Commit Graph

1067 Commits (5ac1ee1d734b43db4813260b5695a1bd1223ebf3)

Author SHA1 Message Date
William Vu 1ee83ff57e
Land #3696, pile of NTP DRDoS 0days
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
Joe Vennix a27754c5c1
Tweak specs a bit. 2014-08-24 02:41:37 -05:00
Joe Vennix 120f416f9c
Add spec for Msf::EncodedPayload.create. 2014-08-24 02:36:09 -05:00
Joe Vennix 6313b29b7a
Add #arch method to Msf::EncodedPayload.
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
jvazquez-r7 8945f04ffd Add specs for Msf::HTTP::JBoss::BeanShell 2014-08-22 16:13:38 -05:00
jvazquez-r7 f57dd9a224 Add specs for #generate_bsh 2014-08-22 15:39:58 -05:00
jvazquez-r7 2b3058869f Add Msf::HTTP::JBoss::BeanShellScripts specs 2014-08-22 15:36:29 -05:00
jvazquez-r7 7ee5423310 Add specs for Msf::HTTP::JBoss::Base 2014-08-22 15:11:27 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
jvazquez-r7 da0950df24
Land #3674, @todb-r7's patch for RangeWalker spec 2014-08-22 11:57:14 -05:00
Joe Vennix 95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
jvazquez-r7 fd05e634e8 Move once more let into describe 2014-08-21 10:41:37 -05:00
jvazquez-r7 b0a4ea6750 Move let helpers to describe groups 2014-08-21 10:39:16 -05:00
jvazquez-r7 6301d79162 Describe setters just expecting how assignement to properties should happen 2014-08-21 10:34:52 -05:00
jvazquez-r7 54395e38a0 Use a part subject to describe #add_part 2014-08-21 10:29:44 -05:00
jvazquez-r7 9dcc95fb04 Fix Rex::MIME::Message#initialize boundaries parsing 2014-08-20 10:22:38 -05:00
jvazquez-r7 e8a6307df1 Fix Rex::MIME::Header#parse 2014-08-20 09:42:44 -05:00
jvazquez-r7 e5fc0a007f Add some Message specs 2014-08-20 09:31:49 -05:00
jvazquez-r7 e4b586a96d Add specs for add_part_inline_attachment 2014-08-20 08:32:58 -05:00
jvazquez-r7 381c88f814 Add specs for add_part and add_part_attachment 2014-08-19 17:06:59 -05:00
Tod Beardsley a4c6a10edb
The .foo domain is live now.
I still kinda hate these tests, though, since they fail in wildcard DNS
environments (like OpenDNS).
2014-08-19 16:47:30 -05:00
jvazquez-r7 0585b13398 Add first specs for Rex::MIME::Message 2014-08-19 15:17:17 -05:00
sinn3r 311cc5befb
Land #3668 - Add specs for Rex::Exploitation::HeapLib 2014-08-19 13:14:24 -05:00
sinn3r 7bf637716a
Land #3663 - Add specs for Rex::Exploitation::EncryptJS 2014-08-19 13:08:14 -05:00
sinn3r ad241910d0 This is more invalid than the other one 2014-08-19 10:39:50 -05:00
David Maloney 473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
sinn3r 17b03e7d34 Fix rspec due to an invalid dns becoming valid 2014-08-19 10:28:30 -05:00
jvazquez-r7 663e11f16b Add specs for Rex::MIME::Part 2014-08-18 18:03:27 -05:00
jvazquez-r7 85662d5ccd Add specs for Rex::MIME::Header 2014-08-18 17:33:26 -05:00
jvazquez-r7 73ac0e9537 Add specs for Rex::MIME::Encoding 2014-08-18 16:04:08 -05:00
jvazquez-r7 f812d2619c Fix load_js when opts[:newobfu] and add specs 2014-08-18 13:50:19 -05:00
jvazquez-r7 3dae6ee934 Not prefixing the class when describing method 2014-08-18 12:19:30 -05:00
jvazquez-r7 2dc579d467 Add template for specs 2014-08-18 12:16:20 -05:00
jvazquez-r7 75df32b1d3 Use single quoted strings out of the spec strings 2014-08-18 11:43:54 -05:00
jvazquez-r7 4ffd166918 Add specs for Rex::Exploitation::EncryptJS 2014-08-18 11:31:36 -05:00
Vincent Herbulot 2b59337e9a Jboss spec modifications.
Various changes in the jboss spec to match the newly refactored
methods in lib/msf/http/jboss.
2014-08-18 17:19:09 +02:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
David Maloney fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
Jon Hart 8e626c1b60
Add rspec coverage for Msf::Auxiliary::DRDoS 2014-08-09 21:12:10 -07:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Luke Imhoff a37244c14e
Fix specs
MSP-10998
2014-08-01 21:55:10 -05:00
Luke Imhoff 9096a8a1f5
Remove Msf::Framework::VersionAPI
MSP-10998

It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
Luke Imhoff 22db5aad8a
Remove Msf::Framework::VersionCore
MSP-10998

It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
David Maloney dbde046f44
use to_h instead of to_hash
apparently ruby 2 adds this as a standard method so
we should stay compliant
2014-08-01 09:45:51 -05:00
David Maloney 0e65792f43
Merge branch 'staging/electro-release' into feature/loginscanner-report-dry 2014-08-01 09:41:30 -05:00
Brandon Turner 915e09ac50
Update framework version spec and Gemfile 2014-08-01 09:26:38 -05:00
Meatballs b4111df381
Retab spec 2014-08-01 14:41:20 +01:00
Meatballs 4ef3de84f3
get some more test cases 2014-08-01 14:34:17 +01:00
Meatballs 1fb4216d6d
Update spec 2014-08-01 12:08:03 +01:00
David Maloney 374c6532fa
add to_hash to Credential
begining of the chain to DRYing up
credential reporting in the loginscanner
2014-07-31 18:10:48 -05:00
Meatballs 53b66f3b4a Land #2075, Powershell Improvements 2014-07-31 00:49:39 +01:00
James Lee ef59d88f64
Fix spec failure due to workspace mismatch
Also fixes intermittent failure from FactoryGirl picking a heinous
Origin type.
2014-07-30 11:26:35 -05:00
us3r777 2efeb850ee Added spec to lib/msf/http/jboss 2014-07-29 02:04:57 +02:00
us3r777 9e9244830a Added spec for lib/msf/http/jboss
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
jvazquez-r7 79fe342688
Land #3558, @FireFart's improvements to wordpress mixin 2014-07-28 09:52:20 -05:00
James Lee c65db18090
Add rudimentary specs and fix some help wording 2014-07-28 09:19:09 -05:00
darkbushido 064d624322
changing Credential == operator
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
Christian Mehlmauer baff003ecc
extracted check version to module
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
Luke Imhoff 14fa49cdeb
Update spec to handle Mdm::Service#proto sequence
MSP-10029

Mdm::Service factories were changed in metasploit_data_models 0.19.0 to
use a sequence that cycles between 'tcp' and 'udp'.  To make the spec
clearer, just hard-code the protos under test instead of relying on
default behavior.
2014-07-22 09:47:35 -05:00
jvazquez-r7 ef12a632f6 Change filename 2014-07-22 08:20:32 -05:00
jvazquez-r7 72c2c07495 Add the specs, really 2014-07-21 17:39:51 -05:00
Tod Beardsley ffafd4c01f
Add NTP fuzzer from @jhart-r7
Looks good to me!
2014-07-21 12:38:12 -05:00
Meatballs 474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
Meatballs b28343842f Address @jhart-r7's comments 2014-07-20 21:00:34 +01:00
scriptjunkie 8fe508207c Merge Meatballs' gpp_again pull into new branch 2014-07-19 11:10:14 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
sinn3r 4fb58202fa
Land #3529 - Handle Rex::AddressInUse exception 2014-07-16 13:57:41 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
Matt Buck eff2defdde
Fix bug due to Metasploit::Model::Login::Status refactor
MSP-10718
2014-07-16 04:14:45 -05:00
David Maloney 939e585658
refactor all loginscanners
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
jvazquez-r7 4098979448 Add spec 2014-07-15 13:06:53 -05:00
David Maloney 846679bef9
change Result status
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
2014-07-11 11:33:12 -05:00
James Lee 147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release 2014-07-10 13:52:21 -05:00
David Maloney 8833429987
make shared example usage more readable
this seems less obtuse
2014-07-10 12:58:13 -05:00
David Maloney 7dc58d060e
make only one each method
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
David Maloney 87e6ede123
Merge branch 'master' into staging/electro-release 2014-07-10 08:44:12 -05:00
James Lee 0daa395007
Fix specs for LoginError cases 2014-07-09 18:11:20 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict.
Conflicts:
	Gemfile.lock
2014-07-09 17:43:42 -05:00
David Maloney 0c4e53ce5a
fix up specs
a whole bunch of spec changes needed for
these changes.

alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
David Maloney 24fced822e
coerce realm_key when it exists
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee 4d4b8078f8
Unify SSH specs as well 2014-07-07 13:41:08 -05:00
James Lee 71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 13:19:34 -05:00
James Lee b7cfc927c4
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
James Lee 325d2d25b9
Fix requires and derp typos 2014-07-07 10:09:45 -05:00
jvazquez-r7 14b1ed5290 Add spec for comma separated cookies 2014-07-06 16:23:43 -05:00
James Lee 311f43f1e4
Constpocalypse 2014-07-03 18:49:46 -05:00
jvazquez-r7 405de05e4b Add specs for module_flavors 2014-07-03 10:31:39 -05:00
Jon Hart bc3ac1ee36 Correct private message format, update tests 2014-07-03 08:27:27 -07:00
James Lee b7a55d402d
Add likely service ports and names for HTTP 2014-07-02 23:41:31 -05:00
James Lee 9dde47a0bc
Add a simple classes_for_service method 2014-07-02 23:31:56 -05:00
Jon Hart 1830bdc7a5 Add rspec coverage for Rex::Proto::NTP 2014-07-01 12:29:47 -07:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
dmaloney-r7 0a6a5a0a12 Merge pull request #92 from rapid7/feature/MSP-9912/metamodule-refactor-ssh-key
Feature/msp 9912/metamodule refactor ssh key
2014-06-27 11:48:57 -05:00
Spencer McIntyre 1b4b4fd1c0 Update the cmdstager spec ArgumentError text 2014-06-27 08:34:57 -04:00
jvazquez-r7 dcd0e77f9e Change #compatible? method name because it's used by Module 2014-06-27 08:34:56 -04:00
jvazquez-r7 af568c856a Add CMStager specs 2014-06-27 08:34:56 -04:00
Lance Sanchez b5351eec2b
adding .to_credential
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
2014-06-26 11:05:59 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
Matt Buck 27ef12bafe
Land #3478, disallow port 0 for portspec
[Closes #3478]
2014-06-25 15:46:30 -05:00
David Maloney 42bfe8ba4f
make portspec specs not insane
the specs for the portspec_to_portlist method
need a lot of work. this gives us some btter minimum coverage
2014-06-25 14:10:06 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
2014-06-25 13:24:07 -05:00
James Lee f225ac92ab
Refactor smb_login
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
OJ bba8bd3498
Land #3446 -- Meterpreter bins gem switch 2014-06-25 03:00:11 +10:00
James Lee 85611702f9 Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor 2014-06-23 23:58:47 -05:00
Tod Beardsley c71eb1aa4e
Add specs for changed object UI 2014-06-22 13:05:17 -05:00
Tod Beardsley 53d0aba305
Add some specs for changed object Priv 2014-06-22 12:54:10 -05:00
Spencer McIntyre 05d4a1ab2c
Land #3342, Support negation in portspec 2014-06-21 18:14:50 -04:00
Tod Beardsley f90e8f00e5
Add the first few specs
Coverage for meterpreter and client core, just the bits I'm changing. I
intend to make liberal use of doubles, since they're easier than mocks
and all I care about is the changed behavior. I refuse to fall into a
trap where I need to first spec out aaaaaalllll of Metepreter just to
make this one change.
2014-06-20 13:18:55 -05:00
David Maloney 99b1702559
Merge branch 'master' into staging/electro-release
Conflicts:
	lib/msfenv.rb
2014-06-20 11:38:47 -05:00
jvazquez-r7 4203e75777
Land #3408, @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950 2014-06-20 10:27:32 -05:00
jvazquez-r7 330caa8c13 Fix specs 2014-06-20 00:08:55 -05:00
jvazquez-r7 ee62428248 Add specs 2014-06-19 18:13:14 -05:00
Luke Imhoff af99c0c01e
Remove `should_receive(:with_connection)` from specs
MSP-10127

Causes specs to randomly fail when with_connection calls from
before(:each) or after(:each) are intercepted by the should_receive
call.
2014-06-19 16:24:53 -05:00
David Maloney d9b7a320ae
fix more broken specs 2014-06-19 14:07:39 -05:00
David Maloney 2ac2dc9d7a
2 minor spec fixes 2014-06-19 13:23:37 -05:00
James Lee b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
David Maloney f1a39ef973
enumerators all done with specs
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
David Maloney 9af811a2ed
we need to pass in a workspace 2014-06-15 15:52:57 -05:00
David Maloney 897b0b1ee5
wordlist enumerators with some specs
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
David Maloney a00ff5aeef
yield custom_wordlist words 2014-06-15 12:16:21 -05:00
David Maloney 8ada0804bd
add valid! spec 2014-06-15 11:22:43 -05:00
David Maloney 41d6b326f2
specs for wordlist validations
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
David Maloney a5fb898904
actually set max run time
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
David Maloney 33519b1fcd
cracker validations and specs
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
David Maloney 466576d03f
jtr wordlist validations started
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
David Maloney 873d6e5b99
add all the specs 2014-06-14 12:28:17 -05:00
David Maloney 300baa577c
moar specs! 2014-06-13 17:34:16 -05:00
David Maloney b784bea48e
slow roll of specs for jtr cracker
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
David Maloney 7187138134
start injecting sanity 2014-06-13 14:53:56 -05:00
David Maloney a9bcb8b3bd
add skeleton for JtR Cracker
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
Samuel Huckins d215b8e5b2 Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
45 merged, steps passing.

MSP-9712 #land
2014-06-12 16:04:17 -05:00
dmaloney-r7 ed84336149 Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
Refactor the creds command
2014-06-12 12:24:09 -05:00
James Lee b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
James Lee 3a8f6236ad
Add ability to prepend creds to a collection 2014-06-11 14:30:45 -05:00
James Lee c0c1bd40a9
Fix help spec 2014-06-10 17:28:55 -05:00
James Lee 552899ef13
Add a couple more specs for CredentialCollection
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
David Maloney 9b9de12a38
Merge branch 'master' into staging/electro-release
Conflicts:
	lib/msf/core/framework.rb
2014-06-06 12:04:53 -05:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
David Maloney 90b52814b1
fix some spec issues for recent changes 2014-06-06 11:52:49 -05:00
Brandon Turner 82464bd6aa
Update version spec 2014-06-06 10:16:44 -05:00
Luke Imhoff f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
MSP-9653

Conflicts:
	Gemfile
	Gemfile.lock
2014-06-05 16:22:02 -05:00
James Lee 33a9f8c43f
Add spec for userpass_file 2014-06-05 11:54:59 -05:00
James Lee 45c26343a1
Add spec for pass_file 2014-06-05 11:51:11 -05:00
James Lee b1136752be
Add Credential#== to facilitate specs 2014-06-05 11:37:48 -05:00
Lance Sanchez 262deac155
Fixing the failing specs
for some reason on my box sock.closed? isnt being called. stubbing it out

Kernel.select is being called and cant cast a mock object to an IO object
ok to fix this I'm stubbing select on the scanner object then the call wont
get passed onto the Kernel module
2014-06-05 11:21:34 -05:00
James Lee 41644970bf
Add a CredentialCollection
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
Luke Imhoff 1295028595
Remove unneeded MetasploitDataModels.require_models
MSP-9653

Models are loaded using railties features.
2014-06-02 13:54:38 -05:00
Lance Sanchez 15fffb1668
Adding in some tests
cleaning up the regex a bit

MSP-9678
2014-06-02 13:50:30 -05:00
Lance Sanchez f2a2975bc1 Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner 2014-06-02 10:56:54 -05:00
Trevor Rosen 8bcd763039 Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
Feature/msp 9685/telnet login scanner

MSP-9685 #land
2014-05-30 13:40:18 -05:00
David Maloney 98a23881ee
remove cred creation methods
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
dmaloney-r7 e669324366 Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
David Maloney d95b0497a7
add more specs
added more specs around telnet specific validations
2014-05-29 11:11:19 -05:00
James Lee 572e4f2bdf
Fix dumb missing options and add spec 2014-05-28 16:32:38 -05:00
David Maloney 1bc2140fa6
Telnet LoginScanner basics
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
Lance Sanchez 07a61ae696
adding in changes from before my vacation..
MSP-9678
2014-05-28 13:18:28 -05:00
David Maloney 821a62627a
final spec cleanup 2014-05-28 09:56:26 -05:00
David Maloney ca4c942ceb Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation 2014-05-28 09:40:44 -05:00
David Maloney 967b0d49b1
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-05-28 09:39:56 -05:00
David Maloney c975d4dc49
some minor cleanup items 2014-05-28 09:26:19 -05:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Lutz Wolf 2b75a53c93 Add basic rspec for portspec_to_portlist 2014-05-24 23:46:26 +02:00
dmaloney-r7 85737d1235 Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
AFP login scanner
2014-05-22 15:05:24 -05:00
David Maloney fbacf80839 Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation 2014-05-22 14:39:17 -05:00
David Maloney 19e36cccb3
Credential Core creation now complete 2014-05-21 16:37:13 -05:00
James Lee 5d1a0397ed
Add Tomcat login scanner 2014-05-21 14:28:54 -05:00
David Maloney 3ea99a9d43
private creation w/ specs and docs
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
David Maloney 2629549f6f
added realm creation
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
James Lee 8be35b90f4
Add some more specs for AFP login scanner 2014-05-20 17:44:41 -05:00
James Lee d061d36229 Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner 2014-05-20 17:25:42 -05:00
James Lee 21de14ac3d
Initial stab at AFP login scanner 2014-05-20 17:08:12 -05:00
Meatballs 09af023a71
Merge in parser 2014-05-20 21:56:35 +01:00
Samuel Huckins 62bae8e23b Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
Specs and functional steps passing. 

MSP-9687 #land
2014-05-20 11:32:37 -05:00
David Maloney 8a2f05b7d2 Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation 2014-05-20 10:28:33 -05:00
David Maloney 9cdddb08d9
origin specs for realsies
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
David Maloney b84aaaad19
specs and fixes for origin creation 2014-05-20 09:59:15 -05:00
David Maloney ddfa4f1ee7
some origin creation specs
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
Samuel Huckins d9687d87f9 Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
Specs passing post update.

MSP-9667 #land
2014-05-16 11:29:31 -05:00
James Lee 9582d82fba Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner 2014-05-15 13:59:48 -05:00
James Lee efd0db9c39 Merge branch 'upstream-master' into HEAD 2014-05-15 13:53:16 -05:00
James Lee 8a9abb90c0
Add specs for connection error conditions 2014-05-15 10:06:17 -05:00
Lance Sanchez e9b3f10ba7
Drying up some of the status codes
MSP-9678
2014-05-14 17:02:26 -05:00
James Lee 59050d9bf1
Add specs for WinRM, improve those for HTTP 2014-05-14 15:13:29 -05:00
Christian Mehlmauer dc7a8d32d8
Land #3324, msfconsole search timestamp fixes 2014-05-14 21:30:02 +02:00
Luke Imhoff 82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
MSP-9686
2014-05-14 13:24:13 -05:00
Luke Imhoff a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
MSP-9686
2014-05-14 13:22:41 -05:00
David Maloney fb671c72a7
Merge branch 'master' into staging/electro-release 2014-05-14 13:00:37 -05:00
dmaloney-r7 acaf713229 Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
nstarke bb6201d66d Fixing nil bug and making format constant
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date.  For example,
‘checkvm’.  This necessitated checking disclosure_date for nil
before attempting a format conversion.  Also, there was an additional
location in core.rb that needed the formatting / nil check added.  Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
Samuel Huckins 162038bde4 Merge pull request #19 from rapid7/feature/login_scanner/smb
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
James Lee 2a13010bfb
Fix faulty spec 2014-05-13 14:15:00 -05:00
David Maloney f5751d6a85
first pass at attempt_login for DB2
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
David Maloney 5dcf3efd1a
skeleton for DB2 loginscanner
add basic  skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
Luke Imhoff 3370465d84
Use railties to load Metasploit::Credential correctly
MSP-9606

In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines.  To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
Jeff Jarmoc 638ae477d9 Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
Jeff Jarmoc cba39a9a04 Adds spec for 'hex-all' mode 2014-05-12 12:01:06 -05:00
David Maloney 7f98d1630e
specs for VNC Loginscanner
cover remaining behaviour for the
VNC LoginScanner class.
2014-05-12 11:29:27 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all.
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
David Maloney f84d763382
refactoring conditional logic
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
James Lee 3831042dca
Add specs, validations for LoginScanner::SMB 2014-05-09 18:58:49 -05:00
David Maloney 4e76330643
Add skeleton for VNC lgoinscanner
Add skeleton and specs for the VNC Loginscanner

MSP-9686
2014-05-09 11:55:15 -05:00
David Maloney 8b937b7c35
Merge branch 'master' into staging/electro_release 2014-05-09 11:46:08 -05:00
Trevor Rosen c77412d373 Merge pull request #13 from rapid7/feature/login_scanner/mysql
Add LoginScanner for MySQL

MSP-9676 #land
2014-05-08 15:05:24 -05:00
Trevor Rosen 894ecaafb4 Merge pull request #12 from rapid7/feature/login_scanner/pg
Add Postgres LoginScanner class

MSP-9679 #land
2014-05-08 14:38:56 -05:00
David Maloney 42de1ab1f1
whitespace removal 2014-05-08 14:18:06 -05:00
David Maloney cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql 2014-05-08 13:55:09 -05:00
James Lee 2d2b5ea9e4 Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb 2014-05-08 13:45:06 -05:00
James Lee 13fe8c0869
Default Credential#paired to true 2014-05-08 13:34:31 -05:00
David Maloney 20edabb0f5
mySQL Loginscanner with specs to match
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
William Vu 102eb85277
Update CommandDispatcher::Db spec 2014-05-08 03:05:49 -05:00
David Maloney b72f0f8ffc
try to fix bad push/revert mess 2014-05-07 18:43:37 -05:00
David Maloney 9919d54116 Revert "final touches and specs"
This reverts commit e025fa1791.
2014-05-07 18:34:34 -05:00
David Maloney e025fa1791
final touches and specs
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
David Maloney acbff23c32
final wrap-up specs
successkid.jpg
2014-05-07 16:07:18 -05:00
David Maloney ec974535ac
create base object for mssql scanner
created skeleton for MSSQL Loginscanner
included concerns.

also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
David Maloney 507fe566a4
Merge branch 'master' into staging/electro_release 2014-05-06 11:36:19 -05:00
Meatballs dc38212741
Fix function parsing 2014-05-05 20:53:36 +01:00
Meatballs e946046de5
Add methods spec 2014-05-05 19:08:18 +01:00
Meatballs 0b886db406
Script specs and remove unknown method 2014-05-05 19:01:36 +01:00
Meatballs 0177e51148
Finish obfu specs and use rig 2014-05-05 18:47:25 +01:00
Meatballs 6ab85027a4
More spec 2014-05-05 17:47:30 +01:00
Meatballs 162b6a8ab9
Add output spec 2014-05-05 14:48:18 +01:00
Meatballs 589d235a80
Simple param spec 2014-05-05 13:46:52 +01:00
David Maloney 5e6f57f711
fix up some more specs
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
David Maloney 0dd22395eb
use credential objects inside results
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
David Maloney 4995fcdced Shared Examples for RexSocket mixin
shared example group for the Loginscanner RexSocket
mixin. Pretty simple stuff, just trying to keep it
DRY.
2014-04-30 15:47:52 -05:00
David Maloney 1cd3f3f0da
finished first shared example group
base behaviour is now defined in shared
example group and the specs all use that
shared example group
2014-04-30 14:40:37 -05:00
David Maloney a4cc311106
test base behaviour in shared examples
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
David Maloney a08421b30f
apply reasonable defaults
give each lgoinscanner the ability to select
reasonable defaults for certain attributes
2014-04-30 13:56:29 -05:00
David Maloney e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
Conflicts:
	lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
Lance Sanchez ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
MSP-9684 #land
2014-04-29 15:21:56 -05:00
David Maloney e8ea6a86b5
add specs for snmp
add specs for the snmp loginscanner
and modify the specs to Result class
to account for the access_level attribute
2014-04-29 14:49:35 -05:00
Meatballs b860cecad6
Function spec (doesnt pass) 2014-04-28 14:09:39 +01:00
David Maloney c02fb21c3b
Finalized specs for sshkey
shkey loginscanner now compelte along
with specs
2014-04-25 15:20:33 -05:00
William Vu 9964548b41
Amend spec for db_import help 2014-04-25 14:28:29 -05:00
David Maloney e2d6a57db1
fix spec filename
had an extra underscore
2014-04-25 14:27:10 -05:00
David Maloney 0fcfb9d655
add proxies to ssh scanner
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
David Maloney 35a039848c
add sshkey loginscanner
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
Meatballs 3ae8c3ff46
Basic specs 2014-04-25 18:14:39 +01:00
Meatballs 8031e50d35
Make Exploitation::Powershell testable
Example test
2014-04-26 13:27:25 +01:00
Meatballs 318ae46085
Remove puts 2014-04-26 12:59:19 +01:00
Meatballs 3f5cc13bf8
Better eof test 2014-04-25 17:15:12 +01:00
David Maloney 2346d583ed
touchups and specsfor FTP Scanner
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
David Maloney 838a444b23
first pass of FTP LoginScanner
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
Meatballs d85e4b1313
Error if encode_inner and encode_final 2014-04-25 15:47:36 +01:00
Meatballs ae574bec2b
Correct spec 2014-04-25 15:42:48 +01:00
Meatballs 5b9ec72395
Remove read_script spec 2014-04-25 15:40:52 +01:00
Meatballs 206184007f
Move methods and rename file so it is run by rspec 2014-04-25 15:16:15 +01:00
David Maloney 3a66723741
nake scan! more generic
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
Meatballs 72a2849bf1
Better specs
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
Meatballs 58c3bf0e59
Further speccage 2014-04-23 06:08:39 +01:00
Meatballs c4cfa42e5b
More specs 2014-04-23 02:37:19 +01:00
David Maloney 36dd10e1c2
add the renamed spec
renamed spec for credential class
forgot to add it
2014-04-22 11:05:58 -05:00
David Maloney 526bb4989a
more explicit requires
LoginScanner module brings in all the deps
while the individual classes require
the module then to get their deps.
2014-04-22 10:28:01 -05:00
David Maloney 645eef51b7
Rename CredDetail to Credential
it was felt this was better naming
for the class. Refactored all occurence
2014-04-22 10:25:36 -05:00
David Maloney f079d3f3a9
move requires into module
move all the requires into the LoginScanner
module area to clean up requires
2014-04-21 19:14:50 -05:00
David Maloney 9c6528f13f
use the CredDetail class
now that we have the new CredDetail
class, use it instead of hashes
2014-04-21 18:58:23 -05:00
David Maloney 1a6ef8dced
allow for balnk passwords
have to alter validation slightly
to allow for blank passwords
2014-04-21 18:57:28 -05:00
David Maloney fd1777a79f
add CredDetail class
rather than passing dumb hashes around
added a CredDetail class that comes
with it's own conditional validations
2014-04-21 18:26:38 -05:00
David Maloney de2bb7d66c
dd tests for #scan!
the scan! method is mostly done
and has unit tests
2014-04-21 17:59:50 -05:00
David Maloney 2e11f80a98
refactor to use Result class
we now use a Result class to handle
all result codes from the login attempt
2014-04-21 15:35:16 -05:00
David Maloney d313047532
add loginscanner result class
add a result class to have more
tightly defined return values from
the loginscanner classes
2014-04-21 15:11:56 -05:00
David Maloney aa1d1be786
do not create sessions with scanner
the session creation behaviour is
currently inextricably linked to module
behaviour. We will have our scanner class
only return success status. The calling module
will be responsible for opening sessions afterwards.
2014-04-21 11:38:48 -05:00
Meatballs 67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
David Maloney 9a15a2be04
basic login attempt functionality
groundowkr now layed for trying
authentication attempts on the
SSH LoginScanner, with test coverage
2014-04-18 20:08:28 -05:00
David Maloney 85349ccec4
SSH connection exception handling
added in the exception handling
around the Net::SSH conenction
in attempt_login
2014-04-18 18:13:05 -05:00
David Maloney 17b4d4a416
Add more attributes and validations
Added some more attributes neccesary
for the actual running of the login scan
as well as accompanying validations and
specs
2014-04-18 16:23:35 -05:00
David Maloney 613612eecb
Merge branch 'master' into feature/ssh_login_scanner 2014-04-18 11:16:18 -05:00
David Maloney 756488b581
last of the validations
finalized validation for SSH lgoinscanner
2014-04-16 13:34:23 -05:00
David Maloney bf20ed5812
add validations for cred_details
Adds validator for the cred_details
attribute on the SSH Login Scanner.
Makes sure propper input is always supplied
for the scanner.
2014-04-16 13:20:14 -05:00
David Maloney 434391c308
add host validations to ssh scanner
add validations to the :host attribute
on the SSH LoginScanner
2014-04-16 10:26:00 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498
[FixRM #8489] rhost/rport modification
2014-04-15 18:20:16 -05:00
David Maloney 60c879c824
specs for port validation
created specs for port validation

MSP-9683
2014-04-15 17:25:55 -05:00
David Maloney 02a17b8612
namespace change to Metasploit
chaning the code to live in the namespace of
Metasploit::Framework instead of Msf::Auxiliary

MSP-9683
2014-04-15 17:11:25 -05:00
Meatballs 38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
Conflicts:
	modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
David Maloney 3c9507c30c
Adds invalid exception class
adds an invalid exception class to the
LoginScanner namespace.

MSP-9683
2014-04-15 13:23:24 -05:00
Tod Beardsley e4a61e2730
Fix Module.new bug and test for vhost 2014-04-14 18:01:13 -05:00
sinn3r 7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes 2014-04-12 00:58:27 -05:00
joev e09f887c4c Revert "Fixes large-string expansion in JSObfu."
This reverts commit 14fed8c610.
2014-04-11 16:51:47 -05:00
sinn3r 68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Tod Beardsley ea8c15ba47
Land #3241 back into master 2014-04-11 15:08:01 -05:00
Tod Beardsley bbc72c3e1c
Update spec to reflect the correct version. 2014-04-11 12:29:26 -05:00
Joe Vennix 14fed8c610 Fixes large-string expansion in JSObfu. 2014-04-09 15:45:48 -05:00
William Vu 9779913060
Land #3184, Rex::Proto::Http::Client IOError fix 2014-04-03 15:58:50 -05:00
joev 3504ddc633 Fix http spec. 2014-04-03 14:50:54 -05:00
William Vu 92c6113a7c
Fix broken spec for Rex::Text.randomize_space 2014-04-02 11:48:50 -05:00
Tod Beardsley 8ab03f3aeb
Use Array#sample in randomize_space 2014-04-01 14:09:07 -05:00
Tod Beardsley ec7bb6de54
Land #2969, random name generator for phishing 2014-04-01 13:00:55 -05:00
William Vu 35d3e064b2
Update spec for #3162 2014-03-28 21:18:26 -05:00
William Vu 355cda0a43
Add specs for random name and e-mail methods
Babby's first RSpec. Style is consistent with the rest of the tests.
2014-03-28 16:47:52 -05:00
David Maloney 617e916511
fix specs from change
spec changes to go with the previous code change
2014-03-18 13:52:17 -05:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
Joe Vennix 78393057fe Fix failing spec 2014-03-10 16:40:46 -05:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Joe Vennix 2a87973d3c Use be instead of eq. 2014-03-03 21:55:12 -06:00
Joe Vennix a382b78f80 Oops, $ and _ need to be in the spec.
* Repeats the random check 20 times for each spec.
2014-03-03 21:54:09 -06:00
Joe Vennix bfecf9525d Add Rex::RandomIdentifierGenerator. 2014-03-03 16:43:49 -06:00
Joe Vennix e8b10db73b Dropped a space. 2014-03-03 15:48:44 -06:00
Joe Vennix 1352e5eacb Add presence spec. 2014-03-03 15:47:30 -06:00
Joe Vennix b3ab8f7ce1 Make random_var_name public, add specs for it. 2014-03-03 15:39:56 -06:00
Joe Vennix 6574a06bc3 Whitespace fix. 2014-03-02 20:55:07 -06:00
Joe Vennix 4514e32df8 Remove spec changes, oops. 2014-03-02 20:54:22 -06:00
Joe Vennix 894d16af80 Add specs for new/returning/previous visitors. 2014-03-02 20:50:10 -06:00
Joe Vennix b458b8ad63 Add specs for new methods. 2014-03-02 20:23:20 -06:00
Meatballs 2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075 2014-03-02 20:57:02 +00:00
Meatballs 1ca690eccf
Do some rspec 2014-03-02 20:37:08 +00:00
sinn3r 8be99fc299 Fix payload_generator.format_payload rspec
The platform should match.
2014-02-25 16:37:21 -06:00
David Maloney a098c08f2f pend out bad spec 2014-02-13 15:44:05 -06:00
David Maloney 508f251db2 add cli compat
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
David Maloney fc9105d862 final generation and specs
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
David Maloney 4dcae920f8 add specs for generate_java_payload
pretty self-explanatory
2014-02-04 17:40:59 -06:00
David Maloney 70d8246791 finish wiring up the final generation
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
David Maloney c8b7dc30b4 added encoding routines
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
David Maloney 3b648346da starting in on encoders
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
David Maloney 4a82bc74cf added nop sled generator
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
David Maloney 3e945418df specs for added shellcode
add specs around adding extra shellcode to the payload
2014-02-02 22:17:52 -06:00
David Maloney bb5f5542f0 generating raw payload bits now
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
David Maloney f9c31f988e test platform selection
added tests around platform selection
2014-02-02 16:52:41 -06:00
David Maloney f5d730e874 write specs around initialiser
added specs around object initialisation
2014-02-02 16:05:11 -06:00
David Maloney e265d6f54c begining of payload generator
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
William Vu 0a3ee573bc Uncomment spec_helper require 2014-01-22 11:58:10 -06:00
William Vu 2b7a993f65
Land #2902, updated PJL spec 2014-01-22 11:57:28 -06:00
Tod Beardsley 90207628cc
Land #2666, SSLCompression option
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
sinn3r 1c1597973e Update PJL rspec to comply with guidelines
Basically the updated version is more explicit. If a moethod doesn't
return anything but might raise an error, then we focus on that.
Also use . to # for instance methods.
2014-01-22 03:34:49 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
William Vu 6110ad72b3 Update tests and ensure full coverage 2014-01-16 15:11:04 -06:00
David Maloney 41807d7e4e move rev_http uri checksum code
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
sinn3r 7b206d6094 Ensure full coverage 2014-01-12 23:10:47 -06:00
sinn3r f9fc54980a retab 2014-01-12 22:54:43 -06:00
sinn3r b8dd4b08c8 Add rspec 2014-01-12 22:53:11 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
William Vu b43a221959
Land #2855, Rex::Socket refactor and specs 2014-01-09 16:20:50 -06:00
James Lee 442c98bc05
Add spec for fixed bug 2014-01-09 15:18:03 -06:00
James Lee 1519af33f5
Refactor `getaddress` in terms of `getaddresses` 2014-01-09 11:03:24 -06:00
James Lee 01f350964f
Add specs for some stuff in Rex::Socket 2014-01-09 10:19:19 -06:00
James Lee cc51c2033e
Fix unreliable spec
Sometimes "localhost" resolves to more than one address
2014-01-08 10:16:32 -06:00
James Lee 9c23910b69
Refactor Socket::Range
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
James Lee 2ed9772080
Fix unhandled exceptions when resolution fails 2014-01-07 12:00:04 -06:00
James Lee a6b25d3323
Add failing spec for invalid hostname bug 2014-01-06 17:49:27 -06:00
Joe Vennix d00acccd4f Remove Java target, since it no longer works. 2014-01-04 21:22:47 -06:00
Joe Vennix 694cb11025 Add firefox platform, architecture, and payload.
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
Joe Vennix ca23b32161 Add support for Procs in browserexploit requirements. 2013-12-19 12:49:05 -06:00
Tod Beardsley 764fd09cc3
Increase duration timeout task manager
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
Meatballs b015dd4f1c
Land #2532 Enum LSA Secrets
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets.
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option.
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
jvazquez-r7 a79e137a7a Fix db_spec 2013-11-19 14:07:41 -06:00
James Lee 0aef145f64 Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa 2013-11-13 18:11:21 -06:00
James Lee 16627c1bd3
Add spec for capture_lsa_key 2013-11-13 15:16:34 -06:00
Tod Beardsley 5e342debbc
Don't be dopey in the RSpec version matching 2013-11-13 13:04:26 -06:00
Tod Beardsley 3500cf06d4
Add a spec for version checking. 2013-11-13 12:49:57 -06:00
James Lee 3168359a82
Refactor lsa and add a spec for its crypto methods 2013-11-13 11:55:39 -06:00
jvazquez-r7 ef6d9db48f
Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
sinn3r f16aa91302 mv rspec 2013-11-11 18:32:43 -06:00
Tod Beardsley b48950d383 Remove blanket pending test for exe_spec
SeeRM #8436
SeeRM #8668

The fix for #8668 is more surgical than the previous fix for #8436, and
may prove to be more useful
2013-11-11 16:27:42 -06:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
sinn3r c338f7a8c0 Change how requirements are defined, rspec, etc 2013-11-06 14:01:29 -06:00
sinn3r f2e4d5507c More rspec 2013-11-06 01:45:40 -06:00
sinn3r 73701462ed Fix ActiveX. Use ERB for Javascript detection code. 2013-11-05 16:26:41 -06:00
sinn3r 90b91ec2cd Add testcase for on_request_exploit 2013-11-05 12:53:16 -06:00
sinn3r 73e72a6488 Update the detect_spec testcase 2013-11-05 01:14:12 -06:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
sinn3r 054a525f35 Change profile data structure 2013-11-04 17:46:36 -06:00
sinn3r ed572d95ee Merge joev's PR for Rex::Exploitation::Js::Network 2013-11-04 12:58:08 -06:00
sinn3r c6fb570480 Correct bad method naming 2013-11-04 12:35:04 -06:00
sinn3r dc076273f7 Add another test for profile 2013-11-04 11:12:26 -06:00
sinn3r 03ee1d070e fix server.start_service 2013-11-04 11:06:32 -06:00
sinn3r bed2ea9e39 rename some stuff 2013-11-04 11:02:05 -06:00
sinn3r 9a8e45f451 be_nil 2013-11-04 10:57:01 -06:00
sinn3r f98587181d let 'linux' 2013-11-04 10:55:47 -06:00
sinn3r 6e0690754f let 'random' 2013-11-04 10:54:15 -06:00
sinn3r 480b876a11 non_existent_profile 2013-11-04 10:51:31 -06:00
sinn3r 8bfa252496 Restate this test 2013-11-04 10:49:48 -06:00
sinn3r 34b5136aa4 use let for requirements 2013-11-04 10:47:52 -06:00
sinn3r 1d5643d53c Match Rspec terminology 2013-11-04 10:37:41 -06:00
joev 7d975dfa87 Fix spec to refer to postInfo(). 2013-11-02 16:54:22 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
sinn3r 094abdd093 rspec this 2013-11-01 14:59:21 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 135648c171 Add the new rspec files 2013-10-21 20:18:36 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
sinn3r 5280bcf3f8 Update rspec files
Remove some junk code
2013-10-21 17:13:01 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 73b8eb0f83 Add rspec files to make sure the javascript files are loadable. 2013-10-18 15:14:26 -05:00
Tod Beardsley b3e02d0fd8
Land #2477, add specs for ROPDB 2013-10-10 15:05:52 -05:00
Tod Beardsley 72a35d14f1
Mark broken tests as pending
These tests are broken a few different ways.

[SeeRM #8463]

also see: https://github.com/rapid7/metasploit-framework/pull/2477
2013-10-08 11:49:42 -05:00
jvazquez-r7 8b7d241dc3 Use a named subject 2013-10-07 12:28:50 -05:00
jvazquez-r7 d8dba8ee58 Fix ropdb spec according to @limhoff-r7's comments 2013-10-07 09:51:21 -05:00
sinn3r 41e87d83a6 Add rspec for Rex::Exploitation::RopDb 2013-10-04 00:54:07 -05:00
Tab Assassin 2e8d19edcf Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
Tod Beardsley 7cc2ad55a6
Land #1770, unattend.xml snarfing modules 2013-09-27 16:04:38 -05:00
Tabassassin 120cca8bb3 Retab unattended_spec to avoid conflicts 2013-09-27 13:44:33 -05:00
Tod Beardsley 5bab85fcda Use a context for #parse 2013-09-27 13:04:18 -05:00
Tod Beardsley 6345fb2788 Use described_class 2013-09-27 12:59:10 -05:00
Tod Beardsley 7d9d98c9eb
Land #2421, update to cookie parsing specs 2013-09-27 11:45:33 -05:00
Tod Beardsley 8f957a5394 Add spec for new #to_h method 2013-09-27 11:27:31 -05:00
Tod Beardsley 103a64a32a Indent like a sane person. 2013-09-27 10:22:46 -05:00
Tod Beardsley 623aeb367f Set a context for #get_cookies 2013-09-27 10:12:11 -05:00
Tod Beardsley 467c503fb9 DRY with a cookie_sanity_check method 2013-09-27 10:07:28 -05:00
Tod Beardsley 5e95df1370 Convert local variables to HEREDOC methods 2013-09-27 10:02:22 -05:00
Tod Beardsley 57862125b9 Use shuffle and *splat operator to test arrays
Also, move the local variables to inside the describe block to avoid any
future scope issues.
2013-09-27 09:53:04 -05:00
Tod Beardsley 0aa2556dfc Use described_class, not a new constant 2013-09-27 09:32:15 -05:00
FireFart 3d28003285 updated get_cookies rspecs 2013-09-25 22:56:13 +02:00
David Maloney e80cda4ace Merge branch 'master' into spike/exe_generation 2013-09-12 12:36:10 -05:00
David Maloney d6e4e46d86 better validation of buffer register 2013-09-09 12:16:15 -05:00
Brandon Turner cf69577433 Remove rpsec should_not raise_error deprecations
Checking that a specifc error is not raised is deprecated in rspec:
https://github.com/rspec/rspec-expectations/pull/244
2013-09-06 09:34:05 -05:00
Brandon Turner 4760000bca Replace mock with double in specs
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
2013-09-06 09:34:05 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00
David Maloney 5a424ab4df Allow user supplied buffer register
let the user pick, otherwise default to edx
2013-08-26 13:15:12 -05:00
David Maloney 369535b4e3 Some more specs
added a few specs to validate the generated exe.
could use some more love, but it's a start
2013-08-25 13:25:31 -05:00
David Maloney 8f47aa6dcb Basic Injector class
create a class for injecting payloads
into an exe template as a new section
2013-08-24 16:11:00 -05:00
sinn3r 92d57ef37d Fix merge conflict
Conflicts:
	msfvenom
2013-08-13 00:00:16 -05:00
Tod Beardsley 02f460287b Revert "OptString specs and better validation"
This reverts commit d66779ba4c.

Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.

This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
2013-08-09 15:30:42 -05:00
William Vu d493346691 Land #2137, fixes and specs for Opt containers 2013-07-23 15:58:09 -05:00
jvazquez-r7 b0c17fdebc Land #2002, @jlee-r7's patch for better handling uri resources 2013-07-23 15:49:21 -05:00
William Vu 86ab942435 Land #2146, Unix and Windows path normalization 2013-07-23 15:23:41 -05:00
Tod Beardsley bb16683415 Land #2087, @egypt's random ID generator 2013-07-23 13:52:08 -05:00
sinn3r 8b0aac2d3c Add another test case for having a trailing slash for unix path
If a trailing path exists in the original input, should keep it.
This test case should verify that.
2013-07-22 23:23:40 -05:00
sinn3r 2be0b84ba8 Not Windows format, Unix. 2013-07-22 22:37:36 -05:00
sinn3r 4ea176b5ee Add another test case 2013-07-22 22:35:19 -05:00
sinn3r 958a4edd73 Keep the trailing slash if the user wishes 2013-07-22 20:46:18 -05:00
sinn3r 359009583f Drop support for UNC path parsing in normalize_win_path
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
2013-07-22 20:20:45 -05:00
sinn3r 8656fcf5e0 Update the test description a little better 2013-07-22 19:35:52 -05:00
sinn3r 4b3fce9349 Add functions to normalize Winodws & Unix paths
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri.  Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
2013-07-22 19:26:04 -05:00
William Vu b0c74dbb8b Land #2120, specs for command_dispatcher 2013-07-22 16:33:19 -05:00
lsanchez-r7 03cd3ff4eb adding new lines to the end of files. 2013-07-22 16:26:45 -05:00
David Maloney 943dde5c6c OptRegexp specs 2013-07-20 18:44:55 -05:00
David Maloney 2fc397b251 OptRaw specs 2013-07-20 17:57:52 -05:00
David Maloney d66779ba4c OptString specs and better validation 2013-07-20 17:49:03 -05:00
David Maloney d6f2b28708 More opt specs 2013-07-20 17:37:39 -05:00
lsanchez-r7 18200c8490 passing all of my changes into rubymines formatter
this should convert everything over to tabs
fixing a filename error and some white space at the EOL
2013-07-20 17:32:05 -05:00
David Maloney 7c8f7329e9 integrate with egypt's already better specs 2013-07-20 16:46:16 -05:00
David Maloney ec82644bd3 mo fixes mo specs
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
Joe Vennix 7b05ac2036 Remove inapplicable comment. 2013-07-18 13:42:55 -05:00
Joe Vennix f8b5f1b284 Adds specs for different ref types. 2013-07-18 13:35:04 -05:00
David Maloney 57dd525714 More optaddressrange specs and fixes
SEERM #7536
2013-07-18 13:03:32 -05:00
lsanchez-r7 49bb484d14 Adding in specs for ui command dispatchers
SEERM #4821
while looking into what it would take to fix bug 4821, I found that there are no specs
for any of the other methods in command dispatcher. I have attempted to add stubs for a
few of the methods and tested a few of the help outputs.
2013-07-18 12:56:21 -05:00
Joe Vennix f4b0ab8184 Adds 141 passing specs to Msf::Module#search_filter.
* tests exclusion functionality, type: matching, port: matching, app: matching,
   platform: matching, author: matching, text: matching, name: matching, and
   path: matching.
[RM #4790]
2013-07-18 12:47:08 -05:00
David Maloney 22e4db04e0 opening specs and fixes for OptAddressRange 2013-07-18 12:44:48 -05:00
David Maloney 27e2469d8e Specs and code changes for OptAddress
handles wierness around Optaddress.
Still need to address isues in optaddressRange

FIXRM #7537
2013-07-17 20:21:24 -05:00
James Lee 273046d8f0 Add a class for generating random identifiers
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037.
2013-07-09 02:06:44 -05:00
James Lee d10f082741 Maybe fix travis? Works on my box 2013-07-05 16:58:19 -05:00
James Lee e330916744 Pull out common stuff in Util::EXE/MsfVenom tests 2013-07-03 12:25:15 -05:00
James Lee 0d78a04af3 Clean up exe spec a bit 2013-07-01 17:36:58 -05:00
James Lee 3ad5dede26 Add spec for elf mips* and exe-only formats
Also a rudimentary test for win32_rwx_exec
2013-07-01 17:36:38 -05:00
James Lee e483fe444d Add spec for HttpServer#hardcoded_uripath 2013-06-21 15:59:15 -05:00
James Lee e8a92eb196 Keep better track of resources
[See #1623]
[SeeRM #7692]
2013-06-21 14:51:47 -05:00
Tod Beardsley d7e3c5cdb3 Rspec: Ensure PacketFu is actually still available
PacketFu should be required from the gem, not from the shipped msf
library. Several modules depend on it being available, so this rspec
test mostly just ensures that Msf::Exploit::Capture mixin is still
around.
2013-06-10 16:02:50 -05:00
James Lee 5955397882 Use a more descriptive subject
Also removes the unnecessary (and now broken in 2.0) checks for
respond_to? on accessors.
2013-06-07 13:27:40 -05:00
James Lee 0f2ea755c5 Add encoding comment to spec files for 2.0 compat 2013-06-07 13:27:39 -05:00
Luke Imhoff 4ba571346e Spec Msf::Simple::Framework#init_module_paths
[#47720609]
2013-05-24 12:33:42 -05:00
Luke Imhoff 1a487e476d Merge branch 'master' into bug/module-load-cache-update 2013-05-23 14:23:14 -05:00
Luke Imhoff 2b70ec2e08 Payload compatible cache_in_memory
[#47720609]

Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class.   Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void].  Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
2013-05-22 16:06:02 -05:00
Luke Imhoff 57576de85f Update in-memory cache to fix file_changed?
[#47720609]

Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
2013-05-22 12:28:42 -05:00
Luke Imhoff 398dcfa8cb Merge branch 'master' into bug/migrations 2013-05-20 12:49:33 -05:00
Luke Imhoff 0e435d378c Move Msf::DBManager#migrate(d) to module
[#50179803]

Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
Luke Imhoff 1df08cfa49 Add specs to prevent dupe migrations_paths regression
[#50099107]

Add specs to verify that the duplicate migrations_paths protection
works.
2013-05-17 15:15:57 -05:00
Luke Imhoff c8657fb46b Fix Mdm::Module::Detail#stance bug
[#49858419]
[SEERM #7958]

metasploit_data_models 0.14.3 relaxes the validation on
Mdm::Module::Detail#stance so it only needs to be in
Mdm::Module::Detail::STANCES if Mdm::Module::Detail#mtype is 'auxiliary'
or 'exploit' as framework only supplies a stance for those types when
using Mdm::Module::Detail.
2013-05-17 11:58:10 -05:00
Luke Imhoff bc92b43408 Update to metasploit_data_models 0.11.0
[#47979793]
2013-05-09 13:25:26 -05:00
Luke Imhoff a5648a8830 Merge branch 'master' into feature/mdm-module-namespace
Conflicts:
	Gemfile
	Gemfile.lock
	lib/msf/core/db_manager.rb
2013-05-08 13:22:41 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
[Closes #1772]
2013-04-28 12:17:16 -05:00
Meatballs de5c856188 get_cookies spec 2013-04-26 21:21:11 +01:00
Luke Imhoff 249a09cd52 Update to metasploit_data_models 0.7.1
[#47979793]
2013-04-26 13:14:38 -05:00
James Lee a12dbbaee7 Use :each instead of :all here, too 2013-04-26 11:49:30 -05:00
Meatballs 590b8a3e26 Added rspec 2013-04-26 00:50:29 +01:00
Luke Imhoff 9207ed6532 Msf::Ui::Console::CommandDispatcher::Core#search_modules_sql spec
[#47979793]
2013-04-25 14:33:13 -05:00
James Lee 1ec6884bfa Use before(:each) instead of :all
Fixes deprecation warnings in newer rspec like these

  WARNING: subject accessed in a `before(:all)` hook at:
    /metasploit-framework/spec/lib/rex/post/meterpreter/packet_spec.rb:455:in `block (3 levels) in <top (required)>'

  This is deprecated behavior that will not be supported in RSpec 3.

Also switches to using named subjects for easier reading.
2013-04-25 10:28:30 -05:00
Luke Imhoff 24b97137ea Msf::DBManager Mdm::Module* specs
[#47979793]
2013-04-25 09:46:53 -05:00
James Lee 93bddd9041 Improved docs and partial specs for Rex::Text
Conflicts:
	lib/msf/core/modules/loader/base.rb
	lib/rex/poly/block.rb
	lib/rex/text.rb
2013-04-23 17:24:03 -05:00
Luke Imhoff 4b0e639cf1 Do not mock on nil.
[#47979793]

Using `should_not_receive` on `nil` gives `nil` a permanent
`@mock_proxy`, which causes Marshal.dump to fail in later tests (see
https://travis-ci.org/rapid7/metasploit-framework/builds/6502350).  By,
checking there are no NoMethoErrors raised, nil can be tested as
parent_module, but works around the RSpec issue
(https://github.com/rspec/rspec-mocks/issues/274).
2013-04-22 10:25:01 -05:00
Luke Imhoff be0c61a207 Change spec structure to reflect module/classes for Msf::DBManager
[#47979793]

Multiple files define Msf::DBManager, but it's better to have one spec
for Msf::DBManager, so change spec structure to reflect module and class
hierarchy instead of file hierarchy of defining files.
2013-04-20 16:51:29 -05:00
Luke Imhoff 492b081280 Msf::DBManager::Export#extract_module_detail_info spec
[#47979793]
2013-04-20 16:44:42 -05:00
Luke Imhoff 3bf3cfccc6 Use be_within to loosen tolerance for Time comparisons
[#47979793]
[#48414569]

Even though using Timecop locally on OS X makes the `should == <Time>`
work, it fails on travis-ci, so try using `should
be_within(1.second).of(<Time>)` instead.
2013-04-19 12:07:12 -05:00
Luke Imhoff e5befb7094 Msf::DBManager#report_session specs
[#47979793]
2013-04-19 10:11:33 -05:00
Luke Imhoff 2c681005c0 Msf::ModuleManager::Cache spec coverage
[#47979793]
2013-04-15 13:08:12 -05:00
Luke Imhoff 0709395570 Msf::ModuleManager::Loading shared example
[#47979793]
2013-04-12 15:18:16 -05:00
Luke Imhoff ff7a8e6351 Msf::ModuleManager::ModulePaths shared example
[#47979793]
2013-04-12 15:14:04 -05:00
Luke Imhoff 0bb79ba890 Msf::DBManager#import_msf_xml refactor
[#46491831]

Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns.  The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
Luke Imhoff 2075a7b46c Remove active_record patch
[#46141013]

Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
Luke Imhoff f1a4fd937a Specs for activerecord patch
[#46141013]

Spec the desired behavior for ConnectionPool prior to removing the patch
to sync with upstream 3.2.12.
2013-03-18 11:01:45 -05:00
James Lee f321cea4cd Slightly more readable assertion 2013-03-07 14:45:58 -06:00
James Lee 8abcc5a1d4 Whitespace 2013-03-07 14:34:44 -06:00
David Maloney 7332d31523 fix some style things for egypt 2013-03-07 11:11:48 -06:00
David Maloney 6eb334c925 a little more coverage 2013-03-05 00:01:09 -06:00
David Maloney d909c00036 better spec coverage 2013-03-04 23:43:18 -06:00
David Maloney 3a72fa4ea0 address sslv2 issues in specs
the ubuntu sslv2 thing caused all kinds of issues with rspec
handling this by expecting those exceptions properly or doing away
with sslv2 where it isn't needed in the examples
2013-03-04 21:45:44 -06:00
David Maloney 3bb1b2b368 attempt to deal with specs 2013-03-04 19:25:20 -06:00
David Maloney dc7c02e9e8 still trying to get around this sslv2 thing 2013-03-04 18:18:01 -06:00
David Maloney 246977e0cf Address openssl sslv2 issues
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
2013-03-04 17:39:28 -06:00
David Maloney 13ad5cf150 Merge branch 'master' into feature/ssl/add_cipher_support 2013-03-04 15:07:32 -06:00
James Lee cb18b81503 Add spec to ensure auth is sane 2013-03-04 11:59:30 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
James Lee 5a79fcd11e Ensure we build only one Authorization header
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
James Lee 425c245771 Axe set_cgi in favor of set_uri
They were identical except for a couple of extra bugs in set_cgi.

Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee 16bba7a6ac Add test for pad_get_params 2013-02-27 18:06:55 -06:00
James Lee 4edd46216f Refactor config -> opts
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee 5606db3f9c Re-enable some commented tests 2013-02-27 16:28:17 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
James Lee 935304ee0c No longer pending 2013-02-26 16:36:36 -06:00
James Lee 93537de68c Use let and subject blocks for better readability 2013-02-26 16:27:32 -06:00
James Lee 579c11bc69 Set reasonable defaults for more things
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee c206ac4998 Set some reasonable defaults
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
James Lee 7b3a11f2f9 Axe tests that belong in client_request_spec 2013-02-26 13:28:44 -06:00
James Lee cae030ccd7 Whitespace 2013-02-26 13:25:37 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
James Lee 904a69ba63 Move xor tests to the right filenames
Thanks, simplecov, for telling me that these weren't actually getting
run.
2013-02-25 13:02:03 -06:00
Tod Beardsley 73f6314373 Moving @cli and @ip to instance vars 2013-02-25 08:29:08 -06:00
Tod Beardsley caed599f7d Backed out all the fails from the auth bits 2013-02-25 08:26:02 -06:00
Tod Beardsley 6e35813d69 Pending hashes need to end w a block 2013-02-25 08:20:46 -06:00
James Lee 4a84528ecf Move pending messages to it()'s args 2013-02-20 15:02:12 -06:00
Tod Beardsley 5a0744934e Let's not intro functionality as testing
That's a bad habit to get into.
2013-02-11 21:06:52 -06:00
Tod Beardsley ba7f5a7245 Actually run this spec. 2013-02-11 21:04:57 -06:00
Tod Beardsley 039fd2b885 Adds some light testing for Rex's HTTP client lib
In light ofi PR #1476, it would be nice to have some basic, modern,
maintained testing on Rex's HTTP Client proto library.

My rspec fu is quite weak, of course, but this should cover the very
basic cases. There are lots of pending holes, but hey, it's a start.
2013-02-11 15:54:40 -06:00
David Maloney 949eb08062 In the final stages 2013-02-11 09:59:39 -06:00
David Maloney 0f9b16d07f Scanner class finished, result needs more work
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
2013-02-09 19:06:17 -06:00
David Maloney c25d4b4863 Test Cipher method underway
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
2013-02-09 01:07:56 -06:00
David Maloney 38d0a244fd Beginings of the actual scanner
configuration and configuration validation in place with tests.
2013-02-09 00:03:58 -06:00
David Maloney ccf18d6cb7 Finalize specsfor Result class 2013-02-08 17:20:04 -06:00
David Maloney 3295157f78 More support for various checks 2013-02-08 13:25:49 -06:00
David Maloney dfc7ce9381 fix stupid datat structure
also supports a boolean value for whether the cipher is weak or not
2013-02-08 11:33:36 -06:00
David Maloney 5c9f946927 empty shells for the scanner and its specs 2013-02-07 16:16:41 -06:00
David Maloney 096360261e De-dup cipher results 2013-02-07 16:09:47 -06:00
David Maloney 4e87bf4ab3 Add enumeration and support options
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
2013-02-07 15:51:07 -06:00
David Maloney 10e017ae73 finish up the SSLScan::Result class
finishes up result class for SSLScan , compelte with tests
2013-02-07 14:56:26 -06:00
David Maloney 7036365e04 Start adding sslscan results object
Building out the result object for the SSlScan
2013-02-07 12:42:18 -06:00
egypt 9d4bc6bb89 Restructure a bit and add checks for doubled '//' 2013-01-31 15:34:34 -06:00
sinn3r d8b15daaf2 Correct rspect to the correct behavior 2013-01-30 16:13:17 -06:00
James Lee 2ee0c0d8fb Add simple specs for Rex::Encoding::Xor* 2013-01-15 16:59:01 -06:00
James Lee bbb3fa25be Allow negative values for OptInt
[FixRM #7540]
2013-01-14 14:18:56 -06:00
James Lee 0d34e0b249 Fix regex for hex numbers 2013-01-13 20:53:40 -06:00
James Lee 4703a6f737 Unbreak OptInt hex syntax
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again

[See #1293][See #1296]
2013-01-12 14:17:29 -06:00
Tod Beardsley f6478678ce trailing whitespace 2012-12-27 23:08:50 -06:00
David Maloney ee6db8794e Basic specs for meterpreter packet parser 2012-12-27 17:19:37 -06:00
David Maloney 74e543ec5a add spec skeleton for packet parser 2012-12-27 14:23:05 -06:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes'
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
sinn3r 1cb067e7ae Merge branch 'cleanup/option_specs' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/option_specs 2012-12-12 21:22:07 -06:00
David Maloney aaa8716f5b minor cleanup as per egypt 2012-12-12 10:12:42 -06:00
David Maloney c952ed0f87 Add test for raw format of packets 2012-12-07 12:51:53 -06:00
David Maloney b707f8d13a Packet specs now complete
82 tests for the packet lib
2012-12-07 12:32:34 -06:00
David Maloney 89c98ebd39 Finished tests for GroupTlv ftmp 2012-12-06 17:59:07 -06:00
David Maloney 468f637efe basics for adding tlvs to GroupTlv 2012-12-05 18:19:12 -06:00
David Maloney 5dcf573063 TLV tests down, on to GroupTlv 2012-12-05 17:55:28 -06:00
David Maloney 391ff5bbb0 basic TLV method tests 2012-12-05 15:44:03 -06:00