adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

286 Commits

Author SHA1 Message Date
h00die 8beb6255cb fix spelling in aux modules 2024-01-07 15:02:53 -05:00
cgranleese-r7 e004be00fe Converted to Active Support 2023-04-05 16:53:01 +01:00
cgranleese-r7 769e2e760c stop point 2023-04-04 10:27:15 +01:00
cgranleese-r7 c3a7da54d5 reduces code duplication 2023-04-04 10:27:11 +01:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
adfoster-r7 433bafdccf Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Marek Šuppa c1fefd0856 fix: Missing comma 
* Fix missing comma in a list of useragents
 2022-01-29 00:51:56 +01:00
Jeffrey Martin 21a6a18d92 trade URI.encode & URI.escape for Ruby 3 
Ruby 3 removed the `URI.escape` methods however access to
the a parse for the same RFC is stil available at `URI::DEFAULT_PARSER.escape`.

Per the Ruby forum [comment](https://bugs.ruby-lang.org/issues/17309#note-1) this should equal.
 2021-11-22 14:11:03 -06:00
Joshua Rogers f0eb43d99f Update modules/auxiliary/dos/http/squid_range_dos.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2021-10-21 19:15:30 +02:00
Joshua Rogers 2a6f19f0f4 Final lintify 2021-10-21 10:24:00 +02:00
Joshua Rogers 095c02d363 Include CVE-2021-31807 proof-of-concept. Also remove excessive HTTP 
headers where possible.
 2021-10-20 21:01:48 +02:00
Spencer McIntyre 94fd173e8e Update module docs, report the vuln 2021-10-19 16:40:24 -04:00
Spencer McIntyre 0213efe588 Use Metasploit's HTTP server to trigger the DoS 2021-10-19 15:06:02 -04:00
Joshua Rogers c58dd6bfd1 Use HttpClient in place of sockets. Lintify. 2021-10-07 19:04:46 +02:00
Joshua Rogers eb10f2ac1f Fix typo in ruby script. Add documentation .md file. 2021-10-07 14:01:00 +02:00
Joshua Rogers 1db96ad985 Add notes. 2021-10-07 13:57:11 +02:00
Joshua Rogers fac5f0c987 Add PoC for CVE-2021-31806 Squid DoS Attack 2021-10-07 13:29:56 +02:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
cgranleese-r7 a894b8cc29 Updates Python shebangs to Python 3 2021-05-18 12:43:04 +01:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
Alan Foster bed7ae2c78 Add latest rubocop rules 2021-02-12 13:31:51 +00:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Clément Notin 33e35bae7c Add descriptions to auxiliary modules Actions 
And a little formatting
Closes #13403

Update modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/backupexec/dump.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/android/android_stock_browser_iframe.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/tikiwiki/tikidblib.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/smb.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/telnet.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/vnc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/fakedns.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/tftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/gzip_bomb_dos.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes2.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/webkitplus.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/example.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_webarchive_uxss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_lanipleak.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/firefox_pdfjs_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/samsung_browser_sop_bypass.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_basic.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_ntlm.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/http_ntlmrelay.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks4a.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks5.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/sip.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/postgresql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/local_hwbridge.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/webkit_xslt_dropper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks_unc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/client/iec104/iec104.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/drda.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/ftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mssql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mysql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/pop3.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/dns/spoofhelper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/printjob_capture.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update description following Actions removal

Update modules/auxiliary/gather/browser_info.rb

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-17 14:51:14 -05:00
William Vu 23bc62dac3 Land #12818, Cable Haunt WebSocket DoS module 2020-03-31 15:57:03 -05:00
William Vu 8811c51644 Clean up module and update module doc 2020-03-31 12:23:19 -05:00
Adam Galway f165527e88 Land #12851, DOS attack on Tautulli <=2.1.9 2020-03-19 16:42:07 +00:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
Nicholas Starke ef4b72cc5a Adding EDB reference 2020-01-17 07:49:28 -06:00
İsmail Taşdelen 574bfbed84 add exploit module tautulli_shutdown_exec [ CVE-2019-19833 ] 
add exploit module tautulli_shutdown_exec [ CVE-2019-19833 ]
 2020-01-17 13:57:32 +03:00
Nicholas Starke 0387d09e67 Changing faulty parameter descriptions 2020-01-13 10:09:06 -06:00
Nicholas Starke 8593f68c14 Adding Cable Haunt WebSocket DoS Module 
This module exploits a vulnerability in Sagecom
Cable Modems from a variety of manufacturers. Since
the firmware for vulnerable modems will vary based
on Make, Model, and ISP, this module can only be
used to verify the presence of the vulnerability,
and not actually return a shell. Successful
exploitation will most likely disrupt all upstream
services. Module documentation is included in this
commit.
 2020-01-12 19:56:42 -06:00
Brent Cook d87f752591 add module docs 2019-12-26 13:31:38 -06:00
Brent Cook b177a8235d adjust indentation 2019-12-26 13:05:21 -06:00
Brent Cook 3dac95ed32 fix enumeration handling 2019-12-26 13:00:52 -06:00
p0 8576a7876a changed disclosure date to ISO 8601 format 2019-10-09 21:53:47 +02:00
Jose Garduno d65775e5bf added metasploit http DoS module 2019-10-09 16:54:43 +02:00
CFP 315d7f28c1 Replace path with uri to fix #11776 2019-04-25 23:08:19 +02:00
Javan Rasokat 8350effaa5 Fixed wrong check (did never work) 
* HOST was always localhost 
* Now sends both Range and the legacy 'Request-Range'
TODO: Method HEAD is not always sufficient, should be editable
 2019-04-03 16:23:58 +02:00
Brent Cook ddef5b4961 MSF5: Remove unneeded RHOST deregister in scanners 
With Metasploit 5, RHOST and RHOSTS are aliases, so no need to
deregister one or the other, as they are the same option. Deregistering
one deregisters both.
 2019-03-05 13:04:49 -06:00
Brendan Coles 467e0877f5 res.code 2018-11-18 12:40:09 +00:00
Rob 6f5a8f8f42 Fix outdated metadata 2018-10-01 18:59:09 +01:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
Christian Mehlmauer 7431ae401b fix more errors 2018-08-28 13:49:31 +02:00
William Vu 5096eee2ec Land #10120, npm "marked" ReDoS module 2018-08-16 15:01:12 -05:00
William Vu 3c1befdacb Clean up module 2018-08-16 15:00:56 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Nicholas Starke 936632f180 Minor Tweaks to Module 
This commit changes some logic around
on a few different conditional portions
of code.
 2018-06-14 10:06:42 -05:00
Dhiraj Mishra c0a5a65e0c Updated 
Suggestion's by acammack-r7
 2018-06-14 11:25:00 +05:30