Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
sinn3r
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
Gregory Man
ba6928cbf1
sockso_traversal 1.8 compatibility fix
2012-03-16 18:12:09 +02:00
sinn3r
46dbaf8283
Fix typos and output
2012-03-15 16:10:05 -05:00
sinn3r
81b3eaa482
Fix typo
2012-03-15 15:56:24 -05:00
sinn3r
db4538389c
Add sockso dir traversal
2012-03-15 15:55:54 -05:00
James Lee
74e40763d6
Fix syntax error in 1.8, thanks Jun Koi for the patch
2012-03-15 14:32:16 -06:00
sinn3r
d5f83be2d0
Cosmetic changes
2012-03-15 11:21:41 -05:00
Gregory Man
9928b102b5
Added rails_mass_assignment module.
2012-03-15 16:56:38 +02:00
sinn3r
65bde7ec99
Add OSVDB-79863 NetDecision Directory Traversal
2012-03-14 16:50:54 -05:00
James Lee
2b9acb61ad
Clean up some incosistent verbosity
...
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
sinn3r
003fa3e22c
Apply patch for #6495
2012-03-06 11:43:28 -06:00
sinn3r
1005de0523
Port should not contain a non-numeric value or even empty when assigned to :port
2012-03-05 11:10:16 -06:00
Tod Beardsley
7447052b38
Convert WMAP constant name to the new format.
2012-03-02 10:18:32 -06:00
Tod Beardsley
302853f5a4
Unpolluting SVN Revision keyword
...
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
Tod Beardsley
3626d48db2
Un-polluting SVN Id keyword
...
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
Efrain Torres
36a3341acd
Fix body cero.
2012-03-02 10:18:32 -06:00
Efrain Torres
6fba0698e5
Adding another detection method for blind sqli
2012-03-02 10:18:32 -06:00
Efrain Torres
02f6e3fcb2
Improving report on blind sqli module
2012-03-02 10:18:32 -06:00
Efrain Torres
126a6133cd
Improving blind sql inj. detection
2012-03-02 10:18:32 -06:00
Efrain Torres
b608aeeeb7
Migrating modules to use report_web_vulns and minor fixes
2012-03-02 10:18:32 -06:00
Efrain Torres
1a09a49f69
Starting getting rid of report_note to use report_web_vuln on all http aux modules
2012-03-02 10:18:32 -06:00
Efrain Torres
2ce7dc9331
One more module.
2012-03-02 10:18:32 -06:00
Efrain Torres
9c6fec3c33
First step on module cleaning.
2012-03-02 10:18:32 -06:00
Efrain Torres
eaecdb487c
Fix sname in report_ calls to check the use of ssl and report http or
...
https
2012-03-02 10:18:31 -06:00
Efrain Torres
6d80aa0a44
Renaming duh.
2012-03-02 10:18:31 -06:00
Efrain Torres
3cb65e24a1
Fix blind sqli module description and bug with http_method
2012-03-02 10:18:31 -06:00
Efrain Torres
6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
Efrain Torres
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
sinn3r
e9df9d6c2c
Increase default depth
2012-02-29 16:24:18 -06:00
HD Moore
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
James Lee
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
HD Moore
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
sinn3r
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
sinn3r
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
sinn3r
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
sinn3r
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
sinn3r
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
sinn3r
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
sinn3r
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
sinn3r
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
sinn3r
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
sinn3r
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
sinn3r
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
Tod Beardsley
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
sinn3r
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
Jonathan Cran
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
Tod Beardsley
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00