 -05:00
sinn3r ba8d7801f4 Remove default target because there is no auto-select 2014-04-24 13:15:49 -05:00
sinn3r 2e76db01d7 Try to stick to the 100 columns per line rule 2014-04-24 13:15:12 -05:00
Tom Sellers 8f47edb899 JBoss_Maindeployer: improve feedback against CVE-2010-0738 
The exploit against CVE-2010-0738 won't work when using GET or POST.  In the existing code the request would fail and the function would return a nil.  This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:

Exploit failed: NoMethodError undefined method `body' for nil:NilClass

The first changes detect a 401 authentication message and provide useful feedback.  Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.

I've stayed with the module's coding style for consistency.
 2014-04-24 12:37:14 -05:00
Christian Mehlmauer ef815ca992
Land #3288, Postgres support for Heartbleed scanner 2014-04-24 18:03:13 +02:00
David Maloney 087bcbdce1
Merge branch 'master' into staging/electro_release 2014-04-24 09:50:18 -05:00
David Maloney 83a9f37241 Merge branch 'feature/ssh_login_scanner' into staging/electro_release 2014-04-24 09:48:09 -05:00
David Maloney 3a66723741
nake scan! more generic 
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
 2014-04-24 09:43:39 -05:00
Trevor Rosen 5904aa45e6 Merge pull request #1 from rapid7/feature/ssh_login_scanner 
SSH LoginScanner class
 2014-04-24 09:39:28 -05:00
Trevor Rosen e556997bf7
Land #3269 (Pro) fix report import issue 2014-04-24 08:27:06 -05:00
Tom Sellers d4c0d015c1 Update wlan_geolocate.rb 
Updated based on feedback.  Also added enumeration only support for BSD and Solaris.
 2014-04-24 07:04:50 -05:00
Spencer McIntyre ec1f7d644c Support deprecation information from constants 2014-04-23 23:03:02 -04:00
Spencer McIntyre 9ccb9397e3
Land #3264, throttl and csv output support for module 2014-04-23 19:00:28 -04:00
Spencer McIntyre e2b92a824f Change white space for authors in dns_reverse_lookup 2014-04-23 18:56:27 -04:00
David Maloney ed8f87d3cf
allow scan! to take a blcok 
by allowing scan! to take block
and yield the result of each attempt
we can do things like have a module print out
status messages
 2014-04-23 12:41:10 -05:00
JoseMi fd95d9ef38 Added english windows xp sp2 target 2014-04-23 17:32:56 +01:00
William Vu 15bd92dd50
Fix OpenSSH timing attack module 2014-04-23 10:10:37 -05:00
William Vu 0a108acea3
Fix missing comma 
Commas will be the death of me.
 2014-04-23 10:10:12 -05:00
William Vu 6d7fde4302
Land #3157, OpenSSH user enumeration timing attack 2014-04-23 10:01:10 -05:00
William Vu 1a2899d57b
Fix up whitespace 'n' stuff 2014-04-23 10:00:34 -05:00
Thanat0s 457c48b89b Error on sleep 2014-04-23 11:38:23 +02:00
Joe Vennix 143aede19c
Add osx nfs_mount module. 2014-04-23 02:32:42 -05:00
David Maloney d25f0d8f6c
cash host resolution 
if we successfuly resolve the host during
the validation, then alter host to the resolved
address to avoid the overhead of subsequent
DNS requests.
 2014-04-22 15:34:16 -05:00
kenkeiras 96f042110f return is not needed when it's the last lifunction line 2014-04-22 22:33:47 +02:00
kenkeiras c9d8da991a Use Rex.sleep instead of select 2014-04-22 22:33:19 +02:00
kenkeiras d2a558dc85 Removed unused code 2014-04-22 22:33:02 +02:00
William Vu 39a7a049c4
Land #3283, msftidy vars_get check update 
Now with more cyan.
 2014-04-22 12:27:44 -05:00
Christian Mehlmauer 3f4e9ab18d
msftidy: only check send_request_cgi for vars_get 2014-04-22 19:24:06 +02:00
David Maloney 0439569ffb
more documentation work 
added some more YARD docs
 2014-04-22 11:48:14 -05:00
David Maloney a613d044f5
more cleanup work 
some code and documentation DRY work
 2014-04-22 11:38:24 -05:00
David Maloney 36dd10e1c2
add the renamed spec 
renamed spec for credential class
forgot to add it
 2014-04-22 11:05:58 -05:00
David Maloney bc092af855
Fix credential docs 
expanded return types for the Credential
object to be more accurate
 2014-04-22 11:05:12 -05:00
David Maloney b731889c79
add class level documentation 
add some comments for YARD to have class
level documentation for each class
 2014-04-22 10:59:28 -05:00
Wiesław Kielas 8f6567967d Heartbleed PostgreSQL TLS support improvements 2014-04-22 17:36:06 +02:00