adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

27 Commits

Author SHA1 Message Date
Spencer McIntyre 70b1da6df4 Fix a misspelling 2022-04-06 09:04:26 -04:00
Spencer McIntyre 04ac668e21 Update the docs for readability 2022-04-06 08:58:09 -04:00
RageLtMan 23fc179160 Scan for log4shell-provided infoleaks 
The formatted string containing the JNDI URL can contain further
formatted strings within it sourcing data from the formatting Java
context. This is the mechanism by which this module already gathers
target information.

Expand this capability by permitting the user to supply their own
query string variables separated by '^' and comparing the output
to these inputs for extraction of relevant exposed values.

To help with targeting for the pending-in-PR exploit module, add OS
detection capabilities as well.
 2022-04-05 16:38:26 -04:00
bwatters 0239ef1cc6 Land #16117, Updates for Log4Shell 2022-02-15 16:39:00 -06:00
adfoster-r7 18b4ce8a13 Update replicant pattern to increment refs 2022-02-15 16:08:35 +00:00
Spencer McIntyre 965493191f Add and use a Log4Shell mixin 2022-02-03 16:09:49 -05:00
Spencer McIntyre d46822184f Updates for Log4Shell 2022-01-28 14:56:44 -05:00
Spencer McIntyre 9b03d0272a Add check and auto-HTTP_HEADER capabilities 2022-01-07 17:30:39 -05:00
Spencer McIntyre d08714d474 Land #15961, Initial Rex LDAP Server 2021-12-28 14:50:03 -05:00
RageLtMan 60fdf2a7da Rubocop pass on LDAP pieces 2021-12-18 09:03:56 -05:00
Spencer McIntyre 60de839b60 Update Log4Shell references and VCenter URI 2021-12-17 15:55:02 -05:00
RageLtMan f8902321ba Update log4shell scanner with native LDAP service 
Implement the new Rex::Protocol::LDAP::Server to handle log4shell
callbacks from vulnerable hosts.
 2021-12-16 19:20:03 -05:00
Spencer McIntyre a2624f9309 Appease rubocop 2021-12-16 12:59:12 -05:00
adfoster-r7 f463c19f33 Update log4shell documentation and default uri file wordlist for scanning 2021-12-16 17:52:39 +00:00
Spencer McIntyre e6b7669114 Address PR feedback from module hacking 2021-12-16 11:12:11 -05:00
Spencer McIntyre a73d842564 Check the host is responding before continuing 2021-12-15 16:11:26 -05:00
Spencer McIntyre 4cde008953 Add VMWare VCenter Log4Shell scan support 2021-12-15 15:13:46 -05:00
Spencer McIntyre a694381ab1 Allow templatized URIs 2021-12-15 11:58:41 -05:00
Spencer McIntyre 9bdb34d964 Add a TIMEOUT option and fix reading lines 2021-12-15 10:47:29 -05:00
Spencer McIntyre 5dc8fa34b8 Add module docs and validate SRVHOST is usable 2021-12-15 09:05:51 -05:00
Spencer McIntyre 3c88e30ade Fix a socket binding issue 2021-12-15 08:45:25 -05:00
Spencer McIntyre 476a51248d Add error handing for client connections 2021-12-15 08:45:25 -05:00
Spencer McIntyre 5e5e73a1d8 Add module metadata and more checks 2021-12-15 08:45:25 -05:00
Spencer McIntyre 725904c825 Support an input URI list for scanning 2021-12-15 08:45:25 -05:00
Spencer McIntyre 0bf355a191 Extract the java version as proof 2021-12-15 08:45:24 -05:00
Spencer McIntyre b06b96731d Support scanning multiple HTTP headers 2021-12-15 08:45:24 -05:00
Spencer McIntyre 50f0f3a5d0 Initial layout of a Log4Shell scanner 2021-12-15 08:45:24 -05:00