adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

56 Commits

Author SHA1 Message Date
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
Samuel Henrique d77113dad5 ssh_enumusers.rb: Change default value of 'CHECK_FALSE' to true (closes #17810) 
The default action "Malformed Packet" reports all users as found even
 though they don't exist.

 Setting "CHECK_FALSE" to true will make the scanner bail out as it
 realizes the target is patched.
 2023-03-23 22:24:59 +00:00
Heyder Andrade bf849eb2a2 Making SSH defaults widely used 2022-04-14 17:27:19 +02:00
Spencer McIntyre dcb2f4be4c Improve user list generation for ssh_enumusers 2022-02-04 16:08:30 -05:00
Spencer McIntyre 05b3c3535d Apply rubocop fixes for ssh_enumusers 2022-02-04 15:57:51 -05:00
Grant Willcox cd1f0780de Fix up a minor typo. 2021-01-27 10:14:52 -06:00
Sebastian Tauchert edde3b8fa2 Hide negative results as default 2021-01-27 15:16:55 +01:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
William Vu 35fb0d19ab Refactor SSH mixins and update modules 2018-09-05 23:53:11 -05:00
William Vu 578d2375d7 Add full disclosure for CVE-2018-15473 2018-08-22 14:49:13 -05:00
William Vu 06582a00a0 Add module doc for ssh_enumusers 
And update description in module.
 2018-08-20 19:26:51 -05:00
William Vu 819b8504e2 Add a little better randomization 2018-08-20 17:10:14 -05:00
William Vu b38a442bb0 Refactor once more with feeling 
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
 2018-08-20 16:25:32 -05:00
William Vu 75403d7e05 Add testing note about logging 2018-08-17 20:20:12 -05:00
William Vu 7287779555 Make false positive check optional 
I couldn't repro this with pubkey-only auth. It also goes to the log.
 2018-08-17 20:05:04 -05:00
William Vu 8e3af2dcfc Add CVE-2018-15473 to ssh_enumusers 2018-08-17 18:48:44 -05:00
William Vu 60c0272270 Make style consistent 2018-08-15 21:27:40 -05:00
Kevin Kirsche 905f26372d Remove host key checks on ssh scanner modules 2018-08-15 06:48:35 -07:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
James Lee ff63e6e05a Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4 set ssh to non-interactive 
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
 2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
David Maloney 3d93c55174 move sshfactory into a mixin method 
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
 2016-06-28 15:23:12 -05:00
David Maloney 6c3871bd0c update ssh modules to use new SSHFactory 
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
 2016-06-24 13:55:28 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259 change Metasploit3 class names 2016-03-07 09:56:58 +01:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
jvazquez-r7 4224008709 Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169 
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
 2014-11-11 14:59:41 -06:00
sinn3r 6d11ec8477 These mods support Proxies, so make the option visible for the user 2014-10-21 15:39:24 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
William Vu 7777202045 Deconflict #3310 and correct the description 2014-04-30 12:02:57 -05:00
Tod Beardsley a5983b5f57 Light touchup on FP checker 2014-04-29 16:14:41 +01:00
Tod Beardsley 88efeea378 Add a false positive check 2014-04-29 16:07:42 +01:00
Tod Beardsley 4d76128937 Merge upstream and deconflict #3310 whitespace 2014-04-29 15:32:32 +01:00
Tod Beardsley a6edd94c7f Just fix refs and desc for release 2014-04-28 19:47:15 +01:00
Tod Beardsley a7e110be9e Add a peer method, elaborate desc and prints 2014-04-28 19:41:44 +01:00
William Vu 0a108acea3 Fix missing comma 
Commas will be the death of me.
 2014-04-23 10:10:12 -05:00
William Vu 1a2899d57b Fix up whitespace 'n' stuff 2014-04-23 10:00:34 -05:00
kenkeiras 96f042110f return is not needed when it's the last lifunction line 2014-04-22 22:33:47 +02:00
kenkeiras c9d8da991a Use Rex.sleep instead of select 2014-04-22 22:33:19 +02:00
kenkeiras d2a558dc85 Removed unused code 2014-04-22 22:33:02 +02:00
kenkeiras b8e0187647 Use OptPath for file path options 2014-04-18 21:56:17 +02:00
kenkeiras fb0af8a799 Remove unnecesary ssh_socket variable 2014-04-18 21:50:54 +02:00