adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
25,805 Commits 27 Branches 1,043 Tags
7d1cd22acab75faef3d9d7e6ae4e68839e2dcdfd
Commit Graph

1089 Commits

Author SHA1 Message Date
David Maloney aeda74f394 Merge branch 'master' into staging/electro-release 
Conflicts:
	Gemfile
	Gemfile.lock
 2014-07-07 16:41:23 -05:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00
David Maloney 9cec330f05 Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
jvazquez-r7 469fae7058 Land #3465, @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability 2014-06-20 17:22:28 -05:00
jvazquez-r7 252d917bbb Fix msftidy and favor && over and 2014-06-20 17:21:10 -05:00
David Maloney 4453dcdc8e some minor fixes 2014-06-19 15:45:24 -05:00
HD Moore fa5fc724eb Fix the disclosure date 2014-06-19 15:36:17 -05:00
HD Moore f7fd17106a Add the final cari.net URL 2014-06-19 15:33:06 -05:00
James Lee 9421beedb3 Refactor http_login 2014-06-19 14:12:21 -05:00
dmaloney-r7 190923e9a7 Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor 
Refactor axis_login
 2014-06-18 11:43:23 -05:00
David Maloney 2b0bb608b1 Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
James Lee d6de0da5a7 Refactor axis_login 2014-06-17 17:07:53 -05:00
Christian Mehlmauer 8e1949f3c8 Added newline at EOF 2014-06-17 21:03:18 +02:00
David Maloney 96e492f572 Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
jvazquez-r7 e85f829ee4 modules living inside scanner should include the Scanner mixin 2014-06-12 12:20:44 -05:00
HD Moore fa4e835804 Fix up scanner mixin usage, actual test/bug fix 2014-06-12 11:52:34 -05:00
jvazquez-r7 67d4097e1d Land #3271, @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module 2014-06-12 11:27:23 -05:00
HD Moore 487bf219f0 Rename to match the title 2014-06-12 11:23:34 -05:00
jvazquez-r7 7650067b41 Fix metadata 2014-06-12 11:22:52 -05:00
jvazquez-r7 e76c85c5d1 Fix usage of print_* 2014-06-12 11:13:45 -05:00
HD Moore 81019ed850 Supermicro work 2014-06-11 15:03:54 -05:00
David Maloney c06fd21fb1 refactor tomcat_mgr_login 
uses the new Metasploit::Credential magic now
 2014-06-10 15:59:00 -05:00
David Maloney 28bf29980e Merge branch 'master' into staging/electro-release 2014-06-04 10:21:08 -05:00
Tod Beardsley b7dc89f569 I prefer "bruteforce" to "brute force" for search 
Just makes it easier to search for, since it's an industry term of art.
 2014-06-02 13:09:46 -05:00
David Maloney 34004908bb Merge branch 'master' into staging/electro-release 
Conflicts:
	.ruby-version
 2014-06-02 11:10:33 -05:00
RageLtMan 74400549a1 Resolve undefined method `get_cookies' 
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
 2014-05-30 14:39:51 -04:00
jvazquez-r7 4a1fea7abb Land #2948, @juushya's PocketPAD login bruteforce module 2014-05-30 11:47:16 -05:00
jvazquez-r7 b0bdfa7680 Clean up code 2014-05-30 11:44:42 -05:00
jvazquez-r7 fb59221189 Land #2494, @juushya's etherpadduo login module 2014-05-30 11:35:28 -05:00
jvazquez-r7 d92a7adc68 change module filename 2014-05-30 11:31:49 -05:00
jvazquez-r7 40a103967e Minor code cleanup 2014-05-30 11:28:37 -05:00
David Maloney 696d2b7e6b Merge branch 'master' into staging/electro-release 2014-05-29 12:30:32 -05:00
William Vu 53ab2aefaa Land #3386, a few datastore msftidy error fixes 2014-05-29 10:44:37 -05:00
William Vu 8a2236ecbb Fix the last of the Set-Cookie msftidy warnings 2014-05-29 04:42:49 -05:00
James Lee 05e24326a6 Style compliance 2014-05-28 14:31:34 -05:00
Tod Beardsley 1aee0f3305 Warn if it's not UPPERCASE method (@wchen-r7) 
See the discussion on f7bfab5a26, PR #3386
 2014-05-23 17:10:27 -05:00
Tod Beardsley 9f78bec457 Use normalize_uri (@wchen-r7) 
Instead of editing the datastore['PATH'], use normalize_uri.

Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
 2014-05-23 15:43:50 -05:00
Tod Beardsley f7bfab5a26 HTTP traversal shouldnt upcase METHOD (@wchen-r7) 
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
 2014-05-23 15:32:04 -05:00
Tod Beardsley f189033e8a OWA bruteforce shouldnt edit datastore (@wchen-r7) 
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
 2014-05-23 15:08:19 -05:00
Christian Mehlmauer df4b832019 Resolved some more Set-Cookie warnings 2014-05-13 22:56:12 +02:00
Christian Mehlmauer 3f3283ba06 Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
William Vu 92a9519fd9 Remove EOL spaces 2014-05-09 18:34:12 -05:00
Pedro Laguna ab913a533e Update oracle_demantra_file_retrieval.rb 
Fixed typo
 2014-04-28 14:36:48 +01:00
Jonathan Claudius d70aa4cdbb Fix MSFTidy complaints 2014-04-22 22:07:25 -04:00
Jonathan Claudius b3cabaaa28 Clean up some formatting concerns 2014-04-22 21:58:14 -04:00
Jonathan Claudius f71ad111da Change return values from nil to false 2014-04-22 21:48:16 -04:00
Jonathan Claudius 3d793fc6f1 Add default VPN group fall back 2014-04-22 21:45:04 -04:00
Jonathan Claudius 4d9ece2f9a Add hyphens and digits to group regex 2014-04-22 21:34:08 -04:00
Tod Beardsley e514ff3607 Description and print_status fixes for release 
@cdoughty-r7, I choose you! Or @wvu-r7.
 2014-04-21 14:00:03 -05:00
Tod Beardsley 2a729c84f6 Fix disclosure date 2014-04-18 09:27:41 -05:00