Commit Graph

806 Commits (2ab7a42d8b1097168fec999ded7945fa7e638878)

Author SHA1 Message Date
Luke Imhoff 14fa1dba0b
Merge branch 'master' into feature/MSP-11605/lazy-thread-creation
MSP-11605
2014-11-14 11:58:16 -06:00
Luke Imhoff d9a25005a6
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider
MSP-11605

`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`.  In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
2014-11-13 14:08:26 -06:00
Luke Imhoff b17b263cc7
Ignore debugger threads
MSP-11147

When using the debugger, it adds a thread that should be allowed and not
go towards the count.
2014-11-13 09:49:08 -06:00
Luke Imhoff 535f69b56d
Append to RUBYOPT for debugger compatibility
MSP-11147

When using Rubymine's debugger, the tests would run and say there were
no tests and no break points would be hit.  It was determined that this
was due the Rubymine's debugger injecting itself into RUBYOPTS and only
working if it's first in RUBYOPT, which means that
'metasploit:framework:spec:threads:suite' must inject '-Ilib
-rmetasploit/framework/spec/threads/logger' at the end of RUBOPT instead
of the beginning.
2014-11-13 09:19:07 -06:00
Luke Imhoff 69043d51e0
Merge branch 'master' into feature/MSP-11147/thread-leak-detection
MSP-11147
2014-11-12 12:34:25 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Luke Imhoff 8416985c9d
Give Threads UUIDs for spec run so caller can be correlated
Have 'metasploit/framework/spec/threads/suite/logger' generate a UUID
for each Thread.  This UUID is printed on the "BEGIN Thread.new caller"
line and is assigned as a thread-local variable,
'metasploit/framework/spec/threads/logger/uuid'.  In `after(:suite)`,
the log can be parsed to map the caller back to each UUID and then only
the UUID of the still existing threads is used to look up the caller and
print their stacktraces.  This means only leaked threads callers will be
printed.
2014-11-06 14:05:35 -06:00
Luke Imhoff 8f635a1d76
Remove empty define_task
MSP-11147
2014-11-06 09:11:31 -06:00
Luke Imhoff 8855e0731c
Fix multiline string indentation
MSP-11147
2014-11-06 09:11:12 -06:00
Luke Imhoff 8d06189a19
Tell use to run with `rake spec` to see Thread.new caller
MSP-11147

If the log isn't available, tell the user to rerun with `rake spec`
instead of printing nothing after the `:\n`, which looks incomplete.
2014-11-06 09:10:04 -06:00
Luke Imhoff c1f1222783
Check that threads/suite.log exists before reading
MSP-11147

Even with leaked threads, there may be no log if the suite is run
without `rake spec`, such as when `rspec` is used directly to run a
subset of specs.
2014-11-06 09:07:11 -06:00
Luke Imhoff d66c98b34d
Remove prior log/metasploit/framework/spec/threads/suite.log
MSP-11147
2014-11-05 15:51:43 -06:00
Luke Imhoff d4d710cc3a
Merge branch 'feature/MSP-11130/metasploit-framework-spec-constants' into feature/MSP-11147/thread-leak-detection
MSP-11147

Merge to get framework instance cleanup, which should clean up a lot of
thread leaks too.

Conflicts:
	Rakefile
	lib/metasploit/framework/spec.rb
	spec/spec_helper.rb
2014-11-05 15:47:59 -06:00
Luke Imhoff 097aa330e1
Log caller for each Thread.new for `rake spec`
MSP-11147
2014-11-05 15:34:35 -06:00
Luke Imhoff 96990fdc02
Fail before suite if more than 1 thread exists
MSP-11147

Detect thread leaks in a `before(:suite)` configured by
`Metasploit::Framework::Spec::Threads::Suite.configure!` and fail if any
leaks are found.
2014-11-05 14:38:43 -06:00
Luke Imhoff 3093ba8394
Explicitly require 'metasploit/credential' and 'metasploit_data_models'
By putting the db group into the metasploit-framework-db.gemspec,
bundler no longer automatically required 'metasploit/credential' and
'metasploit_data_models' because gems, such as metasploit-framework-db,
are expected to explictly require their dependencies.
2014-11-05 09:25:50 -06:00
Luke Imhoff 9f573e2d8d
Revert "Add .log extension to metasploit/framework/spec/constants/suite log"
MSP-11130

This reverts commit 4f986c4a48.

Extension wasn't there because it was a directory name and a log file
name.
2014-11-04 14:03:54 -06:00
Luke Imhoff dee02fc85b
Automatically clear previous log/metasploit/framework/spec/constants/each.log
MSP-11130

Have a task, 'metasploit:framework:spec:constants:each:clean' run before
`rake spec` that removes the previous
`log/metasploit/framework/spec/constants/each.log` so that the user doesn't
have to manually remove the load when removing
`Metasploit::Framework::Spec::Constants::Each.configure!` from
`spec/spec_helper.rb`.
2014-11-04 13:58:13 -06:00
Luke Imhoff 313d86982c
Log Spec::Constants::Each error instead of flag.
MSP-11130

Instead of writing `1` to the file and then printing a verbose message
in the spec task action, log the verbose message and just print the log
in the spec task action, so other tools can just look at the log when
not using `rake spec`.

NOTE: Failing specs due to unnecessary
`Metasploit::Framework::Spec::Constants::Each.configure!`
2014-11-04 13:36:52 -06:00
Luke Imhoff 1d09fa677e
log/remove-cleaner -> log/metasploit/framework/spec/constants/each.log
MSP-11130

Rename log file to match naming scheme for
Metasploit::Framework::Spec::Constants::Suite.
2014-11-04 13:21:47 -06:00
Luke Imhoff 4f986c4a48
Add .log extension to metasploit/framework/spec/constants/suite log
MSP-11130
2014-11-04 13:20:10 -06:00
Luke Imhoff 7cb0954a6e
Add manual removal of `log/remove-cleaner` to Each removal
MSP-11130

When removing `Metasploit::Framework::Spec::Constants::Each.configure`
from spec/spec_helper.rb,
`Metasploit::Framework::Spec::Constants::Each.define_task` will see the
`log/remove-cleaner` from the last run unless it is manually removed.
2014-11-04 10:10:28 -06:00
Luke Imhoff b0f1b2a1f7
Merge branch 'master' into feature/MSP-11130/metasploit-framework-spec-constants
MSP-11130

Conflicts:
	Rakefile
2014-11-04 10:10:12 -06:00
Luke Imhoff 325c01e45d
Log constants leaked before and after suite
MSP-11130

Some constants can be leaked before suite if module are loaded during
spec loading, such as if a framework instance in made in the context
body of a spec instead of in a before callback.
2014-10-30 14:04:07 -05:00
Luke Imhoff ae0a98785f
Print when Metasploit::Framework::Spec::Constants::Each before(:each) cleans
MSP-11130

Print to stderr the full description of the example when
`Metasploit::Framework::Spec::Constants.configure!`'s `before(:each)`
cleans constants as it may clean constants that are leaked from the
class level at parse time.
2014-10-30 12:34:55 -05:00
Luke Imhoff c8e4745d6d
Fail `rake spec` if leak tracking unnecessary
MSP-11130

Fail `rake spec` if
`Metasploit::Framework::Spec::Constants::Each.configure!`'s
`before(:each)` does not clean all leaked constants and if should be
removed so that it does not interefore with future specs.
2014-10-30 09:37:17 -05:00
Luke Imhoff c2bd75b587
Clean up leaked constants
MSP-11130
2014-10-29 15:50:47 -05:00
Luke Imhoff 892aeaf727
Metasploit::Framework::Spec::Constants cleaner
MSP-11130

Shared context will calls `Metasploit::Framework::Spec::Constants.clean
after each example.
2014-10-29 11:31:17 -05:00
Luke Imhoff 0d4b22ce7a
Detect constant leaks in individual examples
MSP-11130

`Metasploit::Framework::Spec::Constants::Each.configure!` will set up an
`after(:each)` callback that will fail the example if there are leaked
constants.  Leaked constants are cleaned up to prevent misattribution.
2014-10-28 15:50:24 -05:00
Luke Imhoff f9b1f2a424
Extract Metasploit::Framework::Spec::Constants::Suite
MSP-11130

`Metasploit::Framework::Spec::Constants::Suite` extracts out
`LOG_PATHNAME`, `configure!`, and `define_task` as those piece are
specific to handling constant leaks for the entire suite.  This is in
preparation for `Metasploit::Framework::Spec::Constants::Each`.
2014-10-28 15:07:32 -05:00
Luke Imhoff 3ec9cf54c9
Filter non-loaded-module constants from leaked constants
MSP-11130

Constants from library Modules or Classes should not be reported as
leaked since they have been required and should be persistent between
spec runs.
2014-10-28 14:05:27 -05:00
Luke Imhoff 1a1f3335b8
Extract Metasploit::Framework::Spec::Constants.full_name
MSP-11130

Extract method to convert child constant names to module full names so
it can be reused 'Metasploit::Framework::Spec::Constants tracker' shared
context.
2014-10-28 13:53:48 -05:00
Luke Imhoff a0a9c2140b
Log leaked constants and fail rake spec on leak
MSP-11130

Instead of printing the leaked constants to stderr, log them to
`log/leaked-constants.log`.  In task action for spec, read
`log/leaked-constants.log`.  If it exists, print each leaked constants
(and it appropriate it's module full name) and then exit with 1.  If the
file does not exist, do nothing.
2014-10-28 11:21:35 -05:00
Joe Vennix c6bbc5bccf
Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
Luke Imhoff c84febea5f
tools/missing-payload-tests.rb
MSP-11145

**NOTE: Failing specs**

Add a tool for reading `log/untested-payload.log` and
`framework.payloads` to determine `context`s to add
`spec/modules/payloads_spec.rb` to test the untested payloads.
2014-10-27 13:03:31 -05:00
Jon Hart b8c9ef96ca
Land #4003, @nstarke's Login Scanner for WD MyBook Live NAS 2014-10-27 09:57:43 -07:00
Jon Hart 765b5e686c
Use configured method and URI rather than duplicated values 2014-10-27 09:56:39 -07:00
Luke Imhoff 605f48e58d
Detect leaked constants under Msf::Modules
MSP-11130

Detect constants leaked under Msf::Modules after the suite completes.
2014-10-27 11:13:43 -05:00
nstarke 44f7db4798 Refactoring Success Case
I have refactored the code so that it will work with
non-root accounts.
2014-10-25 13:31:36 +00:00
Luke Imhoff 48d6880f1d
Add docs for untested payload testing
MSP-11145

Add docs to rake task, shared examples, and share contexts for how to
use all 3 together.
2014-10-23 11:17:05 -05:00
Luke Imhoff f827a1c761
Extract untested-payloads.log checker spec task action
MSP-11145

Extract the spec task action which errored out if
`log/untested-payloads.log` exists to
`Metasploit::Framework::Spec::UntestedPayloads.define_task`.
2014-10-23 10:24:33 -05:00
Jon Hart 83df08aaa7 Properly encode body and catch invalid configs 2014-10-22 22:43:06 -07:00
James Lee a5a84886ee
Make sure vnc closes the socket 2014-10-22 15:53:05 -05:00
Jon Hart ce8a9941ea Cleanup. Sanity check in setup. vprint 2014-10-22 10:36:24 -07:00
James Lee 46acf08e2d Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions 2014-10-22 09:09:34 -05:00
nstarke ee3dd3a2ac More Fixes for WD MyBook Live Scanner
Fixes include removing deregistered options
from credentials collection object and adding proof
 when there is no response
2014-10-22 03:06:21 +00:00
James Lee e1a7e902d6
Re-enable tcp evasions for more LoginScanners
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r 79d393c5aa Resolve merge conflicts
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee 83b1d270cd
Fix ftp and mssql 2014-10-21 11:09:39 -05:00
James Lee 8b2dcac730
Fix telnet 2014-10-21 11:08:41 -05:00
James Lee 2fcb1004fb
Move tcp options to Tcp::Client out of RexSocket 2014-10-21 09:59:26 -05:00
James Lee e76ee294a1
Restore tcp evasions to telnet 2014-10-21 09:44:55 -05:00
James Lee cb9a77c06b
Fix NoMethodError when unable to connect
Derp.
2014-10-21 08:58:45 -05:00
James Lee 6f3b26f5e9
Remove tcp evasions from Http
Can't use 'em anyway
2014-10-21 08:27:29 -05:00
nstarke 82b74d5f3c Fixes to MyBook Live Module
This commit contains three fixes as requested on PR
#4003.  Those include:

+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke 70b13819d9 Adding Login Scanner for MyBook Live
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
James Lee 3051b6c5ba
Clean up exceptions
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
James Lee b7d69bec83
Restore proxies to ssh scanners 2014-10-20 10:19:06 -05:00
Tod Beardsley a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/ 2014-10-17 13:13:44 -05:00
Tod Beardsley 5978bd5e62
Control the startup msg with -q, too 2014-10-17 12:41:58 -05:00
Tod Beardsley a45b21b6bf
-q will quiet the animation, too 2014-10-17 12:32:28 -05:00
James Lee 41a57b7ba5
Re-enable proxies for HTTP-based login scanners 2014-10-15 17:00:44 -05:00
Tod Beardsley e010d70913
No need for that bool option 2014-10-14 14:59:57 -05:00
Tod Beardsley bf0a5d038e
Add an animation to comfort the user
Sometimes msfconsole takes a little while to start.

This adds a fairly common ASCII spinner to the startup sequence.

I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.

That said, it works for me.
2014-10-14 14:54:45 -05:00
nstarke f8d6af6d4e Rescuing from JSON Parse
Previous code was not using any sort of exception handling
for parsing the response body.  I have added a rescue block
for JSON errors to remedy this problem.
2014-10-10 12:41:11 +00:00
nstarke 472985a8a8 Adding Buffalo Linkstation NAS Login Scanner
I have added a login scanner for the Buffalo Linkstation
NAS.  I have been testing against version 1.68 of the
firmware.  Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
nstarke eed0958de5 Fixing Comment
Comment was incorrect and needed to be fixed.
2014-10-07 11:28:40 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
Matt Buck 0bb4eac259
Rename the method for optional requires
MSP-11412
2014-10-03 14:06:13 -05:00
Matt Buck 88cbf22ef0
Optionally require mdm, as well
MSP-11412
2014-10-03 13:49:39 -05:00
Matt Buck dabec92e61
Ensure require of metasploit/credential/engine is optional 2014-10-02 14:46:56 -05:00
Matt Buck 7ed1977d0b
Specific require all metasploit gem dependencies' engines
MSP-11412
2014-10-02 14:20:10 -05:00
sinn3r 7163b8c55a Fixes #3915 - NoMethodError private method `rhost'
There's no self.rhost, but rhost is defined
2014-09-30 11:34:16 -05:00
David Maloney 5ff4a55cd2
smb connection error not setting result properly
if the initial connection from the SMB LoginScanner fails
it wouldn't set the target information on the result. this could cause
smb_login to throw a stack trace when it calls invalidate_login
2014-09-16 15:24:14 -05:00
David Maloney e5aa5c4014
missing postgres rescues 2014-09-16 15:04:07 -05:00
sinn3r 169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner) 2014-09-16 14:51:24 -05:00
David Maloney aeed66b694
missing mysql rescue 2014-09-16 13:41:03 -05:00
David Maloney d708de07a3
return the lgoinscanner class name in an invalid exception
when a loginScanner throws an Invalid exception , the message
will now include the classname of the Scanner that threw it.
2014-09-16 13:24:08 -05:00
David Maloney 6decd3cbd2
fix exceptions thrown in telnet loginscanner too 2014-09-16 10:09:59 -05:00
David Maloney bf8f7221c7
rescue exceptions in check_setup 2014-09-15 13:52:17 -05:00
jvazquez-r7 7d4c4c3658
Land #3699, @dmaloney-r7's ipboard login refactor 2014-09-15 08:29:42 -05:00
jvazquez-r7 917a7ffa1e Add specs for valid IPBoard application 2014-09-12 16:08:03 -05:00
Cucumber b80519dc16
Lands #3779, specs
MSP-11343

Merge specs that I missed during last merge.
2014-09-12 14:49:26 -05:00
jvazquez-r7 0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
jvazquez-r7 b8d31891f8 Clean YARD documentation 2014-09-12 09:32:32 -05:00
Joe Vennix 55519d8867
Land #3781, my addition of Metasploit::Concern to msf. 2014-09-11 16:57:24 -05:00
Luke Imhoff 706655f755
Land #3779, Glassfish LoginScanner exception
MSP-11343
2014-09-11 15:57:47 -05:00
Joe Vennix 8654b63c58
Make sure Metasploit::Concern is accessible everywhere. 2014-09-11 14:46:35 -05:00
David Maloney 0663355237
catch connectionreset in ftp login scanner
add exception rescue for Errno::ECONNRESET
2014-09-11 14:39:36 -05:00
James Lee a8e3ff0c0f
Add specs to verify server header matching 2014-09-11 11:42:38 -05:00
James Lee 9151c2c79d
Add docstrings and avoid multiple returns 2014-09-11 10:50:42 -05:00
James Lee 20e48a233a
Explicitly set @version to nil if we can't detect 2014-09-11 10:30:52 -05:00
Cenk Kalpakoğlu 11004ab7c6 typo fix 2014-09-11 16:27:35 +03:00
James Lee 8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee 84e4db9035 Don't raise in the middle
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
David Maloney 2ac15f2088
some fixes based on Christruncer's feedback
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
David Maloney b84142715f
rescue mysql host blocked
rbmysql can throw an exception if the
server blocked this host due to too many connection errors
2014-09-08 12:45:10 -05:00
jvazquez-r7 10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
jvazquez-r7 768b50974f Redo try_glassfish_3 specs 2014-09-07 21:04:43 -05:00
jvazquez-r7 07238ef7b3 Redo try_glassfish_2 specs 2014-09-07 20:47:54 -05:00
sinn3r 6df7658267 Very small change to the doc 2014-09-06 01:54:52 -05:00
jvazquez-r7 78cf75c4d5 Clean YARD documentation 2014-09-06 00:24:39 -05:00
sinn3r 0dcf481d76 This one is good to go 2014-09-04 14:13:33 -05:00
David Maloney 28427ccee3
add VHOST and useragent support to loginscanner 2014-09-04 10:59:07 -05:00
sinn3r e1694ec3e5 LoginScanner update for hp_sys_mgmt_login
Work in progress
2014-09-03 16:23:57 -05:00
sinn3r 61e58dc6d3 Yard doc 2014-09-02 20:48:07 -05:00
sinn3r 954475c0bf Add rspec and update about secure admin 2014-09-02 20:35:25 -05:00
David Maloney 928aeffcba
add wordpress_rpc loginscanner and specs 2014-08-29 13:06:12 -05:00
Samuel Huckins fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides'
MSP-11153 #land
2014-08-28 17:12:37 -05:00
Luke Imhoff 20177c7c23
Restore backup database.yml when retesting after interrupt
MSP-11153

Restore the config/database.yml backed up to
config/database.yml.cucumber.bak in the db:config:restore task, which is
made a dependency of the environment rake task so that
config/database.yml is restored before Rails tries to use it in the
environment task.  This specifically, allows for rake cucumber to be
interrupted when the config/database.yml has been moved to
config/database.yml.cucumber.bak and a subsequence rake cucumber to
succeed and restore config/database.yml, but any task that depends on
environment will restore the config/database.yml.
2014-08-28 15:20:53 -05:00
sinn3r f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
Luke Imhoff 275fa5cb50
Remove unnecessary return
MSP-11153

Leftover from earlier design.
2014-08-27 16:58:45 -05:00
Luke Imhoff 83b6f268b4
Remove unnecessary realpath
MSP-11153

Causes errors on machines that don't have ~/.msf4 like travis-ci.
2014-08-27 16:58:05 -05:00
sinn3r df215a380d Do not send 2 content-length headers 2014-08-27 16:05:08 -05:00
sinn3r a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
Luke Imhoff 951ce15b44
Move database.yml selection to Metasploit::Framework::Database
MSP-11153

Test the following paths in order and only return them if the path
exists:

1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
sinn3r 5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
Tom Sellers 4a1b037af0 Remaining files.. 2014-08-26 18:15:58 -05:00
David Maloney c42517a14a
missing exception rescue
needed to also rescue Errno::ETIMEDOUT
2014-08-26 13:58:34 -05:00
David Maloney 32b1a5ea23
add ipboard loginscanner
add loginscanner class for IPBoard with specs
this should replicate the functionality originally written
by Chris Truncer, but move it into a testable, reusable class
2014-08-25 13:58:30 -05:00
Joe Vennix 95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
James Lee c3e8bc8fa0
Fix a crash when we can't connect to PG, again 2014-08-20 11:02:46 -05:00
James Lee fa27def41f Revert "Fix a crash when we can't connect to PG"
This reverts commit b6deb6a342.
2014-08-20 11:01:29 -05:00
James Lee b6deb6a342
Fix a crash when we can't connect to PG
MSP-11061

No Postgres, no cry
2014-08-19 15:30:24 -05:00
David Maloney 473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
James Lee b9e449f5e2
Fix crash when database.yml doesn't exist 2014-08-18 12:40:57 -05:00
Samuel Huckins 82760bf5b3
Deprecation warnings hidden for non-listeners 2014-08-15 12:33:44 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
David Maloney 84374fe92c
Merge branch 'staging/electro-release' into bug/MSP-11050/rails_root 2014-08-12 13:54:38 -05:00
David Maloney 12f1234296 always set our rails root to our root
this works fine when calling any framework binaries
from their path as CWD. if you call tehm from another path
you will get an incorrect root which can cause certain things to load
incorrectly

Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-08-12 13:53:28 -05:00
David Maloney fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
Luke Imhoff e051272a20
Fix typo
MSP-11046

`ActiveSupport::OrderedOptions` automatically create an attribute for
any missing keys, so when `options.console.resource` was used it would
return `nil` instead of the erroring.  The correct option name was
`options.console.resources` (note the pluralization).
2014-08-12 10:49:35 -05:00
Luke Imhoff 9096a8a1f5
Remove Msf::Framework::VersionAPI
MSP-10998

It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
Luke Imhoff 22db5aad8a
Remove Msf::Framework::VersionCore
MSP-10998

It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
darkbushido ceaffce727
Merge branch 'pr/3593' into staging/electro-release 2014-08-01 16:01:10 -05:00
David Maloney ab7111120b
and all the rest
finally!
2014-08-01 14:54:18 -05:00
David Maloney 4821851ae4
telnet and ssh next 2014-08-01 14:47:08 -05:00
David Maloney 12902b0a6d
the refactor continues! 2014-08-01 14:41:03 -05:00
David Maloney b74813b9a1
mysql and pop3 now 2014-08-01 14:30:33 -05:00
David Maloney 2e7738c788
http and mssql now 2014-08-01 14:22:58 -05:00
dmaloney-r7 e6a0e079b6 Merge pull request #3596 from darkbushido/bug/MSP-10937/adding-parent-to-cores-to-credential
.to_credential now assigns a parent
2014-08-01 13:13:48 -05:00
David Maloney 33f73a8af7
refactor db2 2014-08-01 13:00:27 -05:00
David Maloney 439b893fea
refactor axislogin 2014-08-01 12:30:16 -05:00
David Maloney 0fffb179fa
refactor afp_login 2014-08-01 12:10:52 -05:00
David Maloney db345fcb58
make credential_collection always set private_type 2014-08-01 11:57:35 -05:00
David Maloney a380646667
start refactoring ftp loginscanner 2014-08-01 11:47:13 -05:00
David Maloney 320f032dfe
add to_h to result 2014-08-01 11:46:43 -05:00
David Maloney dbde046f44
use to_h instead of to_hash
apparently ruby 2 adds this as a standard method so
we should stay compliant
2014-08-01 09:45:51 -05:00
David Maloney 0e65792f43
Merge branch 'staging/electro-release' into feature/loginscanner-report-dry 2014-08-01 09:41:30 -05:00
Brandon Turner 0ad2a7c89b
Bump version to 4.10.0 2014-07-31 23:43:46 -05:00
David Maloney 374c6532fa
add to_hash to Credential
begining of the chain to DRYing up
credential reporting in the loginscanner
2014-07-31 18:10:48 -05:00
darkbushido ad6eed01a2
.to_credential now assigns a parent
Metasploit::Credential::Core#to_credential will set the parent to the original core objext
Metasploit::Framework::Credential#to_credential also sets the parent to itself.
2014-07-31 14:52:27 -05:00
Luke Imhoff 7cc5af589f
Only require config/application.rb when Rails.application not set
MSP-10964

Allows other Rails::Applications to use the commands.
2014-07-31 13:32:22 -05:00
Luke Imhoff f9ab7f7a88
Only error out if Rails.env differs from options.environment
MSP-10964
2014-07-31 13:28:21 -05:00
Luke Imhoff aa2e26f8f2
Allow RAILS_ENV to override default environment of 'production'
MSP-10964
2014-07-31 13:24:23 -05:00
James Lee 6a72572237
Wrap comments at 80 2014-07-31 09:41:08 -05:00
James Lee 77d99b7374
Land #3586, fix msfconsole when running without db
Conflicts:
	Gemfile.lock
	metasploit-framework.gemspec
2014-07-30 17:24:21 -05:00
Trevor Rosen ea72a7e5c3 Merge pull request #3583 from jlee-r7/feature/MSP-9932/creds-add-subcommands
Add `creds` subcommands

MSP-9932 #land
2014-07-30 12:01:36 -05:00
Luke Imhoff ceb8a0f5c2
Extract option require pattern to helper Module
MSP-10905

`Metasplot::Framework::Require.optionally` can be used to optionally
require a library and then issue a warning if the require fails or run a
block when it succeeds.
2014-07-30 10:07:53 -05:00
Luke Imhoff 1a6d4843c7
Merge branch 'staging/electro-release' into bug/MSP-10905/msfconsole-database
MSP-10905
2014-07-29 15:52:11 -05:00
Luke Imhoff ba4891bca0
Restore Rails.groups arguments
MSP-10905

They don't cause a problem.
2014-07-29 15:50:52 -05:00
Luke Imhoff 38da44c26b
Fix arity difference between rails and msfconsole options
MSP-10905
2014-07-29 14:32:42 -05:00
Luke Imhoff 04541ac724
Parse msfconsole options before initializing Rails
MSP-10905
2014-07-29 14:07:14 -05:00
Luke Imhoff 24a5a155f4
Require gems
MSP-10905
2014-07-29 14:02:56 -05:00
David Maloney 78a3263cfe
have Credentials remember their aprents
a Credential object can be created from several
other types of objects. Keep a reference to the originating
'parent' so we can find our way back
2014-07-29 11:20:52 -05:00
James Lee ef7f5fe967 Make metasploit-model a direct dep
Needed for all the scanners that use Metasploit::Model::Realm::Key
constants.
2014-07-29 10:30:46 -05:00
darkbushido 064d624322
changing Credential == operator
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
Samuel Huckins 6c1a3f4992 Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
Now able to complete without error.

MSP-10817 #land
2014-07-23 15:55:42 -05:00
Samuel Huckins ffd7d28bc6 Merge pull request #3559 from dmaloney-r7/feature/MSP-10230/snmp_login
MSP-10230 #land
2014-07-23 13:59:37 -05:00
David Maloney b7d15d0b08
simple fix to mysql loginscanner
typo caused connection_timeout default to not get set
2014-07-23 12:07:57 -05:00
David Maloney e54f5e8ee7
working snmp_login module 2014-07-22 12:44:21 -05:00
David Maloney c553fcac73
start refacotirng snmp_login 2014-07-22 11:46:22 -05:00
David Maloney 0eb4fc0ed1
community string collection
add community string collection to handle snmp loginscanner
credentials
2014-07-22 11:44:31 -05:00
James Lee addecb6311
Fix running shipped bins by using a config file
This should get everything working again.

MSP-10817
2014-07-21 18:26:50 -05:00
James Lee a2a75ffb03
Fix typo and full path issue
Previously, the JtR library was prepending the path to data/john/ for
shipped bins; without it, modules weren't finding the executables.
2014-07-21 17:58:27 -05:00
Joe Vennix 9db951cadc
Add sane defaults for HTTP method and path. 2014-07-21 14:57:28 -05:00
cdoughty-r7 1ad04eb2d9 Merge pull request #111 from rapid7/bug/MSP-10714-gem-version
Fix gem version to support rubygems < 2.1
2014-07-16 13:23:33 -05:00
Brandon Turner e637237574
Use the Rubygems 2.2 version convention
Substitute version dashes with ".pre.".

MSP-10714
2014-07-16 11:13:14 -05:00
Brandon Turner 044fdb8c55
Fix gem version to support rubygems < 2.1
MSP-10714
2014-07-15 19:02:39 -05:00
David Maloney ea57ad0126
fix connection error on base
missed a reference to connection_error on the
loginscanner base. this would prevent us from
bailing out early if we have too many connection errors
2014-07-15 16:21:13 -05:00
David Maloney 34635ab968
module login status cleanup
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
David Maloney 9857bac6b1
add NO_AUTH_REQUIRED 2014-07-15 14:38:41 -05:00
David Maloney 939e585658
refactor all loginscanners
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
David Maloney 846679bef9
change Result status
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
dmaloney-r7 f3ec386240 Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success
Feature/msp 10686/stop after user success
2014-07-14 14:56:23 -05:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
Refactor pop3_login
2014-07-14 13:27:11 -05:00
James Lee e68dcdbb06
Refactor pop3_login
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
2014-07-11 11:33:12 -05:00
James Lee 4b16985eb8
Stop trying more creds for a user after success
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
2014-07-10 17:48:58 -05:00
James Lee 097d5d68ce
Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00
James Lee e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login 2014-07-10 14:00:28 -05:00
David Maloney 818bd1946d
final tweak for the http case
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
David Maloney 7dc58d060e
make only one each method
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
David Maloney a319d5270e
set default connection tiemouts
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
David Maloney 1a0200f711
one more strip 2014-07-09 17:50:28 -05:00
David Maloney 25ee278097
strip vestigial realms
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
James Lee bb3525419e
Rescue the right thing
MSP-9707
2014-07-09 17:44:53 -05:00
David Maloney 0c4e53ce5a
fix up specs
a whole bunch of spec changes needed for
these changes.

alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
David Maloney c7b37743ef
working realm coercion
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
David Maloney 24fced822e
coerce realm_key when it exists
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0
REALM_KEY not _TYPE
arg typos
2014-07-09 14:01:41 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney 7325cfec64
add default realm values
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
2014-07-09 11:19:25 -05:00
David Maloney bc18ca5762
add REALM_KEY to each LoginScanner
each LoginScanner should now know
what kind of REALM it takes
2014-07-09 10:53:37 -05:00
dmaloney-r7 b65989ff0c Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files
Use glob instead of entries
2014-07-08 14:29:24 -05:00
James Lee 567435f508
Use glob instead of entries
Fixes the case where a non-ruby file exists in the login_scanner/
directory
2014-07-08 11:00:33 -05:00
David Maloney 38419dae83
fix to_credential on core
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
2014-07-07 18:05:04 -05:00
David Maloney 2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 16:32:39 -05:00
dmaloney-r7 db8b0c907b Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
dmaloney-r7 c4c7ff519f Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type
Add private_type and realm_key accessors to Framework::Credential
2014-07-07 15:43:18 -05:00
David Maloney b52c13228c
make private_type validation conditional
there are times when this won't be filled in
but the credential is still valid
2014-07-07 15:40:52 -05:00
James Lee 2a9ac0a007
Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
James Lee 71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 13:19:34 -05:00
James Lee b7cfc927c4
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
James Lee 5c406a2aa5
Remove successes and failures
No reason to store them and they could fill a ton of unnecessary memory.
2014-07-07 12:33:15 -05:00
James Lee 7035064f3d
Assignment alignment for Dave 2014-07-07 12:30:04 -05:00
James Lee 8df3ada087
Better docs 2014-07-07 10:18:42 -05:00
James Lee 325d2d25b9
Fix requires and derp typos 2014-07-07 10:09:45 -05:00
James Lee 311f43f1e4
Constpocalypse 2014-07-03 18:49:46 -05:00
James Lee b7a55d402d
Add likely service ports and names for HTTP 2014-07-02 23:41:31 -05:00
James Lee 9dde47a0bc
Add a simple classes_for_service method 2014-07-02 23:31:56 -05:00
Lance Sanchez b5351eec2b
adding .to_credential
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
2014-06-26 11:05:59 -05:00
James Lee f225ac92ab
Refactor smb_login
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
James Lee 35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release 2014-06-20 12:39:07 -05:00
David Maloney 3c85601426
not every version has dupe supression 2014-06-19 16:28:23 -05:00
David Maloney 4453dcdc8e
some minor fixes 2014-06-19 15:45:24 -05:00
James Lee 9421beedb3
Refactor http_login 2014-06-19 14:12:21 -05:00
David Maloney 0ff8708e6d
some minor fixes 2014-06-19 13:08:43 -05:00
James Lee b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
James Lee 2d9c6f832a
Moar parens!!1!! 2014-06-19 10:07:21 -05:00
David Maloney fd0e24cdb2
moar docs! 2014-06-18 11:38:07 -05:00
David Maloney 4b4d9796c5
more minor cleanup
cleanup from code review
2014-06-18 11:24:55 -05:00
David Maloney 9f11170c3b
some minor cleanup on jtr stuff
minor cleanup to code nstyling stuff
2014-06-18 10:57:41 -05:00
David Maloney d473d86ef0
use tr instead of gsub for mutation
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
2014-06-17 10:29:09 -05:00
James Lee 6237d56398
Refactor ssh_login_pubkey
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
   where the ssh_socket accessor was not being set because of a
   shadowing local var
 * Fix a bug in the db command dispatcher where an extra column was
   added to the table, causing an unhandled exception when running the
   creds command
 * Add a big, ugly, untested class for imitating
   Metasploit::Framework::CredentialCollection for ssh keys. This class
   continues the current behavoir of silently ignoring files that are a)
   encrypted or b) not private keys.
 * Remove unnecessary proof gathering in the module (it's already
   handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
David Maloney a81b0ed17b
rename method to_file
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
2014-06-16 18:03:06 -05:00
David Maloney 95beaa4f7e
correct self-eating array nature
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
2014-06-16 17:37:18 -05:00
David Maloney a92a58417f
memoize the mutation keys
it was recalculating the mutation rules
everytime, and there is no reason to do this
2014-06-16 17:18:52 -05:00
David Maloney f1a39ef973
enumerators all done with specs
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
David Maloney 9af811a2ed
we need to pass in a workspace 2014-06-15 15:52:57 -05:00
David Maloney 897b0b1ee5
wordlist enumerators with some specs
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
David Maloney a00ff5aeef
yield custom_wordlist words 2014-06-15 12:16:21 -05:00
David Maloney 41d6b326f2
specs for wordlist validations
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
David Maloney a5fb898904
actually set max run time
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
David Maloney 33519b1fcd
cracker validations and specs
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
David Maloney 10f3531bbb
add exectuable validator
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
2014-06-14 18:01:24 -05:00
David Maloney 21f29c4da9
more filepath validators
added filepath validations to cracker
also made them all conditional validations
2014-06-14 17:54:37 -05:00
David Maloney 1dd69a5228
wordlist validators
added custom fielpath vaidator and
added validations to the wordlist class
2014-06-14 17:49:47 -05:00
David Maloney 466576d03f
jtr wordlist validations started
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
David Maloney 19231b7c8f
starting skeleton on wordlist class
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
2014-06-14 15:48:25 -05:00
David Maloney 41f7bc1372
add common root words wordlist
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
David Maloney 873d6e5b99
add all the specs 2014-06-14 12:28:17 -05:00
David Maloney b784bea48e
slow roll of specs for jtr cracker
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
David Maloney 7187138134
start injecting sanity 2014-06-13 14:53:56 -05:00
David Maloney a9bcb8b3bd
add skeleton for JtR Cracker
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
Samuel Huckins f452652f54 Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.

MSP-9708 #land
2014-06-12 18:37:44 -05:00
Samuel Huckins d215b8e5b2 Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
45 merged, steps passing.

MSP-9712 #land
2014-06-12 16:04:17 -05:00
Samuel Huckins df705c2edc
Gotta keep 'em sepArated.
MSP-9712
2014-06-12 16:03:02 -05:00
David Maloney 5fd117a015
fix userpass file stack trace
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
2014-06-12 12:39:36 -05:00
David Maloney c074ebda7b
refactor telnet_login 2014-06-11 17:46:42 -05:00
James Lee c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
Conflicts:
	lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
James Lee b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
dmaloney-r7 9affc753c0 Merge pull request #66 from rapid7/feature/cred-collection-prepend
Add ability to prepend creds to a collection
2014-06-11 14:34:54 -05:00
James Lee 3a8f6236ad
Add ability to prepend creds to a collection 2014-06-11 14:30:45 -05:00
Samuel Huckins 84aa0d42ed Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
James Lee fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
Luke Imhoff 4d923a4809
Update to Rubyzip 1.X API
MSP-10004

`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
David Maloney e9d9806408
invalidate_login
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
James Lee 552899ef13
Add a couple more specs for CredentialCollection
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
David Maloney 4d53c18ac4
fix version 2014-06-06 12:07:22 -05:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
Luke Imhoff f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-05 16:22:02 -05:00
David Maloney c61b47063d
vnc add missing exception catch
linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
2014-06-05 15:32:08 -05:00
James Lee b1136752be
Add Credential#== to facilitate specs 2014-06-05 11:37:48 -05:00
James Lee 8b6e188ba8
Add support for realm in CredentialCollection
MSP-9988
2014-06-04 17:03:52 -05:00
James Lee b1ff6b95b5
Better docs 2014-06-04 14:44:53 -05:00
James Lee 41644970bf
Add a CredentialCollection
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
Lance Sanchez edc9f94d41
fixing issues raised in code review
MSP-9678
2014-06-03 11:15:26 -05:00
Lance Sanchez 15fffb1668
Adding in some tests
cleaning up the regex a bit

MSP-9678
2014-06-02 13:50:30 -05:00
Luke Imhoff 9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-02 13:40:11 -05:00
Luke Imhoff ebf61bef22
Metasploit::Framework::Engine
MSP-9653

Rails::Engine version of Metasploit::Framework::Application that can be
used by downstream projects, like Pro to get the shared behaviors, like
modules path adding, meterpreter extension merging, and binary default
encoding.
2014-06-02 13:00:22 -05:00
Luke Imhoff 9d326fcb24
Extra common engine and fix default encoding
MSP-9653

Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine.  Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
2014-06-02 12:57:48 -05:00
Luke Imhoff 3ebe7dfbc8
Gem version
MSP-9653

Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
Luke Imhoff 84f5a0d499
Explicitly require gem dependencies
MSP-9653
2014-06-02 12:27:15 -05:00
Lance Sanchez f2a2975bc1 Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner 2014-06-02 10:56:54 -05:00
Trevor Rosen 8bcd763039 Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
Feature/msp 9685/telnet login scanner

MSP-9685 #land
2014-05-30 13:40:18 -05:00
David Maloney 2c6f89a58d
add sane default for connection timeout 2014-05-29 11:12:59 -05:00
David Maloney eb04a3774a
fixes for telnet wierdness
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
James Lee 572e4f2bdf
Fix dumb missing options and add spec 2014-05-28 16:32:38 -05:00
David Maloney 1bc2140fa6
Telnet LoginScanner basics
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
David Maloney 747395e383
create telnet clinet mixin
copy paste existing stuff repurposed for use
in a real class instead of a metasploit module
2014-05-28 13:53:50 -05:00
Lance Sanchez 07a61ae696
adding in changes from before my vacation..
MSP-9678
2014-05-28 13:18:28 -05:00
James Lee 3ac2182984
First stab at axis2 login scanner 2014-05-27 23:53:04 -05:00
dmaloney-r7 85737d1235 Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
AFP login scanner
2014-05-22 15:05:24 -05:00
James Lee 5d1a0397ed
Add Tomcat login scanner 2014-05-21 14:28:54 -05:00
James Lee 8be35b90f4
Add some more specs for AFP login scanner 2014-05-20 17:44:41 -05:00
James Lee d061d36229 Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner 2014-05-20 17:25:42 -05:00
James Lee 21de14ac3d
Initial stab at AFP login scanner 2014-05-20 17:08:12 -05:00
Samuel Huckins 62bae8e23b Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
Specs and functional steps passing. 

MSP-9687 #land
2014-05-20 11:32:37 -05:00
Samuel Huckins d9687d87f9 Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
Specs passing post update.

MSP-9667 #land
2014-05-16 11:29:31 -05:00
David Maloney 02a9d7f15d
minor cleanup
minor style changes found in code review
2014-05-16 11:20:04 -05:00
James Lee 9582d82fba Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner 2014-05-15 13:59:48 -05:00
James Lee 8a9abb90c0
Add specs for connection error conditions 2014-05-15 10:06:17 -05:00
Lance Sanchez e9b3f10ba7
Drying up some of the status codes
MSP-9678
2014-05-14 17:02:26 -05:00
James Lee 59050d9bf1
Add specs for WinRM, improve those for HTTP 2014-05-14 15:13:29 -05:00
James Lee 99f8fbbc9c
Add WinRM login scanner
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
  simpler and easier
* Adds support for default ports to HTTP. This should probably be
  rafactored up into Base
* Removes spec that complains about port being unset (which now fails
  because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
Luke Imhoff 82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
MSP-9686
2014-05-14 13:24:13 -05:00
Luke Imhoff a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
MSP-9686
2014-05-14 13:22:41 -05:00
dmaloney-r7 acaf713229 Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
Lance Sanchez 6a029bee02
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner 2014-05-14 10:13:46 -05:00
David Maloney f34090946e
derp 2014-05-14 10:10:57 -05:00
Lance Sanchez 06796fb27c
returning the result class
MSP-9678
2014-05-14 10:09:52 -05:00
David Maloney 2faa015bf3
some minor cleanup
minor edits requested by kronicdeth during
code review
2014-05-14 10:09:26 -05:00
James Lee 8a9027b21d
Add better #inspect for Credential and Result 2014-05-14 10:04:40 -05:00
Lance Sanchez 3c0625e393 hacking on the pop3 login scanner
MSP-9678
2014-05-14 09:44:23 -05:00
David Maloney 72b3c4da35
working DB2 loginscanner
w00t
2014-05-13 14:41:15 -05:00
Samuel Huckins 162038bde4 Merge pull request #19 from rapid7/feature/login_scanner/smb
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
David Maloney f5751d6a85
first pass at attempt_login for DB2
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
James Lee 2d7e90d5df
Remove vestigal require 2014-05-13 13:39:40 -05:00
David Maloney 5dcf3efd1a
skeleton for DB2 loginscanner
add basic  skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
Luke Imhoff 3370465d84
Use railties to load Metasploit::Credential correctly
MSP-9606

In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines.  To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
David Maloney f84d763382
refactoring conditional logic
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
James Lee fe3acf08f5
Handle exceptions without error_code
Also sets smb_direct in attempt_login, which makes this work correctly
when port wasn't set in the constructor.
2014-05-12 10:31:11 -05:00
James Lee 3831042dca
Add specs, validations for LoginScanner::SMB 2014-05-09 18:58:49 -05:00
James Lee ee6a9f99b3
Add require for active_model
Having proper requires allows loading scanners in IRB without msfconsole
2014-05-09 18:16:19 -05:00
David Maloney 4e76330643
Add skeleton for VNC lgoinscanner
Add skeleton and specs for the VNC Loginscanner

MSP-9686
2014-05-09 11:55:15 -05:00
Trevor Rosen c77412d373 Merge pull request #13 from rapid7/feature/login_scanner/mysql
Add LoginScanner for MySQL

MSP-9676 #land
2014-05-08 15:05:24 -05:00
Trevor Rosen 894ecaafb4 Merge pull request #12 from rapid7/feature/login_scanner/pg
Add Postgres LoginScanner class

MSP-9679 #land
2014-05-08 14:38:56 -05:00
David Maloney 42de1ab1f1
whitespace removal 2014-05-08 14:18:06 -05:00
David Maloney d16a4a4c1d
add sane defaults to MySQl
MySQL LoginScanner now with sane defaults
for TCP evasion stuff
2014-05-08 13:57:58 -05:00
David Maloney cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql 2014-05-08 13:55:09 -05:00
James Lee 2d2b5ea9e4 Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb 2014-05-08 13:45:06 -05:00
David Maloney e0c6e90ae8
trivial cleanup work
whitespace and alignment stuff
2014-05-08 13:42:52 -05:00
James Lee 13fe8c0869
Default Credential#paired to true 2014-05-08 13:34:31 -05:00
David Maloney 20edabb0f5
mySQL Loginscanner with specs to match
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
David Maloney b72f0f8ffc
try to fix bad push/revert mess 2014-05-07 18:43:37 -05:00
David Maloney 9919d54116 Revert "final touches and specs"
This reverts commit e025fa1791.
2014-05-07 18:34:34 -05:00
David Maloney e025fa1791
final touches and specs
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
James Lee 338ed7bd18
First attempt at smb login scanner 2014-05-07 16:38:56 -05:00
David Maloney 7a476dc21a
fully operational lgoinscanner
Now you will witness the power of this fully operational
LoginScanner. fire at will, Commander!
2014-05-07 15:57:06 -05:00
David Maloney ec974535ac
create base object for mssql scanner
created skeleton for MSSQL Loginscanner
included concerns.

also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
David Maloney 234e129523
add NTLM concern for loginscanners
add a new concern for LoginScanners
that provides the basic accessors and validations
for anything requiring NTLM
2014-05-07 14:28:10 -05:00
David Maloney e6b15541ff
replace datastore calls
replace datastore calls with stub
methods that will be implmeneted by the loginscanner
2014-05-07 11:41:49 -05:00
James Lee 9ad5ae44be
Add abstract attempt_login and cleanup some docs 2014-05-06 15:24:18 -05:00
David Maloney 6077135782
extract login neccisary methods
create new mssql mixin. extract only the methods
required for mssql_login to work and copy them
into this mixin.
2014-05-06 11:59:21 -05:00
David Maloney 5e6f57f711
fix up some more specs
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
David Maloney 1a5abc49d1
Merge branch 'staging/electro_release' into feature/login_scanners/mixin_refactor
Conflicts:
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/ssh_key.rb
2014-05-01 10:19:00 -05:00
David Maloney 0dd22395eb
use credential objects inside results
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
Lance Sanchez 3d94a1f77d
Merge branch 'feature/http_login_scanner' into staging/electro_release 2014-04-30 16:30:46 -05:00
David Maloney 2483a37c04
Rexsocket mixin for LoginScanners
add a mixin for Rex Socket dependent behaviour
in certain Loginscanners to DRY up code more
2014-04-30 15:43:28 -05:00
James Lee 6a41697955
Add require 2014-04-30 15:03:49 -05:00
David Maloney a4cc311106
test base behaviour in shared examples
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
David Maloney f1e303d400
add connection error handling
if we get too many connection errors
or too many errors in a row, we bail on
the host
2014-04-30 14:06:18 -05:00
David Maloney a08421b30f
apply reasonable defaults
give each lgoinscanner the ability to select
reasonable defaults for certain attributes
2014-04-30 13:56:29 -05:00
James Lee ea8dc4db5d
Handle connection errors
Also fix up some yardoc issues
2014-04-30 13:33:39 -05:00
James Lee b617be3dda
Move doc to the right place 2014-04-30 13:30:42 -05:00
David Maloney ad264cb031
remove dead variable
dead variable left in a method from
a previous code iteration. removed
2014-04-30 13:30:09 -05:00
David Maloney 90882f803b
use base mixin in scanners
refactor the LoginScanner classes to use the
new Base mixin. Still some more cleanup to be done
2014-04-30 13:29:14 -05:00
David Maloney 7978587428
add lgoinscanner base mixin
start moving common behaviour for
all LoginScanners into a mixin
2014-04-30 13:11:48 -05:00
David Maloney f61ede7fd2
fix merge wonkiness 2014-04-30 10:23:20 -05:00
David Maloney e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
Conflicts:
	lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
James Lee e8e5a7f72b
Add initial stab at LoginScanner::HTTP 2014-04-30 00:55:45 -05:00
Lance Sanchez ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
MSP-9684 #land
2014-04-29 15:21:56 -05:00
David Maloney 5c24eab526
add snmp specific behaviour
add the snmp specific attempt_login behaviour
to gear this login scanner to the right protocol.
2014-04-29 14:08:30 -05:00
David Maloney f1105ebe48
basic template copypasta
copy the ssh scanner as a template to
start the SNMP scanner from
2014-04-29 10:14:23 -05:00
David Maloney 00b9c99c89
fix class documentation copypasta 2014-04-29 10:13:11 -05:00
David Maloney 08b2974454
fix class documentation 2014-04-29 10:12:26 -05:00
David Maloney 0fcfb9d655
add proxies to ssh scanner
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
David Maloney 35a039848c
add sshkey loginscanner
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
David Maloney 2346d583ed
touchups and specsfor FTP Scanner
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
David Maloney 838a444b23
first pass of FTP LoginScanner
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
David Maloney 1f9cf8c68f
add the mixins for tcp and ftp
skimmed down, non-module dependent mixins
for TCP client and Ftp client. neccesary for
loginscanner work
2014-04-24 13:39:04 -05:00
David Maloney 3a66723741
nake scan! more generic
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
David Maloney ed8f87d3cf
allow scan! to take a blcok
by allowing scan! to take block
and yield the result of each attempt
we can do things like have a module print out
status messages
2014-04-23 12:41:10 -05:00
David Maloney d25f0d8f6c
cash host resolution
if we successfuly resolve the host during
the validation, then alter host to the resolved
address to avoid the overhead of subsequent
DNS requests.
2014-04-22 15:34:16 -05:00
David Maloney 0439569ffb
more documentation work
added some more YARD docs
2014-04-22 11:48:14 -05:00
David Maloney a613d044f5
more cleanup work
some code and documentation DRY work
2014-04-22 11:38:24 -05:00
David Maloney bc092af855
Fix credential docs
expanded return types for the Credential
object to be more accurate
2014-04-22 11:05:12 -05:00
David Maloney b731889c79
add class level documentation
add some comments for YARD to have class
level documentation for each class
2014-04-22 10:59:28 -05:00
David Maloney 526bb4989a
more explicit requires
LoginScanner module brings in all the deps
while the individual classes require
the module then to get their deps.
2014-04-22 10:28:01 -05:00
David Maloney 645eef51b7
Rename CredDetail to Credential
it was felt this was better naming
for the class. Refactored all occurence
2014-04-22 10:25:36 -05:00
David Maloney f079d3f3a9
move requires into module
move all the requires into the LoginScanner
module area to clean up requires
2014-04-21 19:14:50 -05:00
David Maloney 9c6528f13f
use the CredDetail class
now that we have the new CredDetail
class, use it instead of hashes
2014-04-21 18:58:23 -05:00
David Maloney 1a6ef8dced
allow for balnk passwords
have to alter validation slightly
to allow for blank passwords
2014-04-21 18:57:28 -05:00
David Maloney fd1777a79f
add CredDetail class
rather than passing dumb hashes around
added a CredDetail class that comes
with it's own conditional validations
2014-04-21 18:26:38 -05:00
David Maloney de2bb7d66c
dd tests for #scan!
the scan! method is mostly done
and has unit tests
2014-04-21 17:59:50 -05:00
David Maloney 2e11f80a98
refactor to use Result class
we now use a Result class to handle
all result codes from the login attempt
2014-04-21 15:35:16 -05:00
David Maloney d313047532
add loginscanner result class
add a result class to have more
tightly defined return values from
the loginscanner classes
2014-04-21 15:11:56 -05:00
David Maloney aa1d1be786
do not create sessions with scanner
the session creation behaviour is
currently inextricably linked to module
behaviour. We will have our scanner class
only return success status. The calling module
will be responsible for opening sessions afterwards.
2014-04-21 11:38:48 -05:00
David Maloney 7571fe1f68
fix host validation
host validation was buggy, fixed it
2014-04-21 11:34:40 -05:00
David Maloney 9a15a2be04
basic login attempt functionality
groundowkr now layed for trying
authentication attempts on the
SSH LoginScanner, with test coverage
2014-04-18 20:08:28 -05:00
David Maloney 85349ccec4
SSH connection exception handling
added in the exception handling
around the Net::SSH conenction
in attempt_login
2014-04-18 18:13:05 -05:00
David Maloney 17b4d4a416
Add more attributes and validations
Added some more attributes neccesary
for the actual running of the login scan
as well as accompanying validations and
specs
2014-04-18 16:23:35 -05:00
David Maloney 756488b581
last of the validations
finalized validation for SSH lgoinscanner
2014-04-16 13:34:23 -05:00
David Maloney bf20ed5812
add validations for cred_details
Adds validator for the cred_details
attribute on the SSH Login Scanner.
Makes sure propper input is always supplied
for the scanner.
2014-04-16 13:20:14 -05:00
David Maloney 434391c308
add host validations to ssh scanner
add validations to the :host attribute
on the SSH LoginScanner
2014-04-16 10:26:00 -05:00
David Maloney 02a17b8612
namespace change to Metasploit
chaning the code to live in the namespace of
Metasploit::Framework instead of Msf::Auxiliary

MSP-9683
2014-04-15 17:11:25 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Luke Imhoff 0bb79ba890 Msf::DBManager#import_msf_xml refactor
[#46491831]

Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns.  The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
Luke Imhoff f1a4fd937a Specs for activerecord patch
[#46141013]

Spec the desired behavior for ConnectionPool prior to removing the patch
to sync with upstream 3.2.12.
2013-03-18 11:01:45 -05:00