James Barnett
929fb041ab
Fix bug when adding workspace remotely
2018-03-19 11:01:22 -05:00
James Barnett
35bc8e905e
Refactor workspace delete to be consistent with other commands
2018-03-16 16:11:09 -05:00
James Barnett
8ddaae5fe4
Remove unused code
2018-03-15 12:12:12 -05:00
christopher lee
4d04319d2a
Merged master
2018-03-15 11:31:44 -05:00
James Barnett
0d170571da
Fix bug with file name
2018-03-14 15:59:07 -05:00
James Barnett
b179603b4a
Externalize db_export command
2018-03-14 15:06:28 -05:00
James Barnett
ac5669388a
Merge branch 'goliath' into MS-2879_db_export
2018-03-14 11:37:08 -05:00
Matthew Kienow
fcd2bbd1de
workaround attempt to parse nil JSON string value
2018-03-12 14:29:42 -04:00
Matthew Kienow
636284d530
Update session inferred vuln handling
...
Add remote vuln attempt
2018-03-12 14:26:03 -04:00
h00die
ec7a62bc4c
move ssh platforms to lib
2018-03-08 21:23:11 -05:00
James Barnett
b18ed03407
Merge branch 'goliath' into MS-2909
2018-03-07 14:55:50 -06:00
James Barnett
c670748fe3
Update services signature
2018-03-07 13:59:09 -06:00
James Barnett
c058d0fba0
WIP: port db_export command
2018-03-06 15:15:27 -06:00
Brent Cook
d6871f5733
Land #9614 , Juniper post enum module
2018-03-06 10:29:56 -06:00
christopher lee
68d72cbfa7
Goliath Cleanup in preparation for merge to master
2018-03-06 10:21:22 -06:00
James Barnett
b42c3ff654
Merge branch 'goliath' into MS-2909
2018-03-02 16:32:55 -06:00
James Barnett
fd4032928e
Add services search
2018-03-02 10:57:35 -06:00
christopher lee
4f6b1de9a3
Merge branch 'master' into goliath
2018-03-01 14:14:39 -06:00
James Barnett
06d2482e86
Implement services update
...
NOTE: This changes functionality for the services command flags.
Previously -s and -p were used for searching for services.
Now the commands will only be used for adds/updates.
If you would like to search, please use -s and pass a search string
2018-02-28 15:12:23 -06:00
James Barnett
dffbc67e71
Implement service delete
...
Also fix bug searching for services by host address
2018-02-27 17:17:07 -06:00
Brent Cook
9597e5294d
treat MUST_CHANGE + PASSWORD_EXPIRED as valid
2018-02-27 15:21:21 -06:00
James Barnett
c90fabee60
Implement remote service create
2018-02-27 14:20:43 -06:00
James Barnett
9dc6089fcf
Merge branch 'goliath' into MS-2909
2018-02-27 11:14:15 -06:00
Brent Cook
66e3ac4c76
treat 'password must change' as a successful login
2018-02-26 17:57:31 -06:00
h00die
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
Matthew Kienow
22752518ea
WIP remote vuln read, update, delete
2018-02-22 13:53:22 -05:00
James Barnett
d4440d049d
Merge branch 'goliath' of github.com:clee-r7/metasploit-framework into goliath
2018-02-21 11:16:31 -06:00
James Barnett
3005a8b7ce
Merge branch 'rapid7/master' into goliath
2018-02-21 11:16:05 -06:00
James Barnett
b3642b1079
Address PR comments
2018-02-20 15:30:37 -06:00
James Barnett
09ae4ac8ac
Add more info to console output
2018-02-20 13:34:33 -06:00
Wei Chen
9a293cd30e
Fix #8120 , Fix undef method 'gsub' in bavision_cam_login
...
Fix #8120
2018-02-14 11:03:03 -06:00
James Barnett
efd23d37c3
Use common error handling
2018-02-09 16:24:45 -06:00
James Barnett
bbd25fc97b
WIP: getting services add working
2018-02-08 17:20:50 -06:00
James Barnett
f114092445
Merge branch 'goliath' into MS-2833
2018-02-08 14:32:03 -06:00
jbarnett-r7
352cf295b5
Merge branch 'goliath' into MS-2833
2018-02-07 14:38:26 -06:00
James Barnett
5b35662dbf
Address PR comments
2018-02-07 14:21:31 -06:00
James Barnett
cb093d8063
Use proper logging
2018-02-07 10:25:56 -06:00
Matthew Kienow
52b8f405bd
Refactor change host methods, remove debug output
2018-02-06 18:54:05 -05:00
James Barnett
5bc38206c0
Few more loot bugs
2018-02-06 17:22:09 -06:00
James Barnett
6e2503bbd8
Add loot update
2018-02-06 16:16:22 -06:00
Matthew Kienow
629f79ebf7
WIP remote host update
2018-02-06 16:11:46 -05:00
James Barnett
49b88dbef7
Pass loot search using query string
2018-02-05 18:15:05 -06:00
jbarnett-r7
f176e339bc
Merge pull request #12 from clee-r7/ms-2911
...
Ms 2911
2018-02-05 15:46:28 -06:00
christopher lee
1759621b03
Make 8080 default service port
2018-02-05 15:01:03 -06:00
christopher lee
020a28f5c7
Unify data service command
2018-02-05 13:28:17 -06:00
James Barnett
e8b29af208
Merge branch 'goliath' into MS-2833
2018-02-02 17:32:17 -06:00
Matthew Kienow
dcf4171cfb
Fix query array encoding issue
2018-02-02 17:16:12 -05:00
christopher lee
5a899d5126
Renamed msfdb to avoid omnibus collision, removed inline data service startup code
2018-02-01 16:28:36 -06:00
christopher lee
3bc0608579
Finish POC cleanup
2018-02-01 13:59:15 -06:00
christopher lee
59bc1a34d5
Remove 'puts' logging and cleanup AWS poc
2018-02-01 13:38:20 -06:00
James Barnett
fc7ab6cbff
Merge branch 'externalize-host-data-search' into MS-2833
2018-02-01 11:24:11 -06:00
Matthew Kienow
5c38207a8e
WIP externalize host data search
2018-01-31 16:34:42 -05:00
James Barnett
3ff613db8f
"fix" adding loot from the command line
2018-01-31 10:31:09 -06:00
James Barnett
e1b61b8180
Merge branch 'goliath' into MS-2833
2018-01-31 10:06:36 -06:00
Matthew Kienow
3a01a16dcb
Fix issue with workspace in query data
2018-01-25 17:29:58 -05:00
Matthew Kienow
4989e94e68
Add HTTP PUT request method
2018-01-25 10:40:57 -05:00
James Barnett
5505996518
Add loot delete
2018-01-24 16:42:16 -06:00
Matthew Kienow
2ffd627c56
Merge branch 'goliath' into add_https
2018-01-23 18:59:59 -05:00
christopher lee
dd65141a22
Merge branch 'goliath' into MS-2891
2018-01-23 10:45:44 -06:00
James Barnett
d10cd2d92a
Add verification methods to HTTPS
...
This commit enables peer verification for SSL.
It also gives the user options to verify the server if the server uses a self-signed cert.
There is an override to skip verification as well.
2018-01-22 18:08:16 -06:00
Christopher Lee
6ffae7f6ad
Merge pull request #9 from clee-r7/correct-api-url
...
Update API URLs
2018-01-22 15:17:09 -06:00
christopher lee
2521c941d4
Ported singleton calls
2018-01-22 14:57:28 -06:00
Matthew Kienow
2211459b9d
Correct workspace_associations_counts API path
2018-01-20 14:54:14 -05:00
Matthew Kienow
b7e5b0f161
Update API URLs per design discussion
2018-01-20 14:50:59 -05:00
Matthew Kienow
cb4999c1ac
Add URI query data option to request methods
2018-01-19 16:51:49 -05:00
christopher lee
d5978803eb
Fix all failing rspec for goliath
2018-01-19 15:16:19 -06:00
James Barnett
b8296a809c
Merge branch 'goliath' into add_https
2018-01-19 13:33:24 -06:00
James Barnett
ff9c69c7c8
Merge branch 'rapid7/master' into goliath
2018-01-19 13:28:17 -06:00
Matthew Kienow
764ecf6562
Land #6 JSON to MDM
...
Deserialize JSON returned from a remote data service to an in-memory MDM object
2018-01-18 17:21:10 -05:00
James Barnett
0654979be6
Remove separate code path for openstruct for creds.
...
Also fix RemoteCredentialDataService to work with json_to_mdm
2018-01-18 13:27:33 -06:00
Brent Cook
7fe237abe1
Land #9220 , Module cache improvements
2018-01-17 22:34:51 -06:00
Brent Cook
08f622b0ce
update version
2018-01-17 17:24:15 -06:00
James Barnett
bab9b66521
Only send back one object for host create
2018-01-12 10:52:16 -06:00
James Barnett
809d3d28c7
Merge branch 'rapid7/master' into goliath
2018-01-11 16:18:41 -06:00
James Barnett
b2666ad3f2
Update host delete method to return full objects of deleted hosts
2018-01-11 16:12:25 -06:00
Metasploit
18f16e7c66
Bump version of framework to 4.16.32
2018-01-11 10:03:16 -08:00
Matthew Kienow
e964e8bcbb
Fix incorrect HTTP request method calls
2018-01-10 23:59:53 -05:00
Matthew Kienow
f895169c7f
Fix incorrect HTTP request method calls
2018-01-10 23:53:24 -05:00
James Barnett
3c73892a70
Use json_to_mdm for Credentials.
2018-01-10 16:58:44 -06:00
James Barnett
4a377af5e6
Deserialize JSON to Mdm Object
2018-01-09 15:18:49 -06:00
James Barnett
173705ad35
Add error handling when no data returned from server
2018-01-05 11:44:25 -06:00
Metasploit
3a7a539c84
Bump version of framework to 4.16.31
2018-01-04 12:17:08 -08:00
Metasploit
d4de9eef9b
Bump version of framework to 4.16.30
2018-01-04 10:03:21 -08:00
James Barnett
5058c2d36f
Merge branch 'goliath' into add_https
2018-01-03 10:51:22 -06:00
James Barnett
4aac8f5c39
Merge branch 'rapid7/master' into goliath
2018-01-02 17:34:40 -06:00
Matthew Kienow
40d15bf3e6
Hash#each style correction
2018-01-02 12:25:14 -05:00
James Barnett
f015b926da
Merge branch 'goliath' into add_https
2018-01-02 10:38:48 -06:00
Metasploit
7254130b77
Bump version of framework to 4.16.29
2017-12-28 15:19:22 -08:00
Jeffrey Martin
66ca61f636
Merge released '4.x'
2017-12-28 17:15:29 -06:00
Brent Cook
c2bb144d0f
Land #9302 , Implement ARD auth and add remote CVE-2017-13872 (iamroot) module
2017-12-28 14:11:26 -06:00
Metasploit
c681c7881d
Bump version of framework to 4.16.28
2017-12-28 10:03:39 -08:00
Brent Cook
6f1196d30c
clarify what's happening when there is a connection failure
2017-12-27 22:32:08 -06:00
Matthew Kienow
5e4836b1e9
Implement hosts remote data store delete
...
Also, resolve an issue when adding a host where the client-side
raises an exception.
2017-12-26 23:09:23 -05:00
Jon Hart
d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login
2017-12-22 08:07:40 -08:00
Metasploit
909caa0425
Bump version of framework to 4.16.27
2017-12-21 13:27:52 -08:00
Brent Cook
9d8cb8a8d0
Merge branch '4.x' into upstream-master
2017-12-21 15:17:38 -06:00
Metasploit
ee2f10efc5
Bump version of framework to 4.16.26
2017-12-21 10:04:38 -08:00
Jon Hart
962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login
2017-12-20 18:58:36 -08:00
Jon Hart
d0b3abc14b
Better handling of MQTT endpoints which don't require authentication
...
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
2017-12-20 18:02:52 -08:00
Jeffrey Martin
8cd7185a7f
Land #9313 , Add DirectAdmin login_scanner module
2017-12-20 15:23:24 -06:00
Jeffrey Martin
7f8a5d3834
improved credential reporting
2017-12-20 15:09:11 -06:00
Jon Hart
b4262662dc
Add missing mqtt login helper
2017-12-20 12:33:49 -08:00
Metasploit
66b1a555a1
Bump version of framework to 4.16.25
2017-12-18 16:33:25 -08:00
Nick Marcoccio
be2a3ca270
edited sid comment
2017-12-18 08:18:02 -05:00
Nick Marcoccio
f447fa1a12
Added DirectAdmin Login Utillity
2017-12-17 22:43:37 -05:00
jgor
b99f044de5
Implement VNC security type 30 (Apple Remote Desktop) authentication
2017-12-14 13:57:38 -06:00
Metasploit
be4f9236f2
Bump version of framework to 4.16.24
2017-12-14 10:08:05 -08:00
James Barnett
973f3bacd8
Remove require statements for remote_service_endpoint
2017-12-13 11:31:29 -06:00
James Barnett
74c00cf8ba
WIP: Enable HTTPS client.
...
Removed RemoteServiceEndpoint and using URI instead.
2017-12-12 16:42:20 -06:00
Matthew Kienow
c7e7b5861d
Fix error in exception message
2017-12-11 17:52:24 -05:00
Metasploit
348cbe54b6
Bump version of framework to 4.16.23
2017-12-08 10:01:55 -08:00
James Barnett
8835dae6f0
Switch to net/http header handling
2017-12-05 15:06:15 -06:00
James Barnett
35b217b748
Merge branch 'goliath' into http_client_change
2017-12-05 11:13:53 -06:00
Metasploit
fd1681edd9
Bump version of framework to 4.16.22
2017-12-01 10:04:07 -08:00
Metasploit
174d0d46de
Bump version of framework to 4.16.21
2017-11-29 10:45:55 -08:00
Metasploit
c9da8f7a18
Bump version of framework to 4.16.20
2017-11-24 10:01:50 -08:00
James Barnett
770f092e5d
Use more accurate variable name
2017-11-22 12:34:24 -06:00
James Barnett
e0837fb01d
Create local copies of loot
2017-11-21 16:28:19 -06:00
James Barnett
82a30ed618
Fix bug in db_nmap with RDS
...
The cmd_db_nmap method was cleaning up the nmap XML file
before it could be read. Making the call synchronous will prevent
it from hitting the ensure block before the processing is done
when running msfdb locally.
2017-11-20 15:40:27 -06:00
Metasploit
602406a423
Bump version of framework to 4.16.19
2017-11-17 10:02:22 -08:00
Metasploit
5cdd364590
Bump version of framework to 4.16.18
2017-11-15 19:46:12 -08:00
christopher lee
fe1af35107
First pass at changes needed for module metadata caching
2017-11-15 16:38:01 -06:00
James Barnett
9647f8d951
DRY up HTTP request code.
2017-11-14 15:31:31 -06:00
Metasploit
4f660d7dd7
Bump version of framework to 4.16.17
2017-11-10 10:05:05 -08:00
James Barnett
029d3b718d
Connect and get working with net/http.
...
POST looks to be working too.
2017-11-09 17:10:26 -06:00
William Vu
fbbc8da8fb
Fix raise(s) in MSSQL client aborting mssql_login
2017-11-07 14:30:47 -06:00
Metasploit
deb5a7b015
Bump version of framework to 4.16.16
2017-11-03 10:03:38 -07:00
Metasploit
a14102083c
Bump version of framework to 4.16.15
2017-11-02 10:01:12 -07:00
James Barnett
04f5f41265
Merge branch 'port_dbnmap' into loot_and_creds
2017-10-31 17:03:40 -05:00
James Barnett
cfdda37f62
Send nmap file across the wire.
2017-10-31 10:12:45 -05:00
Brent Cook
f42b980cf0
fix misspelled RuntimeError
2017-10-30 15:42:11 -05:00
Metasploit
140955f220
Bump version of framework to 4.16.14
2017-10-27 10:03:00 -07:00
James Barnett
9d00093d81
Initial commit for nmap proxying
2017-10-25 16:04:31 -05:00
James Barnett
a4914074fb
Merge branch 'goliath' into loot_and_creds
2017-10-24 12:01:32 -05:00
James Barnett
d63b087610
Fix bug with creating session_events
2017-10-24 11:51:27 -05:00
James Barnett
ffcec527a7
Successfully storing creds remotely
2017-10-23 11:30:50 -05:00
Metasploit
884b68fa60
Bump version of framework to 4.16.13
2017-10-20 10:02:23 -07:00
christopher lee
2c8f27cd98
More general cleanup including is_local db check
2017-10-16 17:07:26 -05:00
James Barnett
5232e9926e
creds command converted
2017-10-16 15:27:53 -05:00
Metasploit
88585a5cfd
Bump version of framework to 4.16.12
2017-10-13 10:03:48 -07:00
James Barnett
4c164fafb0
WIP: proxy credentials
2017-10-10 13:52:30 -05:00
Metasploit
4acef04e0d
Bump version of framework to 4.16.11
2017-10-06 10:01:51 -07:00
James Barnett
0dbfc9d447
WIP: Drop session objects before JSON conversion
...
The session object is not intended to be store in the DB.
There are a ton of subobjects and unneeded data that causes the JSON conversion
to hang or fail with 'stack level too deep' errors.
2017-10-06 11:43:01 -05:00
James Barnett
08b62db061
Pass loot contents over the API and write file
2017-10-03 12:31:57 -05:00
James Barnett
49f5256f88
Make session_events retrievable from the API
2017-09-29 16:04:17 -05:00
James Barnett
eb927663ff
use a better method for storing session_events
2017-09-29 14:59:08 -05:00
Metasploit
32104eb90e
Bump version of framework to 4.16.10
2017-09-29 10:04:04 -07:00
christopher lee
293d1edeb1
Merge master: 8853193542
2017-09-29 11:06:16 -05:00
James Barnett
ed74c3726f
Proxy session events.
...
This enables modules to use report_loot with a remote data service
2017-09-28 17:03:09 -05:00
James Barnett
0b29408aa2
Allow filtering of loot
2017-09-26 13:48:01 -05:00
James Barnett
ee3e354f4f
Get posting working with loot -a
2017-09-22 16:13:58 -05:00
James Barnett
40abbccb03
Merge remote-tracking branch 'rapid7/master' into proxy_loot
2017-09-22 14:10:02 -05:00
Metasploit
68fa3d45f3
Bump version of framework to 4.16.9
2017-09-22 10:05:19 -07:00
James Barnett
812ad9f9cb
loot printing (maybe) working
2017-09-21 15:20:49 -05:00
James Barnett
9f95f88035
Fix a couple of bugs.
2017-09-19 16:35:18 -05:00
James Barnett
765ea01e9f
loot posting working
2017-09-18 15:58:40 -05:00
Metasploit
b2f5bd16e6
Bump version of framework to 4.16.8
2017-09-15 10:02:38 -07:00
christopher lee
2cd9649139
Added msf red connection mechanism
2017-09-14 12:57:03 -05:00
Metasploit
faa84faf25
Bump version of framework to 4.16.7
2017-09-08 15:38:22 -07:00
Metasploit
f5a73f3efe
Bump version of framework to 4.16.6
2017-09-08 10:03:41 -07:00
christopher lee
000f561d6f
Added session data export
2017-09-08 11:09:15 -05:00
Metasploit
92f5290a50
Bump version of framework to 4.16.5
2017-09-01 10:08:40 -07:00
Metasploit
a0131f450e
Bump version of framework to 4.16.4
2017-08-28 14:34:39 -07:00
Metasploit
779b25bdf6
Bump version of framework to 4.16.3
2017-08-25 10:02:45 -07:00
Metasploit
2f72404b26
Bump version of framework to 4.16.2
2017-08-23 19:11:11 -07:00
Metasploit
7c2fa20191
Bump version of framework to 4.16.1
2017-08-23 10:36:19 -07:00
christopher lee
c09796ea7e
Merge master
2017-08-23 11:37:04 -05:00
Metasploit
ca7d481658
Bump version of framework to 4.16.0
2017-08-20 16:57:48 -07:00
Metasploit
95824ce132
Bump version of framework to 4.15.8
2017-08-18 10:03:23 -07:00
Metasploit
be926e1d75
Bump version of framework to 4.15.7
2017-08-11 10:12:37 -07:00
Metasploit
83cd0bc977
Bump version of framework to 4.15.6
2017-08-04 10:07:09 -07:00
Metasploit
70f659370f
Bump version of framework to 4.15.5
2017-07-28 10:21:44 -07:00
Metasploit
50474a1ea7
Bump version of framework to 4.15.4
2017-07-21 10:03:44 -07:00
Metasploit
39b2e824ec
Bump version of framework to 4.15.3
2017-07-17 15:43:31 -07:00
Metasploit
f80c053114
Bump version of framework to 4.15.2
2017-07-17 12:01:22 -07:00
dmaloney-r7
d6ee0ca94d
Merge branch 'master' into kill-cucumber
2017-07-14 10:23:38 -05:00
Metasploit
03691cc35f
Bump version of framework to 4.15.1
2017-07-12 20:08:07 -07:00
Brent Cook
dbef4ee816
kill cucumber in framework
2017-07-12 08:00:29 -05:00
christopher lee
b81e9a4d2a
Pass 1: externalize database
2017-07-07 13:33:42 -05:00
Metasploit
fad696ed58
Bump version of framework to 4.15.0
2017-06-22 18:02:38 -07:00
Pearce Barry
c0efb7bc76
Land #8573 , Adapted the authentitcity_token scheme
2017-06-19 15:45:20 -05:00
Metasploit
9ce0bb9345
Bump version of framework to 4.14.28
2017-06-16 10:02:07 -07:00
SecureAB
ef7434b59b
added new authentitcity_token scheme
2017-06-16 16:54:38 +02:00
Metasploit
0515980138
Bump version of framework to 4.14.27
2017-06-12 07:39:14 -07:00
Metasploit
77b1125e77
Bump version of framework to 4.14.26
2017-06-09 10:03:35 -07:00
David Maloney
42aa2e5acf
add some attempts at debugging to ntds
...
add some logging and more status outputs to the
NTDS domain hasdump. Also force the encoding on
strings to UTF8
2017-06-05 15:21:50 -05:00
Metasploit
92a65f5c63
Bump version of framework to 4.14.25
2017-06-02 10:03:44 -07:00
Metasploit
0c792798a7
Bump version of framework to 4.14.24
2017-05-30 07:26:35 -07:00
Metasploit
15b3b7de41
Bump version of framework to 4.14.23
2017-05-26 10:02:14 -07:00
Metasploit
18f520382b
Bump version of framework to 4.14.22
2017-05-19 12:12:27 -07:00
Metasploit
c54c999efc
Bump version of framework to 4.14.21
2017-05-19 10:02:32 -07:00
Metasploit
126c078ced
Bump version of framework to 4.14.20
2017-05-18 11:53:33 -07:00
David Maloney
94e4dc2938
fix for smb_login errors
...
do not try the TreeConnect if the SESSION_SETUP
has already failed.
2017-05-18 11:26:03 -05:00
Metasploit
729f2a9ab8
Bump version of framework to 4.14.19
2017-05-16 14:09:45 -07:00
Metasploit
405f2c6ca1
Bump version of framework to 4.14.18
2017-05-12 10:10:30 -07:00
Metasploit
a0b50390c5
Bump version of framework to 4.14.17
2017-05-05 10:02:17 -07:00
Metasploit
2f1df4d4c2
Bump version of framework to 4.14.16
2017-05-02 11:11:20 -07:00
Metasploit
89e81253ed
Bump version of framework to 4.14.15
2017-04-21 10:02:32 -07:00
Brent Cook
6b37e1ecfc
Land #8268 , Improve metasploit-aggregator UX
2017-04-21 11:21:49 -05:00
Jeffrey Martin
32da0ed3d7
fix some comment typos
2017-04-19 14:14:26 -05:00