Skip to content

Commit f313389

Browse files
author
Brent Cook
committed
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2 parents be2aabb + 6a35b36 commit f313389

File tree

88 files changed

+4534
-295
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

88 files changed

+4534
-295
lines changed

Gemfile.lock

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
PATH
22
remote: .
33
specs:
4-
metasploit-framework (4.12.40)
4+
metasploit-framework (4.13.1)
55
actionpack (~> 4.2.6)
66
activerecord (~> 4.2.6)
77
activesupport (~> 4.2.6)
@@ -14,7 +14,7 @@ PATH
1414
metasploit-concern
1515
metasploit-credential
1616
metasploit-model
17-
metasploit-payloads (= 1.1.26)
17+
metasploit-payloads (= 1.1.29)
1818
metasploit_data_models
1919
metasploit_payloads-mettle (= 0.0.8)
2020
msgpack
@@ -89,7 +89,8 @@ GEM
8989
minitest (~> 5.1)
9090
thread_safe (~> 0.3, >= 0.3.4)
9191
tzinfo (~> 1.1)
92-
addressable (2.4.0)
92+
addressable (2.5.0)
93+
public_suffix (~> 2.0, >= 2.0.2)
9394
arel (6.0.3)
9495
arel-helpers (2.3.0)
9596
activerecord (>= 3.1.0, < 6)
@@ -152,24 +153,24 @@ GEM
152153
loofah (2.0.3)
153154
nokogiri (>= 1.5.9)
154155
metasm (1.0.2)
155-
metasploit-concern (2.0.1)
156+
metasploit-concern (2.0.2)
156157
activemodel (~> 4.2.6)
157158
activesupport (~> 4.2.6)
158159
railties (~> 4.2.6)
159-
metasploit-credential (2.0.4)
160+
metasploit-credential (2.0.7)
160161
metasploit-concern
161162
metasploit-model
162163
metasploit_data_models
163164
pg
164165
railties
165166
rubyntlm
166167
rubyzip
167-
metasploit-model (2.0.0)
168+
metasploit-model (2.0.2)
168169
activemodel (~> 4.2.6)
169170
activesupport (~> 4.2.6)
170171
railties (~> 4.2.6)
171-
metasploit-payloads (1.1.26)
172-
metasploit_data_models (2.0.5)
172+
metasploit-payloads (1.1.29)
173+
metasploit_data_models (2.0.8)
173174
activerecord (~> 4.2.6)
174175
activesupport (~> 4.2.6)
175176
arel-helpers
@@ -195,8 +196,8 @@ GEM
195196
network_interface (0.0.1)
196197
nokogiri (1.6.8.1)
197198
mini_portile2 (~> 2.1.0)
198-
octokit (4.3.0)
199-
sawyer (~> 0.7.0, >= 0.5.3)
199+
octokit (4.6.1)
200+
sawyer (~> 0.8.0, >= 0.5.3)
200201
openssl-ccm (1.2.1)
201202
openvas-omp (0.0.4)
202203
packetfu (1.1.11)
@@ -214,7 +215,8 @@ GEM
214215
coderay (~> 1.1.0)
215216
method_source (~> 0.8.1)
216217
slop (~> 3.4)
217-
rack (1.6.4)
218+
public_suffix (2.0.4)
219+
rack (1.6.5)
218220
rack-test (0.6.3)
219221
rack (>= 1.0)
220222
rails-deprecated_sanitizer (1.0.3)
@@ -232,7 +234,7 @@ GEM
232234
thor (>= 0.18.1, < 2.0)
233235
rake (11.3.0)
234236
rb-readline-r7 (0.5.2.0)
235-
recog (2.0.22)
237+
recog (2.0.24)
236238
nokogiri
237239
redcarpet (3.3.4)
238240
rex-arch (0.1.2)
@@ -248,7 +250,7 @@ GEM
248250
metasm
249251
rex-arch
250252
rex-text
251-
rex-exploitation (0.1.1)
253+
rex-exploitation (0.1.2)
252254
jsobfu
253255
metasm
254256
rex-arch
@@ -271,13 +273,13 @@ GEM
271273
metasm
272274
rex-core
273275
rex-text
274-
rex-socket (0.1.0)
276+
rex-socket (0.1.1)
275277
rex-core
276278
rex-sslscan (0.1.0)
277279
rex-socket
278280
rex-text
279281
rex-struct2 (0.1.0)
280-
rex-text (0.2.4)
282+
rex-text (0.2.5)
281283
rex-zip (0.1.0)
282284
rex-text
283285
rkelly-remix (0.0.6)
@@ -301,8 +303,8 @@ GEM
301303
rspec-support (3.5.0)
302304
rubyntlm (0.6.1)
303305
rubyzip (1.2.0)
304-
sawyer (0.7.0)
305-
addressable (>= 2.3.5, < 2.5)
306+
sawyer (0.8.0)
307+
addressable (>= 2.3.5, < 2.6)
306308
faraday (~> 0.8, < 0.10)
307309
shoulda-matchers (3.1.1)
308310
activesupport (>= 4.0.0)
@@ -319,7 +321,7 @@ GEM
319321
timecop (0.8.1)
320322
tzinfo (1.2.2)
321323
thread_safe (~> 0.1)
322-
tzinfo-data (1.2016.8)
324+
tzinfo-data (1.2016.9)
323325
tzinfo (>= 1.0.0)
324326
windows_error (0.0.2)
325327
xpath (2.0.0)

data/exploits/CVE-2015-1328/1328

13.3 KB
Binary file not shown.

data/exploits/CVE-2015-1328/ofs-lib.so

7.57 KB
Binary file not shown.

data/exploits/CVE-2015-8660/8660

13.2 KB
Binary file not shown.

data/exploits/CVE-2016-4557/doubleput

13.6 KB
Binary file not shown.

data/exploits/CVE-2016-4557/hello

9.35 KB
Binary file not shown.

data/exploits/CVE-2016-4557/suidhelper

8.63 KB
Binary file not shown.

data/exploits/office_ole_multiple_dll_hijack.ppsx

30.5 KB
Binary file not shown.

db/schema.rb

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
#
1212
# It's strongly recommended that you check this file into your version control system.
1313

14-
ActiveRecord::Schema.define(version: 20161004165612) do
14+
ActiveRecord::Schema.define(version: 20161107203710) do
1515

1616
# These are extensions that must be enabled in order to support this database
1717
enable_extension "plpgsql"
@@ -320,7 +320,8 @@
320320
t.string "jtr_format"
321321
end
322322

323-
add_index "metasploit_credential_privates", ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, using: :btree
323+
add_index "metasploit_credential_privates", ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, where: "(NOT ((type)::text = 'Metasploit::Credential::SSHKey'::text))", using: :btree
324+
add_index "metasploit_credential_privates", ["type"], name: "index_metasploit_credential_privates_on_type_and_data_sshkey", unique: true, where: "((type)::text = 'Metasploit::Credential::SSHKey'::text)", using: :btree
324325

325326
create_table "metasploit_credential_publics", force: :cascade do |t|
326327
t.string "username", null: false

documentation/modules/auxiliary/gather/censys_search.md

Lines changed: 214 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,214 @@
1+
The module use the Censys REST API to access the same data accessible through web interface. The search endpoint allows searches against the current data in the IPv4, Top Million Websites, and Certificates indexes using the same search syntax as the primary site.
2+
3+
## Verification Steps
4+
5+
1. Do: `use auxiliary/gather/censys_search`
6+
2. Do: `set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX`
7+
3. Do: `set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
8+
4. Do: `set CENSYS_SEARCHTYPE certificates`
9+
5: Do: `set CENSYS_DORK rapid7`
10+
6: Do: `run`
11+
12+
## Sample Output
13+
14+
#### Certificates Search
15+
16+
```
17+
msf auxiliary(censys_search) > set CENSYS_DORK rapid7
18+
CENSYS_DORK => rapid7
19+
msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE certificates
20+
CENSYS_SEARCHTYPE => certificates
21+
...
22+
[+] 199.15.214.152 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
23+
[+] 31.214.157.19 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
24+
[+] 31.220.7.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
25+
[+] 168.253.216.190 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
26+
[+] 52.88.1.225 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
27+
[+] 208.118.237.41 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
28+
[+] 64.125.235.5 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
29+
[+] 208.118.237.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
30+
[+] 208.118.237.40 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
31+
[+] 208.118.227.12 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
32+
[+] 208.118.237.38 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
33+
[+] 23.48.13.195 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
34+
[+] 208.118.227.14 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
35+
[+] 54.230.252.134 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
36+
[+] 54.230.249.63 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
37+
[+] 54.230.249.242 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
38+
[+] 54.230.249.187 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
39+
[+] 54.230.249.64 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
40+
[+] 54.230.249.181 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
41+
[+] 54.230.249.17 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
42+
[+] 54.230.249.183 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
43+
[+] 54.230.249.186 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
44+
[+] 199.15.214.152 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
45+
[+] 31.214.157.19 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
46+
[+] 31.220.7.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
47+
[+] 168.253.216.190 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
48+
[+] 52.88.1.225 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
49+
[+] 208.118.237.41 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
50+
[+] 64.125.235.5 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
51+
[+] 208.118.237.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
52+
[+] 208.118.237.40 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
53+
[+] 208.118.227.12 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
54+
[+] 208.118.237.38 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
55+
[+] 23.48.13.195 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
56+
[+] 208.118.227.14 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
57+
[+] 54.230.252.134 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
58+
[+] 54.230.249.63 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
59+
[+] 54.230.249.242 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
60+
[+] 54.230.249.187 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
61+
[+] 54.230.249.64 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
62+
[+] 54.230.249.181 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
63+
[+] 54.230.249.17 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
64+
[+] 54.230.249.183 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
65+
[+] 54.230.249.186 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
66+
[+] 199.15.214.152 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
67+
[+] 31.214.157.19 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
68+
[+] 31.220.7.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
69+
[+] 168.253.216.190 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
70+
[+] 52.88.1.225 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
71+
[+] 208.118.237.41 - CN=NeXpose Security Console, O=Rapid7
72+
...
73+
74+
```
75+
76+
### IPv4 Search
77+
78+
```
79+
msf auxiliary(censys_search) > set CENSYS_DORK rapid7
80+
CENSYS_DORK => rapid7
81+
msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE ipv4
82+
CENSYS_SEARCHTYPE => ipv4
83+
[*] 197.117.5.36 - 443/https
84+
[*] 208.118.237.81 - 443/https
85+
[*] 206.19.237.19 - 443/https
86+
[*] 54.214.49.70 - 80/http,443/https
87+
[*] 208.118.237.241 - 443/https
88+
[*] 162.220.246.141 - 443/https,22/ssh,80/http
89+
[*] 31.214.157.19 - 443/https,22/ssh
90+
[*] 52.88.1.225 - 443/https,22/ssh
91+
[*] 208.118.227.12 - 25/smtp
92+
[*] 38.107.201.41 - 443/https
93+
[*] 52.44.56.126 - 80/http,443/https
94+
[*] 52.54.227.6 - 443/https,80/http
95+
[*] 23.217.253.242 - 443/https,80/http
96+
[*] 96.6.3.45 - 80/http,443/https
97+
[*] 23.6.73.47 - 443/https,80/http
98+
[*] 23.78.99.243 - 80/http,443/https
99+
[*] 23.53.51.170 - 80/http,443/https
100+
[*] 23.62.201.47 - 443/https,80/http
101+
[*] 2.23.50.157 - 443/https,80/http
102+
[*] 118.215.191.13 - 80/http,443/https
103+
[*] 2.19.185.28 - 80/http,443/https
104+
[*] 2.18.195.99 - 443/https,80/http
105+
[*] 23.197.196.25 - 443/https,80/http
106+
[*] 95.100.104.181 - 443/https,80/http
107+
[*] 2.20.37.130 - 80/http,443/https
108+
[*] 23.194.237.34 - 443/https,80/http
109+
[*] 2.17.140.86 - 443/https,80/http
110+
[*] 64.125.235.5 - 25/smtp
111+
[*] 208.118.227.32 - 80/http
112+
[*] 2.21.129.149 - 80/http,443/https
113+
[*] 2.20.167.33 - 80/http,443/https
114+
[*] 95.100.139.218 - 80/http,443/https
115+
[*] 23.38.88.202 - 443/https,80/http
116+
[*] 2.17.184.80 - 443/https,80/http
117+
[*] 23.59.119.23 - 80/http,443/https
118+
[*] 2.16.14.225 - 443/https,80/http
119+
[*] 104.113.122.33 - 443/https,80/http
120+
[*] 23.223.44.164 - 80/http,443/https
121+
[*] 88.221.120.214 - 443/https,80/http
122+
[*] 23.47.36.145 - 443/https,80/http
123+
[*] 2.23.21.254 - 80/http,443/https
124+
[*] 208.118.237.39 - 443/https
125+
[*] 208.118.237.40 - 443/https
126+
[*] 208.118.237.41 - 443/https
127+
[*] 23.54.217.47 - 80/http,443/https
128+
[*] 96.17.254.188 - 443/https,80/http
129+
[*] 184.25.129.65 - 443/https,80/http
130+
[*] 104.121.167.123 - 443/https,80/http
131+
[*] 104.94.110.63 - 443/https,80/http
132+
[*] 104.91.11.216 - 80/http,443/https
133+
[*] 23.38.233.47 - 80/http,443/https
134+
[*] 52.86.110.89 - 80/http,443/https
135+
[*] 69.192.73.47 - 443/https,80/http
136+
[*] 184.86.57.47 - 443/https,80/http
137+
[*] 104.86.45.180 - 443/https,80/http
138+
[*] 184.87.72.153 - 80/http,443/https
139+
[*] 23.66.25.47 - 80/http,443/https
140+
[*] 23.56.162.76 - 80/http,443/https
141+
[*] 184.87.133.242 - 443/https,80/http
142+
[*] 23.55.74.28 - 80/http,443/https
143+
[*] 23.6.225.84 - 80/http,443/https
144+
[*] 23.46.133.153 - 443/https,80/http
145+
[*] 23.10.121.47 - 443/https,80/http
146+
[*] 104.109.35.169 - 80/http,443/https
147+
[*] 172.227.101.182 - 80/http,443/https
148+
[*] 184.27.23.104 - 80/http,443/https
149+
[*] 23.49.185.47 - 80/http,443/https
150+
[*] 23.67.172.177 - 80/http,443/https
151+
[*] 23.62.170.161 - 443/https,80/http
152+
[*] 23.219.71.35 - 443/https,80/http
153+
[*] 104.82.94.233 - 443/https,80/http
154+
[*] 184.26.73.47 - 80/http,443/https
155+
[*] 104.68.108.237 - 80/http,443/https
156+
[*] 23.60.39.77 - 80/http,443/https
157+
[*] 23.66.100.92 - 80/http,443/https
158+
[*] 23.61.28.182 - 443/https,80/http
159+
[*] 23.42.116.233 - 80/http,443/https
160+
[*] 104.105.14.197 - 80/http,443/https
161+
[*] 104.103.203.240 - 80/http,443/https
162+
[*] 104.65.57.235 - 80/http,443/https
163+
[*] 23.41.83.224 - 80/http,443/https
164+
[*] 184.51.185.47 - 80/http,443/https
165+
[*] 23.67.231.142 - 80/http,443/https
166+
[*] 208.118.237.38 - 443/https
167+
[*] 104.76.25.28 - 80/http,443/https
168+
[*] 23.196.125.176 - 443/https,80/http
169+
[*] 23.40.154.224 - 80/http,443/https
170+
[*] 23.77.33.204 - 443/https,80/http
171+
[*] 104.88.21.48 - 80/http,443/https
172+
[*] 173.223.134.47 - 80/http,443/https
173+
[*] 23.4.98.72 - 80/http,443/https
174+
[*] 23.44.97.3 - 80/http,443/https
175+
[*] 23.203.66.142 - 443/https,80/http
176+
[*] 23.42.216.251 - 443/https,80/http
177+
[*] 23.42.85.25 - 80/http,443/https
178+
[*] 173.255.195.131 - 80/http,23/telnet,25/smtp,110/pop3,53/dns,443/https,22/ssh
179+
[*] 104.83.219.182 - 443/https,80/http
180+
[*] 184.86.41.47 - 443/https,80/http
181+
[*] 104.97.72.196 - 443/https,80/http
182+
[*] 69.192.169.48 - 443/https,80/http
183+
```
184+
185+
### Websites Search
186+
187+
```
188+
msf auxiliary(censys_search) > set CENSYS_DORK rapid7
189+
CENSYS_DORK => rapid7
190+
msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE websites
191+
CENSYS_SEARCHTYPE => websites
192+
msf auxiliary(censys_search) > run
193+
194+
[+] rapid7.com - [37743]
195+
[+] logentries.com - [45346]
196+
[+] venturefizz.com - [106102]
197+
[+] gild.com - [116853]
198+
[+] sectools.org - [122125]
199+
[+] ericzhang.me - [155622]
200+
[+] metasploit.com - [156435]
201+
[+] datapipe.com - [209756]
202+
[+] routerpwn.com - [317896]
203+
[+] proxy-base.com - [507954]
204+
[+] config.fr - [542346]
205+
[+] winterwyman.com - [629471]
206+
[+] gogrid.com - [741009]
207+
[+] wesecure.nl - [997423]
208+
[*] Auxiliary module execution completed
209+
```
210+
211+
212+
## References
213+
214+
1. https://censys.io/api

0 commit comments

Comments
 (0)