5aa5ae32e0
Land #16825 , Add better support for IMAP strings when capturing creds
2022-07-29 15:25:31 -05:00
1e6924b19c
Add better ID response
2022-07-29 12:58:55 -07:00
7da5f2ad4a
Changes from PR feedback
2022-07-28 16:05:22 -04:00
52e84fa328
Add explicit ticket support for WinRM modules
2022-07-28 16:03:24 -04:00
d6dabd4bfb
additional code review improvements for xnode auxiliary modules/lib/docs
2022-07-28 15:12:00 +03:00
7c0bb35a4b
Fix a crash from the original module if 'arg' was nil, and remove an errant space
2022-07-27 10:43:14 -07:00
aa51353605
Move the arg-parsing logic out of the login request
2022-07-27 10:14:37 -07:00
bcd1f63848
Fix logicial error when handing the case where a user did not specify an action at any point and is using the default one
2022-07-27 07:41:40 -05:00
d53dc7ca90
Add support for RFC7888-style logins, which send the username/password as separate lines
2022-07-26 15:11:46 -07:00
f779f0f482
consolidate the config directory lookups
...
The user configuration directory can be overridden via environment
variables or configuration files.
In the current implementation `Msf::Config.config_directory` should be
utilized for consistent location reporting. `Msf::Config.get_config_root`
is reserved to generation of a default location and should be considered
`private` as it ignores some injected configuration options. Currently
autoloading does not allow application of the `private` keyword to this method,
requiring guidance during development that module writers should access the
full configured `user` value of `Msf::Config.config_directory`.
2022-07-25 15:27:21 -05:00
665bde7f60
Enforcing regex input validation on local IP.
2022-07-25 08:17:39 +03:00
a6bdc5ea29
-Validating md file with msftidy_docs.
...
-Removing global variables, and calling data stored in datastore when required.
-Calling methods or variables instead of calling terminal commands.
-Some indentations.
-Using heredocs when handling multiple strings.
-Handling the case where LHOST does not contain IP address.
2022-07-24 18:51:53 +03:00
c6c745c633
ManageEngine Xnode library changes and some docs/module adjustments after code review
2022-07-22 16:06:21 +03:00
abe90c1089
Land #16668 , HTTP Crawler: don't expect page object for msg
2022-07-21 18:35:35 -05:00
28c3dd5739
A SCADA scanner module for BACnet protocol.
...
The scanner discovers BACnet devices on the network by broadcasting
Who-is packets, extracts model name, software version, firmware
revision and description from the discovered devices by sending
specific read-property packets. After parsing the data the module saves
it to a local xml file.
Because devices can be nested, every address can have multiple devices.
2022-07-19 17:02:35 +03:00
2eaccd657f
Use an OptPath for QUERY_FILE_PATH
...
This adds tab completion and an extra check to make sure it exists.
2022-07-19 09:48:03 -04:00
dcd4caf977
Remove excess error handling that was causing issues
2022-07-19 08:10:53 -05:00
25f50e607c
Reduce code, be more permissive
...
This makes a few changes that should enable the module to function
better should it be dropped into a fresh MSF installation on its own.
2022-07-15 16:29:17 -05:00
2a8d95c121
Default to having a near empty custom file so that we can still update the default queries without issues vs preventing updates from occuring. If users want to override the defaults, then they accept the risk of not getting updates. Update documentation to also note this.
2022-07-15 16:29:12 -05:00
1e05630d26
Make sure that we load ACTIONs from the user's custom file at startup if they have changed anything or added any new ACTIONs
2022-07-15 16:29:12 -05:00
2d1acc0369
Refactor code and also add in proper fail_with error codes where needed. Also fix up module and documentation descriptions to be a bit clearer.
2022-07-15 16:29:01 -05:00
03ebbaf2d0
Add in RUN_SINGLE_QUERY and associated options, and then update the code and documentation accordingly. This will allow users to run single queries with associated attribute filters if they want to test out single queries at a time without changing YAML files
2022-07-15 16:29:00 -05:00
32e5884589
Update error description to be more helpful when debugging. Also update DefaultAction to default to first entry in the list or RUN_QUERY_FILE if no other action is available
2022-07-15 16:28:50 -05:00
c5f2507ee0
Fix up usage of the word columns where attributes was more appropriate. Also update the multi query logic to match new data format as it was broken before as a result of changes to file format. Finally remove extra parameters that are no longer needed.
2022-07-15 16:28:43 -05:00
8c236e789e
Rename files to follow proper format. Add in documentation for examples. Then update code so we use Msf::Config.get_config_root to store the config file that we parse to get the actions outside of a Git tracked location. We will still use the default file to populate this non-git tracked location if its not already populated though.
2022-07-15 16:28:43 -05:00
3c56e272a1
Remove default actions and move them to default.yaml, then update code accordingly. Also update the initialization code so it will now load the possible actions dynamically from default.yaml.
2022-07-15 16:28:37 -05:00
438b4b1bf8
Rework the logic for output and make it a lot neater. Also redo the query logic thanks to help from Alan David Foster so the query itself will specify what fields we need vs us having to manually filter this out later on. Makes it a lot quicker and easier to work with
2022-07-15 16:28:31 -05:00
2a1a8aa632
Add in CSV reporting formatting thanks to some help from Alan David Foster
2022-07-15 16:28:30 -05:00
d4809219b9
Add in JSON output option
2022-07-15 16:28:23 -05:00
515bfd296e
Add in YAML query file implementation
2022-07-15 16:28:23 -05:00
65b9e1cb13
Push initial copy of work up
2022-07-15 16:27:56 -05:00
37f7c15b1e
Update mssql login module to support kerberos authentication
2022-07-15 17:33:54 +01:00
f2ff7bb913
Add mssql kerberos authentication
2022-07-15 17:26:10 +01:00
55079515ca
implement code review suggestions
2022-07-14 06:04:14 -07:00
662c8bbd87
Land #16742 , add NetScaler decrypt aux module
...
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
2022-07-13 14:00:43 -04:00
8f3a0e3856
Land #16742 , add NetScaler decrypt aux module
...
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
2022-07-13 12:11:02 -04:00
9a6013b153
citrix_netscaler_config_decrypt refinements
...
Refactor error handling when composing KEK fragments to be more
streamlined.
Various tweaks and optimizations.
Updates to documentatation.
2022-07-13 08:36:18 -04:00
443920850c
Update modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-07-13 07:56:41 -04:00
d227f0aaa2
Update modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-07-13 07:56:12 -04:00
781597bc0e
Land #16617 , fix race condition in short ranges
2022-07-08 09:56:51 -04:00
39f90d95b1
Create sessions for winrm_login successes.
...
Reuses the connection, so that authentication doesn't need to happen again
2022-07-08 16:57:09 +10:00
d3e7152954
Changes from code review
2022-07-08 11:47:54 +10:00
6db340508f
Land #16703 , add Censys API v2 functionality
...
This PR updates the censys_search.rb module to also
make use of the v2 API functionality
2022-07-07 13:09:31 -04:00
b2eb348d94
Added WinRM using Kerberos, including encryption
2022-07-07 13:17:09 +10:00
debf619968
Land #16733 , add dfscoerce scanner module
2022-07-06 18:18:00 -05:00
aea37f7137
Add initial SMB Kerberos authentication support
2022-07-06 16:15:33 +01:00
066d01b7b2
Rework censys_search module to use Censys Search API v2
2022-07-04 17:19:16 +02:00
789397a445
citrix_netscaler_config_decrypt tweaks
...
Minor code tweaks and updates to documentation
2022-07-03 08:21:58 -04:00
8bd0be9837
msftidy pass.
2022-07-02 19:43:41 +02:00
f2419785ba
implemented certificates search as an option.
2022-07-02 19:02:25 +02:00
Grant Willcox