Merge pull request #329 from m-1-k-3/master

1.1.2 cleanup

config/msf_cve-db.txt

@@ -245,8 +245,6 @@
 /usr/share/metasploit-framework/modules/auxiliary/gather/jetty_web_inf_disclosure.rb:CVE-2021-34429
 /usr/share/metasploit-framework/modules/auxiliary/gather/joomla_contenthistory_sqli.rb:CVE-2015-7297
 /usr/share/metasploit-framework/modules/auxiliary/gather/ldap_hashdump.rb:CVE-2020-3952
-/usr/share/metasploit-framework/modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb:CVE-2020-11532
-/usr/share/metasploit-framework/modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb:CVE-2020-11532
 /usr/share/metasploit-framework/modules/auxiliary/gather/mantisbt_admin_sqli.rb:CVE-2014-2238
 /usr/share/metasploit-framework/modules/auxiliary/gather/mcafee_epo_xxe.rb:CVE-2015-0921
 /usr/share/metasploit-framework/modules/auxiliary/gather/mcafee_epo_xxe.rb:CVE-2015-0922
@@ -608,7 +606,6 @@
 /usr/share/metasploit-framework/modules/exploits/hpux/lpd/cleanup_exec.rb:CVE-2002-1473
 /usr/share/metasploit-framework/modules/exploits/irix/lpd/tagprinter_exec.rb:CVE-2001-0800
 /usr/share/metasploit-framework/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb:CVE-2008-5499
-/usr/share/metasploit-framework/modules/exploits/linux/fileformat/unrar_cve_2022_30333.rb:CVE-2022-30333
 /usr/share/metasploit-framework/modules/exploits/linux/ftp/proftp_sreplace.rb:CVE-2006-5815
 /usr/share/metasploit-framework/modules/exploits/linux/ftp/proftp_telnet_iac.rb:CVE-2010-4221
 /usr/share/metasploit-framework/modules/exploits/linux/games/ut2004_secure.rb:CVE-2004-0608
@@ -717,7 +714,6 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/microfocus_secure_messaging_gateway.rb:CVE-2018-12464
 /usr/share/metasploit-framework/modules/exploits/linux/http/microfocus_secure_messaging_gateway.rb:CVE-2018-12465
 /usr/share/metasploit-framework/modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb:CVE-2020-15920
-/usr/share/metasploit-framework/modules/exploits/linux/http/mobileiron_core_log4shell.rb:CVE-2021-44228
 /usr/share/metasploit-framework/modules/exploits/linux/http/mobileiron_mdm_hessian_rce.rb:CVE-2020-15505
 /usr/share/metasploit-framework/modules/exploits/linux/http/multi_ncc_ping_exec.rb:CVE-2015-1187
 /usr/share/metasploit-framework/modules/exploits/linux/http/mutiny_frontend_upload.rb:CVE-2013-0136
@@ -819,14 +815,10 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb:CVE-2017-17560
 /usr/share/metasploit-framework/modules/exploits/linux/http/webcalendar_settings_exec.rb:CVE-2012-1495
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_backdoor.rb:CVE-2019-15107
-/usr/share/metasploit-framework/modules/exploits/linux/http/webmin_package_updates_rce.rb:CVE-2022-36446
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_packageup_rce.rb:CVE-2019-12840
 /usr/share/metasploit-framework/modules/exploits/linux/http/wepresent_cmd_injection.rb:CVE-2019-3929
 /usr/share/metasploit-framework/modules/exploits/linux/http/xplico_exec.rb:CVE-2017-16666
 /usr/share/metasploit-framework/modules/exploits/linux/http/zabbix_sqli.rb:CVE-2013-5743
-/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-27925
-/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-37042
-/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb:CVE-2022-30333
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9621
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9670
 /usr/share/metasploit-framework/modules/exploits/linux/http/zyxel_ztp_rce.rb:CVE-2022-30525
@@ -885,9 +877,6 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/ufo_privilege_escalation.rb:CVE-2017-1000112
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_alsa_config.rb:CVE-2017-4915
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_mount.rb:CVE-2013-1662
-/usr/share/metasploit-framework/modules/exploits/linux/local/vmware_workspace_one_access_certproxy_lpe.rb:CVE-2022-31660
-/usr/share/metasploit-framework/modules/exploits/linux/local/zimbra_slapper_priv_esc.rb:CVE-2022-37393
-/usr/share/metasploit-framework/modules/exploits/linux/local/zyxel_suid_cp_lpe.rb:CVE-2022-30526
 /usr/share/metasploit-framework/modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb:CVE-2020-13151
 /usr/share/metasploit-framework/modules/exploits/linux/misc/asus_infosvr_auth_bypass_exec.rb:CVE-2014-9583
 /usr/share/metasploit-framework/modules/exploits/linux/misc/cisco_rv340_sslvpn.rb:CVE-2022-20699
@@ -1928,7 +1917,6 @@
 /usr/share/metasploit-framework/modules/exploits/windows/games/racer_503beta5.rb:CVE-2007-4370
 /usr/share/metasploit-framework/modules/exploits/windows/games/ut2004_secure.rb:CVE-2004-0608
 /usr/share/metasploit-framework/modules/exploits/windows/http/adobe_robohelper_authbypass.rb:CVE-2009-3068
-/usr/share/metasploit-framework/modules/exploits/windows/http/advantech_iview_networkservlet_cmd_inject.rb:CVE-2022-2143
 /usr/share/metasploit-framework/modules/exploits/windows/http/advantech_iview_unauth_rce.rb:CVE-2021-22652
 /usr/share/metasploit-framework/modules/exploits/windows/http/altn_securitygateway.rb:CVE-2008-4193
 /usr/share/metasploit-framework/modules/exploits/windows/http/altn_webadmin.rb:CVE-2003-0471
@@ -1968,8 +1956,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec.rb:CVE-2012-5357
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec_ws.rb:CVE-2015-0923
 /usr/share/metasploit-framework/modules/exploits/windows/http/ericom_access_now_bof.rb:CVE-2014-3913
-/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb:CVE-2021-42321
-/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb:CVE-2022-23277
+/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_denylist_typo_rce.rb:CVE-2021-42321
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-16875
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-17132
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_viewstate.rb:CVE-2020-0688
@@ -2031,7 +2018,6 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb:CVE-2012-1195
 /usr/share/metasploit-framework/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb:CVE-2012-1196
 /usr/share/metasploit-framework/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb:CVE-2014-8741
-/usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb:CVE-2022-28219
 /usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2021_40539.rb:CVE-2021-40539
 /usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb:CVE-2022-28810
 /usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_appmanager_exec.rb:CVE-2018-7890
@@ -2099,7 +2085,6 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/zentao_pro_rce.rb:CVE-2020-7361
 /usr/share/metasploit-framework/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb:CVE-2011-2653
 /usr/share/metasploit-framework/modules/exploits/windows/http/zenworks_uploadservlet.rb:CVE-2010-5324
-/usr/share/metasploit-framework/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb:CVE-2022-35405
 /usr/share/metasploit-framework/modules/exploits/windows/ibm/ibm_was_dmgr_java_deserialization_rce.rb:CVE-2019-4279
 /usr/share/metasploit-framework/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb:CVE-2017-7269
 /usr/share/metasploit-framework/modules/exploits/windows/iis/ms01_023_printer.rb:CVE-2001-0241

helpers/helpers_emba_helpers.sh

@@ -126,7 +126,9 @@ cleaner() {
       reset_network_emulation 2
     fi
   fi
-  restore_permissions
+  if [[ "$IN_DOCKER" -eq 1 ]]; then
+    restore_permissions
+  fi
 
   if pgrep -f "find ./external/trickest" &> /dev/null 2>&1; then
     pkill -f "find ./external/trickest" 2>/dev/null || true

installer/I20_sourcecode_check.sh

@@ -46,7 +46,9 @@ I20_sourcecode_check() {
         apt-get install "${INSTALL_APP_LIST[@]}" -y --no-install-recommends
 
         pip3 install semgrep
-        git clone https://github.com/returntocorp/semgrep-rules.git external/semgrep-rules
+        if ! [[ -d external/semgrep-rules ]]; then
+          git clone https://github.com/returntocorp/semgrep-rules.git external/semgrep-rules
+        fi
 
         if ! [[ -d "external/iniscan" ]] ; then
           mkdir external/iniscan

modules/L25_web_checks.sh

@@ -65,9 +65,17 @@ main_web_check() {
       # handle first https and afterwards http
       if [[ "$SERVICE" == *"ssl|http"* ]] || [[ "$SERVICE" == *"ssl/http"* ]];then
         # we make a screenshot for every web server
-        make_web_screenshot "$IP_ADDRESS_" "$PORT"
+        if ping -c 1 "$IP_ADDRESS_" &> /dev/null; then
+          make_web_screenshot "$IP_ADDRESS_" "$PORT"
+        else
+          print_output "[-] System not responding - No screenshot possible"
+        fi
 
-        testssl_check "$IP_ADDRESS_" "$PORT"
+        if ping -c 1 "$IP_ADDRESS_" &> /dev/null; then
+          testssl_check "$IP_ADDRESS_" "$PORT"
+        else
+          print_output "[-] System not responding - No SSL test possible"
+        fi
 
         # but we only test the server with Nikto and other long running tools once
         # Note: this is not a full vulnerability scan. The checks are running only for