Metasploit
b868f7cc89
Bump version of framework to 4.11.12
2016-02-19 20:19:43 -08:00
Metasploit
93cc7d58ba
Bump version of framework to 4.11.11
2016-02-12 15:38:50 -08:00
Metasploit
3c1ada46dd
Bump version of framework to 4.11.10
2016-02-05 13:40:02 -08:00
Metasploit
7079110964
Bump version of framework to 4.11.9
2016-01-29 10:51:46 -08:00
wchen-r7
6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
KINGSABRI
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
wchen-r7
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
wchen-r7
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
Christian Mehlmauer
5a0e11fb72
revert file check
2016-01-21 20:21:41 +01:00
wchen-r7
d46ab29186
Don't name the method #send
2016-01-19 20:03:02 -06:00
Christian Mehlmauer
390b46dd25
also check file for existance
2016-01-19 23:55:49 +01:00
Christian Mehlmauer
b45e22b64d
use .any?
2016-01-19 23:16:10 +01:00
Christian Mehlmauer
aaa1174ca5
fix rspec errors without database
2016-01-19 20:28:58 +01:00
nixawk
98cfd2de90
remove PING authentication
2016-01-16 12:42:15 +08:00
Metasploit
a030179577
Bump version of framework to 4.11.8
2016-01-15 15:17:13 -08:00
Brent Cook
59660dd6d0
Land #6465 , remove unneeded meterpreter extension post-installation copies
2016-01-15 17:04:14 -06:00
Brent Cook
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
David Maloney
f7ce0dfedf
remove the merge extension intialiser
...
this initialiser conflicts with the gemfication
of framework and causes permissions issues
MS-972
2016-01-12 14:08:54 -06:00
Louis Sato
192505fe2d
killing threads and closing sockets more elegantly
2016-01-07 17:57:32 -06:00
Metasploit
dea4f35b0e
Bump to 4.11.7
2016-01-07 15:56:59 -08:00
Jonathan Harms
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
Jonathan Harms
675100946b
Initial SSL working OK
2016-01-07 17:53:48 -06:00
darkbushido
e38ff7079a
changing the require to start at metasploit_credentials
2016-01-07 15:49:49 -06:00
Brent Cook
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
wchen-r7
480913cb32
Add rspec
2016-01-06 01:41:13 -06:00
nixawk
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
nixawk
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
Chris Doughty
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
nixawk
a929dc0e35
add redis_login
2015-12-30 18:54:25 +08:00
Luke Imhoff
4858ae63bd
Thread class name for debugger has changed, so add new name
...
MSP-13484
2015-12-10 21:47:22 -06:00
wchen-r7
b1abfe898d
Update wordpress_xmlrpc_login
...
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Chris Doughty
f8a215e3cd
Adding changes to allow for easier version bumping
2015-11-09 15:56:03 -06:00
Brent Cook
be23da1c1f
Merge branch 'upstream-master' into land-6120-python-stageless
2015-10-30 17:26:26 -05:00
Samuel Huckins
f064fec0f1
Bumped version to 4.11.5
...
MSP-13377
2015-10-30 09:37:00 -05:00
Spencer McIntyre
810665847b
Add stageless python meterpreter to the payloads spec
2015-10-22 08:40:50 -04:00
William Vu
bd96e0ded2
Improve get_hash for Framework version
2015-10-15 16:22:45 -05:00
jvazquez-r7
3dd7fdfd95
Land #6055 , @wvu-r7's -q option for msfd
...
* Fixes #5770
2015-10-08 14:10:27 -05:00
William Vu
77fae28cd4
Add -q option to msfd to disable banner
2015-10-07 01:57:58 -05:00
jvazquez-r7
50249bd640
Update Metasploit::Framework::Tcp::Client to have SSLVerifyMode and SSLCipher into account
2015-09-28 13:57:08 -05:00
jvazquez-r7
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
jvazquez-r7
3529cdad7b
Add attributes
2015-09-28 13:30:10 -05:00
Jon Hart
0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
...
Fixes #5871
2015-08-20 10:05:42 -07:00
Brent Cook
0b6a52e162
bump metasploit-framework gemspec version to match pro
2015-08-04 14:25:44 -05:00
Brent Cook
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
Brent Cook
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
Samuel Huckins
174c90ccde
Updating version to match current
...
* This will be changed to the most recent git hash for next round,
at least making accurate for now.
2015-07-06 10:28:34 -05:00
wchen-r7
b4656f43a4
Fix #5616 , Save username before stop_on_success breaks the task
...
Fix #5616
2015-06-26 18:04:18 -05:00
wchen-r7
da779b1101
Fix login for 9.1
2015-06-26 13:52:44 -05:00
wchen-r7
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
wchen-r7
d59c418df6
Fix #5591
...
Fix #5591
2015-06-23 19:10:14 -05:00
wchen-r7
1af12fd11f
Glassfish version 9
2015-06-23 19:09:14 -05:00
Brent Cook
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
Brent Cook
732192aeaf
move ntds from priv to extapi
2015-06-22 09:04:08 -05:00
wchen-r7
0b0cc3631b
Land #5569 , Correct service name for mssql for scanner detection
2015-06-19 15:33:05 -05:00
wchen-r7
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
Greg Mikeska
d672ac1601
Correct service name for mssql for scanner detection
2015-06-19 13:54:31 -05:00
Brent Cook
7f27fd0cf2
adjust for user name size changes
2015-06-18 11:17:08 -05:00
HD Moore
7c91aee7a8
Dont use a "connected" to keep compat with BSD
2015-06-09 20:33:46 -05:00
David Maloney
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
HD Moore
fe09d9888e
Small rework of the spinners, clear the line when done
2015-06-06 14:30:42 -05:00
HD Moore
cec20ec5d9
Handle a rare corner case
2015-06-06 11:46:19 -05:00
HD Moore
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
David Maloney
5d68a8167b
handle unicode changes
...
changed everything to utf-8 , so several sizes
on the ruby side needed to be changed to account for this
MSP-12358
2015-06-02 12:46:21 -05:00
Samuel Huckins
4890882beb
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-21 15:03:17 -05:00
Samuel Huckins
e2c6742c1b
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-18 13:44:01 -05:00
David Maloney
7376d4d94e
account for public only credentials in #to_s
...
SNMP in particular will only have a public, so we need
to account for this so we don't output poorly formed text
with a trailing ':' char
5266
2015-05-18 13:42:15 -05:00
jvazquez-r7
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
David Maloney
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
David Maloney
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
David Maloney
6e813f6abd
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-14 10:30:48 -05:00
Samuel Huckins
9fafb645dd
Updating Rails version comment
2015-05-13 09:37:32 -05:00
Brent Cook
9549d572cc
Land #5280 , update to Ruby on Rails 4.0
...
This upgrades a number of other gems as a side-effect.
2015-05-12 16:48:49 -05:00
David Maloney
f3effe5fbb
some minor cleanup
...
cleanup based on feedback from Kronicdeth
MSP-12357
2015-05-11 11:17:58 -05:00
wchen-r7
1cc44cfc31
An alternative for normalize_uri
...
normalize_uri doesn't seem to work very well in our case, so
we do our own thing here.
2015-05-11 10:42:26 -05:00
wchen-r7
10982f0a1a
Login url should normalize too
2015-05-11 10:18:09 -05:00
wchen-r7
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
William Vu
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
William Vu
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
William Vu
669df591f2
Pull default connection_timeout into constant
2015-05-06 13:18:00 -05:00
William Vu
d4aed08260
Fix typo
2015-05-06 13:17:58 -05:00
William Vu
0939bbc710
Set default retries/version for SNMP LoginScanner
...
Set in snmp_login but missed in the LoginScanner.
MSP-12668
2015-05-06 13:17:40 -05:00
Brent Cook
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
root
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
David Maloney
1a8e8c624c
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-05 11:07:36 -05:00
darkbushido
26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-05-05 11:00:38 -05:00
jvazquez-r7
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
jvazquez-r7
3e7c790db8
Use constants
2015-05-01 15:15:18 -05:00
darkbushido
0b608e139a
Merge branch 'upstream' into staging/rails-4.0
2015-05-01 11:26:24 -05:00
David Maloney
2bbae6b9c2
add #to_s to ntds account
...
added to_s method to the NTDS account
for easy output
MSP-12357
2015-05-01 11:24:23 -05:00
David Maloney
acb833bd09
NTDS::Parser class built out
...
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects
MSP-12357
2015-04-30 14:57:30 -05:00
Brent Cook
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
David Maloney
2847bc8a6b
a little more yard
2015-04-29 14:53:08 -05:00
David Maloney
1f66840533
add YARD docs to NTDS Account
...
added yard around the attrs for the NTDS::Account
class
MSP-12357
2015-04-29 12:53:54 -05:00
Matt Buck
8163c3cdda
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
plugins/nessus.rb
2015-04-28 15:33:46 -05:00
David Maloney
6c77c4bb52
opening groundwork
...
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure
MSP-12357
2015-04-24 15:50:12 -05:00
Brent Cook
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
Brent Cook
8aca4539c9
Land #5152 , undefined var in WinRM_Login
2015-04-20 23:01:11 -05:00
William Vu
2bdcc178ef
Remove extraneous addition
2015-04-16 02:30:09 -05:00
William Vu
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
William Vu
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
Matt Buck
e82fb5f836
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
lib/msf/ui/console/command_dispatcher/db.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
Meatballs
926db59a8c
credential doesn't exist in this context
2015-04-15 15:48:21 +01:00
Luke Imhoff
c971bc930c
Mark app/concerns as autoload
...
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
2015-04-14 15:06:59 -05:00
Luke Imhoff
4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load
...
MSP-12550
2015-04-14 14:42:54 -05:00
root
19fe226b30
Correct a minor typo
2015-04-10 22:37:14 +05:00
sinn3r
90d525088c
Green rspec
2015-04-10 11:36:23 -05:00
root
8c0d5d66d0
Add spec file
2015-04-10 15:32:03 +05:00
Luke Imhoff
8b56286e66
Try to require 'metasploit/credential' when including Metasploit::Credential::Creation
...
MSP-12529
By convention, the top-level require of any gem should always be
required before trying to use any inner require.
2015-04-09 09:05:38 -05:00
root
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
sinn3r
59d89f4846
rm junk comments
2015-04-09 00:59:14 -05:00
sinn3r
f51eaef765
Add rspec
2015-04-08 02:33:27 -05:00
sinn3r
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
Matt Buck
5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
db/schema.rb
lib/msf/core/db_manager/session.rb
metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
jvazquez-r7
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
jvazquez-r7
fe5ddc01ad
Fix return documentation
2015-04-03 14:16:06 -05:00
Fernando Arias
6455862484
Merge branch 'staging/rails-4.0' of github.com:rapid7/metasploit-framework into staging/rails-4.0
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2015-04-03 13:56:38 -05:00
root
0dd987d873
Updated as per jlee-r7 feedback
2015-04-03 10:17:54 +05:00
David Maloney
1684bfec9e
add missing data to loginscanner results
...
the chef web ui and symantec web gateway
loginscanners do not save the target(host/port/proto) info
in the Result object. This can cause modules to break as they
expected the Result to contain that information
MSP-12499
2015-04-02 13:53:45 -05:00
root
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
David Maloney
103373a7eb
add back accidentally remvoed error
...
accidentally dropped Errno::ETIMEDOUT from the exception
handling
MSP-12389
2015-03-30 11:19:28 -05:00
David Maloney
441feec360
fix missing exception handling
...
a few of our http login scanners needed to
handle a couple of other exception classes
for when network communication errors occur
MSP-12389
2015-03-27 12:31:14 -05:00
sinn3r
6e3e696262
Use symantec_web_gateway as an example of using send_request
2015-03-25 10:55:46 -05:00
sinn3r
60f1d9c961
More yard doc
2015-03-25 10:50:11 -05:00
sinn3r
9b9e157e84
More yard doc
2015-03-25 02:26:06 -05:00
sinn3r
ded500a9ae
Use send_request
2015-03-25 02:13:40 -05:00
sinn3r
6984e5234e
Fix a typo
2015-03-25 02:01:25 -05:00
sinn3r
8a8d6fb5ab
Some more changes
2015-03-25 02:00:23 -05:00
sinn3r
855cadc6b1
Rescue more exceptions
...
The attempt_login method is rescuing these exceptions, so maybe
I should do the same.
2015-03-25 01:48:37 -05:00
sinn3r
8f95624bf7
Add #send_request to Metasploit::Framework::LoginScanner::HTTP
2015-03-25 01:40:02 -05:00
sinn3r
bef67d773c
Don't break untested_payloads.rb
2015-03-24 00:54:11 -05:00
jvazquez-r7
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
jvazquez-r7
62871255b0
Match class and file names
2015-03-20 14:25:20 -05:00
jvazquez-r7
179177d5c0
Fix typo
2015-03-20 13:27:41 -05:00
Matt Buck
f29a3f69e9
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
metasploit-framework-db.gemspec
2015-03-17 15:47:48 -05:00
sinn3r
608bf55b79
Update
2015-03-17 11:54:38 -05:00
sinn3r
27b6fbb648
I don't need :ssl and :ssl_version
2015-03-17 11:31:38 -05:00
Meatballs
69453c1955
Missing ?
2015-03-17 12:00:58 +00:00
Meatballs
fcc21ff928
Stylish like @limhoff-r7
2015-03-17 11:44:02 +00:00
Meatballs
d18224e3cb
Correct capitilzation of GitLab
2015-03-17 11:32:14 +00:00
Meatballs
25840c41cf
Rubocop
2015-03-17 11:21:05 +00:00
Meatballs
f4a1e981ab
Add gitlab login scanner
2015-03-17 11:19:23 +00:00
sinn3r
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
root
591716e557
brocade enable command bruteforcer
2015-03-06 09:41:14 -05:00
David Maloney
75c075e32b
properly anchor regexes
...
duh
2015-03-03 19:15:29 -06:00
David Maloney
64490c746a
CredCollection now knows about postgres_md5
...
the cred collection can now identify a postgres_md5 hash string
and set the type on the Metasploit::Framework::Credential object
appropriately
MSP-12244
2015-03-03 16:43:52 -06:00
David Maloney
c836078292
allow credentials to have a type of postgres_md5
...
add postgres_md5 to the type validation on
Metasploit::Framework::Credential to account
for the new Private type
MSP-12244
2015-03-03 16:35:30 -06:00
David Maloney
aa4038d539
allow the postgres librry to take an md5 hash
...
allow the raw md5 password hash to be passed in instead of
a password for md5 authentication in postgres. Adds an extra exception
class for when an md5 hash is given but the server expects
a different form of authentication.
MSP-12244
2015-03-03 13:16:46 -06:00
William Vu
8c5ff858d0
Land #4812 , hp_sys_mgmt_login configurable URIs
2015-02-23 19:04:14 -06:00
HD Moore
97ccf7e23f
Fixes SSL support for http_login (variable shadowing)
2015-02-23 14:00:29 -06:00
sinn3r
c39d6e152e
Land #4819 , Normalize HTTP LoginScanner modules
2015-02-23 11:43:42 -06:00
HD Moore
c60e2584bf
Comment typo
2015-02-22 02:51:18 -06:00
HD Moore
888c718f40
Fix two typos
2015-02-22 02:45:50 -06:00
HD Moore
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
sinn3r
bf2be7964b
Fix #4592 , print_* methods used in LoginScanner modules
...
Fix #4592
2015-02-20 22:46:21 -06:00
sinn3r
40c237f507
Fix #3982 , allow URIs to be user configurable
...
Fix #3982
2015-02-20 21:54:03 -06:00
Matt Buck
e397ecec9d
Merge branch 'upstream-master' into staging/rails-4.0
2015-02-18 15:05:39 -06:00
David Maloney
ffa6550aec
Land #4787 , HD's new Zabbix and Chef LoginScanners
...
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney
804db0ff0c
add leixcal sorting to methods
...
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
HD Moore
2847507f03
Add a chef brute force module
2015-02-17 23:49:57 -06:00
HD Moore
27d5ab45b4
Add a zabbix brute force module
2015-02-17 22:56:08 -06:00
HD Moore
85fd139ab0
Add missing context and a normalize_uri helper method
2015-02-17 22:55:53 -06:00
HD Moore
16932372db
Calls to Rex::Proto::Http::Client.new were passing in empty context
2015-02-17 20:44:37 -06:00
Meatballs
5fba54db99
Add addtional timing options
2015-02-16 19:07:55 +00:00
Matt Buck
d4d1dc09f3
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
db/schema.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-02-13 16:13:18 -06:00
HD Moore
8d982e3286
Pass the framework/module down into LoginScanner
2015-02-07 11:50:30 -06:00
HD Moore
985641dbc4
Add missing Context, fixes #4723
2015-02-07 11:27:57 -06:00
Christian Catalan
7d1090baca
Convert #find(:all) to #where or #all
2015-02-01 00:31:58 -06:00
William Vu
8f54e4d611
Implement "-" for msfconsole -r from stdin
...
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.
This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
2015-01-29 19:26:56 -06:00
Jon Hart
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
Jon Hart
e9557ffe58
Simplify module in prep for some authbrute cleanups
2015-01-12 13:08:12 -08:00
Jon Hart
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
Matt Buck
b4eef14ac6
Update metasploit gems
2015-01-08 15:33:23 -06:00
Matt Buck
2cd5be021b
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile
Gemfile.lock
db/schema.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-01-08 13:12:27 -06:00
Meatballs
bdbb26ba31
Land #4540 , resolves #4532 , honour DB_ALL_* options
2015-01-07 21:12:23 +00:00
David Maloney
5d68d48ca5
Land #4385 , fixes bruteforce_speed validator
...
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
David Maloney
702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
...
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components
MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney
7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
...
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin
MSP-11986
2015-01-07 11:30:39 -06:00
Tod Beardsley
6ded5a7eb4
Avoid spinner on Windows
...
Fixes #4147 , probably.
2014-12-30 10:17:56 -06:00
Fernando Arias
337b2d784f
Land #4416 , define rails version dep in one place
...
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
Matt Buck
db0aeb2a05
Make the version constraint a range
2014-12-19 13:54:13 -06:00
Matt Buck
c493ccfc06
Define the Rails version constraint in a library constant
2014-12-19 11:46:39 -06:00
Trevor Rosen
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
Samuel Huckins
4c994d84e0
Updating version to 4.11 for Flood release
2014-12-15 14:42:09 -06:00
Tod Beardsley
ac004d2770
Fix bruteforce validators to accept nil
...
bruteforce_speed isn't always required, because the speed checker
already handles nil (and presumes the user wants the fastest possible).
See also MSP-11842
2014-12-12 13:57:37 -06:00
Tod Beardsley
4eaf64afef
Don't lie about stop_on_success
...
This absolutely needs to be honored too, though.
See #4365 .
2014-12-11 12:37:13 -06:00
Tod Beardsley
edf541fabe
Fix some double spacing
2014-12-11 09:39:15 -06:00
Tod Beardsley
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
Luke Imhoff
8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
...
MSP-11671
Conflicts:
.travis.yml
2014-12-08 08:46:22 -06:00
sinn3r
9cc04e59eb
Fix #4304 - Blank password is tried when it shouldn't happen
...
Fix #4304
2014-12-04 12:59:51 -06:00
Luke Imhoff
f696a5ab0e
msfconsole --defer-module-loads
...
MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
Luke Imhoff
33b42389f0
Merge branch 'feature/MSP-11147/thread-leak-detection' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-17 09:35:47 -06:00
Luke Imhoff
e3869ee1ae
Include Thread status when printing leaked threads
...
MSP-11147
Sometime travis-ci is showing leaked threads even when
'Msf::Framework#threads cleaner' is being used, so I'm adding the
`Thread#status` to the data printed about the Thread to see if the
sometimes leaked threads have an odd status. There's still a chance
that there will be a race-condition between when I call Thread.list and
I ask for each Thread's status that the VM could finish aborting a
Thread so that status I print isn't the same as the one that caused the
Thread to be returned in Thread.list.
2014-11-17 09:30:46 -06:00
Luke Imhoff
ba836f2383
Only calculate thread UUIDs if they are needed
...
MSP-11147
Only calculate thread UUIDs if the thread count exceeds
EXPECTED_THREAD_COUNT_AROUND_SUITE.
2014-11-17 09:17:44 -06:00
Luke Imhoff
ceb7a63a5c
Merge branch 'master' into feature/MSP-11147/thread-leak-detection
...
MSP-11147
2014-11-14 18:20:55 -06:00
Trevor Rosen
3b558624f3
Merge branch 'landing/4129' into upstream-master
...
Landing #4129
* Detect leaked constants in spec runs
2014-11-14 12:55:56 -06:00
Luke Imhoff
14fa1dba0b
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
...
MSP-11605
2014-11-14 11:58:16 -06:00
Luke Imhoff
d9a25005a6
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider
...
MSP-11605
`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`. In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
2014-11-13 14:08:26 -06:00
Luke Imhoff
b17b263cc7
Ignore debugger threads
...
MSP-11147
When using the debugger, it adds a thread that should be allowed and not
go towards the count.
2014-11-13 09:49:08 -06:00
Luke Imhoff
535f69b56d
Append to RUBYOPT for debugger compatibility
...
MSP-11147
When using Rubymine's debugger, the tests would run and say there were
no tests and no break points would be hit. It was determined that this
was due the Rubymine's debugger injecting itself into RUBYOPTS and only
working if it's first in RUBYOPT, which means that
'metasploit:framework:spec:threads:suite' must inject '-Ilib
-rmetasploit/framework/spec/threads/logger' at the end of RUBOPT instead
of the beginning.
2014-11-13 09:19:07 -06:00
Luke Imhoff
69043d51e0
Merge branch 'master' into feature/MSP-11147/thread-leak-detection
...
MSP-11147
2014-11-12 12:34:25 -06:00
HD Moore
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Luke Imhoff
8416985c9d
Give Threads UUIDs for spec run so caller can be correlated
...
Have 'metasploit/framework/spec/threads/suite/logger' generate a UUID
for each Thread. This UUID is printed on the "BEGIN Thread.new caller"
line and is assigned as a thread-local variable,
'metasploit/framework/spec/threads/logger/uuid'. In `after(:suite)`,
the log can be parsed to map the caller back to each UUID and then only
the UUID of the still existing threads is used to look up the caller and
print their stacktraces. This means only leaked threads callers will be
printed.
2014-11-06 14:05:35 -06:00
Luke Imhoff
8f635a1d76
Remove empty define_task
...
MSP-11147
2014-11-06 09:11:31 -06:00
Luke Imhoff
8855e0731c
Fix multiline string indentation
...
MSP-11147
2014-11-06 09:11:12 -06:00
Luke Imhoff
8d06189a19
Tell use to run with `rake spec` to see Thread.new caller
...
MSP-11147
If the log isn't available, tell the user to rerun with `rake spec`
instead of printing nothing after the `:\n`, which looks incomplete.
2014-11-06 09:10:04 -06:00
Luke Imhoff
c1f1222783
Check that threads/suite.log exists before reading
...
MSP-11147
Even with leaked threads, there may be no log if the suite is run
without `rake spec`, such as when `rspec` is used directly to run a
subset of specs.
2014-11-06 09:07:11 -06:00
Luke Imhoff
d66c98b34d
Remove prior log/metasploit/framework/spec/threads/suite.log
...
MSP-11147
2014-11-05 15:51:43 -06:00
Luke Imhoff
d4d710cc3a
Merge branch 'feature/MSP-11130/metasploit-framework-spec-constants' into feature/MSP-11147/thread-leak-detection
...
MSP-11147
Merge to get framework instance cleanup, which should clean up a lot of
thread leaks too.
Conflicts:
Rakefile
lib/metasploit/framework/spec.rb
spec/spec_helper.rb
2014-11-05 15:47:59 -06:00
Luke Imhoff
097aa330e1
Log caller for each Thread.new for `rake spec`
...
MSP-11147
2014-11-05 15:34:35 -06:00
Luke Imhoff
96990fdc02
Fail before suite if more than 1 thread exists
...
MSP-11147
Detect thread leaks in a `before(:suite)` configured by
`Metasploit::Framework::Spec::Threads::Suite.configure!` and fail if any
leaks are found.
2014-11-05 14:38:43 -06:00
Luke Imhoff
3093ba8394
Explicitly require 'metasploit/credential' and 'metasploit_data_models'
...
By putting the db group into the metasploit-framework-db.gemspec,
bundler no longer automatically required 'metasploit/credential' and
'metasploit_data_models' because gems, such as metasploit-framework-db,
are expected to explictly require their dependencies.
2014-11-05 09:25:50 -06:00
Luke Imhoff
9f573e2d8d
Revert "Add .log extension to metasploit/framework/spec/constants/suite log"
...
MSP-11130
This reverts commit 4f986c4a48
.
Extension wasn't there because it was a directory name and a log file
name.
2014-11-04 14:03:54 -06:00
Luke Imhoff
dee02fc85b
Automatically clear previous log/metasploit/framework/spec/constants/each.log
...
MSP-11130
Have a task, 'metasploit:framework:spec:constants:each:clean' run before
`rake spec` that removes the previous
`log/metasploit/framework/spec/constants/each.log` so that the user doesn't
have to manually remove the load when removing
`Metasploit::Framework::Spec::Constants::Each.configure!` from
`spec/spec_helper.rb`.
2014-11-04 13:58:13 -06:00
Luke Imhoff
313d86982c
Log Spec::Constants::Each error instead of flag.
...
MSP-11130
Instead of writing `1` to the file and then printing a verbose message
in the spec task action, log the verbose message and just print the log
in the spec task action, so other tools can just look at the log when
not using `rake spec`.
NOTE: Failing specs due to unnecessary
`Metasploit::Framework::Spec::Constants::Each.configure!`
2014-11-04 13:36:52 -06:00
Luke Imhoff
1d09fa677e
log/remove-cleaner -> log/metasploit/framework/spec/constants/each.log
...
MSP-11130
Rename log file to match naming scheme for
Metasploit::Framework::Spec::Constants::Suite.
2014-11-04 13:21:47 -06:00
Luke Imhoff
4f986c4a48
Add .log extension to metasploit/framework/spec/constants/suite log
...
MSP-11130
2014-11-04 13:20:10 -06:00
Luke Imhoff
7cb0954a6e
Add manual removal of `log/remove-cleaner` to Each removal
...
MSP-11130
When removing `Metasploit::Framework::Spec::Constants::Each.configure`
from spec/spec_helper.rb,
`Metasploit::Framework::Spec::Constants::Each.define_task` will see the
`log/remove-cleaner` from the last run unless it is manually removed.
2014-11-04 10:10:28 -06:00
Luke Imhoff
b0f1b2a1f7
Merge branch 'master' into feature/MSP-11130/metasploit-framework-spec-constants
...
MSP-11130
Conflicts:
Rakefile
2014-11-04 10:10:12 -06:00
Luke Imhoff
325c01e45d
Log constants leaked before and after suite
...
MSP-11130
Some constants can be leaked before suite if module are loaded during
spec loading, such as if a framework instance in made in the context
body of a spec instead of in a before callback.
2014-10-30 14:04:07 -05:00
Luke Imhoff
ae0a98785f
Print when Metasploit::Framework::Spec::Constants::Each before(:each) cleans
...
MSP-11130
Print to stderr the full description of the example when
`Metasploit::Framework::Spec::Constants.configure!`'s `before(:each)`
cleans constants as it may clean constants that are leaked from the
class level at parse time.
2014-10-30 12:34:55 -05:00
Luke Imhoff
c8e4745d6d
Fail `rake spec` if leak tracking unnecessary
...
MSP-11130
Fail `rake spec` if
`Metasploit::Framework::Spec::Constants::Each.configure!`'s
`before(:each)` does not clean all leaked constants and if should be
removed so that it does not interefore with future specs.
2014-10-30 09:37:17 -05:00
Luke Imhoff
c2bd75b587
Clean up leaked constants
...
MSP-11130
2014-10-29 15:50:47 -05:00
Luke Imhoff
892aeaf727
Metasploit::Framework::Spec::Constants cleaner
...
MSP-11130
Shared context will calls `Metasploit::Framework::Spec::Constants.clean
after each example.
2014-10-29 11:31:17 -05:00
Luke Imhoff
0d4b22ce7a
Detect constant leaks in individual examples
...
MSP-11130
`Metasploit::Framework::Spec::Constants::Each.configure!` will set up an
`after(:each)` callback that will fail the example if there are leaked
constants. Leaked constants are cleaned up to prevent misattribution.
2014-10-28 15:50:24 -05:00
Luke Imhoff
f9b1f2a424
Extract Metasploit::Framework::Spec::Constants::Suite
...
MSP-11130
`Metasploit::Framework::Spec::Constants::Suite` extracts out
`LOG_PATHNAME`, `configure!`, and `define_task` as those piece are
specific to handling constant leaks for the entire suite. This is in
preparation for `Metasploit::Framework::Spec::Constants::Each`.
2014-10-28 15:07:32 -05:00
Luke Imhoff
3ec9cf54c9
Filter non-loaded-module constants from leaked constants
...
MSP-11130
Constants from library Modules or Classes should not be reported as
leaked since they have been required and should be persistent between
spec runs.
2014-10-28 14:05:27 -05:00
Luke Imhoff
1a1f3335b8
Extract Metasploit::Framework::Spec::Constants.full_name
...
MSP-11130
Extract method to convert child constant names to module full names so
it can be reused 'Metasploit::Framework::Spec::Constants tracker' shared
context.
2014-10-28 13:53:48 -05:00
Luke Imhoff
a0a9c2140b
Log leaked constants and fail rake spec on leak
...
MSP-11130
Instead of printing the leaked constants to stderr, log them to
`log/leaked-constants.log`. In task action for spec, read
`log/leaked-constants.log`. If it exists, print each leaked constants
(and it appropriate it's module full name) and then exit with 1. If the
file does not exist, do nothing.
2014-10-28 11:21:35 -05:00
Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
Luke Imhoff
c84febea5f
tools/missing-payload-tests.rb
...
MSP-11145
**NOTE: Failing specs**
Add a tool for reading `log/untested-payload.log` and
`framework.payloads` to determine `context`s to add
`spec/modules/payloads_spec.rb` to test the untested payloads.
2014-10-27 13:03:31 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Jon Hart
765b5e686c
Use configured method and URI rather than duplicated values
2014-10-27 09:56:39 -07:00
Luke Imhoff
605f48e58d
Detect leaked constants under Msf::Modules
...
MSP-11130
Detect constants leaked under Msf::Modules after the suite completes.
2014-10-27 11:13:43 -05:00
nstarke
44f7db4798
Refactoring Success Case
...
I have refactored the code so that it will work with
non-root accounts.
2014-10-25 13:31:36 +00:00
Luke Imhoff
48d6880f1d
Add docs for untested payload testing
...
MSP-11145
Add docs to rake task, shared examples, and share contexts for how to
use all 3 together.
2014-10-23 11:17:05 -05:00
Luke Imhoff
f827a1c761
Extract untested-payloads.log checker spec task action
...
MSP-11145
Extract the spec task action which errored out if
`log/untested-payloads.log` exists to
`Metasploit::Framework::Spec::UntestedPayloads.define_task`.
2014-10-23 10:24:33 -05:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
James Lee
a5a84886ee
Make sure vnc closes the socket
2014-10-22 15:53:05 -05:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
James Lee
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
James Lee
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee
83b1d270cd
Fix ftp and mssql
2014-10-21 11:09:39 -05:00
James Lee
8b2dcac730
Fix telnet
2014-10-21 11:08:41 -05:00
James Lee
2fcb1004fb
Move tcp options to Tcp::Client out of RexSocket
2014-10-21 09:59:26 -05:00
James Lee
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
James Lee
cb9a77c06b
Fix NoMethodError when unable to connect
...
Derp.
2014-10-21 08:58:45 -05:00
James Lee
6f3b26f5e9
Remove tcp evasions from Http
...
Can't use 'em anyway
2014-10-21 08:27:29 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
James Lee
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
James Lee
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
Tod Beardsley
a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/
2014-10-17 13:13:44 -05:00
Tod Beardsley
5978bd5e62
Control the startup msg with -q, too
2014-10-17 12:41:58 -05:00
Tod Beardsley
a45b21b6bf
-q will quiet the animation, too
2014-10-17 12:32:28 -05:00
James Lee
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
Tod Beardsley
e010d70913
No need for that bool option
2014-10-14 14:59:57 -05:00
Tod Beardsley
bf0a5d038e
Add an animation to comfort the user
...
Sometimes msfconsole takes a little while to start.
This adds a fairly common ASCII spinner to the startup sequence.
I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.
That said, it works for me.
2014-10-14 14:54:45 -05:00
nstarke
f8d6af6d4e
Rescuing from JSON Parse
...
Previous code was not using any sort of exception handling
for parsing the response body. I have added a rescue block
for JSON errors to remedy this problem.
2014-10-10 12:41:11 +00:00
nstarke
472985a8a8
Adding Buffalo Linkstation NAS Login Scanner
...
I have added a login scanner for the Buffalo Linkstation
NAS. I have been testing against version 1.68 of the
firmware. Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
nstarke
eed0958de5
Fixing Comment
...
Comment was incorrect and needed to be fixed.
2014-10-07 11:28:40 -05:00
nstarke
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
Matt Buck
0bb4eac259
Rename the method for optional requires
...
MSP-11412
2014-10-03 14:06:13 -05:00
Matt Buck
88cbf22ef0
Optionally require mdm, as well
...
MSP-11412
2014-10-03 13:49:39 -05:00
Matt Buck
dabec92e61
Ensure require of metasploit/credential/engine is optional
2014-10-02 14:46:56 -05:00
Matt Buck
7ed1977d0b
Specific require all metasploit gem dependencies' engines
...
MSP-11412
2014-10-02 14:20:10 -05:00
sinn3r
7163b8c55a
Fixes #3915 - NoMethodError private method `rhost'
...
There's no self.rhost, but rhost is defined
2014-09-30 11:34:16 -05:00
David Maloney
5ff4a55cd2
smb connection error not setting result properly
...
if the initial connection from the SMB LoginScanner fails
it wouldn't set the target information on the result. this could cause
smb_login to throw a stack trace when it calls invalidate_login
2014-09-16 15:24:14 -05:00
David Maloney
e5aa5c4014
missing postgres rescues
2014-09-16 15:04:07 -05:00
sinn3r
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner)
2014-09-16 14:51:24 -05:00
David Maloney
aeed66b694
missing mysql rescue
2014-09-16 13:41:03 -05:00
David Maloney
d708de07a3
return the lgoinscanner class name in an invalid exception
...
when a loginScanner throws an Invalid exception , the message
will now include the classname of the Scanner that threw it.
2014-09-16 13:24:08 -05:00
David Maloney
6decd3cbd2
fix exceptions thrown in telnet loginscanner too
2014-09-16 10:09:59 -05:00
David Maloney
bf8f7221c7
rescue exceptions in check_setup
2014-09-15 13:52:17 -05:00
jvazquez-r7
7d4c4c3658
Land #3699 , @dmaloney-r7's ipboard login refactor
2014-09-15 08:29:42 -05:00
jvazquez-r7
917a7ffa1e
Add specs for valid IPBoard application
2014-09-12 16:08:03 -05:00
Cucumber
b80519dc16
Lands #3779 , specs
...
MSP-11343
Merge specs that I missed during last merge.
2014-09-12 14:49:26 -05:00
jvazquez-r7
0d054d8354
Update with master changes
2014-09-12 09:52:32 -05:00
jvazquez-r7
b8d31891f8
Clean YARD documentation
2014-09-12 09:32:32 -05:00
Joe Vennix
55519d8867
Land #3781 , my addition of Metasploit::Concern to msf.
2014-09-11 16:57:24 -05:00
Luke Imhoff
706655f755
Land #3779 , Glassfish LoginScanner exception
...
MSP-11343
2014-09-11 15:57:47 -05:00
Joe Vennix
8654b63c58
Make sure Metasploit::Concern is accessible everywhere.
2014-09-11 14:46:35 -05:00
David Maloney
0663355237
catch connectionreset in ftp login scanner
...
add exception rescue for Errno::ECONNRESET
2014-09-11 14:39:36 -05:00
James Lee
a8e3ff0c0f
Add specs to verify server header matching
2014-09-11 11:42:38 -05:00
James Lee
9151c2c79d
Add docstrings and avoid multiple returns
2014-09-11 10:50:42 -05:00
James Lee
20e48a233a
Explicitly set @version to nil if we can't detect
2014-09-11 10:30:52 -05:00
Cenk Kalpakoğlu
11004ab7c6
typo fix
2014-09-11 16:27:35 +03:00
James Lee
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
James Lee
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
James Lee
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
David Maloney
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
David Maloney
b84142715f
rescue mysql host blocked
...
rbmysql can throw an exception if the
server blocked this host due to too many connection errors
2014-09-08 12:45:10 -05:00
jvazquez-r7
10bb77af9f
Land #3716 , @wchen-r7's Glassfish LoginScanner update
2014-09-07 21:54:34 -05:00
jvazquez-r7
768b50974f
Redo try_glassfish_3 specs
2014-09-07 21:04:43 -05:00
jvazquez-r7
07238ef7b3
Redo try_glassfish_2 specs
2014-09-07 20:47:54 -05:00
sinn3r
6df7658267
Very small change to the doc
2014-09-06 01:54:52 -05:00
jvazquez-r7
78cf75c4d5
Clean YARD documentation
2014-09-06 00:24:39 -05:00
sinn3r
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
David Maloney
28427ccee3
add VHOST and useragent support to loginscanner
2014-09-04 10:59:07 -05:00
sinn3r
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
sinn3r
61e58dc6d3
Yard doc
2014-09-02 20:48:07 -05:00
sinn3r
954475c0bf
Add rspec and update about secure admin
2014-09-02 20:35:25 -05:00
David Maloney
928aeffcba
add wordpress_rpc loginscanner and specs
2014-08-29 13:06:12 -05:00
Samuel Huckins
fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides'
...
MSP-11153 #land
2014-08-28 17:12:37 -05:00
Luke Imhoff
20177c7c23
Restore backup database.yml when retesting after interrupt
...
MSP-11153
Restore the config/database.yml backed up to
config/database.yml.cucumber.bak in the db:config:restore task, which is
made a dependency of the environment rake task so that
config/database.yml is restored before Rails tries to use it in the
environment task. This specifically, allows for rake cucumber to be
interrupted when the config/database.yml has been moved to
config/database.yml.cucumber.bak and a subsequence rake cucumber to
succeed and restore config/database.yml, but any task that depends on
environment will restore the config/database.yml.
2014-08-28 15:20:53 -05:00
sinn3r
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
sinn3r
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
Luke Imhoff
275fa5cb50
Remove unnecessary return
...
MSP-11153
Leftover from earlier design.
2014-08-27 16:58:45 -05:00
Luke Imhoff
83b6f268b4
Remove unnecessary realpath
...
MSP-11153
Causes errors on machines that don't have ~/.msf4 like travis-ci.
2014-08-27 16:58:05 -05:00
sinn3r
df215a380d
Do not send 2 content-length headers
2014-08-27 16:05:08 -05:00
sinn3r
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
Luke Imhoff
951ce15b44
Move database.yml selection to Metasploit::Framework::Database
...
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
sinn3r
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
Tom Sellers
4a1b037af0
Remaining files..
2014-08-26 18:15:58 -05:00
David Maloney
c42517a14a
missing exception rescue
...
needed to also rescue Errno::ETIMEDOUT
2014-08-26 13:58:34 -05:00
David Maloney
32b1a5ea23
add ipboard loginscanner
...
add loginscanner class for IPBoard with specs
this should replicate the functionality originally written
by Chris Truncer, but move it into a testable, reusable class
2014-08-25 13:58:30 -05:00
Joe Vennix
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
James Lee
c3e8bc8fa0
Fix a crash when we can't connect to PG, again
2014-08-20 11:02:46 -05:00
James Lee
fa27def41f
Revert "Fix a crash when we can't connect to PG"
...
This reverts commit b6deb6a342
.
2014-08-20 11:01:29 -05:00
James Lee
b6deb6a342
Fix a crash when we can't connect to PG
...
MSP-11061
No Postgres, no cry
2014-08-19 15:30:24 -05:00
David Maloney
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
...
Conflicts:
Gemfile.lock
lib/metasploit/framework/command/console.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/credential.rb
lib/metasploit/framework/credential_collection.rb
lib/metasploit/framework/login_scanner/afp.rb
lib/metasploit/framework/login_scanner/axis2.rb
lib/metasploit/framework/login_scanner/db2.rb
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/http.rb
lib/metasploit/framework/login_scanner/mssql.rb
lib/metasploit/framework/login_scanner/mysql.rb
lib/metasploit/framework/login_scanner/pop3.rb
lib/metasploit/framework/login_scanner/postgres.rb
lib/metasploit/framework/login_scanner/result.rb
lib/metasploit/framework/login_scanner/smb.rb
lib/metasploit/framework/login_scanner/snmp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/telnet.rb
lib/metasploit/framework/login_scanner/vnc.rb
lib/metasploit/framework/parsed_options/console.rb
lib/metasploit/framework/require.rb
lib/metasploit/framework/version.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/afp/afp_login.rb
modules/auxiliary/scanner/db2/db2_auth.rb
modules/auxiliary/scanner/ftp/ftp_login.rb
modules/auxiliary/scanner/http/axis_login.rb
modules/auxiliary/scanner/http/http_login.rb
modules/auxiliary/scanner/http/tomcat_mgr_login.rb
modules/auxiliary/scanner/mssql/mssql_login.rb
modules/auxiliary/scanner/mysql/mysql_login.rb
modules/auxiliary/scanner/pop3/pop3_login.rb
modules/auxiliary/scanner/postgres/postgres_login.rb
modules/auxiliary/scanner/snmp/snmp_login.rb
modules/auxiliary/scanner/ssh/ssh_login.rb
modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
modules/auxiliary/scanner/telnet/telnet_login.rb
modules/auxiliary/scanner/vnc/vnc_login.rb
modules/auxiliary/scanner/winrm/winrm_login.rb
spec/lib/metasploit/framework/credential_spec.rb
spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
James Lee
b9e449f5e2
Fix crash when database.yml doesn't exist
2014-08-18 12:40:57 -05:00
Samuel Huckins
82760bf5b3
Deprecation warnings hidden for non-listeners
2014-08-15 12:33:44 -05:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
David Maloney
84374fe92c
Merge branch 'staging/electro-release' into bug/MSP-11050/rails_root
2014-08-12 13:54:38 -05:00
David Maloney
12f1234296
always set our rails root to our root
...
this works fine when calling any framework binaries
from their path as CWD. if you call tehm from another path
you will get an incorrect root which can cause certain things to load
incorrectly
Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-08-12 13:53:28 -05:00
David Maloney
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry
2014-08-12 11:22:51 -05:00
Luke Imhoff
e051272a20
Fix typo
...
MSP-11046
`ActiveSupport::OrderedOptions` automatically create an attribute for
any missing keys, so when `options.console.resource` was used it would
return `nil` instead of the erroring. The correct option name was
`options.console.resources` (note the pluralization).
2014-08-12 10:49:35 -05:00
Luke Imhoff
9096a8a1f5
Remove Msf::Framework::VersionAPI
...
MSP-10998
It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
Luke Imhoff
22db5aad8a
Remove Msf::Framework::VersionCore
...
MSP-10998
It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
darkbushido
ceaffce727
Merge branch 'pr/3593' into staging/electro-release
2014-08-01 16:01:10 -05:00
David Maloney
ab7111120b
and all the rest
...
finally!
2014-08-01 14:54:18 -05:00
David Maloney
4821851ae4
telnet and ssh next
2014-08-01 14:47:08 -05:00
David Maloney
12902b0a6d
the refactor continues!
2014-08-01 14:41:03 -05:00
David Maloney
b74813b9a1
mysql and pop3 now
2014-08-01 14:30:33 -05:00
David Maloney
2e7738c788
http and mssql now
2014-08-01 14:22:58 -05:00
dmaloney-r7
e6a0e079b6
Merge pull request #3596 from darkbushido/bug/MSP-10937/adding-parent-to-cores-to-credential
...
.to_credential now assigns a parent
2014-08-01 13:13:48 -05:00
David Maloney
33f73a8af7
refactor db2
2014-08-01 13:00:27 -05:00
David Maloney
439b893fea
refactor axislogin
2014-08-01 12:30:16 -05:00
David Maloney
0fffb179fa
refactor afp_login
2014-08-01 12:10:52 -05:00
David Maloney
db345fcb58
make credential_collection always set private_type
2014-08-01 11:57:35 -05:00
David Maloney
a380646667
start refactoring ftp loginscanner
2014-08-01 11:47:13 -05:00
David Maloney
320f032dfe
add to_h to result
2014-08-01 11:46:43 -05:00
David Maloney
dbde046f44
use to_h instead of to_hash
...
apparently ruby 2 adds this as a standard method so
we should stay compliant
2014-08-01 09:45:51 -05:00
David Maloney
0e65792f43
Merge branch 'staging/electro-release' into feature/loginscanner-report-dry
2014-08-01 09:41:30 -05:00