adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

9290 Commits

Author SHA1 Message Date
Dan bb252d6ed2 Corrected spelling in db2_auth.rb 
Fixed spelling error: "seperated" to "separated"
 2019-10-03 12:45:09 -04:00
Dan 3393e2446b Spelling correction in udp_sweep.rb 
Fixed spelling error: "Intialize" to "Initialize"
 2019-10-03 12:38:36 -04:00
Dan bfea024c3a Updates iis_shortname_scanner.rb 
Fixed spelling error: "diclose" to "disclose"
 2019-10-03 12:28:54 -04:00
Spencer McIntyre db53adf2a1 Fix the require_signing attribute 2019-10-02 20:22:51 -04:00
Spencer McIntyre cbf1722b01 Note whether or not SMB requires signatures 2019-10-02 19:22:07 -04:00
dwelch-r7 db7e594ef4 land #12065, local file config loader 
Adds a couple of modules for loading in cisco/juniper configs from a
file without needing a shell and a post module
 2019-09-30 23:26:27 +01:00
h00die 0288649fc2 rename juniper variables 2019-09-30 15:03:38 -04:00
dwelch-r7 f6eaeaac71 Merge remote-tracking branch 'upstream/pr/12316' into HEAD 2019-09-26 15:20:45 +01:00
Nicholas Starke 73569fef38 Removing Invalid CVE Identifier 
CVE Identifier was invalid, I removed that and made a
few other minor formatting / procedural changes, including
doing the check for the options before sending any network traffic.
 2019-09-25 16:52:50 -05:00
Nicholas Starke 90cd20b381 Minor Formatting Changes 
I forgot to run msftidy before pushing.  This commit
address two formatting issues and adds a place holder for
CVE, even though I don't think this is a CVE candidate.
 2019-09-25 16:21:27 -05:00
Nicholas Starke f77497883b Adding Chrome Debugger Gather Auxiliary Module 
This module can retrieve a file from a remote host that is
running a chrome session in headless mode on all network interfaces.
It can also make a web request from the remote host and send back the
full contents.
 2019-09-25 15:58:34 -05:00
Brent Cook 026f9cbd96 Land #12354, Remove unused targets from aux and post modules 2019-09-25 07:40:06 -05:00
William Vu 2ce3e4f1c4 Make BlueKeep scanner's output less chatty 2019-09-24 08:49:27 -05:00
dwelch-r7 a587668b9e Remove Default targets from aux modules 2019-09-24 12:15:43 +01:00
Brent Cook 0ed09cc9bf Land #11927, Add Brocade post module and config parser 2019-09-24 05:59:21 -05:00
Brent Cook b668e1fa5b Land #12283, Add exploit module for CVE-2019-0708 / BlueKeep 2019-09-23 11:22:36 -05:00
dwelch-r7 134765dc40 Remove targets from aux modules 2019-09-23 15:29:38 +01:00
Brent Cook 47a3204e34 Land #12295, Update to modbusclient to use modbus read functions 2 and 4 2019-09-19 14:47:52 -05:00
Brent Cook fec749d3b2 perform fingerprinting in scanner 2019-09-19 06:05:08 -05:00
William Vu de34bc484e Ensure rdp_disconnect in rdp_scanner 2019-09-19 06:05:08 -05:00
Brent Cook ab631044af adjust rdp fingerprint code to match self.rdp_sock changes in exploit mixin 2019-09-19 06:05:08 -05:00
OJ f479ed2d73 Small refactors, comments and tidying up 2019-09-19 06:05:08 -05:00
OJ 8412ff319a Fix disconnect PDU message and start work on payloads 2019-09-19 06:05:08 -05:00
OJ 1d6e319ac2 Refactor of RDP mixin to make it more configurable 
Slowly moving away from a huge hard-coded blob of inflexible bytes
towards a more data-driven approach that allows configuration of various
elements of the packets that are generated.
 2019-09-19 06:05:08 -05:00
OJ eb9088a588 Refactor RDP mixin to hide socket details 
When dealing with the RDP mixin it makes more sense to not expose
TCP-level things, instead it's better to talk RDP. This changeset makes
it so that consumers of the RDP mixin talk RDP only. They can access the
socket through the `rdp_socket` member if required, but the changes made
here mean they don't have to. Ultimately, this new member should be
`private` instead of `protected`, but I'm leaving it like this for now
in case it is required down the track.

I've also made the assumption that all RDP connects want TCP_NODELAY
set. This might be wrong, but I don't think it is.

From here, users can call `rdp_connect` and `rdp_disconnect` to manage
connectivity to the RDP endpoint. The `rdp_connect` function does not
register the TCP client socket as the global `sock` member on the TCP
module instance, this is to prevent the mixin from clashing with other
users of the TCP client in a given module.
 2019-09-19 06:04:58 -05:00
Clément Notin d85297c556 jboss_vulnscan: report the URL ("app") concerned by message 2019-09-13 01:04:28 +02:00
Clément Notin b8a393ea89 jboss_vulnscan: prefix fingerprint by 'fingerprint: ' 2019-09-12 22:57:57 +02:00
Shelby Pace 408d01cef4 Land #12276, add OpenEMR auxiliary module 2019-09-11 15:58:01 -05:00
Shelby Pace 8bfdaf6ab7 change metadata indentation 2019-09-11 15:56:46 -05:00
Clément Notin 88bdb981ad jboss_vulnscan: prefix fingerprint by 'rhost' and 'rport' 2019-09-11 19:54:32 +02:00
Will Porter 3ed9fb0383 Fix a bug caused by writing python code in a ruby file. 2019-09-11 15:39:15 +00:00
Clément Notin b460dc113d jboss_vulnscan & status: add CVE ref 2019-09-11 14:05:21 +02:00
William Porter 262e574fe2 Add the .csv extension to the loot file. 2019-09-10 21:32:03 -04:00
William Porter 7a8eb76a12 Use the same gsub pattern to create the ltype as is used by store_loot to sanitize characters. 2019-09-10 21:14:15 -04:00
William Porter 832d2e4300 Remove unneccesary comment. 2019-09-10 12:29:55 -04:00
Will Porter 3fc0467484 Update modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb 
Remove unused path variable.

Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2019-09-10 12:27:48 -04:00
Will Porter f1f9597222 Update modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb 
Use `normalize_uri` to construct the vulnerable URI.

Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2019-09-10 12:27:22 -04:00
AZSG a990191f99 Update modbusclient.rb 2019-09-07 23:54:43 -05:00
AZSG edcddf2736 Update modbusclient.rb 2019-09-06 22:40:31 -05:00
Will Porter 106913f631 Correct csv string. 2019-09-04 17:43:34 +00:00
William Porter 2cd93cc097 Update documentation and actually save loot as csv file. 2019-09-04 13:08:49 -04:00
Will Porter 1b9bb964b8 Adjust loot filename. 2019-09-04 16:56:28 +00:00
William Porter 0ee3324535 Use store_loot properly, check response.nil? before consuming body. 2019-09-04 12:21:59 -04:00
Will Porter c433cd4007 Remove erroneous ? from URI path. 2019-09-04 15:04:56 +00:00
Will Porter 74647c314a Use Rex::Text.rand_text_alphanumeric and remove gsub as a weak excuse for encoding. 2019-09-04 07:53:36 +00:00
William Porter 5963bbd6f9 Remove broken include. 2019-09-04 03:30:13 -04:00
William Porter d0803e49be Make changes as suggested in the pull request reviews. 2019-09-04 03:18:58 -04:00
William Porter 2b97522b69 Fix the CVE format based on failed tests. 2019-09-04 01:36:20 -04:00
William Porter 80aee24d65 Add an auxiliary module to exploit OpenEMR CVE CVE-2018-17179. 
Dump all tables in the OpenEMR database and save the data in .csv
format in the loot directory.
 2019-09-04 01:18:54 -04:00
Brendan Coles 3dc68cfaaa Fix #12262 2019-09-01 18:51:13 +00:00