Commit Graph

431 Commits (00da6195562590f57403499b8fb9f5aca15fbf06)

Author SHA1 Message Date
Josh 073c668cd8 Merge pull request #12 from todb-r7/commit-hooks-should-only-check-modules
Land 12 from todb, only pre-commit-hook on actual modules
2014-08-26 16:47:23 -05:00
Tod Beardsley dbdb4afb8c
Add a top anchor to the file match regex. 2014-08-26 16:19:29 -05:00
Joshua Smith 622e8a7714 adds better exploit module detection to msftidy 2014-08-26 15:30:08 -05:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Tod Beardsley 47cb906408
Remove rubocop and msftidy touchpoints
Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.

While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).
2014-08-12 10:37:58 -05:00
Tod Beardsley ffafd4c01f
Add NTP fuzzer from @jhart-r7
Looks good to me!
2014-07-21 12:38:12 -05:00
Jon Hart 17b0560dff Add rubygems check to msftidy. remove rubygems. 2014-07-17 09:29:13 -07:00
William Vu a07656fec6
Land #3536, msftidy INFO messages aren't blockers 2014-07-16 17:57:48 -05:00
Tod Beardsley 58558e8dfa
Allow INFO msftidy messages
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Tod Beardsley 68980157c8
Just skip if info is suppressed. 2014-07-16 11:20:40 -05:00
Tod Beardsley 81a98081d9
Rubocop checks are optional and info only
I like the change but it means that basically everything will fail
forever until we tweak up the config.
2014-07-16 10:26:35 -05:00
Jon Hart ab73c16d0d Add Rubocop to msftidy. You now have 15 seconds to comply. You are in direct violation of Penal Code 1.13, Section 9. 2014-07-15 17:11:04 -07:00
William Vu 4904426164
Fix @source and prefer && 2014-07-14 14:36:08 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
HD Moore a279db7710 Check for sock.get / udp_sock.get issues 2014-06-30 00:40:06 -05:00
William Vu 56c71c7b85
Land #3457, newline check for msftidy 2014-06-17 14:20:53 -05:00
Christian Mehlmauer 3c00388f87
Add check for newline at end of file 2014-06-17 15:44:43 +02:00
William Vu 7f2b173130
Fix misspelled constant in msftidy 2014-06-12 13:47:44 -05:00
William Vu 3a9f7fb7f9
Land #3405, improved Nokogiri check for msftidy 2014-05-29 16:21:26 -05:00
William Vu 17fb48eaa3
Refactor check_nokogiri in msftidy 2014-05-29 13:20:23 -05:00
Tod Beardsley 2ce6f325f5
Be more specific with Nokogiri check
There are still strong reservations about using Nokogiri to parse
untrusted XML data.

http://www.wireharbor.com/hidden-security-risks-of-xml-parsing-xxe-attack/

It is also believed that many desktop operating systems are still
shipping out-of-date and vulnerable libxml2 libraries, which become
exposed via Nokogiri. For example:

http://stackoverflow.com/questions/18627075/nokogiri-1-6-0-still-pulls-in-wrong-version-of-libxml-on-os-x

While this isn't a problem for binary builds of Metasploit (Metasploit
Community, Express, or Pro) it can be a problem for development
versions or Kali's / Backtrack's version.

So, the compromise here is to allow for modules that don't directly
expose XML parsing. I can't say for sure that the various libxml2
vulnerabilities (current and future) aren't also exposed via
`Nokogiri::HTML` but I also can't come up with a reasonable demo.

Metasploit committers should still look at any module that relies on
Nokogiri very carefully, and suggest alternatives if there are any. But,
it's sometimes going to be required for complex HTML parsing.

tl;dr: Use REXML for XML parsing, and Nokogiri for HTML parsing if you
absolutely must.
2014-05-29 11:52:17 -05:00
Tod Beardsley d9fbf861d2
Add an environment option to suppress info msgs
It's often you want counts of just WARN and ERROR messages, and don't
want to spam yourself with INFO messages that you don't intend to
address anyway. This is most often the case with CI, such as with

https://travis-ci.org/todb-r7/metasploit-framework
2014-05-21 16:20:57 -05:00
Tod Beardsley 765419627b
Demote datastore edits to info status
SeeRM #8498
2014-05-21 16:18:36 -05:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
Christian Mehlmauer 3f4e9ab18d
msftidy: only check send_request_cgi for vars_get 2014-04-22 19:24:06 +02:00
Christian Mehlmauer b864c4619d
msftidy - added info messages
this commit adds info messages to msftidy to show some info,
but stil exit with status 0 if there are not errors.
2014-04-21 18:04:14 +02:00
Christian Mehlmauer fc803ae277
Changed msftidy check
send_request_raw does not support vars_get so change
the message to switch to send_request_cgi.
See #3272 for more info
2014-04-20 22:41:32 +02:00
William Vu aeedad262d
Remove unnecessary charclass escapes 2014-04-15 14:14:51 -05:00
William Vu 261572158b
Add paren to list of exclusion chars 2014-04-15 11:20:11 -05:00
William Vu 14c7eb19e6
Make the hash brace optional 2014-04-15 10:06:43 -05:00
William Vu f3f31005d8
Revert inadvertent fix for vars_get in msftidy 2014-04-14 14:51:52 -05:00
sinn3r e54a348bd4
Land #3237 - Reconcile test_old_rubies with the other checks 2014-04-11 10:49:23 -05:00
William Vu 8919e21379
Reconcile test_old_rubies with the other checks
It is now check_old_rubies.
2014-04-10 21:44:00 -05:00
William Vu df29578036
Correct check_vars_get to check_request_vars
Since check_vars_get also checked for POSTs.
2014-04-10 21:37:59 -05:00
William Vu 79f82be35d
Land #3188, deluxe msftidy post-merge hook 2014-04-07 14:38:19 -05:00
sinn3r 023bde5b43 Correct msftidy disclosure date check
This correct msftidy's disclosure date check to do the following:

1. If the module has a disclosure date, the check should kick in.
2. If the module is an exploit, and doesn't have a disclosure
   date, then it will be flagged.
3. If the module is an auxiliary, and doesn't have a disclosure
   date, then it will NOT be flgged (because not all aux modules
   target bugs/vulns like exploits do).
2014-04-07 14:21:04 -05:00
William Vu 31b3a6973e
Fix symlink commands 2014-04-07 12:40:11 -05:00
William Vu 48ef061c3c
Land #3046, AIX ibtstat privesc exploit 2014-04-03 17:07:00 -05:00
William Vu 5ac6c4b565
Align msftidy whitelist to 80 columns 2014-04-03 16:54:47 -05:00
Tod Beardsley e1d819b8b9
Update the comment docs on pre-commit-hook.rb
[SeeRM #8779]
2014-04-03 15:26:25 -05:00
Tod Beardsley 70c0a19bbe
Be explicit about which mode we're in.
[SeeRM #8779]
2014-04-03 15:20:50 -05:00
Tod Beardsley 14b47aa67e
Remove the broken SPOTCHECK_RECENT stuff 2014-04-02 11:12:00 -05:00
Tod Beardsley eb2e4cbdef
Add post-merge capability to pre-commit-hook.rb
This will make it possible to run a post-merge check when
pre-commit-hook.rb is referenced as a symlink from .git/hooks/post-merge

The kind of check you're going to do is entirely dependant on the
basename of the file, which is a little weird but convenient.

Verification is a little tricky on this. Coming soon.
2014-04-02 10:19:43 -05:00
Sagi Shahar becefde52f Fix bugs and syntax 2014-04-01 00:54:51 +02:00
Christian Mehlmauer 91034722e9
Added check for 'Rank' on Auxiliary modules 2014-03-28 22:43:53 +01:00
FireFart c023cb2275 make set-cookie header check case insensitive 2014-03-01 13:35:58 +01:00
FireFart 551327bec6 Added a check for Set-Cookie header in msftidy 2014-03-01 13:30:24 +01:00
William Vu 506c354722
Land #3103, vars_get check for msftidy 2014-03-15 19:57:19 -05:00
William Vu 6aa75a328f Ax the arbitrary long line warning
It's not 80 or 132. ;)
2014-03-14 10:28:58 -05:00
William Vu f50d6c8709 Remove a couple more instances of "shit" 2014-03-04 15:00:48 -06:00
FireFart c62f4079f8 Added a check for vars_get in msftidy 2014-03-01 12:02:41 +01:00
Rob Fuller b19a652d78 add -i option as a requirement 2014-02-18 14:08:57 -05:00
sinn3r b5dcc0eb1d Make several changes.
Some important changes:

* Uses optparse to parse argumnets
* Prevent file handle leaks
2014-02-18 12:43:11 -06:00
Rob Fuller 6746793848 make write cleaner 2014-02-17 17:09:50 -05:00
Rob Fuller 11945786c9 standalone iplist creator 2014-02-17 11:22:15 -05:00
sinn3r 38bc587228
Land #2937 - Expand path in metasm_shell 2014-02-02 23:42:50 -06:00
Joe Vennix e50077844c Expand path in metasm_shell#file. 2014-02-02 17:26:48 -06:00
Tod Beardsley 6f93e3fb37
Modules shouldn't use Nokogiri
Nokogiri has a habit of shipping vulnerable builds of libxml2. For
example, see this:

http://www.ubuntu.com/usn/usn-1904-1/

and compare to Nokogiri's bundled requirements:

https://github.com/sparklemotion/nokogiri/blob/master/dependencies.yml

While Nokogiri is quite pleasant to use, it really shouldn't be trusted
to handle potentially malicious data. Imagine if a "vulnerable" target
was actually a malicious honeypot, lying in wait for a poor Metasploit
user to come along and parse out its payload. (OT: does such a thing
have a clever name? If not, I propose "beehive" to imply the offensive
capabilities of such a honeypot.)

Nokogiri is used elsewhere in Metasploit, but those functions handle
data sourced from the Metasploit user herself, so those XML hunks are
nominally trustworthy.
2014-02-02 11:51:21 -06:00
Tod Beardsley 03d65cd2bd
Address @wvu-r7's comments and better filtering 2014-01-31 16:44:42 -06:00
Tod Beardsley 87412be33d
Squash commit Travis-able msftidy checks
This change updates msftidy to be run automatically for new modules
added since the last tag release because we can't rely on folks using
tools/dev/pre-commit-hook before submitting a PR. Now, when one attempts
to open a PR with a non-tidy'ed module, the build will fail out of the
gate.

Related to the 100s of msftidy errors extant today.

[SeeRM #8498]

commit c894e52de5705a1133191be5e9caf3ebdee33621
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Fri Jan 31 14:17:02 2014 -0600

    Add a jacked up title to test travis. Revert this!

commit 2f00c190be71aeb456a7a546071286fd6d670bc1
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Fri Jan 31 11:39:42 2014 -0600

    Allow for checking and spotchecking.

commit db11e8dfad5381030b08c431a183dbafe7a5f304
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 17:16:37 2014 -0600

    Whoops, need to exit an Integer always.

commit 12d131d3157a78ff11e597476138323ed0a062fc
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 16:59:35 2014 -0600

    Allow for exit statuses from msftidy.

commit 2c3b294ff17416f49935472caf2b6be3dbdd93a4
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 15:36:43 2014 -0600

    Be more dynamic about tag checking years

commit d5d8a0b05ac17fb18666a9c252dbb6928d6b5e56
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:36:44 2014 -0600

    Don't warn when there's really nothing

commit fb44a3142fb01eb2647c1c240bb1cc2e7bf59120
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:21:50 2014 -0600

    Revert the intentional failure

    This reverts commit 99a7630b0da301b27ac495cb027009a8cd9e2caf.

    Fun fact: Reverting a commit does not automatically sign with my current
    aliases, one must git revert then git c --amend.

commit 99a7630b0da301b27ac495cb027009a8cd9e2caf
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:08:05 2014 -0600

    Cause an exit status in precommit check

    Maybe travis will see these and fail the build.

    Don't forget to revert this commit @todb-r7 !

commit 5a3b2fcd9598fae51a0dd2c7c87680c703a85448
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 13:11:04 2014 -0600

    Update msftidy pre-commit-hook for spotchecking

commit 3f255e36dad9ed3081aaf359f845525d96872ef0
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 12:35:16 2014 -0600

    Travis should run msftidy via precommit hook

commit 0959d9d2d281590a94c0ac960e43b74354e4e21b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 12:25:53 2014 -0600

    Add SPOTCHECK_RECENT to msftidy.rb
2014-01-31 14:19:04 -06:00
William Vu 7200a4f0e0 Fix in_super-reliant msftidy checks
The conversion from hard tabs to two-space soft tabs broke a few checks.
2014-01-30 14:39:28 -06:00
jvazquez-r7 9db295769d
Land #2905, @wchen-r7's update of exploit checks 2014-01-24 16:49:33 -06:00
Tod Beardsley 2ea3b46988
Remove to_s inside #{} 2014-01-23 14:21:48 -06:00
sinn3r 31c0f45b27 Add routine to check bad check codes 2014-01-22 15:26:16 -06:00
William Vu 3a943c719e Implement a whitelist for suspect capitalization 2014-01-21 09:26:16 -06:00
Tod Beardsley 62c7839b4c
Land #2850, fix msftidy to respect \x22 and \x27 2014-01-16 16:26:34 -06:00
joev 1197426b40
Land PR #2881, @jvazquez-r7's mips stagers. 2014-01-15 12:46:41 -06:00
jvazquez-r7 a8806887e9 Add support for MIPS reverse shell staged payloads 2014-01-14 12:25:11 -06:00
Ethan Robish 28655d4788 Fixed bug that caused runtime error in module_rank.rb 2014-01-13 19:03:23 -06:00
sinn3r dcf90b7cc7 Change options. And change "checksum" to "hash" 2014-01-13 09:57:28 -06:00
sinn3r 231c757804 Strictly just -q for the quick option 2014-01-13 09:12:16 -06:00
sinn3r ffc9f652cc Fix VirusTotalUtility module scope 2014-01-12 16:12:25 -06:00
sinn3r 02d5931739 Add method scan_by_checksum for virustotal.rb
Allows the user to scan files based on checksusm (without actually
uploading them to VT)
2014-01-12 15:45:16 -06:00
sinn3r 3b095f325f Change default key to Metasploit 2014-01-10 17:34:55 -06:00
sinn3r 807d8c12c7 Have a default API key
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
2014-01-10 01:26:42 -06:00
sinn3r 4ba2a53e4a Correct a typo
They caught me. Thanks HD.
2014-01-09 16:40:29 -06:00
William Vu e7026c10ef Update msftidy to check for double quotes 2014-01-08 20:32:30 -06:00
sinn3r 9ddef2fbc9 Update rpsec and the script 2014-01-08 13:22:38 -06:00
sinn3r 60138aba67 Use $stdout 2014-01-08 02:34:27 -06:00
sinn3r 44f89f839d Update documentation 2014-01-07 19:11:08 -06:00
sinn3r 4f7cf0994a Adds a timeout to wait_report method
In case it takes too long to get a report, the method will give up
checking after one hour. The user can still manually check the report
from the analysis link given earlier.
2014-01-07 19:03:42 -06:00
sinn3r 481ec7b9ec Add VirusTotal Scanner Utility
[SeeRM #8733] This a tool that uses VirusTotal's public API to submit
a malware sample for analysis. As an offensive tool developer, this
would provide a convenient way to check and see how AVs react to
something we write.
2014-01-07 18:29:26 -06:00
sinn3r 709a7bfb99
Land #2754 - Created standalone module for cpassword AES decrypt 2013-12-19 12:13:21 -06:00
sinn3r 3c64650a47 +x permission 2013-12-19 12:12:37 -06:00
sinn3r 284b3507ce Convert gpp_standalone.rb into a standalone script in tools 2013-12-19 12:10:00 -06:00
Tod Beardsley 63d1a78cd2
Remove capturing parens and debug hexes. 2013-11-20 17:53:25 -06:00
Tod Beardsley 637ce058f5
Write a nonstupid regex (2-pass test) 2013-11-20 17:47:19 -06:00
Tod Beardsley 0ec9881a22
Fix stdout/stderr check to avoid ruby payloads
[SeeRM #8498]

This knocks out all the non-datastore editing ERROR messages, so we've
got that going for us. Which is nice.
2013-11-20 17:39:35 -06:00
Tod Beardsley 5ef6c5bb44
Land #2668, avoid tidying nonfiles. 2013-11-20 16:57:57 -06:00
William Vu b75f5a8f45 Avoid crashing when msftidy'ing missing files 2013-11-20 16:36:07 -06:00
William Vu 6c7a98ef47 Be more exact about shebang checking 2013-11-20 15:26:35 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
William Vu 2572d8daad Add #! check to msftidy 2013-11-08 16:11:48 -06:00
William Vu bcc9c760c4 Add +x check to msftidy 2013-11-05 11:50:28 -06:00
sinn3r 079c82d11d
Land #2565 - Show full path in msftidy 2013-10-22 16:05:56 -05:00
William Vu 33c3167362 Show full path instead of just the basename
Since @todb-r7 and I hate having to use find. :/
2013-10-22 14:54:54 -05:00
William Vu 36a7d02001 Update msftidy to check new ZDI reference 2013-10-21 15:31:37 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
Tod Beardsley 3e31235a14
Minor Ruby changes to resplat.rb 2013-10-16 16:37:15 -05:00
Tod Beardsley 3fc1a75a6b
Simplify msftidy with Find.find and add fixed()
Also, enforce binary encoding like the other Metasploit tools.

This opens the door to fixing files that have things that could be fixed
programmatically.

    [SeeRM #8497]
2013-10-16 10:40:42 -05:00
Tod Beardsley 2f2b93cf61
Avoid resplatting resplat.rb 2013-10-15 14:59:56 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley 40106b3f22
Sometimes splats point at a /framework/ URL 2013-10-15 14:12:49 -05:00
Tod Beardsley 01fbbf16de
Add another line to the resplat regex. 2013-10-15 14:06:53 -05:00
Tod Beardsley 81d145ad81
At least offer a solution with msftidy
I would go ahead and fix it for the user, but due to #8497, I can't
yet.
2013-10-15 13:53:38 -05:00
Tod Beardsley e9e6fb7e26
Add msftidy check. 2013-10-15 13:35:52 -05:00
Tod Beardsley 56d4ba8ab8
Add a re-splatting tool for updating comments. 2013-10-15 13:13:00 -05:00
Tod Beardsley 36d058b28c
Warn for tabbed indentation 2013-10-01 12:22:46 -05:00
Tab Assassin 2e8d19edcf Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
Tab Assassin 0ecba377f5 Avoid retabbing things in .git/ 2013-09-30 13:45:34 -05:00
sinn3r c3976e8315 Land #2364 - Update retab util 2013-09-19 22:24:45 -05:00
James Lee 8fe9132159
Land #2358, deprecate funny names 2013-09-18 14:55:33 -05:00
Tod Beardsley 9ee629e2b3 Short circut file checking if it's .rb
Makes things a little faster.
2013-09-13 10:51:50 -05:00
Tod Beardsley 75021bb75b Make retab.rb smarter about ruby file types
Instead of just relying on a filename of *.rb, use the file utility to
determine file type.

For systems that lack lack 'which' and 'file', fall back to filename
matching.

This is useful for retabbing things like 'msfconsole' that don't have a
.rb extension.
2013-09-13 10:25:26 -05:00
Tod Beardsley 5dc3c3c424 Realign retab.rb 2013-09-13 10:15:05 -05:00
Tod Beardsley 32d2f7ffce Hard tabs for now 2013-09-12 16:15:50 -05:00
Tod Beardsley 52843c6a67 Revert whitespace change to msf_tidy.rb
Causing merge conflicts, I'll re-tab it after this PR lands.

This reverts commit 1178da46c6.
2013-09-12 16:14:42 -05:00
Tod Beardsley 1178da46c6 Normalize indentation or @wchen-r7 will be cross 2013-09-12 16:10:43 -05:00
Tod Beardsley cf27b0b457 Add msftidy check for snake_case.rb filenames 2013-09-12 16:06:17 -05:00
sinn3r 8715eb36a8 Land #2300 - chk datastore mods 2013-09-12 15:09:09 -05:00
Tod Beardsley f3ab6d1830 Retab should optionally keep local backups
Local backups are generally not needed since you can just git checkout
old versions anyway before committing. It was nice to have during dev
but generally shouldn't be done now.
2013-09-03 11:54:31 -05:00
Christian Mehlmauer 40e7f45db4 another regex fix 2013-08-30 16:10:16 +02:00
Christian Mehlmauer 921ec615c7 Bugfix 2013-08-29 21:35:15 +02:00
Christian Mehlmauer 1839af4b89 check for modified datastore 2013-08-29 07:31:17 +02:00
Tod Beardsley ef224b175d Allow for tabs or spaces as indentation
This signals a move to allowing for normal Ruby indentation (2 space
soft tabs). This change will check files for indentation of spaces or of
tabs, since we don't want to fail out all modules quite yet.

For more, see
https://github.com/rapid7/metasploit-framework/wiki/Indentation-Standards
where all details of the conversion plan will be documented in order to
minimize the amount of whitespace conflict we are sure to encounter over
this conversion.
2013-08-07 11:45:46 -05:00
Tod Beardsley 914ec856f0 Add a retab utility
Usage: tools/dev/retab.rb directory

will retab with 2-width spaces rather than tabs for indentation.

This utility should be used by the @tabassassin account when it's
unleashed on the Metasploit code base in order to make git blame a
little easier to spot. (diffs should use -b or -w to avoid seeing
@tabassassin's changes)
2013-08-07 11:34:49 -05:00
lsanchez-r7 2bb11693f2 fixing some copy 2013-07-08 18:16:15 -05:00
lsanchez-r7 250472474c updating the list_interfaces.rb to use the gem 2013-07-08 17:59:41 -05:00
lsanchez-r7 94db2dc83f updating list_interfaces for windows, this should work? 2013-07-08 17:52:24 -05:00
lsanchez-r7 4541a9e49e now with passing msftidy 2013-07-08 17:44:50 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
Tod Beardsley 04c2a7367d Uncapitalized function names are rarely improper. 2013-07-01 15:37:22 -05:00
HD Moore 759a43abe5 Allow for null passwords 2013-06-29 23:20:50 -05:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
h0ng10 4e42ffd51e msftidy cleanup 2013-04-12 21:39:11 +02:00
h0ng10 f6da02d907 Check for VERBOSE Option 2013-04-12 21:34:15 +02:00
Brandon Turner 06537e0ab1 Remove the gemcache loader and tools 2013-04-03 16:24:56 -05:00
Trevor Rosen 5af14c4153 Merge pull request #1380 from todb-r7/feature/mailmap_and_commit_count
Godspeed, friends.
2013-03-21 09:57:46 -07:00
Tod Beardsley fd20eba35e Expanding the title and desc for external_ip
Also allowing the capitalization on "via" to be small.
2013-03-20 14:42:12 -05:00
Tod Beardsley 9fe0a01652 Merge branch 'master' into feature/mailmap_and_commit_count 2013-02-15 16:52:11 -06:00
Tod Beardsley d5b0482127 Note linking strat in comment docs 2013-02-06 14:19:18 -06:00
Tod Beardsley 734bd614e1 Adds a pre-commit hook that fires off msftidy
If people use this, it'll cut down quite a bit on trivial module errors.
2013-02-06 11:13:30 -06:00
sinn3r 45db43d2b3 Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles 2013-02-04 14:21:40 -06:00
Tod Beardsley e8def29b4f Dropping all twitter handles
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
Tod Beardsley 7b6d1f4fdd Actually test alternate rubies. 2013-02-01 13:36:15 -06:00
Tod Beardsley 55b512087a Deal with dates that fall off the end. 2013-01-29 13:03:22 -06:00
Tod Beardsley 40fd695e6e Adds a few metrics-based tools and a mailmap
This merge adds four new tools:

  * .mailmap : allows for easier identification of committers
  * tools/module_count.rb : Spits out a current count of modules
  * tools/module_commits.rb: Spits out who commited to a module
  * tools/committer_counts.rb : Spits out commiters by commit counts

This was part of a long-running feature branch, which is why it's now
bundled up in one big squash merge.

Squashed commit of the following:

commit de201ff6a5b304d0fedec56d9f1930abf1a10d9e
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Jan 24 14:48:24 2013 -0600

    Rename from scorecard to merely a count

commit 8028cf838b0b560831602e3163e92d0751a4c0a9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Jan 24 14:36:42 2013 -0600

    Some final comment docs

commit a69fd7883837849664bc8777d119ac760de4a43d
Merge: e288f13 3faf4b3
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Jan 24 13:21:14 2013 -0600

    Merge branch 'master' into committer-scorecard

    I think these conflicts came from a move or a rename or something.

    Conflicts:
    	external/source/exploits/cve-2012-5076_2/Makefile
    	external/source/exploits/cve-2012-5088/Makefile
    	modules/exploits/multi/browser/java_jre17_method_handle.rb
    	modules/exploits/multi/http/jenkins_script_console.rb

commit e288f13d7f7bca7aa4ceddd555b88d971a9f65a2
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Jan 16 14:06:23 2013 -0600

    Add FireFart's mail alias

commit 1b1792e84febf015a79c3beb3d2473953da56935
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jan 18 22:41:44 2013 -0600

    Fix grammar on description for webcam

commit 276388fac541f0eebb9a18a980c5b474f438d117
Author: Robin Wood <robin@digininja.org>
Date:   Tue Jan 22 15:42:23 2013 +0000

    added extra checking for strict databases

commit a40ea3d73e52ab822cb89052ef7575f7ac52abb6
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Tue Jan 22 12:07:16 2013 +0100

    fix data added to table

commit 738d2fad5fccfbff23967ce219ad6bd4af90bbea
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Jan 22 00:27:03 2013 -0600

    Fix a stack overflow in bidirectional pipe

commit aeec5a816b2f09f517930cdff074ea4b42ed5088
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Mon Jan 21 12:26:35 2013 +0100

    Cleanup for mysql_file_enum.rb

commit 13f68f089b4f3dd7c58bb4d5cb5767ff3df12852
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Mon Jan 21 00:30:43 2013 -0600

    Updates the progress function

    Because the previous one was wrong.

commit d971fe0bb5f34667b6a621043838f7472e7255cd
Author: Robin Wood <robin@digininja.org>
Date:   Sun Jan 20 21:32:02 2013 +0000

    Brute force directory and file names with MySQL

commit a96ca2e96a3a34e302a6759ba48706c60b9724cd
Author: Robin Wood <robin@digininja.org>
Date:   Sun Jan 20 00:13:42 2013 +0000

    added a warning and using optpath

commit aa98d85abbc30166ce7d69a446bf78cddff92e0a
Author: Robin Wood <robin@digininja.org>
Date:   Sun Jan 20 00:12:38 2013 +0000

    added a warning and using optpath

commit 6dd5bb8532d0f68d44ca80099780428e0a3ad872
Author: Robin Wood <robin@digininja.org>
Date:   Sun Jan 20 00:02:07 2013 +0000

    stopped using fixed table name

commit 520aeb93119a77b4eb8d1187cac4084690d45613
Author: Robin Wood <robin@digininja.org>
Date:   Sat Jan 19 23:41:38 2013 +0000

    Fixed msftidy stuff

commit cec6a06c56444f12dc8b8985c2505b2d259d5077
Author: Robin Wood <robin@digininja.org>
Date:   Sat Jan 19 22:48:00 2013 +0000

    File/dir brute forcer using MySQL

commit 3cc0f3feaed87df11ab3695342af304d3b13d056
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Sun Jan 20 19:54:24 2013 +0100

    finally it doesn't use FileDropper atm

commit 2670d5ca8fbe2b26b2073445537bf0bfacd079dd
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Sun Jan 20 17:38:37 2013 +0100

    references and date updated

commit 1230d5267b3a8b33cfd64f6efb613986d6d13b31
Author: bcoles <bcoles@gmail.com>
Date:   Mon Jan 21 02:12:42 2013 +1030

    update php_charts_exec metadata

commit cf37c594e55b0130640f5aaea240b3aa936b7c8d
Author: bcoles <bcoles@gmail.com>
Date:   Mon Jan 21 02:10:48 2013 +1030

    move and update php_charts_exec metadata

commit 1e86429fa16a2f5d5003fbe6e69a74cac5efd767
Author: bcoles <bcoles@gmail.com>
Date:   Sun Jan 20 23:51:17 2013 +1030

    Add PHP-Charts v1.0 PHP Code Execution Exploit

commit fe60ee6dffc60a53b28bcfd08b5aada8bc8d4000
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Sun Jan 20 13:42:02 2013 +0100

    linux stager plus little cleanup

commit 5900248f585e7a5e10d93a0672aa8d330d5581ee
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Sat Jan 19 19:10:56 2013 -0500

    use target_uri and normalize_uri as well as fix a cookie problem

commit a7ce0a500fe1ae4c71652191ee97ba1757cf65e0
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Fri Jan 18 14:56:52 2013 -0500

    add module to execute commands via Jenkins Script Console

commit 33b8aa49f4dbbfbcc275b5cc0dfc43db9fec08f8
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Fri Jan 18 18:42:27 2013 +0100

    title updated

commit 63fe457fadf66ac27eac6210a26880c1f816d0ce
Author: Charles Smith <charles.smith@n2netsec.com>
Date:   Thu Jan 17 16:52:02 2013 -0500

    Fixed loot formatting so data is under the proper column

    The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL".  Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:

    credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]

    I changed the order the columns were defined to fix this.

    The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:

    permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]

    works correctly.

commit b948559b5ae0090c9ecb704bfba2da219577d4f4
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Thu Jan 17 21:45:13 2013 +0100

    cleanup

commit 199ab00a9c46295776b3f9c47d941721d5777a65
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Thu Jan 17 21:39:41 2013 +0100

    cleanup

commit 8d5504475dbce315581e87f395c9453bbe624d2e
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Thu Jan 17 21:27:47 2013 +0100

    Added new module for cve-2012-5076

commit 31ae18f392dea9fcfc4e1e6e1ec627aed2513d09
Author: jvazquez-r7 <juan.vazquez@metasploit.com>
Date:   Thu Jan 17 21:14:49 2013 +0100

    Added module for CVE-2012-5088

commit 6ac99f3db8f464767d15aaf60a2a5796b4ae8b30
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 19 09:08:31 2013 -0600

    Add a quick comment doc

commit 0c18f1c7cb53a77b4338e6014b76ea74749b41f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 19 09:06:34 2013 -0600

    Adds a per-module commit counter.

commit 44fa22832bb2e229f5a96a62658d7c4b0b88b966
Merge: fa288ff 9f42abd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 19 08:30:37 2013 -0600

    Merge remote-tracking branch 'origin/master' into committer-scorecard

commit fa288ff007c1ead48ca011cda2488164d5103715
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jan 18 14:05:47 2013 -0600

    Make module_count execable

commit 6c1625ed709f505ec9e8be89820f9d6827a52567
Author: Tod Beardsley <todb@metasploit.com>
Date:   Tue Jan 8 09:56:48 2013 -0600

    Wrote a quick module counter, by type

commit af07ddc8184b85ecd43fb9e2cb2c607d54fb0c1b
Merge: 2ee5df8 2c3ccb5
Author: Tod Beardsley <todb@metasploit.com>
Date:   Tue Jan 8 09:35:28 2013 -0600

    Merge remote-tracking branch 'origin/master' into committer-scorecard

commit 2ee5df810313290a753344b83a9b9e591c30ef05
Merge: 501c678 b50e040
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jan 4 10:24:27 2013 -0600

    Merge remote-tracking branch 'origin/master' into committer-scorecard

commit 501c678b2ca6f67639d7d7425469d380ba6534cf
Merge: 8001401 c2586d0
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Dec 27 15:42:25 2012 -0600

    Merge branch 'master' into committer-scorecard

commit 800140176686c8aa4e41629b259a1bcb8b7c9e0c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Dec 27 11:13:04 2012 -0600

    Adding shuckins and cjr to the mailmap

commit ab2db49c17b78616dc9199d62928e65d624e9e12
Merge: 8b6ecb3 daf5465
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Dec 27 10:29:19 2012 -0600

    Merge remote branch 'origin/master' into committer-scorecard

commit 8b6ecb34bd2a1719bc51ab136cb9de1a8cd5c782
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 17 21:58:37 2012 -0600

    Comment docs on .mailmap

commit 8e245a086c2e91a80be31accdb6349837cba3dff
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 17 21:56:06 2012 -0600

    Another alias for h0ng10

commit aff6169602791a048cff2e41bac5cbb565abd341
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 17 17:02:35 2012 -0600

    A more useful committer score card

    Now with aliases for anyone who hit the top 20 list of the last year,
    six months, and twelve weeks.

    Still needs some optparsey niceities, but it's good enough for an
    intial push to GitHub.

commit bd4e00ee019cedfed2eb8af6b52786f5184193ca
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 17 15:22:33 2012 -0600

    Initial commit of a git commit scorecard
2013-01-24 14:56:28 -06:00
sinn3r bf013ba65f Add more words to ignore 2013-01-10 01:54:19 -06:00