fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
e52e9c147d
First commit for Cisco Smart Install Scanner
2017-07-12 19:12:06 -07:00
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
05c72214ae
Land #8205 , Add Satel SenNet Command Exec Module
2017-06-25 18:01:44 -05:00
3b248c78f3
resurrect old example modules, integrate into module tree
2017-06-22 11:36:35 -05:00
47a659f554
Land #8185 , Convert ntp modules to bindata
2017-06-22 09:37:58 -05:00
ceba4e6d61
Add pointer to CDX API
2017-06-21 12:34:40 -05:00
c12056d242
Fix enum_wayback using CDX API
2017-06-21 12:29:15 -05:00
b82051757d
Add SurgeNews User Credentials scanner module
2017-06-17 01:49:47 +00:00
652e237131
add missing .to_binary_s calls
2017-06-16 13:39:04 -05:00
0e38823a8f
Add NNTP Login Utility scanner module
2017-06-15 20:25:40 +00:00
549f9e74d8
Fix AMT scanner for mangled HTML (no </p>)
...
Also stores proof using the correct :info for report_vuln (not :proof).
2017-06-14 16:54:32 -05:00
bb9d1a6768
Land #8507 , Riverbed SteelHead VCX file read
2017-06-12 10:39:48 -05:00
a349eb9a0d
fixes per peer review
2017-06-10 14:29:53 -04:00
aa00661fd0
Land #8518 , update CVE references where modules report_vuln
2017-06-08 13:38:12 -05:00
b932aae82e
reference typo fix
2017-06-06 11:50:07 -05:00
1558db375d
update CVE reference in where modules report_vuln
2017-06-05 16:36:44 -05:00
de86c5d991
add storing creds and loot name consistency
2017-06-04 17:46:43 -04:00
ea5db9a039
working module
2017-06-02 23:09:19 -04:00
e7fa4c2d06
Land #8504 , print_good for ipmi_dumphashes
2017-06-02 18:49:41 -05:00
34e9b2c04b
Change ipmi_dumphashes to have non-verbose output, ever
2017-06-02 14:27:21 -06:00
2924318ca5
update java_rmi_server modules with CVE
2017-06-02 12:59:48 -05:00
eebfd9b7f2
Switch to the mixin-provided SMB share enumeration methods
2017-05-26 17:02:06 -05:00
af4eafdf70
Updated module and doc
2017-05-24 06:33:08 +05:30
4def7ce6cc
Land #8327 , Simplify storing credentials
2017-05-18 16:49:01 -05:00
b2f69e9018
spelling
2017-05-15 21:11:19 -04:00
faf01ed5ef
Land #8353 , add aux scanner for Intel AMT digest bypass
2017-05-09 18:45:21 -05:00
f7ff840ef0
Add missing return, thanks bperry!
2017-05-08 14:08:59 -05:00
9392e48b72
Add a scanner for Intel AMT auth bypass (CVE-2017-5689)
2017-05-08 13:24:00 -05:00
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
635a7a42e6
Update style lotus_domino_hashes
2017-05-07 16:37:48 +10:00
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
1a402ed1d8
Add arch to smb_ms17_010 DOUBLEPULSAR detection
2017-04-26 20:59:13 -05:00
f8792956ee
fix one module for testing
2017-04-26 16:21:13 -05:00
55f01d3fc7
made the plugin less spammy with more vprintf
2017-04-24 13:33:05 -06:00
453ca6e3bf
added OS printing on vulnerable systems
2017-04-24 13:20:44 -06:00
a69aba0eab
added XOR Key calculation
2017-04-22 23:54:30 -06:00
8a77bf7b60
removed wrong comments
2017-04-21 08:27:13 -06:00
9fab64c60e
added references
2017-04-20 15:22:37 -06:00
dd12afd717
added DoublePulsar detection
2017-04-20 15:03:29 -06:00
942959f7e8
Land #8255 , fixes for smb_ms17_010
2017-04-17 11:38:34 -05:00
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
6f70efcfa1
add module documentation
2017-04-17 07:39:43 -05:00
b1c7f1302b
Fix report_vuln and prefer vprint_error
2017-04-17 02:48:56 -05:00
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
d75f852d01
Land #8167 , Add MS17-010 auxiliary detection module
2017-04-14 13:00:16 -05:00
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
adeb4d10d7
smb2 login scanner admin check now working
...
we can now check for admin privs in the smb2
login scanner
MS-2636
2017-04-13 14:40:32 -05:00
c867b7e228
Land #8204 , Add Cambian ePMP SNMP Configuration download
2017-04-11 10:59:13 -05:00
f7c8bd2464
add rescue for ::Rex::Proto::SMB::Exceptions::LoginError
2017-04-07 15:37:56 -06:00
e65eacce49
Add Satel SenNet Command Exec Module
2017-04-07 02:22:11 +05:30
3c189f0cb0
Adding Cambium SNMP Loot module
2017-04-07 01:32:45 +05:30
5f88971ca9
convert NTP modules to bindata
2017-04-04 02:57:38 -05:00
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
98ffa4d380
Land #7652 , add varnish cache CLI authentication scanner module
2017-04-02 21:52:45 -05:00
26fc6bc920
added report_vuln()
2017-04-01 21:48:19 -06:00
035f37cf42
Land #8144 , Add Moxa Device Discovery Scanner Module
2017-03-31 19:11:27 -05:00
f870f94fa9
Land #8163 , Add Cambium ePMP Arbitrary Command Execution
2017-03-31 19:06:19 -05:00
4bd50b0ad2
Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010
2017-03-30 10:10:08 -06:00
a125566fc7
removed unnecessary arguments
2017-03-30 10:09:31 -06:00
ef7de6d49e
added MSB to description, moved a print statement
2017-03-29 17:43:49 -06:00
68f5c0e663
removed a print statement
2017-03-29 16:24:59 -06:00
7e6b8b02b8
replaced magic constant with setup_count
2017-03-29 15:37:28 -06:00
9923c39799
removed superfluous status
2017-03-29 15:32:29 -06:00
f0a1e12a7e
small typos
2017-03-29 15:30:35 -06:00
ffa376c514
added MS17-010 auxiliary detection module
2017-03-29 14:33:02 -06:00
a571bcdba4
update module description
2017-03-29 13:58:36 -05:00
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
30896d1fab
Add Cambium ePMP Arbitrary Command Execution Module
2017-03-28 00:17:36 +05:30
66a585ab41
Land #8050 , Add Cambium ePMP System Hash Dumper
2017-03-27 12:08:53 -05:00
935c59306b
Land #7897 , Add Cambium ePMP 1000 Device Configuration file dumper
2017-03-27 12:05:11 -05:00
d705949b37
Land #7784 , Cambium ePMP 1000 Login Scanner
2017-03-27 12:01:56 -05:00
dd7cf39678
updated references
2017-03-25 12:31:08 +05:30
63d88c159a
updated references
2017-03-25 12:27:38 +05:30
fd5e25bcc2
restored version check
2017-03-25 12:08:00 +05:30
2200c9faee
Create moxa_discover.rb
2017-03-22 10:49:26 -04:00
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
aa1e76f28e
Land #8128 , ensure there is a response before deferencing
2017-03-19 22:17:31 -05:00
f88a522bf5
fix #8121
2017-03-18 14:50:24 -04:00
06e6a973ce
land #7944 a scanner for Carlo Gavazzi energy meters
2017-03-18 10:35:43 -04:00
a1d7748d82
Fix #8061 , Handle ::Errno::ECONNRESET in telnet_version
...
Fix #8061
2017-03-15 16:33:37 -05:00
8afe6a9061
Update easy_file_sharing_ftp and add documentation
2017-03-15 16:14:41 -05:00
cf8b4a78fa
Bring branch up to date with upstream-master
2017-03-14 16:48:33 -05:00
183be81ba8
Easy File Sharing FTP Server Directory Traversal
2017-03-08 17:59:27 +02:00
0b5da60564
Added nil check + formatting edits
2017-03-07 02:17:21 +05:30
d99d81992f
Added nil check + formatting edits
2017-03-07 02:16:01 +05:30
05efb61d3b
Added nil check + formatting edits
2017-03-07 02:14:18 +05:30
62b0efd99d
Added nil check + formatting edits
2017-03-07 01:44:23 +05:30
9a5ab604e5
Added nil check + formatting edits
2017-03-07 01:21:07 +05:30
2d8e3c73f5
Minor edits
2017-03-07 00:20:05 +05:30
3ab214e758
Minor edits
2017-03-07 00:03:24 +05:30
e8460c3b94
Minor edit
2017-03-03 02:37:20 +05:30
fafd35330d
Add epmp1000 dump hashes module
2017-03-03 02:22:34 +05:30
c6e65b1521
Minor edits
2017-03-03 02:00:19 +05:30
6bd09c142f
Minor edits
2017-03-03 00:53:17 +05:30
c9a354b844
Added nil checks
2017-03-01 20:18:51 +05:30
69c7b0168c
Restore USERNAME and PASSWORD options for owa_login
...
Requested by our own pentesters, the username & password options
should be restored so users can more easily try one password but
multiple users.
2017-02-27 15:04:06 -06:00
43550b8cdf
fixing line length
2017-02-23 19:55:23 -05:00
041238f77c
land #7896 Binom3 power meter scanner and brute
2017-02-23 19:49:50 -05:00
73eed104a9
Take into account @h00die's comments.
2017-02-20 13:22:20 +01:00
7bd6aff1cf
Add a sploit for CVE-2017-5982
2017-02-19 21:57:27 +01:00
e4c324c988
Land #7941 , treat a user with no mailbox as a valid credential anyway
2017-02-17 17:09:57 -06:00
e6bfbb7c78
Added random cookie gen, res checks, & minor updates
2017-02-12 16:55:11 +05:30
906ca6c24e
Add Carlo Gavazzi module
2017-02-11 11:18:43 +05:30
94a234e5bf
Specify sname as http/https to keep with standards throughout the code.
2017-02-10 17:31:08 -06:00
58779f0aaf
owa_login no mailbox bugfix
...
The owa_login module currently misses a success condition where the
creds are valid but there is no mailbox setup. This commit adds the
check for the condition for OWA 2013.
2017-02-09 21:35:58 -05:00
4a9a8adaa1
Land #7928 , http_version now stores the fingerprints
2017-02-09 16:28:51 -06:00
4f13bde471
Override `empty?` for the weird ones
...
Fixes #7899
2017-02-09 14:57:20 -06:00
8ade9b8aae
Land #7905 , WordPress content injection module
2017-02-09 15:49:50 +01:00
cf395ea7b1
Make error checks more consistent
2017-02-08 18:00:44 -06:00
0d56676690
Add error check for listing posts
2017-02-08 17:13:12 -06:00
766e7b013d
Once more, with feeling
2017-02-08 09:17:37 -06:00
a71b097e6b
Revert status iteration, since it doesn't work
...
Also.
2017-02-08 09:13:42 -06:00
6b2a995a7d
Revert AutoPublish, since it doesn't work
...
Apparently.
2017-02-08 07:43:17 -06:00
df38a91fbd
Be nice and parse JSON for the error
2017-02-08 07:37:09 -06:00
befe224c58
Use wordpress_and_online? before actions
2017-02-08 07:24:57 -06:00
46ab03f528
Add SearchTerm to filter listed posts
2017-02-08 06:10:46 -06:00
064420075f
Update diagnostics and print better header
2017-02-08 04:54:25 -06:00
6df55c9733
Gotta catch 'em (post statuses) all
2017-02-08 04:31:06 -06:00
7583d050b7
Add AutoPublish to publish updated posts
2017-02-08 04:01:42 -06:00
e480107bd5
Add PostCount (default 100) to list more posts
2017-02-08 03:52:20 -06:00
13f4b0d7ae
Be more specific with invalid post ID
2017-02-08 02:18:52 -06:00
6f4ff89218
Add WPVDB reference
2017-02-07 18:33:58 -06:00
96f7b2e245
http_version now store the fngerprints
...
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
2017-02-07 18:36:36 +01:00
b4056a110b
Print diagnostics if no posts found/given
2017-02-07 04:37:05 -06:00
e1ade9caf8
Land #7910 , closed ports fix for TCP portscan
2017-02-07 02:23:15 -06:00
f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password
2017-02-06 15:23:06 -05:00
8af966a132
Add WordPress content injection module
2017-02-06 04:40:26 -06:00
db77061719
do not add closed ports to database
2017-02-04 16:24:40 +01:00
d305f895ff
Fixed a typo space
2017-02-04 11:59:45 +05:30
36416c20cb
Updated check for extract fail case now + Minor edits
2017-02-04 03:00:31 +05:30
34b861403e
Minor updates
2017-02-04 01:44:18 +05:30
58a50d7dd1
Minor edits
2017-02-01 04:46:05 +05:30
6d6db2f40f
Add epmp1000 dump config module
2017-02-01 04:42:47 +05:30
20a51371ce
Minor Edits
2017-02-01 04:23:28 +05:30
423648e347
Minor edits
2017-02-01 03:53:14 +05:30
82d2777417
Minor update
2017-02-01 03:44:50 +05:30
59e31e26f2
Add Binom3 module
2017-02-01 03:35:35 +05:30
3c9b1be649
Land #7883 , Fix cisco_firepower_download to pass the username properly
2017-01-27 16:31:06 -06:00
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
171cc7d54e
slight wording tweak
2017-01-27 16:26:23 -06:00
e6de951e3e
Fix cisco_firepower_download to pass the username properly
2017-01-27 16:25:34 -06:00
a4dd1fc846
Land #7805 , Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-27 16:09:14 -06:00
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
b4d3e9da8d
This closes #7849 on the confusing message.
...
Use result.proof which has the right message. Thanks to Wei for pointing it
2017-01-19 15:39:10 -06:00
82ab4fc630
Update cisco_firepower_download module & documentation
2017-01-17 13:58:10 -06:00
7791c58d5c
rubocop check & msftidy run clean. Minor updates.
2017-01-17 01:10:39 +05:30
657c7444bf
rubocop check & msftidy clean. Few updates.
2017-01-17 00:17:57 +05:30
a687073416
Add Cisco Firepower Management Console LoginScanner
2017-01-13 16:59:20 -06:00
18347a8de7
Land #7774 , Fix pivoting of UDP sockets in scanners
2017-01-10 13:57:28 -06:00
8194603725
Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-09 14:39:37 -06:00
93168648b4
Minor update in description
2017-01-08 13:28:07 +05:30
4133a6fa97
Minor cleanup, msftidy check
2017-01-07 03:57:46 +05:30
5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
ba8394ecc1
Minor updates
2017-01-06 15:34:17 +05:30
39423a70a7
Add Meteocontrol Weblog Extract Admin password module
2017-01-06 15:20:41 +05:30
c5acda0a22
Fixed the file permissions
2017-01-05 04:40:41 +05:30
c15b77c31b
Add Cambium ePMP 1000 Login Scanner module
2017-01-05 04:19:32 +05:30
04a026e786
remove lies from module, this is a bound socket
2017-01-02 09:47:18 -06:00
fdca963b61
check if the socket exists before closing
2016-12-30 14:59:31 -06:00
144f886e8b
Add LoginScanner module for BAVision IP cameras
2016-12-23 16:22:17 -06:00
0589948a73
Remove other rhost (oops) and fail_with
2016-12-23 16:10:21 -06:00
Brendan Coles
zerosum0x0
Christian Mehlmauer
William Vu
Brent Cook
g0tmi1k
Evgeny Naumov
Jon Hart
David Maloney
bwatters-r7
dmohanty-r7
William Webb
h00die
Jeffrey Martin
Dylan Davis
HD Moore
juushya
James Lee
darkbushido
zerosum0x0
Brent Cook
Patrick DeSantis
wchen-r7
Ahmed Elhady Mohamed
jvoisin
jvoisin
James Barnett
jakxx
MatToufoutu
Jin Qian