Merge for retab

.gitignore

@@ -1,11 +1,19 @@
+.bundle
 # Rubymine project directory
 .idea
+# Sublime Text project directory (not created by ST by default)
+.sublime-project
+# Portable ruby version files for rvm
+.ruby-gemset
+.ruby-version
 # RVM control file
 .rvmrc
 # YARD cache directory
 .yardoc
 # Mac OS X files
 .DS_Store
+# database config for testing
+config/database.yml
 # simplecov coverage data
 coverage
 data/meterpreter/ext_server_pivot.dll
@@ -16,6 +24,17 @@ external/source/meterpreter/java/build
 external/source/meterpreter/java/extensions
 external/source/javapayload/bin
 external/source/javapayload/build
+# Java binary ignores. Replace the 5 above with this once we're merged.
+external/source/javapayload/*/.classpath
+external/source/javapayload/*/.project
+external/source/javapayload/*/.settings
+external/source/javapayload/*/bin
+external/source/javapayload/*/target
+external/source/javapayload/*/*/.classpath
+external/source/javapayload/*/*/.project
+external/source/javapayload/*/*/.settings
+external/source/javapayload/*/*/bin
+external/source/javapayload/*/*/target
 # Packaging directory
 pkg
 tags
@@ -23,3 +42,5 @@ tags
 *.orig
 *.rej
 *~
+# Ignore backups of retabbed files
+*.notab

.mailmap

@@ -0,0 +1,71 @@
+bperry-r7 <bperry-r7@github>       Brandon Perry <bperry.volatile@gmail.com>
+bperry-r7 <bperry-r7@github>       Brandon Perry <bperry@bperry-rapid7.(none)>
+bturner-r7 <bturner-r7@github>     Brandon Turner <brandon_turner@rapid7.com>
+dmaloney-r7 <dmaloney-r7@github>   David Maloney <DMaloney@rapid7.com> # aka TheLightCosine
+dmaloney-r7 <dmaloney-r7@github>   David Maloney <David_Maloney@rapid7.com>
+ecarey-r7 <ecarey-r7@github>       Erran Carey <e@ipwnstuff.com>
+hmoore-r7 <hmoore-r7@github>       HD Moore <hd_moore@rapid7.com>
+hmoore-r7 <hmoore-r7@github>       HD Moore <hdm@digitaloffense.net>
+jlee-r7 <jlee-r7@github>           James Lee <James_Lee@rapid7.com>
+jlee-r7 <jlee-r7@github>           James Lee <egypt@metasploit.com> # aka egypt
+jlee-r7 <jlee-r7@github>           egypt <egypt@metasploit.com> # aka egypt
+joev-r7 <joev-r7@github>           Joe Vennix <Joe_Vennix@rapid7.com>
+jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <juan.vazquez@metasploit.com>
+limhoff-r7 <limhoff-r7@github>     Luke Imhoff <luke_imhoff@rapid7.com>
+shuckins-r7 <shuckins-r7@github>   Samuel Huckins <samuel_huckins@rapid7.com>
+tasos-r7 <tasos-r7@github>         Tasos Laskos <Tasos_Laskos@rapid7.com>
+todb-r7 <todb-r7@github>           Tod Beardsley <tod_beardsley@rapid7.com>
+todb-r7 <todb-r7@github>           Tod Beardsley <todb@metasploit.com>
+wchen-r7 <wchen-r7@github>         Wei Chen <Wei_Chen@rapid7.com>
+wchen-r7 <wchen-r7@github>         sinn3r <msfsinn3r@gmail.com> # aka sinn3r
+wchen-r7 <wchen-r7@github>         sinn3r <wei_chen@rapid7.com>
+
+# Above this line are current Rapid7 employees Below this paragraph are
+# volunteers, former employees, and potential Rapid7 employees who, at
+# one time or another, had some largeish number of commits landed on
+# rapid7/metasploit-framework master branch.  This should be refreshed
+# periodically. If you're on this list and would like to not be, just
+# let todb@metasploit.com know.
+
+Brian Wallace <bwall@github>           (B)rian (Wall)ace <nightstrike9809@gmail.com>
+Brian Wallace <bwall@github>           Brian Wallace <bwall@openbwall.com>
+ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <chris.riley@c22.cc>
+ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <reg@c22.cc>
+FireFart <FireFart@github>             Christian Mehlmauer <firefart@gmail.com>
+Meatballs1 <Meatballs1@github>         Ben Campbell <eat_meatballs@hotmail.co.uk>
+Meatballs1 <Meatballs1@github>         Meatballs <eat_meatballs@hotmail.co.uk>
+Meatballs1 <Meatballs1@github>         Meatballs1 <eat_meatballs@hotmail.co.uk> 
+bannedit <bannedit@github>             David Rude <bannedit0@gmail.com>
+ceballosm <ceballosm@github>           Mario Ceballos <mc@metasploit.com>
+corelanc0d3er <corelanc0d3er@github>   Peter Van Eeckhoutte (corelanc0d3r) <peter.ve@corelan.be>
+corelanc0d3er <corelanc0d3er@github>   corelanc0d3r <peter.ve@corelan.be>
+darkoperator <darkoperator@github>     Carlos Perez <carlos_perez@darkoperator.com>
+efraintorres <efraintorres@github>     efraintorres <etlownoise@gmail.com>
+efraintorres <efraintorres@github>     et <>
+fab <fab@???>                          fab <> # fab at revhosts.net (Fabrice MOURRON)
+h0ng10 <h0ng10@github>                 Hans-Martin Münch <hansmartin.muench@googlemail.com>
+h0ng10 <h0ng10@github>                 h0ng10 <hansmartin.muench@googlemail.com>
+jcran <jcran@github>                   Jonathan Cran <jcran@0x0e.org>
+jcran <jcran@github>                   Jonathan Cran <jcran@rapid7.com>
+jduck <jduck@github>                   Joshua Drake <github.jdrake@qoop.org>
+jgor <jgor@github>                     jgor <jgor@indiecom.org>
+kernelsmith <kernelsmith@github>       Joshua Smith <kernelsmith@kernelsmith.com>
+kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
+kost <kost@github>                     Vlatko Kosturjak <kost@linux.hr>
+kris <kris@???>                        kris <>
+m-1-k-3 <m-1-k-3@github>               m-1-k-3 <github@s3cur1ty.de>
+m-1-k-3 <m-1-k-3@github>               m-1-k-3 <m1k3@s3cur1ty.de>
+m-1-k-3 <m-1-k-3@github>               m-1-k-3 <michael.messner@integralis.com>
+mubix <mubix@github>                   Rob Fuller <jd.mubix@gmail.com>
+nevdull77 <nevdull77@github>           Patrik Karlsson <patrik@cqure.net>
+nmonkee <nmonkee@github>               nmonkee <dave@northern-monkee.co.uk> 
+nullbind <nullbind@github>             nullbind <scott.sutherland@nullbind.com>
+ohdae <ohdae@github>                   ohdae <bindshell@live.com>
+r3dy <r3dy@github>                     Royce Davis <r3dy@Royces-MacBook-Pro.local>
+r3dy <r3dy@github>                     Royce Davis <royce.e.davis@gmail.com>
+rsmudge <rsmudge@github>               Raphael Mudge <rsmudge@gmail.com> # Aka `butane
+schierlm <schierlm@github>             Michael Schierl <schierlm@gmx.de> # Aka mihi
+scriptjunkie <scriptjunkie@github>     Matt Weeks <scriptjunkie@scriptjunkie.us>
+skape <skape@???>                      Matt Miller <mmiller@hick.org>
+spoonm <spoonm@github>                 Spoon M <spoonm@gmail.com>
+swtornio <swtornio@github>             Steve Tornio <swtornio@gmail.com>

.simplecov

@@ -0,0 +1,58 @@
+# RM_INFO is set when using Rubymine.  In Rubymine, starting SimpleCov is
+# controlled by running with coverage, so don't explicitly start coverage (and
+# therefore generate a report) when in Rubymine.  This _will_ generate a report
+# whenever `rake spec` is run.
+unless ENV['RM_INFO']
+	SimpleCov.start
+end
+
+SimpleCov.configure do
+  # ignore this file
+	add_filter '.simplecov'
+
+	#
+	# Changed Files in Git Group
+	# @see http://fredwu.me/post/35625566267/simplecov-test-coverage-for-changed-files-only
+	#
+
+	untracked = `git ls-files --exclude-standard --others`
+	unstaged = `git diff --name-only`
+	staged = `git diff --name-only --cached`
+	all = untracked + unstaged + staged
+	changed_filenames = all.split("\n")
+
+	add_group 'Changed' do |source_file|
+		changed_filenames.detect { |changed_filename|
+			source_file.filename.end_with?(changed_filename)
+		}
+	end
+
+	#
+	# Framework (msf) related groups
+	#
+
+	add_group 'Metasploit Framework', 'lib/msf'
+	add_group 'Metasploit Framework (Base)', 'lib/msf/base'
+	add_group 'Metasploit Framework (Core)', 'lib/msf/core'
+
+	#
+	# Other library groups
+	#
+
+	add_group 'Fastlib', 'lib/fastlib'
+	add_group 'Metasm', 'lib/metasm'
+	add_group 'PacketFu', 'lib/packetfu'
+	add_group 'Rex', 'lib/rex'
+	add_group 'RKelly', 'lib/rkelly'
+	add_group 'Ruby Mysql', 'lib/rbmysql'
+	add_group 'Ruby Postgres', 'lib/postgres'
+	add_group 'SNMP', 'lib/snmp'
+	add_group 'Zip', 'lib/zip'
+
+	#
+	# Specs are reported on to ensure that all examples are being run and all
+	# lets, befores, afters, etc are being used.
+	#
+
+	add_group 'Specs', 'spec'
+end

.travis.yml

@@ -1,4 +1,12 @@
 language: ruby
+before_install:
+  - sudo apt-get update -qq
+  - sudo apt-get install -qq libpcap-dev
+before_script:
+  - cp config/database.yml.travis config/database.yml
+  - rake db:create
+  - rake db:migrate
+
 rvm:
   #- '1.8.7'
   - '1.9.3'

.yardopts

@@ -0,0 +1,7 @@
+--protected
+--exclude samples/
+--exclude \.ut\.rb/
+--exclude \.ts\.rb/
+--files CONTRIBUTING.md,COPYING,HACKING,LICENSE
+lib/msf/**/*.rb
+lib/rex/**/*.rb

CONTRIBUTING.md

@@ -12,7 +12,7 @@ If your bug is new and you'd like to report it you will need to
 first](https://dev.metasploit.com/redmine/account/register). Don't
 worry, it's easy and fun and takes about 30 seconds.
 
-When you file a bug report, please inclue your **steps to reproduce**,
+When you file a bug report, please include your **steps to reproduce**,
 full copy-pastes of Ruby stack traces, and any relevant details about
 your environment. Without repro steps, your bug will likely be closed.
 With repro steps, your bugs will likely be fixed.
@@ -36,3 +36,9 @@ Pull requests tend to be very collaborative for Metasploit -- do not be
 surprised if your pull request to rapid7/metasploit-framework triggers a
 pull request back to your own fork. In this way, we can isolate working
 changes before landing your PR to the Metasploit master branch.
+
+To save yourself the embarrassment of committing common errors, you will
+want to symlink the `msftidy.rb` utility to your pre-commit hooks by
+running `ln -s ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit`
+from the top-level directory of your metasploit-framework clone. This
+will prevent you from committing modules that raise WARNINGS or ERRORS.

COPYING

@@ -11,7 +11,7 @@ are permitted provided that the following conditions are met:
 	  this list of conditions and the following disclaimer in the documentation
 	  and/or other materials provided with the distribution.
 
-    * Neither the name of Rapid7 LLC nor the names of its contributors
+    * Neither the name of Rapid7, Inc. nor the names of its contributors
 	  may be used to endorse or promote products derived from this software
 	  without specific prior written permission.
 
@@ -30,7 +30,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 The Metasploit Framework is provided under the 3-clause BSD license above.
 
-The copyright on this package is held by Rapid7 LLC.
+The copyright on this package is held by Rapid7, Inc.
 
 This license does not apply to several components within the Metasploit
 Framework source tree.  For more details see the LICENSE file.

Gemfile

@@ -2,29 +2,61 @@ source 'http://rubygems.org'
 
 # Need 3+ for ActiveSupport::Concern
 gem 'activesupport', '>= 3.0.0'
-# Needed for Msf::DbManager
-gem 'activerecord'
-# Database models shared between framework and Pro.
-gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.3.0'
-# Needed for module caching in Mdm::ModuleDetails
-gem 'pg', '>= 0.11'
+# Needed for some admin modules (scrutinizer_add_user.rb)
+gem 'json'
+# Needed by msfgui and other rpc components
+gem 'msgpack'
+# Needed by anemone crawler
+gem 'nokogiri'
+# Needed by anemone crawler
+gem 'robots'
+# Needed by db.rb and Msf::Exploit::Capture
+gem 'packetfu', '1.1.8'
+
+group :db do
+	# Needed for Msf::DbManager
+	gem 'activerecord'
+	# Database models shared between framework and Pro.
+	gem 'metasploit_data_models', '~> 0.16.6'
+	# Needed for module caching in Mdm::ModuleDetails
+	gem 'pg', '>= 0.11'
+end
+
+group :pcap do
+  gem 'network_interface', '~> 0.0.1'
+	# For sniffer and raw socket modules
+	gem 'pcaprub'
+end
 
 group :development do
-  # Markdown formatting for yard
-  gem 'redcarpet'
-  # generating documentation
-  gem 'yard'
+	# Markdown formatting for yard
+	gem 'redcarpet'
+	# generating documentation
+	gem 'yard'
 end
 
 group :development, :test do
-  # running documentation generation tasks and rspec tasks
-  gem 'rake'
+	# supplies factories for producing model instance for specs
+	# Version 4.1.0 or newer is needed to support generate calls without the
+	# 'FactoryGirl.' in factory definitions syntax.
+	gem 'factory_girl', '>= 4.1.0'
+	# running documentation generation tasks and rspec tasks
+	gem 'rake'
 end
 
 group :test do
-  # testing framework
-  gem 'rspec', '>= 2.12'
-  # code coverage for tests
-  # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
-  gem 'simplecov', '0.5.4', :require => false
+	# Removes records from database created during tests.  Can't use rspec-rails'
+	# transactional fixtures because multiple connections are in use so
+	# transactions won't work.
+	gem 'database_cleaner'
+	# testing framework
+	gem 'rspec', '>= 2.12'
+	# add matchers from shoulda, such as query_the_database, which is useful for
+	# testing that the Msf::DBManager activation is respected.
+	gem 'shoulda-matchers'
+	# code coverage for tests
+	# any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
+	gem 'simplecov', '0.5.4', :require => false
+	# Manipulate Time.now in specs
+	gem 'timecop'
 end

Gemfile.lock

@@ -1,57 +1,62 @@
-GIT
-  remote: git://github.com/rapid7/metasploit_data_models.git
-  revision: 73f26789500f278dd6fd555e839d09a3b81a05f4
-  tag: 0.3.0
-  specs:
-    metasploit_data_models (0.3.0)
-      activerecord
-      activesupport
-      pg
-      pry
-
 GEM
   remote: http://rubygems.org/
   specs:
-    activemodel (3.2.9)
-      activesupport (= 3.2.9)
+    activemodel (3.2.13)
+      activesupport (= 3.2.13)
       builder (~> 3.0.0)
-    activerecord (3.2.9)
-      activemodel (= 3.2.9)
-      activesupport (= 3.2.9)
+    activerecord (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activesupport (3.2.9)
-      i18n (~> 0.6)
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
       multi_json (~> 1.0)
     arel (3.0.2)
+    bourne (1.4.0)
+      mocha (~> 0.13.2)
     builder (3.0.4)
-    coderay (1.0.8)
-    diff-lcs (1.1.3)
+    database_cleaner (0.9.1)
+    diff-lcs (1.2.2)
+    factory_girl (4.2.0)
+      activesupport (>= 3.0.0)
     i18n (0.6.1)
-    method_source (0.8.1)
+    json (1.7.7)
+    metaclass (0.0.1)
+    metasploit_data_models (0.16.6)
+      activerecord (>= 3.2.13)
+      activesupport
+      pg
+    mocha (0.13.3)
+      metaclass (~> 0.0.1)
+    msgpack (0.5.4)
     multi_json (1.0.4)
-    pg (0.14.1)
-    pry (0.9.10)
-      coderay (~> 1.0.5)
-      method_source (~> 0.8)
-      slop (~> 3.3.1)
-    rake (10.0.2)
+    network_interface (0.0.1)
+    nokogiri (1.5.9)
+    packetfu (1.1.8)
+    pcaprub (0.11.3)
+    pg (0.15.1)
+    rake (10.0.4)
     redcarpet (2.2.2)
-    rspec (2.12.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    rspec-core (2.12.1)
-    rspec-expectations (2.12.0)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.12.0)
+    robots (0.10.1)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.0)
+    shoulda-matchers (1.5.2)
+      activesupport (>= 3.0.0)
+      bourne (~> 1.3)
     simplecov (0.5.4)
       multi_json (~> 1.0.3)
       simplecov-html (~> 0.5.3)
     simplecov-html (0.5.3)
-    slop (3.3.3)
-    tzinfo (0.3.35)
-    yard (0.8.3)
+    timecop (0.6.1)
+    tzinfo (0.3.37)
+    yard (0.8.5.2)
 
 PLATFORMS
   ruby
@@ -59,10 +64,21 @@ PLATFORMS
 DEPENDENCIES
   activerecord
   activesupport (>= 3.0.0)
-  metasploit_data_models!
+  database_cleaner
+  factory_girl (>= 4.1.0)
+  json
+  metasploit_data_models (~> 0.16.6)
+  msgpack
+  network_interface (~> 0.0.1)
+  nokogiri
+  packetfu (= 1.1.8)
+  pcaprub
   pg (>= 0.11)
   rake
   redcarpet
+  robots
   rspec (>= 2.12)
+  shoulda-matchers
   simplecov (= 0.5.4)
+  timecop
   yard

HACKING

@@ -37,9 +37,10 @@ need user input, you can either register an option or expose an
 interactive session type specific for the type of exploit.
 
 3. Don't use "sleep". It has been known to cause issues with
-multi-threaded programs on various platforms. Instead, we use
-"select(nil, nil, nil, <time>)" throughout the framework. We have
-found this works around the underlying issue.
+multi-threaded programs on various platforms running an older version of
+Ruby such as 1.8. Instead, we use "select(nil, nil, nil, <time>)" or
+Rex.sleep() throughout the framework. We have found this works around
+the underlying issue.
 
 4. Always use Rex sockets, not ruby sockets.  This includes
 third-party libraries such as Net::Http.  There are several very good
@@ -110,7 +111,15 @@ Non-scanner aux modules use run().
 Submitting Your Code
 ====================
 
-The process for submitting new modules via GitHub is documented here:
+To get started with a Metasploit Framework source clone, simply:
+
+  - Fork rapid7/metasploit-framework to your GitHub account
+  - git clone git://github.com/YourName/metasploit-framework.git
+  - gem install bundler
+  - bundle install
+
+More detailed documentation regarding the process for submitting new
+modules via GitHub is documented here:
 
 https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment
 

LICENSE

@@ -12,6 +12,8 @@ License: BSD-3-clause
 #
 # This license does not apply to third-party components detailed below.
 #
+# Last updated: 2013-Mar-25
+#
 
 Files: data/john/*
 Copyright: 1996-2011 Solar Designer.
@@ -30,18 +32,10 @@ Files: external/ruby-lorcon/*
 Copyright: 2005, dragorn and Joshua Wright
 License: LGPL-2.1
 
-Files: external/source/armitage/* data/armitage/*
-Copyright: 2010-2012 Raphael Mudge
-License: BSD-3-clause
-
 Files: external/source/byakugan/*
 Copyright: Lurene Grenier, 2009
 License: BSD-3-clause
 
-Files: external/source/gui/msfguijava/* data/gui/*
-Copyright: 2010 scriptjunkie
-License: BSD-3-clause
-
 Files: external/source/ipwn/*
 Copyright: 2004-2005 vlad902 <vlad902 [at] gmail.com>
            2007 H D Moore <hdm [at] metasploit.com>
@@ -449,7 +443,7 @@ Copyright: 2011 James Miller
 License: MIT
 
 Files: lib/windows_console_color_support.rb
-Copyright: 2011 Michael 'migi' Schierl
+Copyright: 2011 Michael 'mihi' Schierl
 License: BSD-3-clause
 
 Files: lib/zip.rb lib/zip/*

README.md

@@ -47,7 +47,7 @@ pull request. For slightly more info, see
 [Contributing](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md).
 
 
-[wiki-devenv]: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment "Metasploit Development Environment Setup"
+[wiki-devenv]: https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment "Metasploit Development Environment Setup"
 [wiki-start]: https://github.com/rapid7/metasploit-framework/wiki/ "Metasploit Wiki"
 [wiki-usage]: https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit "Using Metasploit"
 [unleashed]: http://www.offensive-security.com/metasploit-unleashed/ "Metasploit Unleashed"

Rakefile

@@ -1,47 +1,81 @@
 require 'bundler/setup'
 
-require 'rspec/core/rake_task'
-require 'yard'
+pathname = Pathname.new(__FILE__)
+root = pathname.parent
 
-RSpec::Core::RakeTask.new(:spec)
+# add metasploit-framework/lib to load paths so rake files can just require
+# files normally without having to use __FILE__ and recalculating root and the
+# path to lib
+lib_pathname = root.join('lib')
+$LOAD_PATH.unshift(lib_pathname.to_s)
 
-task :default => :spec
+#
+# load rake files like a rails engine
+#
 
-namespace :yard do
-  yard_files = [
-      # Ruby source files first
-      'lib/msf/**/*.rb',
-      'lib/rex/**/*.rb',
-      # Anything after '-' is a normal documentation, not source
-      '-',
-      'COPYING',
-      'HACKING',
-      'THIRD-PARTY.md'
-  ]
-  yard_options = [
-      # include documentation for protected methods for developers extending the code.
-      '--protected'
-  ]
+rakefile_glob = root.join('lib', 'tasks', '**', '*.rake').to_path
 
-  YARD::Rake::YardocTask.new(:doc) do |t|
-    t.files = yard_files
-    # --no-stats here as 'stats' task called after will print fuller stats
-    t.options = yard_options + ['--no-stats']
-
-    t.after = Proc.new {
-      Rake::Task['yard:stats'].execute
-    }
-  end
-
-  desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods"
-  task :stats => :environment do
-    stats = YARD::CLI::Stats.new
-    yard_arguments = yard_options + ['--compact', '--list-undoc'] + yard_files
-    stats.run(*yard_arguments)
-  end
+Dir.glob(rakefile_glob) do |rakefile|
+  # Skip database tasks, will load them later if MDM is present
+  next if rakefile =~ /database\.rake$/
+  load rakefile
 end
 
-# @todo Figure out how to just clone description from yard:doc
-desc "Generate YARD documentation"
-# allow calling namespace to as a task that goes to default task for namespace
-task :yard => ['yard:doc']
+print_without = false
+
+begin
+	require 'rspec/core/rake_task'
+rescue LoadError
+	puts "rspec not in bundle, so can't set up spec tasks.  " \
+	     "To run specs ensure to install the development and test groups."
+
+	print_without = true
+else
+	RSpec::Core::RakeTask.new(:spec => 'db:test:prepare')
+
+	task :default => :spec
+end
+
+# Require yard before loading metasploit_data_models rake tasks as the yard tasks won't be defined if
+# YARD is not defined when yard.rake is loaded.
+begin
+  require 'yard'
+rescue LoadError
+	puts "yard not in bundle, so can't set up yard tasks.  " \
+	     "To generate documentation ensure to install the development group."
+
+	print_without = true
+end
+
+begin
+	require 'metasploit_data_models'
+rescue LoadError
+	puts "metasploit_data_models not in bundle, so can't set up db tasks.  " \
+	     "To run database tasks, ensure to install the db bundler group."
+
+	print_without = true
+else
+	load 'lib/tasks/database.rake'
+	metasploit_data_models_task_glob = MetasploitDataModels.root.join(
+			'lib',
+			'tasks',
+			'**',
+			'*.rake'
+	).to_s
+	# include tasks from metasplioit_data_models, such as `rake yard`.
+	# metasploit-framework specific yard options are in .yardopts
+	Dir.glob(metasploit_data_models_task_glob) do |path|
+		load path
+	end
+end
+
+
+
+if print_without
+	puts "Bundle currently installed " \
+	     "'--without #{Bundler.settings.without.join(' ')}'."
+	puts "To clear the without option do `bundle install --without ''` " \
+	     "(the --without flag with an empty string) or " \
+	     "`rm -rf .bundle` to remove the .bundle/config manually and " \
+	     "then `bundle install`"
+end

armitage

@@ -1,19 +0,0 @@
-#!/usr/bin/env ruby
-#
-# $Id$
-#
-# Ruby front-end to the Armitage Java user interface
-#
-# $Revision$
-#
-
-msfbase = __FILE__
-while File.symlink?(msfbase)
-	msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
-end
-
-if RUBY_PLATFORM =~ /mswin|mingw/i
-	exec "javaw", "-jar", "#{File.dirname(msfbase)}/data/armitage/armitage.jar", *ARGV
-else
-	exec "java", "-jar", "#{File.dirname(msfbase)}/data/armitage/armitage.jar", *ARGV
-end

config/database.yml.example

@@ -0,0 +1,33 @@
+# Please only use postgresql bound to a TCP port.
+# Only postgresql is supportable for metasploit-framework
+# these days. (No SQLite, no MySQL).
+#
+# To set up a metasploit database, follow the directions hosted at:
+# https://fedoraproject.org/wiki/Metasploit_Postgres_Setup (Works on
+# essentially any Linux distro, not just Fedora)
+development: &pgsql
+  adapter: postgresql
+  database: metasploit_framework_development
+  username: metasploit_framework_development
+  password: __________________________________
+  host: localhost
+  port: 5432
+  pool: 5
+  timeout: 5
+
+# You will often want to seperate your databases between dev
+# mode and prod mode. Absent a production db, though, defaulting
+# to dev is pretty sensible for many developer-users.
+production: &production
+  <<: *pgsql
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+#
+# Note also, sqlite3 is totally unsupported by Metasploit now.
+test:
+  <<: *pgsql
+  database: metasploit_framework_test
+  username: metasploit_framework_test
+  password: ___________________________

config/database.yml.travis

@@ -0,0 +1,27 @@
+# @note This file is only for use in travis-ci.  If you need to make a
+# config/database.yml for running rake, rake spec, or rspec locally, please
+# customize `conifg/database.yml.example`
+#
+# @example Customizing config/database.yml.example
+#   cp config/database.yml.example config/database.yml
+#   # update password fields for each environment's user
+
+# Using the postgres user locally without a host and port is the supported
+# configuration from Travis-CI
+#
+# @see http://about.travis-ci.org/docs/user/database-setup/#PostgreSQL
+development: &pgsql
+  adapter: postgresql
+  database: metasploit_framework_development
+  username: postgres
+  pool: 5
+  timeout: 5
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+#
+# Note also, sqlite3 is totally unsupported by Metasploit now.
+test:
+  <<: *pgsql
+  database: metasploit_framework_test

data/armitage/armitage

@@ -1 +0,0 @@
-java -jar armitage.jar $*

data/armitage/readme.txt

@@ -1,90 +0,0 @@
-=============================================================================
-Armitage - Cyber Attack Management for Metasploit
-=============================================================================
-   
-                 *** http://www.fastandeasyhacking.com ***
-
-1. What is Armitage?
-   -----------------
-
-Armitage is a graphical cyber attack management tool for Metasploit that 
-visualizes your targets, recommends exploits, and exposes the advanced 
-capabilities of the framework.
-
-Advanced users will find Armitage valuable for managing remote Metasploit 
-instances and collaboration. Armitage's red team collaboration features allow 
-your team to use the same sessions, share data, and communicate through one 
-Metasploit instance.
-
-Armitage aims to make Metasploit usable for security practitioners who 
-understand hacking but don't use Metasploit every day. If you want to learn 
-Metasploit and grow into the advanced features, Armitage can help you.
-
-2. Documentation
-   -------------
-
-The documentation for Armitage is located on the Armitage website at:
-http://www.fastandeasyhacking.com. Read the FAQ and the Manual for 
-information on connecting Armitage to Metasploit and using it.
-
-3. Install and Update
-   ----------
-
-To get started, see the manual at http://www.fastandeasyhacking.com
-
-4. Source Code
-   -----------
-
-This projected is hosted on Google Code at:
-http://code.google.com/p/armitage/
-
-5. Disclaimer
-   ----------
-
-Use this code for your development and don't hack systems that you don't 
-have permission to hack. The existence of this software does not reflect the 
-opinions or beliefs of my current employers, past employers, future 
-employers, or any small animals I come into contact with. Enjoy this 
-software with my blessing. I hope it helps you learn and become a better 
-security professional.
-
-6. Contact
-   -------
-
-Report bugs in the issue tracker at:
-http://code.google.com/p/armitage/issues/list
-
-E-mail contact@fastandeasyhacking.com with other questions/concerns. Make
-sure you peruse the FAQ and Manual first. 
-
-7. License
-   -------
-
-(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
-See section 8 for more information.
-
-lib/jgraphx.jar is used here within the terms of the BSD license offered by
-JGraphX Ltd. http://www.jgraphx.com/
--
-lib/msgpack-0.5.1-devel.jar and lib/postgresql-9.1-901.jdbc4.jar are both 
-BSD licensed libraries.
--
-Some code in src/msf/* comes from msfgui by scriptjunkie. 
--
-This project uses the LGPL Sleep scripting language with no modifications. 
-Sleep's source is available at: http://sleep.dashnine.org/
-
-8. The BSD License
-   ---------------
-
-Redistribution and use in source and binary forms are permitted provided 
-that the above copyright notice and this paragraph are duplicated in all 
-such forms and that any documentation, advertising materials, and other 
-materials related to such distribution and use acknowledge that the 
-software was developed by the copyright holders.  The name of the copyright
-holders  may not be used to endorse or promote products derived from this 
-software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED ''AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 
-WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 
-MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

data/armitage/teamserver

@@ -1,72 +0,0 @@
-#!/bin/bash
-# start msfrpcd and the deconfliction server. Check for common mistakes
-# to save some time and head scratching...
-
-# check the arguments
-EXPECTED=2
-if [ $# -ne $EXPECTED ]; then
-	echo "[-] You must provide: <external IP address> <team password>"
-	echo "    <external IP address> must be reachable by Armitage"
-	echo "          clients on port 55553"
-	echo "    <team password> is a shared password your team uses to"
-	echo "          authenticate to the Armitage team server"
-	exit
-fi
-
-# check that we're r00t
-if [ $UID -ne 0 ]; then
-	echo "[-] Superuser privileges are required to run the team server"
-	exit 
-fi
-
-# check if java is available...
-if [ $(command -v java) ]; then
-	true
-else
-	echo "[-] java is not in \$PATH"
-	echo "    is Java installed?"
-	exit
-fi
-
-# check if keytool is available...
-if [ $(command -v keytool) ]; then
-	true
-else
-	echo "[-] keytool is not in \$PATH"
-	echo "    install the Java Developer Kit"
-	exit
-fi
-
-# check if msfrpcd is available
-if [ $(command -v msfrpcd) ]; then
-	true
-else
-	echo "[-] msfrpcd is not in \$PATH"
-	echo "    is Metasploit installed?"
-	exit
-fi
-
-# check if msfrpcd is running or not
-if [ "$(pidof msfrpcd)" ]; then
-	echo "[-] msfrpcd is already running. Kill it before running this script"
-	echo "    try: killall -9 msfrpcd"
-	exit
-fi
-
-# generate a certificate
-	# naturally you're welcome to replace this step with your own permanent certificate.
-	# just make sure you pass -Djavax.net.ssl.keyStore="/path/to/whatever" and
-	# -Djavax.net.ssl.keyStorePassword="password" to java. This is used for setting up
-	# an SSL server socket. Also, the SHA-1 digest of the first certificate in the store
-	# is printed so users may have a chance to verify they're not being owned.
-echo "[+] Generating X509 certificate and keystore (for SSL)"
-rm -f ./armitage.store
-keytool -keystore ./armitage.store -storepass 123456 -keypass 123456 -genkey -keyalg RSA -alias armitage -dname "CN=Armitage Hacker, OU=FastAndEasyHacking, O=Armitage, L=Somewhere, S=Cyberspace, C=Earth"
-
-# start everything up
-echo "[+] Starting RPC daemon"
-msfrpcd -U msf -P $2 -a 127.0.0.1 -p 55554 -S
-echo "[+] sleeping for 20s (to let msfrpcd initialize)"
-sleep 20
-echo "[+] Starting Armitage team server"
-java -Djavax.net.ssl.keyStore=./armitage.store -Djavax.net.ssl.keyStorePassword=123456 -server -XX:+UseParallelGC -jar armitage.jar --server $1 55554 msf $2 55553

data/exploits/cve-2013-1488/META-INF/services/java.lang.Object

@@ -0,0 +1 @@
+com.sun.script.javascript.RhinoScriptEngine

data/exploits/cve-2013-1488/META-INF/services/java.sql.Driver

@@ -0,0 +1,2 @@
+FakeDriver
+FakeDriver2

data/exploits/docx/[Content_Types].xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Override PartName="/word/document.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"/><Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/><Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/><Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/></Types>

data/exploits/docx/_rels/.rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>

data/exploits/docx/docProps/app.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template>normal.dot</Template><TotalTime>0</TotalTime><Pages>1</Pages><Words>0</Words><Characters>3</Characters><Application>Microsoft Office Outlook</Application><DocSecurity>0</DocSecurity><Lines>0</Lines><Paragraphs>0</Paragraphs><ScaleCrop>false</ScaleCrop><Company></Company><LinksUpToDate>false</LinksUpToDate><CharactersWithSpaces>0</CharactersWithSpaces><SharedDoc>false</SharedDoc><HyperlinksChanged>false</HyperlinksChanged><AppVersion>12.0000</AppVersion></Properties>

data/exploits/docx/word/_rels/document.xml.rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Target="webSettings.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Target="fontTable.xml"/></Relationships>

data/exploits/docx/word/document.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:document xmlns:ve="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml"><w:body><w:p w:rsidR="00E97639" w:rsidRDefault="00E97639"><w:r><w:t> </w:t></w:r></w:p><w:sectPr w:rsidR="00E97639" w:rsidSect="00B25E88"><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440" w:header="720" w:footer="720" w:gutter="0"/><w:cols w:space="720"/><w:docGrid w:linePitch="360"/></w:sectPr></w:body></w:document>

data/exploits/docx/word/fontTable.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:fonts xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"><w:font w:name="Times New Roman"><w:panose1 w:val="02020603050405020304"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="20002A87" w:usb1="80000000" w:usb2="00000008" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/></w:font><w:font w:name="Cambria"><w:panose1 w:val="02040503050406030204"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="A00002EF" w:usb1="4000004B" w:usb2="00000000" w:usb3="00000000" w:csb0="0000009F" w:csb1="00000000"/></w:font><w:font w:name="Calibri"><w:panose1 w:val="020F0502020204030204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="A00002EF" w:usb1="4000207B" w:usb2="00000000" w:usb3="00000000" w:csb0="0000009F" w:csb1="00000000"/></w:font></w:fonts>

data/exploits/docx/word/settings.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:settings xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main"><w:zoom w:percent="100"/><w:embedSystemFonts/><w:attachedTemplate r:id="rId1"/><w:defaultTabStop w:val="720"/><w:characterSpacingControl w:val="doNotCompress"/><w:doNotValidateAgainstSchema/><w:doNotDemarcateInvalidXml/><w:compat><w:useNormalStyleForList/><w:doNotUseIndentAsNumberingTabStop/><w:useAltKinsokuLineBreakRules/><w:allowSpaceOfSameStyleInTable/><w:doNotSuppressIndentation/><w:doNotAutofitConstrainedTables/><w:autofitToFirstFixedWidthCell/><w:underlineTabInNumList/><w:displayHangulFixedWidth/><w:splitPgBreakAndParaMark/><w:doNotVertAlignCellWithSp/><w:doNotBreakConstrainedForcedTable/><w:doNotVertAlignInTxbx/><w:useAnsiKerningPairs/><w:cachedColBalance/></w:compat><w:rsids><w:rsidRoot w:val="00B25E88"/><w:rsid w:val="00890656"/><w:rsid w:val="00B25E88"/><w:rsid w:val="00E97639"/></w:rsids><m:mathPr><m:mathFont m:val="Cambria Math"/><m:brkBin m:val="before"/><m:brkBinSub m:val="--"/><m:smallFrac m:val="off"/><m:dispDef/><m:lMargin m:val="0"/><m:rMargin m:val="0"/><m:defJc m:val="centerGroup"/><m:wrapIndent m:val="1440"/><m:intLim m:val="subSup"/><m:naryLim m:val="undOvr"/></m:mathPr><w:uiCompat97To2003/><w:themeFontLang w:val="en-US"/><w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/><w:doNotIncludeSubdocsInStats/><w:doNotAutoCompressPictures/><w:decimalSymbol w:val="."/><w:listSeparator w:val=","/></w:settings>

data/exploits/docx/word/webSettings.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:webSettings xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"><w:optimizeForBrowser/></w:webSettings>

data/exploits/s4u_persistence.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-16"?>
+<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
+  <RegistrationInfo>
+    <Date>DATEHERE</Date>
+    <Author>USERHERE</Author>
+  </RegistrationInfo>
+  <Triggers>
+    <TimeTrigger>
+      <Repetition>
+        <Interval>PT60M</Interval>
+        <StopAtDurationEnd>false</StopAtDurationEnd>
+      </Repetition>
+      <StartBoundary>DATEHERE</StartBoundary>
+      <Enabled>true</Enabled>
+    </TimeTrigger>
+  </Triggers>
+  <Principals>
+    <Principal id="Author">
+      <UserId>DOMAINHERE</UserId>
+      <LogonType>S4U</LogonType>
+      <RunLevel>LeastPrivilege</RunLevel>
+    </Principal>
+  </Principals>
+  <Settings>
+    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
+    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
+    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
+    <AllowHardTerminate>true</AllowHardTerminate>
+    <StartWhenAvailable>false</StartWhenAvailable>
+    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
+    <IdleSettings>
+      <Duration>PT10M</Duration>
+      <WaitTimeout>PT1H</WaitTimeout>
+      <StopOnIdleEnd>true</StopOnIdleEnd>
+      <RestartOnIdle>false</RestartOnIdle>
+    </IdleSettings>
+    <AllowStartOnDemand>true</AllowStartOnDemand>
+    <Enabled>true</Enabled>
+    <Hidden>true</Hidden>
+    <RunOnlyIfIdle>false</RunOnlyIfIdle>
+    <WakeToRun>false</WakeToRun>
+    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
+    <Priority>7</Priority>
+  </Settings>
+  <Actions Context="Author">
+    <Exec>
+      <Command>COMMANDHERE</Command>
+    </Exec>
+  </Actions>
+</Task>