Commit Graph

619 Commits (781d80805600d657c50910bef98d11763480c238)

Author SHA1 Message Date
wchen-r7 10dc637658 Fix typo 2015-10-06 16:16:58 -05:00
wchen-r7 97f07f1312 Fix base path 2015-10-06 10:30:52 -05:00
wchen-r7 540af3e5ae Move tools 2015-10-05 22:49:54 -05:00
jvazquez-r7 5a7ac8c29a
Land #6030, @wchen-r7's Microsoft Patch Finder 2015-10-02 13:33:27 -05:00
wchen-r7 c4bba0269c Change print_debug 2015-10-02 12:48:12 -05:00
wchen-r7 f97cd97fa5 Update documentation 2015-10-02 12:45:17 -05:00
wchen-r7 e226526dee Update help 2015-10-02 12:37:01 -05:00
jvazquez-r7 69f3d88ea6
Ensure uniq on #find_msb_numbers 2015-10-02 11:38:36 -05:00
jvazquez-r7 b107213a6e
Update documentation / TODO 2015-10-02 11:37:43 -05:00
jvazquez-r7 507f778056
Do some code reorganization with @wchen-r7 2015-10-02 11:35:06 -05:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
wchen-r7 418374b4b2 Regex -q 2015-10-01 10:21:31 -05:00
wchen-r7 dc3f1c84ed Update help 2015-10-01 01:01:02 -05:00
wchen-r7 0d7d6376c2 Follow the Google API limit 2015-10-01 00:54:15 -05:00
wchen-r7 4c1678ef5c I don't need i 2015-09-30 23:01:23 -05:00
wchen-r7 e2098822eb Update msu_finder and rspec 2015-09-30 23:00:46 -05:00
wchen-r7 bc1be7f213 some progress with rspec 2015-09-29 17:20:30 -05:00
wchen-r7 8f1999e227 Add dev tool MSFT MSU finder (msu_finder.rb)
You can use this tool to find MSFT patches. Please see -h for more
information.
2015-09-28 18:44:31 -05:00
wchen-r7 939999f43c Check \ 2015-09-16 13:43:11 -05:00
wchen-r7 eb018f3d29 No 7zip 2015-09-12 03:07:15 -05:00
wchen-r7 5480886927 Do absolute path 2015-09-09 22:00:35 -05:00
wchen-r7 ab1d61d80b Add MSU extractor
If you do patch test/analysis/diffing, you might find this tool
handy. This tool will automatically extract all the *.msu files,
and then you can search for the patched files you're looking for
quickly.

The workflow would be something like this:

1. You download the patches from:
   http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard

2. You put all the *.msu files in one directory.

3. Run this tool: extract_msu.bat [path to *.msu files]

4. The tool should extract the updates. After it's done, you can
   use Windows to search for the file(s) you're looking for.
2015-09-09 21:34:07 -05:00
HD Moore 1aa7c596ce
Land #5967, add PACKETSTORM reference types. 2015-09-01 23:25:26 -05:00
HD Moore 77f56c563b Land #5867, add PACKETSTORM reference types 2015-09-01 23:25:01 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
wchen-r7 eb47973533 Check debug.keystore 2015-08-24 15:08:45 -05:00
wchen-r7 8825db5c98 Add MSF APK installer
You can use this script to install your msf apk to your android
emulator.
2015-08-22 21:53:04 -05:00
Roberto Soares 495ca55a7b Added PacketStorm (PKT) for verification by msftidy 2015-08-20 00:41:55 -03:00
Roberto Soares 496e47a094 Added PacketStorm (PKT) in module_reference tool 2015-08-20 00:39:11 -03:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Brent Cook 3aab9aa74c move BSSID checker to tools, fixup rubocop warnings, add OS X example 2015-08-14 17:13:11 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
Roberto Soares 77f96769da Update msftidy. 2015-07-30 01:33:48 -03:00
Roberto Soares a687e71832 Added check for the WPVDB in msftidy. 2015-07-30 01:22:48 -03:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
Tod Beardsley ae73cd3c6c
Add a bash script to import dev keys
This merely makes it easy and fun to import all developer keys used over
the past year to your local GPG keychain. This will make the task of
reviewing merge commits for signedness much easier, especially if you
use a nicelog alias such as this one:

https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40

This does not handle automating checking for signatures as part of
Travis-CI -- for that, see PR #5337, a work in progress.
2015-05-13 10:29:55 -05:00
jvazquez-r7 46b678e9d2
Add msftidy check for datastore option DEBUG usage 2015-04-21 12:22:24 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 292087c849
Add check for modules registering a DEBUG option 2015-04-21 11:56:41 -05:00
jvazquez-r7 88ed8406d1
Add check for (v)print_debug to msftidy 2015-04-21 11:27:22 -05:00
William Vu 832487cad7 Consolidate on one check and fix false positives 2015-04-16 18:01:28 -05:00
Christian Mehlmauer 40f6b086c2
fix regex 2015-04-16 21:51:31 +02:00
Christian Mehlmauer 0815791fee
fix regex 2015-04-16 21:48:16 +02:00
Christian Mehlmauer af277195f5
check for valid values 2015-04-16 21:43:47 +02:00
Christian Mehlmauer 4469fcd9e8
add fail_with error 2015-04-16 20:04:08 +02:00
Tod Beardsley 72b9647b31
Land #5057, CVE fixups 2015-04-03 16:36:11 -05:00
sinn3r a333632a69 Add standalone tool for jsobfu 2015-04-03 11:30:23 -05:00
William Vu df0398f958 Update msftidy for the new CVE format
https://cve.mitre.org/cve/identifiers/syntaxchange.html
2015-03-31 22:15:33 -05:00
William Vu 376bf13f1e
Land #5000, tools/dev/add_pr_fetch.rb 2015-03-24 17:10:49 -05:00
William Vu aa1a3580b8 chmod +x tools/dev/set_binary_encoding.rb
Missed in #4875.
2015-03-24 17:10:31 -05:00
William Vu d3773aed55 Rename add-pr-remote.rb to add_pr_fetch.rb 2015-03-24 17:05:43 -05:00
Tod Beardsley 3dec83c1df
Utility for adding PR fetch refs 2015-03-24 10:20:34 -05:00
sinn3r 1910a6c6c5 Correct filename for missing-payload-tests.rb
missing-payload-tests.rb is not the correct file format we follow,
it should be missing_payload_tests.rb
2015-03-24 00:50:09 -05:00
Christian Mehlmauer 71c544c3c5
added newline at end of file 2015-03-24 06:19:27 +01:00
sinn3r 315948e403 Extra newline 2015-03-21 13:49:50 -05:00
sinn3r 848dc07020 var name needs a default 2015-03-21 12:20:29 -05:00
sinn3r f45e8f49eb Custom var name 2015-03-21 12:18:02 -05:00
sinn3r 2be5ae3bab Fix bugs 2015-03-21 12:14:00 -05:00
sinn3r 0ff114bcd6 use #!/usr/bin/env ruby 2015-03-20 23:48:13 -05:00
sinn3r e09f9ca0bc Provide an example 2015-03-20 20:55:30 -05:00
sinn3r 96bcdd211c Finished rspec 2015-03-20 20:53:04 -05:00
sinn3r 487ddfc09c no need for Interrupt 2015-03-20 16:39:00 -05:00
sinn3r 582bfdad64 explain arch 2015-03-20 16:37:42 -05:00
sinn3r 9ecfd36d9e comments 2015-03-20 16:34:58 -05:00
sinn3r 79a6f1cd09 fix option bug 2015-03-20 16:33:19 -05:00
sinn3r 6da216f3a4 More options 2015-03-20 16:30:29 -05:00
sinn3r af8f645d1c This starts to work 2015-03-20 16:15:43 -05:00
sinn3r fe267fb5a6 Here's a starting point 2015-03-20 14:15:14 -05:00
Brent Cook db56fcb1b8 update tools/missing-payload-tests to give correct advice
The template spec for new payloads needed updating to match the new cached
payload size spec.
2015-03-16 18:10:10 -05:00
William Vu cd992d5ea6
Land #4875, rm some old and crufty tools 2015-03-10 00:02:04 -05:00
William Vu ab70223107 Remove note about resplat.rb in msftidy 2015-03-10 00:00:29 -05:00
HD Moore 99e2b05597 Move the cache update logic into a utility class 2015-03-09 15:29:58 -05:00
HD Moore 8c635243d3 Fix whitespace in the regex, implements Msf::Payload.dynamic_size? 2015-03-09 13:15:06 -05:00
HD Moore 2e49791bef This implements payload size caching, speeding up framework loads 2015-03-07 20:44:19 -06:00
Tod Beardsley 0353602829
Add back set_binary_encoding.rb
[See #4875]
2015-03-05 12:05:05 -06:00
Tod Beardsley 4ad9638682
Remove some old and crufty /tools
It's possible someone still wants the Webscarab stand-alone importer,
but I cannot imagine that after years of bitrot that is even viable in
its current state.

The rest of them are all older development tools that are no longer
needed (normal vim/rubymine auto-formatting will do the trick).
2015-03-04 16:46:40 -06:00
sinn3r 0597d2defb
Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
William Vu c73892b721 Nuke datastore modification check from orbit 2015-02-11 12:46:40 -06:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00
William Vu c8a687db7f
Fix false positive in cookie check 2015-02-09 17:23:59 -06:00
William Vu 4ed3ffa0ed
Fix false positive in snake case check 2015-02-09 16:30:19 -06:00
William Vu e62f44cc1a
Fix false negative in comment check
Adds anchor to regex.
2015-02-09 14:58:02 -06:00
jvazquez-r7 2c7777f831
Land #4601, @wchen-r7's tool to lookup md5 hashes 2015-01-30 19:04:34 -06:00
jvazquez-r7 4316c379eb Use unless instead of if not 2015-01-30 19:01:49 -06:00
Tod Beardsley 6269974bab
Drop psuedo-legalese, just give practical warning 2015-01-26 13:15:23 -06:00
sinn3r 6c2e8a16ce Change warning 2015-01-23 22:50:39 -06:00
sinn3r 2d9b1dbc22 Fix typos 2015-01-23 22:31:37 -06:00
sinn3r ff0af805e3 Add a warning before use 2015-01-23 22:26:41 -06:00
jvazquez-r7 37bf66b994 Install instaget with Rex::Java::Serialization 2015-01-22 16:54:49 -06:00
jvazquez-r7 5c413a8102 Add support to print objects, arrays and classes details 2015-01-22 14:50:12 -06:00
Tod Beardsley 1d6524b4d9
Revert #4593, msftidy extraneous comma check
Fixes #4626 by ignoring the problem identified.

This reverts commit 7c3378b2e6, reversing
changes made to cb0257bec7.
2015-01-22 14:28:27 -06:00
William Vu cf7555447c
Land #4621, msftidy whitelist constant
Now I'm happy... almost.
2015-01-21 14:03:39 -06:00
William Vu bbe9fc208e
Update formatting (80 columns)
Piped to fmt -78 to account for the indent.
2015-01-21 14:01:44 -06:00
Tod Beardsley 264adf14d1
Add 'tnftp' software to the title whitelist 2015-01-21 11:52:39 -06:00
Tod Beardsley efebaae251
Make the title whitelist a constant 2015-01-21 11:50:50 -06:00
William Vu 7c3378b2e6
Land #4593, msftidy extraneous comma check 2015-01-18 00:46:39 -06:00
sinn3r bff66ade60 Actually, not necessary. Already checked. 2015-01-17 02:28:56 -06:00
sinn3r 45b33bb82f Handle should be checked 2015-01-17 02:27:14 -06:00
sinn3r 3d93bc06e8 rspec progress 2015-01-16 18:25:54 -06:00
Christian Mehlmauer 596e956660
some changed 2015-01-16 17:53:06 +01:00
sinn3r 64b6c4a0b5 I think unless is preferred 2015-01-16 01:33:09 -06:00
sinn3r 058ef1f167 Uh, what? 2015-01-16 01:15:58 -06:00
sinn3r 05458ec81f I should be done with md5_lookup.rb now 2015-01-16 01:13:37 -06:00
sinn3r 87ab27e9d2 Ugh, typo -_- 2015-01-15 21:52:15 -06:00
sinn3r 7b2458c491 Filter out whitespace 2015-01-15 21:51:58 -06:00
sinn3r 36f8fda0b1 Leave contact info 2015-01-15 21:04:12 -06:00
sinn3r 95895a5969 Small update 2015-01-15 21:00:52 -06:00
sinn3r 754d303f66 Some more doc 2015-01-15 20:59:47 -06:00
sinn3r 1d79a9de20 This is the working version 2015-01-15 20:51:27 -06:00
Christian Mehlmauer 3237dd8591
add comma check to msftidy 2015-01-16 00:13:55 +01:00
sinn3r 6ae66315bd Block based is safer 2015-01-15 16:05:35 -06:00
sinn3r 35c808d70f Progress 2015-01-15 15:13:03 -06:00
sinn3r c3bb02081b I should be done w/ arg parsing now 2015-01-15 12:18:50 -06:00
sinn3r fd850d6af6 Argument parsing 2015-01-15 12:03:52 -06:00
sinn3r d5330bb4a7 Gotta move on to something else right quick, brb
stash
2015-01-14 23:34:47 -06:00
sinn3r 18a27d1752 Initial commit of the md5_lookup script (as a standalone tool)
Resolve #4399
2015-01-14 13:53:15 -06:00
Christian Mehlmauer 56c1f74d70
modify msftidy regex 2015-01-09 22:07:21 +01:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
HD Moore 00590f9f26
Adds Java serialization support, lands #4327 2014-12-13 17:47:53 -06:00
Jon Hart 9bf55ef8f4
Minor improvements to datastore and http// checks in msftidy 2014-12-11 18:36:42 -08:00
Christian Mehlmauer be1440bcb9
more msftidy checks 2014-12-11 23:10:07 +01:00
jvazquez-r7 564da4446e Add print friendly to_s 2014-12-07 17:52:09 -06:00
jvazquez-r7 ff99669cfa Explain better error 2014-12-05 20:30:22 -06:00
jvazquez-r7 b80f6c34c0 Add tool to deserialize streams from files 2014-12-04 12:47:02 -06:00
Spencer McIntyre eefeb452b1 Fix two typos for payload specs 2014-11-18 08:50:06 -05:00
sinn3r 8da6e0bd5b Fix bugs 2014-11-05 15:26:00 -06:00
sinn3r 5b8d9e1221 Fix typo 2014-11-05 15:14:35 -06:00
sinn3r 98f5ebd475 Only show bad refs when using -c 2014-11-05 15:07:40 -06:00
sinn3r 3310342a95 Add save-as feature
The tool produces A LOT OF results so it's really painful to manually
copy and paste and to be able to use the data. So it should automatically
save.

Tagging the issue here because I forgot to do it:
Fix #4039
2014-11-05 10:58:41 -06:00
sinn3r f34ad57199 Check module references 2014-11-05 09:57:13 -06:00
Luke Imhoff c84febea5f
tools/missing-payload-tests.rb
MSP-11145

**NOTE: Failing specs**

Add a tool for reading `log/untested-payload.log` and
`framework.payloads` to determine `context`s to add
`spec/modules/payloads_spec.rb` to test the untested payloads.
2014-10-27 13:03:31 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Luke Imhoff b863978028
Remove fastlib
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
William Vu 48e098b172
Remove WVE references from msftidy 2014-09-05 19:28:27 -05:00
Tod Beardsley c045c9606c
Fix typo in PR #3712
Fixes the typo pointed out in
rapid7#3712#discussion_r16750554

Derp
2014-08-26 20:36:28 -05:00
Josh 073c668cd8 Merge pull request #12 from todb-r7/commit-hooks-should-only-check-modules
Land 12 from todb, only pre-commit-hook on actual modules
2014-08-26 16:47:23 -05:00
Tod Beardsley dbdb4afb8c
Add a top anchor to the file match regex. 2014-08-26 16:19:29 -05:00
Joshua Smith 622e8a7714 adds better exploit module detection to msftidy 2014-08-26 15:30:08 -05:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Tod Beardsley 47cb906408
Remove rubocop and msftidy touchpoints
Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.

While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).
2014-08-12 10:37:58 -05:00
Tod Beardsley ffafd4c01f
Add NTP fuzzer from @jhart-r7
Looks good to me!
2014-07-21 12:38:12 -05:00
Jon Hart 17b0560dff Add rubygems check to msftidy. remove rubygems. 2014-07-17 09:29:13 -07:00
William Vu a07656fec6
Land #3536, msftidy INFO messages aren't blockers 2014-07-16 17:57:48 -05:00
Tod Beardsley 58558e8dfa
Allow INFO msftidy messages
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Tod Beardsley 68980157c8
Just skip if info is suppressed. 2014-07-16 11:20:40 -05:00
Tod Beardsley 81a98081d9
Rubocop checks are optional and info only
I like the change but it means that basically everything will fail
forever until we tweak up the config.
2014-07-16 10:26:35 -05:00
Jon Hart ab73c16d0d Add Rubocop to msftidy. You now have 15 seconds to comply. You are in direct violation of Penal Code 1.13, Section 9. 2014-07-15 17:11:04 -07:00
William Vu 4904426164
Fix @source and prefer && 2014-07-14 14:36:08 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
HD Moore a279db7710 Check for sock.get / udp_sock.get issues 2014-06-30 00:40:06 -05:00
William Vu 56c71c7b85
Land #3457, newline check for msftidy 2014-06-17 14:20:53 -05:00
Christian Mehlmauer 3c00388f87
Add check for newline at end of file 2014-06-17 15:44:43 +02:00
William Vu 7f2b173130
Fix misspelled constant in msftidy 2014-06-12 13:47:44 -05:00
William Vu 3a9f7fb7f9
Land #3405, improved Nokogiri check for msftidy 2014-05-29 16:21:26 -05:00
William Vu 17fb48eaa3
Refactor check_nokogiri in msftidy 2014-05-29 13:20:23 -05:00
Tod Beardsley 2ce6f325f5
Be more specific with Nokogiri check
There are still strong reservations about using Nokogiri to parse
untrusted XML data.

http://www.wireharbor.com/hidden-security-risks-of-xml-parsing-xxe-attack/

It is also believed that many desktop operating systems are still
shipping out-of-date and vulnerable libxml2 libraries, which become
exposed via Nokogiri. For example:

http://stackoverflow.com/questions/18627075/nokogiri-1-6-0-still-pulls-in-wrong-version-of-libxml-on-os-x

While this isn't a problem for binary builds of Metasploit (Metasploit
Community, Express, or Pro) it can be a problem for development
versions or Kali's / Backtrack's version.

So, the compromise here is to allow for modules that don't directly
expose XML parsing. I can't say for sure that the various libxml2
vulnerabilities (current and future) aren't also exposed via
`Nokogiri::HTML` but I also can't come up with a reasonable demo.

Metasploit committers should still look at any module that relies on
Nokogiri very carefully, and suggest alternatives if there are any. But,
it's sometimes going to be required for complex HTML parsing.

tl;dr: Use REXML for XML parsing, and Nokogiri for HTML parsing if you
absolutely must.
2014-05-29 11:52:17 -05:00
Tod Beardsley d9fbf861d2
Add an environment option to suppress info msgs
It's often you want counts of just WARN and ERROR messages, and don't
want to spam yourself with INFO messages that you don't intend to
address anyway. This is most often the case with CI, such as with

https://travis-ci.org/todb-r7/metasploit-framework
2014-05-21 16:20:57 -05:00
Tod Beardsley 765419627b
Demote datastore edits to info status
SeeRM #8498
2014-05-21 16:18:36 -05:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
Christian Mehlmauer 3f4e9ab18d
msftidy: only check send_request_cgi for vars_get 2014-04-22 19:24:06 +02:00
Christian Mehlmauer b864c4619d
msftidy - added info messages
this commit adds info messages to msftidy to show some info,
but stil exit with status 0 if there are not errors.
2014-04-21 18:04:14 +02:00
Christian Mehlmauer fc803ae277
Changed msftidy check
send_request_raw does not support vars_get so change
the message to switch to send_request_cgi.
See #3272 for more info
2014-04-20 22:41:32 +02:00
William Vu aeedad262d
Remove unnecessary charclass escapes 2014-04-15 14:14:51 -05:00
William Vu 261572158b
Add paren to list of exclusion chars 2014-04-15 11:20:11 -05:00
William Vu 14c7eb19e6
Make the hash brace optional 2014-04-15 10:06:43 -05:00
William Vu f3f31005d8
Revert inadvertent fix for vars_get in msftidy 2014-04-14 14:51:52 -05:00
sinn3r e54a348bd4
Land #3237 - Reconcile test_old_rubies with the other checks 2014-04-11 10:49:23 -05:00
William Vu 8919e21379
Reconcile test_old_rubies with the other checks
It is now check_old_rubies.
2014-04-10 21:44:00 -05:00
William Vu df29578036
Correct check_vars_get to check_request_vars
Since check_vars_get also checked for POSTs.
2014-04-10 21:37:59 -05:00
William Vu 79f82be35d
Land #3188, deluxe msftidy post-merge hook 2014-04-07 14:38:19 -05:00
sinn3r 023bde5b43 Correct msftidy disclosure date check
This correct msftidy's disclosure date check to do the following:

1. If the module has a disclosure date, the check should kick in.
2. If the module is an exploit, and doesn't have a disclosure
   date, then it will be flagged.
3. If the module is an auxiliary, and doesn't have a disclosure
   date, then it will NOT be flgged (because not all aux modules
   target bugs/vulns like exploits do).
2014-04-07 14:21:04 -05:00
William Vu 31b3a6973e
Fix symlink commands 2014-04-07 12:40:11 -05:00
William Vu 48ef061c3c
Land #3046, AIX ibtstat privesc exploit 2014-04-03 17:07:00 -05:00
William Vu 5ac6c4b565
Align msftidy whitelist to 80 columns 2014-04-03 16:54:47 -05:00
Tod Beardsley e1d819b8b9
Update the comment docs on pre-commit-hook.rb
[SeeRM #8779]
2014-04-03 15:26:25 -05:00
Tod Beardsley 70c0a19bbe
Be explicit about which mode we're in.
[SeeRM #8779]
2014-04-03 15:20:50 -05:00
Tod Beardsley 14b47aa67e
Remove the broken SPOTCHECK_RECENT stuff 2014-04-02 11:12:00 -05:00
Tod Beardsley eb2e4cbdef
Add post-merge capability to pre-commit-hook.rb
This will make it possible to run a post-merge check when
pre-commit-hook.rb is referenced as a symlink from .git/hooks/post-merge

The kind of check you're going to do is entirely dependant on the
basename of the file, which is a little weird but convenient.

Verification is a little tricky on this. Coming soon.
2014-04-02 10:19:43 -05:00
Sagi Shahar becefde52f Fix bugs and syntax 2014-04-01 00:54:51 +02:00
Christian Mehlmauer 91034722e9
Added check for 'Rank' on Auxiliary modules 2014-03-28 22:43:53 +01:00
FireFart c023cb2275 make set-cookie header check case insensitive 2014-03-01 13:35:58 +01:00
FireFart 551327bec6 Added a check for Set-Cookie header in msftidy 2014-03-01 13:30:24 +01:00
William Vu 506c354722
Land #3103, vars_get check for msftidy 2014-03-15 19:57:19 -05:00
William Vu 6aa75a328f Ax the arbitrary long line warning
It's not 80 or 132. ;)
2014-03-14 10:28:58 -05:00
William Vu f50d6c8709 Remove a couple more instances of "shit" 2014-03-04 15:00:48 -06:00
FireFart c62f4079f8 Added a check for vars_get in msftidy 2014-03-01 12:02:41 +01:00
Rob Fuller b19a652d78 add -i option as a requirement 2014-02-18 14:08:57 -05:00
sinn3r b5dcc0eb1d Make several changes.
Some important changes:

* Uses optparse to parse argumnets
* Prevent file handle leaks
2014-02-18 12:43:11 -06:00
Rob Fuller 6746793848 make write cleaner 2014-02-17 17:09:50 -05:00
Rob Fuller 11945786c9 standalone iplist creator 2014-02-17 11:22:15 -05:00
sinn3r 38bc587228
Land #2937 - Expand path in metasm_shell 2014-02-02 23:42:50 -06:00
Joe Vennix e50077844c Expand path in metasm_shell#file. 2014-02-02 17:26:48 -06:00
Tod Beardsley 6f93e3fb37
Modules shouldn't use Nokogiri
Nokogiri has a habit of shipping vulnerable builds of libxml2. For
example, see this:

http://www.ubuntu.com/usn/usn-1904-1/

and compare to Nokogiri's bundled requirements:

https://github.com/sparklemotion/nokogiri/blob/master/dependencies.yml

While Nokogiri is quite pleasant to use, it really shouldn't be trusted
to handle potentially malicious data. Imagine if a "vulnerable" target
was actually a malicious honeypot, lying in wait for a poor Metasploit
user to come along and parse out its payload. (OT: does such a thing
have a clever name? If not, I propose "beehive" to imply the offensive
capabilities of such a honeypot.)

Nokogiri is used elsewhere in Metasploit, but those functions handle
data sourced from the Metasploit user herself, so those XML hunks are
nominally trustworthy.
2014-02-02 11:51:21 -06:00
Tod Beardsley 03d65cd2bd
Address @wvu-r7's comments and better filtering 2014-01-31 16:44:42 -06:00
Tod Beardsley 87412be33d
Squash commit Travis-able msftidy checks
This change updates msftidy to be run automatically for new modules
added since the last tag release because we can't rely on folks using
tools/dev/pre-commit-hook before submitting a PR. Now, when one attempts
to open a PR with a non-tidy'ed module, the build will fail out of the
gate.

Related to the 100s of msftidy errors extant today.

[SeeRM #8498]

commit c894e52de5705a1133191be5e9caf3ebdee33621
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Fri Jan 31 14:17:02 2014 -0600

    Add a jacked up title to test travis. Revert this!

commit 2f00c190be71aeb456a7a546071286fd6d670bc1
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Fri Jan 31 11:39:42 2014 -0600

    Allow for checking and spotchecking.

commit db11e8dfad5381030b08c431a183dbafe7a5f304
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 17:16:37 2014 -0600

    Whoops, need to exit an Integer always.

commit 12d131d3157a78ff11e597476138323ed0a062fc
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 16:59:35 2014 -0600

    Allow for exit statuses from msftidy.

commit 2c3b294ff17416f49935472caf2b6be3dbdd93a4
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 15:36:43 2014 -0600

    Be more dynamic about tag checking years

commit d5d8a0b05ac17fb18666a9c252dbb6928d6b5e56
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:36:44 2014 -0600

    Don't warn when there's really nothing

commit fb44a3142fb01eb2647c1c240bb1cc2e7bf59120
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:21:50 2014 -0600

    Revert the intentional failure

    This reverts commit 99a7630b0da301b27ac495cb027009a8cd9e2caf.

    Fun fact: Reverting a commit does not automatically sign with my current
    aliases, one must git revert then git c --amend.

commit 99a7630b0da301b27ac495cb027009a8cd9e2caf
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:08:05 2014 -0600

    Cause an exit status in precommit check

    Maybe travis will see these and fail the build.

    Don't forget to revert this commit @todb-r7 !

commit 5a3b2fcd9598fae51a0dd2c7c87680c703a85448
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 13:11:04 2014 -0600

    Update msftidy pre-commit-hook for spotchecking

commit 3f255e36dad9ed3081aaf359f845525d96872ef0
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 12:35:16 2014 -0600

    Travis should run msftidy via precommit hook

commit 0959d9d2d281590a94c0ac960e43b74354e4e21b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 12:25:53 2014 -0600

    Add SPOTCHECK_RECENT to msftidy.rb
2014-01-31 14:19:04 -06:00
William Vu 7200a4f0e0 Fix in_super-reliant msftidy checks
The conversion from hard tabs to two-space soft tabs broke a few checks.
2014-01-30 14:39:28 -06:00