Commit Graph

7675 Commits (6cb93f2af2116a3f2aa959f2aa94be7a02f62c36)

Author SHA1 Message Date
Brent Cook 3b6a3374ae prefer explicit defaults to implicit 2016-03-15 20:58:14 -05:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
David Maloney 3cbc5684e1
iadd some preuath fps for postgres 9.4
the preauth fingerprinting for postgres is somewhat
unmaintainable, but due to a specific customer request
i have added these two FPs for 9.4.1-5

MS-1102
2016-03-15 14:50:07 -05:00
Brent Cook 654590911b Enforce integrity of datastore options on assignment 2016-03-15 14:00:32 -05:00
HD Moore 42689df6b3 Fix a stack trace with ``set PAYLOAD`` in ``msf>`` context 2016-03-13 14:56:54 -05:00
Christian Mehlmauer 4f09246c78
reenable module loader warnings 2016-03-13 20:04:05 +01:00
Brent Cook dabe5c8465
Land #6655, use MetasploitModule as module class name 2016-03-13 13:48:31 -05:00
David Maloney 15ba85bac2
fix missed deprecations
missed some deprecation warnings
2016-03-09 13:29:35 -06:00
David Maloney 88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
wchen-r7 f831d58c1c Support tables 2016-03-08 12:19:27 -06:00
wchen-r7 698f425821 Auto <hr> 2016-03-08 11:25:15 -06:00
wchen-r7 b91ee232ff Change HTML parsing 2016-03-08 10:25:29 -06:00
wchen-r7 58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
wchen-r7 c2f99b559c Add documentation for auxiliary/scanner/http/tomcat_enum
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook 5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated 2016-03-06 17:19:05 -06:00
Brent Cook a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook 85acfabfca remove various library workarounds for the datastore not preserving types 2016-03-05 23:10:57 -06:00
Brent Cook 694f7f0a65 stop turning all default options into strings
we need to adjust vprint* functions, since they now fallthrough to the
'framework.datastore' checks because the false case actually triggers.
2016-03-05 23:09:14 -06:00
wchen-r7 c811ed8d60 Correct name: PAYLOAD_DEMO_TEMPLATE 2016-03-05 00:42:36 -06:00
wchen-r7 934f8de9b7 Update the conditions of is_remote_exploit? 2016-03-03 00:53:00 -06:00
wchen-r7 11964c5c1a Add remote exploit demo and web_delivery doc 2016-03-02 19:52:11 -06:00
wchen-r7 5f510df2ab Resolve merge conflict with upstream's Gemfile.lock 2016-03-01 22:06:17 -06:00
wchen-r7 f27d24fd60 Add module documentation for psexec 2016-03-01 18:52:47 -06:00
Brian Patterson 30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation 2016-03-01 11:48:55 -06:00
William Vu c5a9d59455
Land #6612, one final missing change 2016-02-29 15:08:42 -06:00
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
Brent Cook a87cf02b50
Land #6524, fix reverse_http to try binding to LHOST first 2016-02-25 20:25:02 -06:00
Gregory Mikeska cbc5b296e4
implement engines method locally instead of adding refinement 2016-02-25 11:05:17 -06:00
wchen-r7 58ad2175b8 Raise when no network connection 2016-02-24 18:57:40 -06:00
RageLtMan d7ba37d2e6 Msf::Exploit::Remote::HttpServer print_* fix
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.

When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.

Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Micheal 3e22de116f Changes to fix peer and style as recommended by jhart-r7. 2016-02-20 13:53:32 -08:00
wchen-r7 24530e2734 Scrollable list, tab name change, print_status 2016-02-19 20:46:39 -06:00
Louis Sato 9ba82453f8
Land #6584, cidr notation addition for route command 2016-02-19 12:20:00 -06:00
Brent Cook b409b2237d update to use the common bind_addresses method 2016-02-18 18:17:56 -06:00
wchen-r7 4c716a268d Set some flags 2016-02-18 16:11:34 -06:00
Brent Cook 1e58b1574a
Land #6502, add -x flag for showing extended sessions info 2016-02-18 15:37:41 -06:00
Brent Cook d316609fef put extra columns under the -x flag 2016-02-18 15:36:43 -06:00
wchen-r7 3beaeceb0e Special-case bap2 2016-02-18 15:19:39 -06:00
wchen-r7 e5ad6fa781 Support "knowledge base" 2016-02-18 15:02:24 -06:00
wchen-r7 02834d4251 Add API documentation 2016-02-18 11:44:14 -06:00
wchen-r7 68703e1955 Break down DocumenGenerator, fix a bug when opening local md 2016-02-18 10:25:40 -06:00
wchen-r7 a5f3bddfc8 Support RPC API 2016-02-18 00:39:12 -06:00
wchen-r7 089d6985b6 Add more demo templates 2016-02-18 00:17:32 -06:00
wchen-r7 1bfe1ad140 More demos 2016-02-17 19:04:06 -06:00
wchen-r7 76f2c917ee Allow no GITHUB_OAUTH_TOKEN, and gsub for demo 2016-02-17 15:38:30 -06:00
wchen-r7 0b095cf08a Remove unwanted variable 2016-02-17 15:25:31 -06:00
wchen-r7 8b267efa2d No need to gsub the first 12 spaces anymore 2016-02-17 14:29:33 -06:00
wchen-r7 714106174e Do external erb template 2016-02-17 14:27:29 -06:00
wchen-r7 d5c005d948 HTML-escape some fields 2016-02-17 13:56:03 -06:00
wchen-r7 5339bb50d8 Support targets 2016-02-17 13:48:24 -06:00
James Lee 28e6d8ef9e
Allow CIDR notation for the route command 2016-02-17 09:44:32 -06:00
wchen-r7 08dff6541d rm junk code 2016-02-16 23:29:08 -06:00
wchen-r7 509a1e8de1 Add manual for demo purposes 2016-02-16 23:18:29 -06:00
wchen-r7 b0cfb4aacf Add info -d to show module documentation in .md 2016-02-16 22:44:03 -06:00
James Lee 35e0a433ea
Make error output more useful 2016-02-16 14:45:00 -06:00
Brent Cook 95484c81fd
Land #6526, fix browser exploit server spec 2016-02-15 16:23:04 -06:00
Brent Cook 1f58ad15ac Browser::Exploit::Server needs to have vprint* 2016-02-15 16:21:24 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
Brent Cook 4db2840af9
Land #6385, add .apk template support for msfvenom 2016-02-15 14:27:08 -06:00
Brent Cook 2386cb1344
Land #6527, add support for importing Burp suite vuln exports 2016-02-10 13:19:21 -06:00
wchen-r7 d5c3fcae04
Land #6511, Bump Jsobfu version to support preserved_identifiers 2016-02-05 15:57:53 -06:00
Brian Patterson 4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported. 2016-02-04 10:30:56 -06:00
wchen-r7 d55e68e76b Fix bug in js_obfuscate 2016-02-02 11:25:39 -06:00
James Lee 208420d741
Sort methods 2016-02-02 10:02:32 -06:00
William Vu b4ed55b4d4 Fix reverse_http{,s} LHOST bind address 2016-02-02 09:57:11 -06:00
William Vu 93bdea0a60 Add tab completion for ReverseListenerBindAddress 2016-02-01 13:57:45 -06:00
William Vu 1828b7fda6
Land #6512, Acunetix importer missing scheme fix 2016-01-29 13:17:44 -06:00
Brent Cook cd56470759
Land #6493, move SSL to the default options, other fixes 2016-01-29 11:09:51 -06:00
OJ 7b4f3f8148 Remove -vv, restore -v and add -ci 2016-01-29 11:52:21 +10:00
Adam Cammack e542a6c8cf
Fix importing with Acunetix
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
wchen-r7 f4139f85cb Change to JsIdentifiers 2016-01-28 15:18:25 -06:00
wchen-r7 4bd2be5dfa Add preserved_identifiers support 2016-01-28 14:36:42 -06:00
James Lee c2f8e95492
Missed one 2016-01-28 14:18:19 -06:00
James Lee ad026b3a7a
Add #peer to Tcp 2016-01-28 13:58:24 -06:00
James Lee 537c7e790e
Use vprint_status instead of reimplementing it 2016-01-28 12:51:20 -06:00
wchen-r7 51efb2daee
Land #6422, Add support for native target in Android webview exploit 2016-01-27 14:27:41 -06:00
OJ 69d9ff7958 Add an extended mode to the session list 2016-01-25 22:36:13 +10:00
Brent Cook a587975f90 be more robust and careful breaking from the accept thread 2016-01-23 01:46:58 -06:00
Christian Mehlmauer e6147d60e2 fix rspecs 2016-01-22 23:43:13 +01:00
Christian Mehlmauer 158b1e473c revert value 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 02841c79c3 some slight changes 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 0546911eef fix error when invalid classname eg "class Metasploit1 < .." 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 8f4752d11e show load warnings to the user 2016-01-22 23:38:45 +01:00
Christian Mehlmauer 7dac21f58c do not fail on old class name 2016-01-22 23:36:37 +01:00
Christian Mehlmauer 51eb79adc7 first try in changing class names 2016-01-22 23:36:37 +01:00
Brent Cook 91700f17e3 tidy up the ruby style while we're in here testing 2016-01-22 14:43:19 -06:00
Brent Cook ac8b483d32 don't break the accept loop just because we got a client connection that closed early 2016-01-22 13:52:00 -06:00
Christian Mehlmauer 0871fe25e8
change text 2016-01-22 07:38:44 +01:00
Christian Mehlmauer e0de78280d
move SSL to the default options 2016-01-22 07:05:23 +01:00
James Lee 0f7e3e954e
HttpServer's print prefix with... wait for it...
print_prefix
2016-01-20 13:44:18 -06:00
Brent Cook 28cf943bcb Fix a couple of missing requires in payloads.
This pops up occasionally. This fixes a couple of anecdotal reports of missing
requires that cause the loader to fail, depending on the directory sort order.

It also fixes the problem as reported in #6460
2016-01-14 13:17:26 -06:00
Brent Cook 8479d01029
Land #6450, add TLS support to MSSQL 2016-01-14 12:17:40 -06:00
Brent Cook 37178cda06
Land #6449, properly handle HttpServer resource collisions 2016-01-14 12:15:18 -06:00
James Lee a7869975d8
Remove useless variable 2016-01-14 10:04:23 -06:00
James Lee 1f61eb50be
Sort methods 2016-01-14 09:09:29 -06:00