jvoisin
e5bb593607
Since I was the one suggesting it in #18716, I kinda volunteered to implement it. This improvement is based on [Censys's blogpost](https://censys.com/cve-2021-22205-it-was-a-gitlab-smash/) on the topic, making use of the `/assets/application-….css` files that have a unique name per gitlab versions. The fingerprints were acquired with this bash script: ```bash assetdir="/opt/gitlab/embedded/service/gitlab-rails/public/assets" tags=$(curl "https://hub.docker.com/v2/repositories/gitlab/gitlab-ce/tags?page_size=100" | jq -r '.results[].name') for tag in $tags; do filename=$(docker run --quiet --rm -it --entrypoint "" gitlab/gitlab-ce:$tag ls $assetdir|egrep '^application-.*\.css' | grep -v \.gz | cut -d' ' -f1) echo $tag,$filename done ``` Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
This is the folder where all of Metasploit's modules live. These modules are scripts in Ruby that interface with
Metasploit itself to perform some specific task. There are various types of modules, such as exploit modules to
exploit a vulnerability and gain a shell, auxiliary to perform a non-shell gaining activity, payloads for
Metasploit's various payloads (which are also modules), and post for post exploitation modules.