f0a1e12a7e
small typos
2017-03-29 15:30:35 -06:00
ffa376c514
added MS17-010 auxiliary detection module
2017-03-29 14:33:02 -06:00
a571bcdba4
update module description
2017-03-29 13:58:36 -05:00
418e371e35
add SMB2 login scanner and module
...
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity
MS-2557
2017-03-29 11:36:33 -05:00
30896d1fab
Add Cambium ePMP Arbitrary Command Execution Module
2017-03-28 00:17:36 +05:30
66a585ab41
Land #8050 , Add Cambium ePMP System Hash Dumper
2017-03-27 12:08:53 -05:00
935c59306b
Land #7897 , Add Cambium ePMP 1000 Device Configuration file dumper
2017-03-27 12:05:11 -05:00
d705949b37
Land #7784 , Cambium ePMP 1000 Login Scanner
2017-03-27 12:01:56 -05:00
dd7cf39678
updated references
2017-03-25 12:31:08 +05:30
63d88c159a
updated references
2017-03-25 12:27:38 +05:30
fd5e25bcc2
restored version check
2017-03-25 12:08:00 +05:30
2200c9faee
Create moxa_discover.rb
2017-03-22 10:49:26 -04:00
7bcd53d87d
Land #8079 , exploit and aux for dnaLims
2017-03-20 11:08:05 -04:00
fd5345a869
updates per pr
2017-03-20 10:40:43 -04:00
aa1e76f28e
Land #8128 , ensure there is a response before deferencing
2017-03-19 22:17:31 -05:00
f88a522bf5
fix #8121
2017-03-18 14:50:24 -04:00
06e6a973ce
land #7944 a scanner for Carlo Gavazzi energy meters
2017-03-18 10:35:43 -04:00
a1d7748d82
Fix #8061 , Handle ::Errno::ECONNRESET in telnet_version
...
Fix #8061
2017-03-15 16:33:37 -05:00
8afe6a9061
Update easy_file_sharing_ftp and add documentation
2017-03-15 16:14:41 -05:00
cf8b4a78fa
Bring branch up to date with upstream-master
2017-03-14 16:48:33 -05:00
183be81ba8
Easy File Sharing FTP Server Directory Traversal
2017-03-08 17:59:27 +02:00
0b5da60564
Added nil check + formatting edits
2017-03-07 02:17:21 +05:30
d99d81992f
Added nil check + formatting edits
2017-03-07 02:16:01 +05:30
05efb61d3b
Added nil check + formatting edits
2017-03-07 02:14:18 +05:30
62b0efd99d
Added nil check + formatting edits
2017-03-07 01:44:23 +05:30
9a5ab604e5
Added nil check + formatting edits
2017-03-07 01:21:07 +05:30
2d8e3c73f5
Minor edits
2017-03-07 00:20:05 +05:30
3ab214e758
Minor edits
2017-03-07 00:03:24 +05:30
e8460c3b94
Minor edit
2017-03-03 02:37:20 +05:30
fafd35330d
Add epmp1000 dump hashes module
2017-03-03 02:22:34 +05:30
c6e65b1521
Minor edits
2017-03-03 02:00:19 +05:30
6bd09c142f
Minor edits
2017-03-03 00:53:17 +05:30
c9a354b844
Added nil checks
2017-03-01 20:18:51 +05:30
69c7b0168c
Restore USERNAME and PASSWORD options for owa_login
...
Requested by our own pentesters, the username & password options
should be restored so users can more easily try one password but
multiple users.
2017-02-27 15:04:06 -06:00
43550b8cdf
fixing line length
2017-02-23 19:55:23 -05:00
041238f77c
land #7896 Binom3 power meter scanner and brute
2017-02-23 19:49:50 -05:00
73eed104a9
Take into account @h00die's comments.
2017-02-20 13:22:20 +01:00
7bd6aff1cf
Add a sploit for CVE-2017-5982
2017-02-19 21:57:27 +01:00
e4c324c988
Land #7941 , treat a user with no mailbox as a valid credential anyway
2017-02-17 17:09:57 -06:00
e6bfbb7c78
Added random cookie gen, res checks, & minor updates
2017-02-12 16:55:11 +05:30
906ca6c24e
Add Carlo Gavazzi module
2017-02-11 11:18:43 +05:30
94a234e5bf
Specify sname as http/https to keep with standards throughout the code.
2017-02-10 17:31:08 -06:00
58779f0aaf
owa_login no mailbox bugfix
...
The owa_login module currently misses a success condition where the
creds are valid but there is no mailbox setup. This commit adds the
check for the condition for OWA 2013.
2017-02-09 21:35:58 -05:00
4a9a8adaa1
Land #7928 , http_version now stores the fingerprints
2017-02-09 16:28:51 -06:00
4f13bde471
Override `empty?` for the weird ones
...
Fixes #7899
2017-02-09 14:57:20 -06:00
8ade9b8aae
Land #7905 , WordPress content injection module
2017-02-09 15:49:50 +01:00
cf395ea7b1
Make error checks more consistent
2017-02-08 18:00:44 -06:00
0d56676690
Add error check for listing posts
2017-02-08 17:13:12 -06:00
766e7b013d
Once more, with feeling
2017-02-08 09:17:37 -06:00
a71b097e6b
Revert status iteration, since it doesn't work
...
Also.
2017-02-08 09:13:42 -06:00
6b2a995a7d
Revert AutoPublish, since it doesn't work
...
Apparently.
2017-02-08 07:43:17 -06:00
df38a91fbd
Be nice and parse JSON for the error
2017-02-08 07:37:09 -06:00
befe224c58
Use wordpress_and_online? before actions
2017-02-08 07:24:57 -06:00
46ab03f528
Add SearchTerm to filter listed posts
2017-02-08 06:10:46 -06:00
064420075f
Update diagnostics and print better header
2017-02-08 04:54:25 -06:00
6df55c9733
Gotta catch 'em (post statuses) all
2017-02-08 04:31:06 -06:00
7583d050b7
Add AutoPublish to publish updated posts
2017-02-08 04:01:42 -06:00
e480107bd5
Add PostCount (default 100) to list more posts
2017-02-08 03:52:20 -06:00
13f4b0d7ae
Be more specific with invalid post ID
2017-02-08 02:18:52 -06:00
6f4ff89218
Add WPVDB reference
2017-02-07 18:33:58 -06:00
96f7b2e245
http_version now store the fngerprints
...
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
2017-02-07 18:36:36 +01:00
b4056a110b
Print diagnostics if no posts found/given
2017-02-07 04:37:05 -06:00
e1ade9caf8
Land #7910 , closed ports fix for TCP portscan
2017-02-07 02:23:15 -06:00
f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password
2017-02-06 15:23:06 -05:00
8af966a132
Add WordPress content injection module
2017-02-06 04:40:26 -06:00
db77061719
do not add closed ports to database
2017-02-04 16:24:40 +01:00
d305f895ff
Fixed a typo space
2017-02-04 11:59:45 +05:30
36416c20cb
Updated check for extract fail case now + Minor edits
2017-02-04 03:00:31 +05:30
34b861403e
Minor updates
2017-02-04 01:44:18 +05:30
58a50d7dd1
Minor edits
2017-02-01 04:46:05 +05:30
6d6db2f40f
Add epmp1000 dump config module
2017-02-01 04:42:47 +05:30
20a51371ce
Minor Edits
2017-02-01 04:23:28 +05:30
423648e347
Minor edits
2017-02-01 03:53:14 +05:30
82d2777417
Minor update
2017-02-01 03:44:50 +05:30
59e31e26f2
Add Binom3 module
2017-02-01 03:35:35 +05:30
3c9b1be649
Land #7883 , Fix cisco_firepower_download to pass the username properly
2017-01-27 16:31:06 -06:00
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
171cc7d54e
slight wording tweak
2017-01-27 16:26:23 -06:00
e6de951e3e
Fix cisco_firepower_download to pass the username properly
2017-01-27 16:25:34 -06:00
a4dd1fc846
Land #7805 , Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-27 16:09:14 -06:00
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
b4d3e9da8d
This closes #7849 on the confusing message.
...
Use result.proof which has the right message. Thanks to Wei for pointing it
2017-01-19 15:39:10 -06:00
82ab4fc630
Update cisco_firepower_download module & documentation
2017-01-17 13:58:10 -06:00
7791c58d5c
rubocop check & msftidy run clean. Minor updates.
2017-01-17 01:10:39 +05:30
657c7444bf
rubocop check & msftidy clean. Few updates.
2017-01-17 00:17:57 +05:30
a687073416
Add Cisco Firepower Management Console LoginScanner
2017-01-13 16:59:20 -06:00
18347a8de7
Land #7774 , Fix pivoting of UDP sockets in scanners
2017-01-10 13:57:28 -06:00
8194603725
Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal
2017-01-09 14:39:37 -06:00
93168648b4
Minor update in description
2017-01-08 13:28:07 +05:30
4133a6fa97
Minor cleanup, msftidy check
2017-01-07 03:57:46 +05:30
5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
ba8394ecc1
Minor updates
2017-01-06 15:34:17 +05:30
39423a70a7
Add Meteocontrol Weblog Extract Admin password module
2017-01-06 15:20:41 +05:30
c5acda0a22
Fixed the file permissions
2017-01-05 04:40:41 +05:30
c15b77c31b
Add Cambium ePMP 1000 Login Scanner module
2017-01-05 04:19:32 +05:30
04a026e786
remove lies from module, this is a bound socket
2017-01-02 09:47:18 -06:00
fdca963b61
check if the socket exists before closing
2016-12-30 14:59:31 -06:00
144f886e8b
Add LoginScanner module for BAVision IP cameras
2016-12-23 16:22:17 -06:00
0589948a73
Remove other rhost (oops) and fail_with
2016-12-23 16:10:21 -06:00
da9ea0b85c
Change the PCRE.
2016-12-16 15:41:10 -06:00
f74fd9e5dd
Land #7672 , support LOCKED_OUT and DISABLED login status
2016-12-16 15:11:05 -06:00
378d8aea36
Merge pull request #7697 from h00die/fix_colorado
...
Fix ftp traversal error conditions
2016-12-16 13:51:15 -06:00
b5beb2eb93
throw errors
2016-12-12 21:48:08 -05:00
2dca7c871b
applying #7582 to all ftp aux traversals
2016-12-10 16:05:09 -05:00
f0dca7abbf
Land #7692 , print_error for error_sql_injection
2016-12-09 17:09:52 -06:00
2b0bce6459
Land #7690 , drupal_views_user_enum user count fix
2016-12-09 16:55:01 -06:00
4e235be484
Ensure a trailing slash for base_uri
...
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
2016-12-09 16:53:58 -06:00
8780c325a7
Fixed issues #7691 , silent exit.
...
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
2016-12-09 16:20:44 -06:00
77dd952370
Land #7592 , check nil return value when using redis_command
2016-12-09 16:07:12 -06:00
17c12a78f5
Fixed issue #7689 , count of found users not accurate
...
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
2016-12-09 15:19:43 -06:00
7e0b224eb2
Make ABORT_ON_LOCKOUT non default
2016-12-08 15:07:53 -06:00
0110b97fa2
Fix #7671 , support LOCKED_OUT and DISABLED login status
...
This allows login scanner modules to skip a user if it is
locked out, or disabled.
Fix #7671
2016-12-07 16:49:16 -06:00
d3a8409a49
prevent further lockouts in smb_login
2016-12-06 21:53:08 -05:00
3d09e283cf
module ready
2016-12-02 22:03:23 -05:00
4a35f8449a
Fixed issue #7650 by matching Server header using regex as Wei suggested
...
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
2016-12-02 20:26:38 -06:00
35fdf1473b
Fixed issue #7650 where etherpad_duo_login module may crash
...
Add check for presence of Server header.
2016-12-02 18:07:18 -06:00
11906eb540
Fix issue #7645 where dolibarr_login module crashed
...
Add "res" (http response) when trying to retrieve the cookie
2016-12-01 15:38:26 -06:00
54684d31bd
Land #7641 , check_conn? fix for cisco_ssl_vpn
2016-11-30 21:14:19 -06:00
032312d40b
Properly check res
2016-11-30 21:03:29 -06:00
ec83a861c8
Fix issue #7640 where cisco SSL VPN not move despite server responded
...
Add the "return true" statement that was missing.
2016-11-30 16:25:13 -06:00
56505d2cc1
Resolve merge conflict
2016-11-30 14:33:23 -06:00
c70c3701c5
Fix #7628 , concrete5_member_list HTML parser
...
Fix #7628
2016-11-30 14:20:36 -06:00
530e9a9bc6
Land #7633 , fix dell_idrac to stop trying on a user after a valid login
2016-11-30 11:46:31 -06:00
afed1f465e
Fix issue 7632 where MSF keeps trying after success.
...
Thanks to Wei who suggested adding "return :next_user" after success.
2016-11-29 14:57:15 -06:00
1beeb99d44
Fix issue 7628, username extracted became garbled
...
Make the regular expression less aggressive.
2016-11-29 12:52:57 -06:00
c39c53b102
Prefer DefaultOptions to reregistering SSL option
2016-11-28 14:29:02 -06:00
8c54b0e5f4
Land #7622 , Fix check_conn? method in cisco_ironport_enum
2016-11-28 14:19:02 -06:00
777d5c1820
Fix check_conn? method in cisco_ironport_enum
2016-11-28 14:02:39 -06:00
4eb109b22f
Land #7609 , set SSL to true by default for cisco_nac_manager_traversal
2016-11-28 11:30:41 -06:00
0935d31de1
Changed print_status to print_good
...
Changed line 315 print type to good instead of the general status indication, so that the result output is easier to see.
2016-11-25 16:54:58 -06:00
c286c708d9
Print file contents
...
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
2016-11-25 15:57:37 -06:00
efa191dd10
fixed some spacing
2016-11-25 11:50:56 -05:00
00d9e69a98
potential double fix for #7582
2016-11-24 12:14:09 -05:00
ec020e3d07
Land #7611 , cisco_ironport_enum falsely claimed connection failed
...
Fixes #7610
2016-11-24 09:54:09 -06:00
65b858ac06
Fix issue 7610, cisco_ironport_enum falsely claimed connection failed.
...
Make sure we return 1 in check_conn method.
2016-11-23 14:59:07 -06:00
b7ae7a47be
Fix issue #7608 where the SSL option was not turned on by default
...
Set the SSL option to be on by default.
2016-11-23 14:45:42 -06:00
0df3e17e0c
Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error.
...
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
2016-11-23 09:56:27 -06:00
372cf740da
saving before changing branches
2016-11-21 22:06:20 -05:00
83a3a4e348
Fix #7463 , check nil return value when using redis_command
...
Fix #7463
2016-11-21 15:52:12 -06:00
6f8660f345
Land #7586 , NameError fix for brute_dirs
2016-11-21 14:46:19 -06:00
c8320d661f
Land #7590 , mixin order fix for buffalo_login
2016-11-21 13:57:27 -06:00
90d360a592
Fix the issue 7589, both RHOST and RHOSTS options are quired
...
Thanks to Will who found it's due to the order of mixin.
2016-11-21 11:06:32 -06:00
18b873be47
Fix the exception issue reported in issue #7585
...
Fix the exception by initialize a key variable that caused the exception.
2016-11-21 10:00:23 -06:00
05e59bbe19
non-working copy of varnish
2016-11-19 22:09:19 -05:00
774d363220
direct copy
2016-11-18 16:43:53 -05:00
00e4a8881f
Land #7574 , Update open_proxy aux module
2016-11-18 11:41:43 -06:00
d3adfff663
Change syntax
2016-11-18 11:41:04 -06:00
f894b9a4c5
Fix typo
2016-11-18 11:39:26 -06:00
f2b9498643
Land #7576 , Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal
2016-11-17 13:06:29 -06:00
c03f35ef13
Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb
...
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
2016-11-17 10:08:59 -06:00
c9b9be9328
Update open_proxy aux module
2016-11-17 15:44:03 +01:00
5c065459ae
print_{good,error} more specifically in open_x11
2016-10-31 11:29:00 -05:00
9672759be8
Land #7462 , Add support for Unicode domains
2016-10-26 16:47:09 -05:00
342bfd628a
Dont' set default PORTS or PROBE options. Require user configuration.
2016-10-25 15:58:46 -05:00
2a18ea0e33
Initial commit of generic module for detecting UDP amplification vulnerabilities
2016-10-25 15:58:46 -05:00
7f65b28483
Deprecate udp_probe in favor of udp_sweep
2016-10-23 13:06:58 -07:00
b5a41c3011
Convert ANSI data to UTF-8 char by char because MS might
...
put an invalid character in the WORKGROUP name during SMB
handshake
2016-10-19 17:42:26 -05:00
2668a4a1cd
Fix #6993 , tnspoison_checker cleanup
2016-10-19 00:53:33 -05:00
8e2ff8df80
Land #7433 , Add IP Addresses to HTTP PUT/DELETE scanner output
2016-10-14 13:27:17 -05:00
9fbe1ddd9d
Land #7384 , CVE-2016-6415 - Cisco IKE Information Disclosure
2016-10-14 08:41:34 -05:00
b74539be44
check if isakmp payload is same to IKE Leak data
2016-10-13 04:20:23 -05:00
7536d1d94a
print leak data
2016-10-12 02:42:50 -05:00
70d4833654
Fix report_vuln
2016-10-12 02:16:00 -05:00
98d7b19ab9
Passed IP parameter to additional functions.
2016-10-11 15:09:50 -05:00
acff0fa9cf
Added IP addresses to output.
2016-10-11 14:43:42 -05:00
f0ff4a0721
Added IP addresses to output.
2016-10-11 14:42:06 -05:00
3fd806b87f
Merge remote-tracking branch 'upstream/pr/6993' into land-6993
2016-10-11 09:33:26 -05:00
e074669406
Land #7296 , Added a SCADA module for detecting Profinet devices, e.g. Siemens controllers
2016-10-08 21:34:40 -05:00
2d361fabc6
No need to interpolate when using .to_s
2016-10-03 11:38:36 -04:00
95f9b778bd
Use standard status messages instead of verbose.
2016-10-03 11:01:51 -04:00
d088005d95
TABLE_NAME option not needed.
2016-10-03 10:58:13 -04:00
5f12c8e026
Incorrect warning message
...
The filename is not always test so the warning message and the note in the description are incorrect.
2016-10-03 10:57:25 -04:00
25996a16bb
Fixed file read block.
2016-10-03 10:47:03 -04:00
708eb0eb4f
Fixed syntax error.
2016-10-03 10:17:29 -04:00
fac03570d1
Use File.open block.
2016-10-03 10:09:45 -04:00
bc57537205
Add warning statement.
2016-10-03 10:07:40 -04:00
a627c3cd5e
Removed unnecessary return statements.
2016-10-03 10:02:26 -04:00
6fa8f40b31
Use unless instead of if (not ...)
2016-10-03 10:00:56 -04:00
3e01dbfded
Fixed Space-Tab mixed indent warning
2016-10-01 15:13:26 +05:30
4227cb76a8
Fixed stack trace bug & verified logic
...
- Fixed stack trace bug when value of "packet" is nill.
- Verified logic of Oracle TNS Listener poisoning which requires an ACCEPT response to be marked as vulnerable.
2016-10-01 15:01:02 +05:30
63c0b6f569
Login failure message.
2016-09-30 17:09:41 -04:00
7996c4b048
Warning about leaving files on disk.
2016-09-30 14:53:15 -04:00
3e4a23cdf6
Removed unnecessary require statement.
2016-09-30 14:51:43 -04:00
ac76c3591a
reference urls
2016-09-29 22:43:00 -05:00
5929d72266
CVE-2016-6415 - cisco_ike_benigncertain.rb
2016-09-29 22:25:57 -05:00
f7e588cdeb
Initial commit of module.
2016-09-28 14:55:32 -04:00
b9de73e803
Land #7334 , Add aux module to exploit WINDOWS based (java) Colorado
...
FTP server directory traversal
2016-09-26 14:15:23 -05:00
2fab62b14d
Update profinet_siemens.rb
...
Removed unnecessary rescue, gave "timeout" variable a better name.
2016-09-23 18:05:45 +02:00
a9a1146155
fix more ssh option hashes
2016-09-20 01:30:35 -05:00
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
06ff7303a6
make pubkey verifier work with old module
...
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together
7321
2016-09-19 15:20:35 -05:00
9c922d111f
colorado ftp
2016-09-18 20:03:16 -04:00
4ba1ed2e00
Fix formatting in fortinet_backdoor
...
Also add :config and :use_agent options.
2016-09-16 12:32:30 -05:00
26491eed1a
pass the public key in as a file instead of data
...
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this
7321
2016-09-16 11:48:51 -05:00
dfcd5742c1
some more minor fixes
...
some more minor fixes around broken
ssh modules
7321
2016-09-15 14:25:17 -05:00
e10c133eef
fix the exagrid exploit module
...
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used
7321
2016-09-15 11:44:19 -05:00
7352029497
first round of SSL damage fixes
2016-09-13 17:42:31 -05:00
245237d650
Land #7288 , Add LoginScannerfor Octopus Deploy server
2016-09-13 17:26:56 -05:00
8df8f7dda0
Initial commit of profinet_siemens.rb
2016-09-11 09:15:41 +02:00
a81f351cb3
Land #7274 , Remove deprecated modules
2016-09-09 12:01:59 -05:00
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
7632c74aba
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2016-09-07 14:15:57 +10:00
6e21684ff7
Fix typo.
2016-09-07 14:08:46 +10:00
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
fed2ed444f
Remove deprecated modules
...
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing
...
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
2016-08-31 14:27:18 -07:00
b21ea2ba3f
Added code to assign CPORT value to the parent scanner object
2016-08-29 13:17:10 -05:00
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
cd858a149f
Add DETECT_ANY_AUTH to make bogus login optional
2016-08-23 23:05:47 -05:00
20947cd6cd
remove old dependency on net-ssh moneykpatch
...
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
2016-08-22 10:54:09 -05:00
5f8ef6682a
Fix #7202 , Make print_brute print ip:rport if available
...
Fix #7202
2016-08-16 15:34:30 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b
2016-08-02 17:36:22 -07:00
cce1ae6026
Fix #6989 , scanner modules printing RHOST in progress messages
...
Fix #6989
2016-07-25 23:15:59 -05:00
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
128f802928
use the regex source when generating or displaying a regex
2016-07-11 22:05:50 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
159446ce92
Ensure http_login scanner module saves passwds.
...
Fixes #6983 . When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
6c3871bd0c
update ssh modules to use new SSHFactory
...
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH
MS-1688
2016-06-24 13:55:28 -05:00
5bc513d6cd
get ssh sessions working properly
...
ssh sessions now working correctly
MD-1688
2016-06-24 12:14:48 -05:00
3e94abe555
put net:ssh::commandstream back
...
this was apparently our own creation for doing
ssh sessions
MD-1688
2016-06-22 15:02:36 -05:00
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
0fa1fc50f8
Fixed false positive bug
...
Checking for "(ERROR_STACK=(ERROR=" is not enough to mark a target as vulnerable. TNS response packet bytes for "Accept" and "Refuse" are required to be sure.
Reference: https://thesprawl.org/research/oracle-tns-protocol/
2016-06-19 17:33:05 +05:30
c02a05f913
Removed code that was already commented out
2016-06-17 15:47:15 -05:00
1225a93179
Moved ClamAV scanner to scanning module
...
s
2016-06-17 15:40:33 -05:00
b0bf901b22
Land #6950 , avoid printing rhost:rport twice when using Msf::Exploit::Remote::SMB::Client
2016-06-09 16:35:09 -05:00
199ae04b57
fix more duplicate port/ip things
2016-06-09 16:26:41 -05:00
7143095b4b
Land #6947 , add auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum
2016-06-09 14:21:55 -05:00
207d92a125
Use scan to do regex capture
2016-06-09 11:07:00 -05:00
1b4a6a7981
Use the UDP mixin to it can cleanup properly
2016-06-09 11:04:50 -05:00
f0bb125556
Should be print_error
2016-06-08 14:22:36 -05:00
600704c053
Merge remote-tracking branch 'upstream/pr/6939'
2016-06-08 14:22:33 -05:00
52bcade72c
Fix #6948 , Modules using the SMB client are printing peer twice
...
Fix #6948
2016-06-08 12:16:50 -05:00
158176aa05
replaced "if !" on line 41 with "unless"
...
replaced "$1" on line 51 with "Regexp.last_match(1)
restructed the print statement on line 56 to more closely match suggestion
removed "self." from line 71
changed line 78 to loop for 2 seconds insetead of 1 second
2016-06-08 09:28:08 -04:00
f13d91f685
Fix a prob of printing an empty rhost from the scanner mixin
2016-06-07 19:19:39 -05:00
e8304e684c
Bring #6793 up to date with upstream-master
2016-06-07 19:04:32 -05:00
6ae4d1576e
Apply fixes to symantec_brightmail_ldapcreds.rb
2016-06-07 19:01:58 -05:00
75a34c4aca
added a new aux module to quickly scan for Jenkins servers on the local broadcast network by sending out a udp packet to port 33848 on the broadcast address. Any Jenkins server should respond with XML data containing the Jenkins server version.
2016-06-07 16:57:06 -04:00
9450906ca4
Correctly set Dummy param
2016-06-07 14:42:51 -05:00
f47128ccdd
Cleanup canon_irav_pwd_extract module
2016-06-07 14:31:37 -05:00
f034952852
Land #6918 , Added additional SAP TCP/IP ports into the sap_port_info function.
2016-06-03 08:01:04 -05:00
a15c79347b
Add canon printer credential harvest module
...
Praedasploit
2016-06-02 16:07:28 -05:00
98cfcc65ae
Added IP address to returned information.
...
This scanner module doesn't tell you the location of the found information. So when using the -R option to fill the RHOSTS all you get is a bunch of successful findings, however you won't know to which systems they belong.
2016-05-31 19:47:00 -07:00
504a94bf76
Technically, this is form auth, not http auth
2016-05-27 18:39:25 -05:00
14adcce8bf
Missed the HTTPUSERNAME fix
2016-05-27 18:37:04 -05:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
7f643a7b8d
Fix syntax error
2016-05-27 18:05:24 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
01a691a46c
Update sap_router_portscanner.rb
...
Added additional SAP TCP/IP ports for sap_port_info function.
ref: https://wiki.scn.sap.com/wiki/display/TCPIP/Services
2016-05-27 14:43:16 +01:00
3dfdf1d936
Land #6528 , tilde expansion and more for OptPath
2016-05-24 16:01:59 -05:00
48c25dd863
Remove need for expand_path in this module; normalize handles it now
2016-05-24 13:30:12 -07:00
3df4c38e82
Use correct key file var
2016-05-24 13:28:08 -07:00
b613dfefb4
Land #6896 , fix spelling in caidao_bruteforce_login
2016-05-19 21:54:06 -05:00
706d51389e
spelling fix
2016-05-19 19:30:18 -04:00
9c61490676
Fix some inconsistencies
...
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
92d07f74ff
Remove unnecessary double expand_path
2016-05-16 17:34:12 -07:00
8bccfef571
Fix merge conflict
2016-05-16 17:29:45 -07:00
9357a30725
remove duplicate key
2016-05-04 22:15:33 +02:00
be363411de
Land #6317 , Add delay(with jitter) option to auxiliary scanner and portscan modules
2016-05-02 13:09:40 -05:00
4a95e675ae
Rm empty references
2016-04-24 11:46:08 -05:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
f0d403124c
Update symantec_brightmail_ldapcreds.rb
2016-04-20 18:58:12 +02:00
cda104920e
delete telisca abuse
2016-04-20 17:09:13 +01:00
c322a4b314
added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-04-20 17:01:18 +01:00
5adf5be983
add symantec bright mail ldap creds
2016-04-20 16:05:24 +01:00
dfb2b95e46
Merge remote-tracking branch 'upstream/master'
...
Merge
2016-04-20 12:21:16 +01:00
99b4d0a2d5
remove more regex-style bool checks
2016-04-09 13:49:16 -05:00
af7eef231c
Fix a few issues with the SSL scanner
...
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.
Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
41b802a8a2
Clean up module
2016-04-01 13:54:27 -05:00
75ebd08153
Land #6731 , Add CVE-2015-7755 juniper backdoor
2016-03-31 17:30:38 -05:00
618f379488
Update auxiliary/scanner/redis/redis_server and mixin
2016-03-31 17:14:49 -05:00
4d76b0e6a5
Rm auxiliary/scanner/misc/redis_server
...
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
2e7d07ff53
Fix PASSWORD datastore option
2016-03-31 17:12:00 -05:00
545cb11736
Bring #6409 up to date with upstream-master
2016-03-31 17:00:56 -05:00
5fdea91e93
Change naming
2016-03-31 17:00:29 -05:00
f33e994050
Delete anything related to configuring/saving username
2016-03-31 16:56:54 -05:00
101775a5ba
Bring #6545 up to date with upstream-master
2016-03-30 16:07:24 -05:00
7fc2c860e9
remove comment
2016-03-29 21:26:36 -04:00
d35b5e9c2a
First add of CVE-2015-7755
2016-03-29 21:20:12 -04:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
9e7a330ac8
OptInt -> OptPort
2016-03-16 15:47:29 -05:00
af642379e6
Fix some OptInts
2016-03-16 14:13:18 -05:00
4e3a188f75
Land #6401 , EasyCafe server file retrieval module
2016-03-16 13:24:54 -04:00
9ac4ec4bfc
Update the class name to MetasploitModule
2016-03-16 13:22:06 -04:00
53f1338ad0
Update module to remove references to print peer
2016-03-16 13:10:39 -04:00
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
c12cc10416
change class Metasploit to MetasploitModule
2016-03-14 17:57:29 -04:00
zerosum0x0
David Maloney
juushya
William Webb
Patrick DeSantis
h00die
Brent Cook
wchen-r7
Ahmed Elhady Mohamed
jvoisin
jvoisin
James Barnett
jakxx
James Lee
Christian Mehlmauer
William Vu
MatToufoutu
Jin Qian
dmohanty-r7
Brent Cook
jinq102030
Rich Whitcroft
Pearce Barry
John Q. Public
Brendan
Cantoni Matteo
Jon Hart
nixawk
Alton J
Sonny Gonzalez
Stephen Haywood
Interference Security
Tijl Deneut
aushack
james-otten
Adam Compton
sho-luv
Bruno Morisson
h00die
Brian Patterson
Fakhir Karim Reda zirsalem
Spencer McIntyre
Adam Cammack
rwhitcroft