94de5a4e42
Add skip message, add event test
2018-05-03 14:20:32 -05:00
a7ec7b52b7
Fix error on data server due to unexpected report_exploit call
2018-05-02 14:59:02 -05:00
9c7db375bf
Fix broken tests after latest merge with master
2018-04-26 16:39:56 -05:00
516b61ebaa
Merged master
2018-04-26 16:02:56 -05:00
e97693d056
Cleanup
2018-04-26 16:01:15 -05:00
195b405d69
First pass at all test working, added travis ci build
2018-04-26 15:12:53 -05:00
2487314821
Land #9869 , Add support for shellcode encryption for msfvenom
2018-04-25 15:51:05 -05:00
071a191055
Merge master + workspace removal from http remote data service
2018-04-25 13:39:46 -05:00
e141a99f08
Update workspace add test with new output
2018-04-20 13:19:28 -05:00
4dd9d32d62
Fix rspec
2018-04-17 20:32:29 -05:00
ff9c55207e
Move crypto methods to Rex::Crypto namespace
2018-04-17 20:12:26 -05:00
68ad91763a
Merge branch 'rapid7/master' into MS-3062_workspaces
2018-04-16 15:33:59 -05:00
2ef451c349
Land #9873 , add notes functionality to remote datastore
...
This PR enables create, update, and delete functionality for the notes
command and data model when using a remote data service.
2018-04-16 15:03:27 -05:00
4e49b99783
Add cmd notes option to sort by column number
2018-04-12 15:56:42 -04:00
ee9f49fa39
Fix a typo
2018-04-12 14:45:54 -05:00
5b2bbe7432
Update test for removed make_sortable method
2018-04-12 15:23:35 -04:00
4e55724f3f
Fix a typo and rspec for payload generator
2018-04-12 14:10:26 -05:00
518d672ad5
Update cmd_notes help message test
2018-04-11 18:09:48 -04:00
f1d426d257
Land #9833 , Remove broken feature detection
2018-04-11 15:02:53 -05:00
cd48b47760
Fix failing tests.
...
-Was accidentally deleting opts[:workspace] instead of processing
-Update notes help text expectations
2018-04-10 17:10:32 -05:00
e51f41fa34
Merge remote-tracking branch 'msf_jbarnett/fix_services_bugs' into MS-3062_workspaces
2018-04-10 13:35:33 -05:00
f8cbb9d7c0
Update test
2018-04-10 13:14:16 -05:00
90542779ff
Audit models to ensure :workspace is passed only when needed
2018-04-09 14:50:37 -05:00
df6de5b1c3
remove self-evident rspec
2018-04-07 13:00:19 -05:00
fe224f628b
Remove update_host_via_sysinfo since it is unused
2018-04-05 14:20:25 -05:00
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
3aed6d6666
Initial
2018-04-02 08:08:23 -05:00
7d58b0a5f4
Merge branch 'goliath' into MS-3062_workspaces
2018-03-30 16:35:26 -05:00
b134a33877
Merge branch 'master' into land-9740
2018-03-27 11:59:55 -05:00
abf16a4469
fix workspace tests
2018-03-27 10:41:08 -05:00
c28fe65d98
Exclude Ruby external modules from rspec
...
The sum of the testing code and loading code assumptions was that all
files with the same extension in the same folder were all loadable with
the same loader. This is no longer the case, and until we are ready to
test the load-ability of external modules we can safely ignore them.
2018-03-23 16:44:58 -05:00
6b3a4a56dc
Merge branch 'rapid7/master' into goliath
2018-03-23 11:26:31 -05:00
7d873ea7ab
replace factory_girls with factory_bot fixes #9736
2018-03-21 23:21:37 +01:00
553789557b
Merge branch 'goliath' into MS-2910-remote-vuln-read-update-delete
2018-03-21 01:45:58 -04:00
ced6707ba6
Fix cmd vulns and DBManager Session spec
2018-03-20 15:25:09 -04:00
4801021aba
Land #9613 , add bind_named_pipe x86
2018-03-17 15:53:06 -05:00
45a6b244a7
Fix services spec
2018-03-16 17:10:02 -05:00
4d04319d2a
Merged master
2018-03-15 11:31:44 -05:00
3f9b124752
update spec
2018-03-12 15:46:03 -05:00
eac7cc63fc
add missing payload tests
2018-03-04 17:54:52 -06:00
35b66d0e60
added payload tests
2018-02-27 19:24:51 -07:00
3005a8b7ce
Merge branch 'rapid7/master' into goliath
2018-02-21 11:16:05 -06:00
ea9b6d894d
add missing payload specs
2018-02-20 09:38:24 -06:00
0acc5fed20
add missing payload tests for bind_named_pipe
2018-02-16 18:05:45 -06:00
2d3aef9031
Land #9533 , Add output file support to the vulns command
2018-02-15 15:52:25 -06:00
3811665b69
Land #7699 , Add UDP handlers and payloads (redux)
2018-02-13 14:50:09 -06:00
b80445e448
add missing payload tests
2018-02-13 14:20:43 -06:00
46a0ea6582
Fix db_spec
2018-02-09 20:06:43 -06:00
c612dbfdbf
Also fix GitHub related pull request links
2018-02-09 15:16:10 -05:00
7a18aaa74a
Fix the normalizer_spec to expect the md syntax
2018-02-09 14:56:42 -05:00
159de817f7
add missing payload tests
2018-01-25 11:09:41 -06:00
10fde42adc
Land #9431 , Fix owa_login to handle inserting credentials for a hostname
2018-01-22 16:46:39 -06:00
ba75d19d34
Fix failing spec.
2018-01-19 15:52:25 -06:00
d5978803eb
Fix all failing rspec for goliath
2018-01-19 15:16:19 -06:00
77125230c7
Merged master for module cache changes
2018-01-18 14:30:52 -06:00
7fe237abe1
Land #9220 , Module cache improvements
2018-01-17 22:34:51 -06:00
4aac8f5c39
Merge branch 'rapid7/master' into goliath
2018-01-02 17:34:40 -06:00
c2bb144d0f
Land #9302 , Implement ARD auth and add remote CVE-2017-13872 (iamroot) module
2017-12-28 14:11:26 -06:00
2e62d77e36
Add new method for fetching parsed cookies from an HTTP response
...
This fixed #9332 .
2017-12-20 16:19:44 -08:00
09772cb08a
Add negotiate_auth step to login_scanner test
2017-12-18 12:27:11 -06:00
90b97d6581
Merge branch 'upstream-master' into land-9151-
2017-12-15 14:15:14 -06:00
563cb6f18f
Update method name in test
2017-12-14 17:17:41 -06:00
55f56a5350
Land #9110 , added -C option to change default hosts columns
2017-11-29 17:48:44 -06:00
e0d8f8e8e9
Force cache load before test run
2017-11-21 14:43:44 -06:00
a16cd5aade
Clean up metadata store logic
2017-11-17 12:42:19 -06:00
fe1af35107
First pass at changes needed for module metadata caching
2017-11-15 16:38:01 -06:00
7895cbc413
Land #9157 , Add missing ppce500v2 tests
2017-11-01 12:33:02 -05:00
553452c19d
add missing ppc500v2 payload specs
2017-11-01 12:00:03 -05:00
cd114c90e0
remove no longer available bundler hack
...
This address issue #9155 for bundler failures in TravisCI
2017-11-01 11:52:41 -05:00
48975a4327
Support multiple suffixes on meterpreter extensions.
2017-10-31 10:04:34 -05:00
cd755b05d5
update powershell specs for rex-powershell 0.1.77
2017-10-26 15:03:10 -05:00
a402686d7a
add missing spec for singles/python/shell_bind_tcp
2017-10-25 14:58:49 -05:00
386e14828a
Land #8728 , Psexec via PSH related fixes
2017-10-24 15:55:18 -05:00
ecada96585
#9108 : fixed unit test
2017-10-20 21:20:36 -07:00
b83787c24c
make powershell spec more specific in expectations
2017-10-09 20:02:32 -05:00
56e95f15c9
Land #9024 , fix bug when manually adding loot
...
cmd_loot was throwing a stack trace when the host was not properly defined.
This fixes it to give a useful error message.
2017-10-06 16:02:12 -05:00
9ae8bdda1c
Added Bind Shell JCL Payload for mainframe
...
The bind shell is the companion payload to the reverse_shell_jcl
payload for the mainframe platform.
2017-09-29 16:52:36 -05:00
0723477b49
Fix nil bug in loot -a and nix hostless loot
...
Apparently you can't actually store hostless loot.
2017-09-29 16:16:16 -05:00
f88840e5b7
Move normaliize_host to a library method
...
This method was in Msf::DbManager class but doesn't actually use the DB.
This required you to have a DB connection just to do the check.
Moved it out to a helper library so we have access to it without forcing
a DB connection.
2017-09-28 16:59:44 -05:00
2c040d932c
add some missing payload specs
2017-09-18 15:45:00 -05:00
195c1e041f
Update payload specs and sizes
...
Adds the new Aarch64 and R payloads
fix merge
2017-08-31 18:48:56 +08:00
b42a0759ce
add missing specs
2017-08-28 05:30:07 -05:00
22e245ac99
call from_r before checking packet output
2017-08-21 03:44:13 -05:00
2a1daa6ffc
prefer create_request, use StringIO over custom slice operators
2017-08-21 03:23:06 -05:00
2660a5b558
add missing osx specs
2017-08-20 19:25:22 -05:00
5e8c2200ac
Merge branch 'master' into land-8625-crypttlv2
2017-08-20 18:54:51 -05:00
47dc3772a7
add OptFloat datastore option
2017-08-08 19:06:51 -05:00
d7e8b32312
Merge branch 'upstream/master' into transport-agnostic-packet-encryption
2017-08-08 17:30:51 +10:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
4f054d25fc
Fix packet spec problems
2017-07-03 18:12:38 +10:00
79657f5b5b
remove silly spec
2017-06-24 16:00:46 -05:00
3a445655ae
Land #8511 , console search options
...
lands sempervictus' console search command
enahncements and bug fixes
2017-06-22 12:07:10 -05:00
47a659f554
Land #8185 , Convert ntp modules to bindata
2017-06-22 09:37:58 -05:00
a48f0fcec6
Remove references to Meterpreter CRYPTO TLVs
...
This feature wasn't supported, and so the TLVs are no longer needed.
2017-06-19 16:53:33 +10:00
42d1fae2e6
Upstream console search additions and fixes
...
The -S flag for console commands, backed by search functionality
in Rex' tables, originally pushed upstream in #1604 (iirc), lacks
coverage for a number of commands which benefit a good deal from
inline filtering of the potentially large number of results.
Push more -S flags and surrounding table functionality upstream
to provide coverage for the console commands included in framework.
Include a fix for deleting hosts when DB references are a problem.
Include a fix for the upstream route command wherein scope must be
defined for the routing target by assuming a /32 without explicit
definition.
Note:
With this in place, console behavior when filtering results is
roughly analagous to the R7 filtering in web UI, which should help
those of us trying to use both maintain corresponding workflows.
Testing:
Used in-house for years, though changes to the diff from upstream
and our fork (expunging some internal code) are untested, so would
appreciate eyes and hands on.
2017-06-16 20:28:51 -04:00
11b99d954d
update specs
2017-05-27 00:34:12 -05:00
4a43e9bcb2
add spec for reverse_ncat_ssl
2017-05-22 18:34:18 -05:00
2f507cf52b
removing some test code
2017-05-04 12:57:50 -05:00
fbf1db590e
Adding a tests
...
trying to find the first interface with a non local v4 ip address.
2017-05-04 12:57:50 -05:00
a6afd0b9bf
adding in a new option type
...
this will grab the first ipv4 address on a given iface
2017-05-04 12:55:46 -05:00
a191e12241
update specs
2017-04-26 17:06:35 -05:00
df306c1543
Fix spec (the irony!)
2017-04-26 03:56:10 -05:00
aa9c037307
fix spec for reals this time
2017-04-18 14:30:29 -05:00
db246e6076
update spec
2017-04-18 14:19:29 -05:00
67047cf770
Revert "Fixes MS-1716, keep sessions in progress alive."
...
This reverts commit e5d0370a94
2017-04-16 15:52:22 -05:00
42122d2835
Land #8238 , move SMB2 support back into smb_login, add simpler permissions checks
2017-04-14 14:06:46 -05:00
91fb3ce6b8
collapse SMB2 support into smb_login
...
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both
MS-2636
2017-04-13 15:22:03 -05:00
fa8011fd07
New mainframe privesc payload for z/OS
...
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager. A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
5f88971ca9
convert NTP modules to bindata
2017-04-04 02:57:38 -05:00
7de2aa1a63
Update Nmap parser to handle masscan
...
masscan is missing <status>, meaning hosts aren't treated as alive.
Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
4c0539d129
Land #8178 , Add support for non-Ruby modules
2017-04-02 21:02:37 -05:00
40ab82eea2
add specs for the smb2 login scanner
...
added some basic specs for the new smb loginscanner
class
MS-2557
2017-03-29 13:46:20 -05:00
71df231918
Add new loader for arbitrary executables
...
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
2017-03-28 10:27:12 -05:00
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
bb4d6e17c8
Resolve #8026 , Add a plugin to notify new sessions via SMS
...
This plugin will notify you of a new session via SMS.
It also changes the SMS text format to MIME.
Resolve #8026
2017-03-13 16:13:59 -05:00
2a5815749c
Update rspec
2017-03-08 13:39:24 -06:00
702d1c2b7e
Fix bug for subject
2017-03-08 11:43:36 -06:00
ed22902fd4
Support the subject field
2017-03-08 11:40:08 -06:00
a634fec8b3
Fix typo
2017-03-07 16:51:17 -06:00
dc36bc4a0d
Add rspec
2017-03-07 16:49:42 -06:00
6ad8afb8b3
Add API to send a text message (SMS) to mobile devices
2017-03-02 16:47:55 -06:00
e5d0370a94
Fixes MS-1716, keep sessions in progress alive.
2017-02-24 12:56:05 -06:00
7f759384ab
fix missing payloads_spec
2017-02-07 15:02:29 +08:00
64e475a4ee
Land #7892 , Enhance the creds command to allow creating logins
2017-02-03 11:53:46 -06:00
1bb8c9bd93
missed userpass_file on CredentialCollection.empty?
2017-02-01 15:42:21 -06:00
0dcf0002ae
refactor empty test on CredentialCollection
2017-01-31 15:16:26 -06:00
1fcd20b7ef
adding a spec to show creating a core and login
2017-01-30 12:11:31 -06:00
c20cdc2943
cleaning up some of the specs
2017-01-30 10:43:28 -06:00
4480ea7877
Land #7827 , Cisco Firepower Management Console LoginScanner
2017-01-27 16:26:40 -06:00
781bc8420a
Add Advantech WebAccess LoginScanner module
2017-01-26 13:54:50 -06:00
253e39e18c
Land #7680 , Fix #7679 , LoginScanner should abort if there is no creds to try
2017-01-23 14:08:32 -06:00
d9ead4484e
Mock :password
2017-01-23 13:42:30 -06:00
7cf812ed99
add rspec test for inspect on all TLV_TYPE objects
2017-01-23 09:19:53 -06:00
ac2ceca5e3
Land #7804 , Switch the creds command to use named options
2017-01-22 10:49:19 -06:00
99047fa8a1
be stricter in what we accept for payload uri
...
datastore needs to contain something to produce a valid URI
2017-01-22 10:20:04 -06:00
66e9f1d334
fix doc normalizer spec
2017-01-22 10:20:04 -06:00
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
d7f43a2c66
Fix base_spec
2017-01-17 15:58:30 -06:00
ecf246b380
Fix more prepended_creds issues
2017-01-17 15:41:24 -06:00
9efa84298c
Mock more methods for base_spec
2017-01-17 15:17:15 -06:00
d79f4fbda2
Update cisco_firepower_spec
2017-01-17 13:33:56 -06:00
77c78fa5f4
Move Rex::Text::Table workspace output to -v
2017-01-15 23:15:14 -06:00
360ad26d9c
Fix spec because I suck
2017-01-15 04:00:33 -06:00
a687073416
Add Cisco Firepower Management Console LoginScanner
2017-01-13 16:59:20 -06:00
9b9d3127a8
cleanup leaked constants
...
use constant cleaner
7824
2017-01-12 15:49:24 -06:00
08d529b818
Fix login_scanner_base rspec
2017-01-11 14:53:04 -06:00
90c42b4740
Update rspec
2017-01-11 14:23:28 -06:00
2377f17663
Fix typos
2017-01-11 14:05:22 -06:00
9136e008bb
Update rspec
2017-01-11 12:00:43 -06:00
c97dba39f2
creds should mock these methods too
2017-01-11 11:48:52 -06:00
christopher lee
Jeffrey Martin
James Barnett
Wei Chen
Matthew Kienow
Adam Cammack
Brent Cook
Christian Mehlmauer
UserExistsError
Spencer McIntyre
Pearce Barry
Jon Hart
jgor
Dave Farrow
bigendiansmalls
William Vu
Brent Cook
OJ
David Maloney
William Webb
RageLtMan
darkbushido
dmohanty-r7
Tim
bwatters