2012-01-17 15:52:19 +00:00
|
|
|
Copyright (C) 2006-2012, Rapid7 LLC
|
2008-09-26 04:25:44 +00:00
|
|
|
All rights reserved.
|
2006-01-16 04:04:32 +00:00
|
|
|
|
2008-09-26 04:25:44 +00:00
|
|
|
Redistribution and use in source and binary forms, with or without modification,
|
|
|
|
are permitted provided that the following conditions are met:
|
2006-09-09 07:20:05 +00:00
|
|
|
|
2009-11-17 00:07:42 +00:00
|
|
|
* Redistributions of source code must retain the above copyright notice,
|
2008-09-26 04:25:44 +00:00
|
|
|
this list of conditions and the following disclaimer.
|
2007-03-24 07:02:21 +00:00
|
|
|
|
2008-09-26 04:25:44 +00:00
|
|
|
* Redistributions in binary form must reproduce the above copyright notice,
|
|
|
|
this list of conditions and the following disclaimer in the documentation
|
|
|
|
and/or other materials provided with the distribution.
|
2007-03-24 07:02:21 +00:00
|
|
|
|
2009-11-17 00:07:42 +00:00
|
|
|
* Neither the name of Rapid7 LLC nor the names of its contributors
|
|
|
|
may be used to endorse or promote products derived from this software
|
2008-09-26 04:25:44 +00:00
|
|
|
without specific prior written permission.
|
2006-01-16 04:00:36 +00:00
|
|
|
|
2008-09-26 04:25:44 +00:00
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
2009-11-17 00:07:42 +00:00
|
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
2008-09-26 04:25:44 +00:00
|
|
|
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
|
|
|
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
2009-11-17 00:07:42 +00:00
|
|
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
2008-09-26 04:25:44 +00:00
|
|
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
2009-11-17 00:07:42 +00:00
|
|
|
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
2008-09-26 04:25:44 +00:00
|
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2006-01-16 04:00:36 +00:00
|
|
|
|
2008-09-26 04:25:44 +00:00
|
|
|
================================================================================
|
|
|
|
|
2009-07-17 04:33:00 +00:00
|
|
|
The Metasploit Framework is provided under the 3-clause BSD license above.
|
2008-09-26 04:25:44 +00:00
|
|
|
|
2009-10-21 12:58:56 +00:00
|
|
|
The copyright on this package is held by Rapid7 LLC.
|
2008-09-26 04:25:44 +00:00
|
|
|
|
2009-07-17 04:33:00 +00:00
|
|
|
This license does not apply to the following components:
|
2011-12-06 23:03:36 +00:00
|
|
|
- The Bit-Struct library located under lib/bit-struct
|
2009-11-17 00:07:42 +00:00
|
|
|
- The OpenSSL library embedded into the Meterpreter payload binaries and the
|
2009-07-17 04:33:00 +00:00
|
|
|
corresponding header files in the source tree
|
2009-11-17 00:07:42 +00:00
|
|
|
- The Packet Sniffer SDK (MicroOLAP) library embedded into the Meterpreter
|
|
|
|
Sniffer extension. HD Moore has a single-seat developer license.
|
2010-03-24 00:03:32 +00:00
|
|
|
- The modified TightVNC binaries and their associated source code.
|
2009-07-17 04:33:00 +00:00
|
|
|
- The Byakugan plugin located under external/source/byakugan
|
|
|
|
- The Metasm library located under lib/metasm
|
2008-09-26 04:25:44 +00:00
|
|
|
- The PcapRub library located under external/pcaprub
|
2009-07-17 04:33:00 +00:00
|
|
|
- The Rabal library located under lib/rabal
|
2010-12-12 18:51:03 +00:00
|
|
|
- The PacketFu library located under lib/packetfu
|
2008-11-05 00:38:22 +00:00
|
|
|
- The Ruby-Lorcon library located under external/ruby-lorcon
|
2009-07-17 04:33:00 +00:00
|
|
|
- The SNMP library located under lib/snmp
|
|
|
|
- The Zip library located under lib/zip
|
Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-09 04:28:37 +00:00
|
|
|
- The SSHKey library located under lib/sshkey
|
2008-09-26 04:25:44 +00:00
|
|
|
|
|
|
|
The latest version of this software is available from http://metasploit.com/
|
|
|
|
|
|
|
|
Bug tracking and development information can be found at:
|
2011-05-03 04:41:40 +00:00
|
|
|
https://dev.metasploit.com/redmine/projects/framework/
|
2006-08-02 06:30:36 +00:00
|
|
|
|
Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-09 04:28:37 +00:00
|
|
|
The public GitHub source repository can be found at:
|
|
|
|
https://github.com/rapid7/metasploit-framework
|
|
|
|
|
2006-01-16 04:00:36 +00:00
|
|
|
Questions and suggestions can be sent to:
|
|
|
|
msfdev[at]metasploit.com
|
2009-11-17 00:07:42 +00:00
|
|
|
|
|
|
|
The framework mailing list is the place to discuss features and ask for help.
|
2008-09-26 04:25:44 +00:00
|
|
|
To subscribe, visit the following web page:
|
2009-07-17 04:33:00 +00:00
|
|
|
https://mail.metasploit.com/mailman/listinfo/framework
|
2007-03-24 07:02:21 +00:00
|
|
|
|
2012-05-21 14:20:40 +00:00
|
|
|
The e-mail archives are available from:
|
2009-07-17 04:33:00 +00:00
|
|
|
https://mail.metasploit.com/pipermail/framework/
|
2011-06-18 00:53:49 +00:00
|
|
|
|