Commit Graph

806 Commits (2ab7a42d8b1097168fec999ded7945fa7e638878)

Author SHA1 Message Date
Metasploit 643a5511cf
Bump version of framework to 4.13.1 2016-11-18 10:01:48 -08:00
h00die cd01b07682
Land #7565
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
Metasploit 383314530a
Bump version of framework to 4.13.0 2016-11-16 07:48:26 -08:00
Tod Beardsley 1deacad2be
Add a print_bad alias for print_error
Came up on Twitter, where Justin may have been trolling a little:

https://twitter.com/jstnkndy/status/798671298302017536

We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.

Anyway, I went with alias_method, thanks to the compelling argument at

https://github.com/bbatsov/ruby-style-guide#alias-method

...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.

Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
Metasploit f116ad2c59
Bump version of framework to 4.12.42 2016-11-11 10:02:14 -08:00
Metasploit 2c39a14ada
Bump version of framework to 4.12.41 2016-11-04 10:02:13 -07:00
Brent Cook 6577728fa9 enable auto-negotiation for TLS version with SQL Server 2016-11-01 05:45:27 -05:00
Metasploit ffc62964d6
Bump version of framework to 4.12.40 2016-10-28 10:02:36 -07:00
Metasploit 6a23168800
Bump version of framework to 4.12.39 2016-10-25 12:22:52 -07:00
Metasploit e29567f390
Bump version of framework to 4.12.38 2016-10-24 14:25:47 -07:00
Metasploit bf59ba526a
Bump version of framework to 4.12.37 2016-10-24 07:35:41 -07:00
Metasploit 8e0d866976
Bump version of framework to 4.12.36 2016-10-21 10:02:09 -07:00
Metasploit 74340e9eb7
Bump version of framework to 4.12.35 2016-10-14 15:13:45 -07:00
Metasploit b3666ff7ab
Bump version of framework to 4.12.34 2016-10-14 10:04:05 -07:00
Metasploit adb6f31e36
Bump version of framework to 4.12.33 2016-10-08 20:57:08 -07:00
Metasploit 8a6426df48
Bump version of framework to 4.12.32 2016-10-07 10:04:32 -07:00
Metasploit a0ebf5ea2d
Bump version of framework to 4.12.31 2016-10-06 11:23:08 -07:00
Metasploit 73c11a63b4
Bump version of framework to 4.12.30 2016-09-30 10:03:42 -07:00
Metasploit 5ea1e7b379
Bump version of framework to 4.12.29 2016-09-26 12:06:21 -07:00
Metasploit 3ddf80dd7a
Bump version of framework to 4.12.28 2016-09-23 10:02:37 -07:00
Metasploit 5acc17a800
Bump version of framework to 4.12.27 2016-09-16 10:02:52 -07:00
Metasploit 32998d938f
Bump version of framework to 4.12.26 2016-09-13 16:59:37 -07:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Metasploit 8eb2c926f3
Bump version of framework to 4.12.25 2016-09-13 13:37:08 -07:00
Adam Cammack aa193bf372
Set defaults in WordpressMulticall login scanner
This login scanner would crash it was used like a normal login scanner.

MS-2007
2016-09-12 11:22:15 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
Metasploit 58112d7b4d
Bump version of framework to 4.12.24 2016-09-02 10:02:44 -07:00
Metasploit ea32c313d3
Bump version of framework to 4.12.23 2016-08-26 10:06:44 -07:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
Metasploit 87d34cfbba
Bump version of framework to 4.12.22 2016-08-19 10:02:28 -07:00
Metasploit a6ba386728
Bump version of framework to 4.12.21 2016-08-12 10:02:36 -07:00
Metasploit d57e4d6349
Bump version of framework to 4.12.20 2016-08-10 15:30:37 -07:00
Metasploit 280216d74d
Bump version of framework to 4.12.19 2016-08-09 14:49:58 -07:00
Metasploit e7aa658893
Bump version of framework to 4.12.18 2016-08-05 10:05:03 -07:00
Metasploit 190bac6e0a
Bump version of framework to 4.12.17 2016-07-29 10:02:06 -07:00
Metasploit 4cbb3bb9b6
Bump version of framework to 4.12.16 2016-07-22 10:02:00 -07:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Metasploit b954b6d5c1
Bump version of framework to 4.12.15 2016-07-18 08:42:20 -07:00
Metasploit b13d0f879a
Bump version of framework to 4.12.14 2016-07-15 10:03:28 -07:00
David Maloney b6b52952f4
set ssh to non-interactive
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Metasploit 48410f3ab2
Bump version of framework to 4.12.13 2016-07-08 10:01:58 -07:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
Metasploit 82e092c2df
Bump version of framework to 4.12.12 2016-07-05 14:57:43 -07:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Metasploit 054ac5ac19
Bump version of framework to 4.12.11 2016-07-05 07:49:37 -07:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
David Maloney d90f0779f8
Land #7009, egypt's rubyntlm cleanup
Land egypt's PR to replace all of our NTLM code with
the rubyntlm gem
2016-06-28 14:15:34 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
Metasploit e3e360cc83
Bump version of framework to 4.12.10 2016-06-28 12:13:26 -07:00
Metasploit fd07da3519
Bump version of framework to 4.12.9 2016-06-27 11:54:04 -07:00
David Maloney 6072697126
continued 2016-06-22 14:54:00 -05:00
James Lee 0126ec61d8
Style 2016-06-22 10:15:23 -05:00
James Lee b3f59ebd19
Whitespace 2016-06-22 10:15:23 -05:00
James Lee 07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
James Lee 4b3f6c5d29
Use rubyntlm for mssql login scanner 2016-06-22 10:15:22 -05:00
Metasploit fd4a51cadb
Bump version of framework to 4.12.8 2016-06-10 10:01:27 -07:00
Metasploit 815685992a
Bump version of framework to 4.12.7 2016-06-07 13:14:34 -07:00
Metasploit c35322ec3f
Bump version of framework to 4.12.6 2016-05-30 22:34:13 -07:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
2016-05-27 16:25:42 -05:00
Metasploit 54f4389d31
Bump version of framework to 4.12.5 2016-05-24 08:54:14 -07:00
Metasploit 100300c819
Bump version of framework to 4.12.4 2016-05-18 07:04:09 -07:00
Jenkins c9dd863085
Bump version of framework to 4.12.3 2016-05-17 10:18:08 -07:00
Jenkins 621a908b2d
Bump version of framework to 4.12.2 2016-05-13 12:51:58 -07:00
David Maloney ba4bfca806 Revert "arg bad build, resetting version back one"
This reverts commit d86392e96b.
2016-05-13 14:48:35 -05:00
David Maloney d86392e96b
arg bad build, resetting version back one 2016-05-13 14:44:02 -05:00
Jenkins b6a83f734d
Bump version of framework to 4.12.1 2016-05-13 12:39:43 -07:00
David Maloney 31050a8da7
Rails upgrade to 4.2.6
lands all of the rails 4.2 upgrade work
Merge branch 'staging/rails-upgrade'
2016-05-13 14:34:50 -05:00
Jenkins 6c11054d5a
Bump version of framework to 4.12.0 2016-05-13 11:46:03 -07:00
David Maloney 6142d2cef1
Merge branch 'master' into staging/rails-upgrade 2016-05-09 09:27:17 -05:00
Jenkins 805f98f599
Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
Jenkins e7ff4665e1
Bump version of framework to 4.11.26 2016-05-04 09:44:18 -07:00
Jenkins 7490ab1c78
Bump version of framework to 4.11.25 2016-05-03 17:09:07 -07:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
Jenkins d4f1c78c5c
Bump version of framework to 4.11.24 2016-04-29 13:38:06 -07:00
Jenkins d70dcbf4a4
Bump version of framework to 4.11.23 2016-04-22 09:34:10 -07:00
thao doan 5e36a3128c Fix #5197, Fixed yard doc errors
Fix #5197 Fixed issues that caused errors during yard doc generation
2016-04-21 13:06:00 -05:00
Metasploit d5085f6f0d
Bump version of framework to 4.11.22 2016-04-16 09:09:23 -07:00
David Maloney c52f3dcb0e
update to rails 4.2.6
fix lost dep unlocks and upgrade rails to 4.2.6

MS-1400
2016-04-15 11:45:43 -05:00
Metasploit 16c599866c
Bump version of framework to 4.11.21 2016-04-08 16:23:33 -07:00
William Vu 22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
David Maloney 8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
wchen-r7 545cb11736
Bring #6409 up to date with upstream-master 2016-03-31 17:00:56 -05:00
wchen-r7 5fdea91e93 Change naming 2016-03-31 17:00:29 -05:00
wchen-r7 797acd625d
Land #6714, Kill defanged mode 2016-03-30 10:54:56 -05:00
Brent Cook b8d53dde4a Merge branch 'upstream-master' into staging/rails-upgrade 2016-03-29 15:56:50 -05:00
Metasploit b41ac10fe8
Bump version of framework to 4.11.20 2016-03-29 12:43:20 -07:00
wchen-r7 faaaf6b765 MS10-58 Call super in #set_sane_defaults for caidao login scanner
MS10-58
2016-03-29 13:40:51 -05:00
James Lee f1857d6350
Kill defanged mode 2016-03-28 09:02:07 -05:00
Metasploit 72bde63397
Bump version of framework to 4.11.19 2016-03-25 13:03:35 -07:00
Gregory Mikeska 7bd6d0c696
Merge branch 'master' into staging/rails-upgrade 2016-03-24 12:55:05 -05:00
Metasploit e7b0c60e5c
Bump version of framework to 4.11.18 2016-03-23 07:55:29 -07:00
Metasploit 6e12e74e02
Bump version of framework to 4.11.17 2016-03-18 14:12:18 -07:00
Metasploit e059f42094
Bump version of framework to 4.11.16 2016-03-11 14:17:28 -08:00
David Maloney ca18996272
setup rails staging branch
rails 4.1 baby!
2016-03-09 15:35:00 -06:00
David Maloney 88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
Metasploit a5cdd7e17f
Bump version of framework to 4.11.15 2016-03-04 16:56:02 -08:00
Metasploit ce675330c0
Bump version of framework to 4.11.14 2016-03-04 14:49:55 -08:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
darkbushido 2ec7149ae7
Logging deprecations to STDERR 2016-02-25 10:59:50 -06:00
Metasploit b32f474e99
Bump version of framework to 4.11.13 2016-02-24 11:37:42 -08:00
Metasploit b868f7cc89
Bump version of framework to 4.11.12 2016-02-19 20:19:43 -08:00
Metasploit 93cc7d58ba
Bump version of framework to 4.11.11 2016-02-12 15:38:50 -08:00
Metasploit 3c1ada46dd
Bump version of framework to 4.11.10 2016-02-05 13:40:02 -08:00
Metasploit 7079110964
Bump version of framework to 4.11.9 2016-01-29 10:51:46 -08:00
wchen-r7 6187354392
Land #6226, Add Wordpress XML-RPC system.multicall Credential BF 2016-01-23 00:12:46 -06:00
KINGSABRI ad3eed525b Handing newer version of WP, fallback CHUNKSIE to 1 2016-01-23 08:06:27 +03:00
wchen-r7 0f9cf812b7 Bring wordpress_xmlrpc_login back, make wordpress_multicall as new 2016-01-22 18:54:20 -06:00
wchen-r7 216986f7af Do API documentation, rspec, and other small changes 2016-01-21 17:22:14 -06:00
Christian Mehlmauer 5a0e11fb72
revert file check 2016-01-21 20:21:41 +01:00
wchen-r7 d46ab29186 Don't name the method #send 2016-01-19 20:03:02 -06:00
Christian Mehlmauer 390b46dd25
also check file for existance 2016-01-19 23:55:49 +01:00
Christian Mehlmauer b45e22b64d
use .any? 2016-01-19 23:16:10 +01:00
Christian Mehlmauer aaa1174ca5
fix rspec errors without database 2016-01-19 20:28:58 +01:00
nixawk 98cfd2de90 remove PING authentication 2016-01-16 12:42:15 +08:00
Metasploit a030179577
Bump version of framework to 4.11.8 2016-01-15 15:17:13 -08:00
Brent Cook 59660dd6d0
Land #6465, remove unneeded meterpreter extension post-installation copies 2016-01-15 17:04:14 -06:00
Brent Cook 8479d01029
Land #6450, add TLS support to MSSQL 2016-01-14 12:17:40 -06:00
David Maloney f7ce0dfedf
remove the merge extension intialiser
this initialiser conflicts with the gemfication
of framework and causes permissions issues

MS-972
2016-01-12 14:08:54 -06:00
Louis Sato 192505fe2d
killing threads and closing sockets more elegantly 2016-01-07 17:57:32 -06:00
Metasploit dea4f35b0e Bump to 4.11.7 2016-01-07 15:56:59 -08:00
Jonathan Harms 5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
Jonathan Harms 675100946b Initial SSL working OK 2016-01-07 17:53:48 -06:00
darkbushido e38ff7079a
changing the require to start at metasploit_credentials 2016-01-07 15:49:49 -06:00
Brent Cook 7f9b804060
Land #6410, remove JtR binaries, update for independent framework releases 2016-01-06 14:16:49 -06:00
wchen-r7 480913cb32 Add rspec 2016-01-06 01:41:13 -06:00
nixawk c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
Chris Doughty 8090bbc750 Changes to support framework as a gem 2015-12-30 11:00:45 -06:00
nixawk a929dc0e35 add redis_login 2015-12-30 18:54:25 +08:00
Luke Imhoff 4858ae63bd Thread class name for debugger has changed, so add new name
MSP-13484
2015-12-10 21:47:22 -06:00
wchen-r7 b1abfe898d Update wordpress_xmlrpc_login
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Chris Doughty f8a215e3cd Adding changes to allow for easier version bumping 2015-11-09 15:56:03 -06:00
Brent Cook be23da1c1f Merge branch 'upstream-master' into land-6120-python-stageless 2015-10-30 17:26:26 -05:00
Samuel Huckins f064fec0f1
Bumped version to 4.11.5
MSP-13377
2015-10-30 09:37:00 -05:00
Spencer McIntyre 810665847b Add stageless python meterpreter to the payloads spec 2015-10-22 08:40:50 -04:00
William Vu bd96e0ded2 Improve get_hash for Framework version 2015-10-15 16:22:45 -05:00
jvazquez-r7 3dd7fdfd95
Land #6055, @wvu-r7's -q option for msfd
* Fixes #5770
2015-10-08 14:10:27 -05:00
William Vu 77fae28cd4 Add -q option to msfd to disable banner 2015-10-07 01:57:58 -05:00
jvazquez-r7 50249bd640
Update Metasploit::Framework::Tcp::Client to have SSLVerifyMode and SSLCipher into account 2015-09-28 13:57:08 -05:00
jvazquez-r7 1e4e5c5bae
Update ACPP login scanner to have into account advanced options 2015-09-28 13:50:20 -05:00
jvazquez-r7 3529cdad7b
Add attributes 2015-09-28 13:30:10 -05:00
Jon Hart 0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
Fixes #5871
2015-08-20 10:05:42 -07:00
Brent Cook 0b6a52e162
bump metasploit-framework gemspec version to match pro 2015-08-04 14:25:44 -05:00
Brent Cook e53419a911 use password_prompt? not @password_prompt 2015-07-27 19:21:59 -05:00
Brent Cook 8349a274ea use and include git hash of Framework as part of the version
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.

This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00