adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,051 Commits 27 Branches 1,043 Tags
052d233bd973e6a7e8b39da038962ceffa4cc6de
Commit Graph

10667 Commits

Author SHA1 Message Date
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
Jack Heysel 1c6ed2d9b4 Land #17070, Grafana auth bypass enhancement 
Remove unneccessary use of len cookie
 2022-09-30 14:32:44 -04:00
cgranleese-r7 38b05cb802 Updates deprecated method in rlogin module 2022-09-30 14:28:42 +01:00
cgranleese-r7 730746f873 Fixes broken sessions in rservices modules 2022-09-29 09:44:29 +01:00
ahzam b0e3e95439 Minor Refactor: Remove unneccessary len(cookie) 2022-09-29 01:46:07 +05:00
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 9abe1649ff Sanitize XML data prior to adding it to the XML POST request and also change the ID option to an integer from a string to match expectations 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 37caf6dae5 removed exploit information from info section 2022-09-23 09:38:11 -05:00
h00die-gr3y a4a12d06bc improved error handling 2022-09-23 09:38:10 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
adfoster-r7 5e2a6c9dba Land #17015, improve http login result checks 2022-09-23 01:28:59 +01:00
Jeffrey Martin 96d291121b use model validator instead of setup check 2022-09-22 14:49:09 -05:00
Jack Heysel 12f3325f3e Land #16732, VIDIdial Multiple SQLi 
This PR adds a module which exploits several
authenticated sqli in VICIdial
 2022-09-22 10:47:42 -04:00
h00die 6d608ea41e vicidial sqli module docs update 2022-09-21 16:57:18 -04:00
Jeffrey Martin 9b2cda346d guard parsing error and fail early 2022-09-16 12:35:38 -05:00
Jeffrey Martin 581aa2c34a enable user defined accepted repsonse codes 
* login scanner object expects an array of codes and set defaults
* login scanner limits response codes to 2XX and 3XX code
* parsing to convert OptString is handle in the consuming module
 2022-09-16 12:21:14 -05:00
cgranleese-r7 55119aaac7 Land #16940, Rewrite datastore, and add support for option fallback lookups 2022-09-16 14:19:19 +01:00
adfoster-r7 3a281234df Add feature flagged datastore rewrite, with support for option fallback lookups 2022-09-16 12:59:02 +01:00
Jeffrey Martin bc948d0412 allows redirect on login as success with http 2022-09-14 14:50:10 -05:00
Grant Willcox 0d639b99bb Initial attempt at blind_dump_data improvements 
Add in fully binary search orientated version of blind_dump_data
 2022-09-13 16:12:16 -05:00
Grant Willcox 32df4cdeee Add in ability to determine length of query using binary tree approach 2022-09-13 16:11:01 -05:00
Jack Heysel 6c27c05d10 parent 3892d29cc5 
author Jack Heysel <jack_heysel@rapid7.com> 1658964871 -0400
committer Grant Willcox <gwillcox@rapid7.com> 1663093141 -0500
gpgsig -----BEGIN PGP SIGNATURE-----

 iQIzBAABCgAdFiEEMZiWHhSP9eUn4xpf014FwPK4HoMFAmMgyZUACgkQ014FwPK4
 HoP5RxAAjvQs9/bVQSVJXMNVxa5J3Tefi+BnkJyxUAABsYJR/KpKfHMzGxhdA9ED
 Rc48cKuaGRscorSdNZJPtRMs1JlrvYLbovTomUoOuyZypKInNdkIhjo24WyandBX
 5f4AgmsKFtnfFnxAHQ/jsq25Sa0hgDS/x64q1+aFMupZzm7o9xJrMokqPIu8C1hC
 AhdV1jx3xP7jTpTz2YDOUPM3WNZINFNJHZU5JtdCIfciJX1oCbkEdzUZFiiZg6Ui
 fZEUDAVQrkZfhcTrLYBBTOgalMjmM4gM9q/X0vHTm6XbEuNN69diw7t3Z7Qa2maY
 FU3N8E5mDy2ebpRWF4FOHa3KwEcUwpx17/sIJOfhlFRFazxVDR6DGch4GQg0r5lz
 VVN7GEMPqepyCJcBTaagpeeyw/pM/peysrC04amd5ash/6sQ5whS8xIJW1jeN/nf
 rVTwJs1kzy28t0wLqeHB+j4OZNm+hqZYrZ0A9VcJT5EBArG8Zlgr+xXcFXhONBk8
 GZe/yiMsHPPv+vfSvOo/JVZAbIXpcFRzHjbs1JjFVQq635bWceGWs72xHNEKlssC
 MtaL1h0wzV7BilBL2ohMY0ou/gDTqWao3xYGvqfxgYBy/6IQCcV2SmPYLNel+VEt
 sc7fqO5R+R/HDUWHv1bEfYKebgaX6pqrzgrqaxwGd6vmSHEEslU=
 =BXw+
 -----END PGP SIGNATURE-----

Initial changes

Add in documentation improvements for installation

Update Docker install instructions again and also fix a bug with too strict checking on a cookie

Move module into gather type module, remove the scanner import, and update the documentation accordingly so that the check method can work

Updated docs
 2022-09-13 16:08:57 -05:00
Grant Willcox a41ec9388f Land #16725, Add ManageEngine ADAudit Plus and DataSecurity Plus Xnode enum modules, docs and mixin (CVE-2020–11532) 2022-09-01 08:46:36 -05:00
Spencer McIntyre d545ff0c6d Land #16955, Handle binary data 2022-08-31 08:56:00 -04:00
Grant Willcox 6b3d3913e7 Update to fix sanitization code due to improper logic 2022-08-30 16:59:30 -05:00
Grant Willcox 76eaa76fb3 Switch over to using Rex::Text.to_hex_ascii to sanitize nonprintable data 2022-08-30 10:32:22 -05:00
Spencer McIntyre b0fe5e1620 Cleanup the code a bit 2022-08-30 11:12:36 -04:00
Spencer McIntyre 69cc144e04 Add module docs 2022-08-30 11:12:36 -04:00
Spencer McIntyre 86804ce5b8 Add specific UPN and DNS support; switch to pipes 2022-08-30 11:12:36 -04:00
Spencer McIntyre cd13039aae Add the initial MS-ICPR module 2022-08-30 11:12:36 -04:00
Grant Willcox 1b1341a55f Rubocop code again 2022-08-29 15:50:18 -05:00
Grant Willcox 2261499142 Remove extra debug statement 2022-08-29 15:43:27 -05:00
Grant Willcox 9dcbf55ea8 Update ldap_query logic to handle binary data 2022-08-29 15:34:18 -05:00
Christophe De La Fuente 1b5338da06 Land #16701, Rewrite of Cisco ASA Clientless VPN Brute-force 2022-08-25 16:04:48 +02:00
Grant Willcox 5a8484fa36 Fix bug introduced with recent changes whereby .first was called where it wasn't needed 2022-08-24 16:15:11 -05:00
Grant Willcox 998a3876a5 Rubocop modules 2022-08-24 15:43:10 -05:00
Spencer McIntyre 3c495770b8 Allow configuring a base_dn prefix 2022-08-24 15:13:16 -04:00
Grant Willcox dc7f602a58 Fix up library code and associated modules so that they always return consistent values and the modules process them appropriately 2022-08-24 13:37:03 -05:00
Grant Willcox 323f279093 Fix up more comments from the review sans some library changes I still need to work through 2022-08-24 11:56:14 -05:00
Grant Willcox a249257c27 Remove extra debug statement 2022-08-23 21:00:07 -05:00
Grant Willcox 70e006c493 Initial updates from personal review, sans module adjustments 2022-08-23 20:48:15 -05:00
Jake Baines 2242272ef4 Added CSRF token support. Fixed an issue with HTTP Keep-Alive 👀 2022-08-19 10:51:33 -07:00
Jake Baines f093794864 Added Cisco ASA ASDM/HTTP brute force module 2022-08-16 06:31:25 -07:00
h00die 794ce923ad placeholder 
vicidial sqli module

first run of docs

updates to vicidial
 2022-08-13 17:02:24 -04:00
Jeffrey Martin c45262cd46 Land #16800, Add support for OpenSSL 3 2022-08-05 14:20:51 -05:00
bwatters 74eff9ffac Land #16851, Add Cassandra Web file read auxiliary module 
Merge branch 'land-16851' into upstream-master
 2022-08-05 13:04:07 -05:00
Jack Heysel 4cedbadbf9 Land #16820, fix default action err in ldap_query 
If the user does not set a default action the ldap_query
module will now select a default action instead of erroring
 2022-08-04 12:17:22 -04:00
Spencer McIntyre c244399f1f Land #16857, Add auxiliary gather module for Cisco PVC2300 camera information disclosure 2022-08-04 11:46:07 -04:00