GhostTroops
diff --git a/‎brute/admin_brute.go
Lines changed: 6 additions & 0 deletions b/‎brute/admin_brute.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎go.mod
Lines changed: 1 addition & 1 deletion b/‎go.mod
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum
Lines changed: 2 additions & 0 deletions b/‎go.sum
Lines changed: 2 additions & 0 deletions
diff --git a/‎lib/goby/goby_pocs/D-Link DCS系列监控账号密码信息泄露漏洞 CNVD-2020-25078.json
Lines changed: 0 additions & 77 deletions b/‎lib/goby/goby_pocs/D-Link DCS系列监控账号密码信息泄露漏洞 CNVD-2020-25078.json
Lines changed: 0 additions & 77 deletions
diff --git a/‎lib/goby/goby_pocs/Hsmedia_Hgateway_Default_account.json
Lines changed: 0 additions & 55 deletions b/‎lib/goby/goby_pocs/Hsmedia_Hgateway_Default_account.json
Lines changed: 0 additions & 55 deletions
diff --git a/‎lib/goby/goby_pocs/SonarQube_unauth_CVE_2020_27986.json
Lines changed: 4 additions & 48 deletions b/‎lib/goby/goby_pocs/SonarQube_unauth_CVE_2020_27986.json
Lines changed: 4 additions & 48 deletions
diff --git a/‎lib/goby/goby_pocs/VENGD_Arbitrary_File_Upload.json
Lines changed: 0 additions & 161 deletions b/‎lib/goby/goby_pocs/VENGD_Arbitrary_File_Upload.json
Lines changed: 0 additions & 161 deletions
@@ -212,3 +212,9 @@ func Admin_brute(u string) (username string, password string, loginurl string) {
 	}
 	return "", "", ""
 }
+
+func init() {
+	util.RegInitFunc(func() {
+		SkipAdminBrute = util.GetValAsBool("SkipAdminBrute")
+	})
+}
@@ -100,7 +100,7 @@ require (
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/gorilla/websocket v1.5.0
 	github.com/gosnmp/gosnmp v1.35.0
-	github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66
+	github.com/hktalent/PipelineHttp v0.0.0-20221014032902-e7c54f476ebf
 	github.com/hktalent/goSqlite_gorm v1.1.4
 	github.com/hktalent/jarm-go v0.0.0-20220918133110-7801447b6267
 	github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358
 
@@ -541,6 +541,8 @@ github.com/hktalent/PipelineHttp v0.0.0-20221007051907-72402204b668 h1:10csPasxw
 github.com/hktalent/PipelineHttp v0.0.0-20221007051907-72402204b668/go.mod h1:ncw1+ugTc5GPQLUHHI7uWrgW2KWBppDBWwwjC984QJg=
 github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66 h1:D/PD14cl6K/udXTn1IQ25obI6bjRr+fmxeVnHOQGYlg=
 github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66/go.mod h1:ncw1+ugTc5GPQLUHHI7uWrgW2KWBppDBWwwjC984QJg=
+github.com/hktalent/PipelineHttp v0.0.0-20221014032902-e7c54f476ebf h1:WPENZPWsMew6/WRc7V796QNIqUk1d0jDHK3GX1pdfm0=
+github.com/hktalent/PipelineHttp v0.0.0-20221014032902-e7c54f476ebf/go.mod h1:ncw1+ugTc5GPQLUHHI7uWrgW2KWBppDBWwwjC984QJg=
 github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d h1:z1IUP4hqn0LGgs78bU2gSlna92/p+RlB0MSZ+RxSmCo=
 github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d/go.mod h1:Du0lF0ZtTONXpWydjmnsL71He+zlimYLmTmAZta19ZA=
 github.com/hktalent/go4Hacker v0.0.0-20220610050413-bb38dc39c4b9 h1:OAnRWLddVE6FPOeIHJcgDYWoQWpvh/F5w/1MEJikWIQ=
 
@@ -4,7 +4,7 @@
       "Tags": [
             "unauth"
       ],
-      "GobyQuery": "app=\"SonarQube-code management\"",
+      "GobyQuery": "app=\"SonarQube\"",
       "Description": "SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI.",
       "Product": "SonarQube",
       "Homepage": "https://www.sonarqube.org/",
@@ -14,7 +14,7 @@
       "References": [
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27986"
       ],
-      "HasExp": true,
+      "HasExp": false,
       "ExpParams": null,
       "ExpTips": {
             "Type": "",
@@ -64,50 +64,6 @@
                   ]
             }
       ],
-      "ExploitSteps": [
-            "AND",
-            {
-                  "Request": {
-                        "method": "GET",
-                        "uri": "/api/settings/values",
-                        "follow_redirect": true,
-                        "header": null,
-                        "data_type": "text",
-                        "data": "",
-                        "set_variable": []
-                  },
-                  "ResponseTest": {
-                        "type": "group",
-                        "operation": "AND",
-                        "checks": [
-                              {
-                                    "type": "item",
-                                    "variable": "$code",
-                                    "operation": "==",
-                                    "value": "200",
-                                    "bz": ""
-                              },
-                              {
-                                    "type": "item",
-                                    "variable": "$body",
-                                    "operation": "contains",
-                                    "value": "sonaranalyzer-cs.nuget.packageVersion",
-                                    "bz": ""
-                              },
-                              {
-                                    "type": "item",
-                                    "variable": "$body",
-                                    "operation": "contains",
-                                    "value": "sonar.core.id",
-                                    "bz": ""
-                              }
-                        ]
-                  },
-                  "SetVariable": [
-                        "output|lastbody|regex|"
-                  ]
-            }
-      ],
-      "PostTime": "2022-06-25 20:10:24",
-      "GobyVersion": "1.9.323"
+      "PostTime": "2021-11-29 15:03:58",
+      "GobyVersion": "1.9.310"
 }
Original file line number	Diff line number	Diff line change
`@@ -212,3 +212,9 @@ func Admin_brute(u string) (username string, password string, loginurl string) {`
`212`	`212`	`}`
`213`	`213`	`return "", "", ""`
`214`	`214`	`}`
	`215`	`+`
	`216`	`+func init() {`
	`217`	`+ util.RegInitFunc(func() {`
	`218`	`+ SkipAdminBrute = util.GetValAsBool("SkipAdminBrute")`
	`219`	`+ })`
	`220`	`+}`