3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
5e83b2de51
remove extra new line
2016-03-07 23:17:45 +00:00
f6c06bedfe
fix e.g output
2016-03-07 23:15:05 +00:00
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
3e0f8d67c9
Use #strip to more correctly simulate #blank?
...
See f900d9cf26
2016-03-07 13:14:37 -06:00
289f43bb80
Land #4848 , remove some reliance on rails libraries from rex
2016-03-07 07:38:30 -06:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
05a91f1d82
set SNI if the SSL peer is specified as a hostname
2016-03-06 21:12:15 -06:00
5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated
2016-03-06 17:19:05 -06:00
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
0fc4ebf4ab
Land #6618 , Improve Content-Length behavior in Rex HTTP
2016-03-06 16:38:44 -06:00
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
a8ac078586
Land #6636 , fix met finalizers to not double close
2016-03-06 12:55:39 -05:00
85acfabfca
remove various library workarounds for the datastore not preserving types
2016-03-05 23:10:57 -06:00
694f7f0a65
stop turning all default options into strings
...
we need to adjust vprint* functions, since they now fallthrough to the
'framework.datastore' checks because the false case actually triggers.
2016-03-05 23:09:14 -06:00
c811ed8d60
Correct name: PAYLOAD_DEMO_TEMPLATE
2016-03-05 00:42:36 -06:00
a5cdd7e17f
Bump version of framework to 4.11.15
2016-03-04 16:56:02 -08:00
ce675330c0
Bump version of framework to 4.11.14
2016-03-04 14:49:55 -08:00
7f2400dd1b
Merge branch 'jbarnett-r7-feature/MS-833/ms08-067-automation' into upstream-master
2016-03-04 12:34:00 -06:00
dcba20ff60
only cleanup processes once too
2016-03-04 12:08:19 -06:00
2cfc9073a0
fixup sqlite_query
2016-03-04 11:56:37 +00:00
b7fe500788
sqlite_read -> sqlite_query
2016-03-04 11:56:23 +00:00
934f8de9b7
Update the conditions of is_remote_exploit?
2016-03-03 00:53:00 -06:00
c250740a81
Fixup finalizers to not double-close Meterpreter objects
...
We add finalizers to an assortment of Meterpreter-managed objects in order to
clean things up in the event that a post module crashes and does not clean
things up. However, this also means that even a properly-written post module
can lead to an object getting double-closed on the Meterpreter session when the
garbage collector kicks in. This can lead to quite non-deterministic behavior
and crashes.
This change modifies the instance close methods to unregister the finalizer on
close, ensuring we cannot do a double-close automatically if one is requested
explicitly first. As an additional measure, we check an instance variable to
see if we called close directly twice as well. This is not sufficient in
itself, since we do not have a reference to 'self' in the finalizer proc to
check the close state.
This also removes a couple of references to 'self' in the finalizer proc
itself, which may cure some memory leaks as well due to circular references.
2016-03-02 21:43:51 -06:00
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
5f510df2ab
Resolve merge conflict with upstream's Gemfile.lock
2016-03-01 22:06:17 -06:00
f27d24fd60
Add module documentation for psexec
2016-03-01 18:52:47 -06:00
30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation
2016-03-01 11:48:55 -06:00
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
afc6f6ff74
fix options
2016-02-29 15:21:33 +00:00
bd6fdbb545
android sqlite_read command
2016-02-29 15:05:57 +00:00
c4c5944b25
Merge branch 'staging/rails-upgrade' into staging/MS-888/engines-is-deprecated
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2016-02-26 15:35:34 -06:00
7acba69e37
Land #6577 , add controls for Android ringer
2016-02-26 07:02:49 -06:00
5899b8afc8
make help show up when things are not specified correctly
2016-02-26 06:09:05 -06:00
9010dac7bc
Wrap up the current WIP, still not functional
2016-02-26 05:36:40 +00:00
5bf308e720
WIP checkin
2016-02-26 05:36:40 +00:00
d891e27cdd
Land #6597 , prefer Timeout.timeout since Object#timeout is deprecated
2016-02-25 22:17:49 -06:00
83fad3e328
Add Fortinet backdoor
2016-02-25 21:29:08 -06:00
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
cbc5b296e4
implement engines method locally instead of adding refinement
2016-02-25 11:05:17 -06:00
2ec7149ae7
Logging deprecations to STDERR
2016-02-25 10:59:50 -06:00
58ad2175b8
Raise when no network connection
2016-02-24 18:57:40 -06:00
b32f474e99
Bump version of framework to 4.11.13
2016-02-24 11:37:42 -08:00
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
3e22de116f
Changes to fix peer and style as recommended by jhart-r7.
2016-02-20 13:53:32 -08:00
cef1b77e26
fixes for android set_audio_mode
2016-02-20 12:01:10 +00:00
b868f7cc89
Bump version of framework to 4.11.12
2016-02-19 20:19:43 -08:00
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
72a69fcd16
Fixed timeout warning
2016-02-19 21:14:54 +00:00
9ba82453f8
Land #6584 , cidr notation addition for route command
2016-02-19 12:20:00 -06:00
af33980b72
Load hinfo support, fix broken hinfo code
2016-02-18 23:22:17 -08:00
b409b2237d
update to use the common bind_addresses method
2016-02-18 18:17:56 -06:00
4c716a268d
Set some flags
2016-02-18 16:11:34 -06:00
1e58b1574a
Land #6502 , add -x flag for showing extended sessions info
2016-02-18 15:37:41 -06:00
d316609fef
put extra columns under the -x flag
2016-02-18 15:36:43 -06:00
3beaeceb0e
Special-case bap2
2016-02-18 15:19:39 -06:00
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
02834d4251
Add API documentation
2016-02-18 11:44:14 -06:00
68703e1955
Break down DocumenGenerator, fix a bug when opening local md
2016-02-18 10:25:40 -06:00
a5f3bddfc8
Support RPC API
2016-02-18 00:39:12 -06:00
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
0b095cf08a
Remove unwanted variable
2016-02-17 15:25:31 -06:00
8b267efa2d
No need to gsub the first 12 spaces anymore
2016-02-17 14:29:33 -06:00
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
d5c005d948
HTML-escape some fields
2016-02-17 13:56:03 -06:00
5339bb50d8
Support targets
2016-02-17 13:48:24 -06:00
28e6d8ef9e
Allow CIDR notation for the route command
2016-02-17 09:44:32 -06:00
08dff6541d
rm junk code
2016-02-16 23:29:08 -06:00
509a1e8de1
Add manual for demo purposes
2016-02-16 23:18:29 -06:00
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
35e0a433ea
Make error output more useful
2016-02-16 14:45:00 -06:00
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
c5469be59e
Add Android ringer change mode command
2016-02-15 15:07:48 -06:00
2fddf333ed
add TLV entry
2016-02-15 15:04:15 -06:00
59bf850bb0
Update android.rb
...
Add request for Ringer Mode Changer
2016-02-15 14:59:15 -06:00
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
93cc7d58ba
Bump version of framework to 4.11.11
2016-02-12 15:38:50 -08:00
db19a7d9b3
Merge branch 'upstream-master'
2016-02-10 23:15:21 -06:00
44eb2d6a80
Merge branch 'upstream/master' into default-xor
2016-02-11 14:30:18 +10:00
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
d8a7421a0a
working on automated testing of 08-067
2016-02-09 13:43:34 -06:00
d5c3fcae04
Land #6511 , Bump Jsobfu version to support preserved_identifiers
2016-02-05 15:57:53 -06:00
3c1ada46dd
Bump version of framework to 4.11.10
2016-02-05 13:40:02 -08:00
a2a932e176
Dont store AXFR answers if there are no answers
2016-02-04 10:28:11 -08:00
6882bf275e
Break out of the wait loop for this ns after a response is received
2016-02-04 10:07:53 -08:00
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported.
2016-02-04 10:30:56 -06:00
d55e68e76b
Fix bug in js_obfuscate
2016-02-02 11:25:39 -06:00
208420d741
Sort methods
2016-02-02 10:02:32 -06:00
b4ed55b4d4
Fix reverse_http{,s} LHOST bind address
2016-02-02 09:57:11 -06:00
93bdea0a60
Add tab completion for ReverseListenerBindAddress
2016-02-01 13:57:45 -06:00
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
4d6791d432
fix returning of error
2016-01-31 15:13:21 +00:00
1828b7fda6
Land #6512 , Acunetix importer missing scheme fix
2016-01-29 13:17:44 -06:00
7079110964
Bump version of framework to 4.11.9
2016-01-29 10:51:46 -08:00
b6bc862c1b
Land #6267 , fix Rex::Parser::Ini#each_group
2016-01-29 11:19:40 -06:00
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
7b4f3f8148
Remove -vv, restore -v and add -ci
2016-01-29 11:52:21 +10:00
e542a6c8cf
Fix importing with Acunetix
...
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
f4139f85cb
Change to JsIdentifiers
2016-01-28 15:18:25 -06:00
4bd2be5dfa
Add preserved_identifiers support
2016-01-28 14:36:42 -06:00
c2f8e95492
Missed one
2016-01-28 14:18:19 -06:00
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
537c7e790e
Use vprint_status instead of reimplementing it
2016-01-28 12:51:20 -06:00
cb92d41356
Land #6508 , add dir alias for ls
2016-01-27 15:21:59 -06:00
51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
3acb5d270b
Add `dir` as an alias for `ls`
2016-01-27 12:21:15 +10:00
69d9ff7958
Add an extended mode to the session list
2016-01-25 22:36:13 +10:00
0134161c1b
Fix another typo
2016-01-25 22:15:13 +10:00
7deae90185
Land #6499 : Fix reverse_tcp handling of disconnects
...
Fixes #6497
2016-01-23 17:59:23 +10:00
a587975f90
be more robust and careful breaking from the accept thread
2016-01-23 01:46:58 -06:00
6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
d6facbe339
Land #6421 , ADB protocol and exploit
2016-01-22 20:45:44 -06:00
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
b3e76f7793
Land #6484 , handle rspec failures gracefully if there is no database
2016-01-22 17:28:49 -06:00
e6147d60e2
fix rspecs
2016-01-22 23:43:13 +01:00
158b1e473c
revert value
2016-01-22 23:38:45 +01:00
02841c79c3
some slight changes
2016-01-22 23:38:45 +01:00
0546911eef
fix error when invalid classname eg "class Metasploit1 < .."
2016-01-22 23:38:45 +01:00
8f4752d11e
show load warnings to the user
2016-01-22 23:38:45 +01:00
7dac21f58c
do not fail on old class name
2016-01-22 23:36:37 +01:00
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
91700f17e3
tidy up the ruby style while we're in here testing
2016-01-22 14:43:19 -06:00
ac8b483d32
don't break the accept loop just because we got a client connection that closed early
2016-01-22 13:52:00 -06:00
0871fe25e8
change text
2016-01-22 07:38:44 +01:00
e0de78280d
move SSL to the default options
2016-01-22 07:05:23 +01:00
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
5a0e11fb72
revert file check
2016-01-21 20:21:41 +01:00
d544488409
Land #6461 , backport net-ssh ECDH kex algorithms
2016-01-20 14:05:39 -06:00
0f7e3e954e
HttpServer's print prefix with... wait for it...
...
print_prefix
2016-01-20 13:44:18 -06:00
d46ab29186
Don't name the method #send
2016-01-19 20:03:02 -06:00
390b46dd25
also check file for existance
2016-01-19 23:55:49 +01:00
b45e22b64d
use .any?
2016-01-19 23:16:10 +01:00
aaa1174ca5
fix rspec errors without database
2016-01-19 20:28:58 +01:00
6c2391ed0d
Fix typo in random xor key generator
2016-01-19 15:37:10 +10:00
d92ca8f6b0
Merge branch 'upstream/master' into default-xor
2016-01-17 09:47:05 +10:00
98cfd2de90
remove PING authentication
2016-01-16 12:42:15 +08:00
a030179577
Bump version of framework to 4.11.8
2016-01-15 15:17:13 -08:00
59660dd6d0
Land #6465 , remove unneeded meterpreter extension post-installation copies
2016-01-15 17:04:14 -06:00
Christian Mehlmauer
Tim
wchen-r7
William Vu
Brent Cook
Spencer McIntyre
Metasploit
Gregory Mikeska
Brian Patterson
Fernando Arias
HD Moore
HD Moore
darkbushido
RageLtMan
Micheal
RubenRocha
Louis Sato
Jon Hart
James Lee
Artem
OJ
Adam Cammack
KINGSABRI
Adam Cammack
nixawk