ID MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS Type metasploit Reporter Rapid7 Modified 2017-07-24T13:26:21
Description
This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::VIMSoap
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'VMWare Enumerate Virtual Machines',
'Description' => %Q{
This module attempts to discover virtual machines on any VMWare instance
running the web interface. This would include ESX/ESXi and VMWare Server.
},
'Author' => ['theLightCosine'],
'License' => MSF_LICENSE,
'DefaultOptions' => { 'SSL' => true }
)
register_options(
[
Opt::RPORT(443),
OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),
OptBool.new('SCREENSHOT', [true, "Wheter or not to try to take a screenshot", true])
])
end
def run_host(ip)
if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
virtual_machines = vim_get_vms
virtual_machines.each do |vm|
print_good YAML.dump(vm)
report_note(
:host => rhost,
:type => "vmware.esx.vm",
:data => vm,
:port => rport,
:proto => 'tcp',
:update => :unique_data
)
next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'
print_status "Attempting to take screenshot of #{vm['name']}...."
screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )
case screenshot
when :error
print_error "Screenshot failed"
next
when :expired
vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])
retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )
if retry_result == :error or retry_result == :expired
print_error "Screenshot failed"
else
ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], retry_result, "#{vm['name']}_screenshot.png", "Screenshot of VM #{vm['name']}")
print_good "Screenshot Saved to #{ss_path}"
end
else
ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], screenshot, "screenshot.png", "Screenshot of VM #{vm['name']}")
print_good "Screenshot Saved to #{ss_path}"
end
end
f = store_loot('host.vmware.vms', "text/plain", datastore['RHOST'], YAML.dump(virtual_machines) , "#{datastore['RHOST']}_esx_vms.txt", "VMWare ESX Virtual Machines")
vprint_good("VM info stored in: #{f}")
else
print_error "Login Failure on #{ip}"
return
end
end
end
{"id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "hash": "8369b2c53fa14b26ef02015e573f5964", "type": "metasploit", "bulletinFamily": "exploit", "title": "VMWare Enumerate Virtual Machines", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "published": "2012-02-13T18:07:28", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2018-01-29T22:11:10", "history": [{"edition": 1, "bulletin": {"published": "2012-02-13T18:07:28", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\n\n\nclass MetasploitModule < Msf::Auxiliary\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_status(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\n\nend\n", "references": [], "modified": "2017-05-03T20:42:21", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 1, "lastseen": "2017-07-02T23:55:28", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "https://www.rapid7.com/db/modules/auxiliary/scanner/vmware/vmware_enum_vms", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "sourceData"], "lastseen": "2017-07-02T23:55:28"}, {"edition": 2, "bulletin": {"published": "2012-02-13T18:07:28", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "2017-07-24T13:26:21", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 1, "lastseen": "2017-07-24T19:29:47", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "https://www.rapid7.com/db/modules/auxiliary/scanner/vmware/vmware_enum_vms", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["href"], "lastseen": "2017-07-24T19:29:47"}, {"edition": 3, "bulletin": {"published": "2012-02-13T18:07:28", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "2017-07-24T13:26:21", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 2, "lastseen": "2017-08-21T15:32:10", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "published"], "lastseen": "2017-08-21T15:32:10"}, {"edition": 4, "bulletin": {"published": "1976-01-01T00:00:00", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "1976-01-01T00:00:00", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 2, "lastseen": "2017-10-17T19:25:17", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "published"], "lastseen": "2017-10-17T19:25:17"}, {"edition": 5, "bulletin": {"published": "2012-02-13T18:07:28", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "2017-07-24T13:26:21", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 3, "lastseen": "2017-10-18T07:16:05", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "published"], "lastseen": "2017-10-18T07:16:05"}, {"edition": 6, "bulletin": {"published": "1976-01-01T00:00:00", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "1976-01-01T00:00:00", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 3, "lastseen": "2017-11-07T07:46:21", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "published"], "lastseen": "2017-11-07T07:46:21"}, {"edition": 7, "bulletin": {"published": "2012-02-13T18:07:28", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "2017-07-24T13:26:21", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {"score": {"modified": "2017-11-08T19:42:26", "value": 5.1}}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 3, "lastseen": "2017-11-08T19:42:26", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "published"], "lastseen": "2017-11-08T19:42:26"}, {"edition": 8, "bulletin": {"published": "1976-01-01T00:00:00", "type": "metasploit", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "references": [], "modified": "1976-01-01T00:00:00", "description": "This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.", "enchantments": {"score": {"modified": "2018-01-29T18:09:31", "value": 5.1}}, "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_ENUM_VMS", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "metasploitReliability": "Normal", "enchantments_done": [], "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "VMWare Enumerate Virtual Machines", "viewCount": 3, "lastseen": "2018-01-29T18:09:31", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "cvelist": [], "objectVersion": "1.4", "history": [], "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, "differentElements": ["modified", "published"], "lastseen": "2018-01-29T18:09:31"}], "viewCount": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Enumerate Virtual Machines',\n 'Description' => %Q{\n This module attempts to discover virtual machines on any VMWare instance\n running the web interface. This would include ESX/ESXi and VMWare Server.\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptBool.new('SCREENSHOT', [true, \"Wheter or not to try to take a screenshot\", true])\n ])\n end\n\n def run_host(ip)\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n virtual_machines = vim_get_vms\n virtual_machines.each do |vm|\n print_good YAML.dump(vm)\n report_note(\n :host => rhost,\n :type => \"vmware.esx.vm\",\n :data => vm,\n :port => rport,\n :proto => 'tcp',\n :update => :unique_data\n )\n next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'\n print_status \"Attempting to take screenshot of #{vm['name']}....\"\n screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n case screenshot\n when :error\n print_error \"Screenshot failed\"\n next\n when :expired\n vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])\n retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )\n if retry_result == :error or retry_result == :expired\n print_error \"Screenshot failed\"\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], retry_result, \"#{vm['name']}_screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n else\n ss_path = store_loot(\"host.vmware.screenshot\", \"image/png\", datastore['RHOST'], screenshot, \"screenshot.png\", \"Screenshot of VM #{vm['name']}\")\n print_good \"Screenshot Saved to #{ss_path}\"\n end\n end\n\n f = store_loot('host.vmware.vms', \"text/plain\", datastore['RHOST'], YAML.dump(virtual_machines) , \"#{datastore['RHOST']}_esx_vms.txt\", \"VMWare ESX Virtual Machines\")\n vprint_good(\"VM info stored in: #{f}\")\n else\n print_error \"Login Failure on #{ip}\"\n return\n end\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"]}
{"kitploit": [{"lastseen": "2018-12-13T00:45:48", "references": ["https://github.com/thesp0nge/dawnscanner", "https://retirejs.github.io/retire.js/", "https://github.com/wpscanteam/wpscan", "https://github.com/rubysec/bundler-audit", "https://github.com/dxa4481/truffleHog", "https://find-sec-bugs.github.io/", "https://github.com/olacabs/jackhammer", "https://github.com/AndroBugs/AndroBugs_Framework", "https://github.com/androguard/androguard", "https://pmd.github.io/"], "description": "[  ](<https://1.bp.blogspot.com/-nMT-Q7u9Jko/XAXPraHvwhI/AAAAAAAANfQ/gOcozRok3YUIf0WjAi6DZGSzVlNgUgDhwCLcBGAs/s1600/jackhammer.png>)\n\n \nOne Security vulnerability assessment/management tool to solve all the security team problems. \n \n** What is Jackhammer? ** \n\n\nJackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static [ code analysis ](<https://www.kitploit.com/search/label/Code%20Analysis>) and [ dynamic analysis ](<https://www.kitploit.com/search/label/Dynamic%20Analysis>) with inbuilt [ vulnerability management ](<https://www.kitploit.com/search/label/Vulnerability%20Management>) capability. It finds security [ vulnerabilities ](<https://www.kitploit.com/search/label/vulnerabilities>) in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments. \n\nIt completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool. \n\nJackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code,web app, mobile app, cms (wordpress), network. \n\n \n** Key Features: ** \n\n\n * Provides unified interface to collaborate on findings \n * Scanning (code) can be done for all code management repositories \n * Scheduling of scans based on intervals # daily, weekly, monthly \n * Advanced false positive filtering \n * Publish vulnerabilities to bug tracking systems \n * Keep a tab on statistics and vulnerability trends in your applications \n * Integrates with majority of open source and commercial scanning tools \n * Users and Roles management giving greater control \n * Configurable severity levels on list of findings across the applications \n * Built-in vulnerability status progression \n * Easy to use filters to review targeted sets from tons of vulnerabilities \n * Asynchronous scanning (via sidekiq) that scale \n * Seamless [ Vulnerability ](<https://www.kitploit.com/search/label/Vulnerability>) Management \n * Track statistics and graph security trends in your applications \n * Easily integrates with a variety of open source, commercial and custom scanning tools \n \n** Supported Vulnerability Scanners: ** \n \n** Static Analysis: ** \n\n\n * [ Brakeman ](<http://brakemanscanner.org/>)\n * [ Bundler-Audit ](<https://github.com/rubysec/bundler-audit>)\n * [ Checkmarx** ](<https://www.checkmarx.com/technology/static-code-analysis-sca/>)\n * [ Dawnscanner ](<https://github.com/thesp0nge/dawnscanner>)\n * [ FindSecurityBugs ](<https://find-sec-bugs.github.io/>)\n * [ Xanitizer* ](<https://www.rigs-it.net/index.php/get-xanitizer.html>)\n * [ NodeSecurityProject ](<https://nodesecurity.io/>)\n * [ PMD ](<https://pmd.github.io/>)\n * [ Retire.js ](<https://retirejs.github.io/retire.js/>)\n* license required ** commercial license required \n \n** Finding hard coded secrets/tokens/creds: ** \n\n\n * [ Trufflehog ](<https://github.com/dxa4481/truffleHog>) (Slightly modified/extended for better result and integration as of May 2017) \n \n** Webapp: ** \n\n\n * [ Arachni ](<http://www.arachni-scanner.com/>)\n \n** Mobile App: ** \n\n\n * [ Androbugs ](<https://github.com/AndroBugs/AndroBugs_Framework>) (Slightly modified/extended for better result and integration as of May 2017) \n * [ Androguard ](<https://github.com/androguard/androguard>) (Slightly modified/extended for better result and integration as of May 2017) \n \n** Wordpress: ** \n\n\n * [ WPScan ](<https://github.com/wpscanteam/wpscan>) (Slightly modified/extended for better result and integration as of May 2017) \n \n** Network: ** \n\n\n * [ Nmap ](<https://nmap.org/>)\n \n** Adding Custom (other open source/commercial /personal) Scanners: ** \nYou can add any scanner to jackhammer within 10-30 minutes. [ Check the links/video ](<https://jch.olacabs.com/userguide/adding_new_tool>) \n \n** Quick Start and Installation ** \nSee our [ Quick Start/Installation Guide ](<http://jch.olacabs.com/userguide/installation>) if you want to try out Jackhammer as quickly as possible using Docker Compose. \n \n** Run the following commands for local setup (corporate mode): ** \n\n \n \n git clone https://github.com/olacabs/jackhammer\n sh ./docker-build.sh\n \n\n \n** Default credentials for local setup: ** \nusername: [email protected] \npassword: j4ckh4mm3r \n \n** (For single user mode) ** \n\n \n \n sh ./docker-build.sh SingleUser\n \n\ndo signup for access \n \n** Restarting Jackhammer ** \n\n \n \n docker-compose stop\n docker-compose rm\n docker-compose up -d\n\n \n** User Guide ** \nThe [ User Guide ](<https://jch.olacabs.com/userguide>) will give you an overview of how to use Jackhammer once you have things up and running. \n \n** Demo ** \n \n** Demo Environment Link: ** \n[ https://jch.olacabs.com/ ](<https://jch.olacabs.com/>) \n \n** Default credentials: ** \nusername: [email protected] \npassword: [email protected] \n \n** Credits ** \nSentinels Team @Ola \n \n** Shout-out to: ** \n-Madhu \n-Habi \n-Krishna \n-Shreyas \n-Krutarth \n-Naveen \n-Mohan \n \n \n\n\n** [ Download Jackhammer ](<https://github.com/olacabs/jackhammer>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2018-12-12T20:49:04", "title": "Jackhammer - One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems", "type": "kitploit", "enchantments": {}, "bulletinFamily": "tools", "cvelist": [], "modified": "2018-12-12T20:49:04", "toolHref": "https://github.com/olacabs/jackhammer", "id": "KITPLOIT:7380705835642911918", "href": "http://www.kitploit.com/2018/12/jackhammer-one-security-vulnerability.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T00:45:58", "references": ["https://github.com/", "https://github.com/thesp0nge/dawnscanner", "https://github.com/thesp0nge/railsberry2013", "https://github.com/saten", "https://github.com/presidentbeef", "https://github.com/marinerJB", "https://github.com/matteocollina"], "description": "[  ](<https://1.bp.blogspot.com/-w14eE3qGgXM/XAXNabIU91I/AAAAAAAANfA/Oaz9f3d6sBc65bHbVs0YZtBmDWE54uPUQCLcBGAs/s1600/ruby.png>)\n\n \n\n\ndawnscanner is a source code scanner designed to review your ruby code for security issues. \n\ndawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box: \n\n * [ Ruby on Rails ](<http://rubyonrails.org/>)\n * [ Sinatra ](<http://www.sinatrarb.com/>)\n * [ Padrino ](<http://www.padrinorb.com/>)\n\n \n\n\n** Quick update from November, 2018 **\n\nAs you can see dawnscanner is on hold since more then an year. Sorry for that. It's life. I was overwhelmed by tons of stuff and I dedicated free time to Offensive Security certifications. True to be told, I'm starting OSCE journey really soon. \n\nThe dawnscanner project will be updated soon with new security checks and kickstarted again. \n\nPaolo \n\n \n\n\ndawnscanner version 1.6.6 has 235 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp [ Ruby on Rails ](<https://www.kitploit.com/search/label/Ruby%20on%20Rails>) cheatsheet. \n\n \n** An overall introduction ** \nWhen you run dawnscanner on your code it parses your project Gemfile.lock looking for the gems used and it tries to detect the ruby interpreter version you are using or you declared in your ruby version management tool you like most (RVM, rbenv, ...). \nThen the tool tries to detect the MVC framework your web application uses and it applies the security check accordingly. There checks designed to match rails application or checks that are appliable to any ruby code. \ndawnscanner can also understand the code in your views and to backtrack sinks to spot [ cross site scripting ](<https://www.kitploit.com/search/label/Cross%20Site%20Scripting>) and sql injections introduced by the code you actually wrote. In the project roadmap this is the code most of the future development effort will be focused on. \ndawnscanner security scan result is a list of [ vulnerabilities ](<https://www.kitploit.com/search/label/vulnerabilities>) with some mitigation actions you want to follow in order to build a stronger web application. \n \n** Installation ** \nYou can install latest dawnscanner version, fetching it from [ Rubygems ](<https://rubygems.org/>) by typing: \n\n \n \n $ gem install dawnscanner \n\nIf you want to add dawn to your project Gemfile, you must add the following: \n\n \n \n group :development do\n gem 'dawnscanner', :require=>false\n end\n\nAnd then upgrade your bundle \n\n \n \n $ bundle install\n\nYou may want to build it from source, so you have to check it out from github first: \n\n \n \n $ git clone https://github.com/thesp0nge/dawnscanner.git\n $ cd dawnscanner\n $ bundle install\n $ rake install\n\nAnd the dawnscanner gem will be built in a pkg directory and then installed on your system. Please note that you have to manage dependencies on your own this way. It makes sense only if you want to hack the code or something like that. \n \n** Usage ** \nYou can start your code review with dawnscanner very easily. Simply tell the tool where the project root directory. \nUnderlying MVC framework is autodetected by dawnscanner using target Gemfile.lock file. If autodetect fails for some reason, the tool will complain about it and you have to specify if it's a rails, sinatra or padrino web application by hand. \nBasic usage is to specify some optional command line option to fit best your needs, and to specify the target directory where your code is stored. \n\n \n \n $ dawn [options] target\n\nIn case of need, there is a quick command line option reference running ` dawn -h ` at your OS prompt. \n\n \n \n $ dawn -h\n Usage: dawn [options] target_directory\n \n Examples:\n $ dawn a_sinatra_webapp_directory\n $ dawn -C the_rails_blog_engine\n $ dawn -C --json a_sinatra_webapp_directory\n $ dawn --ascii-tabular-report my_rails_blog_ecommerce\n $ dawn --html -F my_report.html my_rails_blog_ecommerce\n \n -G, --gem-lock force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock (DEPRECATED)\n -d, --dependencies force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock\n \n Reporting\n \n -a, --ascii-tabular-report cause dawn to format findings using tables in ascii art (DEPRECATED)\n -j, --json cause dawn to format findings using json\n -K, --console cause dawn to format findings using plain ascii text\n -C, --count-only dawn will only count vulnerabilities (useful for scripts)\n -z, --exit-on-warn dawn will return number of found vulnerabilities as exit code\n -F, --file filename tells dawn to write output to filename\n -c, --config-file filename tells dawn to load configuration from filename\n \n Disable security check family\n \n --disable-cve-bulletins disable all CVE security checks\n --disable-code-quality disable all code quality checks\n --disable-code-style disable all code style checks\n --disable-owasp-ror-cheatsheet disable all Owasp Ruby on Rails cheatsheet checks\n --disable-owasp-top-10 disable all Owasp Top 10 checks\n \n Flags useful to query Dawn\n \n -S, --search-knowledge-base [check_name] search check_name in the knowledge base\n --list-knowledge-base list knowledge-base content\n --list-known-families list security check families contained in dawn's knowledge base\n --list-known-framework list ruby MVC frameworks supported by dawn\n --list-scan-registry list past scan informations stored in scan registry \n \n Service flags\n \n -D, --debug enters dawn debug mode\n -V, --verbose the output will be more verbose\n -v, --version show version information\n -h, --help show this help\n\n \n** Rake task ** \nTo include dawnscanner in your rake task list, you simply have to put this line in your ` Rakefile ` \n\n \n \n require 'dawn/tasks'\n\nThen executing ` $ rake -T ` you will have a ` dawn:run ` task you want to execute. \n\n \n \n $ rake -T\n ...\n rake dawn:run # Execute dawnscanner on the current directory\n ...\n\n \n** Interacting with the knowledge base ** \nYou can dump all security checks in the knowledge base this way \n\n \n \n $ dawn --list-knowledge-base\n\nUseful in scripts, you can use ` --search-knowledge-base ` or ` -S ` with as parameter the check name you want to see if it's implemented as a security control or not. \n\n \n \n $ dawn -S CVE-2013-6421\n 07:59:30 [*] dawn v1.1.0 is starting up\n CVE-2013-6421 found in knowledgebase.\n \n $ dawn -S this_test_does_not_exist\n 08:02:17 [*] dawn v1.1.0 is starting up\n this_test_does_not_exist not found in knowledgebase\n\n \n** dawnscanner security scan in action ** \nAs output, dawnscanner will put all security checks that are failed during the scan. \nThis the result of Codedake::dawnscanner running against a [ Sinatra 1.4.2 web application ](<https://github.com/thesp0nge/railsberry2013>) wrote for a talk I delivered in 2013 at [ Railsberry conference ](<http://www.railsberry.com/>) . \nAs you may see, dawnscanner first detects MVC running the application by looking at Gemfile.lock, than it discards all security checks not appliable to Sinatra (49 security checks, in version 1.0, especially designed for Ruby on Rails) and it applies them. \n\n \n \n $ dawn ~/src/hacking/railsberry2013\n 18:40:27 [*] dawn v1.1.0 is starting up\n 18:40:27 [$] dawn: scanning /Users/thesp0nge/src/hacking/railsberry2013\n 18:40:27 [$] dawn: sinatra v1.4.2 detected\n 18:40:27 [$] dawn: applying all security checks\n 18:40:27 [$] dawn: 109 security checks applied - 0 security checks skipped\n 18:40:27 [$] dawn: 1 vulnerabilities found\n 18:40:27 [!] dawn: CVE-2013-1800 check failed\n 18:40:27 [$] dawn: Severity: high\n 18:40:27 [$] dawn: Priority: unknown\n 18:40:27 [$] dawn: Description: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a [denial of service](<https://www.kitploit.com/search/label/Denial%20of%20Service>) (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar [vulnerability](<https://www.kitploit.com/search/label/Vulnerability>) to CVE-2013-0156.\n 18:40:27 [$] dawn: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile\n 18:40:27 [$] dawn: Evidence:\n 18:40:27 [$] dawn: Vulnerable crack gem version found: 0.3.1\n 18:40:27 [*] dawn is leaving\n\n \nWhen you run dawnscanner on a web application with up to date dependencies, it's likely to return a friendly _ no vulnerabilities found _ message. Keep it up working that way! \nThis is dawnscanner running against a Padrino web application I wrote for [ a scorecard quiz game about application security ](<http://scorecard.armoredcode.com/>) . Italian language only. Sorry. \n\n \n \n 18:42:39 [*] dawn v1.1.0 is starting up\n 18:42:39 [$] dawn: scanning /Users/thesp0nge/src/CORE_PROJECTS/scorecard\n 18:42:39 [$] dawn: padrino v0.11.2 detected\n 18:42:39 [$] dawn: applying all security checks\n 18:42:39 [$] dawn: 109 security checks applied - 0 security checks skipped\n 18:42:39 [*] dawn: no vulnerabilities found.\n 18:42:39 [*] dawn is leaving\n\nIf you need a fancy HTML report about your scan, just ask it to dawnscanner with the ` --html ` flag used with the ` --file ` since I wanto to save the HTML to disk. \n\n \n \n $ dawn /Users/thesp0nge/src/hacking/rt_first_app --html --file report.html\n \n 09:00:54 [*] dawn v1.1.0 is starting up\n 09:00:54 [*] dawn: report.html created (2952 bytes)\n 09:00:54 [*] dawn is leaving\n\n \n** Useful links ** \nProject homepage: [ http://dawnscanner.org ](<http://dawnscanner.org/>) \nTwitter profile: [ @dawnscanner ](<https://twitter.com/dawnscanner>) \nGithub repository: [ https://github.com/thesp0nge/dawnscanner ](<https://github.com/thesp0nge/dawnscanner>) \nMailing list: [ https://groups.google.com/forum/#!forum/dawnscanner ](<https://groups.google.com/forum/#!forum/dawnscanner>) \n \n** Thanks to ** \n[ saten ](<https://github.com/saten>) : first issue posted about a typo in the README \n[ presidentbeef ](<https://github.com/presidentbeef>) : for his outstanding work that inspired me creating dawn and for double check comparison matrix. Issue #2 is yours :) \n[ marinerJB ](<https://github.com/marinerJB>) : for misc bug reports and further ideas \n[ Matteo ](<https://github.com/matteocollina>) : for ideas on API and their usage with [ github.com ](<https://github.com/>) hooks \n \n \n\n\n** [ Download Dawnscanner ](<https://github.com/thesp0nge/dawnscanner>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2018-12-11T20:43:02", "title": "Dawnscanner - Dawn Is A Static Analysis Security Scanner For Ruby Written Web Applications (Sinatra, Padrino And ROR Frameworks)", "type": "kitploit", "enchantments": {}, "bulletinFamily": "tools", "cvelist": ["CVE-2013-0156", "CVE-2013-1800", "CVE-2013-6421"], "modified": "2018-12-11T20:43:02", "toolHref": "https://github.com/thesp0nge/dawnscanner", "id": "KITPLOIT:2875061278603849806", "href": "http://www.kitploit.com/2018/12/dawnscanner-dawn-is-static-analysis.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "krebs": [{"lastseen": "2018-12-12T19:42:57", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Is it fair to judge an organization's information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What's remarkable is how many organizations don't make an effort to view their public online assets as the rest of the world sees them -- until it's too late.\n\n\n\nImage: US Chamber of Commerce.\n\nFor years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicant's credit score -- the most widely used being the score developed by **FICO**, previously known as **Fair Isaac Corporation**. Earlier this year, FICO began touting its [Cyber Risk Score](<https://www.naic.org/meetings1712/cmte_ex_cswg_2017_fall_nm_fico_handout.pdf>) (PDF), which seeks to measure an organization's chances of experiencing a data breach in the next 12 months, based on a variety of measurements tied to the company's public-facing online assets.\n\nIn October, FICO teamed up with the **U.S. Chamber of Commerce** to evaluate more than 2,500 U.S. companies with the Cyber Risk Score, and then invited these companies to sign up and see how their score compares with that of other organizations in their industry. The stated use cases for the Cyber Risk Score include the potential for cyber insurance pricing and underwriting, and evaluating supply chain risk (i.e., the security posture of vendor partners).\n\nThe company-specific scores are supposed to be made available only to vetted people at the organization who go through FICO's signup process. But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant **ExxonMobil**.\n\nThe marketing email was quickly recalled and reissued in a redacted version, but it seems ExxonMobil's score of 587 puts it in the \"elevated\" risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850.\n\n[](<https://krebsonsecurity.com/wp-content/uploads/2018/12/exxonmobil.jpg>)\n\nData accidentally released by FICO about the Cyber Risk Score for ExxonMobil.\n\nHow useful is such a score? **Mike Lloyd**, chief technology officer at **RedSeal**, was quoted as saying a score \"taken from the outside looking in is similar to rating the fire risk to a building based on a photograph from across the street.\"\n\n\"You can, of course, establish some important things about the quality of a building from a photograph, but it's no substitute for really being able to inspect it from the inside,\" Lloyd [told ](<https://www.darkreading.com/vulnerabilities---threats/fico-and-us-chamber-of-commerce-score-cyber-risk-across-10-sectors/d/d-id/1333052>)_Dark Reading _regarding the Chamber/FICO announcement in October.\n\nNaturally, combining external scans with internal vulnerability probes and penetration testing engagements can provide organizations with a much more holistic picture of their security posture. But when a major company makes public, repeated and prolonged external security foibles, it's difficult to escape the conclusion that perhaps it isn't looking too closely at its internal security either.\n\n#### ENTIRELY, CERTIFIABLY PREVENTABLE\n\nToo bad the errant FICO marketing email didn't expose the current cyber risk score of big-three consumer credit bureau** Equifax**, which was [relieved of personal and financial data on 148 million Americans](<https://krebsonsecurity.com/?s=equifax+breach&x=0&y=0>) last year after the company failed to patch one of its Web servers and then failed to detect an intrusion into its systems for months.\n\nA [96-page report](<https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf>) (PDF) released this week by a House oversight committee found the Equifax breach was \"entirely preventable.\" For 76 days beginning mid May 2017, the intruders made more than 9,000 queries on 48 Equifax databases.\n\nAccording to the report, the attackers were able to move the data off of Equifax's network undetected thanks to an expired security certificate. Specifically, \"while Equifax had installed a tool to inspect network traffic for evidence of malicious activity, the expired certificate prevented that tool from performing its intended function of detecting malicious traffic.\"\n\nExpired certificates aren't particularly rare or noteworthy, but when they persist in publicly-facing Web servers for days or weeks on end, it raises the question: Is anyone at the affected organization paying attention at all to security?\n\nGiven how damaging it was for Equifax to have an expired certificate, you might think the company would have done everything in its power to ensure this wouldn't happen again. But it _would_ happen again -- on at least two occasions earlier this year.\n\nIn April 2018, KrebsOnSecurity [pointed out](<https://krebsonsecurity.com/2018/05/another-credit-freeze-target-nctue-com/>) that the Web site Equifax makes available for consumers who wish to freeze their credit files was using an expired certificate, causing the site to throw up a dire red warning page that almost certainly scared countless consumers away from securing their credit files.\n\nIt took Equifax two weeks to fix that expired cert. A week later, I found another expired certificate on the credit freeze Web portal for the **National Consumer Telecommunications and Utilities Exchange** -- a consumer credit bureau operated by Experian.\n\n#### ARE YOU EXPERIANSED?\n\nOne has to wonder what the median FICO Cyber Risk Score is for the credit bureau industry, because whatever Equifax's score is it can't be too different from that of its top competitor -- **Experian**, [which is no stranger to data breaches](<https://krebsonsecurity.com/?s=experian+breach&x=0&y=0>).\n\nOn Tuesday, security researcher [@notdan](<https://twitter.com/notdan>) tweeted about finding a series of open directories on Experian's Web site. Open directories, in which files and folders on a Web server are listed publicly and clickable down to the last file, aren't terribly uncommon to find exposed on smaller Web sites, but they're not the sort of oversight you'd expect to see at a company with the size and sensitivity of Experian.\n\n[](<https://krebsonsecurity.com/wp-content/uploads/2018/12/exp-auth.jpg>)\n\nA directory listing that exposed a number of files on an Experian server.\n\nIncluded in [one of the exposed directories](<https://krebsonsecurity.com/wp-content/uploads/2018/12/stg-exp.jpg>) on the Experian server were dozens of files that appeared to be digital artifacts left behind by a popular Web vulnerability scanner known as [Burp Suite](<https://portswigger.net/burp>). It's unclear whether those files were the result of scans run by someone within the company, or if they were the product of an unauthorized security probe by would-be intruders that somehow got indexed by Experian's servers (the latter possibility being far more concerning).\n\nExperian did not respond to requests for comment, and the company disabled public access to the directories shortly after other researchers on Twitter began piling on to @notdan's findings with their own discoveries.\n\n[](<https://krebsonsecurity.com/wp-content/uploads/2018/12/EXP-BURP.jpg>)\n\nEvidence of data left behind by a Burp Suite Web vulnerability scan run against an Experian server.\n\nAs I noted in [last week's story on the 4-year-long breach at Marriott](<https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/>) that exposed personal and financial data on some 500 million guests, companies that have their heads screwed on correctly from an information security standpoint are run by leaders who are expecting the organization will get breached constantly through vulnerabilities, phishing and malware attacks.\n\nThey\u2019re continuously testing their own internal networks and employees for weaknesses, and regularly drilling their breach response preparedness (much like a fire drill). They are finding creative ways to cut down on the volume of sensitive data that they need to store and protect. And they are [segmenting their networks](<https://en.wikipedia.org/wiki/Network_segmentation>) like watertight compartments in a ship, so that a breach in one part of the organization's digital hull can't spread to the rest of the vessel and sink the whole ship (it's worth noting the House oversight report observed that the lack of network segmentation was a major contributor to the Equifax breach).\n\nBut companies with advanced \"[security maturity](<https://krebsonsecurity.com/2015/04/whats-your-security-maturity-level/>)\" also are regularly taking a hard look at what their outward-facing security posture says to the rest of the world, fully cognizant that appearances matter -- particularly to ne'er-do-wells who tend to view public security weaknesses like [broken windows](<https://whatis.techtarget.com/definition/broken-window-theory>), and as an invitation to mischief.", "reporter": "BrianKrebs", "published": "2018-12-12T19:25:14", "type": "krebs", "title": "Scanning for Flaws, Scoring for Security", "enchantments": {}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-12-12T19:25:14", "id": "KREBS:837761EE769D9ACC356E7932833B2F92", "href": "https://krebsonsecurity.com/2018/12/scanning-for-flaws-scoring-for-security/", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2018-12-12T13:35:58", "references": ["http://ab.rockwellautomation.com/Programmable-Controllers/MicroLogix-Systems"], "pluginID": "1361412562310141772", "description": "Reports the Rockwell Automation MicroLogix model and firmware version.", "edition": 1, "reporter": "This script is Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "Rockwell Automation MicroLogix Detection Consolidation", "type": "openvas", "enchantments": {}, "naslFamily": "Product detection", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310141772", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141772", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_rockwell_micrologix_consolidation.nasl 12766 2018-12-12 08:34:25Z ckuersteiner $\n#\n# Rockwell Automation MicroLogix Detection Consolidation\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141772\");\n script_version(\"$Revision: 12766 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 09:34:25 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 13:23:36 +0700 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_name(\"Rockwell Automation MicroLogix Detection Consolidation\");\n\n script_tag(name:\"summary\", value:\"Reports the Rockwell Automation MicroLogix model and firmware version.\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Product detection\");\n script_dependencies(\"gb_rockwell_micrologix_http_detect.nasl\", \"gb_rockwell_micrologix_ethernetip_detect.nasl\");\n script_mandatory_keys(\"rockwell_micrologix/detected\");\n\n script_xref(name:\"URL\", value:\"http://ab.rockwellautomation.com/Programmable-Controllers/MicroLogix-Systems\");;\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!get_kb_item(\"rockwell_micrologix/detected\"))\n exit(0);\n\ndetected_model = \"unknown\";\ndetected_fw_version = \"unknown\";\ndetected_series = \"\";\n\nforeach source (make_list(\"http\", \"ethernetip\")) {\n fw_version_list = get_kb_list(\"rockwell_micrologix/\" + source + \"/*/fw_version\");\n foreach fw_version (fw_version_list) {\n if (fw_version && detected_fw_version == \"unknown\") {\n detected_fw_version = fw_version;\n set_kb_item(name: \"rockwell_micrologix/fw_version\", value: fw_version);\n }\n }\n\n model_list= get_kb_list(\"rockwell_micrologix/\" + source + \"/*/model\");\n foreach model (model_list) {\n if (model && detected_model == \"unknown\") {\n detected_model = model;\n set_kb_item(name: \"rockwell_micrologix/model\", value: model);\n }\n }\n\n ser_list = get_kb_list(\"rockwell_micrologix/\" + source + \"/*/series\");\n foreach series (ser_list) {\n if (series && detected_series == \"\") {\n detected_series = series;\n set_kb_item(name: \"rockwell_micrologix/series\", value: series);\n }\n }\n}\n\napp_name = \"Rockwell Automation MicroLogix Controller \";\nif (detected_model != \"unknown\") {\n app_name += detected_model;\n mod = eregmatch(pattern: '([^ ]+)', string: detected_model);\n app_cpe = 'cpe:/a:rockwellautomation:' + tolower(mod[1]);\n os_cpe = 'cpe:/o:rockwellautomation:' + tolower(mod[1]) + '_firmware';\n hw_cpe = 'cpe:/h:rockwellautomation:' + tolower(mod[1]);\n}\nelse {\n app_cpe = 'cpe:/a:rockwellautomation:micrologix';\n os_cpe = 'cpe:/o:rockwellautomation:micrologix_firmware';\n hw_cpe = 'cpe:/h:rockwellautomation:micrologix';\n}\n\nif (detected_fw_version != \"unknown\") {\n app_cpe += \":\" + detected_fw_version;\n os_cpe += \":\" + detected_fw_version;\n}\n\nif (detected_series != \"\")\n app_name += \" Series \" + detected_series;\n\nregister_and_report_os(os: \"Rockwell Automation MicroLogix Controller Firmware\", cpe: os_cpe,\n desc: \"Rockwell Automation MicroLogix Detection Consolidation\", runs_key: \"unixoide\");\n\nlocation = \"/\";\n\nif (http_ports = get_kb_list(\"rockwell_micrologix/http/port\")) {\n foreach port (http_ports) {\n mac = get_kb_item(\"rockwell_micrologix/http/\" + port + \"/mac\");\n if (mac)\n macaddr = 'MAC address: ' + mac;\n\n extra += \"HTTP(s) on port \" + port + '/tcp\\n';\n\n register_product(cpe: hw_cpe, location: location, port: port, service: \"www\");\n register_product(cpe: os_cpe, location: location, port: port, service: \"www\");\n register_product(cpe: app_cpe, location: location, port: port, service: \"www\");\n }\n}\n\nif (ether_ports = get_kb_list(\"rockwell_micrologix/ethernetip/port\")) {\n foreach port (ether_ports) {\n extra += 'EtherNet/IP on port ' + port + '/udp/tcp\\n';\n\n register_product(cpe: hw_cpe, location: location, port: port, service: \"ethernetip\");\n register_product(cpe: os_cpe, location: location, port: port, service: \"ethernetip\");\n register_product(cpe: app_cpe, location: location, port: port, service: \"ethernetip\");\n }\n}\n\nreport += build_detection_report(app: app_name + \" Firmware\", version: detected_fw_version,\n install: \"/\", cpe: os_cpe);\n\nreport += '\\n\\n';\nreport += build_detection_report(app: app_name, version: detected_fw_version,\n install: \"/\", cpe: app_cpe);\nreport += '\\n\\n';\nreport += build_detection_report(app: app_name, install: \"/\", cpe: hw_cpe, skip_version: TRUE, extra: macaddr);\n\nif (extra) {\n report += '\\n\\nDetection methods:\\n';\n report += '\\n' + extra;\n}\n\nlog_message(port: 0, data: report);\n\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T13:36:32", "references": ["https://www.phpmyadmin.net/security/PMASA-2018-7/"], "pluginID": "1361412562310108516", "description": "phpMyAdmin is prone to an Cross-Site Scripting (XSS) and\n Cross-Site Request Forgery (CSRF) Vulnerability.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "phpMyAdmin 4.7.0 <= 4.7.6, 4.8.0 <= 4.8.3 XSRF/CSRF Vulnerability - PMASA-2018-7 (Windows)", "type": "openvas", "enchantments": {}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19969"], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310108516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_xss_vuln_PMASA-2018-7_win.nasl 12764 2018-12-12 07:44:24Z cfischer $\n#\n# phpMyAdmin 4.7.0 <= 4.7.6, 4.8.0 <= 4.8.3 XSRF/CSRF Vulnerability - PMASA-2018-7 (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108516\");\n script_version(\"$Revision: 12764 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 08:44:24 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 07:54:53 +0100 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2018-19969\");\n script_name(\"phpMyAdmin 4.7.0 <= 4.7.6, 4.8.0 <= 4.8.3 XSRF/CSRF Vulnerability - PMASA-2018-7 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2018-7/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to an Cross-Site Scripting (XSS) and\n Cross-Site Request Forgery (CSRF) Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By deceiving a user to click on a crafted URL, it is possible to\n perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting\n designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.8.4.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"4.7.0\", test_version2:\"4.7.6\" ) ||\n version_in_range( version:vers, test_version:\"4.8.0\", test_version2:\"4.8.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.8.4\", install_path:path );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T13:35:58", "references": [], "pluginID": "1361412562310141771", "description": "Detection of Rockwell Automation MicroLogix PLC", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "Rockwell Automation MicroLogix Detection (EtherNet/IP)", "type": "openvas", "enchantments": {}, "naslFamily": "Product detection", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310141771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_rockwell_micrologix_ethernetip_detect.nasl 12766 2018-12-12 08:34:25Z ckuersteiner $\n#\n# Rockwell Automation MicroLogix Detection (EtherNet/IP)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141771\");\n script_version(\"$Revision: 12766 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 09:34:25 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 12:47:16 +0700 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_name(\"Rockwell Automation MicroLogix Detection (EtherNet/IP)\");\n\n script_tag(name:\"summary\", value:\"Detection of Rockwell Automation MicroLogix PLC's.\n\nThis script performs EtherNet/IP based detection of Rockwell Automation MicroLogix PLC's.\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Product detection\");\n script_dependencies(\"gb_ethernetip_detect.nasl\");\n script_mandatory_keys(\"ethernetip/detected\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\n\nvendor = get_kb_item(\"ethernetip/vendor\");\nif (!vendor || vendor !~ \"^Rockwell Automation\")\n exit(0);\n\nprod_name = get_kb_item(\"ethernetip/product_name\");\nif (!prod_name || prod_name !~ \"^17\")\n exit(0);\n\nport = get_port_for_service(default: 44818, ipproto: \"ethernetip\");\n\nset_kb_item(name: \"rockwell_micrologix/detected\", value: TRUE);\nset_kb_item(name: \"rockwell_micrologix/ethernetip/detected\", value: TRUE);\nset_kb_item(name: 'rockwell_micrologix/ethernetip/port', value: port);\n\nbuf = eregmatch(pattern:\"([^ ]+) ([A-Z])/([0-9.]+)\", string: prod_name);\nif (!isnull(buf[1]))\n set_kb_item(name: 'rockwell_micrologix/ethernetip/' + port + '/model', value: buf[1]);\n\nif (!isnull(buf[2]))\n set_kb_item(name: 'rockwell_micrologix/ethernetip/' + port + '/series', value: buf[2]);\n\nif (!isnull(buf[3]))\n set_kb_item(name: 'rockwell_micrologix/ethernetip/' + port + '/fw_version', value: buf[3]);\n\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T13:36:31", "references": ["https://www.phpmyadmin.net/security/PMASA-2018-8/", "https://www.phpmyadmin.net/security/PMASA-2018-6/"], "pluginID": "1361412562310108513", "description": "phpMyAdmin is prone to multiple security vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities - PMASA-2018-6, PMASA-2018-8 (Linux)", "type": "openvas", "enchantments": {}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19970", "CVE-2018-19968"], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310108513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln_PMASA-2018-6_8_lin.nasl 12764 2018-12-12 07:44:24Z cfischer $\n#\n# phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities - PMASA-2018-6, PMASA-2018-8 (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108513\");\n script_version(\"$Revision: 12764 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 08:44:24 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 07:54:53 +0100 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:N\");\n script_cve_id(\"CVE-2018-19968\", \"CVE-2018-19970\");\n script_name(\"phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities - PMASA-2018-6, PMASA-2018-8 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2018-6/\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2018-8/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A flaw has been found where an attacker can exploit phpMyAdmin to\n leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage\n tables, although these can easily be created in any database to which the attacker has access. An attacker\n must have valid credentials to log in to phpMyAdmin. This vulnerability does not allow an attacker to\n circumvent the login system (CVE-2018-19968).\n\n - A Cross-Site Scripting vulnerability was found in the navigation tree, where an attacker can deliver a\n payload to a user through a specially-crafted database/table name (CVE-2018-19970).\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions from at least 4.0 through 4.8.3.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.8.4 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"4.0\", test_version2:\"4.8.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.8.4\", install_path:path );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T13:36:32", "references": ["https://www.phpmyadmin.net/security/PMASA-2018-7/"], "pluginID": "1361412562310108515", "description": "phpMyAdmin is prone to an Cross-Site Scripting (XSS) and\n Cross-Site Request Forgery (CSRF) Vulnerability.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "phpMyAdmin 4.7.0 <= 4.7.6, 4.8.0 <= 4.8.3 XSRF/CSRF Vulnerability - PMASA-2018-7 (Linux)", "type": "openvas", "enchantments": {}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19969"], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310108515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_xss_vuln_PMASA-2018-7_lin.nasl 12764 2018-12-12 07:44:24Z cfischer $\n#\n# phpMyAdmin 4.7.0 <= 4.7.6, 4.8.0 <= 4.8.3 XSRF/CSRF Vulnerability - PMASA-2018-7 (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108515\");\n script_version(\"$Revision: 12764 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 08:44:24 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 07:54:53 +0100 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2018-19969\");\n script_name(\"phpMyAdmin 4.7.0 <= 4.7.6, 4.8.0 <= 4.8.3 XSRF/CSRF Vulnerability - PMASA-2018-7 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2018-7/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to an Cross-Site Scripting (XSS) and\n Cross-Site Request Forgery (CSRF) Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By deceiving a user to click on a crafted URL, it is possible to\n perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting\n designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.8.4.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"4.7.0\", test_version2:\"4.7.6\" ) ||\n version_in_range( version:vers, test_version:\"4.8.0\", test_version2:\"4.8.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.8.4\", install_path:path );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T13:36:31", "references": ["https://www.phpmyadmin.net/security/PMASA-2018-8/", "https://www.phpmyadmin.net/security/PMASA-2018-6/"], "pluginID": "1361412562310108514", "description": "phpMyAdmin is prone to multiple security vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-12-12T00:00:00", "title": "phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities - PMASA-2018-6, PMASA-2018-8 (Windows)", "type": "openvas", "enchantments": {}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19970", "CVE-2018-19968"], "modified": "2018-12-12T00:00:00", "id": "OPENVAS:1361412562310108514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln_PMASA-2018-6_8_win.nasl 12764 2018-12-12 07:44:24Z cfischer $\n#\n# phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities - PMASA-2018-6, PMASA-2018-8 (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108514\");\n script_version(\"$Revision: 12764 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 08:44:24 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-12 07:54:53 +0100 (Wed, 12 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:N\");\n script_cve_id(\"CVE-2018-19968\", \"CVE-2018-19970\");\n script_name(\"phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities - PMASA-2018-6, PMASA-2018-8 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2018-6/\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2018-8/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A flaw has been found where an attacker can exploit phpMyAdmin to\n leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage\n tables, although these can easily be created in any database to which the attacker has access. An attacker\n must have valid credentials to log in to phpMyAdmin. This vulnerability does not allow an attacker to\n circumvent the login system (CVE-2018-19968).\n\n - A Cross-Site Scripting vulnerability was found in the navigation tree, where an attacker can deliver a\n payload to a user through a specially-crafted database/table name (CVE-2018-19970).\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions from at least 4.0 through 4.8.3.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.8.4 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"4.0\", test_version2:\"4.8.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.8.4\", install_path:path );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"], "description": "A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability.\" This affects Microsoft Dynamics NAV.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:02", "title": "CVE-2018-8651", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8651"], "scanner": [], "modified": "2018-12-11T19:29:02", "cpe": [], "id": "CVE-2018-8651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8651", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652"], "description": "A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka \"Windows Azure Pack Cross Site Scripting Vulnerability.\" This affects Windows Azure Pack Rollup 13.1.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:02", "title": "CVE-2018-8652", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8652"], "scanner": [], "modified": "2018-12-11T19:29:02", "cpe": [], "id": "CVE-2018-8652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8652", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8641"], "description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8641", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8641"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8641", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8643"], "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8643", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8643"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8643", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8643", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8638"], "description": "An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka \"DirectX Information Disclosure Vulnerability.\" This affects Windows 10, Windows Server 2019.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8638", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8638"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8638", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8638", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639"], "description": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8639", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8639"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8639", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629"], "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8629", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8629"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8629", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8629", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634"], "description": "A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka \"Microsoft Text-To-Speech Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8634", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8634"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8634", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8634", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8617"], "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8617", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8617"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8617", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8617", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T11:30:03", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8619"], "description": "A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka \"Internet Explorer Remote Code Execution Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.", "edition": 1, "reporter": "NVD", "published": "2018-12-11T19:29:01", "title": "CVE-2018-8619", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8619"], "scanner": [], "modified": "2018-12-11T19:29:01", "cpe": [], "id": "CVE-2018-8619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8619", "cvss": {"score": 0.0, "vector": "NONE"}}]}
