Merge branch 'develop'

VERSION

@@ -1 +1 @@
-1.1.4
+1.1.5

content/FTP/FTP.gsm

@@ -145,15 +145,15 @@ sub activate {
 
 		if ($login){
 			my $message="FTP Host supports anonymous login with $u:$p";
-			#$MainScan->StoreGuessedPassword($target,"vuln", "FTP","$u","$p","GSM-FTP-1",$message);
-			# Instead of storing it in a flat file, use the credential manager
+			$MainScan->RecordVulnerability($target, "GSM-FTP-1", $message);
 			$credentialManager->addCredential(
 				'type' => 'fto',
 				'user' => "$u",
 				'pass' => "$p",
 				'system' => "$host",
 				'comment' => uc($protocol) . "/$port (GSM:$name)"
 			);
+
 		}
 
 		#>>>>>>>>>>>   >>>>>>>>>>>>   >>>>>>>>>>>>   >>>>>>>>>>>>

content/LDAP/LDAP.gsm

@@ -211,7 +211,7 @@ sub activate {
 		my @credentials = $MainScan->ReadFile($credentialsFile);
 		my @success;
 		# Iterate over the credentials and test them
-		my $i=0;
+		my ($compromised,$i)=(0,0);
 		for my $credential (@credentials){
 			# Skip lines that begin with whitespace
 			next if ($credential =~ /^\s/);
@@ -238,7 +238,7 @@ sub activate {
 				}
 				close $F;
 			}
-			my $message="LDAP server found with default credentials.";
+			$compromised=1;
 			#$MainScan->StoreGuessedPassword($target, "vuln", "LDAP", "$user", "$pass", "GSM-LDAP-2", $message);
 			# Instead of storing it in a flat file, use the credential manager
 			my $comment = uc($protocol) . "/$port (GSM:$name)";
@@ -254,6 +254,11 @@ sub activate {
 			push @success, $credential;
 		}
 
+		if ($compromised){
+			my $message="LDAP server found with default credentials.";
+			$MainScan->RecordVulnerability($target, "GSM-LDAP-1", $message);
+		}
+
 		if ($namingContext){
 			$MainScan->SetListItem("$outputDir/hostInfo.txt","LDAPNamingContext: $namingContext");
 		}

content/Oracle/Oracle.gsm

@@ -198,9 +198,6 @@ sub activate {
 					$accounts++;
 					$data{"$SID"}{'accounts'}=$accounts;
 					$compromised=1;
-					my $message="Logged into Oracle database SID $SID with $user:$pass";
-					#$MainScan->StoreGuessedPassword($target,"vuln", "Oracle","${SID}|$user","$pass","GSM-Oracle-1",$message);
-					# Instead of storing it in a flat file, use the credential manager
 					$credentialManager->addCredential(
 						'type' => 'oracle',
 						'user' => "$user",
@@ -212,19 +209,10 @@ sub activate {
 				}
 			}
 
-			## List the SIDs with compromised accounts
-			#if ($compromised && open(ORA,">${outputDir}/oracleAccounts-${port}.txt")){
-			#	for my $sid (keys(%data)){
-			#		print ORA "*** SID: $sid ***\n";
-			#		my $accounts=$data{"$sid"}{'accounts'};
-			#		for (my $a=0; $a<$accounts; $a++){
-			#			my $user=$data{"$sid"}{'user'}{$a};
-			#			my $pass=$data{"$sid"}{'pass'}{$a};
-			#			print ORA "$user:$pass\n";
-			#		}
-			#	}
-			#	close ORA;
-			#}
+			if ($compromised){
+				my $message="Logged into Oracle database SID $SID - run \"accounts\" to view credentials.";
+				$MainScan->RecordVulnerability($target, "GSM-Oracle-1", $message);
+			}
 		}
 
 		#>>>>>>>>>>>   >>>>>>>>>>>>   >>>>>>>>>>>>   >>>>>>>>>>>>

content/SSH/SSH.gsm

@@ -211,6 +211,9 @@ sub activate {
 							'system' => "$host",
 							'comment' => uc($protocol) . "/$port (GSM:$name)"
 						);
+
+						my $message="Logged in as $username password $password";
+						$MainScan->RecordCompromise($target, "GSM-SSH-1", $message);
 						last;
 					}
 				}

content/VERSION

@@ -1 +1 @@
-1.1.4
+1.1.5