infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,194 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

4273 Commits (f53e7f84b88c9912aa3a90682f4211cdea4f2795)

Author SHA1 Message Date
Jeff Jarmoc 7a424784f8 Change default TLS Version to 1.0 
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts.  Changing default to reflect that.

Experience of others in #metasploit seems similar.
 2014-04-09 13:45:00 -05:00
Christian Mehlmauer fec089d88d
Land #3219, openssl_heartbleed XMPP fix from @natronkeltner 2014-04-09 20:42:55 +02:00
Christian Mehlmauer e2b50d3709
fix openssl_heardbleed 
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
 2014-04-09 20:39:33 +02:00
jvazquez-r7 5696e52fac Fix jabber to field 2014-04-09 13:48:45 -05:00
jvazquez-r7 28a471e446
Land #3221, @Firefart's fix for pop3 starttls 2014-04-09 13:31:45 -05:00
jvazquez-r7 bea810b5d6 Add jabber fix from @natronkeltner 2014-04-09 13:11:45 -05:00
jvazquez-r7 157fb5a905 Make title more searchable 2014-04-09 12:08:35 -05:00
jvazquez-r7 58f4a1c085 Usee loop do instead or while true 2014-04-09 11:48:45 -05:00
Tod Beardsley 76a9381b2a
Make the title of the Heartbleed module searchable 
Right now, the title does not actually tie the Heartbeat check to the
Heartbleed attack, so people searching strictly on module title are not
going to get a hit for this module.
 2014-04-09 11:03:01 -05:00
jvazquez-r7 bc36b9ebd6 Delete server side PoCs as referecences because don\'t apply here 2014-04-09 10:58:59 -05:00
jvazquez-r7 fd90203120 Change some variable names to make code reading easier 2014-04-09 10:56:50 -05:00
Christian Mehlmauer 899a7c9ea4
heartbleed bugfix for pop3 2014-04-09 17:51:44 +02:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 3849d1517f
Restore author credit 2014-04-09 09:42:39 -05:00
jvazquez-r7 e154d175e8 Add @hmoore-r7's heartbeat client side module 2014-04-09 09:38:11 -05:00
jvazquez-r7 8d38087a10 Fix case / when indention 2014-04-09 09:12:55 -05:00
Christian Mehlmauer 0e0fd20f88
Added RFC link 2014-04-09 15:19:29 +02:00
Christian Mehlmauer a0a5b9faa1
Fix heartbleed module 
-) incorrect length read
-) Parse TLS errors
 2014-04-09 15:08:24 +02:00
jvazquez-r7 a93e22b5c0
Land #3209, @Firefart's heartbleed's module fix 2014-04-09 06:38:06 -05:00
julianvilas 4e7c675f3c Fix typo, extraquote in message 2014-04-09 10:22:15 +02:00
Christian Mehlmauer cdfe333572
updated heartbleed module 
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
 2014-04-09 09:19:05 +02:00
William Vu dd69a9e5dd
Land #3206, OpenSSL Heartbleed infoleak 2014-04-08 20:12:00 -05:00
William Vu 5e314f2a7c
Fix outstanding issues 2014-04-08 20:11:28 -05:00
jvazquez-r7 a4e1d866e1 Favor nil? 2014-04-08 18:21:49 -05:00
jvazquez-r7 153e003e23 Do small fixes 2014-04-08 18:21:09 -05:00
jvazquez-r7 39aecb140a Use the datastore option 2014-04-08 16:55:08 -05:00
jvazquez-r7 496dd944e6 Add support for datastore TLSVERSION 2014-04-08 16:51:50 -05:00
jvazquez-r7 d51aa34437 Use Random generation Time as pointed by @Firefart 2014-04-08 16:46:15 -05:00
jvazquez-r7 d964243cc4 Move heartbeat length to a variable 2014-04-08 16:33:05 -05:00
jvazquez-r7 3d6c553efd Fix endianess 2014-04-08 16:29:31 -05:00
jvazquez-r7 373b05c5aa Minimize extensions in the Hello 2014-04-08 16:21:38 -05:00
jvazquez-r7 3254cce832 Align comment 2014-04-08 16:04:38 -05:00
jvazquez-r7 c20b71e7b6 Switch to vprint unless success 2014-04-08 16:03:38 -05:00
jvazquez-r7 7dbd690c99 Add new references 2014-04-08 16:01:06 -05:00
jvazquez-r7 a55579dd4a Fix references 2014-04-08 15:56:56 -05:00
jvazquez-r7 4004cd8f9a Allow hello data to grow dinamically 2014-04-08 15:52:39 -05:00
jvazquez-r7 b8e2c9fe42 Clean and fix @Firefart's code 2014-04-08 15:32:13 -05:00
jvazquez-r7 80bdbbed92 Solve conflict 2014-04-08 15:18:38 -05:00
Christian Mehlmauer 8c7debb81d
Added some comments and modified JABBER 2014-04-08 22:13:02 +02:00
jvazquez-r7 021da84459 Add authors and switch and's format 2014-04-08 15:10:27 -05:00
Christian Mehlmauer 9c053a5b91
Added additional protocols 2014-04-08 21:56:05 +02:00
jvazquez-r7 5f29026cb2 Complete @Firefart's module 2014-04-08 14:13:56 -05:00
Christian Mehlmauer ac0cafcca6
Initial commit for openssl Heartbleed bug 2014-04-07 21:15:54 +02:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
sinn3r 0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass 2014-04-07 11:11:55 -05:00
sinn3r 31dfae3a01 Follow the 100 columns per line guideline 2014-04-07 11:10:20 -05:00
sinn3r de242ecc00 Correct date format 
Hmm weird, msftidy didn't pick this up
 2014-04-07 11:09:27 -05:00
Spencer McIntyre 395f5beef8
Land #3178, http header scan module 2014-04-04 11:36:35 -04:00
Spencer McIntyre 2b6ae68cbf Minor modifications for http_header 2014-04-04 10:46:03 -04:00
jvazquez-r7 e2cbcf3c5d
Land #3179, @brandonprry AlienVault sqli aux module 2014-04-04 09:17:11 -05:00
jvazquez-r7 ff6105e55d Add check codes 2014-04-04 09:13:43 -05:00
Brandon Perry 44db611845 defaultoptions, not option 2014-04-04 05:55:35 -07:00
jvazquez-r7 6f14cd225d Do minor clean up 2014-04-03 23:22:44 -05:00
Christian Mehlmauer 253a1c1f87
Land #3180, EMC Cloud Tiering Appliance Unauthed XXE with root perms 2014-04-03 22:02:13 +02:00
Brandon Perry a57da00932 fix refs line 2014-04-03 14:07:00 -07:00
Brandon Perry 51f83fccde add some checks in vase the file wasn't retrievable 2014-04-03 14:04:05 -07:00
sinn3r 03559dedcd
Land #3187 - Changed OptString to OptRegexp 2014-04-03 14:52:59 -05:00
Christian Mehlmauer d995d84e91
Changed OptString to OptRegexp 2014-04-03 19:40:07 +02:00
Christian Mehlmauer b4aa08251f
changed option from string to regex 2014-04-03 19:34:40 +02:00
Brandon Perry e2ded663a6 make more robust 2014-04-03 06:15:09 -07:00
Brandon Perry 53b8148438 make more random 2014-04-03 05:52:35 -07:00
Brandon Perry 77b64ee77d make more random 2014-04-03 05:41:00 -07:00
Christian Mehlmauer a4adfac312
Added feedback for http_header module 2014-04-02 23:01:23 +02:00
Brandon Perry 75dc4c459b msftidy 2014-04-02 13:22:21 -07:00
Brandon Perry bb82277a41 msftidy 2014-04-02 13:20:13 -07:00
Brandon Perry abc0b31f26 exploithub wat 2014-04-02 13:18:48 -07:00
Brandon Perry 765657d55a alienvault module 2014-04-02 13:09:46 -07:00
Brandon Perry d3f353118a edb update 2014-04-02 13:06:54 -07:00
Brandon Perry 32cd846fe4 emc cta xxe module 2014-04-02 13:05:53 -07:00
Christian Mehlmauer 69192edd4b
Added new http_header module 2014-04-02 22:04:54 +02:00
coma 149948485a Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues 2014-04-01 12:28:41 -07:00
William Vu c37dbd104a
Clean up perms and whitespace for owa_login 2014-04-02 01:45:15 -05:00
Tod Beardsley 2972220f60
Land #3047 for real. 
Merge branch 'land-3047-really' into upstream-master
 2014-04-01 13:16:13 -05:00
Spencer McIntyre dfec2eb53f Cleanup an expression and avoid fail_with 2014-03-31 18:05:20 -04:00
Spencer McIntyre 07e04717c2 Allow using a single URI and/or a list of URIs 2014-03-31 18:05:20 -04:00
Joshua Smith b21d5c1801 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-31 18:05:20 -04:00
Spencer McIntyre 5e9e7e15c8 Return whether result is nil or not. 2014-03-31 18:05:20 -04:00
Spencer McIntyre 0ac112b5e7 Support checking a single URI for ntlm information. 2014-03-31 18:05:19 -04:00
Tod Beardsley 6474c7be5c
Land #3166 and also #3167 
[Closes #3167]
 2014-03-31 16:21:07 -05:00
William Vu 3b6d73420e
Fix syntax error in dns_amp 2014-03-31 16:18:49 -05:00
William Vu d9df2fbf08
Land #3158, msftidy rank check for aux modules 2014-03-31 15:17:30 -05:00
Joshua Smith 159bc264a4 unretards the uri normalize loop 2014-03-31 15:58:21 -04:00
Joshua Smith 2290249a42 uses fail_with to bomb out on datastore probs 2014-03-31 15:52:05 -04:00
Joshua Smith 4f121e3e03 fixes if-logic for error condition 2014-03-31 15:38:05 -04:00
Tod Beardsley 894bbcae97
More fix-up on the DNS amplication scanner 2014-03-31 14:37:10 -05:00
Tod Beardsley 4d597174d0
Merge up from upstream/master 2014-03-31 14:33:28 -05:00
William Vu 387da26f8d
Land #3159, HP LaserJet printer SNMP enumeration 2014-03-31 12:48:23 -05:00
William Vu c6ceb8cdfd
Land #2929, DNS recursion amplification scanner 2014-03-31 12:47:46 -05:00
William Vu aaa15d13d9
Land #2928, extended SMTP open relay checks 2014-03-31 12:47:10 -05:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release 
There may be more coming, but if not, this should cover
this week's minor style changes.
 2014-03-31 12:42:19 -05:00
Joshua Smith 2530fb9741 adds the return back in (forgot in prev commit) 2014-03-28 19:27:04 -04:00
Joshua Smith dc4b8461e8 unbreaks & DRYs my previous change. 2014-03-28 19:15:38 -04:00
Matteo Cantoni c559a6b39f fix description 
(cherry picked from commit 7c860b9553)
 2014-03-28 17:36:21 -05:00
Matteo Cantoni ae53d75cdb Module to HP LaserJet Printer SNMP Enumeration 
(cherry picked from commit f18fef1864)
 2014-03-28 17:36:21 -05:00
William Vu 2344a9368e
Fix warnings generated by #3158 
Keeping ManualRanking for DoS modules.
 2014-03-31 12:35:15 -05:00
jvazquez-r7 9374777da1
Land #2996, @mcantoni's jboss status aux module 2014-03-28 16:07:08 -05:00
jvazquez-r7 7689751c10 Module module location 2014-03-28 16:05:37 -05:00
jvazquez-r7 e3ec0e7624 Clean up jboss_status module 2014-03-28 16:04:43 -05:00
William Vu 5458200434
Fix a couple minor annoyances in PJL 2014-03-28 02:19:30 -05:00
William Vu c1fdc4d945
Fix a couple things that were bugging me 2014-03-28 02:15:38 -05:00