infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
39,081 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

827 Commits (e16c57ed07133b58c33b9ce5a875ecbc67b1368d)

Author SHA1 Message Date
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins 
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
 2016-03-06 22:06:27 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
wchen-r7 d14ec657e2
Land #6564, Add Apache Karaf Command Execution Module 2016-02-25 14:47:40 -06:00
wchen-r7 1d2ec7a239 Rescue OpenSSL::Cipher::CipherError 
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
 2016-02-25 14:46:53 -06:00
nixawk 6ef4026698 get_ptr - save_note(ip, 'get_ptr', records) 2016-02-25 21:43:13 +08:00
nixawk dfff94a243 save ip/domain relationships 2016-02-25 21:14:40 +08:00
nixawk f0da8e9adf bing_search - ConnectionTimeout 2016-02-23 18:56:34 +08:00
Vex Woo 91822f2861 Merge pull request #12 from jhart-r7/pr/fixup-6187 
More fixup for #6187 (auxiliary/gather/enum_dns)
 2016-02-19 19:12:17 +08:00
Jon Hart 1f5285bca7
Better handling of AXFR if ns records won't resolve on target NS 2016-02-18 22:15:06 -08:00
nixawk 0e185a34bf get_ns / notes nameservers 2016-02-19 14:03:05 +08:00
Jon Hart 42c64b51bb
Remove all report_host instances in enum_dns 
the forced resolution of names won't fly
 2016-02-18 21:41:51 -08:00
Jon Hart 65a3cc2921
Remove duplicated SIP SRV record lookup 2016-02-18 21:41:09 -08:00
nixawk da3c382869 add function domain2ip 2016-02-19 12:35:31 +08:00
nixawk 4ef5cf420c rename the module 2016-02-19 11:18:55 +08:00
nixawk a87c503ae4 merge bing/yahoo subdomains search 2016-02-19 11:17:08 +08:00
nixawk 9afe5517f7 return unless domains -> return if domains.empty? 2016-02-18 10:26:45 +08:00
nixawk 15f6992aec add yahoo_search_domain(domain) / yahoo_search_ip(ip) 2016-02-18 00:03:28 +08:00
nixawk 29185271a7 report domains/ips to (notes / hosts) 2016-02-17 11:41:59 +08:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
nixawk 2428d5127c add Yahoo Search Engine Subdomains Collector 2016-02-16 03:11:38 +08:00
Nicholas Starke 3416a24dda Adding vprint_status for loot path 
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
 2016-02-14 11:19:20 -06:00
Nicholas Starke cdaa2a8c43 Adding Apache Karaf Command Execution Module 
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command.  This is part of GitHub Issue #4358.
 2016-02-10 16:48:08 -06:00
Jon Hart 55c8d23e1f
Handle refused connections during axfr 2016-02-04 09:23:49 -08:00
Jon Hart 52d81f7e93
More/better status printing for big query types 2016-02-04 09:18:26 -08:00
Jon Hart c025458d22
More consistent record type printing 2016-02-04 09:12:36 -08:00
Jon Hart c630f791c3
Remove loot storage from enum_dns. Loot is appropriate for this use case 2016-02-04 09:10:08 -08:00
Jon Hart 4408742930
Fix storage of SRV record notes 2016-02-04 09:08:21 -08:00
Jon Hart ef75845d01
Better fetching/saving of SRV records 2016-02-03 13:07:20 -08:00
James Lee 8094eb631b
Do the same for aux modules 2016-02-01 16:06:34 -06:00
Jon Hart 1749932bb4
Cleanup loot saving output 2016-01-28 14:16:47 -08:00
Jon Hart 6646785902
Don't enumerate other possible domains via TLD expansion by default 2016-01-28 14:09:09 -08:00
Jon Hart 86e7cd92c0
Minor style nit on printed NS records 2016-01-28 14:08:20 -08:00
Christian Mehlmauer 484d57614a
remove re-registered ssl options 2016-01-22 09:54:52 +01:00
nixawk 643ebfed7e format print_status output for get_srv/get_tld 2016-01-16 11:21:16 +08:00
nixawk e491502023 handle exception - ResolverArgumentError 2016-01-12 00:48:02 +08:00
nixawk 408b8fa4fd handle exception - (get_tld - ArgumentError / get_mx - SocketError) 2016-01-07 00:54:03 +08:00
nixawk eecd75262c handle exception - (get_tld - ArgumentError / get_mx - SocketError) 2016-01-07 00:25:28 +08:00
nixawk 71acff5733 output scan results (set VERBOSE false) 2016-01-06 23:55:48 +08:00
nixawk a477868efb add ENUM_BRT switch to def get_a(domain) 2015-12-30 13:15:43 +08:00
nixawk 5bd380c7bd remove vprint_status / zone transfer - Handle Errno::ETIMEDOUT Exception 2015-12-30 12:06:54 +08:00
nixawk e172d60e8e rename STOP_STORE_LOOT to STORE_LOOT 2015-12-30 10:13:05 +08:00
nixawk 3edd00f2ec (description) dns MX to DNS MX / change default options from false to true 2015-12-30 10:07:38 +08:00
nixawk 7d3978b146 Fix: save_root - Auxiliary failed: ArgumentError wrong number of arguments (5 for 7) 2015-12-29 19:59:56 +08:00
nixawk 8830a0630d Review - add options / threads / report_service / STORE_LOOT / ... 2015-12-29 19:43:52 +08:00
Brendan Coles 9bed78701d Replace module actions with REG_DUMP_* options 2015-12-28 21:10:43 +00:00
Brendan Coles ceef02e8b2 Add Snare Lite for Windows Registry Access module 2015-12-28 15:16:21 +00:00
wchen-r7 74e1b8d5ac Fix res nil 2015-11-24 00:15:05 -06:00
wchen-r7 95ca288f9d Modify check 2015-11-23 20:33:14 -06:00
wchen-r7 09e6a54886 In case anonymous is not allowed for decryption 2015-11-23 20:26:41 -06:00
wchen-r7 20ba10d46c Spaces, how dare you 2015-11-23 16:45:02 -06:00
wchen-r7 faab28f1d6 Add Jenkins Domain Credential Discovery Auxiliary Module 2015-11-23 16:23:59 -06:00
aushack 1410d03386 Fixed msftidy capitalisation. 2015-11-22 14:32:51 +11:00
aushack fc46ce0ced Bring module title in line with other WP modules. 2015-11-22 13:39:45 +11:00
William Vu 32faf7a8d4 Fix #6183, hard tabs fix 2015-11-10 16:48:03 -06:00
William Vu a9fe09497e Fix hard tabs 
Mixing tabs and spaces? Seriously?
 2015-11-10 16:47:29 -06:00
William Vu 8dc636507b
Land #6183, dns_srv_enum updates 2015-11-10 16:44:27 -06:00
William Vu e98570cbd1 Clean up module 2015-11-10 16:44:10 -06:00
fraf0 970c5da9a6 Update dns_srv_enum.rb 2015-11-07 20:01:26 +01:00
fraf0 730f6b2326 Update dns_srv_enum.rb 
Remove some comment following message on pull-request.
 2015-11-07 15:23:32 +01:00
nixawk 2adcd0a0d2 add references 2015-11-05 23:45:29 +00:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
nixawk d63f7c843e enum_dns - review 2015-11-05 10:09:54 +00:00
fraf0 3739a2fb72 Update dns_srv_enum.rb 2015-11-03 16:59:55 +01:00
fraf0 f1feccfd7c Update dns_srv_enum.rb 2015-11-03 16:53:26 +01:00
Louis Sato 57304a30a8
Land #6139, remove bad ref links 2015-10-29 16:00:43 -05:00
wchen-r7 93df45eff1
Land #6138, Land joomla plugin com_realestatemanager Error Based SQLi 2015-10-28 13:36:14 -05:00
wchen-r7 09b79414ee Report hash 2015-10-28 13:33:00 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links) 
These links are no longer available. They are dead links.
 2015-10-27 12:41:32 -05:00
William Vu 9041f95511 Perform final cleanup 2015-10-27 11:21:17 -05:00
nixawk 132cbf0cd7 joomla plugin com_realestatemanager Error Based SQL Ijnection 2015-10-27 15:18:17 +00:00
Brandon Perry c7fe014854 remove global variables 2015-10-26 17:13:51 -05:00
Brandon Perry 8b4f2290ed no more session ids in desc 2015-10-25 11:01:17 -05:00
nixawk f738dd2acb replace print_* with vprint_* / fix check method 2015-10-25 06:57:56 +00:00
nixawk a6628110f6 rebuild joomla_contenthistory_sqli (cve-2015-7297) 2015-10-25 03:56:36 +00:00
Brandon Perry 949a4c797b Update joomla_contenthistory_sqli.rb 2015-10-23 09:33:12 -05:00
Brandon Perry 07d549d783 Update joomla_contenthistory_sqli.rb 
Remove sessions for now
 2015-10-23 09:32:15 -05:00
Brandon Perry e4281dd1fb Create joomla_contenthistory_sqli.rb 2015-10-22 15:05:02 -05:00
fraf0 4e50f3ebde Update dns_srv_enum.rb 
Patch for :
	- Split record srvrcd one entry by line for readability.
	- Add record for Default-First-Site-Name :
	(according to https://technet.microsoft.com/en-us/library/cc759550%28v=ws.10%29.aspx)
		'_gc._tcp.Default-First-Site-Name._sites.',
		'_kerberos._tcp.Default-First-Site-Name._sites.',
		'_kerberos.tcp.Default-First-Site-Name._sites.dc._msdcs.',
		'_ldap._tcp.Default-First-Site-Name._sites.',
		'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.',
		'_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.',
	- Remove double entry '_kerberos.tcp.dc._msdcs.'
	- Add fqdn query in logs.
	- Add report_note to store and preserve the fqdn query.

Ps : I'm not very familiar with the code and patch rules for modules. Thank you to excuse my eventual errors.
 2015-10-21 18:27:14 +02:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
HD Moore cd2e9d4232 Move Msf::Java to the normal Msf::Exploit::Remote namespace 2015-10-09 13:24:34 -07:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
HD Moore cddf72cd57 Show errors when no results are found 2015-09-10 14:05:40 -07:00
wchen-r7 5646f2e0c4 successful status should include last_attempted_at 2015-09-04 13:45:44 -05:00
wchen-r7 cf6d5fac2a Use the latest cred API, no more report_auth_info 2015-09-04 13:43:15 -05:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
wchen-r7 0c7d2af6bc
Land #5750, Add WP All In One Migration Export Module 2015-08-28 14:12:14 -05:00
wchen-r7 837b6a4f71 Update description 2015-08-28 14:11:51 -05:00
wchen-r7 d2e758ac8b Better failure handling 2015-08-28 14:08:29 -05:00
jvazquez-r7 1558fabdb2
Land #5844, @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin 2015-08-21 17:27:56 -05:00
jvazquez-r7 a560496455 Do minor ruby style fixes 2015-08-14 14:50:03 -05:00
jvazquez-r7 82193f11e7 Minor js fixes 2015-08-14 14:45:48 -05:00
Tod Beardsley e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js 2015-08-14 12:07:15 -05:00
joev 0615d908c4 Update description to explain quarantine effects. 2015-08-13 23:46:37 -05:00
joev 84144bf6cf Update webarchive_uxss to use the webarchive mixin. 
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
 2015-08-13 23:41:27 -05:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup 
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
 2015-08-13 12:33:04 -05:00
jvazquez-r7 67f661823a
Land #5614, @cldrn's module to collect lansweeper credentials 2015-08-04 16:55:49 -05:00
jvazquez-r7 ed3f993b75
Do some style fixes 2015-08-04 16:41:15 -05:00
jvazquez-r7 0e3434ebad
Fix metadata 2015-08-04 16:28:50 -05:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00