adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

11360 Commits

Author SHA1 Message Date
Heyder Andrade bb2a2e458b shodan_search default user-agent overwirte - fix #16189 and #16223 
As the Shodan is checking the UserAgent to decide which content-type it
will deliver, the default user-agent is causing it to reply a html page.
This commit overwrite the default user-agent the the module shodan_search
to 'Wget' that works in on the shodan API.
 2022-03-01 21:31:35 +01:00
Jake Baines fbdb6614bc Initial version of CVE-2021-4191 GitLab user enumeration 2022-03-01 06:57:39 -08:00
space-r7 0d10409d67 Land #16131, add modern events calendar sqli 2022-02-28 12:27:45 -06:00
h00die 2195edbb8d masterstudy privesc 2022-02-25 16:36:47 -05:00
Grant Willcox a500435080 Land #16182, wordpress Secure Copy COntent Protection and Content Locking Unauthenticated SQLi (CVE-2021-24931) 2022-02-24 15:55:29 -06:00
Grant Willcox 9b53ed5f5c Add final randomization parts before landing 2022-02-24 15:43:21 -06:00
h00die dc5209e412 vnc docs and fixes 2022-02-24 16:42:36 -05:00
Grant Willcox 8d080135bb First round of review edits 2022-02-24 13:46:33 -06:00
Grant Willcox 585b470703 Land #16093, Fix URL refs for various modules and improve tools/modules/module_reference.rb code 2022-02-23 17:04:26 -06:00
Grant Willcox 5f672019ac Add in RuboCop fixes before final land 2022-02-23 16:27:12 -06:00
Grant Willcox 40c3dd68a2 Land #16061 - Add support to retrieve user list from wp-json to wordpress_scanner module 2022-02-22 17:58:02 -06:00
adfoster-r7 dc301a12bd Land #16156, Authenticated Microweber v1.2.10 Local File Inclusion 2022-02-22 18:20:59 +00:00
talhak08 95f47847e2 VHOST compatibility added 2022-02-22 14:21:33 +03:00
h00die d5ba1afbec fix URLs not resolving 
fix URLs not resolving

add csv export to references

fix URLs not resolving

pdf not pd

missed a url change

remove extra recirectedfrom fields

remove extra file

fix ovftool url accidental replacement
 2022-02-16 17:22:40 -06:00
Grant Willcox 891c33bd99 Final improvements to store captured WordPress usernames as credentials in database 2022-02-16 14:30:46 -06:00
Grant Willcox 2d9edcd22f Remove extra lines, use normalize_url, convert JSON.parse call to using get_json_document instead and update code appropriately. 2022-02-16 11:43:29 -06:00
bwatters 0239ef1cc6 Land #16117, Updates for Log4Shell 2022-02-15 16:39:00 -06:00
Grant Willcox e203548213 Land #16087, Grandstream UCM62xx IP PBX Websocket Blind SQL Injection Credential Dump 2022-02-15 11:11:11 -06:00
Grant Willcox 6e2f81010e Make Exploit::CheckCode messages more explicit when handling JSON data so we know what we are failing on 2022-02-15 10:47:30 -06:00
adfoster-r7 18b4ce8a13 Update replicant pattern to increment refs 2022-02-15 16:08:35 +00:00
Jake Baines 14234e467a Moved to aux/gather. Implemented autocheck. Added failure on websocket error 2022-02-15 06:23:19 -08:00
Jeffrey Martin af3fa09896 refactor smtp delivery to support continuation 
When dealing with SMTP servers the communication needs to flow
a known protocol. To ensure the socket is in the correct state
after a send and receive it needs to be read until a line return
a response code followed by a `space` and additional data and `\r\n`
or the response code immediately followed by `\r\n` is returned.
 2022-02-14 16:55:49 -06:00
Grant Willcox c8f63e30cb Fix minor issues from review 2022-02-14 14:15:17 -06:00
h00die 392ed7e9a8 change wp_modern_events_calendar check method 2022-02-13 15:50:24 -05:00
h00die e1b933e0a8 change wp_registrationmagic check method 2022-02-13 15:40:57 -05:00
h00die 864ce9471f wp_secure_copy sqli 2022-02-13 15:04:17 -05:00
space-r7 db00991f26 Land #16150, add nagios xi web shell upload 2022-02-11 11:45:06 -06:00
talhak08 69314786e0 OptString to OptBool 2022-02-10 23:35:55 +03:00
talhak08 c5157935c4 CheckCodes and Failures fixed 2022-02-10 22:30:04 +03:00
talhak08 1ad54ba48d The documentation edited and the defanged mode fixed 2022-02-10 21:13:31 +03:00
talhak08 76e63d3474 Fixed the defanged mode. 2022-02-10 20:34:03 +03:00
talhak08 22564a5cdc Fixed the typo. 2022-02-10 20:29:19 +03:00
talhak08 e80ebdde66 Fixes according to the recommendations 2022-02-10 20:26:10 +03:00
space-r7 2e2bad0a98 Land #16147, improve ssh_enumusers user list gen 2022-02-09 12:48:05 -06:00
talhak08 138856765f changed datastore's variable names and edited the documentation. 2022-02-08 04:14:45 +03:00
talhak08 d2b0739d19 Rank's been deleted and fixed check method 2022-02-08 03:43:20 +03:00
talhak08 6955e2b4a2 Fixes 2022-02-08 03:29:49 +03:00
Talha Karakumru 274c48cf77 Microweber v1.2.10 Local File Inclusion (Authenticated) 2022-02-08 02:43:09 +03:00
Christophe De La Fuente fa849e51c3 Land #16137, Update PrintNightmare to use the moved DCERPC definitions 2022-02-07 16:54:09 +01:00
Jake Baines 9758251278 Initial commit of CVE-2021-37343 2022-02-05 18:21:18 -08:00
Spencer McIntyre dcb2f4be4c Improve user list generation for ssh_enumusers 2022-02-04 16:08:30 -05:00
Spencer McIntyre 05b3c3535d Apply rubocop fixes for ssh_enumusers 2022-02-04 15:57:51 -05:00
Spencer McIntyre bb94115e3a Return nil instead of failing 2022-02-04 13:12:09 -05:00
Spencer McIntyre dd64dcf074 Finish the PetitPotam module with docs 2022-02-04 13:12:08 -05:00
Spencer McIntyre 4cac9cae8d Initial commit of authenticated petit potam 2022-02-04 13:12:08 -05:00
Spencer McIntyre 965493191f Add and use a Log4Shell mixin 2022-02-03 16:09:49 -05:00
h00die 11c67ce7d7 wp_modern_events_calendar_sqli 2022-02-02 19:21:42 -05:00
Spencer McIntyre 7c987a452d Land #16130, Wordpress RegistrationMagic sqli 2022-02-02 10:50:13 -05:00
Spencer McIntyre dda6c53144 Fix table alignment 2022-02-02 10:48:58 -05:00
h00die ed7dc1882b updated failed login for registrationmagic 2022-02-01 17:32:34 -05:00