Brent Cook
3b6a3374ae
prefer explicit defaults to implicit
2016-03-15 20:58:14 -05:00
Adam Cammack
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
David Maloney
3cbc5684e1
iadd some preuath fps for postgres 9.4
...
the preauth fingerprinting for postgres is somewhat
unmaintainable, but due to a specific customer request
i have added these two FPs for 9.4.1-5
MS-1102
2016-03-15 14:50:07 -05:00
Brent Cook
654590911b
Enforce integrity of datastore options on assignment
2016-03-15 14:00:32 -05:00
HD Moore
42689df6b3
Fix a stack trace with ``set PAYLOAD`` in ``msf>`` context
2016-03-13 14:56:54 -05:00
Christian Mehlmauer
4f09246c78
reenable module loader warnings
2016-03-13 20:04:05 +01:00
Brent Cook
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
David Maloney
15ba85bac2
fix missed deprecations
...
missed some deprecation warnings
2016-03-09 13:29:35 -06:00
David Maloney
88697a5d3f
Merge branch 'master' into staging/rails-upgrade
2016-03-08 15:22:04 -06:00
wchen-r7
f831d58c1c
Support tables
2016-03-08 12:19:27 -06:00
wchen-r7
698f425821
Auto <hr>
2016-03-08 11:25:15 -06:00
wchen-r7
b91ee232ff
Change HTML parsing
2016-03-08 10:25:29 -06:00
wchen-r7
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
wchen-r7
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook
5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated
2016-03-06 17:19:05 -06:00
Brent Cook
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
Brent Cook
85acfabfca
remove various library workarounds for the datastore not preserving types
2016-03-05 23:10:57 -06:00
Brent Cook
694f7f0a65
stop turning all default options into strings
...
we need to adjust vprint* functions, since they now fallthrough to the
'framework.datastore' checks because the false case actually triggers.
2016-03-05 23:09:14 -06:00
wchen-r7
c811ed8d60
Correct name: PAYLOAD_DEMO_TEMPLATE
2016-03-05 00:42:36 -06:00
wchen-r7
934f8de9b7
Update the conditions of is_remote_exploit?
2016-03-03 00:53:00 -06:00
wchen-r7
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
wchen-r7
5f510df2ab
Resolve merge conflict with upstream's Gemfile.lock
2016-03-01 22:06:17 -06:00
wchen-r7
f27d24fd60
Add module documentation for psexec
2016-03-01 18:52:47 -06:00
Brian Patterson
30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation
2016-03-01 11:48:55 -06:00
William Vu
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
William Vu
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
wchen-r7
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
William Vu
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
Brent Cook
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
Gregory Mikeska
cbc5b296e4
implement engines method locally instead of adding refinement
2016-02-25 11:05:17 -06:00
wchen-r7
58ad2175b8
Raise when no network connection
2016-02-24 18:57:40 -06:00
RageLtMan
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Micheal
3e22de116f
Changes to fix peer and style as recommended by jhart-r7.
2016-02-20 13:53:32 -08:00
wchen-r7
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
Louis Sato
9ba82453f8
Land #6584 , cidr notation addition for route command
2016-02-19 12:20:00 -06:00
Brent Cook
b409b2237d
update to use the common bind_addresses method
2016-02-18 18:17:56 -06:00
wchen-r7
4c716a268d
Set some flags
2016-02-18 16:11:34 -06:00
Brent Cook
1e58b1574a
Land #6502 , add -x flag for showing extended sessions info
2016-02-18 15:37:41 -06:00
Brent Cook
d316609fef
put extra columns under the -x flag
2016-02-18 15:36:43 -06:00
wchen-r7
3beaeceb0e
Special-case bap2
2016-02-18 15:19:39 -06:00
wchen-r7
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
wchen-r7
02834d4251
Add API documentation
2016-02-18 11:44:14 -06:00
wchen-r7
68703e1955
Break down DocumenGenerator, fix a bug when opening local md
2016-02-18 10:25:40 -06:00
wchen-r7
a5f3bddfc8
Support RPC API
2016-02-18 00:39:12 -06:00
wchen-r7
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
wchen-r7
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
wchen-r7
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
wchen-r7
0b095cf08a
Remove unwanted variable
2016-02-17 15:25:31 -06:00
wchen-r7
8b267efa2d
No need to gsub the first 12 spaces anymore
2016-02-17 14:29:33 -06:00
wchen-r7
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
wchen-r7
d5c005d948
HTML-escape some fields
2016-02-17 13:56:03 -06:00
wchen-r7
5339bb50d8
Support targets
2016-02-17 13:48:24 -06:00
James Lee
28e6d8ef9e
Allow CIDR notation for the route command
2016-02-17 09:44:32 -06:00
wchen-r7
08dff6541d
rm junk code
2016-02-16 23:29:08 -06:00
wchen-r7
509a1e8de1
Add manual for demo purposes
2016-02-16 23:18:29 -06:00
wchen-r7
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
James Lee
35e0a433ea
Make error output more useful
2016-02-16 14:45:00 -06:00
Brent Cook
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
Brent Cook
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
Brent Cook
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
Brent Cook
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
Brent Cook
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
wchen-r7
d5c3fcae04
Land #6511 , Bump Jsobfu version to support preserved_identifiers
2016-02-05 15:57:53 -06:00
Brian Patterson
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported.
2016-02-04 10:30:56 -06:00
wchen-r7
d55e68e76b
Fix bug in js_obfuscate
2016-02-02 11:25:39 -06:00
James Lee
208420d741
Sort methods
2016-02-02 10:02:32 -06:00
William Vu
b4ed55b4d4
Fix reverse_http{,s} LHOST bind address
2016-02-02 09:57:11 -06:00
William Vu
93bdea0a60
Add tab completion for ReverseListenerBindAddress
2016-02-01 13:57:45 -06:00
William Vu
1828b7fda6
Land #6512 , Acunetix importer missing scheme fix
2016-01-29 13:17:44 -06:00
Brent Cook
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
OJ
7b4f3f8148
Remove -vv, restore -v and add -ci
2016-01-29 11:52:21 +10:00
Adam Cammack
e542a6c8cf
Fix importing with Acunetix
...
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
wchen-r7
f4139f85cb
Change to JsIdentifiers
2016-01-28 15:18:25 -06:00
wchen-r7
4bd2be5dfa
Add preserved_identifiers support
2016-01-28 14:36:42 -06:00
James Lee
c2f8e95492
Missed one
2016-01-28 14:18:19 -06:00
James Lee
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
James Lee
537c7e790e
Use vprint_status instead of reimplementing it
2016-01-28 12:51:20 -06:00
wchen-r7
51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
OJ
69d9ff7958
Add an extended mode to the session list
2016-01-25 22:36:13 +10:00
Brent Cook
a587975f90
be more robust and careful breaking from the accept thread
2016-01-23 01:46:58 -06:00
Christian Mehlmauer
e6147d60e2
fix rspecs
2016-01-22 23:43:13 +01:00
Christian Mehlmauer
158b1e473c
revert value
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
02841c79c3
some slight changes
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
0546911eef
fix error when invalid classname eg "class Metasploit1 < .."
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
8f4752d11e
show load warnings to the user
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
7dac21f58c
do not fail on old class name
2016-01-22 23:36:37 +01:00
Christian Mehlmauer
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
Brent Cook
91700f17e3
tidy up the ruby style while we're in here testing
2016-01-22 14:43:19 -06:00
Brent Cook
ac8b483d32
don't break the accept loop just because we got a client connection that closed early
2016-01-22 13:52:00 -06:00
Christian Mehlmauer
0871fe25e8
change text
2016-01-22 07:38:44 +01:00
Christian Mehlmauer
e0de78280d
move SSL to the default options
2016-01-22 07:05:23 +01:00
James Lee
0f7e3e954e
HttpServer's print prefix with... wait for it...
...
print_prefix
2016-01-20 13:44:18 -06:00
Brent Cook
28cf943bcb
Fix a couple of missing requires in payloads.
...
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.
It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook
8479d01029
Land #6450 , add TLS support to MSSQL
2016-01-14 12:17:40 -06:00
Brent Cook
37178cda06
Land #6449 , properly handle HttpServer resource collisions
2016-01-14 12:15:18 -06:00
James Lee
a7869975d8
Remove useless variable
2016-01-14 10:04:23 -06:00
James Lee
1f61eb50be
Sort methods
2016-01-14 09:09:29 -06:00