adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

373 Commits

Author SHA1 Message Date
jheysel-r7 90417306bb Merge branch 'master' into add-opnsense-login-scanner 2025-05-02 07:20:01 -07:00
adfoster-r7 bef322e3f0 Improve support for finding available HTTP login scanners 2025-04-10 17:36:14 +01:00
sjanusz-r7 2b0d9b4971 Add OPNSense Login Scanner module 2025-03-31 14:57:44 +01:00
jheysel-r7 e841a45db2 Merge pull request #19985 from sjanusz-r7/add-pfsense-login-scanner 
Add pfSense Login Scanner module
 2025-03-28 11:12:43 -07:00
Spencer McIntyre 7f01048b11 Add some more LoginScanner tests 2025-03-28 10:56:12 -04:00
sjanusz-r7 3b4db23b8e Add pfSense Login Scanner module 2025-03-26 14:25:59 +00:00
Christophe De La Fuente 1885b650ba Fix ldap_login and smb_login 2025-01-29 11:10:30 +01:00
Mathieu 8c5bead4a0 Added spec to reproduce the username/password generation error in case PASSWORD_SPRAY and USER_AS_PASS are both enabled 
Added minimal code to fix the issue, extracting the code to generate username:username credentials in the PASSWORD_SPRAY case
 2024-10-10 21:15:50 +02:00
adeherdt-r7 c5717d42d6 MS-9457 Support NO_AUTH_REQUIRED 
Support the `NO_AUTH_REQUIRED` condition and terminate the scan to avoid further unneeded attempts.
 2024-07-02 14:09:01 +02:00
adeherdt-r7 52142f280f MS-9454 Redis Scanner: Support versions 
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
 2024-06-28 15:25:49 +02:00
adfoster-r7 afa973e05e Fix reids_login scanner when auth is enabled 2024-06-26 13:32:16 +01:00
Dean Welch 9e4f958af7 keep ldap connection open for use in a session 2024-05-15 15:12:51 +01:00
cgranleese-r7 d105ae10ff Fixes some password_spray issues 2024-05-02 15:43:07 +01:00
cgranleese-r7 4bbe2c306c Land #19079, Fix PASSWORD_SPRAY being ignored for LDAP (and potentially other modules) 2024-04-22 10:22:51 +01:00
Noam Rathaus 8526938946 Change the order to make the test work with the yield 2024-04-19 07:59:33 +03:00
Noam Rathaus c09ba17b34 Change order so that the second is a yield 2024-04-19 07:57:41 +03:00
cgranleese-r7 4186d00720 Fixes pry-byebug when running credential collection tests 2024-04-18 14:30:06 +01:00
Noam Rathaus 1f90057761 and_return rather than and_yield 2024-04-15 15:07:16 +03:00
Noam Rathaus ebf94ee7f7 Created spec test for password_spray 2024-04-15 14:30:55 +03:00
sjanusz-r7 b423241e6b Use Rex Post MySQL Client for lib, specs & modules 2024-02-28 18:19:50 +00:00
sjanusz-r7 fc963bd8bb Add Proxies support to creating a session with postgres_login 2024-02-16 14:45:17 +00:00
dwelch-r7 87e78d4f8d Land #18783, remove initialize warnings from rspec tests 2024-02-08 14:38:02 +00:00
Zach Goldman 23e184c9ce Fix removing initialize warnings 2024-02-02 11:04:44 -06:00
cgranleese-r7 0e9cad6d45 Adds MySQL session type 2024-02-02 14:39:37 +00:00
Zach Goldman 35778e92b2 client consolidation 
convert first module from remote to client

move client to rex

remove metasploit mixin
 2024-02-01 17:23:55 -06:00
adfoster-r7 1b12dc3940 Update ssh login pubkey module to correctly identify windows ssh platform 2023-11-17 12:51:01 +00:00
Spencer McIntyre 05dd2e1473 Land #18351, Apache Superset RCE (CVE-2023-37941) 2023-10-12 17:10:10 -04:00
Jack Heysel 50e4269c05 Land #18338, Get crackable ASREP hashes 
This PR fixes the ASREP roasting workflow and resolves
issue #17988.
 2023-10-02 13:26:43 -04:00
Dean Welch 76a25c6937 Don't store creds for successful schannel ldap auth 2023-10-02 13:42:25 +01:00
Ashley Donaldson a7f2165029 Send default etypes first, and fall back to RC4 if it doesn't require pre-auth 2023-09-21 21:22:25 +10:00
Dean Welch 1609836ea2 Don't store passwords to creds if the password wasn't needed for the auth type 2023-09-20 14:30:06 +01:00
h00die 619a46d450 working hashes for apache superset rce 2023-09-14 13:21:01 -04:00
Dean Welch 586f27f44a Fix issue with username generation always adding domain 2023-09-11 16:35:31 +01:00
Dean Welch 7a06ad8d5d Add ldap login scanner specs 2023-09-11 16:33:01 +01:00
Ashley Donaldson f27439760d Update mock for unit tests 2023-09-04 10:47:06 +10:00
Rory McKinley e6d1a20a05 Use ruby-mysql for MySQL login scanner 2023-08-14 21:34:41 +02:00
Dean Welch 9932aaaaaa Add specs for resetting password list when username is specified 2023-07-31 16:22:08 +01:00
adfoster-r7 eb959e2e40 Land #17060, GSoC Project: Implement HTTP-Trace enabled login scanners 2023-05-11 15:45:01 +01:00
adfoster-r7 8e2169ed47 Ensure identify hashes helper is accessible to modules 2023-04-12 13:28:56 +01:00
3V3RYONE 9c20d0f84b Implemented HTTP-Trace for login scanners via HttpLoggerSubscriber API 2023-03-15 00:57:33 +05:30
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
h00die 4c6c8fcf8b crack netntlm* 2023-01-08 14:29:21 -05:00
adfoster-r7 a8957bce49 Update tgt response to include key 2022-12-30 13:41:54 +00:00
adfoster-r7 7774b7ddcf Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch 2022-10-31 23:15:11 +00:00
Matthew Dunn c0403af25e Address two more imports, use described_class per review 2022-10-18 08:47:24 -04:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00
Matthew Dunn 8b5223f53b Modularize Identify, Update referenced use cases 
Modularize Identity.rb

Include new module style Identify

Update juniper.rb

Fix inadvertent change

Add new module to identify spec

Put the require back

Put back require line for juniper
 2022-10-17 17:28:30 -04:00
adfoster-r7 5d345e6689 Merge branch 'upstream-master' into feature-kerberos-authentication 2022-09-29 16:42:58 +01:00
adfoster-r7 3a281234df Add feature flagged datastore rewrite, with support for option fallback lookups 2022-09-16 12:59:02 +01:00
Jeffrey Martin f779f0f482 consolidate the config directory lookups 
The user configuration directory can be overridden via environment
variables or configuration files.

In the current implementation `Msf::Config.config_directory` should be
utilized for consistent location reporting. `Msf::Config.get_config_root`
is reserved to generation of a default location and should be considered
`private` as it ignores some injected configuration options. Currently
autoloading does not allow application of the `private` keyword to this method,
requiring guidance during development that module writers should access the
full configured `user` value of `Msf::Config.config_directory`.
 2022-07-25 15:27:21 -05:00