infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleaning up all the wordy stuff 

git-svn-id: file:///home/svn/framework3/trunk@5685 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2008-09-26 04:25:44 +00:00
parent f4a4b0bfbb
commit e6254d42ce
8 changed files with 91 additions and 497 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
README
View File

@ -1,35 +1,57 @@
This software is provided under the Metasploit Framework License v1.2
Please see documentation/LICENSE for the complete terms.
Copyright (c) 2008, Metasploit LLC
All rights reserved.
The Rex library (lib/rex.rb and all files under lib/rex/) is provided
under the BSD license (lib/rex/LICENSE).
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
The Ole::Storage library (All files within lib/ole/) is provided under
the GPLv2 license (lib/msf/LICENSE).
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
The latest version of this software is available from:
http://framework.metasploit.com/
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of Metasploit LLC nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
The Metasploit Framework is provided under the BSD license above.
The copyright on this package is held by Metasploit LLC.
This copyright does not apply to the following components:
- The vncdll.dll binary or its associated source code (modified RealVNC)
- The icons used by msfweb that were not created by the Metasploit Project
- The Ole::Storage library located under lib/ole/
- The Scruby library located under lib/scruby
- The PcapRub library located under external/pcaprub
- The Ruby-Lorcon library located under external/lorcon
- The Byakugan plugin located under external/byakugan
The latest version of this software is available from http://metasploit.com/
Bug tracking and development information can be found at:
http://metasploit.com/dev/trac
Licensing information can be found in ./documentation/COPYING
This release has only been tested on the following platforms:
- Linux x86 with Ruby 1.8.2-1.8.6
- Mac OS X 10.4 with Ruby 1.8.2 (native) and 1.8.6 (darwin ports)
- Windows XP with Ruby 1.8.5
Mac OS X users will not have access to the tab completion features of the
msfconsole interface unless they instal the GNU Readline package and
rebuild Ruby from source.
Questions and suggestions can be sent to:
msfdev[at]metasploit.com
The framework mailing list is the place to discuss features and
ask for help. To subscribe, send a blank email to:
framework-subscribe[at]metasploit.com
The framework mailing list is the place to discuss features and ask for help.
To subscribe, visit the following web page:
http://spool.metasploit.com/mailman/listinfo/framework
The archives are available from:
http://spool.metasploit.com/pipermail/framework/

39
documentation/COPYING
View File

@ -1,39 +0,0 @@
This release of the Metasploit Framework source code is provided under
the terms of the Metasploit Framework License, version 1.2. This license
can be found in the file 'LICENSE', located in the same directory as this
document. The Metasploit Framework License is closer to a commercial software
EULA than a standard open-source license. The basic intent is:
1) Allow the Framework to remain open-source, free to use, and free to
distribute.
2) Allow module and plugin developers to choose their own licensing terms.
3) Prevent the Framework from being sold in any form or bundled with a
commercial product (software, appliance, or otherwise).
4) Ensure that any patches made to the Framework by a third-party are made
available to all users.
5) Provide legal support and indemnification for Framework contributors.
Please see the actual license for details.
The copyright on this package is held by Metasploit LLC.
This copyright does not apply to the following components:
- The vncdll.dll binary or its associated source code (modified RealVNC)
- The icons used by msfweb that were not created by the Metasploit Project
- The Ole::Storage library located under lib/ole/
This copyright notice does not include extensions developed by third-party
contributors or their derivatives. Please see the licensing information
defined in each individual module for more information.
The Metasploit Rex library (lib/rex.rb and the files under lib/rex/) are
provided under the 3-clause BSD license. Please see lib/rex/LICENSE for
more information.
To contact the Metasploit Project about any license related issues,
please send an email to msfdev[at]metasploit.com.

84
documentation/ChangeLog
View File

@ -1,84 +0,0 @@
3.0 -
* Initial stable release
3.0-dev-12-10-2006 -
License:
* Provided under the Metasploit Framework License v1.2
beta release 1 -
Core:
* Officially using Cygwin for Windows support
* Additional stager used for large Windows stages
* Bug fixes to the bind_tcp handler code
* Compatibility fixes for Mac OS X
License:
* Provided under the Metasploit Framework License v1.1
alpha release 4 -
Core:
* Renamed 'aux' to 'auxiliary' for Windows compatibility
* Integrated database support through generic DB backend
* Experimental support for SQLite(2|3) and PostgreSQL
License:
* Core copyright transfered to Metasploit LLC
alpha release 3 -
Core:
* Drop 'recon' modules in favor of 'aux'
License:
* Provided under the Metasploit Framework License v1.0
alpha release 2 - Jan 15, 2006
Rex:
* generalized block-based dependency generation for polymorphism
* addition of gzip/ungzip to Rex::Text
* improvements to HTTP, DCERPC, SMB
* fixed http header parsing issue that lead to exception
Core:
* added support for EncoderOptions and EncoderType preferencing in exploits
* fixed issue with clear_non_user_defined in data store
Exploit Modules:
* 24 more exploit modules ported
Encoder Modules:
* x86/shikata_ga_nai ported
* x86/jmp_call_additive is now polymorphic
* unix command execution encoders added
* sparc/longxor_tag.rb ported
Payload Modules:
* passivex http tunneling stager ported
* unix command execution payloads ported
Nop Modules:
* ppc/simple.rb ported
* sparc/random.rb ported
Bug fixes:
* fixed some issues related to payload compatibility filtering
* console standard input prompt display was broken
* msfweb did not properly create ~/.msf3 directory
* framework incorrectly saved options not specified by the user
* ruby scripts defaulted to #!/usr/bin/ruby rather than #!/usr/bin/env ruby
* fix for incorrect 'next' in module.rb:load_module_from_file
alpha release 1 - Dec 15, 2005
* Initial development release

254
documentation/LICENSE
View File

@ -1,254 +0,0 @@
The Metasploit Framework License v1.2
Copyright (C) 2006 METASPLOIT.COM
This License governs your use of the Software and any accompanying
materials distributed with this License. You must accept the terms of
this License before using the Software. If you are an individual working
for a company, you represent and warrant that you have all necessary
authority to bind your company to the terms and conditions of this License.
If you do not agree to the terms of this License, you are not granted any
rights whatsoever in the Software or Documentation. If you are not
willing to be bound by these terms and conditions, do not download the
Software.
Definitions
a. "License" means this particular version of this document (or, where
specifically indicated, a successor iteration of this License officially
issued by the Developer).
b. "Software" means any software that is distributed under the terms of
this License, in both object code and source code.
c. "Enhancement" means any bug fix, error correction, patch, or other
addition to the Software that are independent of the Software and do not
require modification of the Software of the Software itself.
d. "Extension" means any external software program or library that
interfaces with the Software and does not [reproduce or require
modification of the Software itself]. "Extension" includes any module or
plug-in that is intended (by design and coding) to, or can, be
dynamically loaded by the Software.
e. "Developer" means the then-current copyright holder(s) of the Software,
including, but not limited to, the Metasploit personnel and any
third-party contributors (or their successor(s) or transferee(s)).
f. "Documentation" means any and all end user, technical/programmer,
network administrator, or other manuals, tutorials, or code samples
provided or offered by Developer with the Software, excluding those items
created by someone other than the Developer.
g. "Use" means to download, install, access, copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly, with or
without notice or knowledge of the Software's incorporation or
utilization in any larger application or product).
h. "You" means the individual or organization that is using the Software
under the License.
i. "Interface" means to execute, parse, or otherwise benefit from the use
of the Software.
License Grant and Restrictions
1. Provided that You agree to, and do, comply with all terms and
conditions in this License, You are granted the non-exclusive rights
specified in this License. Your Use of any of the Software in any form
and to any extent signifies acceptance of this License. If You do not
agree to all of these terms and conditions, then do not use the Software
and immediately remove all copies of the Software, the Documentation, and
any other items provided under the License.
2. Subject to the terms and conditions of this License, Developer hereby
grants You a worldwide, royalty-free, non-exclusive license to reproduce,
publicly display, and publicly perform the Software.
3. The license granted in Section 2 is expressly made subject to and
limited by the following restrictions:
a. You may only distribute, publicly display, and publicly perform
unmodified Software. Without limiting the foregoing, You agree to
maintain (and not supplement, remove, or modify) the same copyright,
trademark notices and disclaimers in the exact wording as released by
Developer.
b. You may only distribute the Software free from any charge beyond the
reasonable costs of data transfer or storage media. You may -not- (i)
sell, lease, rent, or otherwise charge for the Software, (ii) include any
component or subset of the Software in any commercial application or
product, or (iii) sell, lease, rent, or otherwise charge for any
appliance (i.e., hardware, peripheral, personal digital device, or other
electronic product) that includes any component or subset of the
Software.
4. You may develop Enhancements to the Software and distribute Your
Enhancements, provided that You agree to each of the following
restrictions on this distribution:
a. Enhancements may not modify, supplement, or obscure the user interface
or output of the Software such that the title of the Software, the
copyrights and trademark notices in the Software, or the licensing terms
of the Software are removed, hidden, or made less likely to be discovered
or read.
b. If you release any Enhancement to the Software, You agree to
distribute the Enhancement under the terms of this License (or any other
later-issued license(s) of Developer for the Software). Upon such
release, You hereby grant and agree to grant a non-exclusive royalty-free
right, to both (i) Developer and (ii) any of Developer's later licensees,
owners, contributors, agents or business partners, to distribute Your
Enhancement(s) with future versions of the Software provided that such
versions remain available under the terms of this License (or any other
later-adopted license(s) of Developer).
5. You may develop Extensions to the Software and distribute these
Extensions under any license You see fit, for commercial sale or license
or for non-commercial use, so long as -each- of the following conditions
are met:
a. The Extension, when installed with the Software, must -not- modify any
of the behavior (e.g., change the display, modify the available commands,
etc.) of the Software until the user explicitly requests (e.g., by
invoking or exercising a command or feature are a screen display or other
express notification of the new code's existence and function) that the
Extension should be activated.
b. The Extension may programmatically execute (e.g., call a method) code
provided by this Software, but may not include or create copies of the
Software (modified or otherwise) in the Extension itself.
c. The Extension may not modify, supplement, or obscure the user interface
or output of the Software such that the title of the Software, the
copyrights and trademark notices in the Software, or the licensing terms
of the Software are removed, hidden, or made less likely to be discovered
or read.
6. If you develop external software components that interface with the
Software, you may only distribute these components if (a) the external
software component clearly indicates to the user, via the user interface
and/or program output, both (i) the role of the Software in the component
and (ii) where the user may obtain a copy of the Software and (b) the
external software components do not modify, supplement, or obscure the
user interface or output of the Software such that the title of the
Software, the copyrights and trademark notices in the Software, or the
licensing terms of the Software are removed, hidden, or made less likely
to be discovered or read.
Online Updates
The Software includes the ability to download updates (i.e., additional
code) from Developer's server(s). These updates may contain bug fixes,
new functionality, updated Documentation, and/or Extensions. When
retrieving these updates, the Software may transmit the Software version
and operating system information from Your computer to the update server.
The server may record (store) this information, in conjunction with the
IP (global Internet Protocol) address of the user, in order to attempt to
maintain accurate end user and version statistics. By using the online
update feature, You hereby agree to allow this information to be
transmitted, recorded, and stored in any nation by or for Developer.
Proper Use
As an express condition of this License, You agree that You will use the
Software -solely- in compliance with all then-applicable local, state,
national, and international laws, rules and regulations as may be amended
or supplemented from time to time, including any then-current laws and/or
regulations regarding the transmission and/or encryption of technical
data exported from or imported into Your country of residence. Violation
of any of the foregoing will result in immediate, automatic termination
of this License without notice, and may subject You to state, national
and/or international penalties and other legal consequences.
Intellectual Property Ownership
The Software is licensed, not sold. Developer retains exclusive ownership
of all worldwide copyrights, trade secrets, patents, and all other
intellectual property rights throughout the world and all applications
and registrations therefor, in and to the Software and any full or
partial copies thereof, including any additions thereto. You acknowledge
that, except for the limited license rights expressly provided in this
Agreement, no right, title, or interest to the intellectual property in
the Software or Documentation is provided to You, and that You do not
obtain any rights, express or implied, in the Software. All rights in and
to the Software not expressly granted to You in this Agreement are
expressly reserved by Developer. Product names, words or phrases
mentioned in this License or the Software may be trademark(s) or
servicemark(s) of Developer registered in certain nations and/or of third
parties. You may not alter or supplement the copyright or trademark
notices as contained in the Software.
License Termination
This License is effective until terminated. This License will terminate
immediately without notice from Developer if You breach or fail to comply
with any provision of this License. Upon such termination You must
destroy the Software, all accompanying written materials, and all copies
thereof.
Limitations of Liability
In no event will Developer, any owner, contributor, agent, business party,
or other third party affiliated with Developer, be liable to You or any
third party under any legal theory (including contract, tort, or
otherwise) for any consequential, incidental, indirect or special damages
whatsoever (including, without limitation, loss of expected savings, loss
of confidential information, presence of viruses, damages for loss of
profits, business interruption, loss of business information and the like
or otherwise) or any related expense whether foreseeable or not, arising
out of the use of or inability to use or any failure of the Software or
accompanying materials, regardless of the basis of the claim and even if
Developer or Developer's owner, contributor, agent, or business partner
has been advised of the possibility of such damage. By using the
Software, You hereby acknowledge that Developer would not offer the
Software without the inclusion and enforceability of this provision, and
that You (and not the Developer) are solely responsible for Your network,
data, and application security testing, planning, audits, updates, and
training, which require regular analysis, supplementing, and expertise.
No Warranty
The Software and this License document are provided AS IS with NO WARRANTY
OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING,
WITHOUT LIMITATION, THE WARRANTY OF DESIGN, MERCHANTABILITY, TITLE,
NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.
Indemnification
You agree to indemnify, hold harmless, and defend Developer and
Developer's owners, contributors, agents, and business partners from and
against any and all claims or actions including reasonable legal expenses
that arise or result from Your use of or inability to use the Software.
Developer agrees to notify You and reasonably cooperate with Your defense
of any third party claim triggering such indemnification.
Miscellaneous
If any part of this License is found void and unenforceable, it will not
affect the validity of the balance of this License, which shall remain
valid and enforceable to the maximum extent according to its terms.
Choice of Law; Venue
This License will be construed, interpreted and governed by the laws of
Texas, USA, without regard to its conflict of law rules. Any litigation
related to this License must be filed and heard in the courts for Travis
County, Texas.

96
documentation/RELEASE-3.1.txt
View File

@ -1,96 +0,0 @@
888 888 d8b888
888 888 Y8P888
888 888 888
88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888
888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888
888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888
888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b.
888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888
888
888
888
Contact: H D Moore FOR IMMEDIATE RELEASE
Email: hdm[at]metasploit.com
METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
New Version of Attack Framework Ready to Pwn
Austin, Texas, January 28th, 2008 -- The Metasploit Project
announced today the free, world-wide availability of version 3.1 of
their exploit development and attack framework. The latest version
features a graphical user interface, full support for the Windows
platform, and over 450 modules, including 265 remote exploits.
"Metasploit 3.1 consolidates a year of research and development,
integrating ideas and code from some of the sharpest and most innovative
folks in the security research community" said H D Moore, project
manager. Moore is referring the numerous research projects that have
lent code to the framework.
These projects include the METASM pure-ruby assembler developed by
Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort
outlined in the Metasploit Blog, the Windows kernel-land payload
staging system developed by Matt Miller, the heapLib browser
exploitation library written by Alexander Sotirov, the Lorcon 802.11
raw transmit library created by Joshua Wright and Mike Kershaw, Scruby,
the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain
Sarmejeanne, and a contextual encoding system for Metasploit payloads.
"Contextual encoding breaks most forms of shellcode analysis by
encoding a payload with a target-specific key" said I)ruid, author of
the Uninformed Journal (volume 9) article and developer of the
contextual encoding system included with Metasploit 3.1.
The graphical user interface is a major step forward for Metasploit
users on the Windows platform. Development of this interface was driven
by Fabrice Mourron and provides a wizard-based exploitation system, a
graphical file and process browser for the Meterpreter payloads, and a
multi-tab console interface. "The Metasploit GUI puts Windows users on
the same footing as those running Unix by giving them access to a
console interface to the framework" said H D Moore, who worked with
Fabrice on the GUI project.
The latest incarnation of the framework includes a bristling
arsenal of exploit modules that are sure to put a smile on the face of
every information warrior. Notable exploits in the 3.1 release include
a remote, unpatched kernel-land exploit for Novell Netware, written by
toto, a series of 802.11 fuzzing modules that can spray the local
airspace with malformed frames, taking out a wide swath of
wireless-enabled devices, and a battery of exploits targeted at
Borland's InterBase product line. "I found so many holes that I just
gave up releasing all of them", said Ramon de Carvalho, founder of RISE
Security, and Metasploit contributor.
"Metasploit continues to be an indispensable and reliable penetration
testing framework for our modern era", says C. Wilson, a security
engineer who uses Metasploit in his daily work. Metasploit is used by
network security professionals to perform penetration tests, system
administrators to verify patch installations, product vendors to
perform regression testing, and security researchers world-wide. The
framework is written in the Ruby programming language and includes
components written in C and assembler.
Metasploit runs on all modern operating systems, including Linux,
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
on a wide range of hardware platforms, from massive Unix mainframes to
the tiny Nokia n800 handheld. Users can access Metasploit using the
tab-completing console interface, the Gtk GUI, the command line scripting
interface, or the AJAX-enabled web interface. The Windows version of
Metasploit includes all software dependencies and a selection of useful
networking tools.
The latest version of the Metasploit Framework, as well as screen
shots, video demonstrations, documentation and installation
instructions for many platforms, can be found online at
http://metasploit3.com/
# # #
If you'd like more information about this topic, or to schedule an
interview with the developers, please email msfdev[at]metasploit.com

45
documentation/RELEASE-3.2.txt Normal file
View File

@ -0,0 +1,45 @@
888 888 d8b888
888 888 Y8P888
888 888 888
88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888
888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888
888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888
888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b.
888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888
888
888
888
Contact: H D Moore FOR IMMEDIATE RELEASE
Email: hdm[at]metasploit.com
=========================================================
------------------------------------------
[ Announce Text ]
Metasploit runs on all modern operating systems, including Linux,
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
on a wide range of hardware platforms, from massive Unix mainframes to
the tiny Nokia n800 handheld. Users can access Metasploit using the
tab-completing console interface, the Gtk GUI, the command line scripting
interface, or the AJAX-enabled web interface. The Windows version of
Metasploit includes all software dependencies and a selection of useful
networking tools.
The latest version of the Metasploit Framework, as well as screen
shots, video demonstrations, documentation and installation
instructions for many platforms, can be found online at
http://metasploit3.com/
# # #
If you'd like more information about this topic, or to schedule an
interview with the developers, please email msfdev[at]metasploit.com

2
lib/msf/core/constants.rb
View File

@ -53,7 +53,7 @@ end
#
# Licenses
MSF_LICENSE = "Metasploit Framework License"
MSF_LICENSE = "Metasploit Framework License (BSD)"
GPL_LICENSE = "GNU Public License v2.0"
BSD_LICENSE = "BSD License"
ARTISTIC_LICENSE = "Perl Artistic License"

2
lib/msf/core/framework.rb
View File

@ -15,7 +15,7 @@ class Framework
#
Major = 3
Minor = 2
Release = "-release"
Release = "-testing"
Version = "#{Major}.#{Minor}#{Release}"
Revision = "$Revision$"