7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
ed84336149
Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
...
Refactor the creds command
2014-06-12 12:24:09 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
9b9de12a38
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msf/core/framework.rb
2014-06-06 12:04:53 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
90b52814b1
fix some spec issues for recent changes
2014-06-06 11:52:49 -05:00
82464bd6aa
Update version spec
2014-06-06 10:16:44 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
5ae5448005
Join killed threads to ensure cleanup
...
MSP-9653
2014-06-05 12:40:24 -05:00
33a9f8c43f
Add spec for userpass_file
2014-06-05 11:54:59 -05:00
45c26343a1
Add spec for pass_file
2014-06-05 11:51:11 -05:00
b1136752be
Add Credential#== to facilitate specs
2014-06-05 11:37:48 -05:00
262deac155
Fixing the failing specs
...
for some reason on my box sock.closed? isnt being called. stubbing it out
Kernel.select is being called and cant cast a mock object to an IO object
ok to fix this I'm stubbing select on the scanner object then the call wont
get passed onto the Kernel module
2014-06-05 11:21:34 -05:00
41644970bf
Add a CredentialCollection
...
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
ca63d2201e
Update init_module_paths spec to match Rails::Engine behavior
...
MSP-9653
2014-06-02 14:26:35 -05:00
1295028595
Remove unneeded MetasploitDataModels.require_models
...
MSP-9653
Models are loaded using railties features.
2014-06-02 13:54:38 -05:00
15fffb1668
Adding in some tests
...
cleaning up the regex a bit
MSP-9678
2014-06-02 13:50:30 -05:00
f2a2975bc1
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-06-02 10:56:54 -05:00
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
d95b0497a7
add more specs
...
added more specs around telnet specific validations
2014-05-29 11:11:19 -05:00
572e4f2bdf
Fix dumb missing options and add spec
2014-05-28 16:32:38 -05:00
1bc2140fa6
Telnet LoginScanner basics
...
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
07a61ae696
adding in changes from before my vacation..
...
MSP-9678
2014-05-28 13:18:28 -05:00
821a62627a
final spec cleanup
2014-05-28 09:56:26 -05:00
ca4c942ceb
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-28 09:40:44 -05:00
967b0d49b1
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-05-28 09:39:56 -05:00
c975d4dc49
some minor cleanup items
2014-05-28 09:26:19 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
2b75a53c93
Add basic rspec for portspec_to_portlist
2014-05-24 23:46:26 +02:00
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
fbacf80839
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-22 14:39:17 -05:00
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
09af023a71
Merge in parser
2014-05-20 21:56:35 +01:00
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
8a2f05b7d2
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-20 10:28:33 -05:00
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
d9687d87f9
Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
...
Specs passing post update.
MSP-9667 #land
2014-05-16 11:29:31 -05:00
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
efd0db9c39
Merge branch 'upstream-master' into HEAD
2014-05-15 13:53:16 -05:00
8a9abb90c0
Add specs for connection error conditions
2014-05-15 10:06:17 -05:00
e9b3f10ba7
Drying up some of the status codes
...
MSP-9678
2014-05-14 17:02:26 -05:00
59050d9bf1
Add specs for WinRM, improve those for HTTP
2014-05-14 15:13:29 -05:00
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
...
MSP-9686
2014-05-14 13:24:13 -05:00
a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
...
MSP-9686
2014-05-14 13:22:41 -05:00
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
08a7acef3f
Make sure fail case is correct
...
`rand(1000)` would return 0 one in a thousand times, causing this test to
randomly fail at that interval
2014-05-14 10:22:47 -05:00
162038bde4
Merge pull request #19 from rapid7/feature/login_scanner/smb
...
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
2a13010bfb
Fix faulty spec
2014-05-13 14:15:00 -05:00
f5751d6a85
first pass at attempt_login for DB2
...
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
5dcf3efd1a
skeleton for DB2 loginscanner
...
add basic skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
638ae477d9
Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
...
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
cba39a9a04
Adds spec for 'hex-all' mode
2014-05-12 12:01:06 -05:00
7f98d1630e
specs for VNC Loginscanner
...
cover remaining behaviour for the
VNC LoginScanner class.
2014-05-12 11:29:27 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
f84d763382
refactoring conditional logic
...
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
4e76330643
Add skeleton for VNC lgoinscanner
...
Add skeleton and specs for the VNC Loginscanner
MSP-9686
2014-05-09 11:55:15 -05:00
8b937b7c35
Merge branch 'master' into staging/electro_release
2014-05-09 11:46:08 -05:00
c77412d373
Merge pull request #13 from rapid7/feature/login_scanner/mysql
...
Add LoginScanner for MySQL
MSP-9676 #land
2014-05-08 15:05:24 -05:00
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql
2014-05-08 13:55:09 -05:00
2d2b5ea9e4
Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb
2014-05-08 13:45:06 -05:00
13fe8c0869
Default Credential#paired to true
2014-05-08 13:34:31 -05:00
20edabb0f5
mySQL Loginscanner with specs to match
...
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
102eb85277
Update CommandDispatcher::Db spec
2014-05-08 03:05:49 -05:00
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
2014-05-07 18:34:34 -05:00
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
acbff23c32
final wrap-up specs
...
successkid.jpg
2014-05-07 16:07:18 -05:00
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
507fe566a4
Merge branch 'master' into staging/electro_release
2014-05-06 11:36:19 -05:00
dc38212741
Fix function parsing
2014-05-05 20:53:36 +01:00
e946046de5
Add methods spec
2014-05-05 19:08:18 +01:00
0b886db406
Script specs and remove unknown method
2014-05-05 19:01:36 +01:00
0177e51148
Finish obfu specs and use rig
2014-05-05 18:47:25 +01:00
6ab85027a4
More spec
2014-05-05 17:47:30 +01:00
162b6a8ab9
Add output spec
2014-05-05 14:48:18 +01:00
589d235a80
Simple param spec
2014-05-05 13:46:52 +01:00
5e6f57f711
fix up some more specs
...
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
0dd22395eb
use credential objects inside results
...
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
4995fcdced
Shared Examples for RexSocket mixin
...
shared example group for the Loginscanner RexSocket
mixin. Pretty simple stuff, just trying to keep it
DRY.
2014-04-30 15:47:52 -05:00
1cd3f3f0da
finished first shared example group
...
base behaviour is now defined in shared
example group and the specs all use that
shared example group
2014-04-30 14:40:37 -05:00
a4cc311106
test base behaviour in shared examples
...
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
a08421b30f
apply reasonable defaults
...
give each lgoinscanner the ability to select
reasonable defaults for certain attributes
2014-04-30 13:56:29 -05:00
e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
...
Conflicts:
lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
...
MSP-9684 #land
2014-04-29 15:21:56 -05:00
e8ea6a86b5
add specs for snmp
...
add specs for the snmp loginscanner
and modify the specs to Result class
to account for the access_level attribute
2014-04-29 14:49:35 -05:00
2b4006089b
Land #3298 , @wvu-r7's fix for db_import and its spec
2014-04-28 17:29:52 -05:00
b860cecad6
Function spec (doesnt pass)
2014-04-28 14:09:39 +01:00
c02fb21c3b
Finalized specs for sshkey
...
shkey loginscanner now compelte along
with specs
2014-04-25 15:20:33 -05:00
9964548b41
Amend spec for db_import help
2014-04-25 14:28:29 -05:00
e2d6a57db1
fix spec filename
...
had an extra underscore
2014-04-25 14:27:10 -05:00
0fcfb9d655
add proxies to ssh scanner
...
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
35a039848c
add sshkey loginscanner
...
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
3ae8c3ff46
Basic specs
2014-04-25 18:14:39 +01:00
8031e50d35
Make Exploitation::Powershell testable
...
Example test
2014-04-26 13:27:25 +01:00
318ae46085
Remove puts
2014-04-26 12:59:19 +01:00
3f5cc13bf8
Better eof test
2014-04-25 17:15:12 +01:00
2346d583ed
touchups and specsfor FTP Scanner
...
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
838a444b23
first pass of FTP LoginScanner
...
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
d85e4b1313
Error if encode_inner and encode_final
2014-04-25 15:47:36 +01:00
ae574bec2b
Correct spec
2014-04-25 15:42:48 +01:00
5b9ec72395
Remove read_script spec
2014-04-25 15:40:52 +01:00
206184007f
Move methods and rename file so it is run by rspec
2014-04-25 15:16:15 +01:00
3a66723741
nake scan! more generic
...
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
72a2849bf1
Better specs
...
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
58c3bf0e59
Further speccage
2014-04-23 06:08:39 +01:00
c4cfa42e5b
More specs
2014-04-23 02:37:19 +01:00
36dd10e1c2
add the renamed spec
...
renamed spec for credential class
forgot to add it
2014-04-22 11:05:58 -05:00
526bb4989a
more explicit requires
...
LoginScanner module brings in all the deps
while the individual classes require
the module then to get their deps.
2014-04-22 10:28:01 -05:00
645eef51b7
Rename CredDetail to Credential
...
it was felt this was better naming
for the class. Refactored all occurence
2014-04-22 10:25:36 -05:00
f35314b9f0
adjust Msf::Util::EXE for newer file output
...
Newer releases of File have a much different output when given a jar
file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine.
Failure/Error: verify_bin_fingerprint(format_hash, bin)
expected: /zip/i
got: "/dev/stdin: Java archive data (JAR)\n" (using =~)
Tested and confirmed working with file 5.17 on Gentoo Linux.
2014-04-22 02:21:09 -05:00
f079d3f3a9
move requires into module
...
move all the requires into the LoginScanner
module area to clean up requires
2014-04-21 19:14:50 -05:00
9c6528f13f
use the CredDetail class
...
now that we have the new CredDetail
class, use it instead of hashes
2014-04-21 18:58:23 -05:00
1a6ef8dced
allow for balnk passwords
...
have to alter validation slightly
to allow for blank passwords
2014-04-21 18:57:28 -05:00
fd1777a79f
add CredDetail class
...
rather than passing dumb hashes around
added a CredDetail class that comes
with it's own conditional validations
2014-04-21 18:26:38 -05:00
de2bb7d66c
dd tests for #scan!
...
the scan! method is mostly done
and has unit tests
2014-04-21 17:59:50 -05:00
2e11f80a98
refactor to use Result class
...
we now use a Result class to handle
all result codes from the login attempt
2014-04-21 15:35:16 -05:00
d313047532
add loginscanner result class
...
add a result class to have more
tightly defined return values from
the loginscanner classes
2014-04-21 15:11:56 -05:00
aa1d1be786
do not create sessions with scanner
...
the session creation behaviour is
currently inextricably linked to module
behaviour. We will have our scanner class
only return success status. The calling module
will be responsible for opening sessions afterwards.
2014-04-21 11:38:48 -05:00
67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075
2014-04-19 18:45:55 +01:00
9a15a2be04
basic login attempt functionality
...
groundowkr now layed for trying
authentication attempts on the
SSH LoginScanner, with test coverage
2014-04-18 20:08:28 -05:00
85349ccec4
SSH connection exception handling
...
added in the exception handling
around the Net::SSH conenction
in attempt_login
2014-04-18 18:13:05 -05:00
17b4d4a416
Add more attributes and validations
...
Added some more attributes neccesary
for the actual running of the login scan
as well as accompanying validations and
specs
2014-04-18 16:23:35 -05:00
613612eecb
Merge branch 'master' into feature/ssh_login_scanner
2014-04-18 11:16:18 -05:00
756488b581
last of the validations
...
finalized validation for SSH lgoinscanner
2014-04-16 13:34:23 -05:00
bf20ed5812
add validations for cred_details
...
Adds validator for the cred_details
attribute on the SSH Login Scanner.
Makes sure propper input is always supplied
for the scanner.
2014-04-16 13:20:14 -05:00
434391c308
add host validations to ssh scanner
...
add validations to the :host attribute
on the SSH LoginScanner
2014-04-16 10:26:00 -05:00
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
60c879c824
specs for port validation
...
created specs for port validation
MSP-9683
2014-04-15 17:25:55 -05:00
02a17b8612
namespace change to Metasploit
...
chaning the code to live in the namespace of
Metasploit::Framework instead of Msf::Auxiliary
MSP-9683
2014-04-15 17:11:25 -05:00
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
3c9507c30c
Adds invalid exception class
...
adds an invalid exception class to the
LoginScanner namespace.
MSP-9683
2014-04-15 13:23:24 -05:00
e4a61e2730
Fix Module.new bug and test for vhost
2014-04-14 18:01:13 -05:00
7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes
2014-04-12 00:58:27 -05:00
e09f887c4c
Revert "Fixes large-string expansion in JSObfu."
...
This reverts commit 14fed8c610
2014-04-11 16:51:47 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
ea8c15ba47
Land #3241 back into master
2014-04-11 15:08:01 -05:00
bbc72c3e1c
Update spec to reflect the correct version.
2014-04-11 12:29:26 -05:00
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
9779913060
Land #3184 , Rex::Proto::Http::Client IOError fix
2014-04-03 15:58:50 -05:00
3504ddc633
Fix http spec.
2014-04-03 14:50:54 -05:00
92c6113a7c
Fix broken spec for Rex::Text.randomize_space
2014-04-02 11:48:50 -05:00
8ab03f3aeb
Use Array#sample in randomize_space
2014-04-01 14:09:07 -05:00
ec7bb6de54
Land #2969 , random name generator for phishing
2014-04-01 13:00:55 -05:00
35d3e064b2
Update spec for #3162
2014-03-28 21:18:26 -05:00
355cda0a43
Add specs for random name and e-mail methods
...
Babby's first RSpec. Style is consistent with the rest of the tests.
2014-03-28 16:47:52 -05:00
617e916511
fix specs from change
...
spec changes to go with the previous code change
2014-03-18 13:52:17 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
78393057fe
Fix failing spec
2014-03-10 16:40:46 -05:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
2a87973d3c
Use be instead of eq.
2014-03-03 21:55:12 -06:00
a382b78f80
Oops, $ and _ need to be in the spec.
...
* Repeats the random check 20 times for each spec.
2014-03-03 21:54:09 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
e8b10db73b
Dropped a space.
2014-03-03 15:48:44 -06:00
1352e5eacb
Add presence spec.
2014-03-03 15:47:30 -06:00
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
6574a06bc3
Whitespace fix.
2014-03-02 20:55:07 -06:00
4514e32df8
Remove spec changes, oops.
2014-03-02 20:54:22 -06:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
1ca690eccf
Do some rspec
2014-03-02 20:37:08 +00:00
8be99fc299
Fix payload_generator.format_payload rspec
...
The platform should match.
2014-02-25 16:37:21 -06:00
a098c08f2f
pend out bad spec
2014-02-13 15:44:05 -06:00
f7a4dc967d
remove obsolete msfvenom spec
2014-02-05 16:38:44 -06:00
b3db623277
add shellcode file fixture
...
add shellcode file fixture for specs
2014-02-05 11:01:40 -06:00
508f251db2
add cli compat
...
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
fc9105d862
final generation and specs
...
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
4dcae920f8
add specs for generate_java_payload
...
pretty self-explanatory
2014-02-04 17:40:59 -06:00
70d8246791
finish wiring up the final generation
...
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
c8b7dc30b4
added encoding routines
...
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
3b648346da
starting in on encoders
...
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
4a82bc74cf
added nop sled generator
...
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
3e945418df
specs for added shellcode
...
add specs around adding extra shellcode to the payload
2014-02-02 22:17:52 -06:00
bb5f5542f0
generating raw payload bits now
...
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
f9c31f988e
test platform selection
...
added tests around platform selection
2014-02-02 16:52:41 -06:00
f5d730e874
write specs around initialiser
...
added specs around object initialisation
2014-02-02 16:05:11 -06:00
e265d6f54c
begining of payload generator
...
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
2ea3b46988
Remove to_s inside #{}
2014-01-23 14:21:48 -06:00
5073d3201f
Update rspec for ms08_067 check
...
The original version doesn't return a check if the host is invalid,
looks like it was forgotten. The new version will return Unknown
instead.
2014-01-22 16:10:14 -06:00
0a3ee573bc
Uncomment spec_helper require
2014-01-22 11:58:10 -06:00
2b7a993f65
Land #2902 , updated PJL spec
2014-01-22 11:57:28 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
1c1597973e
Update PJL rspec to comply with guidelines
...
Basically the updated version is more explicit. If a moethod doesn't
return anything but might raise an error, then we focus on that.
Also use . to # for instance methods.
2014-01-22 03:34:49 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
6110ad72b3
Update tests and ensure full coverage
2014-01-16 15:11:04 -06:00
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
7b206d6094
Ensure full coverage
2014-01-12 23:10:47 -06:00
f9fc54980a
retab
2014-01-12 22:54:43 -06:00
b8dd4b08c8
Add rspec
2014-01-12 22:53:11 -06:00
65b50b236d
Put classes under a module
2014-01-12 15:54:56 -06:00
02d5931739
Add method scan_by_checksum for virustotal.rb
...
Allows the user to scan files based on checksusm (without actually
uploading them to VT)
2014-01-12 15:45:16 -06:00
bd91e36e06
Land #2851 , @wchen-r7's virustotal integration
2014-01-10 19:12:56 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
862f0e27b3
Modify msfvenom spec
2014-01-09 18:30:46 -06:00
b43a221959
Land #2855 , Rex::Socket refactor and specs
2014-01-09 16:20:50 -06:00
442c98bc05
Add spec for fixed bug
2014-01-09 15:18:03 -06:00
1519af33f5
Refactor `getaddress` in terms of `getaddresses`
2014-01-09 11:03:24 -06:00
01f350964f
Add specs for some stuff in Rex::Socket
2014-01-09 10:19:19 -06:00
9ddef2fbc9
Update rpsec and the script
2014-01-08 13:22:38 -06:00
cc51c2033e
Fix unreliable spec
...
Sometimes "localhost" resolves to more than one address
2014-01-08 10:16:32 -06:00
b7ce3c5812
Add rspec
2014-01-08 02:34:43 -06:00
9c23910b69
Refactor Socket::Range
...
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
2ed9772080
Fix unhandled exceptions when resolution fails
2014-01-07 12:00:04 -06:00
a6b25d3323
Add failing spec for invalid hostname bug
2014-01-06 17:49:27 -06:00
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
59be4316fe
Land #2793 , Msf::Util::EXE RSpec failure fix
2014-01-01 21:50:18 -06:00
cce354762d
Altered case by request
2013-12-31 16:09:11 -08:00
2cc4fa35cf
Land #2785 , @todb-r7's support for post modules on msfcli
2013-12-23 12:05:40 -06:00
fc792bdaae
Fix for Rspec failure in Msf::Util::EXE
...
[FixRM #8723 ]
2013-12-21 02:49:44 -07:00
52a4e55804
Land #2781 - Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
2013-12-20 11:25:50 -06:00
ca23b32161
Add support for Procs in browserexploit requirements.
2013-12-19 12:49:05 -06:00
709a7bfb99
Land #2754 - Created standalone module for cpassword AES decrypt
2013-12-19 12:13:21 -06:00
284b3507ce
Convert gpp_standalone.rb into a standalone script in tools
2013-12-19 12:10:00 -06:00
6422ad2145
Adds ability to load post modules in msfcli
...
This is mainly important for normal load testing. It'd be unusual to
actually want to use this functionality with msfcli since post modules
already need established sessions in order to do something.
[SeeRM #8719 ]
2013-12-19 11:53:40 -06:00
764fd09cc3
Increase duration timeout task manager
...
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
d7b022de5a
Land #2598 , offline updates and msfupdate refactor
2013-11-19 15:58:29 -06:00
a79e137a7a
Fix db_spec
2013-11-19 14:07:41 -06:00
e6c43bfe34
Allow stubbing stdin in msfupdate
2013-11-15 17:15:15 -06:00
823aa3a6f7
Validate arguments to msfupdate before updating
2013-11-15 17:01:08 -06:00
730edc4bf5
Always exit from maybe_wait_and_exit
...
Previously calling maybe_wait_and_exit wouldn't actually exit. This was
the wrong behavior.
2013-11-15 17:00:41 -06:00
8ea83ed1c6
Test the old wait/nowait behavior
2013-11-15 15:31:01 -06:00
314e8fd570
Refactor msfupdate so it is testable
2013-11-15 15:24:35 -06:00
0aef145f64
Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa
2013-11-13 18:11:21 -06:00
16627c1bd3
Add spec for capture_lsa_key
2013-11-13 15:16:34 -06:00
5e342debbc
Don't be dopey in the RSpec version matching
2013-11-13 13:04:26 -06:00
3500cf06d4
Add a spec for version checking.
2013-11-13 12:49:57 -06:00
3168359a82
Refactor lsa and add a spec for its crypto methods
2013-11-13 11:55:39 -06:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
f16aa91302
mv rspec
2013-11-11 18:32:43 -06:00
b48950d383
Remove blanket pending test for exe_spec
...
SeeRM #8436
SeeRM #8668
The fix for #8668 is more surgical than the previous fix for #8436 , and
may prove to be more useful
2013-11-11 16:27:42 -06:00
8ab7964aa7
improve regex
2013-11-11 15:29:34 -06:00
9b3211af6b
Add regex patterns for OSX files
2013-11-11 15:20:00 -06:00
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
c338f7a8c0
Change how requirements are defined, rspec, etc
2013-11-06 14:01:29 -06:00
f2e4d5507c
More rspec
2013-11-06 01:45:40 -06:00
73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
90b91ec2cd
Add testcase for on_request_exploit
2013-11-05 12:53:16 -06:00
73e72a6488
Update the detect_spec testcase
2013-11-05 01:14:12 -06:00
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
054a525f35
Change profile data structure
2013-11-04 17:46:36 -06:00
ed572d95ee
Merge joev's PR for Rex::Exploitation::Js::Network
2013-11-04 12:58:08 -06:00
c6fb570480
Correct bad method naming
2013-11-04 12:35:04 -06:00
dc076273f7
Add another test for profile
2013-11-04 11:12:26 -06:00
03ee1d070e
fix server.start_service
2013-11-04 11:06:32 -06:00
bed2ea9e39
rename some stuff
2013-11-04 11:02:05 -06:00
9a8e45f451
be_nil
2013-11-04 10:57:01 -06:00
f98587181d
let 'linux'
2013-11-04 10:55:47 -06:00
6e0690754f
let 'random'
2013-11-04 10:54:15 -06:00
480b876a11
non_existent_profile
2013-11-04 10:51:31 -06:00
8bfa252496
Restate this test
2013-11-04 10:49:48 -06:00
34b5136aa4
use let for requirements
2013-11-04 10:47:52 -06:00
1d5643d53c
Match Rspec terminology
2013-11-04 10:37:41 -06:00
7d975dfa87
Fix spec to refer to postInfo().
2013-11-02 16:54:22 -05:00
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
094abdd093
rspec this
2013-11-01 14:59:21 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
135648c171
Add the new rspec files
2013-10-21 20:18:36 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
5280bcf3f8
Update rspec files
...
Remove some junk code
2013-10-21 17:13:01 -05:00
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
73b8eb0f83
Add rspec files to make sure the javascript files are loadable.
2013-10-18 15:14:26 -05:00
b3e02d0fd8
Land #2477 , add specs for ROPDB
2013-10-10 15:05:52 -05:00
72a35d14f1
Mark broken tests as pending
...
These tests are broken a few different ways.
[SeeRM #8463 ]
also see: https://github.com/rapid7/metasploit-framework/pull/2477
2013-10-08 11:49:42 -05:00
8b7d241dc3
Use a named subject
2013-10-07 12:28:50 -05:00
d8dba8ee58
Fix ropdb spec according to @limhoff-r7's comments
2013-10-07 09:51:21 -05:00
41e87d83a6
Add rspec for Rex::Exploitation::RopDb
2013-10-04 00:54:07 -05:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
2fb770f73e
Land #1569 , MSI payloads
...
The bins are signed by Meatballs, everything looks good here, so
landing. Thanks for your patience on these!
2013-09-27 16:29:27 -05:00
7cc2ad55a6
Land #1770 , unattend.xml snarfing modules
2013-09-27 16:04:38 -05:00
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
120cca8bb3
Retab unattended_spec to avoid conflicts
2013-09-27 13:44:33 -05:00
5bab85fcda
Use a context for #parse
2013-09-27 13:04:18 -05:00
6345fb2788
Use described_class
2013-09-27 12:59:10 -05:00
7d9d98c9eb
Land #2421 , update to cookie parsing specs
2013-09-27 11:45:33 -05:00
8f957a5394
Add spec for new #to_h method
2013-09-27 11:27:31 -05:00
103a64a32a
Indent like a sane person.
2013-09-27 10:22:46 -05:00
623aeb367f
Set a context for #get_cookies
2013-09-27 10:12:11 -05:00
467c503fb9
DRY with a cookie_sanity_check method
2013-09-27 10:07:28 -05:00
5e95df1370
Convert local variables to HEREDOC methods
2013-09-27 10:02:22 -05:00
57862125b9
Use shuffle and *splat operator to test arrays
...
Also, move the local variables to inside the describe block to avoid any
future scope issues.
2013-09-27 09:53:04 -05:00
0aa2556dfc
Use described_class, not a new constant
2013-09-27 09:32:15 -05:00
3d28003285
updated get_cookies rspecs
2013-09-25 22:56:13 +02:00
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
11bdf5d332
New pull
2013-09-19 19:57:38 +01:00
e80cda4ace
Merge branch 'master' into spike/exe_generation
2013-09-12 12:36:10 -05:00
5773a009f5
Merge branch 'spike/exe_generation' of github.com:/dmaloney-r7/metasploit-framework into spike/exe_generation
2013-09-09 12:17:36 -05:00
d6e4e46d86
better validation of buffer register
2013-09-09 12:16:15 -05:00
35ec21cc97
Update test gems
...
This should not affect core Metasploit Framework as it only updates gems
in the test group (and dependencies of those gems).
2013-09-06 09:34:05 -05:00
cf69577433
Remove rpsec should_not raise_error deprecations
...
Checking that a specifc error is not raised is deprecated in rspec:
https://github.com/rspec/rspec-expectations/pull/244
2013-09-06 09:34:05 -05:00
4760000bca
Replace mock with double in specs
...
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
2013-09-06 09:34:05 -05:00
269c1a26cb
Merge for retab
2013-09-05 14:57:32 -05:00
63612a64e9
Merge for retab
2013-09-05 14:08:09 -05:00
53c3f6b2db
Deconflict
2013-08-30 10:52:42 +01:00
eba6762977
Land #2270 , Util::EXE refactor
...
With a minor rebase to fix a commit message
[Closes #2270 ]
Conflicts:
spec/support/shared/contexts/msf/util/exe.rb
2013-08-28 21:49:59 -05:00
fbbfb0a26d
Merge and rescue ex correctly
2013-08-28 21:39:56 -05:00
5a424ab4df
Allow user supplied buffer register
...
let the user pick, otherwise default to edx
2013-08-26 13:15:12 -05:00
369535b4e3
Some more specs
...
added a few specs to validate the generated exe.
could use some more love, but it's a start
2013-08-25 13:25:31 -05:00
239fd4840e
Update spec
2013-08-25 19:21:05 +01:00
8f47aa6dcb
Basic Injector class
...
create a class for injecting payloads
into an exe template as a new section
2013-08-24 16:11:00 -05:00
9ea17ef1e1
Merge upstream
2013-08-24 03:34:02 +01:00
3fae6c51c8
Initial exe-service
2013-08-24 03:28:47 +01:00
ffc575dcc2
Whitespace in spec
2013-08-24 00:47:16 +01:00
9e2d9da017
Make spec exercise non-exes
2013-08-24 00:33:06 +01:00
92d57ef37d
Fix merge conflict
...
Conflicts:
msfvenom
2013-08-13 00:00:16 -05:00
81defe8113
Add the string_list.txt fixture back
2013-08-09 15:39:40 -05:00
02f460287b
Revert "OptString specs and better validation"
...
This reverts commit d66779ba4c
2013-08-09 15:30:42 -05:00
55147d9bde
Fix regex to work on OSX's file(1)
2013-08-06 14:00:35 -05:00
3c8bc6b522
More coverage for msfcli spec
2013-07-31 04:37:36 -05:00
18c0f879fa
More code coverage for msfcli_spec
2013-07-30 21:31:53 -05:00
97adb2a49e
Move get_stdout inside 'describe Msfcli' statement
2013-07-28 23:37:33 -05:00
f274a9605a
Change path for msfcli rspec, and use spec_helper
2013-07-28 23:33:46 -05:00
ed51d284fa
Change name, change how data is passed, fix rspec
2013-07-24 17:15:56 -05:00
d493346691
Land #2137 , fixes and specs for Opt containers
2013-07-23 15:58:09 -05:00
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
86ab942435
Land #2146 , Unix and Windows path normalization
2013-07-23 15:23:41 -05:00
bb16683415
Land #2087 , @egypt's random ID generator
2013-07-23 13:52:08 -05:00
8b0aac2d3c
Add another test case for having a trailing slash for unix path
...
If a trailing path exists in the original input, should keep it.
This test case should verify that.
2013-07-22 23:23:40 -05:00
2be0b84ba8
Not Windows format, Unix.
2013-07-22 22:37:36 -05:00
4ea176b5ee
Add another test case
2013-07-22 22:35:19 -05:00
958a4edd73
Keep the trailing slash if the user wishes
2013-07-22 20:46:18 -05:00
359009583f
Drop support for UNC path parsing in normalize_win_path
...
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
2013-07-22 20:20:45 -05:00
8656fcf5e0
Update the test description a little better
2013-07-22 19:35:52 -05:00
4b3fce9349
Add functions to normalize Winodws & Unix paths
...
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri. Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
2013-07-22 19:26:04 -05:00
b0c74dbb8b
Land #2120 , specs for command_dispatcher
2013-07-22 16:33:19 -05:00
03cd3ff4eb
adding new lines to the end of files.
2013-07-22 16:26:45 -05:00
943dde5c6c
OptRegexp specs
2013-07-20 18:44:55 -05:00
2fc397b251
OptRaw specs
2013-07-20 17:57:52 -05:00
d66779ba4c
OptString specs and better validation
2013-07-20 17:49:03 -05:00
d6f2b28708
More opt specs
2013-07-20 17:37:39 -05:00
18200c8490
passing all of my changes into rubymines formatter
...
this should convert everything over to tabs
fixing a filename error and some white space at the EOL
2013-07-20 17:32:05 -05:00
7c8f7329e9
integrate with egypt's already better specs
2013-07-20 16:46:16 -05:00
ec82644bd3
mo fixes mo specs
...
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
7b05ac2036
Remove inapplicable comment.
2013-07-18 13:42:55 -05:00
f8b5f1b284
Adds specs for different ref types.
2013-07-18 13:35:04 -05:00
57dd525714
More optaddressrange specs and fixes
...
SEERM #7536
2013-07-18 13:03:32 -05:00
49bb484d14
Adding in specs for ui command dispatchers
...
SEERM #4821
while looking into what it would take to fix bug 4821, I found that there are no specs
for any of the other methods in command dispatcher. I have attempted to add stubs for a
few of the methods and tested a few of the help outputs.
2013-07-18 12:56:21 -05:00
f4b0ab8184
Adds 141 passing specs to Msf::Module#search_filter.
...
* tests exclusion functionality, type: matching, port: matching, app: matching,
platform: matching, author: matching, text: matching, name: matching, and
path: matching.
[RM #4790 ]
2013-07-18 12:47:08 -05:00
22e4db04e0
opening specs and fixes for OptAddressRange
2013-07-18 12:44:48 -05:00
27e2469d8e
Specs and code changes for OptAddress
...
handles wierness around Optaddress.
Still need to address isues in optaddressRange
FIXRM #7537
2013-07-17 20:21:24 -05:00
273046d8f0
Add a class for generating random identifiers
...
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037 .
2013-07-09 02:06:44 -05:00
00c7581099
Fix constant names and 'exe-only'
...
That'll teach me to commit before the specs finish.
Really [FixRM #8149 ]
2013-07-06 12:39:15 -05:00
1b504197be
Check equality instead of regex
...
Thanks, @Meatballs1 for finding the cause of this bug!
[FixRM #8149 ]
2013-07-06 12:29:37 -05:00
60a7ad551e
Derp, missed file
2013-07-05 17:02:45 -05:00
d10f082741
Maybe fix travis? Works on my box
2013-07-05 16:58:19 -05:00
8e2df73f2c
Add spec for case-insensitive options
...
See #2027
2013-07-05 16:06:00 -05:00
da5a321be2
Derp, wrong method name
2013-07-05 15:39:52 -05:00
4432894401
Abstract the dumper tests
2013-07-05 15:35:08 -05:00
2841624fdd
Refactor spec and add more docs
2013-07-05 15:18:17 -05:00
40a3da2b32
Reorganize spec a bit
2013-07-05 14:44:44 -05:00
819c275e4b
Make comment a little clearer
2013-07-05 12:23:27 -05:00
5ff8a58bc5
Make sure linux payloads produce /bin/sh
2013-07-03 17:04:11 -05:00
8a13dc5a62
Add a couple more tests
2013-07-03 15:59:21 -05:00
e330916744
Pull out common stuff in Util::EXE/MsfVenom tests
2013-07-03 12:25:15 -05:00
ffb28feaa9
Add spec for #dump_nops
2013-07-02 02:53:30 -05:00
95451862d6
More msfvenom refactoring
...
* Make @framework into a caching method instead
* Allow instantiating with streams for where payloads and comments
should go. This allows us to capture std{out,err} when running specs
* Specs are still woefully under-representative
* Get rid of all the calls to exit
2013-07-02 02:02:11 -05:00
4b2ae4ef6a
Refactor msfvenom into a class
...
Also adds some minimal testing... which is super slow because it doesn't
cache the framework object across tests.
Conflicts:
msfvenom
Hopefully picked up all the relevant fixes from #2027
2013-07-01 17:51:12 -05:00
0d78a04af3
Clean up exe spec a bit
2013-07-01 17:36:58 -05:00
3ad5dede26
Add spec for elf mips* and exe-only formats
...
Also a rudimentary test for win32_rwx_exec
2013-07-01 17:36:38 -05:00
e483fe444d
Add spec for HttpServer#hardcoded_uripath
2013-06-21 15:59:15 -05:00
e8a92eb196
Keep better track of resources
...
[See #1623 ]
[SeeRM #7692 ]
2013-06-21 14:51:47 -05:00
d7e3c5cdb3
Rspec: Ensure PacketFu is actually still available
...
PacketFu should be required from the gem, not from the shipped msf
library. Several modules depend on it being available, so this rspec
test mostly just ensures that Msf::Exploit::Capture mixin is still
around.
2013-06-10 16:02:50 -05:00
5955397882
Use a more descriptive subject
...
Also removes the unnecessary (and now broken in 2.0) checks for
respond_to? on accessors.
2013-06-07 13:27:40 -05:00
0f2ea755c5
Add encoding comment to spec files for 2.0 compat
2013-06-07 13:27:39 -05:00
64bc6b5c2b
Migrate factories to mdm
...
let mdm handle msot of the factories
2013-06-01 14:25:30 -05:00
e0e348a17e
Specs to ensure File.mtime error is caught.
...
[#47720609 ]
2013-05-30 13:09:40 -05:00
4ba571346e
Spec Msf::Simple::Framework#init_module_paths
...
[#47720609 ]
2013-05-24 12:33:42 -05:00
1a487e476d
Merge branch 'master' into bug/module-load-cache-update
2013-05-23 14:23:14 -05:00
2b70ec2e08
Payload compatible cache_in_memory
...
[#47720609 ]
Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class. Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void]. Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
2013-05-22 16:06:02 -05:00
57576de85f
Update in-memory cache to fix file_changed?
...
[#47720609 ]
Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
2013-05-22 12:28:42 -05:00
eede80509f
Reuse appropriate terminology in docs
...
[#47720609 ]
Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes. Change some 'name'
variables to 'reference_name' since that's the proper terminology.
2013-05-21 08:19:47 -05:00
a70d63ebad
Spec Msf::ModuleManager#on_module_load
...
[#47720609 ]
2013-05-20 14:52:37 -05:00
89bd5b4791
Reset column information after running migrations
...
[#50179803 ]
[SeeRM #7967 ]
[SeeRM #7870 ]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
398dcfa8cb
Merge branch 'master' into bug/migrations
2013-05-20 12:49:33 -05:00
0e435d378c
Move Msf::DBManager#migrate(d) to module
...
[#50179803 ]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
1df08cfa49
Add specs to prevent dupe migrations_paths regression
...
[#50099107 ]
Add specs to verify that the duplicate migrations_paths protection
works.
2013-05-17 15:15:57 -05:00
c8657fb46b
Fix Mdm::Module::Detail#stance bug
...
[#49858419 ]
[SEERM #7958 ]
metasploit_data_models 0.14.3 relaxes the validation on
Mdm::Module::Detail#stance so it only needs to be in
Mdm::Module::Detail::STANCES if Mdm::Module::Detail#mtype is 'auxiliary'
or 'exploit' as framework only supplies a stance for those types when
using Mdm::Module::Detail.
2013-05-17 11:58:10 -05:00
bc92b43408
Update to metasploit_data_models 0.11.0
...
[#47979793 ]
2013-05-09 13:25:26 -05:00
a5648a8830
Merge branch 'master' into feature/mdm-module-namespace
...
Conflicts:
Gemfile
Gemfile.lock
lib/msf/core/db_manager.rb
2013-05-08 13:22:41 -05:00
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
de5c856188
get_cookies spec
2013-04-26 21:21:11 +01:00
249a09cd52
Update to metasploit_data_models 0.7.1
...
[#47979793 ]
2013-04-26 13:14:38 -05:00
5e2634f155
Merge the rest of #1765
...
This merge and commit f2838ee
2013-04-26 12:18:14 -05:00
f2838eed92
Land #1765 , before each fixes to rspec
2013-04-26 12:09:05 -05:00
a12dbbaee7
Use :each instead of :all here, too
2013-04-26 11:49:30 -05:00
590b8a3e26
Added rspec
2013-04-26 00:50:29 +01:00
e2dece6f0e
Make sure xor encoders work with odd padding
2013-04-25 15:45:06 -05:00
9207ed6532
Msf::Ui::Console::CommandDispatcher::Core#search_modules_sql spec
...
[#47979793 ]
2013-04-25 14:33:13 -05:00
1ec6884bfa
Use before(:each) instead of :all
...
Fixes deprecation warnings in newer rspec like these
WARNING: subject accessed in a `before(:all)` hook at:
/metasploit-framework/spec/lib/rex/post/meterpreter/packet_spec.rb:455:in `block (3 levels) in <top (required)>'
This is deprecated behavior that will not be supported in RSpec 3.
Also switches to using named subjects for easier reading.
2013-04-25 10:28:30 -05:00
24b97137ea
Msf::DBManager Mdm::Module* specs
...
[#47979793 ]
2013-04-25 09:46:53 -05:00
93bddd9041
Improved docs and partial specs for Rex::Text
...
Conflicts:
lib/msf/core/modules/loader/base.rb
lib/rex/poly/block.rb
lib/rex/text.rb
2013-04-23 17:24:03 -05:00
4b0e639cf1
Do not mock on nil.
...
[#47979793 ]
Using `should_not_receive` on `nil` gives `nil` a permanent
`@mock_proxy`, which causes Marshal.dump to fail in later tests (see
https://travis-ci.org/rapid7/metasploit-framework/builds/6502350 ). By,
checking there are no NoMethoErrors raised, nil can be tested as
parent_module, but works around the RSpec issue
(https://github.com/rspec/rspec-mocks/issues/274 ).
2013-04-22 10:25:01 -05:00
be0c61a207
Change spec structure to reflect module/classes for Msf::DBManager
...
[#47979793 ]
Multiple files define Msf::DBManager, but it's better to have one spec
for Msf::DBManager, so change spec structure to reflect module and class
hierarchy instead of file hierarchy of defining files.
2013-04-20 16:51:29 -05:00
492b081280
Msf::DBManager::Export#extract_module_detail_info spec
...
[#47979793 ]
2013-04-20 16:44:42 -05:00
3bf3cfccc6
Use be_within to loosen tolerance for Time comparisons
...
[#47979793 ]
[#48414569 ]
Even though using Timecop locally on OS X makes the `should == <Time>`
work, it fails on travis-ci, so try using `should
be_within(1.second).of(<Time>)` instead.
2013-04-19 12:07:12 -05:00
e5befb7094
Msf::DBManager#report_session specs
...
[#47979793 ]
2013-04-19 10:11:33 -05:00
2c681005c0
Msf::ModuleManager::Cache spec coverage
...
[#47979793 ]
2013-04-15 13:08:12 -05:00
0709395570
Msf::ModuleManager::Loading shared example
...
[#47979793 ]
2013-04-12 15:18:16 -05:00
ff7a8e6351
Msf::ModuleManager::ModulePaths shared example
...
[#47979793 ]
2013-04-12 15:14:04 -05:00
e3ab2e9747
Fix specs with bundler groups
...
Also output warnings when running Rake when the db group isn't included.
2013-04-12 10:46:00 -05:00
7d5f010e4e
Fix typo in spec let
...
[#46491831 ]
The root element was web_page in the source for example that tests that
import_msf_web_vuln_element creates an Mdm::WebVuln. The root element
name did not actually matter for the example, but it looked like an
error and was confusing to read the setup that root element was web_page
instead of the correct web_vuln.
2013-04-02 09:11:43 -05:00
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
8c6a9d5622
Turn shared prefixes into directories
...
[#46491831 ]
Change the shared msf_modules_* prefixes in spec/support/shared/* into
directories.
2013-03-28 15:39:07 -05:00
2075a7b46c
Remove active_record patch
...
[#46141013 ]
Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
f1a4fd937a
Specs for activerecord patch
...
[#46141013 ]
Spec the desired behavior for ConnectionPool prior to removing the patch
to sync with upstream 3.2.12.
2013-03-18 11:01:45 -05:00
2604fad164
Allow use of rake db tasks
...
[#46224565 ]
The following rake tasks are added and work similar to how they work in
rails apps:
* db:create
* db:drop
* db:migrate
* db:migrate:status
* db:rollback
* db:schema:dump
* db:schema:load
* db:seed (but no db seeds defined at this time)
* db:setup
* db:version
The hidden task db:test:prepare is also available, which means `rake
spec` can depend on it so that the test database is dropped and
recreated from the development database when running specs (Although
there are yet to be database tests, this branch is in preparation for
that work that will be split between multiple developers.)
2013-03-14 15:46:18 -05:00
f321cea4cd
Slightly more readable assertion
2013-03-07 14:45:58 -06:00
8abcc5a1d4
Whitespace
2013-03-07 14:34:44 -06:00
7332d31523
fix some style things for egypt
2013-03-07 11:11:48 -06:00
f253b28ae0
sponge left in patient
2013-03-05 07:48:07 -06:00
6eb334c925
a little more coverage
2013-03-05 00:01:09 -06:00
d909c00036
better spec coverage
2013-03-04 23:43:18 -06:00
3a72fa4ea0
address sslv2 issues in specs
...
the ubuntu sslv2 thing caused all kinds of issues with rspec
handling this by expecting those exceptions properly or doing away
with sslv2 where it isn't needed in the examples
2013-03-04 21:45:44 -06:00
3bb1b2b368
attempt to deal with specs
2013-03-04 19:25:20 -06:00
dc7c02e9e8
still trying to get around this sslv2 thing
2013-03-04 18:18:01 -06:00
246977e0cf
Address openssl sslv2 issues
...
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
2013-03-04 17:39:28 -06:00
13ad5cf150
Merge branch 'master' into feature/ssl/add_cipher_support
2013-03-04 15:07:32 -06:00
cb18b81503
Add spec to ensure auth is sane
2013-03-04 11:59:30 -06:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
5a79fcd11e
Ensure we build only one Authorization header
...
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
425c245771
Axe set_cgi in favor of set_uri
...
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
David Maloney
Samuel Huckins
James Lee
Brandon Turner
Luke Imhoff
Lance Sanchez
Trevor Rosen
Christian Mehlmauer
Lutz Wolf
Meatballs
nstarke
Jeff Jarmoc
William Vu
Lance Sanchez
jvazquez-r7
Rick Farina (Zero_Chaos)
sinn3r
Tod Beardsley
joev
Timothy Swartz
jvazquez-r7
Tab Assassin
Joe Vennix