infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,113 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1388 Commits (de2bf0181c4c2b150e8911460a803c7ae0ef8d01)

Author SHA1 Message Date
FireFart 9d616dbfe9 added typo3 bruteforcer 2013-11-07 22:38:27 +01:00
HD Moore 09c31f7582 Small nitpicks to catch bad http responses 2013-11-06 15:06:04 -06:00
Tod Beardsley 91639dbb99
Trailing whitespace 2013-11-06 14:25:28 -06:00
Tod Beardsley 079816777a
I kin spel 2013-11-06 14:22:41 -06:00
HD Moore 6b43d94c72 Rename, change titles/descriptions, fix minor bugs 2013-11-06 13:45:40 -06:00
jvazquez-r7 b9caf091d4 Change supermicro_ipmi_traversal location 2013-11-06 12:47:50 -06:00
jvazquez-r7 c132a60973 Move Supermicro web interface name to a constant 2013-11-06 12:47:50 -06:00
jvazquez-r7 0609c5b290 Move private key to a constant 2013-11-06 12:47:50 -06:00
jvazquez-r7 275fd5e2ba Sort options by name 2013-11-06 12:47:50 -06:00
jvazquez-r7 9f87fb33a7 Move digest calculation to a variable 2013-11-06 12:47:50 -06:00
Tod Beardsley 46f0998903 Add URL refs 2013-11-06 12:47:50 -06:00
Tod Beardsley a973862c74 Add new modules 2013-11-06 12:47:50 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 efcfc9eef7
Land #2273, @kaospunk's enum domain feature for owa_login 2013-10-28 09:47:54 -05:00
jvazquez-r7 71a1ccf771 Clean owa_login enum_domain feature 2013-10-28 09:46:41 -05:00
sinn3r 7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download 2013-10-24 14:15:26 -05:00
jvazquez-r7 ea80c15c3b
Land #2383, @jamcut's aux module for jenkins enum 2013-10-24 11:31:36 -05:00
jvazquez-r7 8428671f32
Land #2455, @juushya's aux module for radware 2013-10-24 10:54:02 -05:00
jvazquez-r7 1673b66cbe Delete some white lines 2013-10-24 10:50:14 -05:00
jvazquez-r7 b589e9aa6e Use the peer method 2013-10-24 10:45:02 -05:00
jvazquez-r7 255cd18868 Use peer helper 2013-10-23 16:08:40 -05:00
jvazquez-r7 55e3f36589 Add module for ZDI-13-242 2013-10-23 11:24:29 -05:00
jvazquez-r7 a4dd53f650 Chane module filename 2013-10-22 11:16:14 -05:00
jvazquez-r7 cdd183f43a Add reporting 2013-10-22 11:15:16 -05:00
jvazquez-r7 0d73275c3f Delete not necessary check 2013-10-22 10:39:54 -05:00
jvazquez-r7 c50e7c73b6 Make parsing easier 2013-10-22 10:30:03 -05:00
jvazquez-r7 0cc7be0138 Use snake_case 2013-10-22 10:04:32 -05:00
jvazquez-r7 e4a340b7f1 Fix small issues 2013-10-22 10:02:32 -05:00
jvazquez-r7 a425e2be78 Fix typo 2013-10-22 09:28:43 -05:00
jvazquez-r7 111c12ef0d Do cosmetic changes 2013-10-22 09:28:15 -05:00
jvazquez-r7 f46cdb8970 Add the correct plate 2013-10-22 09:27:37 -05:00
jvazquez-r7 de0d09886c Retab changes for PR #2383 2013-10-22 09:26:44 -05:00
jvazquez-r7 0214501891 Merge for retab 2013-10-22 09:22:10 -05:00
jvazquez-r7 5613cfb249 Retab changes for PR #2455 2013-10-21 15:57:23 -05:00
jvazquez-r7 39d38e598d Merge for retab 2013-10-21 15:55:48 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
jamcut 58a43e87dd Added fixes suggested by jlee-r7 
additional code clean up
 2013-10-21 14:18:12 -04:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Karn Ganeshen 09c9cba3d5 Updated code 2013-10-21 19:29:05 +05:30
jvazquez-r7 183116c81f Make module work, and final cleanup 2013-10-20 18:39:41 -05:00
jvazquez-r7 aa6a24da1b Add module template 2013-10-19 00:27:57 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Karn Ganeshen cc42fbc59e Added ext .rb 
... ext .rb why you no save.
 2013-10-17 01:40:05 +05:30
Karn Ganeshen f3d4229ed4 Updated code 
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
 2013-10-17 01:36:26 +05:30
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
kaospunk 4b4804538f Fixes issues based on feedback 
This commit addresses comments made by @jvazquez-r7.
 2013-10-14 16:02:29 -04:00
sinn3r 2a1ade2541 Add disclosure date and some explanation about it 2013-10-13 19:29:51 -05:00
jvazquez-r7 e2c5e6c19f Fix email format 2013-10-13 18:28:35 -05:00
jvazquez-r7 008f787627 Add module for the dlink user-agent backdoor 2013-10-13 14:42:45 -05:00
Tod Beardsley 181606e7cc
Single byte description update. Adds a period. 2013-10-11 15:04:25 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
jvazquez-r7 db11e88255
Land #2321, @juushya's aux module for Sentry CDU enumeration 2013-10-04 08:35:54 -05:00
Karn Ganeshen 37e1e6533c changed default options 
Updated these default options to false:
      'DB_ALL_CREDS'    => false
      'BLANK_PASSWORDS' => false
 2013-10-04 02:48:42 +05:30
Karn Ganeshen 8aac3922f3 add radware_appdirector_enum 
This module scans for Radware AppDirector's web login portal, and performs login brute force to identify valid credentials.

- mstidy.tb & retab.rb run done
- stop_on_success is set to true. Important, otherwise the app starts dropping bf source.
- slowing down brute force speed seems to work though, but can take a long time if more creds to check &| more targets
- better to run bf with 2-3 creds against range, & then come back with more creds if needed
 2013-10-03 20:15:52 +05:30
Tabassassin 773abf0567
Pow, tab assassinated. 2013-10-02 17:16:38 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
sinn3r 7118f7dc4c Land #2422 - rm methods peer & rport 
Because they're already defined in the HttpClient mixin
 2013-09-30 16:01:59 -05:00
Tod Beardsley 9ada96ac51
Fix sqlmap accidental codepoint 
See http://www.ruby-doc.org/core-1.9.3/String.html#method-i-3C-3C

Apparently, String#<< uses Integer#chr, not Integer#to_s. News to me.

Fixed originally by @TsCl in PR #2435, but fixing seperately in order to
avoid screwing up his downstream tracking. Note, this isn't a merge, so
using Closes tag on the commit message.

[Closes #2435]
 2013-09-30 11:23:17 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
FireFart 34b829abef bugfix 2013-09-25 09:15:07 +02:00
FireFart aeb663a5d4 fix output 2013-09-24 10:48:38 +02:00
FireFart dc8f94bac1 Added wordpress version detection 2013-09-24 08:59:56 +02:00
jamcut dff26ac9ff Used default timeout 
forgot an additional default timeout in my previous commit
 2013-09-17 11:28:46 -04:00
jamcut 4aeb754112 Minor Changes 
changed print calls to print_line
removed trailing \n's
used default timeout for send_request_cgi
 2013-09-17 11:20:45 -04:00
jamcut ea367d218c dded Jenkins vulnerability scanner 2013-09-17 10:47:59 -04:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 299860b09d Land #2329, @kaospunk auxiliary module to enumerate ntlm info 2013-09-16 08:16:30 -05:00
jvazquez-r7 4040fe4b6b Fix style 2013-09-16 08:15:46 -05:00
sinn3r 149312a4c0 Correct wordpress_login_enum for #2301 
tabassassin created a mess and I failed to resolve it properly.
Attempt #2. See #2301.
 2013-09-12 14:56:46 -05:00
sinn3r 91b8ca8f22 Merge branch 'pr2301' into upstream-master 
Conflicts:
	modules/auxiliary/scanner/http/wordpress_login_enum.rb
 2013-09-12 14:52:34 -05:00
jvazquez-r7 94cc3f0e49 Retab changes 2013-09-06 09:51:14 -05:00
jvazquez-r7 73a66819ea Merge for retab 2013-09-06 09:50:37 -05:00
jvazquez-r7 7ce9d38eba Fix module 2013-09-06 09:49:52 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 015ac6d92c Retab changes for PR #2273 2013-09-05 14:09:44 -05:00
Tab Assassin e25ec2d2f9 Merge for retab 2013-09-05 14:09:39 -05:00
Tab Assassin 0a1a202fb5 Retab changes for PR #2329 2013-09-05 13:04:23 -05:00
Tab Assassin 760943af2f Merge for retab 2013-09-05 13:02:51 -05:00
jvazquez-r7 c44be42cf5 Merge the check for Sentry in just one request 2013-09-05 10:41:20 -05:00
jvazquez-r7 d280d45964 Revert "Updated module - 1 req action" 
This reverts commit f85b9aa780.
 2013-09-05 10:35:13 -05:00
Karn Ganeshen f85b9aa780 Updated module - 1 req action 
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
 2013-09-05 20:04:02 +05:30
kaospunk 9f628b8b63 Add URI where information was discovered 
This adds the URI where the information was enumerated from to the
scanner output.

One more place where target_uri was being used was also corrected.
 2013-09-05 10:06:11 -04:00
kaospunk afaab5e0a6 Fixes issues raised by jvazquez-r7 
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
  default
 2013-09-05 09:34:35 -04:00
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication 
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
 2013-09-04 21:39:02 -04:00
Karn Ganeshen 3786376b42 Aux module for Sentry CDU enum 2013-09-03 14:44:03 +05:30
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
rbsec a574b548b2 Updated wordpress_login_enum auxilary module. 
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
 2013-08-29 15:28:46 +01:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 85ed9167f2 Print target endpoint 
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
 2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
kaospunk a863005d33 Removed blanks at EOL 
Fixed blanks at EOL per msftidy messages
 2013-08-22 14:20:42 -04:00
kaospunk 7e098e4d6b Domain enumeration put in own function 
The code to enumerate the AD domain is now in its own function

Additionally, a new advanced option has been added which controls
whether or not the domain enumeration will occur so that if it is
not wanted the user can disabled it. By default this is set to
enumerate the AD domain.

If AD_DOMAIN is already specified then this will be used and no
auto enumeration will occur.
 2013-08-22 14:16:00 -04:00
kaospunk 7e0b26e932 Minor fixes to syntax and error handling 2013-08-22 13:23:39 -04:00
kaospunk cdcfa88fa3 Enumerate AD Domain via NTLM Authentication 
Add functionality to attempt an NTLM auth against common directories
to try to enumerate the AD domain. If a domain is found this will be
prepended to the authentication requests, otherwise it's business as
usual.
 2013-08-22 12:26:14 -04:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit 
-) split into seperate modules
 2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation 
-) Added Wordpress checks
 2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin 
-) fixed typo in web mixin
 2013-08-21 12:45:15 +02:00
sinn3r 2fa75e0133 Fix undefined method error 
[FixRM #8325]
 2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error 
[FixRM #8328]
 2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error 
[FixRM #8329]
 2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error 
[FixRM #8330]
 2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error 
[FixRM #8331]
 2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error 
[FixRM #8332]
 2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error 
[FixRM #8334]
[FixRM #8333]
 2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error 
[FixRM #8336]
 2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error 
[FixRM #8338]
[FixRM #8337]
 2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error 
[FixRM #8339]
 2013-08-21 00:50:37 -05:00
sinn3r 32a190f1bd Fix undefined method error 
[FixRM #8340]
 2013-08-21 00:49:13 -05:00
sinn3r 217d89fa7c Fix undefined method error 
[FixRM #8341]
 2013-08-21 00:47:31 -05:00
sinn3r 3a271e7cc7 Fix undefined method error 
[FixRM #8342]
 2013-08-21 00:45:48 -05:00
jvazquez-r7 fe089030d4 Land #2257, @wchen-r7's patch for [SeeRM #8317] 2013-08-20 13:43:37 -05:00
sinn3r 1702cf2af9 Use TARGETURI 2013-08-20 13:23:32 -05:00
jvazquez-r7 3ac59fede7 Land #2251, @wchen-r7's patch to use OptRegexp 2013-08-20 12:55:30 -05:00
sinn3r 202b31d869 Better fix based on feedback 
Tell daddy how you want it.
 2013-08-20 12:52:04 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net 
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
 2013-08-20 01:20:52 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path 
It is possible to have a double slash in the base path, shouldn't
happen.
 2013-08-19 17:55:14 -05:00
sinn3r 7fc37231e0 Fix email format 
Correct email format
 2013-08-19 16:34:14 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option 
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
 2013-08-19 16:16:34 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString 
These modules need to use OptPath to make sure the path is validated.
 2013-08-19 15:30:33 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
sinn3r a94c6aa72b [FixRM 6264] Check required vulnerable component before testing 
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.

[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264

I also made changes to do_login in order to verify successful/bad
attempts more specific.
 2013-08-16 15:45:23 -05:00
sinn3r bbe57dbf3a Some cleanup, also remove TARGETURI because not registered by default 2013-08-16 12:06:24 -05:00
Karn Ganeshen e4885b2017 updated module 
removed the csrfkey parameter from login uri.
 2013-08-16 13:04:02 +05:30
Karn Ganeshen a65181d51b new revision - cisco_ironport_enum 
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
 2013-08-15 04:06:30 +05:30
Juushya d526663a53 Add module to brute force the Cisco IronPort application 2013-08-14 09:16:49 -07:00
jvazquez-r7 5ef1e507b8 Make msftidy happy with http_login 2013-08-05 08:41:07 -05:00
sinn3r 8be3f511a4 Fix undefined variable 'path' for http_login 2013-08-03 21:35:22 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
sinn3r 64cfda8dad Final 2013-06-20 13:28:12 -05:00
sinn3r bfb78e001a Add HP System Management Homepage Login Utility 2013-06-20 12:54:03 -05:00
jvazquez-r7 6319f041df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 08:21:40 -05:00
Steve Tornio 55312529d2 add osvdb ref 94417 2013-06-19 23:13:45 -05:00
jvazquez-r7 a01f0c4671 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 09:34:51 -05:00
sinn3r 90cad4b7fb Land #1980 - Canon Printer Wireless Configuration Disclosure 2013-06-18 19:09:38 -05:00
sinn3r abc3951ca2 Final touchup 2013-06-18 19:08:42 -05:00
Matt Andreko 7f1a913bdc Code Review Feedback from wchen 
Fixed the disclosure date format
Removed the rport option
Added a call to report_note to store the data
 2013-06-18 12:13:19 -04:00
jvazquez-r7 ae1a3e3ca1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 20:39:31 -05:00
Tod Beardsley 4ca9a88324 Tidying up grammar and titles 2013-06-17 16:49:14 -05:00
Matt Andreko df8c80e3d1 Added CVE and disclosure date 2013-06-17 17:40:36 -04:00
jvazquez-r7 2e201bb2a3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-16 15:19:36 -05:00
jvazquez-r7 d20f72a9fd Fix indentation 2013-06-16 15:18:19 -05:00
jvazquez-r7 3cd94f5025 Do final cleanup for infovista_enum 2013-06-16 11:50:40 -05:00
Matt Andreko fd026c5b34 Added References and Disclosure Date 2013-06-15 18:31:20 -04:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
KarnGaneshen ba59434261 added infovista module 2013-06-15 17:16:26 +05:30
jvazquez-r7 7a11077834 Land #1923, @juushya's module for rfcode brute forcing 2013-06-14 13:36:14 -05:00
jvazquez-r7 ae027a9efb Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00
KarnGaneshen 6188df1b3a added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30
jvazquez-r7 0b9cf213df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-12 12:03:10 -05:00
KarnGaneshen 871f1b7c1f updated prints with ip-port reference. msftidy check. module load check. go rf reader.. 2013-06-12 00:53:58 +05:30
KarnGaneshen 736bf120d9 added sname in report data, corrected :host to rhost, :port to rport. msftidy check. module load check. upping it. 2013-06-12 00:25:50 +05:30
jvazquez-r7 0578572d98 Change sevone_enum because it's an Scanner 2013-06-11 08:51:15 -05:00
KarnGaneshen 5c078f5139 added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up. 2013-06-11 12:57:26 +05:30
jvazquez-r7 c641184e37 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 13:30:36 -05:00
jvazquez-r7 0c6dbe9885 Add final cleanup for sevone_enum 2013-06-10 13:16:22 -05:00
KarnGaneshen 72a9c8612b setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30
KarnGaneshen 5c988d99fe more updates to sevone.rb. hopefully all is covered.. 2013-06-10 21:59:18 +05:30
KarnGaneshen 04171c46ec more updates to sevone.rb. hopefully all is covered. 2013-06-10 21:47:56 +05:30
Karn Ganeshen ffa18d413f Updated rfcode_reader_enum.rb ... 
Updated as per review comments. 
Removed loot of network configuration.
Used JSON.parse to bring cleaner loot output
Changed some print_goods to vprint_status
Changed if not to unless
 2013-06-08 03:21:43 +05:30
Karn Ganeshen 74bddcf339 Update sevone_enum.rb 
New updates as per review comments
 2013-06-08 02:28:09 +05:30
Karn Ganeshen 1ca8fd2cf1 Update sevone_enum.rb 
Updated as per initial review comments.
 2013-06-08 01:14:43 +05:30
Karn Ganeshen eb0ae6ed27 Update rfcode_reader_enum.rb 
Updated as per review comments
 2013-06-08 01:00:18 +05:30
Karn Ganeshen 6b8e6b3f0c Create rfcode_reader_enum.rb 
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
 2013-06-07 23:53:09 +05:30
Karn Ganeshen fcc600aa3e Create sevone_enum.rb 
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
 2013-06-07 23:39:22 +05:30
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
sinn3r a3b25fd7c9 Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary 2013-06-05 02:45:45 -05:00
sinn3r 307773b6a1 Extra space - die! 2013-06-05 02:44:56 -05:00
sinn3r 0c1d46c465 Add more references 2013-06-05 02:43:43 -05:00
sinn3r 5d90c6cd71 Make msftidy happy 2013-06-05 02:11:23 -05:00
sinn3r ca5155f01d Final touchup novell_mdm_creds 2013-06-05 02:08:55 -05:00
sinn3r a5a3f40394 Report auth info 2013-06-05 02:06:32 -05:00
steponequit ed4766dc46 initial commit of novell mdm modules 2013-06-04 09:20:10 -07:00
jvazquez-r7 4079484968 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 15:27:36 -05:00
CG 571b62d19d svn scanner added print_good and rport 2013-06-02 18:05:11 -04:00
jvazquez-r7 9d91596e46 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 16:21:32 -05:00
Tod Beardsley 10d8bebe73 Start with a random username to test 401 codes 
SeeRM #7991

While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
 2013-05-29 12:36:28 -05:00
jvazquez-r7 aa688c4313 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 10:47:04 -05:00
Samuel Huckins f0e3b0c124 Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http 
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
 2013-05-29 07:44:18 -07:00
jvazquez-r7 6401d557fd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 19:57:16 -05:00
jvazquez-r7 96888455a7 Add new signature for CF9 2013-05-28 16:04:08 -05:00
sinn3r a6a46f82bb Updates the description a little bit 2013-05-28 14:31:56 -05:00
sinn3r e4e5edc619 Looks like we don't need to check MD5, let's keep it that way then. 2013-05-28 14:31:15 -05:00
sinn3r 8ab90e657c Adds a check for Cold Fusion 10 2013-05-28 14:21:29 -05:00
Matt Andreko 5695994432 Added module to enumerate Canon printer Wifi settings 2013-05-27 18:02:37 -04:00
jvazquez-r7 094a5f1b18 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-26 16:03:33 -05:00
Matt Andreko ea7805d3c8 Fixed a bug in the HSTS module around null headers 2013-05-23 15:02:39 -04:00
dmaloney-r7 ee28a3a8d7 Update http_login.rb 
add parens around conditional to make bikeshed prettier
 2013-05-21 11:28:23 -05:00
David Maloney 4503a7af50 Don't save creds of anyuser:anypass 
If http accepts any user and any pass, it's not a real auth
there is no reason to create cred objects for this.
These creds have been confusing our users
 2013-05-16 10:25:32 -05:00
jvazquez-r7 38e41f20fe Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-24 13:24:13 -05:00
sinn3r cae30bec23 Clean up all the whitespace found 2013-04-23 18:27:11 -05:00
jvazquez-r7 d1c5179b83 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 17:48:12 -05:00
jvazquez-r7 c7fcd6931a Use vprint_error 2013-04-19 16:22:07 -05:00
Christian Mehlmauer eaff87879e added text 2013-04-19 22:03:05 +02:00
Christian Mehlmauer a6be72b019 fixes for mediawiki aux module 2013-04-19 21:43:12 +02:00
jvazquez-r7 d4fa2ba96d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 14:14:36 -05:00
jvazquez-r7 31586770a0 Added module for OSVDB 92490 2013-04-18 14:34:02 -05:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
Tod Beardsley a36c6d2434 Lands #1730, adds a VERBOSE option checker 
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
 2013-04-15 15:32:56 -05:00
Tod Beardsley 29101bad41 Removing VERBOSE offenders 2013-04-15 15:29:56 -05:00
jvazquez-r7 79620ed660 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-09 17:12:16 +02:00
Tod Beardsley ba86e14d43 Whitespace and caps fixes 2013-04-09 08:57:53 -05:00
jvazquez-r7 d65bf8bab9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-08 18:19:41 +02:00
sinn3r d24371eaff Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal 2013-04-08 10:18:30 -05:00
sinn3r 1b5c34db1a Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal 2013-04-08 10:17:19 -05:00
sinn3r 11253c8f3e Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal 2013-04-08 10:16:52 -05:00
jvazquez-r7 daba48035d fix DEPTH description and basename 2013-04-05 11:05:46 +02:00
jvazquez-r7 b6edad1f1d fix DEPTH description and basename 2013-04-05 11:04:43 +02:00
jvazquez-r7 d163e96d6a fix DEPTH description and basename 2013-04-05 11:02:59 +02:00
jvazquez-r7 d823f724cd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-04 22:16:35 +02:00
jvazquez-r7 30f44c3a24 final cleanup for dlink_dir_615h_http_login 2013-04-04 22:02:45 +02:00
jvazquez-r7 8f60d12e46 Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_615H 2013-04-04 22:01:49 +02:00
jvazquez-r7 b75d038fc2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-04 21:54:36 +02:00
jvazquez-r7 7d1e9af728 final cleanup for dlink_dir_session_cgi_http_login 2013-04-04 21:41:42 +02:00
jvazquez-r7 0b9fe53919 module filename changed 2013-04-04 21:41:10 +02:00
jvazquez-r7 6ec6638568 Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B 2013-04-04 21:40:21 +02:00
jvazquez-r7 498a0dc309 final cleanup for dlink_dir_300_615_http_login 2013-04-04 21:15:22 +02:00
jvazquez-r7 cff70e41be Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login 2013-04-04 21:14:56 +02:00
m-1-k-3 7b4cdf4671 make msftidy happy 2013-04-04 13:22:01 +02:00
m-1-k-3 78c492da20 is_dlink, more feedback included, msftidy 2013-04-04 13:18:32 +02:00
m-1-k-3 2f96a673cd is_dlink, more feedback included 2013-04-04 13:17:45 +02:00
m-1-k-3 64f3e68310 is_dlink and some more feedback included 2013-04-04 13:01:18 +02:00
jvazquez-r7 89de9fdf22 cleanup for dlink_dir_300_615_http_login 2013-04-03 10:04:01 +02:00
jvazquez-r7 b4b3c82c86 delete space 2013-04-03 00:31:00 +02:00
jvazquez-r7 54120a2d3a delete space 2013-04-03 00:30:24 +02:00
jvazquez-r7 85d9e3e9ee delete space 2013-04-03 00:29:38 +02:00
jvazquez-r7 0b4eab2499 added module for ZDI-13-053 2013-04-03 00:24:11 +02:00
jvazquez-r7 018e147063 added module for ZDI-13-052 2013-04-03 00:22:38 +02:00
jvazquez-r7 dc17b4931c added module for ZDI-13-051 2013-04-03 00:21:01 +02:00
jvazquez-r7 070fd399f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-31 20:23:08 +02:00
m-1-k-3 587170ae52 fixed author details - next try 2013-03-30 12:43:55 +01:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
m-1-k-3 8032a33cd5 report_auth_info - proof 2013-03-29 22:06:25 +01:00
m-1-k-3 1156194a6b feedback included, server fingerprinting 2013-03-29 22:04:22 +01:00
m-1-k-3 2b4d6eb455 feedback included, server header check 2013-03-29 21:30:45 +01:00
m-1-k-3 b6a50da394 feedback included, server header check 2013-03-29 21:20:51 +01:00
m-1-k-3 aa981cc991 DIR-645 also working 2013-03-27 12:11:14 +01:00
m-1-k-3 615aa57399 Dlink DIR615 HW rev B login module 2013-03-27 09:26:23 +01:00
m-1-k-3 680b551215 default to user admin 2013-03-27 08:59:19 +01:00
m-1-k-3 032214fb1d default to user admin 2013-03-27 08:49:04 +01:00
m-1-k-3 e1a719a6c0 http login module for DLink DIR300revB, DIR600revB, DIR815 2013-03-26 20:57:24 +01:00
m-1-k-3 c4fe21865c user fix 2013-03-26 20:15:19 +01:00
jvazquez-r7 3c12459703 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 19:33:36 +01:00
jvazquez-r7 9717a8c3b4 cleanup for tplink_traversal_noauth 2013-03-25 19:20:18 +01:00
jvazquez-r7 543b401a55 Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal 2013-03-25 19:18:53 +01:00
jvazquez-r7 393d5d8bf5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 19:09:42 +01:00
sinn3r dcce23d23d Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check 2013-03-25 12:19:52 -05:00
Nathan Einwechter aad0eed485 Fix whitespace EOL 2013-03-25 13:00:37 -04:00
Nathan Einwechter 3f79b2fd3b Use :abort for scanner mixin 2013-03-25 12:59:18 -04:00
sinn3r 0d56da0511 Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d 2013-03-25 11:45:40 -05:00
Nathan Einwechter 99fe2a33d7 Deregister USER_AS_PASS and stop on connect error 2013-03-25 12:35:52 -04:00
jvazquez-r7 53b862300e cleanup for linksys_e1500_traversal 2013-03-25 17:33:38 +01:00
jvazquez-r7 ea804d433e change file name 2013-03-25 17:33:16 +01:00
m-1-k-3 e57498190b dlink dir 300/600 login module - initial commit 2013-03-25 08:48:24 +01:00
m-1-k-3 7ff9c70e38 10 to 0 is good :) 2013-03-23 22:46:26 +01:00
m-1-k-3 47d458a294 replacement of the netgear-sph200d module 2013-03-23 22:40:32 +01:00
m-1-k-3 bd522a03e3 replace module to the scanner directory 2013-03-23 22:29:44 +01:00
m-1-k-3 8f59999f82 replace module to the scanner directory 2013-03-23 22:25:04 +01:00
jvazquez-r7 b498bf9b71 up to date 2013-03-12 16:50:35 +01:00
jvazquez-r7 074ea7dee4 Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl 2013-03-11 15:36:20 +01:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
David Maloney 71ba044d03 remove debugging aid 2013-03-04 11:25:34 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues 
Headers were getting duped back into client config, causing invalid
requests to be sent out
 2013-03-04 11:24:26 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
J.Townsend cbce1bdff2 update module description 
This adds the version of wordpress the issue was fixed in to the description
 2013-02-26 00:24:46 +00:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
jvazquez-r7 a19da61177 deleting trailing comma 2013-02-16 00:53:28 +01:00
sinn3r 4eca6e5502 Merge branch 'feature/web_crawler_skip_paths' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/web_crawler_skip_paths 2013-02-13 14:07:20 -06:00
jvazquez-r7 167f5970c1 minor cleanup for rails_json_yaml_scanner 2013-02-13 00:07:58 +01:00
jvazquez-r7 3e2a368823 Merge branch 'rails_json_yaml_scanner' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_json_yaml_scanner 2013-02-13 00:07:11 +01:00
Jeff Jarmoc 846052a34d s/URIPATH/TARGETURI/g per @jvasquez-r7 comments on another pull. 2013-02-12 15:13:06 -06:00
Tasos Laskos f2cf4304d2 Merge remote-tracking branch 'upstream/master' into feature/web_crawler_skip_paths 2013-02-12 22:10:40 +02:00
Tasos Laskos 9efd3f6c5e scanner/http/crawler: added ExcludePathPatterns opt 
Option 'ExcludePathPatterns' allows users to specify which paths should
be excluded from the crawl (and which forms to ignore) by passing a
list of patterns (only allows '*' wildcards).
 2013-02-12 21:47:12 +02:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
Jeff Jarmoc ddd7d307e6 Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333 2013-02-11 16:48:44 -06:00
David Maloney a43b902b5c Fix tomcat_mgr_login auth 2013-02-11 12:00:40 -06:00
sinn3r 7370d7d31b Final touchup 2013-02-08 18:21:06 -06:00
Spencer McIntyre 7522a87cf9 Adding an auxiliary scanner module for Titan FTP password disclosure. 2013-02-08 15:43:02 -05:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
sinn3r 035e8b7100 Merge branch 'groupwise_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-groupwise_traversal 2013-02-07 17:33:34 -06:00
jvazquez-r7 e9912496d8 nice check learned from sinn3r 2013-02-07 22:05:39 +01:00
jvazquez-r7 0d3c32b0a4 Added module for CVE-2012-0419 2013-02-07 21:15:49 +01:00
sinn3r 7f746e1caa That's what he said. 2013-02-07 11:13:18 -06:00
sinn3r d554c3a56a Don't really need the bottom comment 2013-02-07 10:46:42 -06:00
sinn3r 98559d4d51 Do a check and make sure this is Simple Web Server 2013-02-07 10:45:53 -06:00
sinn3r b11f052746 Allow arbitrary depth 2013-02-07 10:32:29 -06:00
sinn3r a3264e18e2 There aint no fail_with(), must use print_error 2013-02-07 10:30:17 -06:00
sinn3r b09f819e4b Add Simple Web Server dir traversal 2013-02-06 17:02:07 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
Jeff Jarmoc 39cafd0cde Use OptEnum instead of OptString 2013-02-04 15:08:34 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup 
cleanup all the old BasicAuth datastore options
 2013-02-04 13:02:26 -06:00
David Maloney 8b1febb4cf add myself to the blame list for the module =P 2013-02-04 12:32:43 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
Jeff Jarmoc 5e0c18af2f adding self to credits 2013-02-03 16:14:42 -06:00
Jeff Jarmoc 57c8e41846 Re-order probes and checks. 
This causes module to exit if error conditions are found, before sending unecessary probes.
 2013-02-03 16:10:46 -06:00
Jeff Jarmoc 8dff427776 Allow 4xx codes, display codes in verbose output 2013-02-03 16:07:07 -06:00
Jeff Jarmoc 810470de3b Make HTTP_METHOD Configurable 2013-02-03 16:05:45 -06:00
David Maloney 5814c59620 move httpauth to mixin 
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
 2013-02-01 15:12:10 -06:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r c174e6a208 Correctly use normalize_uri() 
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
 2013-01-30 23:23:41 -06:00
Tod Beardsley b1f8b87f14 Chmod -x the joomla modules. Also fix a title typo 
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
 2013-01-29 17:02:43 -06:00
sinn3r 1ea1ad3166 Fix the forgotten path() 2013-01-28 14:48:22 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem 
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
 2013-01-28 13:19:31 -06:00
jvazquez-r7 01b7e3554e fix issue found by newpid0 2013-01-25 22:05:09 +01:00
jvazquez-r7 d0ecb617c3 Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner 2013-01-25 21:47:05 +01:00
jvazquez-r7 d6e9f891ea Proposal for joomla-scanner 2013-01-25 20:44:49 +01:00
f8lerror dd1ce34ecc Made recommended changes removed short timeout added returns and other small changes 2013-01-24 17:04:22 -05:00
sinn3r af3a1db4c1 Make better use of ruby regex 2013-01-24 14:16:01 -06:00
sinn3r 077c04d13a Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version 2013-01-24 13:51:27 -06:00
f8lerror 6cdb1a80de Remove app from fingerprint and blank line 2013-01-24 09:47:20 -05:00
f8lerror bf2b01f8ef Delete a file and strip space 2013-01-24 09:30:04 -05:00
f8lerror 6e94c04a52 Code Corrections and Enhancements 2013-01-23 20:26:23 -05:00
sinn3r 5cfabb0443 Apply the changes I suggested before 2013-01-23 00:15:09 -06:00
sinn3r 1e39c31cc2 Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal 2013-01-23 00:06:35 -06:00
f8lerror 5cfe58e8d5 General code review and corrections 2013-01-20 22:33:04 -05:00
Christian Mehlmauer e613c860a5 Added Name and Emailadress 2013-01-17 23:17:14 +01:00
Tod Beardsley a43b218917 Line full of whitespace 2013-01-17 12:43:06 -08:00
f8lerror 0b61d28e0e added Joomla scanner and url wordlist 2013-01-17 11:36:59 -05:00
lmercer a701b5eb79 fixed an error that occurred when patching. 2013-01-16 18:21:19 -05:00
lmercer ddd2dbc17b Updated coldfusion_local_traversal as described in Redmine Feature #6822 2013-01-16 17:54:15 -05:00
lmercer 481f2eb791 updated cold_fusion_version from Redmine Feature #6822 2013-01-16 17:23:35 -05:00
sinn3r 9dc42e93e7 Reduce unnecessary indent level 2013-01-15 14:36:41 -06:00
sinn3r 5109cc97fe Add more verbs 
[SeeRM: #7138] by jabra
 2013-01-15 14:11:53 -06:00
sinn3r ef6eec949c Move impersonate_ssl 
To 'gather', because it grabs stuff, not scans.
 2013-01-11 17:22:27 -06:00
jvazquez-r7 8c5847a13c Make output compatible with an scanner module 2013-01-11 00:10:15 +01:00
jvazquez-r7 0e950997e6 Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access 2013-01-10 23:57:22 +01:00
smilingraccoon 0c58a118ff Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex 2013-01-10 11:32:48 -05:00
smilingraccoon fc5a0e22b2 stupid push, forgot to remove test puts 2013-01-10 10:43:57 -05:00
smilingraccoon ed9d290a85 added status messages, made var blog_posts initalize as nil rather than empty string 2013-01-10 10:41:25 -05:00
smilingraccoon 5bafd6ddcc added status message 2013-01-10 09:43:37 -05:00
jvazquez-r7 5fe2f967da this rescue is done in the mixin 2013-01-09 21:28:06 +01:00
HD Moore 07f8eb6a07 Fix up a typo 2013-01-09 13:05:27 -06:00
HD Moore adb4c89602 Add a scanner module for CVE-2013-0156 2013-01-09 12:50:38 -06:00
smilingraccoon a0a4ef843b added error msgs to rescue 2013-01-09 11:22:36 -05:00
Thomas McCarthy f45739933e Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb 
Changed name var in initialize
 2013-01-08 19:20:02 -05:00
luh2 8e80f5e82c Public key size determined properly 2013-01-08 16:39:27 +01:00
smilingraccoon 9f69dbbd30 update unless statements, targeturi, and resolve var 2013-01-07 13:17:49 -05:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 6a9445966a Caught missing paren 2013-01-07 11:21:55 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
smilingraccoon 0de23a7edb fixed description 2013-01-04 21:16:56 -05:00
smilingraccoon e35afdce5d added wordpress-pingback scanner 2013-01-04 20:59:33 -05:00
smilingraccoon 3936725958 added wordpress-pingback scanner 2013-01-04 20:44:40 -05:00
sinn3r 6f50410e5f Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1 2013-01-03 17:51:54 -06:00
James Lee 9e912a23ff Merge branch 'rapid7' into FireFart-msftidy_aux_1 2013-01-03 16:54:25 -06:00
Tonimir Kisasondi 39e81fb07f Update modules/auxiliary/scanner/http/wordpress_login_enum.rb 
Simple fix for msfconsole start error.
 2013-01-03 21:52:10 +01:00
Christian Mehlmauer e4a6669927 msftidy: remove $Revision$ 2013-01-03 01:05:45 +01:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
Rob Fuller 88d12da3db hilight positive results in WebDAV scanner 
As suggested by Lee Baird
 2013-01-02 13:27:25 -05:00
sinn3r d92b3bd2e1 Apply fixes 2012-12-28 17:46:17 -06:00
sinn3r 2746a57093 Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum 2012-12-28 15:42:09 -06:00
Zach Grace d4bdf1b6b4 Added user name enumeration based on author id enumeration 2012-12-24 16:09:03 -06:00
Chris John Riley e237512bd7 Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate) 2012-12-21 10:47:45 +01:00
sinn3r cad8abef48 msftidy cleanup 2012-12-18 11:46:27 -06:00
sinn3r 860ebbcfb1 Merge branch 'master' into averagesecurityguy-master 2012-12-18 11:45:41 -06:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes' 
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
 2012-12-17 13:29:19 -06:00
luh2 3da4c4f743 Add author's email 2012-12-14 10:38:22 +01:00
luh2 67b4675d01 comply to code conventions 2012-12-13 14:58:33 +01:00
luh2 94fdd4c6fe fix typo 2012-12-13 14:42:16 +01:00
luh2 eea4770521 warns about key size and valid time 2012-12-13 14:40:43 +01:00
jvazquez-r7 8f388eb226 fixing if typo 2012-12-11 23:28:21 +01:00
sinn3r 0ca1dbd14e Account for the timeout condition 2012-12-11 16:24:42 -06:00
sinn3r 25d888bebb Add CVE-2012-4347 Symantec Messaging Gateway Log File Download 2012-12-10 18:09:29 -06:00
sinn3r 64a8b59ff9 Change CVE forma 
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
 2012-12-09 01:09:21 -06:00
Stephen Haywood f56ef52ffc Fixed path error when BASE_PATH is nil. 2012-12-06 23:55:34 -05:00
Stephen Haywood 761e735a55 Store wc.db file in loot. Add BASE_PATH option. 2012-12-06 23:38:03 -05:00
Stephen Haywood 8a149b3ea3 Removed Version. 2012-12-06 17:24:16 -05:00
Stephen Haywood 4ce51fe889 Made changes requested by sinn3r. 2012-12-06 17:18:50 -05:00
Stephen Haywood d938959e97 Module to find SVN wc.db files. 2012-12-06 16:30:23 -05:00
sinn3r 1085357dbb Talked to Todb, we like "." better 2012-11-30 14:53:57 -06:00
sinn3r 61a74bf257 Minor changes here and there 
Changes include:
* Some corrections in metadata
* report_note()
* Removes connect(), usually don't need it in modules
 2012-11-30 14:24:27 -06:00
Matt Andreko a73d8792ee Changed RPORT definition per egypt 2012-11-30 13:57:25 -05:00
Matt Andreko 40b8c93ef8 Added HSTS scanner for HTTPS sites 2012-11-30 09:30:11 -05:00
sinn3r 472ec35adb Merge branch 'kost-aux-scan-splunk-login' 2012-11-26 16:16:02 -06:00
sinn3r af451df864 Lots of changes made 
These changes include:
* More description
* Checks if auth is actually required.
* Collects the default credential on the webpage, and then tries it.
* Fixes possible nil 'Set-Cookie' header.
* Supports more options (USERPASS_FILE, USER_FILE, PASS_FILE)
* Removes the msg() function.
 2012-11-26 16:12:11 -06:00
Tasos Laskos 7795dc58f4 auxiliary/scanner/http/crawler#form_from_url: rescue => rescue URI::Error 2012-11-26 20:54:20 +02:00
Tasos Laskos c17cffdece auxiliary/scanner/http: wrapped an exception-prone URL parse in a begin/rescue block 2012-11-26 18:58:06 +02:00
Vlatko Kosturjak 7bafc97fec Remove non needed and redundant checks 2012-11-24 23:01:08 +01:00
Vlatko Kosturjak cdfe663675 initial import of splunk password guesser 2012-11-24 22:05:57 +01:00
Tod Beardsley 6b4c131cf5 Avoiding a future conflict with release 2012-11-20 13:24:19 -06:00
James Lee c65f37782d Merge branch 'rapid7' into tasos-r7-web-modules 2012-11-16 13:52:18 -06:00
jvazquez-r7 e8fe6031e9 Let default timeout for send_request_cgi 2012-11-16 18:09:47 +01:00
jvazquez-r7 51f238ec38 up to date 2012-11-16 16:03:09 +01:00
Tasos Laskos 8a9f0a0890 Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-14 18:10:41 +02:00
sinn3r ee7e502e89 Merge branch 'impersonate_ssl_tweak' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-impersonate_ssl_tweak 2012-11-13 09:36:28 -06:00
sinn3r 72f0a5613f Add more improvements 2012-11-12 15:40:12 -06:00
sinn3r 8fe3f289bf Merge branch 'drupal_views_user_enum.rb' of git://github.com/zeknox/metasploit-framework into zeknox-drupal_views_user_enum.rb 2012-11-12 14:48:13 -06:00
Chris John Riley 94120604f2 Set back to target_uri.to_s per original module 2012-11-11 12:07:27 +01:00
Chris John Riley 76ba770872 fixed target_uri.path vs target_uri.to_s issue 2012-11-11 11:59:10 +01:00
Chris John Riley 38b25f01f7 Corrected bad coding (sorry) 
Added OptEnum and OptPath
Checks for nil and empty
Added reference
Made AlterSerial an advanced option instead of always on
 2012-11-10 20:24:50 +01:00
Tod Beardsley 1b9d45e106 Test for subdom_list existence first 
Otherwise, you get

````
[11/09/2012 14:50:38] [e(0)] core: Error running against host
173.236.237.136: can't convert nil into String
````

Other than that, looks good.

[Fixes #851]
 2012-11-09 15:01:36 -06:00
Tod Beardsley 171ebe13cd Whitespace fix for vhost_scanner 2012-11-09 14:48:46 -06:00
Tod Beardsley b1c35fdb24 Merge remote branch 'sempervictus/http_vhost_scanner_from_file' 2012-11-09 14:46:54 -06:00
Tasos Laskos 7032ef0f6f Merge remote-tracking branch 'upstream/master' into web-modules 2012-11-09 00:21:38 +02:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have 
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
 2012-11-08 17:42:48 +01:00
HD Moore 4d2147f392 Adds normalize_uri() and fixes double-slash typos 2012-11-08 07:16:51 -06:00
Brandon McCann c4f35def81 fixed vprint_line 2012-11-06 14:58:14 -06:00
Brandon McCann d835a046ed fixed drupal_views_user_enum.rb so it displays to stdout and stores to loot 2012-11-06 14:53:11 -06:00
jvazquez-r7 9576d26299 Merge branch 'bitweaver_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-bitweaver_traversal 2012-11-03 18:25:46 +01:00
sinn3r 10cccb34d8 Uh... I don't want that print_line(). Forgot to remove it. 2012-11-03 05:18:17 -05:00
sinn3r 4415849009 Another attempt to fix the regex 2012-11-03 05:17:32 -05:00
sinn3r d449052472 Make <br /> tag optional 2012-11-02 18:25:48 -05:00
sinn3r 45dce9ff76 Modify regex 2012-11-02 16:44:27 -05:00
sinn3r 1d26491b77 Ok... last fix, really 2012-11-02 15:09:30 -05:00
sinn3r a161c1faa0 Final changes 2012-11-02 15:06:51 -05:00
sinn3r ea5dc940d2 Move module to the correct directory 2012-11-02 14:52:28 -05:00
sinn3r 00d0dc3e4d Add CVE-2012-5192 - Bitweaver overlay_type module 2012-11-02 14:20:20 -05:00
Tasos Laskos 37a9c13c34 updated auxiliary/scanner/http/crawler to accept a callback for each page 2012-11-01 21:20:56 +02:00
jvazquez-r7 357fd1b955 add peer info to print_error message 2012-10-30 17:47:17 +01:00
jvazquez-r7 201f7766d8 Merge branch 'clansphere_lfi_read' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-clansphere_lfi_read 2012-10-30 17:45:45 +01:00
sinn3r a636971b71 Change error message 2012-10-30 11:39:25 -05:00
sinn3r 3f3e6814a3 Make sure no extra '/' in there 2012-10-30 10:40:56 -05:00
jvazquez-r7 26808093d8 Merge branch 'nil_res_bug_fixes' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-nil_res_bug_fixes 2012-10-30 16:18:05 +01:00
jvazquez-r7 5e873d0697 adding peer information to error message 2012-10-30 12:15:01 +01:00
sinn3r c878b9077b Rename the DeviceExpert module to avoid confusion 2012-10-29 12:25:07 -05:00
sinn3r 2a202e9035 Add OSVDB-86563 ManageEngine SecurityManager dir traversal 2012-10-29 12:23:48 -05:00
sinn3r 2c4273e478 Correct some modules with res nil 2012-10-29 04:41:30 -05:00
sinn3r 34731c3e0a Add OSVDB-86720 - Clansphere dir traversarl 2012-10-29 03:44:22 -05:00
Michael Schierl 910644400d References EDB cleanup 
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
 2012-10-23 21:02:09 +02:00
sinn3r 33ce74fe8c Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1 2012-10-23 02:10:56 -05:00
Rob Fuller 7437d9844b standardizing author info 2012-10-22 17:01:58 -04:00
Michael Schierl e9f7873afc Version cleanup 
Remove all values that are neither 0 nor $Revision$.
 2012-10-22 20:57:02 +02:00
Rob Fuller 49948faa9b remove non-functional enum_delicious module 2012-10-22 14:46:52 -04:00
jvazquez-r7 4ad6fcc30e osvdb added 2012-10-19 17:04:47 +02:00
jvazquez-r7 16e2a2e050 fix title for the apache activemq source disclosure mod 2012-10-17 17:23:56 +02:00
jvazquez-r7 29299b29a5 Added modules for CVE-2012-4933 2012-10-15 16:03:19 +02:00
sinn3r e00dbfcc0d You mean.. FILEPATH. 2012-10-14 18:18:11 -05:00
sinn3r 2f04fdd71a Merge branch 'apache_activemq_traversal' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apache_activemq_traversal 2012-10-14 18:16:41 -05:00
jvazquez-r7 d971abaeb9 deleted extra comma 2012-10-14 22:39:07 +02:00
jvazquez-r7 14bd0373d3 deleted extra space 2012-10-14 22:38:14 +02:00
jvazquez-r7 ac6a4c9283 Added module for CVE-2010-1587 2012-10-14 22:36:02 +02:00
jvazquez-r7 2b644dbc45 added module for Apache ActiveMQ directory traversal 2012-10-14 22:30:38 +02:00
HD Moore 286b86949b Prefix with host:port for readability 2012-10-08 15:23:26 -05:00
RageLtMan c0d746a36a remove ternary assignment 2012-10-03 23:34:41 -04:00
RageLtMan 94f8a41b57 Add subdomain input file for VHOST scanner 
This commit allows the vhost scanner to take subdomains from a
text file, one subdomain per line. Lines are stripped of the top
level domain name if present before testing.
 2012-10-03 03:51:58 -04:00
sinn3r f6baf824b6 The USER_FILE path is wrong. 2012-09-27 01:33:11 -05:00
sinn3r 75d40d4d82 Make msftidy happy 2012-09-27 01:33:11 -05:00
Cristiano Maruti 99ec988485 Updated with wordlist path registered options 2012-09-27 01:33:11 -05:00
Cristiano Maruti 75f5e24178 Dell iDrac login aux scanner 2012-09-27 01:33:11 -05:00
jvazquez-r7 270fa1b87b updated descriptions for hp sitescope modules tested over linux 2012-09-05 23:25:08 +02:00
sinn3r bed3c7bbac Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess 2012-09-05 13:59:49 -05:00
sinn3r 598fdb5c50 Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration 2012-09-05 13:58:39 -05:00
jvazquez-r7 20655232d7 cleanup, tested and added osvdb reference 2012-09-05 20:03:46 +02:00
jvazquez-r7 c6f5b1f072 cleanup, test, osvdb reference 2012-09-05 19:56:04 +02:00
jvazquez-r7 ea2eb046c3 cleanup, final test, osvdb reference 2012-09-05 19:45:50 +02:00
jvazquez-r7 166f68b194 added module for ZDI-12-177 2012-09-05 12:54:30 +02:00
jvazquez-r7 534ab55e5c Added module for ZDI-12-173 2012-09-05 12:53:03 +02:00
jvazquez-r7 8a50ca2f47 Added module for ZDI-12-176 2012-09-05 12:51:25 +02:00
sinn3r 638d9d1095 Fix nil res bug, change action name, etc 2012-08-25 02:41:50 -05:00
Ewerson Guimaraes (Crash) cad590488d Update modules/auxiliary/scanner/http/http_traversal.rb 2012-08-24 15:47:07 -03:00
Tod Beardsley 586d937161 Msftidy fix and adding OSVDB 2012-08-15 13:43:50 -05:00
Daniel Miller db4f31de76 Fix use of URI option for glassfish_login 
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
 2012-08-10 15:44:53 -05:00
sinn3r b46fb260a6 Comply with msftidy 
*Knock, knock!*  Who's there? Me, the msftidy nazi!
 2012-08-07 15:59:01 -05:00
sinn3r f1e7ef06cc Add webpagetest dir traversal module 
How did I forget this while writing the exploit?
 2012-08-06 03:11:07 -05:00
sinn3r ecb4e20c92 Instead of deleting the "/", here's a different approach 2012-07-06 01:23:41 -05:00
sinn3r 7876d7fd60 Delete the extra "/" 2012-07-06 01:20:31 -05:00
sinn3r 686f176a99 Correct path 2012-07-06 01:12:47 -05:00
sinn3r 0c18662d46 Make msftidy happy and change the traversal option 2012-07-06 01:10:39 -05:00
sinn3r 3b7e1cd73a Add Dillion's module for Wangkongbao 2012-07-06 00:54:55 -05:00
sinn3r 68c582873b Add the MSF license text 2012-06-27 17:11:00 -05:00
jvazquez-r7 d3bc78c53b applied changes proposed by sinn3r 2012-06-27 23:55:51 +02:00
jvazquez-r7 2c5cc697c9 Added auxiliary module for CVE-2012-2926 2012-06-27 10:21:18 +02:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
sinn3r 05eaac9085 Fix possible param duplicates 2012-06-24 19:05:42 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
HD Moore 5006db7550 The cert module now defaults SSL to true (didnt make sense) 2012-06-15 10:55:53 -05:00
HD Moore b55f233f16 The cert module now defaults SSL to true (didnt make sense) 2012-06-15 10:55:07 -05:00
James Lee ef84ce68e4 Fixes a module that used Wmap stuff without including it 
[FIXRM #6983]
 2012-06-13 15:58:54 -06:00
sinn3r 698e2eab68 Fix nil res when vprints 2012-06-06 09:53:19 -05:00
sinn3r 462a91b005 Massive whitespace destruction 
Remove tabs at the end of the line
 2012-06-06 00:44:38 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction 
Remove whitespace found at the end of the line
 2012-06-06 00:36:17 -05:00