Commit Graph

2059 Commits (f8e64dba84c342511100149205cb1b0a4debd8e5)

Author SHA1 Message Date
wchen-r7 6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
wchen-r7 bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
William Vu 6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00
nixawk c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk cbbbd9a7e7 end is not aligned with def 2016-01-05 14:07:43 +08:00
William Vu 58c047200d
Land #6305, creds update for owa_login 2016-01-04 10:52:39 -06:00
nixawk a6914df3e3 rename LOGIN_URL to TARGETURI 2015-12-31 22:21:34 +08:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
r3naissance db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
James Lee 98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
Kyle Gray bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
Land #6284, fix for false negatives found in #6281

@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Christian Mehlmauer 920d8c6ad7
Land #6278, wrong default option for RHOST 2015-11-26 06:49:25 +01:00
Jon Hart 8fd2522a59
Land #6257, @all3g's aux module for locating git repos over HTTP 2015-11-25 12:25:45 -08:00
Jon Hart a56571479f
Remove WmapScanServer mixin; not needed 2015-11-25 11:38:32 -08:00
William Vu 2da9bb8578 Follow redirects in apache_userdir_enum
Found false negatives while testing a server for #6281.
2015-11-25 13:27:06 -06:00
William Vu 8f459de064 Fix tomcat_enum for full_uri 2015-11-25 11:28:56 -06:00
William Vu 38a9efe4d6 Fix squiz_matrix_user_enum for full_uri 2015-11-25 11:28:53 -06:00
William Vu 7d17c5741b Fix nginx_source_disclosure for full_uri 2015-11-25 11:19:27 -06:00
William Vu 035882702a Fix barracuda_directory_traversal for full_uri 2015-11-25 11:18:17 -06:00
William Vu 7a5f6495d0 Fix axis_local_file_include for full_uri 2015-11-25 11:16:59 -06:00
William Vu 42d12a4d40 Fix apache_userdir_enum for full_uri 2015-11-25 11:16:22 -06:00
Waqas Ali c09d8031c6 Remove default empty string 2015-11-25 12:19:16 +05:00
Jon Hart eac4f02b66
Spelling and correct description 2015-11-24 17:57:56 -08:00
aushack 3ad7ef9814 Modify the printed URL to add https:// when SSL is used. 2015-11-25 12:46:56 +11:00
wchen-r7 b1abfe898d Update wordpress_xmlrpc_login
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Jon Hart ccdf814688
Use correct URIs in report_note 2015-11-24 09:52:07 -08:00
Jon Hart c66d56263a
Cleaner and more consistent print_ * 2015-11-24 09:43:05 -08:00
Jon Hart 1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with / 2015-11-24 09:11:04 -08:00
Jon Hart afa4d9e74d
Add legit git UserAgent 2015-11-24 08:57:19 -08:00
Jon Hart d59c563ee3
Don't store index file 2015-11-24 08:51:43 -08:00
Jon Hart e29a229336
Minor style cleanup 2015-11-24 08:50:21 -08:00
Waqas Ali 2152c310fe Remove the default true option of RHOST 2015-11-24 14:54:54 +05:00
Spencer McIntyre dc5e9a1d0a Support CSRF token in the Jenkins aux cmd module 2015-11-22 17:51:27 -05:00
nixawk 2dd8567741 remove GIT_HEAD / add description / git_config regex match / save index|config file(s) 2015-11-22 09:18:19 +00:00
aushack fc46ce0ced Bring module title in line with other WP modules. 2015-11-22 13:39:45 +11:00
nixawk e0386d6830 add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG 2015-11-21 03:06:37 +00:00
nixawk 1795e09a27 scan git disclosure (.git/index) 2015-11-19 09:16:32 +00:00
KINGSABRI ab71d94392 Make CHUNKSIZE user configurable. Thanks @jhart-r7 2015-11-12 23:02:48 +03:00
KINGSABRI 732563614b Change connecting method to send for better code naming 2015-11-12 20:26:17 +03:00
KINGSABRI 881b12f0ab Fix rebease conflic 2015-11-12 18:16:39 +03:00
KINGSABRI ee312f86f6 Fix peer, naming, and add resp check to the code check 2015-11-12 08:50:46 +03:00
KINGSABRI 530a7bb613 Fix peer, naming, and add resp check to the code check 2015-11-12 08:42:00 +03:00
KINGSABRI 2abfa1f241 Fix exceptions and XML parsing 2015-11-12 05:30:07 +03:00
KINGSABRI b37fb3f34d Add TARGETURI option 2015-11-11 06:25:20 +03:00
KINGSABRI cf0cb2df9e Add TARGETURI option 2015-11-11 06:24:52 +03:00
KINGSABRI 9894fe15bd Remove unused advanced options 2015-11-11 06:02:37 +03:00
KINGSABRI 136fa12ac9 Remove unused advanced options 2015-11-11 06:02:13 +03:00
KINGSABRI 57cf535ec6 Fix the comment 2015-11-11 02:06:49 +03:00
KINGSABRI 137c2e214e Fix the comment 2015-11-11 02:01:01 +03:00
KINGSABRI 91867d344b Refactoring.. 2015-11-10 23:07:13 +03:00
KINGSABRI d19942eae3 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-10 23:07:12 +03:00
KINGSABRI 745738f065 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI b571a79b69 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI d498dc46a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI fffbb4106f Refactoring.. 2015-11-10 22:33:37 +03:00
KINGSABRI 46e7c53950 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-09 19:04:33 +03:00
KINGSABRI 2bf57a3cf3 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 18:23:15 +03:00
KINGSABRI 9586f416a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:37:06 +03:00
KINGSABRI 9f4f478d2d Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:28:58 +03:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
wchen-r7 896099b297
Land #6082, Directory Traversal for Elasticsearch 2015-10-16 11:00:27 -05:00
wchen-r7 e59a4e36b7 Fix check 2015-10-16 10:59:04 -05:00
Roberto Soares 41e9f8a91b Some code changes from Roberto 2015-10-16 10:47:19 -05:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 d4cf9a4eb9
Update moduels using Msf::HTTP::Typo3 2015-10-15 11:48:27 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
jaguasch d933962ff9 Last fix, including espreto minor changes 2015-10-13 18:41:51 +01:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jaguasch 772f9d8742 Changes based on espreto recommendations 2015-10-13 16:06:26 +01:00
jaguasch 7790f14af2 Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1 2015-10-13 13:05:58 +01:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
wchen-r7 3a0f7ce699
Land #6044, ManageEngine ServiceDesk Plus Arbitrary File Download 2015-10-07 15:24:14 -05:00
wchen-r7 f0b6d3c68e Change error message to avoid an undef method bug 2015-10-07 15:23:29 -05:00
JT 205b175a95 Update host_header_injection.rb 2015-10-07 13:20:06 +08:00
JT 6b3da7f7d8 Update host_header_injection.rb
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT a1e0e0cdd9 Add HTTP Host-Header Injection Detection 2015-10-07 11:19:00 +08:00
William Vu 3f2d5d7f06 Add newline back in 2015-10-05 11:42:58 -05:00
xistence 41b07eeef6 Small changes to servicedesk_plus_traversal 2015-10-05 08:56:00 +07:00
Roberto Soares ed8f5456a4 Fix bugs in drupal_views_user_enum. 2015-10-04 05:53:54 -03:00
xistence e6a57d5317 Add ManageEngine ServiceDesk Plus Path Traversal module 2015-10-03 15:54:44 +07:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 494b9cf75f Clean up module
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
Jake Yamaki 2e5999a119 Missed colon for output standardization 2015-09-30 16:41:46 -04:00
Jake Yamaki 3d41b4046c Standardize output and include full uri 2015-09-30 16:33:15 -04:00
Jake Yamaki 1bfa087518 Add IP to testing results
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
HD Moore 421fb4dcb8 Rework of the jenkins_command module 2015-09-04 16:56:44 -07:00
HD Moore 04d622b69b Cleanup Jenkins-CI module titles and option descriptions 2015-09-04 10:25:51 -07:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
Alton Johnson 5d59e8190e Added OS detection. 2015-09-03 13:12:07 -05:00
HD Moore 6e4ae1238b
Land #5791, show the VHOST in module output 2015-09-03 11:36:19 -05:00
HD Moore b8eee4a9e4 Show the IP address if it doesn't match the VHOST 2015-09-03 11:35:38 -05:00
HD Moore 1b021464fe
Land #5919, remove deprecated VMware modules & update resource script. 2015-09-03 10:23:48 -05:00
altjx 4b8dc143ec Fixed output 2015-09-02 23:50:03 -04:00
altjx 255c8b63b3 Modified output 2015-09-02 23:33:06 -04:00
Alton Johnson 40176b9e3f Updated. 2015-09-02 19:36:18 -05:00
Alton Johnson f78f6d0a0c Updated. 2015-09-02 19:03:07 -05:00
Alton Johnson 59aa3975be Updated. 2015-09-02 18:27:44 -05:00
altjx 284edbe4b0 Update jenkins_command.rb 2015-09-02 16:47:23 -04:00
altjx bde4f40c53 Update jenkins_command.rb 2015-09-02 16:39:49 -04:00
altjx becc599aca Created Jenkins RCE module
This module simply automates the same procedures documented by Royce Davis at https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/.
2015-09-02 16:12:05 -04:00
HD Moore 126fc9881e Cleanup and tweaks 2015-09-02 12:48:53 -05:00
JT b89b6b653a Update trace.rb 2015-09-03 01:26:45 +08:00
JT 73bf812dfd Update trace.rb
removed the cookie
2015-09-03 00:35:23 +08:00
JT 5ecee6aaba Update trace.rb
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT 34e0819a6e Modified the HTTP Trace Detection to XST Checker
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
Waqas Ali 8e993d7793 Remove deprecated vmware modules 2015-09-02 13:00:15 +05:00
wchen-r7 0c4b020089
Land #5913, Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-02 00:01:35 -05:00
HD Moore 381297ba93 Fix the regex flags 2015-09-01 23:07:48 -05:00
Roberto Soares 626704079d Changed output store_loot 2015-09-02 00:18:10 -03:00
Roberto Soares 96600a96ab Changed html parse by @wchen-r7 2015-09-01 22:03:21 -03:00
Alexander Salmin 3c72467b7d Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns. 2015-09-02 01:02:46 +02:00
Roberto Soares 35661d0182 Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-01 13:28:04 -03:00
wchen-r7 3d4cb06c67
Land #5807, Added Module WP Mobile Pack Vuln 2015-08-28 13:43:00 -05:00
wchen-r7 9e7f6d6500 Typos 2015-08-28 13:42:37 -05:00
wchen-r7 29e92aaabe
Land #5806, WordPress Subscribe Comments File Read Vuln 2015-08-28 11:52:59 -05:00
wchen-r7 62e6b23b4c Typo 2015-08-28 11:52:13 -05:00
Brent Cook b17d8f8d49
Land #5768, update modules to use metasploit-credential 2015-08-17 17:08:58 -05:00
Roberto Soares 7bb4f9479f Added new reference and removed empty line. 2015-08-04 03:58:57 -03:00
Roberto Soares d9b6e9cc58 Changed res condition and some words. 2015-08-04 03:44:25 -03:00
Roberto Soares 19ceccd93a Added JSON parse output. 2015-08-04 03:13:11 -03:00
Roberto Soares f4679f5341 Added WP Mobile Pack Info Disclosure Vuln - Functional Module. 2015-08-04 02:21:26 -03:00
Roberto Soares d221e9d961 Added more references. 2015-08-03 02:46:54 -03:00
Roberto Soares e59e4828e4 Removed unnecessary DEPTH option. 2015-08-02 22:56:17 -03:00
Roberto Soares 514849bcdc Added WP Subscribe Comments File Read Vuln - Functional. 2015-08-02 21:24:52 -03:00
Roberto Soares fdb2b008f9 Fix a small typo - OSVDB instead of OSVBD. 2015-07-31 02:23:19 -03:00
Greg Mikeska 3c394d673d
altered module to default
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
kn0 2415072c17 Replaced 'and' with '&&' 2015-07-28 14:14:25 -05:00
kn0 ee5e5b1e71 Fixed NoMethodError for .match on nil 2015-07-28 09:03:54 -05:00
wchen-r7 866a99ed07 This is better 2015-07-23 20:51:21 -05:00
wchen-r7 f5387ab3f2 Fix #5766, check res for send_request_raw
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7 8bead5fde2 Modate update on using metasploit-credential
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
wchen-r7 e4e9ac9d28 Remove cold_fusion_version, use coldfusion_version instead
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
HD Moore 728b338593 Give msftidy a cookie 2015-07-10 11:28:10 -05:00
HD Moore cf4b18700d Fix CVE reference 2015-07-10 11:14:59 -05:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
HD Moore 67666160e8 Add patched server detection 2015-07-08 13:47:59 -05:00
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
William Vu c04490e5eb Remove comma before coordinating conjunction
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
Tod Beardsley 31eedbcfa0
Minor cleanups on recent modules
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577, MS15-034 HTTP.SYS Information Disclosure

Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605, CVE-2015-3105 flash exploit

Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559, Adobe Flash Player ShaderJob Buffer Overflow

Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
Trevor Rosen 84c0e62fd3
Land #5493, update OWA scanner creds persistence 2015-06-26 08:46:27 -05:00
root 63f584cbfd Add last_attempted_at 2015-06-25 12:08:38 +05:00
William Vu 5751e196bb Remove extraneous newline 2015-06-23 14:43:37 -05:00
wchen-r7 59af7ef1fc Remove the extra target_uri 2015-06-23 10:27:50 -05:00
wchen-r7 a2a231c242
Land #5577, MS15-034 HTTP.SYS Information Disclosure 2015-06-23 10:20:54 -05:00
wchen-r7 11366971da Oh never mind, user-agent makes it more difficult to use (more crashes) 2015-06-23 01:24:17 -05:00
wchen-r7 6127b8a037 Pass user-agent 2015-06-23 01:23:01 -05:00
wchen-r7 8ce5cc23cf More consistent filename style 2015-06-23 01:08:34 -05:00
wchen-r7 e9b548e8a2 Changes for ms15034_http_sys_memory_dump.rb 2015-06-23 01:07:33 -05:00
rwhitcroft 8086a6f8cc remove unnecessary begin/rescue, change print_* to vprint_* in check() 2015-06-22 20:25:12 -04:00
rwhitcroft 90e17aee6b clarified affected OSes and error messages 2015-06-22 15:47:26 -04:00
rwhitcroft 774aef7241 add module to dump memory via MS15-034 2015-06-22 10:31:31 -04:00
jvazquez-r7 4762e9f62c
Land #5540, @wchen-r7's changes for multiple auxiliary modules to use the new cred API 2015-06-19 15:39:09 -05:00
jvazquez-r7 fa6e45964e
Provide context to the note 2015-06-19 15:38:26 -05:00
wchen-r7 83427583ea report_note for group info 2015-06-19 15:09:50 -05:00
wchen-r7 ef286fdfcf Remove report_auth_info 2015-06-19 15:06:02 -05:00
wchen-r7 b104155cf1 Do Metasploit::Model::Login::Status::UNTRIED 2015-06-19 15:05:42 -05:00
jvazquez-r7 ebd376e0f3
Land #5485, @wchen-r7 updates wordpress_login_enum to use the new cred API 2015-06-19 10:50:07 -05:00
jvazquez-r7 dfae4bbbf0
Do reporting more accurate 2015-06-19 10:48:12 -05:00
William Vu d86c21e94a
Land #5567, author fix 2015-06-19 10:41:41 -05:00
aushack 76cd9590a4 Fix author 2015-06-19 19:13:51 +10:00
wchen-r7 9b5770c966 Change to Metasploit::Model::Login::Status::SUCCESSFUL 2015-06-18 23:40:51 -05:00
wchen-r7 b6379b4d24 Update drupal_views_user_enum 2015-06-16 00:02:02 -05:00
wchen-r7 0b88e86a49 Using the new cred API for multiple auxiliary modules 2015-06-15 16:06:57 -05:00
wchen-r7 907f596de6
Land #5520, Update titan_ftp_admin_pwd to use the new creds API 2015-06-15 03:26:19 -05:00
wchen-r7 940d045029 Correctly report rport 2015-06-15 03:23:39 -05:00
wchen-r7 308b1a3d7f Don't deregister username & password 2015-06-15 03:21:09 -05:00
jvazquez-r7 e628d71261
Land #5397, @espreto's module for WordPress Simple Backup File Read Vulnerability 2015-06-12 15:32:06 -05:00
jvazquez-r7 184c20cd46
Do minor cleanup 2015-06-12 15:31:42 -05:00
root 7cb82f594b Add ftp port for service 2015-06-10 14:24:05 +05:00
root 3ffe006e09 Update titan_ftp_admin_pwd to use the new creds API 2015-06-10 13:36:26 +05:00
root 78a6e1bc90 Change credential status from untried to successful 2015-06-10 10:07:33 +05:00
root 49e4820c57 Add depcrecated note to the existing modules 2015-06-09 10:42:53 +05:00
root 3279518bbd Move VMware modules to the VMware directory 2015-06-08 14:58:22 +05:00
root 3ec6d9b7aa Update owa_login to use new cred API 2015-06-05 15:41:07 +05:00
wchen-r7 874e090aa1 Update wordpress_login_enum to use the new cred API 2015-06-04 18:16:14 -05:00
Roberto Soares b305fa62f4 Changed vprint_error when nothing was downloaded. 2015-06-03 14:46:59 -03:00
Roberto Soares 24ec3b2fb5 Changed vprint_error to fail_with method. 2015-06-03 13:46:59 -03:00
wchen-r7 80c3022dc1 Deprecate cold_fusion_version. Please use coldfusion_version.
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Roberto Soares b4a6cdbad0 Remove new line in vprint_line. 2015-05-21 12:33:09 -03:00
Roberto Soares 0135b3639f Add WordPress Simple Backup File Read Vulnerability. 2015-05-21 12:23:24 -03:00
Brent Cook a4df3468de unique: should be update:, include uri in data hash 2015-05-20 16:20:09 -05:00
Brent Cook c85b82e8a7 Merge branch 'master' into land-5358-notes 2015-05-20 16:02:59 -05:00
Stuart Morgan 79b9ef008a Bugfix 2015-05-17 13:55:56 +01:00
jvazquez-r7 dd5060e08c
Land #5340, @wchen-r7's change to the symantec_web_gateway_login writing style 2015-05-15 13:18:35 -05:00
jvazquez-r7 cf5fa6752e
Use parenthesis 2015-05-15 13:17:54 -05:00
jvazquez-r7 d05cae5faf
Land #5329, @wchen-r7's add configurable options to jenkins_login 2015-05-15 11:38:21 -05:00
wchen-r7 24a989b8a3
Land #5249, Add Module for Enum on InfluxDB database 2015-05-14 11:22:54 -05:00
wchen-r7 005c36b2a6 If data is empty, don't save (or even continue) 2015-05-14 11:22:10 -05:00
wchen-r7 ac0e4e747a Change writing style of symantec_web_gateway_login 2015-05-13 00:23:37 -05:00
wchen-r7 202c5e0121
Land #5333, HTML Title Grabber 2015-05-12 11:19:06 -05:00
wchen-r7 faec5844cb Some fixes 2015-05-12 11:18:21 -05:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Stuart Morgan f0048b9a6d Apparently you don't quote the keys with the new syntax 2015-05-12 11:00:18 +01:00
Stuart Morgan 7c81adbd89 MSFTidy is now quiet and happy 2015-05-12 10:47:49 +01:00
Stuart Morgan 1f6bd3e2be Updated to new ruby hash syntax and removed <> from title 2015-05-12 10:43:32 +01:00
Stuart Morgan 518e28674e Removed CGI dependency (@hmoore-r7, @wchen-r7) 2015-05-11 21:10:18 +01:00
Stuart Morgan 78e310562b Readability style change 2015-05-11 19:48:12 +01:00
Stuart Morgan 8e3d803e74 Updated style as per @void-in's comments 2015-05-11 19:46:10 +01:00
Stuart Morgan 62d67469da Updated code style as per @hmoore-r7's instructions 2015-05-11 19:34:23 +01:00
Stuart Morgan b8f7c80fd2 Rubocop 2015-05-11 18:50:03 +01:00
Stuart Morgan 8308c2a925 Added check for nonsensical options 2015-05-11 18:48:55 +01:00
Stuart Morgan 99133deabb Reran tests, sorted out strip problem 2015-05-11 18:29:44 +01:00
Stuart Morgan c25a5d3859 Fixed a bunch of rubocop errors 2015-05-11 18:14:37 +01:00
Stuart Morgan 34cf90af59 Removed unnecessary include 2015-05-11 17:31:31 +01:00
Stuart Morgan c001f014ce HTML Title Grabber 2015-05-11 17:29:22 +01:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 a8adcda941
Redo port checks 2015-05-08 15:29:30 -05:00
jvazquez-r7 156aac1dff
Use timeout options 2015-05-08 15:23:08 -05:00
jvazquez-r7 bf9ca1f88f
Change module filename 2015-05-08 15:08:59 -05:00
jvazquez-r7 f56115552f
Do code cleanup 2015-05-08 14:56:39 -05:00
jvazquez-r7 b73241882b
Use datastore option 2015-05-08 14:48:19 -05:00
jvazquez-r7 b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin 2015-05-08 14:46:08 -05:00
jvazquez-r7 9fdbfd7031
Use vprint_error 2015-05-08 14:21:36 -05:00
jvazquez-r7 017ae463ed
Fix description style 2015-05-08 14:18:29 -05:00
void-in a7988f9e93 Change credentials to service:service 2015-05-08 22:52:59 +05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
jvazquez-r7 93ac8b48e3
Land #5178, @jboss_vulnscan check for console default admin
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7 697c6c20cb
Do minor cleanup 2015-05-01 17:37:45 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 b037560c90
Do minor style fixes 2015-05-01 15:01:13 -05:00
William Vu 9b17191e48 Remove unnecessary {,dis}connect 2015-04-28 15:09:16 -05:00
William Vu 28e661e204 Fix false positive in POODLE scanner
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
Christian Mehlmauer 7523e592d2
Land #5198, WordPress contus video gallery 2.7 scanner 2015-04-27 23:24:57 +02:00
Brandon Perry 7a2084cdc5 Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb 2015-04-26 16:54:21 -05:00
Roberto Soares c41c7a1ba2 Rewrote the conditions of res. 2015-04-25 17:18:38 -03:00
Roberto Soares d01da0c522 Changed if conditions and exception handling 2015-04-25 15:08:36 -03:00
Roberto Soares 3a84396f32 Removed authorization header. 2015-04-25 14:30:21 -03:00
Roberto Soares b810a96dac Add Module for Enum on InfluxDB database. 2015-04-25 04:41:33 -03:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
jvazquez-r7 896d6e8cb7
Fix title 2015-04-24 11:09:39 -05:00
jvazquez-r7 7af6f31c3a
Fix message 2015-04-24 11:08:00 -05:00
jvazquez-r7 5ca6fe3cb0
Do code cleanup 2015-04-24 11:07:13 -05:00
Roberto Soares e51897d64e Filepath option 2015-04-24 04:35:59 -03:00
Roberto Soares 7b0b59b5f6 Add WordPress GI-Media Library Plugin File Read. 2015-04-24 04:24:16 -03:00
Brandon Perry e9f8b25987 Update wordpress_contus_video_gallery_sqli.rb
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry 26d208f089 Update wordpress_contus_video_gallery_sqli.rb
remove 'uri'
2015-04-22 14:42:03 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
Brent Cook 073850c5ad
Land #5158, OWA internal IP disclosure scanner 2015-04-21 11:10:39 -05:00
Brent Cook 5296c6507d
Land #5157, OWA login scanner auth timing logs 2015-04-21 11:06:08 -05:00
Brandon Perry b622aae97f Update wordpress_contus_video_gallery_sqli.rb 2015-04-19 18:24:12 -05:00
Brandon Perry c393f7c398 add contus video gallery scanner 2015-04-19 17:58:08 -05:00
Christian Mehlmauer ed9175d73f
Land #5167, WordPress CP Multi-View Calendar SQLI Scanner 2015-04-19 23:36:23 +02:00
Brandon Perry 8c0bcd2e03 Update wordpress_cp_calendar_sqli.rb
Use the new WPVDB
2015-04-19 16:32:57 -05:00
Christian Mehlmauer 6653c9e33d
Land #5162, WordPress Dukapress File Read Vulnerability 2015-04-17 11:20:55 +02:00
Christian Mehlmauer 6c77b64dae
wrong method name 2015-04-17 11:20:14 +02:00
Christian Mehlmauer aef464fc2e
Land #5159, WordPress Mobile Edition Plugin File Read Vuln 2015-04-17 11:13:00 +02:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Roberto Soares ed588e335b Changed the print_error output. 2015-04-16 17:32:59 -03:00
Roberto Soares bf3bdcffb4 Changed the deph value to 7. 2015-04-16 17:30:28 -03:00
Roberto Soares dd474757fe Changed the print_error output. 2015-04-16 17:26:44 -03:00
Roberto Soares f50cedeafd Changed the depth value to 7. 2015-04-16 17:22:49 -03:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
William Vu 1455d4e94d Fix AUTH_TIME 2015-04-16 11:39:33 -05:00
William Vu 7c572777e1 Fix whitespace 2015-04-16 11:34:50 -05:00
William Vu 7a9167b235 Fix comments 2015-04-16 11:34:47 -05:00
Nate Power 9bcc988266 Update owa_login 2015-04-16 11:23:04 -05:00
Brandon Perry 75b88f199a Create wordpress_cp_calendar_sqli.rb 2015-04-16 09:53:00 -05:00
Roberto Soares ecc67b1a57 Fix loot name 2015-04-16 10:42:20 -03:00
Roberto Soares d898af5513 Add check version and removed HttpClient 2015-04-16 10:40:35 -03:00
Roberto Soares 768294710b Add check and removed HttpClient 2015-04-16 10:22:10 -03:00
Roberto Soares 890561bff3 Rewriting the condition 'if' for only one line 2015-04-16 09:23:56 -03:00
Roberto Soares b90ff36ef4 Rewriting the condition 'if' for only one line 2015-04-16 09:15:17 -03:00
Roberto Soares 21e964e699 Add Author and references.. 2015-04-16 07:20:48 -03:00
Roberto Soares f6f4bd0746 Add WordPress Dukapress File Read Vulnerability 2015-04-16 07:17:46 -03:00
Roberto Soares c8e1185a04 Included Wordpress mixin. 2015-04-16 05:02:39 -03:00
William Vu bec6270f07 Fix regex 2015-04-15 23:47:03 -05:00
William Vu 01ae7002cf Fix EOF whitespace 2015-04-15 21:27:53 -05:00
Roberto Soares 0031f09d60 Add author, EDB, WPVDB and fix loot. 2015-04-15 20:03:36 -03:00
Roberto Soares 0f1cf1d1b1 Add Module WP Mobile Edition Plugin File Read Vuln 2015-04-15 19:45:08 -03:00
William Vu 66b7179a97 Rename module to owa_iis_internal_ip 2015-04-15 17:10:01 -05:00
William Vu a109dae033 Fix EOL whitespace 2015-04-15 16:58:59 -05:00
William Vu cc422eeeea Fix splat 2015-04-15 16:58:18 -05:00
Nate Power 34ce4edacb Add exchange_iis_internal_ip 2015-04-15 16:55:19 -05:00
Tod Beardsley d87483b28d
Squashed commit of the following:
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:42:13 2015 -0500

    Fix funny punctuation on rootpipe exploit title

    See #5119

commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:37:39 2015 -0500

    Fix vendor caps

    Trusting the github repo README at

    https://github.com/embedthis/goahead

    See #5101
2015-04-13 10:46:47 -05:00
sinn3r 5f389cf3c2 Add ManageEngine Desktop Central Login Utility 2015-04-08 02:05:56 -05:00
Roberto Soares dc14c770be Changed the traversal variable to just one line 2015-04-08 02:26:59 -03:00
Roberto Soares 441042ed37 Removed the segments variable 2015-04-08 01:29:45 -03:00
Roberto Soares d399d05383 Add Directory Traversal for GoAhead Web Server 2015-04-07 20:22:06 -03:00
Zach Grace 42e82cc644 Rubocop fixes 2015-04-07 18:21:08 -05:00
Zach Grace 7275d5745f Fixes, refactoring and adding JBoss AS default creds scanning 2015-04-07 17:40:25 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
jvazquez-r7 79b2a23dff
Land #5015, @espreto file traversal scanner for RIPS 2015-04-03 15:35:58 -05:00
jvazquez-r7 ce6e5e12d8
Make depth an option 2015-04-03 15:33:27 -05:00
jvazquez-r7 70fad73092
Add metadata 2015-04-03 15:27:28 -05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
Denis Kolegov c9e8f9cbea Add BigIP HTTP VS scanner and fix connection errors 2015-04-03 02:30:03 -04:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
2015-04-02 15:12:22 -05:00
sinn3r a592f645f0
Land #5039, Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner 2015-04-01 14:34:58 -05:00
Brandon Perry e73286cfa5 update stale references 2015-03-30 17:17:48 -05:00
sinn3r 613f4777ce Land #5024, add joomla_ecommercewd_sqli_scanner.rb 2015-03-30 12:45:09 -05:00
Brandon Perry de2bf0181c add first pass at gallerywd sqli scanner 2015-03-28 16:15:51 -05:00
Brandon Perry 9f0483248c add TARGETURI datastore option 2015-03-28 15:46:41 -05:00
Brandon Perry 6ede476423 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-28 08:38:12 -05:00
Brandon Perry 0dbd8544b4 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-27 21:20:59 -05:00
Brandon Perry 31be47d5bc Create joomla_ecommercewd_sqli_scanner.rb 2015-03-27 20:25:33 -05:00
Roberto Soares 3e104fd8e6
Add Directory Traversal for RIPS Scanner 2015-03-27 05:08:43 -03:00
dnkolegov 040a1af9c5 Delete useless ecnryption cookie detection, fix minor issues 2015-03-25 02:34:33 -04:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
dnkolegov ee17d6e606 Deleted spaces at EOL 2015-03-23 04:34:38 -04:00
dnkolegov 2a0deaa6c8 Deleted default options and SYN scan 2015-03-23 04:31:08 -04:00
William Vu 6f51946aa0
Land #4969, GitLab module references 2015-03-20 17:26:51 -05:00
William Vu 99f3de0843 Clean up info hash formatting 2015-03-20 17:26:21 -05:00
jvazquez-r7 1226b3656f
Land #4945, @wchen-r7's login scanner for Symantec web gateway 2015-03-20 14:44:05 -05:00
jvazquez-r7 2f35fcff99
Fix require 2015-03-20 14:43:42 -05:00
Meatballs 8ee520e749
Add reference 2015-03-20 19:17:34 +00:00
sinn3r b19f766728
Land #4942, Gitlab Login Scanner 2015-03-20 13:02:12 -05:00
sinn3r a2ce14a31e
Land #4941, Gitlab Unauth User Enumeration 2015-03-20 12:28:35 -05:00
sinn3r 235124a40a Fix typo 2015-03-20 12:27:23 -05:00
sinn3r 84164b44b2 Should also rescue JSON::ParserError for banner parsing 2015-03-20 12:27:02 -05:00
sinn3r 94ab2f94fd Remove symbols that aren't used
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
William Vu d1d6378179
Land #4566, Misfortune Cookie scanner improvements 2015-03-17 12:32:35 -05:00
sinn3r f95b783193 I don't need these eitehr 2015-03-17 11:33:49 -05:00
Meatballs e1ebc6c7fe
Update date, remove URL (will replace later) 2015-03-17 12:50:47 +00:00
Meatballs 0cd85cb052
Correct capitilzation of GitLab 2015-03-17 11:33:57 +00:00
Meatballs d18224e3cb
Correct capitilzation of GitLab 2015-03-17 11:32:14 +00:00
Meatballs f4a1e981ab
Add gitlab login scanner 2015-03-17 11:19:23 +00:00
Meatballs 878247f495
Small modifications 2015-03-17 10:03:32 +00:00
Meatballs f1d5d8f1ce
Store to loot as well 2015-03-17 09:55:28 +00:00
Meatballs 9f40826f8e Store creds in database 2015-03-17 09:17:08 +00:00
Meatballs 3830e71257 Catch 7.5 401 2015-03-17 09:17:08 +00:00
Meatballs 1b565b0290 Check revision 2015-03-17 09:17:07 +00:00
Meatballs 7216f2a971 Initial commit 2015-03-17 09:17:07 +00:00
sinn3r 14296826f7 A cleaner way to set datastore options 2015-03-17 03:07:49 -05:00
sinn3r ff58f7d270 Add Symantec Web Gateway Login Module 2015-03-17 02:51:57 -05:00
dnkolegov e01f824b2c Fix capitalization warnings 2015-03-17 03:46:00 -04:00
dnkolegov 78be03623f Fix indent warnings 2015-03-17 03:39:04 -04:00
dnkolegov 34c30502fd Add SSL/TLS support, fix minor errors, change default parameters 2015-03-17 02:49:11 -04:00
Sven Vetsch 4d3a1a2f71 fix all duplicated keys in modules 2015-03-14 13:10:42 +01:00
dnkolegov bc0276a9c8 Add scanner for F5 web management interfaces 2015-03-12 06:50:29 -04:00
aushack 2f4df39dc9 Fixed typo 2015-03-05 17:40:51 +11:00
William Vu f3cad229d3 Fix duplicate hash key "References"
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
William Vu 8c5ff858d0
Land #4812, hp_sys_mgmt_login configurable URIs 2015-02-23 19:04:14 -06:00
HD Moore bf103def9e Add the /ews/ path to enable easy OWA brute force 2015-02-23 14:03:39 -06:00
William Vu bcfbcb7eea Clean up whitespace 2015-02-23 13:15:21 -06:00
HD Moore ea54696d99 Remove redundant params now provided by the mixin helper 2015-02-22 02:32:28 -06:00
HD Moore 8e8a366889 Pass Http::Client parameters into LoginScanner::Http (see #4803) 2015-02-22 02:26:15 -06:00
sinn3r f4e512e0ff Should be an array 2015-02-20 21:56:49 -06:00
sinn3r 40c237f507 Fix #3982, allow URIs to be user configurable
Fix #3982
2015-02-20 21:54:03 -06:00
David Maloney ffa6550aec
Land #4787, HD's new Zabbix and Chef LoginScanners
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney 804db0ff0c
add leixcal sorting to methods
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
William Vu 35511636cc
Land #4788, splunk_web_login new version support 2015-02-18 11:54:54 -06:00
HD Moore cc6899d783 Fix a stack trace on null response, thanks @jlee-r7 2015-02-18 00:38:55 -06:00
HD Moore f4d8a25981 Add support for newer Splunk versions 2015-02-18 00:30:47 -06:00
HD Moore 2847507f03 Add a chef brute force module 2015-02-17 23:49:57 -06:00
HD Moore 27d5ab45b4 Add a zabbix brute force module 2015-02-17 22:56:08 -06:00
HD Moore f0e69cb526 Fix two cosmetic typos in the axis/glassfish modules 2015-02-17 21:01:35 -06:00
Tod Beardsley a8108cfc17
Be less stupid in the description
[See #4774]
2015-02-17 13:04:26 -06:00
Tod Beardsley 14e764ff5a
Move to http subdirectory
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
HD Moore 8d982e3286 Pass the framework/module down into LoginScanner 2015-02-07 11:50:30 -06:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
Christian Mehlmauer c8864c93d7
remove unused code 2015-02-02 20:04:10 +01:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer 9ce2dd9815
msftidy 2015-01-30 15:41:11 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
Jon Hart a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text 2015-01-20 13:55:48 -08:00
Jon Hart 14fc8d4cd0
Only allow 401/403/404 2015-01-20 13:36:06 -08:00
Jon Hart d68b62cf21
Make canary value (URI) configurable 2015-01-15 13:12:32 -08:00
Jon Hart 2dca18265e
Track and vprint canary value and code 2015-01-15 12:34:53 -08:00
Jon Hart 3489ea540e
Make status code checking configurable 2015-01-15 12:22:16 -08:00
Jon Hart 4641b02646
Base canary path from TARGET_URI 2015-01-15 12:05:10 -08:00
Jon Hart 1f6defda73
Use more correct check codes 2015-01-14 13:10:35 -08:00
Jon Hart 9e76e0b0d8
Simplify. Document. Handle edge cases
Simplify detection logic.

Document testing method better

Ensure that body doesn't include canary cookie name too

Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
Jon Hart d4843f46ed
Make auth checking optional and off by default 2015-01-11 12:15:57 -08:00
Jon Hart 9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer 2015-01-11 12:10:40 -08:00
Jon Hart b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...) 2015-01-09 13:20:18 -08:00
Jon Hart 831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner 2015-01-09 12:58:35 -08:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
jvazquez-r7 b1f7682713 Make msftidy happy 2014-12-12 12:59:00 -06:00
jvazquez-r7 493034ad10 Land #3305, @claudijd Cisco SSL VPN Privilege Escalation exploit 2014-12-12 12:57:00 -06:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Jonathan Claudius e89a399f95 Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc 2014-12-09 20:55:01 -05:00