540af3e5ae
Move tools
2015-10-05 22:49:54 -05:00
5a7ac8c29a
Land #6030 , @wchen-r7's Microsoft Patch Finder
2015-10-02 13:33:27 -05:00
c4bba0269c
Change print_debug
2015-10-02 12:48:12 -05:00
f97cd97fa5
Update documentation
2015-10-02 12:45:17 -05:00
e226526dee
Update help
2015-10-02 12:37:01 -05:00
69f3d88ea6
Ensure uniq on #find_msb_numbers
2015-10-02 11:38:36 -05:00
b107213a6e
Update documentation / TODO
2015-10-02 11:37:43 -05:00
507f778056
Do some code reorganization with @wchen-r7
2015-10-02 11:35:06 -05:00
d551f421f8
Land #5799 , refactor WinSCP module and library code to be more useful and flexible
2015-10-01 14:35:10 -05:00
418374b4b2
Regex -q
2015-10-01 10:21:31 -05:00
dc3f1c84ed
Update help
2015-10-01 01:01:02 -05:00
0d7d6376c2
Follow the Google API limit
2015-10-01 00:54:15 -05:00
4c1678ef5c
I don't need i
2015-09-30 23:01:23 -05:00
e2098822eb
Update msu_finder and rspec
2015-09-30 23:00:46 -05:00
bc1be7f213
some progress with rspec
2015-09-29 17:20:30 -05:00
8f1999e227
Add dev tool MSFT MSU finder (msu_finder.rb)
...
You can use this tool to find MSFT patches. Please see -h for more
information.
2015-09-28 18:44:31 -05:00
939999f43c
Check \
2015-09-16 13:43:11 -05:00
eb018f3d29
No 7zip
2015-09-12 03:07:15 -05:00
5480886927
Do absolute path
2015-09-09 22:00:35 -05:00
ab1d61d80b
Add MSU extractor
...
If you do patch test/analysis/diffing, you might find this tool
handy. This tool will automatically extract all the *.msu files,
and then you can search for the patched files you're looking for
quickly.
The workflow would be something like this:
1. You download the patches from:
http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard
2. You put all the *.msu files in one directory.
3. Run this tool: extract_msu.bat [path to *.msu files]
4. The tool should extract the updates. After it's done, you can
use Windows to search for the file(s) you're looking for.
2015-09-09 21:34:07 -05:00
1aa7c596ce
Land #5967 , add PACKETSTORM reference types.
2015-09-01 23:25:26 -05:00
77f56c563b
Land #5867 , add PACKETSTORM reference types
2015-09-01 23:25:01 -05:00
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
eb47973533
Check debug.keystore
2015-08-24 15:08:45 -05:00
8825db5c98
Add MSF APK installer
...
You can use this script to install your msf apk to your android
emulator.
2015-08-22 21:53:04 -05:00
495ca55a7b
Added PacketStorm (PKT) for verification by msftidy
2015-08-20 00:41:55 -03:00
496e47a094
Added PacketStorm (PKT) in module_reference tool
2015-08-20 00:39:11 -03:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
422bba87d3
style fixes, moved google_geolocate to google/geolocate
2015-08-15 19:49:32 -05:00
3aab9aa74c
move BSSID checker to tools, fixup rubocop warnings, add OS X example
2015-08-14 17:13:11 -05:00
6b1e911041
Instantiate payload modules so parameter validation occurs
...
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
77f96769da
Update msftidy.
2015-07-30 01:33:48 -03:00
a687e71832
Added check for the WPVDB in msftidy.
2015-07-30 01:22:48 -03:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
ae73cd3c6c
Add a bash script to import dev keys
...
This merely makes it easy and fun to import all developer keys used over
the past year to your local GPG keychain. This will make the task of
reviewing merge commits for signedness much easier, especially if you
use a nicelog alias such as this one:
https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40
This does not handle automating checking for signatures as part of
Travis-CI -- for that, see PR #5337 , a work in progress.
2015-05-13 10:29:55 -05:00
46b678e9d2
Add msftidy check for datastore option DEBUG usage
2015-04-21 12:22:24 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
292087c849
Add check for modules registering a DEBUG option
2015-04-21 11:56:41 -05:00
88ed8406d1
Add check for (v)print_debug to msftidy
2015-04-21 11:27:22 -05:00
832487cad7
Consolidate on one check and fix false positives
2015-04-16 18:01:28 -05:00
40f6b086c2
fix regex
2015-04-16 21:51:31 +02:00
0815791fee
fix regex
2015-04-16 21:48:16 +02:00
af277195f5
check for valid values
2015-04-16 21:43:47 +02:00
4469fcd9e8
add fail_with error
2015-04-16 20:04:08 +02:00
72b9647b31
Land #5057 , CVE fixups
2015-04-03 16:36:11 -05:00
a333632a69
Add standalone tool for jsobfu
2015-04-03 11:30:23 -05:00
df0398f958
Update msftidy for the new CVE format
...
https://cve.mitre.org/cve/identifiers/syntaxchange.html
2015-03-31 22:15:33 -05:00
376bf13f1e
Land #5000 , tools/dev/add_pr_fetch.rb
2015-03-24 17:10:49 -05:00
aa1a3580b8
chmod +x tools/dev/set_binary_encoding.rb
...
Missed in #4875 .
2015-03-24 17:10:31 -05:00
d3773aed55
Rename add-pr-remote.rb to add_pr_fetch.rb
2015-03-24 17:05:43 -05:00
3dec83c1df
Utility for adding PR fetch refs
2015-03-24 10:20:34 -05:00
1910a6c6c5
Correct filename for missing-payload-tests.rb
...
missing-payload-tests.rb is not the correct file format we follow,
it should be missing_payload_tests.rb
2015-03-24 00:50:09 -05:00
71c544c3c5
added newline at end of file
2015-03-24 06:19:27 +01:00
315948e403
Extra newline
2015-03-21 13:49:50 -05:00
848dc07020
var name needs a default
2015-03-21 12:20:29 -05:00
f45e8f49eb
Custom var name
2015-03-21 12:18:02 -05:00
2be5ae3bab
Fix bugs
2015-03-21 12:14:00 -05:00
0ff114bcd6
use #!/usr/bin/env ruby
2015-03-20 23:48:13 -05:00
e09f9ca0bc
Provide an example
2015-03-20 20:55:30 -05:00
96bcdd211c
Finished rspec
2015-03-20 20:53:04 -05:00
487ddfc09c
no need for Interrupt
2015-03-20 16:39:00 -05:00
582bfdad64
explain arch
2015-03-20 16:37:42 -05:00
9ecfd36d9e
comments
2015-03-20 16:34:58 -05:00
79a6f1cd09
fix option bug
2015-03-20 16:33:19 -05:00
6da216f3a4
More options
2015-03-20 16:30:29 -05:00
af8f645d1c
This starts to work
2015-03-20 16:15:43 -05:00
fe267fb5a6
Here's a starting point
2015-03-20 14:15:14 -05:00
db56fcb1b8
update tools/missing-payload-tests to give correct advice
...
The template spec for new payloads needed updating to match the new cached
payload size spec.
2015-03-16 18:10:10 -05:00
cd992d5ea6
Land #4875 , rm some old and crufty tools
2015-03-10 00:02:04 -05:00
ab70223107
Remove note about resplat.rb in msftidy
2015-03-10 00:00:29 -05:00
99e2b05597
Move the cache update logic into a utility class
2015-03-09 15:29:58 -05:00
8c635243d3
Fix whitespace in the regex, implements Msf::Payload.dynamic_size?
2015-03-09 13:15:06 -05:00
2e49791bef
This implements payload size caching, speeding up framework loads
2015-03-07 20:44:19 -06:00
0353602829
Add back set_binary_encoding.rb
...
[See #4875 ]
2015-03-05 12:05:05 -06:00
4ad9638682
Remove some old and crufty /tools
...
It's possible someone still wants the Webscarab stand-alone importer,
but I cannot imagine that after years of bitrot that is even viable in
its current state.
The rest of them are all older development tools that are no longer
needed (normal vim/rubymine auto-formatting will do the trick).
2015-03-04 16:46:40 -06:00
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
c73892b721
Nuke datastore modification check from orbit
2015-02-11 12:46:40 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
c8a687db7f
Fix false positive in cookie check
2015-02-09 17:23:59 -06:00
4ed3ffa0ed
Fix false positive in snake case check
2015-02-09 16:30:19 -06:00
e62f44cc1a
Fix false negative in comment check
...
Adds anchor to regex.
2015-02-09 14:58:02 -06:00
2c7777f831
Land #4601 , @wchen-r7's tool to lookup md5 hashes
2015-01-30 19:04:34 -06:00
4316c379eb
Use unless instead of if not
2015-01-30 19:01:49 -06:00
6269974bab
Drop psuedo-legalese, just give practical warning
2015-01-26 13:15:23 -06:00
6c2e8a16ce
Change warning
2015-01-23 22:50:39 -06:00
2d9b1dbc22
Fix typos
2015-01-23 22:31:37 -06:00
ff0af805e3
Add a warning before use
2015-01-23 22:26:41 -06:00
37bf66b994
Install instaget with Rex::Java::Serialization
2015-01-22 16:54:49 -06:00
5c413a8102
Add support to print objects, arrays and classes details
2015-01-22 14:50:12 -06:00
1d6524b4d9
Revert #4593 , msftidy extraneous comma check
...
Fixes #4626 by ignoring the problem identified.
This reverts commit 7c3378b2e6cb0257bec7
2015-01-22 14:28:27 -06:00
cf7555447c
Land #4621 , msftidy whitelist constant
...
Now I'm happy... almost.
2015-01-21 14:03:39 -06:00
bbe9fc208e
Update formatting (80 columns)
...
Piped to fmt -78 to account for the indent.
2015-01-21 14:01:44 -06:00
264adf14d1
Add 'tnftp' software to the title whitelist
2015-01-21 11:52:39 -06:00
efebaae251
Make the title whitelist a constant
2015-01-21 11:50:50 -06:00
7c3378b2e6
Land #4593 , msftidy extraneous comma check
2015-01-18 00:46:39 -06:00
bff66ade60
Actually, not necessary. Already checked.
2015-01-17 02:28:56 -06:00
45b33bb82f
Handle should be checked
2015-01-17 02:27:14 -06:00
3d93bc06e8
rspec progress
2015-01-16 18:25:54 -06:00
596e956660
some changed
2015-01-16 17:53:06 +01:00
64b6c4a0b5
I think unless is preferred
2015-01-16 01:33:09 -06:00
058ef1f167
Uh, what?
2015-01-16 01:15:58 -06:00
05458ec81f
I should be done with md5_lookup.rb now
2015-01-16 01:13:37 -06:00
87ab27e9d2
Ugh, typo -_-
2015-01-15 21:52:15 -06:00
7b2458c491
Filter out whitespace
2015-01-15 21:51:58 -06:00
36f8fda0b1
Leave contact info
2015-01-15 21:04:12 -06:00
95895a5969
Small update
2015-01-15 21:00:52 -06:00
754d303f66
Some more doc
2015-01-15 20:59:47 -06:00
1d79a9de20
This is the working version
2015-01-15 20:51:27 -06:00
3237dd8591
add comma check to msftidy
2015-01-16 00:13:55 +01:00
6ae66315bd
Block based is safer
2015-01-15 16:05:35 -06:00
35c808d70f
Progress
2015-01-15 15:13:03 -06:00
c3bb02081b
I should be done w/ arg parsing now
2015-01-15 12:18:50 -06:00
fd850d6af6
Argument parsing
2015-01-15 12:03:52 -06:00
d5330bb4a7
Gotta move on to something else right quick, brb
...
stash
2015-01-14 23:34:47 -06:00
18a27d1752
Initial commit of the md5_lookup script (as a standalone tool)
...
Resolve #4399
2015-01-14 13:53:15 -06:00
56c1f74d70
modify msftidy regex
2015-01-09 22:07:21 +01:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
00590f9f26
Adds Java serialization support, lands #4327
2014-12-13 17:47:53 -06:00
9bf55ef8f4
Minor improvements to datastore and http// checks in msftidy
2014-12-11 18:36:42 -08:00
be1440bcb9
more msftidy checks
2014-12-11 23:10:07 +01:00
564da4446e
Add print friendly to_s
2014-12-07 17:52:09 -06:00
ff99669cfa
Explain better error
2014-12-05 20:30:22 -06:00
b80f6c34c0
Add tool to deserialize streams from files
2014-12-04 12:47:02 -06:00
eefeb452b1
Fix two typos for payload specs
2014-11-18 08:50:06 -05:00
8da6e0bd5b
Fix bugs
2014-11-05 15:26:00 -06:00
5b8d9e1221
Fix typo
2014-11-05 15:14:35 -06:00
98f5ebd475
Only show bad refs when using -c
2014-11-05 15:07:40 -06:00
3310342a95
Add save-as feature
...
The tool produces A LOT OF results so it's really painful to manually
copy and paste and to be able to use the data. So it should automatically
save.
Tagging the issue here because I forgot to do it:
Fix #4039
2014-11-05 10:58:41 -06:00
f34ad57199
Check module references
2014-11-05 09:57:13 -06:00
c84febea5f
tools/missing-payload-tests.rb
...
MSP-11145
**NOTE: Failing specs**
Add a tool for reading `log/untested-payload.log` and
`framework.payloads` to determine `context`s to add
`spec/modules/payloads_spec.rb` to test the untested payloads.
2014-10-27 13:03:31 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
b863978028
Remove fastlib
...
MSP-11368
MSP-11143
Remove fastlib as it slows down the code loading process. From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10). The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10). This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
48e098b172
Remove WVE references from msftidy
2014-09-05 19:28:27 -05:00
c045c9606c
Fix typo in PR #3712
...
Fixes the typo pointed out in
rapid7#3712#discussion_r16750554
Derp
2014-08-26 20:36:28 -05:00
073c668cd8
Merge pull request #12 from todb-r7/commit-hooks-should-only-check-modules
...
Land 12 from todb, only pre-commit-hook on actual modules
2014-08-26 16:47:23 -05:00
dbdb4afb8c
Add a top anchor to the file match regex.
2014-08-26 16:19:29 -05:00
622e8a7714
adds better exploit module detection to msftidy
2014-08-26 15:30:08 -05:00
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
47cb906408
Remove rubocop and msftidy touchpoints
...
Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.
While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).
2014-08-12 10:37:58 -05:00
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
17b0560dff
Add rubygems check to msftidy. remove rubygems.
2014-07-17 09:29:13 -07:00
a07656fec6
Land #3536 , msftidy INFO messages aren't blockers
2014-07-16 17:57:48 -05:00
58558e8dfa
Allow INFO msftidy messages
...
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
68980157c8
Just skip if info is suppressed.
2014-07-16 11:20:40 -05:00
81a98081d9
Rubocop checks are optional and info only
...
I like the change but it means that basically everything will fail
forever until we tweak up the config.
2014-07-16 10:26:35 -05:00
ab73c16d0d
Add Rubocop to msftidy. You now have 15 seconds to comply. You are in direct violation of Penal Code 1.13, Section 9.
2014-07-15 17:11:04 -07:00
4904426164
Fix @source and prefer &&
2014-07-14 14:36:08 -05:00
wchen-r7
jvazquez-r7
Brent Cook
HD Moore
Roberto Soares
Christian Mehlmauer
Meatballs
Tod Beardsley
William Vu
Jon Hart
Spencer McIntyre
Luke Imhoff
URI Assassin
Josh
Joshua Smith