2014-08-15 16:33:31 +00:00
|
|
|
# coding: utf-8
|
|
|
|
|
|
|
|
# During build, the Gemfile is temporarily moved and
|
|
|
|
# we must manually define the project root
|
|
|
|
if ENV['MSF_ROOT']
|
|
|
|
lib = File.realpath(File.expand_path('lib', ENV['MSF_ROOT']))
|
|
|
|
else
|
|
|
|
# have to use realpath as metasploit-framework is often loaded through a symlink and tools like Coverage and debuggers
|
|
|
|
# require realpaths.
|
|
|
|
lib = File.realpath(File.expand_path('../lib', __FILE__))
|
|
|
|
end
|
|
|
|
|
|
|
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
|
require 'metasploit/framework/version'
|
2014-12-19 17:37:23 +00:00
|
|
|
require 'metasploit/framework/rails_version_constraint'
|
2017-07-17 08:10:12 +00:00
|
|
|
require 'msf/util/helper'
|
2014-08-15 16:33:31 +00:00
|
|
|
|
|
|
|
Gem::Specification.new do |spec|
|
|
|
|
spec.name = 'metasploit-framework'
|
|
|
|
spec.version = Metasploit::Framework::GEM_VERSION
|
|
|
|
spec.authors = ['Metasploit Hackers']
|
2017-08-20 18:23:54 +00:00
|
|
|
spec.email = ['msfdev@metasploit.com']
|
2014-08-15 16:33:31 +00:00
|
|
|
spec.summary = 'metasploit-framework'
|
|
|
|
spec.description = 'metasploit-framework'
|
|
|
|
spec.homepage = 'https://www.metasploit.com'
|
|
|
|
spec.license = 'BSD-3-clause'
|
|
|
|
|
2017-07-10 14:38:10 +00:00
|
|
|
# only do a git ls-files if the .git folder exists and we have a git binary in PATH
|
2017-07-17 07:58:20 +00:00
|
|
|
if File.directory?(File.join(File.dirname(__FILE__), ".git")) && Msf::Util::Helper.which("git")
|
2017-05-26 15:07:49 +00:00
|
|
|
spec.files = `git ls-files`.split($/).reject { |file|
|
2017-05-26 15:35:49 +00:00
|
|
|
file =~ /^documentation|^external/
|
2017-05-26 15:07:49 +00:00
|
|
|
}
|
|
|
|
end
|
2014-08-15 16:33:31 +00:00
|
|
|
spec.bindir = '.'
|
2015-12-30 17:00:45 +00:00
|
|
|
if ENV['CREATE_BINSTUBS']
|
|
|
|
spec.executables = [
|
2014-08-15 16:33:31 +00:00
|
|
|
'msfconsole',
|
|
|
|
'msfd',
|
|
|
|
'msfrpc',
|
|
|
|
'msfrpcd',
|
|
|
|
'msfvenom'
|
2015-12-30 17:00:45 +00:00
|
|
|
]
|
|
|
|
end
|
2014-08-15 16:33:31 +00:00
|
|
|
spec.test_files = spec.files.grep(%r{^spec/})
|
|
|
|
spec.require_paths = ["lib"]
|
|
|
|
|
2015-11-09 19:03:26 +00:00
|
|
|
# Database support
|
|
|
|
spec.add_runtime_dependency 'activerecord', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
|
2014-08-15 16:33:31 +00:00
|
|
|
# Need 3+ for ActiveSupport::Concern
|
2014-12-19 19:54:13 +00:00
|
|
|
spec.add_runtime_dependency 'activesupport', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed for config.action_view for view plugin compatibility for Pro
|
2014-12-19 19:54:13 +00:00
|
|
|
spec.add_runtime_dependency 'actionpack', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
|
2017-05-18 04:39:45 +00:00
|
|
|
# Backports Ruby features across language versions
|
|
|
|
spec.add_runtime_dependency 'backports'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb)
|
|
|
|
spec.add_runtime_dependency 'bcrypt'
|
2014-09-20 00:10:39 +00:00
|
|
|
# Needed for Javascript obfuscation
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'jsobfu'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed for some admin modules (scrutinizer_add_user.rb)
|
|
|
|
spec.add_runtime_dependency 'json'
|
2014-12-23 02:26:30 +00:00
|
|
|
# Metasm compiler/decompiler/assembler
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'metasm'
|
2014-09-18 14:33:57 +00:00
|
|
|
# Metasploit::Concern hooks
|
2016-04-06 19:47:43 +00:00
|
|
|
spec.add_runtime_dependency 'metasploit-concern'
|
2015-11-09 19:03:26 +00:00
|
|
|
# Metasploit::Credential database models
|
2016-05-13 18:34:18 +00:00
|
|
|
spec.add_runtime_dependency 'metasploit-credential'
|
2015-11-09 19:03:26 +00:00
|
|
|
# Database models shared between framework and Pro.
|
2016-05-13 18:34:18 +00:00
|
|
|
spec.add_runtime_dependency 'metasploit_data_models'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Things that would normally be part of the database model, but which
|
|
|
|
# are needed when there's no database
|
2016-05-13 18:34:18 +00:00
|
|
|
spec.add_runtime_dependency 'metasploit-model'
|
2015-06-22 21:56:54 +00:00
|
|
|
# Needed for Meterpreter
|
2018-02-15 23:37:33 +00:00
|
|
|
spec.add_runtime_dependency 'metasploit-payloads', '1.3.29'
|
2016-05-26 21:17:43 +00:00
|
|
|
# Needed for the next-generation POSIX Meterpreter
|
2018-02-07 14:04:34 +00:00
|
|
|
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.3.7'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed by msfgui and other rpc components
|
|
|
|
spec.add_runtime_dependency 'msgpack'
|
2015-11-09 19:03:26 +00:00
|
|
|
# get list of network interfaces, like eth* from OS.
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'network_interface'
|
2016-07-05 22:05:42 +00:00
|
|
|
# NTLM authentication
|
|
|
|
spec.add_runtime_dependency 'rubyntlm'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed by anemone crawler
|
|
|
|
spec.add_runtime_dependency 'nokogiri'
|
|
|
|
# Needed by db.rb and Msf::Exploit::Capture
|
2017-05-09 16:03:32 +00:00
|
|
|
spec.add_runtime_dependency 'packetfu'
|
2015-11-09 19:03:26 +00:00
|
|
|
# For sniffer and raw socket modules
|
|
|
|
spec.add_runtime_dependency 'pcaprub'
|
2017-06-21 08:13:43 +00:00
|
|
|
# Used by the Metasploit data model, etc.
|
|
|
|
# bound to 0.20 for Activerecord 4.2.8 deprecation warnings:
|
|
|
|
# https://github.com/ged/ruby-pg/commit/c90ac644e861857ae75638eb6954b1cb49617090
|
2017-06-21 08:11:11 +00:00
|
|
|
spec.add_runtime_dependency 'pg', '0.20.0'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Run initializers for metasploit-concern, metasploit-credential, metasploit_data_models Rails::Engines
|
|
|
|
spec.add_runtime_dependency 'railties'
|
2014-10-29 21:26:36 +00:00
|
|
|
# required for OS fingerprinting
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'recog'
|
2015-10-07 09:16:49 +00:00
|
|
|
# required for bitlocker fvek extraction
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'openssl-ccm'
|
2016-03-25 01:43:51 +00:00
|
|
|
# Needed for documentation generation
|
|
|
|
spec.add_runtime_dependency 'octokit'
|
|
|
|
spec.add_runtime_dependency 'redcarpet'
|
2016-03-30 04:21:01 +00:00
|
|
|
# Needed for Microsoft patch finding tool (msu_finder)
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'patch_finder'
|
2016-05-17 16:40:25 +00:00
|
|
|
# TimeZone info
|
|
|
|
spec.add_runtime_dependency 'tzinfo-data'
|
2016-06-28 21:10:48 +00:00
|
|
|
# Gem for dealing with SSHKeys
|
|
|
|
spec.add_runtime_dependency 'sshkey'
|
2016-06-28 20:58:47 +00:00
|
|
|
# BitStruct Library used for handling certain Protocol Header/Packet construction
|
|
|
|
spec.add_runtime_dependency 'bit-struct'
|
2016-07-26 21:59:13 +00:00
|
|
|
# Library for interpreting Windows error codes and strings
|
|
|
|
spec.add_runtime_dependency 'windows_error'
|
2017-04-13 12:12:38 +00:00
|
|
|
# This used to be depended on by nokogiri, depended on by wmap
|
2017-04-13 22:33:29 +00:00
|
|
|
if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0')
|
|
|
|
spec.add_runtime_dependency 'xmlrpc'
|
|
|
|
end
|
2016-05-14 00:00:52 +00:00
|
|
|
|
2017-07-07 11:19:06 +00:00
|
|
|
#
|
|
|
|
# File Parsing Libraries
|
|
|
|
#
|
|
|
|
# Needed by auxiliary/gather/http_pdf_authors module
|
|
|
|
spec.add_runtime_dependency 'pdf-reader'
|
2017-12-29 03:13:25 +00:00
|
|
|
spec.add_runtime_dependency 'ruby-macho'
|
2017-07-07 11:19:06 +00:00
|
|
|
|
2016-07-05 16:08:57 +00:00
|
|
|
#
|
|
|
|
# Protocol Libraries
|
|
|
|
#
|
2016-10-08 23:34:44 +00:00
|
|
|
spec.add_runtime_dependency 'dnsruby'
|
2017-12-20 20:28:02 +00:00
|
|
|
spec.add_runtime_dependency 'mqtt'
|
2016-07-05 16:08:57 +00:00
|
|
|
spec.add_runtime_dependency 'net-ssh'
|
2017-08-01 20:26:50 +00:00
|
|
|
spec.add_runtime_dependency 'bcrypt_pbkdf'
|
2018-02-22 16:45:49 +00:00
|
|
|
spec.add_runtime_dependency 'ruby_smb', '0.0.18'
|
2016-07-05 16:08:57 +00:00
|
|
|
|
2016-06-21 18:56:36 +00:00
|
|
|
#
|
|
|
|
# REX Libraries
|
|
|
|
#
|
2016-08-26 19:00:13 +00:00
|
|
|
# Core of the Ruby Exploitation Library
|
|
|
|
spec.add_runtime_dependency 'rex-core'
|
2016-06-21 18:56:36 +00:00
|
|
|
# Text manipulation library for things like generating random string
|
|
|
|
spec.add_runtime_dependency 'rex-text'
|
|
|
|
# Library for Generating Randomized strings valid as Identifiers such as variable names
|
|
|
|
spec.add_runtime_dependency 'rex-random_identifier'
|
|
|
|
# library for creating Powershell scripts for exploitation purposes
|
2017-10-25 21:29:11 +00:00
|
|
|
spec.add_runtime_dependency 'rex-powershell', ["< 0.1.78"]
|
2016-06-21 18:56:36 +00:00
|
|
|
# Library for processing and creating Zip compatbile archives
|
|
|
|
spec.add_runtime_dependency 'rex-zip'
|
|
|
|
# Library for parsing offline Windows Registry files
|
|
|
|
spec.add_runtime_dependency 'rex-registry'
|
2016-06-27 19:52:49 +00:00
|
|
|
# Library for parsing Java serialized streams
|
|
|
|
spec.add_runtime_dependency 'rex-java'
|
2016-07-15 21:01:21 +00:00
|
|
|
# Library for C-style structs
|
|
|
|
spec.add_runtime_dependency 'rex-struct2'
|
2016-09-27 09:01:05 +00:00
|
|
|
# Library which contains architecture specific information such as registers, opcodes,
|
2016-07-20 21:42:41 +00:00
|
|
|
# and stack manipulation routines.
|
2017-05-30 04:41:10 +00:00
|
|
|
spec.add_runtime_dependency 'rex-arch'
|
2016-07-21 23:07:23 +00:00
|
|
|
# Library for working with OLE.
|
|
|
|
spec.add_runtime_dependency 'rex-ole'
|
2016-09-01 16:38:07 +00:00
|
|
|
# Library for creating and/or parsing MIME messages.
|
|
|
|
spec.add_runtime_dependency 'rex-mime'
|
2016-09-06 16:27:06 +00:00
|
|
|
# Library for Dynamic Multi-byte x86 NOP generation
|
|
|
|
spec.add_runtime_dependency 'rex-nop'
|
2016-08-15 19:01:43 +00:00
|
|
|
# Library for parsing and manipulating executable binaries
|
|
|
|
spec.add_runtime_dependency 'rex-bin_tools'
|
2016-08-26 19:00:13 +00:00
|
|
|
# Rex Socket Abstraction Layer
|
2016-08-26 19:12:16 +00:00
|
|
|
spec.add_runtime_dependency 'rex-socket'
|
2016-08-30 15:43:47 +00:00
|
|
|
# Library for scanning a server's SSL/TLS capabilities
|
|
|
|
spec.add_runtime_dependency 'rex-sslscan'
|
2016-09-12 21:06:53 +00:00
|
|
|
# Library and tool for finding ROP gadgets in a supplied binary
|
|
|
|
spec.add_runtime_dependency 'rex-rop_builder'
|
2016-09-14 17:07:26 +00:00
|
|
|
# Library for polymorphic encoders; used for payload encoding
|
|
|
|
spec.add_runtime_dependency 'rex-encoder'
|
2016-10-11 22:40:43 +00:00
|
|
|
# Library for exploit development helpers
|
|
|
|
spec.add_runtime_dependency 'rex-exploitation'
|
2017-01-18 14:20:16 +00:00
|
|
|
# Command line editing, history, and tab completion in msfconsole
|
|
|
|
spec.add_runtime_dependency 'rb-readline'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed by some modules
|
2016-04-15 16:45:43 +00:00
|
|
|
spec.add_runtime_dependency 'rubyzip'
|
2014-08-15 16:33:31 +00:00
|
|
|
# Needed for some post modules
|
|
|
|
spec.add_runtime_dependency 'sqlite3'
|
|
|
|
# required for Time::TZInfo in ActiveSupport
|
|
|
|
spec.add_runtime_dependency 'tzinfo'
|
2015-10-28 21:28:33 +00:00
|
|
|
# Needed so that disk size output isn't horrible
|
|
|
|
spec.add_runtime_dependency 'filesize'
|
2016-08-18 22:02:46 +00:00
|
|
|
# Needed for openvas plugin
|
|
|
|
spec.add_runtime_dependency 'openvas-omp'
|
2016-08-14 15:57:33 +00:00
|
|
|
# Needed by metasploit nessus bridge
|
|
|
|
spec.add_runtime_dependency 'nessus_rest'
|
2017-01-25 16:13:28 +00:00
|
|
|
# Nexpose Gem
|
|
|
|
spec.add_runtime_dependency 'nexpose'
|
2017-05-23 12:11:06 +00:00
|
|
|
# Needed for NDMP sockets
|
|
|
|
spec.add_runtime_dependency 'xdr'
|
Update TLS certificate generation routines
Msf relies on Rex::Socket to create TLS certificates for services
hosted in the framework and used by some payloads. These certs are
flagged by NIDS - snort sid 1-34864 and such.
Now that Rex::Socket can accept a @@cert_provider from the Msf
namespace, a more robust generation routine can be used by all TLS
socket services, provided down from Msf to Rex, using dependencies
which Rex does not include.
This work adds the faker gem into runtime dependencies, creates an
Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides
API compatible method invocations with the Rex version, but able
to generate higher entropy certs with more variables, options, etc.
This should reduce the hit rate against NIDS on the wire, reducing
pesky blue team interference until we slip up some other way. Also,
with the ability to generate different cert types, we may want to
look at extending this effort to probide a more comprehensive key
oracle to Framework and consumers.
Testing:
None yet, internal tests pending.
Travis should fail as this requires rex-socket #8.
2017-12-29 02:00:03 +00:00
|
|
|
# Needed for ::Msf...CertProvider
|
|
|
|
spec.add_runtime_dependency 'faker'
|
2014-08-15 16:33:31 +00:00
|
|
|
end
|