adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

105 Commits

Author SHA1 Message Date
h00die 8beb6255cb fix spelling in aux modules 2024-01-07 15:02:53 -05:00
adfoster-r7 433bafdccf Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
Jeffrey Martin dbce3982fd Land #14067, [GSoC] Module for CVE-2019-13375, and PostgreSQL support for the library 2021-02-14 12:11:09 -06:00
Niboucha Redouane e23caaf5eb fix parameter names, small formatting issue 2020-11-10 19:07:32 +01:00
Niboucha Redouane 17c7c4fdbe Fix issues 2020-10-27 00:55:06 +01:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Niboucha Redouane 6acdb3a440 minor update to the documentation, and module top comment 2020-09-06 16:00:48 +02:00
Niboucha Redouane 233120fb8d remove trailing whitespace on L78 2020-09-04 19:09:37 +02:00
Niboucha Redouane 13b3e58be0 Create sqli objects in run and check independently 2020-09-04 15:43:17 +02:00
Niboucha Redouane b23b72fa19 Add documentation for dlink_central_wifimanager_sqli, and add write_to_file to PostgreSQLi 2020-08-28 20:10:19 +02:00
Niboucha Redouane ef33afecc1 Add an SQLi module for CVE-2019-13373 2020-08-28 20:10:19 +02:00
Niboucha Redouane d54046fc1b Make peplink_bauth_sqli a gather module, and gather as much useful data as possible 2020-08-27 16:28:39 +02:00
Niboucha Redouane 3e73f5efe4 get_cookies insead of accessing the Set-Cookie header 
as the #get_cookies method is getting fixed to support case-insensitive cookie presence checking

Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2020-08-27 16:28:39 +02:00
Niboucha Redouane 24b5f8a332 Refactor peplink_bauth_sqli to support check 2020-08-27 16:28:39 +02:00
Niboucha Redouane 7a89542b28 add error messages when no sessions found, and run msftidy_docs 2020-08-27 16:28:39 +02:00
Niboucha Redouane 348c955253 Add documentation for peplink_bauth_sqli 2020-08-27 16:28:39 +02:00
Niboucha Redouane b9b242391f Fix peplink_bauth_sqli module authors 2020-08-27 16:28:38 +02:00
Niboucha Redouane a681f7ac46 Add more options to the peplink SQLi module 2020-08-27 16:28:38 +02:00
Niboucha Redouane 6cd9fa81d6 Add first version of peplink SQLi module (DBMS used being SQLite3) 2020-08-27 16:28:38 +02:00
Niboucha Redouane 0680113288 get rid of database parameter in MySQLi methods 2020-06-30 18:49:13 +02:00
Niboucha Redouane 2c4ca04dca Rename the factory method for SQLi classes, and add a check on the class to instanciate 2020-06-27 14:51:54 +02:00
Jeffrey Martin aa6c037dbd refactor mixin as factory for sqli classes 2020-06-26 15:09:01 -05:00
Niboucha Redouane 5100f14b6d revert : use interpolation instead of concatenation 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2020-06-19 23:31:23 +02:00
Niboucha Redouane 305dbe9e2f refactor structure, get rid of prefix and suffix 2020-06-18 17:21:10 +02:00
Niboucha Redouane 083d986dce Undo formatting changes to existing modules 2020-06-11 19:15:17 +02:00
Niboucha Redouane ecb1a0bb16 add test_vulnerable to MySQLi class, and fix minor issues with the test modules 2020-06-10 21:59:51 +02:00
Niboucha Redouane 12681b0746 Add support for encodings to exfiltrate data containing bad characters/multibyte characters 2020-06-10 21:40:22 +02:00
Niboucha Redouane 0f936f7500 Various fixes and enhancements 2020-06-09 23:43:15 +02:00
Niboucha Redouane 4654941092 add test modules 2020-06-05 22:11:27 +02:00
dwelch-r7 134765dc40 Remove targets from aux modules 2019-09-23 15:29:38 +01:00
Shelby Pace 8bfdaf6ab7 change metadata indentation 2019-09-11 15:56:46 -05:00
Will Porter 3ed9fb0383 Fix a bug caused by writing python code in a ruby file. 2019-09-11 15:39:15 +00:00
William Porter 262e574fe2 Add the .csv extension to the loot file. 2019-09-10 21:32:03 -04:00
William Porter 7a8eb76a12 Use the same gsub pattern to create the ltype as is used by store_loot to sanitize characters. 2019-09-10 21:14:15 -04:00
William Porter 832d2e4300 Remove unneccesary comment. 2019-09-10 12:29:55 -04:00
Will Porter 3fc0467484 Update modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb 
Remove unused path variable.

Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2019-09-10 12:27:48 -04:00
Will Porter f1f9597222 Update modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb 
Use `normalize_uri` to construct the vulnerable URI.

Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2019-09-10 12:27:22 -04:00
Will Porter 106913f631 Correct csv string. 2019-09-04 17:43:34 +00:00
William Porter 2cd93cc097 Update documentation and actually save loot as csv file. 2019-09-04 13:08:49 -04:00
Will Porter 1b9bb964b8 Adjust loot filename. 2019-09-04 16:56:28 +00:00
William Porter 0ee3324535 Use store_loot properly, check response.nil? before consuming body. 2019-09-04 12:21:59 -04:00
Will Porter c433cd4007 Remove erroneous ? from URI path. 2019-09-04 15:04:56 +00:00
Will Porter 74647c314a Use Rex::Text.rand_text_alphanumeric and remove gsub as a weak excuse for encoding. 2019-09-04 07:53:36 +00:00
William Porter 5963bbd6f9 Remove broken include. 2019-09-04 03:30:13 -04:00
William Porter d0803e49be Make changes as suggested in the pull request reviews. 2019-09-04 03:18:58 -04:00
William Porter 2b97522b69 Fix the CVE format based on failed tests. 2019-09-04 01:36:20 -04:00
William Porter 80aee24d65 Add an auxiliary module to exploit OpenEMR CVE CVE-2018-17179. 
Dump all tables in the OpenEMR database and save the data in .csv
format in the loot directory.
 2019-09-04 01:18:54 -04:00