a04ad3aa8c
Update print_error to reflect new usage
2014-10-10 14:38:26 -05:00
26743b4c38
Rewrite existing code to use HasActions
...
And fix a bug in the initial use case where mod.action was dropped.
2014-10-10 14:35:54 -05:00
7e7e0259e4
Fix tab completion for post actions
2014-10-10 12:24:23 -05:00
238a30a769
Update print_error to include post modules
2014-10-10 12:12:43 -05:00
48d2343152
Fix #3985 - check command should elog
2014-10-10 01:06:37 -05:00
08aee23966
Extract Msf::DBManager::Vuln
...
MSP-11124
Extract all methods related to `Mdm::Vuln`s from `Msf::DBManager`.
2014-10-09 15:47:34 -05:00
2fa02f5c44
Extract Msf::DBManager::Note
...
Extract all methods related to `Mdm::Note`s.
2014-10-09 15:29:07 -05:00
0bc71ecd24
Extract Msf::DBManager::Loot
...
MSP-11124
2014-10-09 15:15:40 -05:00
cb9bdd96c7
Extract Msf::DBManager::Import
...
MSP-11124
Extract all methods dealing with imports.
2014-10-09 14:51:24 -05:00
d18dcf5961
Extract Msf::DBManager::ExploitedHost
...
MSP-11124
Extract methods related to `Mdm::ExploitedHost`s.
2014-10-09 12:54:04 -05:00
a535d236f6
Land #3947 , login scanner for jenkins by @nstarke
2014-10-09 12:59:02 -04:00
ceba04d556
Extract Msf::DBManager::Cred
...
MSP-11124
Extract methods related to `Mdm::Cred`s.
2014-10-09 11:41:04 -05:00
0284edf430
Extract Msf::DBManager::Service
...
MSP-11124
Extract methods related to `Mdm::Service`s.
2014-10-09 11:31:29 -05:00
0cfac32290
Extract Msf::DBManager::Host
...
MSP-11124
Extract methods related to `Mdm::Host`s.
2014-10-09 11:11:36 -05:00
bb26f4f303
Extract Msf::DBManager::Wmap
...
MSP-11124
Extract methods that are commented as related to WMAP.
2014-10-09 10:13:34 -05:00
b0147c994a
Extract Msf::DBManager::IPAddress
...
MSP-11124
Extract the IP address validation methods to
`Msf::DBManager::IPAddress`.
2014-10-09 09:35:19 -05:00
3a96ae9be9
Move #match_values to Msf::DBManager::ModuleCache
...
MSP-11124
`#match_values` is only used in `#search_modules`, so `#match_values`
should be grouped with `#search_modules` in
`Msf::DBManager::ModuleCache`.
2014-10-09 09:18:03 -05:00
d4a94366a6
Extract Msf::DBManager::ModuleCache
...
MSP-11124
Extract methods related to the module cache state and maintenance to
`Msf::DBManager::ModuleCache`.
2014-10-09 08:53:41 -05:00
ee0de997d5
Extract Msf::DBManager::Workspace
...
MSP-11124
Gather together all workspace related methods into
`Msf::DBManager::Workspace` and include it in `Msf::DBManager`.
2014-10-08 15:46:35 -05:00
a64036f6cf
Move Msf::DBManager#sync to Msf::DBManager::Sink
...
MSP-11124
The comment on `#sync` says it's related to `sink`, so move it into its
Module.
2014-10-08 15:38:56 -05:00
a054259ee5
Extract Msf::DBManager::Sink
...
MSP-11124
Extract attributes and methods associated with the deprecated sink.
2014-10-08 15:26:28 -05:00
1d766ba95b
Rename dump_auxiliary_action{,s}
...
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
f30309fe81
Land #3919 , @wchen-r7's Fixes #3914 , Inconsistent unicode names
2014-10-08 14:46:14 -05:00
f6a9cfcc52
Break away the elsif into a separate if
...
In case exploits support actions for some crazy reason in the future.
2014-10-08 14:30:41 -05:00
15f9461279
Merge db.rb into db_manager.rb
...
MSP-11124
The class name is DBManager, so the correct file name is db_manager.rb
2014-10-08 14:27:22 -05:00
cffc74d571
Extract Msf::DBImportError
...
MSP-11124
2014-10-08 14:14:35 -05:00
b2ba6e7ae1
Make the code more maintainable
...
Despite the code around it.
Thanks for the advice, @jlee-r7!
2014-10-08 14:14:28 -05:00
7a5ce19735
Fix code style
...
MSP-11124
Fix comment style and order methods.
2014-10-08 14:07:05 -05:00
6824515949
Fix indentation and whitespace in Msf::DatabaseEvent
...
MSP-11124
2014-10-08 14:04:21 -05:00
2206a86387
Extract Msf::DatabaseEvent
...
MSP-11124
Extract `Msf::DatabaseEvent` from `lib/msf/core/db.rb` into a more
conventional `lib/msf/core/database_event.rb`.
2014-10-08 14:01:58 -05:00
dbc199ad77
space after commas
2014-10-08 13:56:59 -05:00
6b3d70ce00
Fix code style in Msf::ServiceState
...
MSP-11124
2014-10-08 13:52:42 -05:00
46156fbbc6
Fix indentation in Msf::ServiceState
...
MSP-11124
2014-10-08 13:50:26 -05:00
57d9dc306c
Extract Msf::ServiceState
...
MSP-11124
Extract Msf::ServiceState from `lib/msf/core/db.rb` and put it into
`lib/msf/core/service_state.rb`.
2014-10-08 13:45:15 -05:00
c0ef2c7938
Support post modules
...
I kinda hate this code.
TODO: Get rid of and/or and the extra parens.
2014-10-08 13:23:50 -05:00
0708ac1361
Fix comment style in Msf::HostState
...
MSP-11124
2014-10-08 11:47:04 -05:00
5ecd194a0d
Fix indent in Msf::HostState
...
MSP-11124
2014-10-08 11:43:28 -05:00
6e6780da86
Split Msf::HostState into own file
...
MSP-11124
2014-10-08 11:37:59 -05:00
a8b5bf4625
Show selected auxiliary action
2014-10-07 14:34:41 -05:00
eed0958de5
Fixing Comment
...
Comment was incorrect and needed to be fixed.
2014-10-07 11:28:40 -05:00
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
17f278effd
Fix #3822 - Support file:// syntax for check()
2014-10-06 13:37:14 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
097d2bfbb5
Land #3922 : Metasploit Park banner
2014-10-03 16:32:56 -05:00
d048bb7725
Add some color to the msfpark banner
...
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
f2fc0d88ef
Lands #3943 , changes to engine require
2014-10-03 14:26:50 -05:00
0bb4eac259
Rename the method for optional requires
...
MSP-11412
2014-10-03 14:06:13 -05:00
88cbf22ef0
Optionally require mdm, as well
...
MSP-11412
2014-10-03 13:49:39 -05:00
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
6f50ef581c
Land #3935 - Fix SNMP scanners on OS X/FreeBSD
2014-10-02 16:38:36 -05:00
6d7870a4ac
Land #3934 - New :vuln_test option to BES
2014-10-02 16:31:50 -05:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
dabec92e61
Ensure require of metasploit/credential/engine is optional
2014-10-02 14:46:56 -05:00
7ed1977d0b
Specific require all metasploit gem dependencies' engines
...
MSP-11412
2014-10-02 14:20:10 -05:00
0820a4fe6a
Land #3933 - Fix cmd_exec with Python Meterpreter on OS X
2014-10-02 13:48:19 -05:00
0dfd8e25b8
Land #3846 , Rex::ImageSource specs
2014-10-02 12:33:56 -05:00
7861b17e16
Use write() to fix SNMP on osx/freebsd.
2014-10-02 09:15:43 -05:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
a75d47aad9
Use yardoc for new methods
...
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
909ac522d1
Add metasploit-park.txt banner to msfconsole
...
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
1e2d860ae1
Fix #3914 - Inconsistent unicode names
2014-09-30 12:19:27 -05:00
7163b8c55a
Fixes #3915 - NoMethodError private method `rhost'
...
There's no self.rhost, but rhost is defined
2014-09-30 11:34:16 -05:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
8fa666b75d
Verbose messages on why a connection is closed
2014-09-28 17:41:21 -07:00
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
e14dd9900b
Land #3896 , Change Max LOGLEVEL to 3
2014-09-28 09:18:29 +01:00
67c25c20ca
Land #3357 , Run Local Exploits in AutoRunScript
2014-09-28 09:12:26 +01:00
3fc57109e6
Dont rescue Exception
2014-09-28 09:12:03 +01:00
ae82ebc734
Change max LogLevel to 3
...
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
52ffddd639
Adds domain and url options to DHCP/PXE server, lands #3889
...
There are serious style and code quality issues with this class and normally I would push for a full refactor, but given the urgency of delivering DHCP functionality to support the bash issues, we will have to refactor the DHCP Server code another day.
2014-09-25 22:43:51 -05:00
bdac82bc7c
Fix lib/msf/core/exploit/dhcp.rb
2014-09-25 22:18:26 -03:00
5dde73bb51
Add domain name and url options to DHCP server
2014-09-25 19:58:42 -03:00
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
5d234c0e01
Pass #send in this so jsobfu is not confused.
2014-09-24 15:07:14 -05:00
650b65250f
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2014-09-22 11:51:10 -07:00
4e9f1282de
Land #3834 , @jabra-'s updates to UDPscanner to support spoofing
2014-09-22 11:49:53 -07:00
e86b18cdd4
Add sanity check for NUM_REQUESTS
2014-09-22 11:48:39 -07:00
a677749f5b
Add specs for #read_asciiz and fix bugs there
2014-09-22 12:14:21 -05:00
f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling
...
MSP-11368
2014-09-22 10:00:07 -05:00
ebacb26e51
Land #3838 , msfvenom badchar fix
2014-09-22 03:08:57 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
e1cfc74c32
Move jsobfu to a mixin
2014-09-21 00:39:04 -05:00
cd037466a6
upate doc
2014-09-20 23:40:47 -05:00
9191af6241
Update js_obfuscate
2014-09-20 23:38:35 -05:00
a9420befa4
Default to 0
2014-09-20 21:39:20 -05:00
046045c608
Chagne option description
2014-09-20 21:38:57 -05:00
fd5aee02d7
Update js_obfuscate
2014-09-20 21:36:17 -05:00
7bab825224
Last changes
2014-09-20 18:39:09 -05:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
d9a713b415
Decode the badchars string correctly.
2014-09-20 17:48:03 -05:00
cd8b1318e0
send data based on input not @probe
2014-09-20 15:18:58 -04:00
3fb00ece9e
refactored the code based on PR feedback
2014-09-20 14:10:00 -04:00
d52236fe05
Land #3835 - JSObfu to a gem
2014-09-20 01:38:45 -05:00
8e1b00ce95
Adds JSObfu.disabled for spec stubbing, fixes BES specs.
2014-09-19 20:42:05 -05:00
0f4be63903
Move JSObfu a gem then pull it into the Rex namespace.
2014-09-19 19:10:39 -05:00
5884cbc196
Optimize skip logic in #update_all_module_details
...
MSP-11368
Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`. This change is a 8.20% average reduction in boot
time compare to b863978028b5c3c87790https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
2014-09-19 15:34:10 -05:00
b16085baa6
Land #3244 , @dmaloney-r7's fix for integer comparisions on metasm
2014-09-19 15:31:37 -05:00
8b5a146067
Wrap Array#include? usage
...
MSP-11368
Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
2014-09-19 14:38:12 -05:00
c216cf8c53
added spoofing capabilities to udp_scanner
2014-09-19 10:29:05 -04:00
b863978028
Remove fastlib
...
MSP-11368
MSP-11143
Remove fastlib as it slows down the code loading process. From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10). The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10). This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
5ff4a55cd2
smb connection error not setting result properly
...
if the initial connection from the SMB LoginScanner fails
it wouldn't set the target information on the result. this could cause
smb_login to throw a stack trace when it calls invalidate_login
2014-09-16 15:24:14 -05:00
e5aa5c4014
missing postgres rescues
2014-09-16 15:04:07 -05:00
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner)
2014-09-16 14:51:24 -05:00
4c3c8e5337
Land #3795 , various LoginScanners shored up
2014-09-16 13:55:26 -05:00
b028424152
Land #3752 - add "show missing"
2014-09-16 13:45:13 -05:00
aeed66b694
missing mysql rescue
2014-09-16 13:41:03 -05:00
d708de07a3
return the lgoinscanner class name in an invalid exception
...
when a loginScanner throws an Invalid exception , the message
will now include the classname of the Scanner that threw it.
2014-09-16 13:24:08 -05:00
6decd3cbd2
fix exceptions thrown in telnet loginscanner too
2014-09-16 10:09:59 -05:00
bf8f7221c7
rescue exceptions in check_setup
2014-09-15 13:52:17 -05:00
7d4c4c3658
Land #3699 , @dmaloney-r7's ipboard login refactor
2014-09-15 08:29:42 -05:00
6bd3675f03
Land #3680 , add specs for Rex::MIME
2014-09-13 00:34:39 -05:00
6a2a85d2c4
Land #3789 , adds specs for Rex::Proto::Http::Packet::Header
...
orts
2014-09-13 00:21:43 -05:00
917a7ffa1e
Add specs for valid IPBoard application
2014-09-12 16:08:03 -05:00
b80519dc16
Lands #3779 , specs
...
MSP-11343
Merge specs that I missed during last merge.
2014-09-12 14:49:26 -05:00
f68628c487
Add minimal specs for rex/proto/http/packet/header
2014-09-12 14:30:27 -05:00
12e3cb3c6a
Land #3764 - Add specs for Rex::Encoder::NonAlpha
2014-09-12 12:09:55 -05:00
2977e8e102
Add msfcli (M)issing
2014-09-12 10:25:13 -05:00
425874315c
Add show missing
2014-09-12 10:23:12 -05:00
0d054d8354
Update with master changes
2014-09-12 09:52:32 -05:00
b8d31891f8
Clean YARD documentation
2014-09-12 09:32:32 -05:00
ba848c963a
Fix rake when cucumber gem is not present
2014-09-11 22:31:57 -05:00
55519d8867
Land #3781 , my addition of Metasploit::Concern to msf.
2014-09-11 16:57:24 -05:00
706655f755
Land #3779 , Glassfish LoginScanner exception
...
MSP-11343
2014-09-11 15:57:47 -05:00
0ed7f19eb2
Land #3780 , msfelfscan use correct offsets
2014-09-11 15:28:18 -05:00
8654b63c58
Make sure Metasploit::Concern is accessible everywhere.
2014-09-11 14:46:35 -05:00
0663355237
catch connectionreset in ftp login scanner
...
add exception rescue for Errno::ECONNRESET
2014-09-11 14:39:36 -05:00
37e6173d1f
Make Metasploit::Concern a first-class dep.
...
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
a8e3ff0c0f
Add specs to verify server header matching
2014-09-11 11:42:38 -05:00
9151c2c79d
Add docstrings and avoid multiple returns
2014-09-11 10:50:42 -05:00
20e48a233a
Explicitly set @version to nil if we can't detect
2014-09-11 10:30:52 -05:00
11004ab7c6
typo fix
2014-09-11 16:27:35 +03:00
be0c68d8bb
BUGFIX: wrong imagebase used
2014-09-11 12:33:09 +02:00
88cacd000e
flags for phdr.p_flags added
2014-09-11 12:31:44 +02:00
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
65287e41cd
Land #3773 - Fix windows cmd redirection in firefox payloads
2014-09-10 13:25:42 -05:00
1bb6573570
Fix windows cmd redirection in ff payloads.
2014-09-10 00:47:05 -05:00
99c9d5a578
Land #3683 , cucumber tests for msfconsole
2014-09-09 21:28:45 -05:00
1b4ceec4f9
Land #3743 - Add specs for Rex::Arch::X86
2014-09-09 17:24:08 -05:00
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
b8000517cf
Land #3746 , reinstate DB_ALL_CREDS
2014-09-08 17:24:12 -05:00
William Vu
sinn3r
Luke Imhoff
Spencer McIntyre
jvazquez-r7
nstarke
James Lee
Tod Beardsley
Samuel Huckins
Matt Buck
Christian Mehlmauer
Joe Vennix
HD Moore
Meatballs
Ramon de C Valle
Jon Hart
Josh Abraham
David Maloney
Cucumber
Brandon Turner
Cenk Kalpakoğlu
Sascha Schirra