Commit Graph

1550 Commits (1582d3a90261aa2e03d6f7e73dffbb98b48ba25e)

Author SHA1 Message Date
Tod Beardsley 34d637c7b8
Needs more ponies 2015-03-31 13:59:37 -05:00
Matt Buck c26dfa263d
Ensure IP addresses are explicitly converted to strings
MSP-12113
2015-03-24 16:26:00 -05:00
James Lee 65c00dffac
Tab complete non-loopback interfaces' addresses 2015-03-24 12:10:58 -05:00
RageLtMan 548a710745 Replace db_nmap string concat with an Array
16eab48012 introduced changes to
cmd_db_nmap which pass a new arguments variable to Open3 with a
list of args excluding save.

This approach created a problem wherein the address of the target
had to be passed in first and arguments could get mangled.

Reintroduce an array format, exploding when passing to Open3.
Ensure output file options are appended to the arguments being
passed to Open3, instead of the args variable.

Error example:
db_nmap -F 192.168.0.1
[*] Nmap: 'nmap: unrecognized option '- 192.168.0.1 ''
2015-03-24 04:36:58 -04:00
William Vu 809bc52dfc
Land #4982, tagging for msfconsole 2015-03-23 15:28:50 -05:00
HD Moore dbe3fe38fd Sanity check file: arguments for size and move into msfconsole 2015-03-23 14:57:44 -05:00
sinn3r 0e1b9f90b4 Small details 2015-03-23 14:40:20 -05:00
William Vu 2f83a53884
Add missing fix for #4921 2015-03-23 00:26:18 -05:00
William Vu 8165ae35d0 Remove extraneous semicolon 2015-03-23 00:26:03 -05:00
William Vu e176b21bcd
Land #4921, db_nmap help and tab completion 2015-03-23 00:22:46 -05:00
sinn3r 23685694ad The tags column should be a virtual column 2015-03-22 21:04:37 -05:00
sinn3r 182018786b This is probably the proper way to delete tags 2015-03-22 20:55:20 -05:00
sinn3r ffe48e1ec8 Don't need order to delete 2015-03-22 20:43:11 -05:00
sinn3r ef62fc3df7 Allow the delete mode for tags 2015-03-22 20:08:23 -05:00
sinn3r b2cc3c4954 I found more bugs and fixed them 2015-03-22 18:21:57 -05:00
sinn3r 708eb42984 I fix bugs for tagging 2015-03-22 18:13:40 -05:00
nstarke dac5b078f0 Minor fixes for format and style
This commit contains a few minor tweaks
for style and format.  Some whitespace removed,
an erroneous 'return' removed, and using single
quotes for consistency.  Updated as per request.
2015-03-22 22:51:21 +00:00
nstarke 16eab48012 Adding help and tab functions for db_nmap
These functions address certain problems
listed in GitHub issue #4353, but do not
address all issues in that ticket.  Most
notably, this commit adds basic tab
completion for db_nmap.
2015-03-22 22:45:56 +00:00
sinn3r 863cbcbddb Add real tagging for the hosts command 2015-03-22 15:34:37 -05:00
William Vu 259e95ed21 Add load_resource exception for msfconsole.rc
This prevents msfconsole from erroring on a nonexistent msfconsole.rc.
2015-03-20 16:50:27 -05:00
William Vu 4d00114428 Add parens around print_error 2015-03-20 13:53:14 -05:00
sinn3r 2c5c94288d Fix #4966, tell the user the resource script path is invalid
Fix #4966
2015-03-20 13:38:12 -05:00
William Vu 38dbd1889e Fix report_note to use :data
:note doesn't do what we want.
2015-03-19 21:33:17 -05:00
William Vu 83ce967d75 Clean up hash syntax as per style guide 2015-03-19 21:23:28 -05:00
sinn3r f38ad13094 Resolve #4891, new arguments for the hosts command
Resolve #4891
2015-03-19 17:00:41 -05:00
William Vu 3c7b061e05 Use single quotes
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
William Vu 72e7691300 Change print_status to print_error
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
William Vu e81f2e366c Refactor db_{status,connect} a bit
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke ee8318d5c4 Adding db_disconnect qualifying statement 2015-03-10 11:58:04 +00:00
nstarke 187a0445f3 Issue #4868 - Adding warning message to db_connect when already connected 2015-03-10 00:02:34 +00:00
William Vu 260c603ffb Fix msfconsole -L
s/rb-readline/rb-readline-r7/

Should have been in #4816 (#4128).
2015-02-26 15:14:38 -06:00
William Vu 7b32b8b58c
Land #4810, support for job renaming in msfconsole 2015-02-24 08:51:06 -06:00
William Vu 285c138f80 Add tab completion for rename_job 2015-02-24 04:25:36 -06:00
William Vu 500b6229be Clean up whitespace 2015-02-24 04:13:59 -06:00
sinn3r e9b6a023de Fix a typo 2015-02-23 21:45:02 -06:00
sinn3r b8cb93d712 Fix #3790, document the creds -d feature
Fix #3790
2015-02-20 21:38:26 -06:00
sinn3r b5f8ae85cf Fix #3827, Add support to rename a job
Fix #3827
2015-02-20 21:13:45 -06:00
Christian Catalan 8740fd9015 Convert #find_all_by_X to #where 2015-01-31 21:07:50 -06:00
Brent Cook cf891efc14
Land #4674, @wvu-r7 teaches msfconsole to read stdin as - 2015-01-30 18:25:09 -06:00
William Vu fdf88b9563
Land #4639, incorrect use of #class fixes
case uses === internally. :)
2015-01-30 16:57:59 -06:00
William Vu 8f54e4d611
Implement "-" for msfconsole -r from stdin
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.

This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
2015-01-29 19:26:56 -06:00
William Vu 6ecb36df52
Land #4653, get/set/unset description improvement 2015-01-29 13:28:06 -06:00
sinn3r f0742a38e2 The get command too 2015-01-28 12:59:51 -06:00
James Lee 895284cd12
Fix logic around empty usernames or passwords
See #4634 and #4642
2015-01-27 14:16:26 -06:00
sinn3r d29a74cd8f Fix #4641 - Explain the set/unset command a little bit better
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.

Fix #4641
2015-01-27 13:35:05 -06:00
James Lee a2c7ebc2b1
Simplify logic 2015-01-27 09:05:11 -06:00
James Lee eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username
Conflicts:
	lib/msf/ui/console/command_dispatcher/db.rb
	spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
2015-01-27 08:40:07 -06:00
James Lee f2e0bd364a
Always include Service and Host
See #4643
2015-01-26 20:22:11 -06:00
James Lee 8dd56bb759
Do all the filtering in SQL instead of Ruby
This also has the advantage of reducing the number of queries from at
least 3 for every Core we find to more like a total of 3.
2015-01-26 20:21:55 -06:00
Tod Beardsley 2294ea0e93
Squash commit for blank creds search and test
This should fix up #4642 with respect to #4504.

Squashed commit of the following:

commit 124d53ccb00cd200bede092e893dda7e033d3e17
Merge: cb2bef8 ccad159
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 16:23:03 2015 -0600

    Merge branch 'feature/creds-blank-finders' into temp

commit ccad159222eaa949d76e22b588d1ac7709fb2f27
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:58:02 2015 -0600

    Clean out whitespace, make vars more meaningful

commit 266b45dff26e2778e43d8e4750d212b5aee5a009
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:54:32 2015 -0600

    Add some specs for regular users and blank users

commit 2e51503f76e9a2f6921c57e86a2f98527f80c874
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:04:03 2015 -0600

    Users should be able to find blank user/pass
2015-01-26 16:26:30 -06:00
Jon Hart cb2bef878b
Land #4504, @disenchant's get/getg improvement 2015-01-26 12:49:34 -08:00
Christian Mehlmauer bb07ec8666
fix incorrect usage of .class 2015-01-26 15:46:58 +01:00
sinn3r c62beacd31 Revert #4473 - Log backtraces by default 2015-01-24 02:44:29 -06:00
Tod Beardsley 9017aa0f6b
Avoid magic number to make @wvu marginally happier 2015-01-20 16:29:59 -06:00
Tod Beardsley e88c4f1587
Switching from if mod.nil? to unless mod
Because it reads nicer, though `mod` will never be `FalseClass`
2015-01-20 16:21:00 -06:00
Tod Beardsley 63c66f66a0
Add a second_chance on cmd_use
This is a weak attempt to solve a race condition between modules loading
and cmd_use being fired. Upon startup, saved configurations, running
resource scripts, and running commands will sometimes jump ahead of the
module loading procedure.

I have not discovered where the race actually is and how to cause the
race to happen. However, the timing seems to be fairly close to a second;
by waiting three seconds after trying use again, we seem to be in the
clear, at least according to testing.

Fixes #4549, but better solutions are welcome!
2015-01-20 15:46:29 -06:00
Jon Hart da1c56a65d
Add minimal tests for get/getg 2015-01-15 14:46:12 -08:00
Jon Hart 7a900cc889
More Ruby-ish way for cmd_get 2015-01-15 11:54:01 -08:00
Jon Hart 8aff50aed1
Make get/getg help more consistent 2015-01-15 11:36:32 -08:00
Jon Hart 45cef82f6c
Use appropriate help for get/getg 2015-01-15 11:35:39 -08:00
Jon Hart d8743ea32b
Land #4539, @Meatballs1's creds cmd now supports type filters, -R for search 2015-01-08 18:48:27 -08:00
Jon Hart 7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid 2015-01-08 18:42:25 -08:00
Meatballs e6f53ebcbc
Remove duplicate rhosts 2015-01-07 22:04:01 +00:00
Meatballs dccd21a559
Resolve #3870, reinstance creds -R 2015-01-07 22:01:45 +00:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Sven Vetsch b121e2c3fd adds a get and getg method besides the already existing set/setg and unset/unsetg 2015-01-02 12:40:24 +01:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
sinn3r 553030b22d
Land #4473 - Log backtraces by default 2014-12-30 18:13:33 -06:00
Christian Mehlmauer 6444d8ba64
use kind_of? for checking exceptions 2014-12-30 21:16:57 +01:00
sinn3r 9af3fd01d4 Fix response_timeout
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
sinn3r bcf659792e Restore original timeout 2014-12-22 12:34:52 -06:00
sinn3r ad8bbf4477 Rescue rescue Rex::TimeoutError so the iteration can keep going 2014-12-20 01:12:30 -06:00
sinn3r a8e3ee033c Fix #4431 - Support arbitrary session response timeout
Fix #4431
2014-12-20 00:25:02 -06:00
William Vu 723998e1d4
Land #4425, jobs tab completion NilClass fix 2014-12-18 15:25:57 -06:00
Spencer McIntyre 400bd9a094 Fix jobs NilClass tab complete bug 2014-12-18 15:43:04 -05:00
Trevor Rosen 80cd04d76a
Land #4332, test optimization for Cucumber
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
Spencer McIntyre 549f3c69ff Dont crash when tab complete threads command with typos 2014-12-17 19:36:04 -05:00
Luke Imhoff f696a5ab0e
msfconsole --defer-module-loads
MSP-11671

Add command line option --defer-module-loads to msfconsole.  It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`.  This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
Luke Imhoff 90c6764426
init_module_paths once in msfconsole
MSP-11672

Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
2014-12-02 10:28:23 -06:00
William Vu a34e721353
Check for load errors in reload_all 2014-11-25 13:13:40 -06:00
Luke Imhoff 1fd8fe57df
Merge staging/great-backport to master
Conflicts:
	spec/lib/msf/core/module_spec.rb
2014-11-12 11:08:18 -06:00
Joshua Smith 1844b3956d
Land #4063 allow session lists
Note: the parsing for cmd_sessions  needs to be revamped and DRYd up in
a separate PR.
2014-11-09 22:40:53 -06:00
Tom Sellers 9295d9077e Remove debugging output 2014-11-06 09:27:44 -06:00
Tom Sellers 8bf6a34d6c Fix empty session ID and cleanup
- Fixed handling of empty session IDs for those commands that required them
- Added help text for ranges with examples
2014-11-06 07:18:55 -06:00
Tom Sellers 2bec646393 rolling back a change 2014-11-05 06:49:06 -06:00
Tom Sellers 8aa6fca760 Minor fixes and status update
Minor tweaks after the PR from @kernelsmith

Remaining items:

1. Handle empty session IDs correctly, for example 'sessions -d' or 'sessions -k'
2. Find a method of explaining the range options in the help text
3. Retest all changed code areas
4. Edit PR Summary to reflect changes to the scope
2014-11-05 06:46:55 -06:00
Joshua Smith 78a4ee686b modernizes & DRYs session/job ranges 2014-11-04 23:33:31 -06:00
Tod Beardsley 0b39c2ed85
Land #4084, prep for Ruby 2.1 2014-11-03 13:43:50 -06:00
Tom Sellers 0b8b0499f3 - Added range support to sessions -c and sessions -s
- Added check for un-detach-able sessions
- Added back the check for session.interactive? when detaching sessions
- Collapse build_jobs_array and build_sessions_array to build_range_array
- Added check for empty or invalid parameters to detach and kill [session | job]
- Reworked session id sanity check around line 1660
- RuboCop/Style guide change: Array.new -> []
- Misc RuboCop/Style guide spacing changes
2014-10-31 15:02:17 -05:00
HD Moore 9b61ae5f63 This is halloween.
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
James Lee 667f1ca876
Move readline choice into a method 2014-10-29 22:33:23 -05:00
James Lee 7b77bbedaa
Better explanations 2014-10-29 22:32:56 -05:00
James Lee 867329d4b3 Fix readline by mucking with load path 2014-10-29 22:14:49 -05:00
William Vu 4251ad199e
Change killing back to stopping
Got a little excited with the copypasta, I guess.
2014-10-28 05:49:30 -05:00
William Vu 5547890002
Add support for sessions -d ranges 2014-10-28 03:07:46 -05:00
William Vu 36c85b7150
Add support for jobs -k ranges 2014-10-28 03:01:53 -05:00
William Vu 7f66d18cfd
Clean up whitespace a bit 2014-10-27 14:49:27 -05:00
Tom Sellers 13b6f1cf48 Syntax changes 2014-10-25 09:39:15 -05:00
Spencer McIntyre c1a61e3b4e Support an MSFLOGO env var and logo enumeration 2014-10-24 13:07:28 -04:00
Spencer McIntyre 82f41d56a6 Add [user_]logos_directory to Msf::Config 2014-10-24 10:52:05 -04:00
Tom Sellers 2a6a8245cf Allow killing multiple specific sessions 2014-10-23 05:56:26 -05:00
Tim Wright 22fc6496ac Merge branch 'pr/3401' into landing-3401 2014-10-22 19:23:01 +01:00
William Vu ce40c1152a
Land #4014, msfconsole spinnerz 2014-10-17 16:25:31 -05:00
Luke Imhoff 080ea3e56a
Merge branch 'staging/great-backport' into feature/MSP-11126/msf-module-reorg
MSP-11126
2014-10-17 14:28:13 -05:00
Tod Beardsley a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/ 2014-10-17 13:13:44 -05:00
Luke Imhoff 0c00c7cc50
Fully-qualifiy Msf::MODULE_TYPES constants
MSP-11126

Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
2014-10-17 12:43:40 -05:00
Luke Imhoff 13923a8ca5
Fully-qualify Msf::DBImportError
MSP-11152

Constant was unqualified in some of the reorganized Msf::DBManager code
because that code was take advantage of the old nested lexical scope
that included `Msf`.
2014-10-17 09:29:01 -05:00
Tod Beardsley bf0a5d038e
Add an animation to comfort the user
Sometimes msfconsole takes a little while to start.

This adds a fairly common ASCII spinner to the startup sequence.

I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.

That said, it works for me.
2014-10-14 14:54:45 -05:00
Jon Hart 458da2bca4
Land #3988, @wchen-r7's fix for #3985, a lack of logging for 'check' 2014-10-12 18:46:35 -07:00
William Vu a04ad3aa8c
Update print_error to reflect new usage 2014-10-10 14:38:26 -05:00
William Vu 26743b4c38
Rewrite existing code to use HasActions
And fix a bug in the initial use case where mod.action was dropped.
2014-10-10 14:35:54 -05:00
William Vu 7e7e0259e4 Fix tab completion for post actions 2014-10-10 12:24:23 -05:00
William Vu 238a30a769
Update print_error to include post modules 2014-10-10 12:12:43 -05:00
sinn3r 48d2343152 Fix #3985 - check command should elog 2014-10-10 01:06:37 -05:00
William Vu 1d766ba95b
Rename dump_auxiliary_action{,s}
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
William Vu f6a9cfcc52
Break away the elsif into a separate if
In case exploits support actions for some crazy reason in the future.
2014-10-08 14:30:41 -05:00
William Vu b2ba6e7ae1
Make the code more maintainable
Despite the code around it.

Thanks for the advice, @jlee-r7!
2014-10-08 14:14:28 -05:00
William Vu c0ef2c7938
Support post modules
I kinda hate this code.

TODO: Get rid of and/or and the extra parens.
2014-10-08 13:23:50 -05:00
William Vu a8b5bf4625
Show selected auxiliary action 2014-10-07 14:34:41 -05:00
sinn3r 17f278effd Fix #3822 - Support file:// syntax for check() 2014-10-06 13:37:14 -05:00
Tod Beardsley d048bb7725 Add some color to the msfpark banner
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
William Vu 909ac522d1
Add metasploit-park.txt banner to msfconsole
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
sinn3r ae82ebc734 Change max LogLevel to 3
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
William Vu 2977e8e102
Add msfcli (M)issing 2014-09-12 10:25:13 -05:00
William Vu 425874315c
Add show missing 2014-09-12 10:23:12 -05:00
Kurt Grutzmacher 0ef71c70d3 s/services/creds 2014-08-31 09:54:49 -07:00
Kurt Grutzmacher 3bb370437c Returns csv output to creds command
commit 82b2c1deae removed the -o option
from the creds command. This returns it to its former glory!
2014-08-31 08:35:22 -07:00
Samuel Huckins b4e3ce0fdc Merge branch 'master' of github.com:rapid7/metasploit-framework 2014-08-28 17:14:07 -05:00
Samuel Huckins fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides'
MSP-11153 #land
2014-08-28 17:12:37 -05:00
James Lee 031445fee7
Check for nil resource files
See #3719
2014-08-28 16:27:33 -05:00
Luke Imhoff 7a8d7a38d1
Remove debugging 'puts'
MSP-11153
2014-08-28 13:48:46 -05:00
Luke Imhoff 951ce15b44
Move database.yml selection to Metasploit::Framework::Database
MSP-11153

Test the following paths in order and only return them if the path
exists:

1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
HD Moore 4e19d9ade1 Land #3545, fix up sip scanners, msftidy, db services cmd 2014-08-26 14:07:21 -05:00
Jon Hart a4f623a955 Show port and protocol when printing service notes, not just name 2014-08-25 13:11:22 -07:00
James Lee 19d6feca62
Fix regression where msfconsole.rc wasn't loading
Also add some slightly better docs for the Driver class
2014-08-24 15:10:41 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
David Maloney 48f0743d1b
remove crappy basedir method
this method is no lopnger needed
2014-08-20 15:28:36 -05:00
David Maloney 6bc55bf8cc
change is_apt method 2014-08-20 15:27:11 -05:00
David Maloney b547f7fc75
fix msfbasedir for go_pro
go_pro uses the wrong base director y for starting
up metasploit pro when using the go_pro command
this caused errors
2014-08-20 15:22:18 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Iquaba b33d2b8583 Adds a newline for readability 2014-08-07 13:49:13 -05:00
Iquaba 6cea921478 Adds --ask option to prompt before exiting msfconsole 2014-08-07 13:44:46 -05:00
Luke Imhoff 1d430dbb45
Run migrations when connection already established in console
MSP-10955

`Msf::Ui::Console::Driver#initialize` doesn't call
`framework.db.connect` if it can't find the the `database.yml`, but when
using `msfpro`, the connection is already established, so the console
doesn't need to know where the database file is and should just run the
migrations so that `framework.db.migrate` can be set and
`framework.db.active` will return `true`.
2014-08-06 19:55:51 -05:00
Tom Sellers 11515fc75c Update core.rb 2014-08-02 15:27:10 -05:00
Luke Imhoff 9096a8a1f5
Remove Msf::Framework::VersionAPI
MSP-10998

It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
Luke Imhoff 22db5aad8a
Remove Msf::Framework::VersionCore
MSP-10998

It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
James Lee 735ccda4db
Add an example for add-ssh-key 2014-07-31 09:40:36 -05:00
James Lee 85b00eede6
Add #present? checks 2014-07-30 11:52:59 -05:00
James Lee 49d0fc37c2
Add support for different realm_key 2014-07-28 14:39:24 -05:00
James Lee c65db18090
Add rudimentary specs and fix some help wording 2014-07-28 09:19:09 -05:00
James Lee a35e7371bb Add simple tabbing for creds command 2014-07-27 14:08:38 -05:00
James Lee b8bb4c7bc0
Add add-ssh-key to help output, fix some warnings 2014-07-27 13:46:38 -05:00
James Lee bc836f3606
Add a little easter egg in the NTLM hash 2014-07-24 16:37:24 -05:00
James Lee b8b3509c96
Re-add the ability to delete creds 2014-07-24 15:44:52 -05:00
James Lee 18ce342e2a
Refactor a bit for readability 2014-07-24 15:42:36 -05:00
James Lee 1a4e59e547
Add add-ssh-key subcommand 2014-07-23 17:09:02 -05:00
James Lee 4f19a1defa
Add an origin type and actually honor realm
Also adds better help text
2014-07-22 19:52:10 -05:00
Christian Mehlmauer 57839e0f4b
Fix some yardoc issues 2014-07-22 23:26:50 +02:00
James Lee 2013e28608
WIP: First stab at creds add-* subcommands 2014-07-22 02:05:55 -05:00
James Lee 6237d56398
Refactor ssh_login_pubkey
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
   where the ssh_socket accessor was not being set because of a
   shadowing local var
 * Fix a bug in the db command dispatcher where an extra column was
   added to the table, causing an unhandled exception when running the
   creds command
 * Add a big, ugly, untested class for imitating
   Metasploit::Framework::CredentialCollection for ssh keys. This class
   continues the current behavoir of silently ignoring files that are a)
   encrypted or b) not private keys.
 * Remove unnecessary proof gathering in the module (it's already
   handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
James Lee c0c1bd40a9
Fix help spec 2014-06-10 17:28:55 -05:00
James Lee 82b2c1deae
Make creds command show Metasploit::Credentials
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
2014-06-10 15:03:03 -05:00
Luke Imhoff 9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-02 13:40:11 -05:00
Luke Imhoff 21fad7163d
Msf::DBManager#connection_established?
MSP-9653

Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first.  The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
2014-06-02 12:49:09 -05:00
Tom Sellers 427a353be4 Update core.rb 2014-05-29 06:07:50 -05:00
David Maloney a4d85ad61b
Merge branch 'master' into staging/electro-release 2014-05-16 11:24:18 -05:00
William Vu 773fd7a9cb
Fix up whitespace 2014-05-14 15:31:40 -05:00
William Vu 340956f294
Add a newline after DISCLOSURE_DATE_FORMAT 2014-05-14 15:28:07 -05:00
Christian Mehlmauer dc7a8d32d8
Land #3324, msfconsole search timestamp fixes 2014-05-14 21:30:02 +02:00
David Maloney fb671c72a7
Merge branch 'master' into staging/electro-release 2014-05-14 13:00:37 -05:00
dmaloney-r7 acaf713229 Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
nstarke bb6201d66d Fixing nil bug and making format constant
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date.  For example,
‘checkvm’.  This necessitated checking disclosure_date for nil
before attempting a format conversion.  Also, there was an additional
location in core.rb that needed the formatting / nil check added.  Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
William Vu 9fbda3eae0
Land #3183, tab completion improvements 2014-05-14 02:20:12 -05:00
Luke Imhoff b1598e83c3
Re-enable `bundle install --without db` support
MSP-9606

Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed.  NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
William Vu 453851277f
Fix missing space in prompt for back and grep 2014-05-09 17:08:45 -05:00
William Vu 4b47a9a297
Land #3339, banner updates for Pro free trial 2014-05-09 15:25:09 -05:00
Tod Beardsley 281b000805
Typo fix for #3339 2014-05-08 10:18:19 -05:00
William Vu 7da6a2c84c
Update db_import help with authoritative formats
Taken from import_filetype_detect in lib/msf/core/db.rb.

[SeeRM #8799]
2014-05-08 02:30:29 -05:00
Tod Beardsley eecd05ec74
Fix banner language, padding. 2014-05-07 16:12:15 -05:00
Tod Beardsley c50c929412
Treat apt and binary installs the same for banners 2014-05-07 15:59:50 -05:00
Tod Beardsley ab56583ce0
Remove dead oldwarn code, fix shortlink 2014-05-07 09:49:41 -05:00
Tod Beardsley 7ed943cead
Add new rotating banners for apt installs 2014-05-07 09:39:39 -05:00
Tod Beardsley a55e2bcf19
Rework banner trailers in sprintf padding 2014-05-07 09:38:59 -05:00
nstarke f0a8f40acd Omitting timestamp from msfconsole search output
SeeRM #8795

The disclosure date field in the results from the search command
where returning with a timestamp that was almost always 00:00:00 UTC. I added a bit of date time formatting to only
include the year (4 digit), month (2 digit), and day (2 digit)
in the following format: Y-m-d.  This date time formatting
applies to both searches conducted through the database instance
as well as searches performed without a database (slow search).
2014-05-01 13:41:15 +00:00
William Vu 696eee1ada
Add Outpost24 to db_import help 2014-04-25 14:27:44 -05:00
Tod Beardsley 2aecab89bb
14-day free trial banner for non-binary installs 2014-04-14 11:00:41 -05:00
sinn3r d385c5ad4b Fix undefined method `rport' for the check command 2014-04-07 11:48:28 -05:00
Spencer McIntyre aecd13d314 Tab complete the same case 2014-04-03 09:54:48 -04:00
Spencer McIntyre 1c57c0092c Tab complete case insensitive module options too 2014-04-02 23:27:11 -04:00
Spencer McIntyre 7d93d28f1d Support more tab completion features 2014-04-02 21:57:17 -04:00
sinn3r 84b08a5a35 Fix check command host selection behavior
[SeeRM #8768] Instead of using the saved value for host, the check
command should use whatever the user specifies.
2014-03-12 22:54:01 -05:00
William Vu fd1586ee6a
Land #2515, plaintext creds fix for John
[FixRM #8481]
2014-02-28 09:53:47 -06:00
sinn3r 4d008ca3f3 Fix ::Interrupt exception handling 2014-01-30 18:57:27 -06:00
sinn3r 9f669a8e39 Make check_multiple() thread-safe 2014-01-30 16:46:36 -06:00
sinn3r 6435ddd162 loop do this too 2014-01-26 16:35:44 -06:00
sinn3r 0ffacc3420 { } block this 2014-01-26 16:33:21 -06:00
sinn3r 48836b45cf Last commit before PR
Code changes address these feature requests:
[SeeRM #8737]
[SeeRM #8752]
[SeeRM #8755]
2014-01-26 12:15:47 -06:00
sinn3r a14dddd1ef Show warning 2014-01-26 12:08:20 -06:00
sinn3r f0ebd13447 Make sure all threads are killed after interrupt
If threads aren't killed, then when the user triggers interrupt,
the console will keep the threads (vuln checks) running, which
looks weird.
2014-01-26 02:49:16 -06:00
sinn3r 60f1688bb8 Fix option validation 2014-01-26 00:57:02 -06:00
sinn3r 2d12c0a368 NoMethod check and stuff 2014-01-25 20:25:01 -06:00
sinn3r 3bb17dad72 Check argument 2014-01-25 20:10:22 -06:00
sinn3r 7dfd4ab22c Change default thread count 2014-01-25 01:40:05 -06:00
sinn3r 2046209291 This one looks like is working 2014-01-25 01:27:48 -06:00
sinn3r 216fa4503a Save progress 2014-01-24 23:32:29 -06:00
sinn3r 93fa58ed45 aux scanner support 2014-01-24 17:54:40 -06:00
sinn3r 3c8d82e363 Ensure the rhost datastore option is restored 2014-01-23 21:12:59 -06:00
sinn3r b07e87b1d6 Fix nil rhost 2014-01-23 10:33:05 -06:00
sinn3r c48595f239 Add support to scan a range of IPs for the check command
[SeeRM #8737] This allows the check command to scan multiple hosts.
2014-01-23 00:37:32 -06:00
Tod Beardsley 02018077ea
dangit odd number of ]s 2014-01-09 15:15:47 -06:00
Tod Beardsley 25337888b0
Move back the expires date. 2014-01-09 14:51:23 -06:00
Tod Beardsley fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner 2014-01-09 14:37:41 -06:00
Tod Beardsley e4460278d2
Fix the closing brackets on the banner. 2014-01-09 14:37:25 -06:00
jvazquez-r7 7435d74c59
Land #2093, @sempervictus MaxChar for Rex::Ui::Text::Table cols 2013-11-19 13:34:45 -06:00
jvazquez-r7 34dccaaa1f Clean use of -c on creds command 2013-11-19 13:26:14 -06:00
William Vu 3e1ae4c9b3
Land #2504, @todb-r7's edit command for msfconsole 2013-10-30 15:38:07 -05:00
Tod Beardsley 900ccc7ec9
VISUAL is okay. Also doesn't need to be a path.
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
2013-10-30 15:34:23 -05:00
Tod Beardsley 4bf041ec46
Use Rails, not Ruby, time formats.
Since MSF now equires ActiveSupport, may as well reference it correctly.
2013-10-25 11:52:54 -05:00
Tod Beardsley b781e58a67
Unformat the prompt and promptchar 2013-10-25 11:40:28 -05:00
jvazquez-r7 0084f32ca2 Print default values when unset options 2013-10-25 11:21:42 -05:00
ethicalhack3r 6f605fb009 Typo 2013-10-24 16:33:26 +02:00
Tod Beardsley 72a052942f
Methodize the editor variable as local_editor 2013-10-17 14:11:20 -05:00
James Lee 676f12e50e Import the new plaintext export format
Also:
* Import John the Ripper's plaintext from cracked NTLM hashes in the
  same way
* Don't choke on : in passwords when reading JtR's output
* Fix some whitespace
* Show a count of inactive creds if there are any instead of acting like
  they don't exist
2013-10-15 15:12:18 -05:00
Tod Beardsley 423b490168
Use Rex::Compat.getenv instead
Also, this would deprecate out the editor plugin.
2013-10-11 10:42:13 -05:00
Tod Beardsley a7025fca3d
msfconsole 'edit' command
Useful for quick editing a module during development / bug fixing. I
don't really see a security issue with running a command defined in the
user's VISUAL or EDITOR environment variables;  if the user can run
msfconsole to begin with, there are better ways to get into trouble.
2013-10-10 23:00:25 -05:00
James Lee 595820382e Fix lying documentation 2013-09-17 20:58:29 -05:00
James Lee a0d113d754 Fix a bug that deleted too many hosts
When running a command that takes host ranges as arguments (e.g.,
`hosts`, `services`), the arguments get parsed by
Rex::Socket::RangeWalker. If RangeWalker was unable to parse, it would
return nil, which in this context means "all hosts." If the user is
searching, they get all hosts instead of the ones they were interested
in -- this is annoying, but not too big a deal. Unfortunately, the same
logic applied when *deleting* hosts, with `hosts -d ...`, causing all
hosts to be deleted when giving it an invalid range.
2013-09-17 20:51:41 -05:00
Till Maas 763b111c9b cmd_db_connect: Expand path to database config
Do not only check whether the expanded path for the database config file
exists, but also use it.
2013-09-11 11:23:26 +02:00
Tab Assassin 81479a6ade Retab changes for PR #2093 2013-09-05 14:31:10 -05:00
Tab Assassin 8a76b3390d Merge for retab 2013-09-05 14:31:05 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
James Lee a5ca516435 Fix nil deref in spool command
Occurs when no module is currently `use`d
2013-07-25 14:51:39 -05:00
g0tmi1k a4d96d37f3 Updated regex 2013-07-11 21:16:02 +01:00
g0tmi1k ff62a85501 command_dispatcher/core.rb - Made msftidy happy 2013-07-11 10:52:25 +01:00
g0tmi1k b2fe31e30f go_pro - fix start with kali linux 2013-07-11 10:42:26 +01:00
RageLtMan 9445cb74bf fix copypasta 2013-07-10 21:03:49 -04:00
RageLtMan f7cf783e25 Allow selection (and ordering) of column names
Build the creds table with only the columns we select,
in the order selected.

Example:

creds -s ssh -u root -S pubk -c port,user,proof

Credentials
===========

port  user  proof
----  ----  -----
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=30:...
22    root  KEY=37:...
22    root  KEY=a6:...
22    root  KEY=30:...
22    root  KEY=37:...
2013-07-10 20:46:34 -04:00
RageLtMan 987d6a671f Allow passing MaxChar to Rex::Ui::Text::Table cols
Passing MaxChar allows setting the maximum number of characters
printed within a specific column during the row_to_s method.
This does not affect CSV output nor truncate the actual data.
Meant for tidying up long console ouput.

Example: cleaned up cmd_creds to show proof and not maul tables
with unix session data.
2013-07-10 20:00:40 -04:00
g0tmi1k 38b83ba335 ui/banner~Made msftidy happy 2013-07-03 00:29:42 +01:00
William Vu 67f30a6828 Land #1739, resolve workspace rename issues 2013-07-02 16:09:59 -05:00
William Vu 53077d4c1a Add a newline before the delete message 2013-06-14 19:58:19 -05:00
William Vu cfd05bc68f Normalize comments 2013-06-14 17:32:33 -05:00
William Vu 0a9a8a57e3 Remove double newlines 2013-06-14 17:20:26 -05:00
William Vu bb02cc8509 Normalize the syntax and output of db.rb 2013-06-14 17:11:47 -05:00
John Sherwood 7ac5b6de53 Fix prompt and color issue with cmd_spool
Changing spool setting caused problems with prompt and color. This
fix makes the following changes:

- Saves the color setting and re-applies it to the new output console
- Sets the prompt in the same way that cmd_use does
2013-06-09 13:35:35 -04:00
sinn3r 9466022194 Land #1847 - Add sorting functionality to notes command 2013-06-05 12:17:54 -05:00