adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

11360 Commits

Author SHA1 Message Date
RadioLogic b7b1df23ea Implemented threading into module 2023-05-12 14:28:10 -04:00
RadioLogic 04e6bf804f Made stability involve service down 2023-05-12 14:27:58 -04:00
adfoster-r7 eb959e2e40 Land #17060, GSoC Project: Implement HTTP-Trace enabled login scanners 2023-05-11 15:45:01 +01:00
adfoster-r7 fe63d80679 Fix issues: double encoding bug, nessus scanner logging, remove dead cgi option 2023-05-11 13:01:52 +01:00
vtoutain e742df1c33 Rubocop warning fix 2023-05-10 16:18:33 +02:00
vtoutain cfea6530a1 Merge branch 'rapid7:master' into dolibarr_16_contact_dump 2023-05-10 11:59:46 +02:00
vtoutain d50993cd80 reviews from cdelafuente-r7 
Used the AutoCheck mixin, removed the exploit function that was mileading, removed the hardcoded HttpTimeout, and refactored some code portions.
 2023-05-10 11:59:09 +02:00
Grant Willcox bc25907d1e Add additional clarity to some segments of the module 2023-05-08 16:43:26 -05:00
Spencer McIntyre cdab415ffb Fix a bug in ACE processing 
There was an issue in the ACE processing where only ACEs corresponding
to an object were processed for SIDs with enrollment rights. The
processing should also process ACEs that grant the enrollment right and
are not related to any objects. In other words, only ACEs associated
with an object that is neither the CERTIFICATE_ENROLLMENT_EXTENDED_RIGHT
or CERTIFICATE_AUTOENROLLMENT_EXTENDED_RIGHT right should be ignored.
 2023-05-08 16:00:38 -05:00
Grant Willcox bf61718fe6 Land #17915, Icinga Web 2 Arbitrary File Read (CVE-2022-24716) 2023-05-03 11:47:26 -05:00
h00die 0c0ae00149 add cve to nfsmount 2023-05-02 19:58:47 -04:00
Grant Willcox 092e4f93ad Fix up incorrect user who we are executing as 2023-05-02 15:50:46 -05:00
Grant Willcox cf6b309904 Add in quick fixes from review 2023-05-02 15:17:02 -05:00
adfoster-r7 7ec7a4c607 Land #17910, Fixes couchdb_login false positives 2023-05-02 17:56:55 +01:00
Christophe De La Fuente 60149259a2 Land #17856, RCE exploit for CVE-2023-26359 (Adobe ColdFusion) and an auxiliary module for arbitrary file read via the same vuln. 2023-04-28 19:27:15 +02:00
vtoutain 3036b607b6 JSON output support 
Added the prettyfied JSON output along with the CSV, refactored variables regarding the JSON contacts object.
 2023-04-24 11:50:29 +02:00
vtoutain e565a8f962 Merge branch 'rapid7:master' into dolibarr_16_contact_dump 2023-04-24 11:44:52 +02:00
h00die d6c2e4f528 cve-2022-24716 2023-04-21 16:27:52 -04:00
space-r7 365b7c099c Land #17895, add Joomla api scanner 2023-04-21 09:50:24 -05:00
cgranleese-r7 eb4107b5e2 Fixes couchdb login bug 2023-04-21 10:14:22 +01:00
h00die 17f674e3fa review comments 2023-04-20 16:23:52 -04:00
vtoutain d6e921c414 Version regex fix 
The previous fix was not matching numbers at the end of the version like "-rc2".
 2023-04-20 16:20:40 +02:00
vtoutain ea9019600a Version regex update 
Used a less greedy version of the regex based on reviews, as well as the `version.blank?` pattern for improved readability.
 2023-04-20 16:00:24 +02:00
vtoutain ecd56c7904 Check logic simplification 
Moved most of the check logic inside the check function to make it easier to read.
 2023-04-20 11:51:28 +02:00
Spencer McIntyre 2e3a2b6f6d Combine AWS SSM modules, autodetect platform 2023-04-19 18:05:50 -04:00
Spencer McIntyre 59b3c0e945 Set the platform in enum_ssm 
Update the enum_ssm module to use the correct session type with the
appropriate platform. Also set the session information to the same
string which also removes the eye sore that is the shell banner.
 2023-04-19 18:05:50 -04:00
vtoutain a2f3a719a9 Fixes from code reviews 
Fixed some typos, took into account the comment from jvoisin to infer fields from the JSON reply, used fail_with as suggested by jheysel-r7, fixed a rubocop warning about a redundant begin block.
 2023-04-19 11:45:03 +02:00
vtoutain 35c7d3918d Merge branch 'rapid7:master' into dolibarr_16_contact_dump 2023-04-19 11:24:37 +02:00
adfoster-r7 246de78f85 Update ftp login connect timeout option name 2023-04-18 23:44:58 +01:00
Jack Heysel 9563466037 Land #17873, add ensure disconnect to ftp login 
Add ensure disconnect to ftp login module and ftp timeout configuration
 2023-04-18 18:31:12 -04:00
Zach Goldman 898a9f2f3d add user mutability to connection timeout 2023-04-18 16:31:05 -05:00
dsecbypass 413082a4d6 Linting 
Simplified version regex, fixed rubocop findings.
 2023-04-18 11:24:14 +02:00
dsecbypass a05aae3ebe Support remote database storage 
It's better to pass the CSV string to store_loot directly instead of using nil and writing to the local file path ourself.
 2023-04-17 17:24:59 +02:00
dsecbypass 3b710293f5 Dolibarr 16 unauthenticated contact database dump 
Auxiliary module and documentation.
 2023-04-17 14:52:05 +02:00
h00die 2c7d54da2f joomla api cve-2023-23752 with create_credential_and_login 2023-04-16 23:20:19 -04:00
h00die 32b6741cd8 joomla api cve-2023-23752 2023-04-16 22:54:54 -04:00
adfoster-r7 71a058b555 Fix crash for lotus domino hashes module when database not active 2023-04-14 23:28:32 +01:00
sfewer-r7 5d05754d9b update the AKB URL to reference the changed CVE 2023-04-14 17:44:38 +01:00
sfewer-r7 e6211175b3 rename the files to the correct CVE 2023-04-14 15:52:13 +01:00
sfewer-r7 b5ea420760 On April 12 Adobe reclassified CVE-2023-26360 from an Improper Access Controll vuln to a Deserialization of Untrusted Data vuln. A private report has confirmed that CVE-2023-26359 is a similar yet seperate vuln, so I am changing the CVE associated with these two modules from CVE-2023-26359 to CVE-2023-26360 as we now beliee this is the correct CVE. 2023-04-14 15:49:10 +01:00
sfewer-r7 b7f46aab99 split the CFC_METHOD_PARAMETERS by comma and not amperstand 2023-04-13 16:55:34 +01:00
dwelch-r7 f9d5459a9c Land #17872, Ensure identify hashes helper is accessible to modules 2023-04-13 16:20:20 +01:00
sfewer-r7 8377cb7d6d group multiple suffixes with one call to end_with? 2023-04-13 16:00:30 +01:00
adfoster-r7 aef2b8d314 Land #17804, Fix incorrect module metadata CI and add validation automation 2023-04-13 15:11:46 +01:00
Grant Willcox d19c9e7732 Land #17867, fix always vulnerable in Auxiliary module surgenews_user_creds 2023-04-12 19:32:39 -05:00
Grant Willcox 0ed25cd2cc Fix RuboCop issues 2023-04-12 19:05:30 -05:00
Zach Goldman 87c0faa73a Add ensure disconnect to ftp login module, ftp timeout configuration 2023-04-12 11:18:50 -05:00
adfoster-r7 8e2169ed47 Ensure identify hashes helper is accessible to modules 2023-04-12 13:28:56 +01:00
sfewer-r7 43bfdcd6b4 improve the aux file read module; add a default CFC endpoint option and support servers configured with the non-default setting 'Enable Request Debugging Output' enabled. 2023-04-12 12:39:00 +01:00
Ryuuuuu 585479474b fix bug which prints always vulnerable (change code suggested code by @bcoles) 2023-04-12 08:25:34 +00:00