Commit Graph

154 Commits (39e3f9f8923756718fba83449ece4b2c821a52d3)

Author SHA1 Message Date
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Meatballs 4ef3de84f3
get some more test cases 2014-08-01 14:34:17 +01:00
Meatballs 92669cd4d6
Use parser 2014-05-20 22:26:13 +01:00
Meatballs 0a2b79ccd1
Tidyup parser 2014-05-20 22:04:59 +01:00
Meatballs 09af023a71
Merge in parser 2014-05-20 21:56:35 +01:00
HD Moore 231138da1b Fix a typo in the nexpose raw importer 2014-04-03 07:12:45 -07:00
Jonathan 26482f9ebd reset head~2 and removed shebang from unattend.rb 2013-11-09 15:05:56 -05:00
Tod Beardsley f6675f3120
Reordered case statements 2013-10-18 13:21:28 -05:00
William Vu 93ff9ec501 Create methods for start_element for readability 2013-10-18 12:20:43 -05:00
William Vu ff69e9fd05 Move product info code to a better location 2013-10-18 12:07:34 -05:00
William Vu e6cccedad0 Append vuln info to vuln description 2013-10-18 11:31:54 -05:00
William Vu 12151650e4 Add product info to hosts and services :) 2013-10-17 16:18:27 -05:00
William Vu 06c7943f54 Import hostnames without breaking everything 2013-10-17 15:31:48 -05:00
William Vu 920e406526 Import CVE refs and db.emit all the things 2013-10-17 14:29:54 -05:00
William Vu ad8af02021 Add my wonderfully simplistic Outpost24 parser 2013-10-15 16:34:46 -05:00
Tod Beardsley 7cc2ad55a6
Land #1770, unattend.xml snarfing modules 2013-09-27 16:04:38 -05:00
Tod Beardsley 63d638888d Get rid of interior tabs 2013-09-27 16:04:03 -05:00
Tod Beardsley d869b1bb70 Unless, unless everywhere. 2013-09-27 15:55:57 -05:00
Tod Beardsley f4e2e0ac11 Clear report_data on each host report 2013-09-18 17:11:22 -05:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin 2846a5d680 Retab changes for PR #1770 2013-09-05 14:57:40 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Joe Vennix 34e732eabd Kill stray character in whitespace gutter. 2013-07-16 10:14:41 -05:00
Samuel Huckins e20385dd9e Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
David Maloney 0f21861921 Add task handling to imports
allow imports to carry along task info

[Story #49167601]
2013-05-23 13:33:19 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
Meatballs d8430c83cf Add simple rspec 2013-04-26 00:47:00 +01:00
Meatballs 668dd78587 Msftidy 2013-04-26 00:21:31 +01:00
Meatballs e2bf4882f0 Add domain join parse 2013-04-26 00:20:10 +01:00
Meatballs 235887ccb5 Finished 2013-04-25 23:25:05 +01:00
James Lee c3fa62cd59 Whitespace at EOL 2013-03-07 18:16:57 -06:00
Tod Beardsley bfd58e9570 Add a comment doc for future parser writers 2013-01-18 14:59:41 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
James Lee a0e6c7043b Add actual cdata handler
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.

[SeeRM #7665]
2013-01-07 17:16:48 -06:00
James Lee 8bfca52941 Clear state for new vulns
[FixRM #7665]
2013-01-07 16:27:40 -06:00
James Lee 3f9c459545 Fix ArgumentError when importing netsparker xml 2013-01-07 12:21:08 -06:00
Meatballs1 e60d10bd3d Repackage as single module pull 2012-12-13 09:40:36 +00:00
HD Moore a8266bd831 Fix up odd reference normalization cases 2012-07-08 11:25:32 -05:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore a393f8d62d Apply the console ID if specified 2012-06-25 01:37:38 -05:00
HD Moore 19c18a3e4e Record the device_id correctly in the nexpose raw import 2012-06-25 01:23:16 -05:00
HD Moore a8f7ea901a Fix cache counters for vuln_attempts, tweak nexpose 2012-06-17 21:55:11 -05:00
HD Moore a892fce320 Indent only subsequent list items 2012-06-17 20:55:19 -05:00
HD Moore 9ceba4421a Bullet formatting rendered poorly, remove these and keep indents 2012-06-17 20:49:22 -05:00
HD Moore 39a77024e2 Parse solutions/descriptions into a slightly less ugly format 2012-06-17 19:27:25 -05:00
HD Moore be9b7a88fb Complicate the matching process in the name of memory
and loading speed. Use optional match_details param
to find matching vuln instances.
2012-06-17 00:07:00 -05:00