Commit Graph

2059 Commits (f8e64dba84c342511100149205cb1b0a4debd8e5)

Author SHA1 Message Date
Jin Qian 8780c325a7 Fixed issues #7691, silent exit.
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
2016-12-09 16:20:44 -06:00
Jin Qian 17c12a78f5 Fixed issue #7689, count of found users not accurate
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
2016-12-09 15:19:43 -06:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash
Add check for presence of Server header.
2016-12-02 18:07:18 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed
Add "res" (http response) when trying to retrieve the cookie
2016-12-01 15:38:26 -06:00
William Vu 54684d31bd
Land #7641, check_conn? fix for cisco_ssl_vpn 2016-11-30 21:14:19 -06:00
William Vu 032312d40b Properly check res 2016-11-30 21:03:29 -06:00
Jin Qian ec83a861c8 Fix issue #7640 where cisco SSL VPN not move despite server responded
Add the "return true" statement that was missing.
2016-11-30 16:25:13 -06:00
wchen-r7 56505d2cc1 Resolve merge conflict 2016-11-30 14:33:23 -06:00
wchen-r7 c70c3701c5 Fix #7628, concrete5_member_list HTML parser
Fix #7628
2016-11-30 14:20:36 -06:00
wchen-r7 530e9a9bc6
Land #7633, fix dell_idrac to stop trying on a user after a valid login 2016-11-30 11:46:31 -06:00
Jin Qian afed1f465e Fix issue 7632 where MSF keeps trying after success.
Thanks to Wei who suggested adding "return :next_user" after success.
2016-11-29 14:57:15 -06:00
Jin Qian 1beeb99d44 Fix issue 7628, username extracted became garbled
Make the regular expression less aggressive.
2016-11-29 12:52:57 -06:00
William Vu c39c53b102 Prefer DefaultOptions to reregistering SSL option 2016-11-28 14:29:02 -06:00
Pearce Barry 8c54b0e5f4
Land #7622, Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:19:02 -06:00
William Vu 777d5c1820 Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:02:39 -06:00
wchen-r7 4eb109b22f
Land #7609, set SSL to true by default for cisco_nac_manager_traversal 2016-11-28 11:30:41 -06:00
John Q. Public c286c708d9 Print file contents
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
2016-11-25 15:57:37 -06:00
Pearce Barry ec020e3d07
Land #7611, cisco_ironport_enum falsely claimed connection failed
Fixes #7610
2016-11-24 09:54:09 -06:00
Jin Qian 65b858ac06 Fix issue 7610, cisco_ironport_enum falsely claimed connection failed.
Make sure we return 1 in check_conn method.
2016-11-23 14:59:07 -06:00
Jin Qian b7ae7a47be Fix issue #7608 where the SSL option was not turned on by default
Set the SSL option to be on by default.
2016-11-23 14:45:42 -06:00
Jin Qian 0df3e17e0c Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error.
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
2016-11-23 09:56:27 -06:00
William Vu 6f8660f345
Land #7586, NameError fix for brute_dirs 2016-11-21 14:46:19 -06:00
William Vu c8320d661f
Land #7590, mixin order fix for buffalo_login 2016-11-21 13:57:27 -06:00
Jin Qian 90d360a592 Fix the issue 7589, both RHOST and RHOSTS options are quired
Thanks to Will who found it's due to the order of mixin.
2016-11-21 11:06:32 -06:00
Jin Qian 18b873be47 Fix the exception issue reported in issue #7585
Fix the exception by initialize a key variable that caused the exception.
2016-11-21 10:00:23 -06:00
wchen-r7 d3adfff663 Change syntax 2016-11-18 11:41:04 -06:00
wchen-r7 f894b9a4c5 Fix typo 2016-11-18 11:39:26 -06:00
Cantoni Matteo c9b9be9328 Update open_proxy aux module 2016-11-17 15:44:03 +01:00
Alton J 98d7b19ab9 Passed IP parameter to additional functions. 2016-10-11 15:09:50 -05:00
Alton J acff0fa9cf Added IP addresses to output. 2016-10-11 14:43:42 -05:00
Alton J f0ff4a0721 Added IP addresses to output. 2016-10-11 14:42:06 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available
Fix #7202
2016-08-16 15:34:30 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 128f802928 use the regex source when generating or displaying a regex 2016-07-11 22:05:50 -05:00
Pearce Barry 159446ce92 Ensure http_login scanner module saves passwds.
Fixes #6983.  When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
wchen-r7 f13d91f685 Fix a prob of printing an empty rhost from the scanner mixin 2016-06-07 19:19:39 -05:00
wchen-r7 e8304e684c
Bring #6793 up to date with upstream-master 2016-06-07 19:04:32 -05:00
wchen-r7 6ae4d1576e Apply fixes to symantec_brightmail_ldapcreds.rb 2016-06-07 19:01:58 -05:00
sho-luv 98cfcc65ae Added IP address to returned information.
This scanner module doesn't tell you the location of the found information. So when using the -R option to fill the RHOSTS all you get is a bunch of successful findings, however you won't know to which systems they belong.
2016-05-31 19:47:00 -07:00
wchen-r7 504a94bf76 Technically, this is form auth, not http auth 2016-05-27 18:39:25 -05:00
wchen-r7 14adcce8bf Missed the HTTPUSERNAME fix 2016-05-27 18:37:04 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 7f643a7b8d Fix syntax error 2016-05-27 18:05:24 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
2016-05-27 16:25:42 -05:00
h00die 706d51389e spelling fix 2016-05-19 19:30:18 -04:00
wchen-r7 4a95e675ae Rm empty references 2016-04-24 11:46:08 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Fakhir Karim Reda zirsalem f0d403124c Update symantec_brightmail_ldapcreds.rb 2016-04-20 18:58:12 +02:00
Karim Reda Fakhir c322a4b314 added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb 2016-04-20 17:01:18 +01:00
Karim Reda Fakhir 5adf5be983 add symantec bright mail ldap creds 2016-04-20 16:05:24 +01:00
Brent Cook 99b4d0a2d5 remove more regex-style bool checks 2016-04-09 13:49:16 -05:00
Brent Cook af7eef231c Fix a few issues with the SSL scanner
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.

Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
rwhitcroft c12cc10416 change class Metasploit to MetasploitModule 2016-03-14 17:57:29 -04:00
rwhitcroft dd53625f4a change Metasploit3 to Metasploit to satisfy travis 2016-03-14 16:52:02 -04:00
rwhitcroft a26c90fd41 fix RPORT option 2016-03-14 16:27:44 -04:00
rwhitcroft f155477edf improve description and change behavior to keep trying on connection errors 2016-03-08 12:33:17 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
wchen-r7 c2f99b559c Add documentation for auxiliary/scanner/http/tomcat_enum
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
rwhitcroft ded5b58733 one more style fix 2016-03-01 10:20:39 -05:00
rwhitcroft 4b10331cf0 style fixups 2016-03-01 10:18:25 -05:00
rwhitcroft f735a904ff create owa_ews_login module, modify HttpClient to accept preferred_auth option 2016-02-28 22:01:05 -05:00
wchen-r7 051506694f
Land #6574, add Linknat Vos Manager Traversal aux module 2016-02-25 22:02:56 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
nixawk 7ca0255ea1 Module should not be marked executable 2016-02-15 12:57:43 +08:00
nixawk f35230b908 add Linknat Vos Manager Traversal 2016-02-15 12:39:40 +08:00
William Vu 5f0add2a8b
Land #6541, typo fix for cisco_ssl_vpn 2016-02-09 17:13:24 -06:00
William Vu 240cbb91be s/resp/res/ 2016-02-09 17:12:09 -06:00
wchen-r7 cd7046f233 Change method name "method" to "http_method" for http_traversal.rb
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
wchen-r7 2171c344e5 Fix #6539, correct a typo in report_cred
Fix #6539
2016-02-06 13:23:21 -06:00
James Lee 8094eb631b
Do the same for aux modules 2016-02-01 16:06:34 -06:00
Brent Cook cd56470759
Land #6493, move SSL to the default options, other fixes 2016-01-29 11:09:51 -06:00
wchen-r7 6187354392
Land #6226, Add Wordpress XML-RPC system.multicall Credential BF 2016-01-23 00:12:46 -06:00
wchen-r7 064af0d670 Remove unwanted comment 2016-01-23 00:11:58 -06:00
KINGSABRI ad3eed525b Handing newer version of WP, fallback CHUNKSIE to 1 2016-01-23 08:06:27 +03:00
wchen-r7 53e9bd7f51 This line does nothing 2016-01-22 18:55:45 -06:00
wchen-r7 0f9cf812b7 Bring wordpress_xmlrpc_login back, make wordpress_multicall as new 2016-01-22 18:54:20 -06:00
wchen-r7 91db2597c7 normalize URIs 2016-01-22 11:27:26 -06:00
wchen-r7 b02c762b93 Grab zeroSteiner's module/jenkins-cmd branch 2016-01-22 10:17:32 -06:00
Christian Mehlmauer 484d57614a
remove re-registered ssl options 2016-01-22 09:54:52 +01:00
wchen-r7 216986f7af Do API documentation, rspec, and other small changes 2016-01-21 17:22:14 -06:00
KINGSABRI a8feb8cad5 make passwords faster for reading huge wordlest files 2016-01-21 03:32:50 +03:00
KINGSABRI 4cb19c75a6 Enhance the module and add version check 2016-01-21 03:19:31 +03:00
wchen-r7 fcaef76215 Do a version check
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
wchen-r7 6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
wchen-r7 bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
William Vu 6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00
nixawk c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk cbbbd9a7e7 end is not aligned with def 2016-01-05 14:07:43 +08:00
William Vu 58c047200d
Land #6305, creds update for owa_login 2016-01-04 10:52:39 -06:00
nixawk a6914df3e3 rename LOGIN_URL to TARGETURI 2015-12-31 22:21:34 +08:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
r3naissance db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
James Lee 98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
Kyle Gray bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
Land #6284, fix for false negatives found in #6281

@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Christian Mehlmauer 920d8c6ad7
Land #6278, wrong default option for RHOST 2015-11-26 06:49:25 +01:00
Jon Hart 8fd2522a59
Land #6257, @all3g's aux module for locating git repos over HTTP 2015-11-25 12:25:45 -08:00
Jon Hart a56571479f
Remove WmapScanServer mixin; not needed 2015-11-25 11:38:32 -08:00
William Vu 2da9bb8578 Follow redirects in apache_userdir_enum
Found false negatives while testing a server for #6281.
2015-11-25 13:27:06 -06:00
William Vu 8f459de064 Fix tomcat_enum for full_uri 2015-11-25 11:28:56 -06:00
William Vu 38a9efe4d6 Fix squiz_matrix_user_enum for full_uri 2015-11-25 11:28:53 -06:00
William Vu 7d17c5741b Fix nginx_source_disclosure for full_uri 2015-11-25 11:19:27 -06:00
William Vu 035882702a Fix barracuda_directory_traversal for full_uri 2015-11-25 11:18:17 -06:00
William Vu 7a5f6495d0 Fix axis_local_file_include for full_uri 2015-11-25 11:16:59 -06:00
William Vu 42d12a4d40 Fix apache_userdir_enum for full_uri 2015-11-25 11:16:22 -06:00
Waqas Ali c09d8031c6 Remove default empty string 2015-11-25 12:19:16 +05:00
Jon Hart eac4f02b66
Spelling and correct description 2015-11-24 17:57:56 -08:00
aushack 3ad7ef9814 Modify the printed URL to add https:// when SSL is used. 2015-11-25 12:46:56 +11:00
wchen-r7 b1abfe898d Update wordpress_xmlrpc_login
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Jon Hart ccdf814688
Use correct URIs in report_note 2015-11-24 09:52:07 -08:00
Jon Hart c66d56263a
Cleaner and more consistent print_ * 2015-11-24 09:43:05 -08:00
Jon Hart 1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with / 2015-11-24 09:11:04 -08:00
Jon Hart afa4d9e74d
Add legit git UserAgent 2015-11-24 08:57:19 -08:00
Jon Hart d59c563ee3
Don't store index file 2015-11-24 08:51:43 -08:00
Jon Hart e29a229336
Minor style cleanup 2015-11-24 08:50:21 -08:00
Waqas Ali 2152c310fe Remove the default true option of RHOST 2015-11-24 14:54:54 +05:00
Spencer McIntyre dc5e9a1d0a Support CSRF token in the Jenkins aux cmd module 2015-11-22 17:51:27 -05:00
nixawk 2dd8567741 remove GIT_HEAD / add description / git_config regex match / save index|config file(s) 2015-11-22 09:18:19 +00:00
aushack fc46ce0ced Bring module title in line with other WP modules. 2015-11-22 13:39:45 +11:00
nixawk e0386d6830 add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG 2015-11-21 03:06:37 +00:00
nixawk 1795e09a27 scan git disclosure (.git/index) 2015-11-19 09:16:32 +00:00
KINGSABRI ab71d94392 Make CHUNKSIZE user configurable. Thanks @jhart-r7 2015-11-12 23:02:48 +03:00
KINGSABRI 732563614b Change connecting method to send for better code naming 2015-11-12 20:26:17 +03:00
KINGSABRI 881b12f0ab Fix rebease conflic 2015-11-12 18:16:39 +03:00
KINGSABRI ee312f86f6 Fix peer, naming, and add resp check to the code check 2015-11-12 08:50:46 +03:00
KINGSABRI 530a7bb613 Fix peer, naming, and add resp check to the code check 2015-11-12 08:42:00 +03:00
KINGSABRI 2abfa1f241 Fix exceptions and XML parsing 2015-11-12 05:30:07 +03:00
KINGSABRI b37fb3f34d Add TARGETURI option 2015-11-11 06:25:20 +03:00
KINGSABRI cf0cb2df9e Add TARGETURI option 2015-11-11 06:24:52 +03:00
KINGSABRI 9894fe15bd Remove unused advanced options 2015-11-11 06:02:37 +03:00
KINGSABRI 136fa12ac9 Remove unused advanced options 2015-11-11 06:02:13 +03:00
KINGSABRI 57cf535ec6 Fix the comment 2015-11-11 02:06:49 +03:00
KINGSABRI 137c2e214e Fix the comment 2015-11-11 02:01:01 +03:00
KINGSABRI 91867d344b Refactoring.. 2015-11-10 23:07:13 +03:00
KINGSABRI d19942eae3 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-10 23:07:12 +03:00
KINGSABRI 745738f065 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI b571a79b69 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI d498dc46a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI fffbb4106f Refactoring.. 2015-11-10 22:33:37 +03:00
KINGSABRI 46e7c53950 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-09 19:04:33 +03:00
KINGSABRI 2bf57a3cf3 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 18:23:15 +03:00
KINGSABRI 9586f416a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:37:06 +03:00
KINGSABRI 9f4f478d2d Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:28:58 +03:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
wchen-r7 896099b297
Land #6082, Directory Traversal for Elasticsearch 2015-10-16 11:00:27 -05:00
wchen-r7 e59a4e36b7 Fix check 2015-10-16 10:59:04 -05:00
Roberto Soares 41e9f8a91b Some code changes from Roberto 2015-10-16 10:47:19 -05:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 d4cf9a4eb9
Update moduels using Msf::HTTP::Typo3 2015-10-15 11:48:27 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
jaguasch d933962ff9 Last fix, including espreto minor changes 2015-10-13 18:41:51 +01:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jaguasch 772f9d8742 Changes based on espreto recommendations 2015-10-13 16:06:26 +01:00
jaguasch 7790f14af2 Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1 2015-10-13 13:05:58 +01:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
wchen-r7 3a0f7ce699
Land #6044, ManageEngine ServiceDesk Plus Arbitrary File Download 2015-10-07 15:24:14 -05:00
wchen-r7 f0b6d3c68e Change error message to avoid an undef method bug 2015-10-07 15:23:29 -05:00
JT 205b175a95 Update host_header_injection.rb 2015-10-07 13:20:06 +08:00
JT 6b3da7f7d8 Update host_header_injection.rb
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT a1e0e0cdd9 Add HTTP Host-Header Injection Detection 2015-10-07 11:19:00 +08:00
William Vu 3f2d5d7f06 Add newline back in 2015-10-05 11:42:58 -05:00
xistence 41b07eeef6 Small changes to servicedesk_plus_traversal 2015-10-05 08:56:00 +07:00
Roberto Soares ed8f5456a4 Fix bugs in drupal_views_user_enum. 2015-10-04 05:53:54 -03:00
xistence e6a57d5317 Add ManageEngine ServiceDesk Plus Path Traversal module 2015-10-03 15:54:44 +07:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 494b9cf75f Clean up module
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
Jake Yamaki 2e5999a119 Missed colon for output standardization 2015-09-30 16:41:46 -04:00
Jake Yamaki 3d41b4046c Standardize output and include full uri 2015-09-30 16:33:15 -04:00
Jake Yamaki 1bfa087518 Add IP to testing results
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
HD Moore 421fb4dcb8 Rework of the jenkins_command module 2015-09-04 16:56:44 -07:00
HD Moore 04d622b69b Cleanup Jenkins-CI module titles and option descriptions 2015-09-04 10:25:51 -07:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
Alton Johnson 5d59e8190e Added OS detection. 2015-09-03 13:12:07 -05:00
HD Moore 6e4ae1238b
Land #5791, show the VHOST in module output 2015-09-03 11:36:19 -05:00
HD Moore b8eee4a9e4 Show the IP address if it doesn't match the VHOST 2015-09-03 11:35:38 -05:00
HD Moore 1b021464fe
Land #5919, remove deprecated VMware modules & update resource script. 2015-09-03 10:23:48 -05:00
altjx 4b8dc143ec Fixed output 2015-09-02 23:50:03 -04:00
altjx 255c8b63b3 Modified output 2015-09-02 23:33:06 -04:00
Alton Johnson 40176b9e3f Updated. 2015-09-02 19:36:18 -05:00
Alton Johnson f78f6d0a0c Updated. 2015-09-02 19:03:07 -05:00
Alton Johnson 59aa3975be Updated. 2015-09-02 18:27:44 -05:00
altjx 284edbe4b0 Update jenkins_command.rb 2015-09-02 16:47:23 -04:00
altjx bde4f40c53 Update jenkins_command.rb 2015-09-02 16:39:49 -04:00
altjx becc599aca Created Jenkins RCE module
This module simply automates the same procedures documented by Royce Davis at https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/.
2015-09-02 16:12:05 -04:00
HD Moore 126fc9881e Cleanup and tweaks 2015-09-02 12:48:53 -05:00
JT b89b6b653a Update trace.rb 2015-09-03 01:26:45 +08:00
JT 73bf812dfd Update trace.rb
removed the cookie
2015-09-03 00:35:23 +08:00
JT 5ecee6aaba Update trace.rb
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT 34e0819a6e Modified the HTTP Trace Detection to XST Checker
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
Waqas Ali 8e993d7793 Remove deprecated vmware modules 2015-09-02 13:00:15 +05:00
wchen-r7 0c4b020089
Land #5913, Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-02 00:01:35 -05:00
HD Moore 381297ba93 Fix the regex flags 2015-09-01 23:07:48 -05:00
Roberto Soares 626704079d Changed output store_loot 2015-09-02 00:18:10 -03:00
Roberto Soares 96600a96ab Changed html parse by @wchen-r7 2015-09-01 22:03:21 -03:00
Alexander Salmin 3c72467b7d Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns. 2015-09-02 01:02:46 +02:00
Roberto Soares 35661d0182 Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-01 13:28:04 -03:00
wchen-r7 3d4cb06c67
Land #5807, Added Module WP Mobile Pack Vuln 2015-08-28 13:43:00 -05:00
wchen-r7 9e7f6d6500 Typos 2015-08-28 13:42:37 -05:00
wchen-r7 29e92aaabe
Land #5806, WordPress Subscribe Comments File Read Vuln 2015-08-28 11:52:59 -05:00
wchen-r7 62e6b23b4c Typo 2015-08-28 11:52:13 -05:00
Brent Cook b17d8f8d49
Land #5768, update modules to use metasploit-credential 2015-08-17 17:08:58 -05:00
Roberto Soares 7bb4f9479f Added new reference and removed empty line. 2015-08-04 03:58:57 -03:00
Roberto Soares d9b6e9cc58 Changed res condition and some words. 2015-08-04 03:44:25 -03:00
Roberto Soares 19ceccd93a Added JSON parse output. 2015-08-04 03:13:11 -03:00
Roberto Soares f4679f5341 Added WP Mobile Pack Info Disclosure Vuln - Functional Module. 2015-08-04 02:21:26 -03:00
Roberto Soares d221e9d961 Added more references. 2015-08-03 02:46:54 -03:00
Roberto Soares e59e4828e4 Removed unnecessary DEPTH option. 2015-08-02 22:56:17 -03:00
Roberto Soares 514849bcdc Added WP Subscribe Comments File Read Vuln - Functional. 2015-08-02 21:24:52 -03:00
Roberto Soares fdb2b008f9 Fix a small typo - OSVDB instead of OSVBD. 2015-07-31 02:23:19 -03:00
Greg Mikeska 3c394d673d
altered module to default
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
kn0 2415072c17 Replaced 'and' with '&&' 2015-07-28 14:14:25 -05:00
kn0 ee5e5b1e71 Fixed NoMethodError for .match on nil 2015-07-28 09:03:54 -05:00
wchen-r7 866a99ed07 This is better 2015-07-23 20:51:21 -05:00
wchen-r7 f5387ab3f2 Fix #5766, check res for send_request_raw
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7 8bead5fde2 Modate update on using metasploit-credential
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
wchen-r7 e4e9ac9d28 Remove cold_fusion_version, use coldfusion_version instead
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
HD Moore 728b338593 Give msftidy a cookie 2015-07-10 11:28:10 -05:00
HD Moore cf4b18700d Fix CVE reference 2015-07-10 11:14:59 -05:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
HD Moore 67666160e8 Add patched server detection 2015-07-08 13:47:59 -05:00
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
William Vu c04490e5eb Remove comma before coordinating conjunction
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
Tod Beardsley 31eedbcfa0
Minor cleanups on recent modules
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577, MS15-034 HTTP.SYS Information Disclosure

Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605, CVE-2015-3105 flash exploit

Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559, Adobe Flash Player ShaderJob Buffer Overflow

Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
Trevor Rosen 84c0e62fd3
Land #5493, update OWA scanner creds persistence 2015-06-26 08:46:27 -05:00
root 63f584cbfd Add last_attempted_at 2015-06-25 12:08:38 +05:00
William Vu 5751e196bb Remove extraneous newline 2015-06-23 14:43:37 -05:00
wchen-r7 59af7ef1fc Remove the extra target_uri 2015-06-23 10:27:50 -05:00
wchen-r7 a2a231c242
Land #5577, MS15-034 HTTP.SYS Information Disclosure 2015-06-23 10:20:54 -05:00
wchen-r7 11366971da Oh never mind, user-agent makes it more difficult to use (more crashes) 2015-06-23 01:24:17 -05:00
wchen-r7 6127b8a037 Pass user-agent 2015-06-23 01:23:01 -05:00
wchen-r7 8ce5cc23cf More consistent filename style 2015-06-23 01:08:34 -05:00
wchen-r7 e9b548e8a2 Changes for ms15034_http_sys_memory_dump.rb 2015-06-23 01:07:33 -05:00
rwhitcroft 8086a6f8cc remove unnecessary begin/rescue, change print_* to vprint_* in check() 2015-06-22 20:25:12 -04:00
rwhitcroft 90e17aee6b clarified affected OSes and error messages 2015-06-22 15:47:26 -04:00
rwhitcroft 774aef7241 add module to dump memory via MS15-034 2015-06-22 10:31:31 -04:00
jvazquez-r7 4762e9f62c
Land #5540, @wchen-r7's changes for multiple auxiliary modules to use the new cred API 2015-06-19 15:39:09 -05:00
jvazquez-r7 fa6e45964e
Provide context to the note 2015-06-19 15:38:26 -05:00
wchen-r7 83427583ea report_note for group info 2015-06-19 15:09:50 -05:00
wchen-r7 ef286fdfcf Remove report_auth_info 2015-06-19 15:06:02 -05:00
wchen-r7 b104155cf1 Do Metasploit::Model::Login::Status::UNTRIED 2015-06-19 15:05:42 -05:00
jvazquez-r7 ebd376e0f3
Land #5485, @wchen-r7 updates wordpress_login_enum to use the new cred API 2015-06-19 10:50:07 -05:00
jvazquez-r7 dfae4bbbf0
Do reporting more accurate 2015-06-19 10:48:12 -05:00
William Vu d86c21e94a
Land #5567, author fix 2015-06-19 10:41:41 -05:00
aushack 76cd9590a4 Fix author 2015-06-19 19:13:51 +10:00
wchen-r7 9b5770c966 Change to Metasploit::Model::Login::Status::SUCCESSFUL 2015-06-18 23:40:51 -05:00
wchen-r7 b6379b4d24 Update drupal_views_user_enum 2015-06-16 00:02:02 -05:00
wchen-r7 0b88e86a49 Using the new cred API for multiple auxiliary modules 2015-06-15 16:06:57 -05:00
wchen-r7 907f596de6
Land #5520, Update titan_ftp_admin_pwd to use the new creds API 2015-06-15 03:26:19 -05:00
wchen-r7 940d045029 Correctly report rport 2015-06-15 03:23:39 -05:00
wchen-r7 308b1a3d7f Don't deregister username & password 2015-06-15 03:21:09 -05:00
jvazquez-r7 e628d71261
Land #5397, @espreto's module for WordPress Simple Backup File Read Vulnerability 2015-06-12 15:32:06 -05:00
jvazquez-r7 184c20cd46
Do minor cleanup 2015-06-12 15:31:42 -05:00
root 7cb82f594b Add ftp port for service 2015-06-10 14:24:05 +05:00
root 3ffe006e09 Update titan_ftp_admin_pwd to use the new creds API 2015-06-10 13:36:26 +05:00
root 78a6e1bc90 Change credential status from untried to successful 2015-06-10 10:07:33 +05:00
root 49e4820c57 Add depcrecated note to the existing modules 2015-06-09 10:42:53 +05:00
root 3279518bbd Move VMware modules to the VMware directory 2015-06-08 14:58:22 +05:00
root 3ec6d9b7aa Update owa_login to use new cred API 2015-06-05 15:41:07 +05:00
wchen-r7 874e090aa1 Update wordpress_login_enum to use the new cred API 2015-06-04 18:16:14 -05:00
Roberto Soares b305fa62f4 Changed vprint_error when nothing was downloaded. 2015-06-03 14:46:59 -03:00
Roberto Soares 24ec3b2fb5 Changed vprint_error to fail_with method. 2015-06-03 13:46:59 -03:00
wchen-r7 80c3022dc1 Deprecate cold_fusion_version. Please use coldfusion_version.
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Roberto Soares b4a6cdbad0 Remove new line in vprint_line. 2015-05-21 12:33:09 -03:00
Roberto Soares 0135b3639f Add WordPress Simple Backup File Read Vulnerability. 2015-05-21 12:23:24 -03:00
Brent Cook a4df3468de unique: should be update:, include uri in data hash 2015-05-20 16:20:09 -05:00
Brent Cook c85b82e8a7 Merge branch 'master' into land-5358-notes 2015-05-20 16:02:59 -05:00
Stuart Morgan 79b9ef008a Bugfix 2015-05-17 13:55:56 +01:00
jvazquez-r7 dd5060e08c
Land #5340, @wchen-r7's change to the symantec_web_gateway_login writing style 2015-05-15 13:18:35 -05:00
jvazquez-r7 cf5fa6752e
Use parenthesis 2015-05-15 13:17:54 -05:00