bcoles
Follow
Create your own GitHub profile
Sign up for your own profile on GitHub, the best place to host code, manage projects, and build software alongside 50 million developers.
Sign up
Pinned
1,467 contributions in the last year
Activity overview
Contributed to
smicallef/spiderfoot,
rapid7/metasploit-framework,
SerenityOS/serenity
and 5 other
repositories
Contribution activity
August 2020
Created a pull request in rapid7/metasploit-framework that received 6 comments
post/osx/gather/enum_osx: Fix typos
Untested, but these changes can't break the module any worse than it already is.
This PR fixes four syntax errors in post/osx/gather/enum_osx which…
+4
−4
•
6
comments
- tests: resolve flake8 violations
- resolve flake8 violations
- tests: Add test/unit/modules/test_sfp_onyphe.py
- sfscan: resolve pep8 violations
- pylint: Update .pylintrc
- sflib: resolve pep8 violations W503 W504
- modules: resolve pep8 violations
- tests: resolve pep8 violations
- tests: Add pytest-flake8 to tests
- tests: resolve pep8 violations
- tests: replace pep8 with flake8
- sfp_ripe: resolve pep8 violations
- sfp_portscan_tcp: resolve pep8 violations
- sfp_maltiverse: resolve pep8 violations
- modules: remove unused imports
- sfp_template: Add required imports and variables
- sfp_abuseipdb: from netaddr import IPAddress, IPNetwork
- sfp_spyse: Use currentOffset for consistency with other functions
- sfcli: resolve pep8 violations and use f-strings
- modules: Use f-strings
- README: Add Codecov badge
- sfp_flickr: resolve pep8 violations and use f-strings
- sfp_base64: resolve pep8 violations
- sfp_company: resolve pep8 violations
- sfp_dnsresolve: resolve pep8 violations
- Some pull requests not shown.
- New Module LXC local privilege escalation
- Add module for CVE-2020-9801, CVE-2020-9850 and CVE-2020-9856, RCE for Safari on macOS 10.15.3 (pwn2own2020)
- TeamViewer URI SMB exploit (CVE-2020-13699)
- Add CVE-2020-16205 exploit for Geutebruck G-CAM
- Add exploit for Rockwell FactoryTalk View SE (Pwn2Own Miami 2020)
- Add module for CVE-2020-9934
- ie4 mk dos (CVE-1999-0331)
Created an issue in rapid7/metasploit-framework that received 6 comments
auxiliary/gather/enum_dns ENUM_AXFR - Auxiliary failed: Errno::ECONNRESET Connection reset by peer - recvfrom(2)
See #13952 for context.
msf6 auxiliary(gather/enum_dns) > set domain github.com
domain => github.com
msf6 auxiliary(gather/enum_dns) > run [!] dns …
6
comments
- TODO: sfp_dnsresolve: review CNAME handling
- TODO: sflib.py: why another except block?
- sfscan.py:134:13: F841 local variable 'socksDns' is assigned to but never used
- TODO: sflib.py: parseRobotsTxt: We don't check the User-Agent rule yet.. probably should at some stage
- TODO: sfdb.py: Review event attribute validation and error handling
- TODO: sfdb.py: Do something smarter to handle database locks
- TODO: sfdb.py: Raise errors upon invalid args
- TODO: sflib.py: fix whitespace parsing; ie, " " is not a valid disallowed path
- TODO: sflib.py: Move all module state to use this, which then would enable a scan to be paused/resumed.
- TODO: sfscan.py: Eventually change this to be able to control multiple scan instances
- TODO: modules/sfp__stor_stdout.py: Is it ok to not find the keys here?
- post/osx/gather/enum_osx: review and rewrite
- auxiliary/admin/http/telpho10_credential_dump: `untar` method is vulnerable to directory traversal resulting in arbitrary file write on the Metasploit host
- post/osx/gather/enum_osx: permits remote command execution on Metasploit host
- auxiliary/gather/enum_dns ENUM_AXFR - Failed to parse RR packet from offset