e8460c3b94
Minor edit
2017-03-03 02:37:20 +05:30
fafd35330d
Add epmp1000 dump hashes module
2017-03-03 02:22:34 +05:30
c6e65b1521
Minor edits
2017-03-03 02:00:19 +05:30
6bd09c142f
Minor edits
2017-03-03 00:53:17 +05:30
c9a354b844
Added nil checks
2017-03-01 20:18:51 +05:30
dcb42a3e69
Initial zigbee support using killerbee. Core session setup portion
2017-02-27 17:29:54 -08:00
69c7b0168c
Restore USERNAME and PASSWORD options for owa_login
...
Requested by our own pentesters, the username & password options
should be restored so users can more easily try one password but
multiple users.
2017-02-27 15:04:06 -06:00
634753f985
Add QNAP admin hash "disclosure"
2017-02-24 19:18:30 -06:00
2631259919
Land #7973 , Enable cert validation for Nexpose
...
This PR enables connection to a Nexpose console using the
nexpose client gem.
It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
43550b8cdf
fixing line length
2017-02-23 19:55:23 -05:00
041238f77c
land #7896 Binom3 power meter scanner and brute
2017-02-23 19:49:50 -05:00
40e6413867
Land #7980 , Add a sploit for CVE-2017-5982, kodi file traversal
2017-02-22 13:11:48 -06:00
49da6289a9
Fix typo in smtp fuzzer
2017-02-20 21:47:59 +01:00
73eed104a9
Take into account @h00die's comments.
2017-02-20 13:22:20 +01:00
7bd6aff1cf
Add a sploit for CVE-2017-5982
2017-02-19 21:57:27 +01:00
24151a9c27
Land #7753 , Add auxiliary RomPager misfortune cookie authentication bypass
2017-02-17 18:07:15 -06:00
e4c324c988
Land #7941 , treat a user with no mailbox as a valid credential anyway
2017-02-17 17:09:57 -06:00
cbfe18e4d7
use certificates in nexpose
2017-02-16 14:34:02 -06:00
3b386f86f6
Typo fix.
2017-02-14 17:05:46 +11:00
e6bfbb7c78
Added random cookie gen, res checks, & minor updates
2017-02-12 16:55:11 +05:30
906ca6c24e
Add Carlo Gavazzi module
2017-02-11 11:18:43 +05:30
94a234e5bf
Specify sname as http/https to keep with standards throughout the code.
2017-02-10 17:31:08 -06:00
58779f0aaf
owa_login no mailbox bugfix
...
The owa_login module currently misses a success condition where the
creds are valid but there is no mailbox setup. This commit adds the
check for the condition for OWA 2013.
2017-02-09 21:35:58 -05:00
4a9a8adaa1
Land #7928 , http_version now stores the fingerprints
2017-02-09 16:28:51 -06:00
4f13bde471
Override `empty?` for the weird ones
...
Fixes #7899
2017-02-09 14:57:20 -06:00
8ade9b8aae
Land #7905 , WordPress content injection module
2017-02-09 15:49:50 +01:00
cf395ea7b1
Make error checks more consistent
2017-02-08 18:00:44 -06:00
0d56676690
Add error check for listing posts
2017-02-08 17:13:12 -06:00
cba5e266f8
Land #7916 , module for netgear password disclosure
2017-02-08 15:48:55 -05:00
e7b421e226
Update netgear_password_disclosure.rb
2017-02-08 13:40:11 -05:00
766e7b013d
Once more, with feeling
2017-02-08 09:17:37 -06:00
a71b097e6b
Revert status iteration, since it doesn't work
...
Also.
2017-02-08 09:13:42 -06:00
fd935c8e3c
Update netgear_password_disclosure.rb
2017-02-08 09:14:39 -05:00
6b2a995a7d
Revert AutoPublish, since it doesn't work
...
Apparently.
2017-02-08 07:43:17 -06:00
df38a91fbd
Be nice and parse JSON for the error
2017-02-08 07:37:09 -06:00
2dfff95669
Fix msftidy warning
2017-02-08 08:28:23 -05:00
befe224c58
Use wordpress_and_online? before actions
2017-02-08 07:24:57 -06:00
46ab03f528
Add SearchTerm to filter listed posts
2017-02-08 06:10:46 -06:00
064420075f
Update diagnostics and print better header
2017-02-08 04:54:25 -06:00
6df55c9733
Gotta catch 'em (post statuses) all
2017-02-08 04:31:06 -06:00
7583d050b7
Add AutoPublish to publish updated posts
2017-02-08 04:01:42 -06:00
e480107bd5
Add PostCount (default 100) to list more posts
2017-02-08 03:52:20 -06:00
13f4b0d7ae
Be more specific with invalid post ID
2017-02-08 02:18:52 -06:00
c16b7e42a6
Fix review stuff
2017-02-07 21:41:38 -05:00
46fbc9dd3f
Fix some formatting
2017-02-07 21:32:19 -05:00
6f4ff89218
Add WPVDB reference
2017-02-07 18:33:58 -06:00
96f7b2e245
http_version now store the fngerprints
...
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
2017-02-07 18:36:36 +01:00
f4580a2616
Add token value check
...
Sometimes it wouldn't return creds if the token is 0. It usually works after running it another time.
2017-02-07 10:53:25 -05:00
c1f9b724cf
Maybe fix syntax error
2017-02-07 10:36:05 -05:00
b4056a110b
Print diagnostics if no posts found/given
2017-02-07 04:37:05 -06:00
e1ade9caf8
Land #7910 , closed ports fix for TCP portscan
2017-02-07 02:23:15 -06:00
00050abb73
Fix msftidy warnings
2017-02-06 22:06:50 -05:00
1f2a95c202
Use html parser instead of regex
2017-02-06 22:03:56 -05:00
115c60446e
Fix weird if loop in check
2017-02-06 17:30:49 -05:00
6ebdbc3f81
Fix some stuff from review
...
I'm going to change the HTML Regex to a parser a bit later, I don't have time right now
2017-02-06 17:29:39 -05:00
f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password
2017-02-06 15:23:06 -05:00
9b4ca31432
Fix typo
2017-02-06 12:52:41 -05:00
52cf9c44df
Update netgear_password_disclosure.rb
2017-02-06 12:43:31 -05:00
16c6480629
Add response checks
...
I can't test this right now as I'm not at a computer that has metasploit installed, but I'll test it when I get a chance to.
2017-02-06 12:10:01 -05:00
f5450a718a
Add TARGETURI datastore option
2017-02-06 11:54:29 -05:00
99227aca1a
Fix things from review
2017-02-06 09:44:35 -05:00
8af966a132
Add WordPress content injection module
2017-02-06 04:40:26 -06:00
fb7e5ff847
Fix more msftidy warnings
2017-02-05 14:00:05 -05:00
f08590982c
Fix some msftidy warnings
2017-02-05 13:58:01 -05:00
609ea3700a
Create netgear_password_disclosure.rb
2017-02-05 13:39:58 -05:00
db77061719
do not add closed ports to database
2017-02-04 16:24:40 +01:00
d305f895ff
Fixed a typo space
2017-02-04 11:59:45 +05:30
36416c20cb
Updated check for extract fail case now + Minor edits
2017-02-04 03:00:31 +05:30
34b861403e
Minor updates
2017-02-04 01:44:18 +05:30
23c2787d57
Land #7795 , Hardware Bridge API.
...
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
16de745437
Minor code cleanups/corrections.
2017-02-01 16:12:45 -06:00
58a50d7dd1
Minor edits
2017-02-01 04:46:05 +05:30
6d6db2f40f
Add epmp1000 dump config module
2017-02-01 04:42:47 +05:30
20a51371ce
Minor Edits
2017-02-01 04:23:28 +05:30
423648e347
Minor edits
2017-02-01 03:53:14 +05:30
82d2777417
Minor update
2017-02-01 03:44:50 +05:30
59e31e26f2
Add Binom3 module
2017-02-01 03:35:35 +05:30
d5845343bd
Fix whitespace, thanks msftidy!
2017-01-30 10:15:20 +00:00
fd6e10bf26
Add CVE numbers
2017-01-30 10:03:13 +00:00
3c9b1be649
Land #7883 , Fix cisco_firepower_download to pass the username properly
2017-01-27 16:31:06 -06:00
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
171cc7d54e
slight wording tweak
2017-01-27 16:26:23 -06:00
e6de951e3e
Fix cisco_firepower_download to pass the username properly
2017-01-27 16:25:34 -06:00
a4dd1fc846
Land #7805 , Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-27 16:09:14 -06:00
f846535d78
Land #7876 which adds an Advantech Webaccess credential gatherer
2017-01-26 19:37:36 -05:00
fd6a58a348
URI decode users
2017-01-26 18:30:17 -06:00
e47f38b3c9
Look at the right link to extract users
2017-01-26 18:20:06 -06:00
ba50f2f88b
Fix nil for empty pass
2017-01-26 17:51:20 -06:00
55b9c15d68
Pass should not be forced
2017-01-26 17:48:41 -06:00
4ee0a380d1
Update module description
2017-01-26 16:35:15 -06:00
5d255f11e1
Added MDNS query spoofing service.
2017-01-26 16:18:11 -06:00
72b654c9b1
Update description
2017-01-26 14:58:02 -06:00
94bc44b485
Add Advantech WebAccess Post Auth Credential Collector
2017-01-26 14:53:59 -06:00
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
1c6d7ee33e
additional changes for Nexpose XXE Arbitrary File Read
2017-01-25 10:29:58 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
b4d3e9da8d
This closes #7849 on the confusing message.
...
Use result.proof which has the right message. Thanks to Wei for pointing it
2017-01-19 15:39:10 -06:00
b5f41b2915
Update advantech_webaccess_dbvisitor_sqli name
2017-01-18 11:09:52 -06:00
82ab4fc630
Update cisco_firepower_download module & documentation
2017-01-17 13:58:10 -06:00
7791c58d5c
rubocop check & msftidy run clean. Minor updates.
2017-01-17 01:10:39 +05:30
657c7444bf
rubocop check & msftidy clean. Few updates.
2017-01-17 00:17:57 +05:30
c31d398549
more description
2017-01-16 09:46:56 -05:00
a687073416
Add Cisco Firepower Management Console LoginScanner
2017-01-13 16:59:20 -06:00
18347a8de7
Land #7774 , Fix pivoting of UDP sockets in scanners
2017-01-10 13:57:28 -06:00
8194603725
Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-09 14:39:37 -06:00
93168648b4
Minor update in description
2017-01-08 13:28:07 +05:30
5f07bca775
Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
...
http://opengarages.org/hwbridge Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00
4133a6fa97
Minor cleanup, msftidy check
2017-01-07 03:57:46 +05:30
5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
ba8394ecc1
Minor updates
2017-01-06 15:34:17 +05:30
39423a70a7
Add Meteocontrol Weblog Extract Admin password module
2017-01-06 15:20:41 +05:30
6004caa475
fix whitespace
2017-01-05 01:58:16 +00:00
c5acda0a22
Fixed the file permissions
2017-01-05 04:40:41 +05:30
d95a3ff2ac
made changes suggested
2017-01-04 23:02:10 +00:00
c15b77c31b
Add Cambium ePMP 1000 Login Scanner module
2017-01-05 04:19:32 +05:30
9d3e90e8e5
cleanup
2017-01-02 17:32:38 +00:00
04a026e786
remove lies from module, this is a bound socket
2017-01-02 09:47:18 -06:00
4c29d23c8a
further cleaning
2016-12-31 17:02:34 +00:00
956602cbfe
add final wnr2000 sploits
2016-12-31 16:49:05 +00:00
6c9e43f2ad
Add fingerprinting of devices, change documentation
2016-12-30 23:52:29 +01:00
fdca963b61
check if the socket exists before closing
2016-12-30 14:59:31 -06:00
870e8046b5
add sploits
2016-12-27 21:12:35 +00:00
a7debd09fd
Fix broken YouTube link in firetv_youtube
...
Guess it's back to Epic Sax Guy. :-)
2016-12-25 20:22:07 -06:00
6bb0f3207d
Add reboot action to chromecast_reset
2016-12-25 15:20:46 -06:00
144f886e8b
Add LoginScanner module for BAVision IP cameras
2016-12-23 16:22:17 -06:00
0589948a73
Remove other rhost (oops) and fail_with
2016-12-23 16:10:21 -06:00
b4235835c8
rhost -> ip
2016-12-23 13:20:24 -08:00
60e602c371
Update chromecast wifi gather module to use Scanner for scanning in bulk
2016-12-23 11:34:19 -08:00
da9ea0b85c
Change the PCRE.
2016-12-16 15:41:10 -06:00
f74fd9e5dd
Land #7672 , support LOCKED_OUT and DISABLED login status
2016-12-16 15:11:05 -06:00
378d8aea36
Merge pull request #7697 from h00die/fix_colorado
...
Fix ftp traversal error conditions
2016-12-16 13:51:15 -06:00
b5beb2eb93
throw errors
2016-12-12 21:48:08 -05:00
2dca7c871b
applying #7582 to all ftp aux traversals
2016-12-10 16:05:09 -05:00
f0dca7abbf
Land #7692 , print_error for error_sql_injection
2016-12-09 17:09:52 -06:00
2b0bce6459
Land #7690 , drupal_views_user_enum user count fix
2016-12-09 16:55:01 -06:00
4e235be484
Ensure a trailing slash for base_uri
...
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
2016-12-09 16:53:58 -06:00
8780c325a7
Fixed issues #7691 , silent exit.
...
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
2016-12-09 16:20:44 -06:00
77dd952370
Land #7592 , check nil return value when using redis_command
2016-12-09 16:07:12 -06:00
17c12a78f5
Fixed issue #7689 , count of found users not accurate
...
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
2016-12-09 15:19:43 -06:00
7e0b224eb2
Make ABORT_ON_LOCKOUT non default
2016-12-08 15:07:53 -06:00
0110b97fa2
Fix #7671 , support LOCKED_OUT and DISABLED login status
...
This allows login scanner modules to skip a user if it is
locked out, or disabled.
Fix #7671
2016-12-07 16:49:16 -06:00
d3a8409a49
prevent further lockouts in smb_login
2016-12-06 21:53:08 -05:00
3d09e283cf
module ready
2016-12-02 22:03:23 -05:00
4a35f8449a
Fixed issue #7650 by matching Server header using regex as Wei suggested
...
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
2016-12-02 20:26:38 -06:00
35fdf1473b
Fixed issue #7650 where etherpad_duo_login module may crash
...
Add check for presence of Server header.
2016-12-02 18:07:18 -06:00
11906eb540
Fix issue #7645 where dolibarr_login module crashed
...
Add "res" (http response) when trying to retrieve the cookie
2016-12-01 15:38:26 -06:00
9325ef8d8f
Land #7573 , Add WP Symposium Plugin SQLI aux mod to steal credentials
2016-12-01 14:56:30 -06:00
6b5dba72d4
Update description
2016-12-01 14:55:16 -06:00
64bc029106
Fix Ruby style
2016-12-01 14:53:55 -06:00
90ec367a99
Add method to save creds to database
2016-12-01 14:52:51 -06:00
54684d31bd
Land #7641 , check_conn? fix for cisco_ssl_vpn
2016-11-30 21:14:19 -06:00
032312d40b
Properly check res
2016-11-30 21:03:29 -06:00
ec83a861c8
Fix issue #7640 where cisco SSL VPN not move despite server responded
...
Add the "return true" statement that was missing.
2016-11-30 16:25:13 -06:00
56505d2cc1
Resolve merge conflict
2016-11-30 14:33:23 -06:00
c70c3701c5
Fix #7628 , concrete5_member_list HTML parser
...
Fix #7628
2016-11-30 14:20:36 -06:00
530e9a9bc6
Land #7633 , fix dell_idrac to stop trying on a user after a valid login
2016-11-30 11:46:31 -06:00
afed1f465e
Fix issue 7632 where MSF keeps trying after success.
...
Thanks to Wei who suggested adding "return :next_user" after success.
2016-11-29 14:57:15 -06:00
1beeb99d44
Fix issue 7628, username extracted became garbled
...
Make the regular expression less aggressive.
2016-11-29 12:52:57 -06:00
c39c53b102
Prefer DefaultOptions to reregistering SSL option
2016-11-28 14:29:02 -06:00
8c54b0e5f4
Land #7622 , Fix check_conn? method in cisco_ironport_enum
2016-11-28 14:19:02 -06:00
777d5c1820
Fix check_conn? method in cisco_ironport_enum
2016-11-28 14:02:39 -06:00
f0b5b5a153
call store_loot once at the end
2016-11-28 20:28:36 +01:00
4eb109b22f
Land #7609 , set SSL to true by default for cisco_nac_manager_traversal
2016-11-28 11:30:41 -06:00
60210f57e9
Land #7505 , fixed some targets for cisco_asa_extrabacon
2016-11-27 22:19:45 -06:00
8824cc990a
Use Auxilliary Actions for different behaviors.
2016-11-26 13:04:04 -06:00
0935d31de1
Changed print_status to print_good
...
Changed line 315 print type to good instead of the general status indication, so that the result output is easier to see.
2016-11-25 16:54:58 -06:00
c286c708d9
Print file contents
...
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
2016-11-25 15:57:37 -06:00
efa191dd10
fixed some spacing
2016-11-25 11:50:56 -05:00
00d9e69a98
potential double fix for #7582
2016-11-24 12:14:09 -05:00
ec020e3d07
Land #7611 , cisco_ironport_enum falsely claimed connection failed
...
Fixes #7610
2016-11-24 09:54:09 -06:00
fd11e7c4df
modified it as recommended (@brandonprry) and added Module Documentation
2016-11-24 10:36:32 +01:00
65b858ac06
Fix issue 7610, cisco_ironport_enum falsely claimed connection failed.
...
Make sure we return 1 in check_conn method.
2016-11-23 14:59:07 -06:00
b7ae7a47be
Fix issue #7608 where the SSL option was not turned on by default
...
Set the SSL option to be on by default.
2016-11-23 14:45:42 -06:00
0df3e17e0c
Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error.
...
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
2016-11-23 09:56:27 -06:00
372cf740da
saving before changing branches
2016-11-21 22:06:20 -05:00
83a3a4e348
Fix #7463 , check nil return value when using redis_command
...
Fix #7463
2016-11-21 15:52:12 -06:00
6f8660f345
Land #7586 , NameError fix for brute_dirs
2016-11-21 14:46:19 -06:00
c8320d661f
Land #7590 , mixin order fix for buffalo_login
2016-11-21 13:57:27 -06:00
90d360a592
Fix the issue 7589, both RHOST and RHOSTS options are quired
...
Thanks to Will who found it's due to the order of mixin.
2016-11-21 11:06:32 -06:00
18b873be47
Fix the exception issue reported in issue #7585
...
Fix the exception by initialize a key variable that caused the exception.
2016-11-21 10:00:23 -06:00
0504cae21f
Land #7536 , fix get_ipv4_addr(@interface) usage
2016-11-21 01:09:05 -06:00
05e59bbe19
non-working copy of varnish
2016-11-19 22:09:19 -05:00
774d363220
direct copy
2016-11-18 16:43:53 -05:00
6a35b366bc
Land #7577 , URPORT fix
2016-11-18 14:41:10 -06:00
00e4a8881f
Land #7574 , Update open_proxy aux module
2016-11-18 11:41:43 -06:00
d3adfff663
Change syntax
2016-11-18 11:41:04 -06:00
f894b9a4c5
Fix typo
2016-11-18 11:39:26 -06:00
8d1c718873
Land #7572 , wireshark dos typos
...
Lands mcantoni's pr for fixing typos in the
wireshark dos modules
2016-11-18 11:01:32 -06:00
22d70ddd09
Fix #7455 , handle the URIPORT option properly in is_uxss_injection
...
Fix #7455
2016-11-17 15:50:35 -06:00
abddeb5cd2
Land 7473, add censys search module
2016-11-17 13:44:00 -06:00
f2b9498643
Land #7576 , Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal
2016-11-17 13:06:29 -06:00
c03f35ef13
Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb
...
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
2016-11-17 10:08:59 -06:00
c9b9be9328
Update open_proxy aux module
2016-11-17 15:44:03 +01:00
b3b89a57b5
Add WordPress Symposium Plugin SQL Injection module
2016-11-17 15:04:53 +01:00
30f7006b5b
Fixed typos of an old commit
2016-11-17 14:39:33 +01:00
f50e609d12
Land #7556 , Prevent psexec_command from dying when one host errors
2016-11-15 12:17:01 -06:00
e5d3289c18
Fix name for exception
2016-11-15 12:14:58 -06:00
3fd3bbdfb6
Added comments, removed uneccesary code
2016-11-13 23:22:15 +01:00
b377cd8fa3
Allegrosoft rompager auth bypass auxiliary module
2016-11-13 10:39:26 +01:00
juushya
Craig Smith
wchen-r7
William Vu
James Barnett
h00die
bwatters-r7
Jan-Erik Rediger
jvoisin
jvoisin
Brent Cook
Jeffrey Martin
aushack
jakxx
James Lee
Christian Mehlmauer
Spencer McIntyre
Carter
MatToufoutu
Pearce Barry
Pedro Ribeiro
Joe Testa
Louis Sato
Jin Qian
dmohanty-r7
Brent Cook
j91321
Jon Hart
jinq102030
Rich Whitcroft
Cantoni Matteo
jjarmoc
John Q. Public
David Maloney
Brian Patterson