New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improves detection of the MS15-034 #5386
Merged
Merged
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
202a77f
Improves detection of the MS15-034
erwanlr 4f6fe2a
Avoids swallowing exceptions
erwanlr d9d8634
Changes the message displayed when vulnerable
erwanlr 447c4ee
Allows the targetèuri to be shared between the #check and #dos
erwanlr 6d01d7f
Uses peer instead of ip:port across all the module
erwanlr a74c337
Uses vprint instead of print in #check_host
erwanlr File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These messages aren't very necessary. If you run the check command, basically it will tell you the check result twice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you meant the 'run command' instead of 'check command' ?
If those are removed, the vulnerable file or tested ones are never displayed, leading to the same behaviour as Nessus: it just tells you if it's vulnerable or not, w/o any relevant output (i.e the files tested) which is extremely annoying when you want to double check or provide an easiest way for a client to verify the issue (using curl for example)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a check command. It handles our check codes. It's different from the run command.<-- wait never mind, you know this. You demo'd this in the PR description.Sorry I wasn't being clear enough. I only meant the safe/vulnerable messages. You can vprint which files are tried or useful, definitely handy, but please avoid the safe/vulnerable messages because the check handler is doing that already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm you know what.... if you don't say vulnerable/safe it's kind of weird too. Please disregard my feedback.
You do need to vprint
print_status("#{peer} - #{uri} is vulnerable")
though. We started enforcing this last year.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I should be able to land this today.