sinn3r
e72303a922
The modified version of pull request #453. This addresses a couple of things including: * Change the description to better explain what the vulnerability is. The advisory focuses the problem as an auth bypass, not DoS, although it can end up dosing the server. * The title and filename are changed as a result of matching that advisory's description. * Use 'TARGETURI' option instead of 'URI'. * The reset attempt needs to check if the directory actually has 401 in place, otherwise this may result a false-positive. * The last HTTP request needs to check a possible nil return value. * More verbose outputs.
Metasploit
The Metasploit Framework is released under a BSD-style license. See COPYING for more details.
The latest version of this software is available from http://metasploit.com/
Bug tracking and development information can be found at: https://dev.metasploit.com/redmine/projects/framework/
The public GitHub source repository can be found at: https://github.com/rapid7/metasploit-framework
Questions and suggestions can be sent to: msfdev(at)metasploit.com
The framework mailing list is the place to discuss features and ask for help. To subscribe, visit the following web page: https://mail.metasploit.com/mailman/listinfo/framework
The mailing list archives are available from: https://mail.metasploit.com/pipermail/framework/
Installing
Generally, you should use the installer which contains all dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.
Using Metasploit
Metasploit can do all sorts of things. The first thing you'll want to do
is start msfconsole, but after that, you'll probably be best served by
reading some of the great tutorials online:
Contributing
See the Dev Environment Setup guide on github which will walk you through the whole process starting from installing all the dependencies, to cloning the repository, and finally to submitting a pull request.