adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,051 Commits 27 Branches 1,043 Tags
052d233bd973e6a7e8b39da038962ceffa4cc6de
Commit Graph

1549 Commits

Author SHA1 Message Date
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
h00die-gr3y f2d357eda1 updated documentation with camera specifications 2022-09-23 09:38:37 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
Jack Heysel 12f3325f3e Land #16732, VIDIdial Multiple SQLi 
This PR adds a module which exploits several
authenticated sqli in VICIdial
 2022-09-22 10:47:42 -04:00
h00die 6d608ea41e vicidial sqli module docs update 2022-09-21 16:57:18 -04:00
Grant Willcox a7b049510b Relocate documentation file to proper location and update documentation a little bit to explain some cases 
Update documentation with proper explanation of how to add users since last one was adding users to the wrong table.
 2022-09-13 16:12:21 -05:00
Jack Heysel 6c27c05d10 parent 3892d29cc5 
author Jack Heysel <jack_heysel@rapid7.com> 1658964871 -0400
committer Grant Willcox <gwillcox@rapid7.com> 1663093141 -0500
gpgsig -----BEGIN PGP SIGNATURE-----

 iQIzBAABCgAdFiEEMZiWHhSP9eUn4xpf014FwPK4HoMFAmMgyZUACgkQ014FwPK4
 HoP5RxAAjvQs9/bVQSVJXMNVxa5J3Tefi+BnkJyxUAABsYJR/KpKfHMzGxhdA9ED
 Rc48cKuaGRscorSdNZJPtRMs1JlrvYLbovTomUoOuyZypKInNdkIhjo24WyandBX
 5f4AgmsKFtnfFnxAHQ/jsq25Sa0hgDS/x64q1+aFMupZzm7o9xJrMokqPIu8C1hC
 AhdV1jx3xP7jTpTz2YDOUPM3WNZINFNJHZU5JtdCIfciJX1oCbkEdzUZFiiZg6Ui
 fZEUDAVQrkZfhcTrLYBBTOgalMjmM4gM9q/X0vHTm6XbEuNN69diw7t3Z7Qa2maY
 FU3N8E5mDy2ebpRWF4FOHa3KwEcUwpx17/sIJOfhlFRFazxVDR6DGch4GQg0r5lz
 VVN7GEMPqepyCJcBTaagpeeyw/pM/peysrC04amd5ash/6sQ5whS8xIJW1jeN/nf
 rVTwJs1kzy28t0wLqeHB+j4OZNm+hqZYrZ0A9VcJT5EBArG8Zlgr+xXcFXhONBk8
 GZe/yiMsHPPv+vfSvOo/JVZAbIXpcFRzHjbs1JjFVQq635bWceGWs72xHNEKlssC
 MtaL1h0wzV7BilBL2ohMY0ou/gDTqWao3xYGvqfxgYBy/6IQCcV2SmPYLNel+VEt
 sc7fqO5R+R/HDUWHv1bEfYKebgaX6pqrzgrqaxwGd6vmSHEEslU=
 =BXw+
 -----END PGP SIGNATURE-----

Initial changes

Add in documentation improvements for installation

Update Docker install instructions again and also fix a bug with too strict checking on a cookie

Move module into gather type module, remove the scanner import, and update the documentation accordingly so that the check method can work

Updated docs
 2022-09-13 16:08:57 -05:00
Grant Willcox a41ec9388f Land #16725, Add ManageEngine ADAudit Plus and DataSecurity Plus Xnode enum modules, docs and mixin (CVE-2020–11532) 2022-09-01 08:46:36 -05:00
Spencer McIntyre 69cc144e04 Add module docs 2022-08-30 11:12:36 -04:00
Christophe De La Fuente 1b5338da06 Land #16701, Rewrite of Cisco ASA Clientless VPN Brute-force 2022-08-25 16:04:48 +02:00
Grant Willcox 70e006c493 Initial updates from personal review, sans module adjustments 2022-08-23 20:48:15 -05:00
Jake Baines 2242272ef4 Added CSRF token support. Fixed an issue with HTTP Keep-Alive 👀 2022-08-19 10:51:33 -07:00
Christophe De La Fuente 5cf7a2de92 Fix minor typos in the doc 2022-08-18 13:32:00 +02:00
Jake Baines f093794864 Added Cisco ASA ASDM/HTTP brute force module 2022-08-16 06:31:25 -07:00
h00die b7acf95f1f vicidial doc update 2022-08-14 08:46:12 -04:00
h00die 794ce923ad placeholder 
vicidial sqli module

first run of docs

updates to vicidial
 2022-08-13 17:02:24 -04:00
Jeffrey Martin c45262cd46 Land #16800, Add support for OpenSSL 3 2022-08-05 14:20:51 -05:00
bwatters 74eff9ffac Land #16851, Add Cassandra Web file read auxiliary module 
Merge branch 'land-16851' into upstream-master
 2022-08-05 13:04:07 -05:00
Spencer McIntyre c244399f1f Land #16857, Add auxiliary gather module for Cisco PVC2300 camera information disclosure 2022-08-04 11:46:07 -04:00
ErikWynter af712d4a89 add docs, fix typo in module description 2022-08-04 16:58:39 +03:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
krastanoel 9a4a590b27 Add Cassandra Web file read auxiliary module 2022-08-02 23:40:40 +07:00
PazFi 1f7b3319a9 Changing readme file accordingly. 2022-08-01 13:43:26 +03:00
ErikWynter d6dabd4bfb additional code review improvements for xnode auxiliary modules/lib/docs 2022-07-28 15:12:00 +03:00
PazFi a6bdc5ea29 -Validating md file with msftidy_docs. 
-Removing global variables, and calling data stored in datastore when required.
-Calling methods or variables instead of calling terminal commands.
-Some indentations.
-Using heredocs when handling multiple strings.
-Handling the case where LHOST does not contain IP address.
 2022-07-24 18:51:53 +03:00
ErikWynter c6c745c633 ManageEngine Xnode library changes and some docs/module adjustments after code review 2022-07-22 16:06:21 +03:00
PazFi 28c3dd5739 A SCADA scanner module for BACnet protocol. 
The scanner discovers BACnet devices on the network by broadcasting
Who-is packets, extracts model name, software version, firmware
revision and description from the discovered devices by sending
specific read-property packets. After parsing the data the module saves
it to a local xml file.
Because devices can be nested, every address can have multiple devices.
 2022-07-19 17:02:35 +03:00
Grant Willcox 2a8d95c121 Default to having a near empty custom file so that we can still update the default queries without issues vs preventing updates from occuring. If users want to override the defaults, then they accept the risk of not getting updates. Update documentation to also note this. 2022-07-15 16:29:12 -05:00
Grant Willcox 2d1acc0369 Refactor code and also add in proper fail_with error codes where needed. Also fix up module and documentation descriptions to be a bit clearer. 2022-07-15 16:29:01 -05:00
Grant Willcox 03ebbaf2d0 Add in RUN_SINGLE_QUERY and associated options, and then update the code and documentation accordingly. This will allow users to run single queries with associated attribute filters if they want to test out single queries at a time without changing YAML files 2022-07-15 16:29:00 -05:00
Grant Willcox 67cf39f4b9 Update documentation to include RUN_QUERY_FILE example. 2022-07-15 16:28:55 -05:00
Grant Willcox 8c236e789e Rename files to follow proper format. Add in documentation for examples. Then update code so we use Msf::Config.get_config_root to store the config file that we parse to get the actions outside of a Git tracked location. We will still use the default file to populate this non-git tracked location if its not already populated though. 2022-07-15 16:28:43 -05:00
Grant Willcox 65b9e1cb13 Push initial copy of work up 2022-07-15 16:27:56 -05:00
kalba-security 55079515ca implement code review suggestions 2022-07-14 06:04:14 -07:00
Jack Heysel 662c8bbd87 Land #16742, add NetScaler decrypt aux module 
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
 2022-07-13 14:00:43 -04:00
Jack Heysel 8f3a0e3856 Land #16742, add NetScaler decrypt aux module 
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
 2022-07-13 12:11:02 -04:00
npm-cesium137-io 9a6013b153 citrix_netscaler_config_decrypt refinements 
Refactor error handling when composing KEK fragments to be more
streamlined.

Various tweaks and optimizations.

Updates to documentatation.
 2022-07-13 08:36:18 -04:00
npm-cesium137-io 3f52cc80a2 Update documentation/modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.md 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-07-13 07:57:06 -04:00
Jack Heysel 6db340508f Land #16703, add Censys API v2 functionality 
This PR updates the censys_search.rb module to also
make use of the v2 API functionality
 2022-07-07 13:09:31 -04:00
space-r7 debf619968 Land #16733, add dfscoerce scanner module 2022-07-06 18:18:00 -05:00
Christophe De La Fuente 066d01b7b2 Rework censys_search module to use Censys Search API v2 2022-07-04 17:19:16 +02:00
npm-cesium137-io 789397a445 citrix_netscaler_config_decrypt tweaks 
Minor code tweaks and updates to documentation
 2022-07-03 08:21:58 -04:00
Christophe De La Fuente b40dd95d4f Land #16723, Add FreeSwitch Login auxiliary module 2022-07-01 16:57:34 +02:00
krastanoel e944196c5c Update documentation 2022-07-01 12:29:17 +07:00
Spencer McIntyre c67432b20d Add the documentation for dfscoerce 2022-06-30 17:25:32 -04:00
Christophe De La Fuente 0d19e47b8d Land #16677, Add module for adding/deleting computers via MS-SAMR 2022-06-30 12:12:26 +02:00
krastanoel a2949c7555 Fix documentation warning 2022-06-30 11:51:03 +07:00
Spencer McIntyre 41ba2d263b Address PR feedback 
Simplify the application_key usage, update docs and catch another
exception.
 2022-06-28 11:53:05 -04:00