Permalink
Browse files

First step on module cleaning.

  • Loading branch information...
1 parent 237038d commit 9c6fec3c333981e66044daa08ca44b9a185434f0 @efraintorres efraintorres committed with todb Feb 20, 2012
View
@@ -459,6 +459,7 @@ api
aponline
app
appeals
+appl
apple
applet
applets
@@ -525,6 +526,8 @@ aw
awStats
awardsearch
awstatsoutput
+axis
+axis2
axis-cgi
ayuda
b
@@ -855,6 +858,7 @@ connect
connected
conquer
console
+consola
consumer
contact
contact-us
@@ -1801,6 +1805,7 @@ marketing
mary
master
mastergate
+mastercraft
math
math-ph
matrix
@@ -44,6 +44,7 @@ def run_host(ip)
'.backup',
'.bak',
'.copy',
+ '.copia',
'.old',
'.orig',
'.temp',
@@ -35,7 +35,7 @@ def initialize(info = {})
register_options(
[
OptString.new('PATH', [ true, "The path to identify directories", '/']),
- OptString.new('FORMAT', [ true, "The expected directory format (a alpha, d digit, A upperalpha)", 'aaa'])
+ OptString.new('FORMAT', [ true, "The expected directory format (a alpha, d digit, A upperalpha)", 'a,aa,aaa'])
], self.class)
register_advanced_options(
@@ -71,7 +71,7 @@ def run_host(ip)
# You may add multiple formats in the array
forma = []
- forma << datastore['FORMAT']
+ forma = datastore['FORMAT'].split(',')
ecode = datastore['ErrorCode'].to_i
extens.each do |exte|
@@ -14,7 +14,6 @@
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
- include Msf::Auxiliary::WmapScanServer
include Msf::Auxiliary::Scanner
def initialize
@@ -10,6 +10,7 @@
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
+ include Msf::Auxiliary::WmapScanServer
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
@@ -35,7 +36,7 @@ module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'
register_options(
[
- OptString.new('URIPATH', [true, "Drupal Path", "/"]),
+ OptString.new('PATH', [true, "Drupal Path", "/"]),
], self.class)
end
@@ -70,7 +71,7 @@ def run_host(ip)
# Check if remote host is available or appears vulnerable
if not check(enum_uri)
- print_error("#{ip} does not appear to be vulnerable, will not continue")
+ print_status("#{ip} does not appear to be vulnerable, will not continue")
return
end
@@ -67,6 +67,7 @@ def run_host(ip)
'.exe',
'.html',
'.htm',
+ '.ini',
'.log',
'.old',
'.orig',
@@ -70,7 +70,7 @@ def run_host(target_host)
if (fpversion = res.match(/FPVersion="(.*)"/))
fpversion = $1
print_status("#{info} FrontPage Version: #{fpversion}")
- report_service(:host => target_host, :port => port, :name => "http", :info => "#{server_version} FrontPage Version: #{fpversion}")
+
if (fpauthor = res.match(/FPAuthorScriptUrl="([^"]*)/))
fpauthor = $1
print_status("#{info} FrontPage Author: #{info}#{fpauthor}")
@@ -14,6 +14,7 @@
class Metasploit4 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
+ include Msf::Auxiliary::WmapScanDir
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
@@ -49,8 +50,9 @@ def initialize
register_options(
[
- OptString.new('PATH', [true, "The path to attempt to write or delete", "/msf_http_put_test.txt"]),
- OptString.new('DATA', [false, "The data to upload into the file", "msf test file"]),
+ OptString.new('PATH', [true, "The path to attempt to write or delete", "/"]),
+ OptString.new('FILENAME', [true, "The file to attempt to write or delete", "msf_http_put_test.txt"]),
+ OptString.new('FILEDATA', [false, "The data to upload into the file", "msf test file"]),
OptString.new('ACTION', [true, "PUT or DELETE", "PUT"])
], self.class)
end
@@ -123,10 +125,16 @@ def do_delete(path)
#
def run_host(ip)
path = datastore['PATH']
- data = datastore['DATA']
+ data = datastore['FILEDATA']
#Add "/" if necessary
path = "/#{path}" if path[0,1] != '/'
+
+ if path[-1,1] != '/'
+ path += '/'
+ end
+
+ path += datastore['FILENAME']
case action.name
when 'PUT'
@@ -17,7 +17,6 @@
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
- include Msf::Auxiliary::WmapScanUniqueQuery
include Msf::Auxiliary::Scanner
@@ -45,10 +44,6 @@ def initialize(info = {})
end
- def wmap_enabled
- false
- end
-
def run_host(ip)
# Weird to indent for practical reasons.
@@ -64,13 +64,16 @@ def run_host(ip)
'.tmp',
'.old',
'.htm',
+ '.ini',
+ '.cfg',
'.html',
'.php',
'.temp',
'.tmp',
'.java',
'.doc',
- '.log'
+ '.log',
+ '.xml'
]
@@ -17,6 +17,7 @@ class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
+ include Msf::Auxiliary::WmapScanServer
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
@@ -11,6 +11,7 @@ class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
+ include Msf::Auxiliary::WmapScanServer
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
@@ -17,7 +17,8 @@ class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
- include Msf::Auxiliary::WmapScanServer
+ include Msf::Auxiliary::WmapScanDir
+ include Msf::Auxiliary::WmapScanFile
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
@@ -48,6 +48,11 @@ def initialize(info = {})
], self.class)
end
+
+ # Modify to true if you have sqlmap installed.
+ def wmap_enabled
+ false
+ end
def run_host(ip)
conn = false

0 comments on commit 9c6fec3

Please sign in to comment.