Commit Graph

2814 Commits (ddd7d307e6e5f917744e0b2c8da59eb79667b103)

Author SHA1 Message Date
Jeff Jarmoc ddd7d307e6 Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333 2013-02-11 16:48:44 -06:00
sinn3r 7370d7d31b Final touchup 2013-02-08 18:21:06 -06:00
Spencer McIntyre 7522a87cf9 Adding an auxiliary scanner module for Titan FTP password disclosure. 2013-02-08 15:43:02 -05:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
sinn3r 25d8dac4c0 Merge branch 'bugs/linksys-fixes' of github.com:todb-r7/metasploit-framework into todb-r7-bugs/linksys-fixes 2013-02-07 19:10:36 -06:00
sinn3r ce7da154a6 Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into hmoore-r7-master 2013-02-07 17:35:28 -06:00
sinn3r 035e8b7100 Merge branch 'groupwise_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-groupwise_traversal 2013-02-07 17:33:34 -06:00
jvazquez-r7 e9912496d8 nice check learned from sinn3r 2013-02-07 22:05:39 +01:00
jvazquez-r7 0d3c32b0a4 Added module for CVE-2012-0419 2013-02-07 21:15:49 +01:00
sinn3r 7f746e1caa That's what he said. 2013-02-07 11:13:18 -06:00
sinn3r d554c3a56a Don't really need the bottom comment 2013-02-07 10:46:42 -06:00
sinn3r 98559d4d51 Do a check and make sure this is Simple Web Server 2013-02-07 10:45:53 -06:00
sinn3r b11f052746 Allow arbitrary depth 2013-02-07 10:32:29 -06:00
sinn3r a3264e18e2 There aint no fail_with(), must use print_error 2013-02-07 10:30:17 -06:00
HD Moore 77390a5935 Fix a bug reported by Tom Liston 2013-02-06 23:34:55 -06:00
sinn3r b09f819e4b Add Simple Web Server dir traversal 2013-02-06 17:02:07 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
HD Moore f0ca4b2f08 Merge remote-tracking branch 'upstream/master' 2013-02-06 16:31:31 -06:00
Tod Beardsley 5357e23675 Fixups to the Linksys module
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.

Please test this before landing, obviously. I think it's what's
intended.
2013-02-06 12:46:50 -06:00
Tod Beardsley e175e2c9e9 typo in method name 2013-02-06 12:19:57 -06:00
HD Moore 22e3458cea Fix multi-line output due to bad regex flag 2013-02-06 11:27:58 -06:00
Tod Beardsley faeaa74a49 Msftidy whitespace 2013-02-06 11:06:13 -06:00
HD Moore 9af888c03b Merge pull request #1433 from jjarmoc/jjarmoc-rails_xml_scan
rails_xml_yaml_scanner.rb improvements
2013-02-05 12:34:10 -08:00
David Maloney 877fb017b6 remove negotiate requirements
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
Jeff Jarmoc 39cafd0cde Use OptEnum instead of OptString 2013-02-04 15:08:34 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney 8b1febb4cf add myself to the blame list for the module =P 2013-02-04 12:32:43 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney 2c3de43f4b datastore opts cleanup
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
HD Moore 0660347fca Explicit mult-line match 2013-02-03 21:06:57 -06:00
jvazquez-r7 2bf2d4d8a4 Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal 2013-02-03 23:35:29 +01:00
Jeff Jarmoc 5e0c18af2f adding self to credits 2013-02-03 16:14:42 -06:00
Jeff Jarmoc 57c8e41846 Re-order probes and checks.
This causes module to exit if error conditions are found, before sending unecessary probes.
2013-02-03 16:10:46 -06:00
Jeff Jarmoc 8dff427776 Allow 4xx codes, display codes in verbose output 2013-02-03 16:07:07 -06:00
Jeff Jarmoc 810470de3b Make HTTP_METHOD Configurable 2013-02-03 16:05:45 -06:00
David Maloney 5814c59620 move httpauth to mixin
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
HD Moore d5ae005332 Rename with underscores 2013-02-01 14:39:01 -06:00
HD Moore 4e6c93ec7d Various style fixes, fix ruby 1.8 compat 2013-02-01 14:38:20 -06:00
jvazquez-r7 c24c926ffa add aditional check to detect valid device 2013-02-01 20:55:06 +01:00
jvazquez-r7 996ee06b0f fix another print_ call 2013-02-01 20:43:54 +01:00
jvazquez-r7 152f397a1f first module cleanup 2013-02-01 20:38:11 +01:00
m-1-k-3 988761a6de more updates, BID, Exploit-DB 2013-02-01 20:18:53 +01:00
m-1-k-3 fdd5fe77c1 more updates ... 2013-02-01 19:59:19 +01:00
m-1-k-3 0e22ee73b5 updates ... 2013-02-01 19:26:34 +01:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
sinn3r 39cdb89831 Oh don't be so sensitive about it.
Fixnum vs String
2013-01-31 15:04:13 -06:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00