Gathering data and improving workflows
This week's release includes 2 new auxiliary modules targeting Argus Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell Francis, and based on the work of John Page, can be used to retrieve arbitrary files on the target's filesystem by exploiting an unauthenticated directory traversal vulnerability. The latter, brought by our very own Martin Šutovský, is a HTTP login scanner for Ivanti Connect Secure. This release also adds many improvements related to our Github continuous integration process and to the AD CS attack-based workflow. Thanks to the community for making Metasploit great!
New module content (2)
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Authors: John Page and Maxwell Francis
Type: Auxiliary
Pull request: #19847 contributed by TheBigStonk
Path: gather/argus_dvr_4_lfi_cve_2018_15745
AttackerKB reference: CVE-2018-15745
Description: Adds a module which exploits CVE-2018-15745, an unauthenticated directory traversal leading to file disclosure in Argus Surveillance DVR 4.0.0.0.
Ivanti Connect Secure HTTP Scanner
Author: msutovsky-r7
Type: Auxiliary
Pull request: #19844 contributed by msutovsky-r7
Path: scanner/ivanti/login_scanner
Description: This adds an auxiliary module for Ivanti Connect Secure HTTP Login.
Enhancements and features (3)
#19779 from h00die - Adds a Github workflow to run update_wordpress_vulnerabilities.rb, update_user_agent_strings.rb and update_joomla_components.rb and to post a ..
Support the originator by clicking the read the rest link below.
