8489bcdfd9
This fixes broken links to the community.rapid7.com blog
...
Performed mechanically with sed, spot-checked that the new blog can consume these links.
2020-02-18 09:06:11 -06:00
02bb97fba6
Forced gitserver to required and improved status messages
2019-11-27 11:18:01 -06:00
a2aba34112
Trimmed test_keys method
2019-11-09 12:00:22 -06:00
d12fce600d
Use regex instead of splitting strings
2019-10-25 09:50:53 -05:00
44181d3261
Patched up @bcoles suggestions
2019-10-24 14:04:21 -05:00
0dd2ce9f45
Ignore keys that have passphrases
2019-10-23 23:11:13 -05:00
32a5c68c6c
Migrated Post module to auxiliary to check from a local machine
2019-10-23 11:32:38 -05:00
134765dc40
Remove targets from aux modules
2019-09-23 15:29:38 +01:00
9274b1d259
Land #12024 , add gatherproof to ssh_login modules
2019-07-09 20:35:49 -04:00
dc81adb417
Add GatherProof advanced option to ssh_login*
2019-06-27 21:04:20 -05:00
2ed8e6db97
Deregister PASSWORD_SPRAY option for LoginScanner modules
2019-06-27 17:06:32 -05:00
7c83734592
Update LoginScanner::SSH modules
2019-06-02 20:08:27 -05:00
d923e1fb84
Land #11523 , remove unneded RHOST reregister in scanners
2019-03-06 17:35:54 -06:00
c7f12b2594
Sneak in a change to libssh_auth_bypass
2019-03-05 17:21:11 -06:00
ddef5b4961
MSF5: Remove unneeded RHOST deregister in scanners
...
With Metasploit 5, RHOST and RHOSTS are aliases, so no need to
deregister one or the other, as they are the same option. Deregistering
one deregisters both.
2019-03-05 13:04:49 -06:00
8b79634338
Update a few stragglers
...
And since eaton_xpert_backdoor was copied from my fortinet_backdoor
module, update the error handling there, too.
2018-12-12 15:47:18 -06:00
6e77ae7e3e
Update my SSH scanner modules
...
Especially with proper error handling for Net::SSH::CommandStream.
2018-12-12 15:36:54 -06:00
7cffbac65b
Update additional scanner modules.
2018-12-12 15:32:31 -06:00
fa2164ebb9
Update to match coding style.
2018-12-12 15:32:31 -06:00
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
904f342848
Option to not create shell on login.
2018-12-12 15:32:30 -06:00
509e1c2587
Land #10973 , Rework DisclosureDate check in msftidy, including ISO 8601 support
2018-11-19 10:46:18 -06:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
189f29e534
Land #10572 eaton ssh private key scanner
2018-11-15 17:16:36 -05:00
de014f0599
remove variable only used once
2018-11-15 17:14:13 -05:00
3849d5de18
resolve description update request
2018-11-13 16:21:43 -05:00
1c2da8a5c8
correct trailing space issue
2018-11-10 15:40:03 -05:00
33f624bbb2
Module updated to reflect requested changes
2018-11-10 14:36:06 -05:00
e9b3502f98
Fix Net::SSH::CommandStream session open failure
...
I suspected this might be a problem for libssh servers.
2018-11-02 01:08:05 -05:00
e1a7c35834
Clean up check_banner
2018-10-25 05:20:20 -05:00
f90992dc08
Fix typo.
2018-10-25 17:55:01 +08:00
760b14e71d
Update the version match code.
2018-10-25 15:33:54 +08:00
9c49acb924
Fail scanner instead of returning
2018-10-23 10:07:38 -05:00
58a1b65e60
Update Exploit::CheckCode::Unknown
...
Brain fart.
2018-10-23 09:34:48 -05:00
899238a4e3
Update libssh_auth_bypass with command output
2018-10-23 09:34:42 -05:00
accf9edf89
Land #10835 , libssh fingerprint improvements
2018-10-19 19:48:23 -05:00
abd425c863
Land #10819 , os_name population for ssh_login*
2018-10-19 15:53:38 -05:00
db7bd3d50c
Update style
2018-10-19 15:52:26 -05:00
e4c71265fb
Improve banner checking in libssh_auth_bypass
...
Now we do the right thing when libssh is patched.
2018-10-19 15:21:12 -05:00
21397330f8
Refactor fortinet_backdoor copypasta
2018-10-19 00:07:18 -05:00
863ab3447f
Add libssh auth bypass module
2018-10-18 23:03:23 -05:00
763506f28d
ssh_login now populates the os_name field
2018-10-16 22:02:44 -04:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
3546b9388c
correct CVE Reference
2018-09-05 10:29:49 -04:00
b8687d501c
msftidy corrections
2018-08-31 18:55:20 -04:00
578d2375d7
Add full disclosure for CVE-2018-15473
2018-08-22 14:49:13 -05:00
06582a00a0
Add module doc for ssh_enumusers
...
And update description in module.
2018-08-20 19:26:51 -05:00
819b8504e2
Add a little better randomization
2018-08-20 17:10:14 -05:00
Brent Cook