Commit Graph

8967 Commits (81d160c68552035dd99a2dd58381a7803f8e02c4)

Author SHA1 Message Date
William Vu ce40c1152a
Land #4014, msfconsole spinnerz 2014-10-17 16:25:31 -05:00
Luke Imhoff 080ea3e56a
Merge branch 'staging/great-backport' into feature/MSP-11126/msf-module-reorg
MSP-11126
2014-10-17 14:28:13 -05:00
Luke Imhoff 06fbbf7001
Fully-qualified Msf::NormalRanking in Msf::Module::Ranking
MSP-11126

Needed due to loss of `Msf` lexical scope.
2014-10-17 13:58:57 -05:00
Luke Imhoff 43354774e1
Fully qualified Msf::RankingName in Msf::Module::Ranking
MSP-11126

To compensate for loss of `Msf` lexical scope.
2014-10-17 13:43:51 -05:00
Luke Imhoff ae45c1b9d3
Msf::Module::Rank -> Msf::Module::Ranking
MSP-11126

So that mixin module won't appear as Rank constant that Msf::Module
subclasses are supposed to define.
2014-10-17 13:39:53 -05:00
Tod Beardsley a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/ 2014-10-17 13:13:44 -05:00
Luke Imhoff a6a2886faa
Fully-qualify Msf::OptionContainer references
MSP-11126
2014-10-17 13:09:27 -05:00
Luke Imhoff 112b5988f2
Add missing autoload to fix loading on travis-ci
MSP-11126

`Msf::Module::Failure` fails to load on travis-ci probably due to a load
order difference, so add `:Failure` to autoloads in `Msf::Module`.
2014-10-17 13:05:59 -05:00
Luke Imhoff 0c00c7cc50
Fully-qualifiy Msf::MODULE_TYPES constants
MSP-11126

Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
2014-10-17 12:43:40 -05:00
Tod Beardsley 5978bd5e62
Control the startup msg with -q, too 2014-10-17 12:41:58 -05:00
Tod Beardsley a45b21b6bf
-q will quiet the animation, too 2014-10-17 12:32:28 -05:00
Luke Imhoff 200d64040d
Fully-qualify Msf::ServiceState
MSP-11152

Replace unqualified `ServiceState` with `Msf::ServiceState`.
2014-10-17 11:58:11 -05:00
Luke Imhoff 172afd180a
Extract Msf::Module::Privileged
MSP-11126
2014-10-17 11:45:03 -05:00
Luke Imhoff cbae9be5b5
Extract Msf::Module::UUID
MSP-11126
2014-10-17 11:31:56 -05:00
Luke Imhoff a59e635913
Extract Msf::Module::Author
MSP-11126
2014-10-17 11:17:12 -05:00
Luke Imhoff 9f32cbd476
Use :: to force top-level constant resolution
MSP-11152

When `Msf::DBManager::Import::MetasploitFramework` is included in
`Msf::DBManager::Import`, it's child namespace of
`Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as
`Zip` in `Msf::DBManager::Import` methods, so need to use `::Zip` to
cause `Zip` to be resolved from rubyzip gem.
2014-10-17 10:15:59 -05:00
Luke Imhoff 13923a8ca5
Fully-qualify Msf::DBImportError
MSP-11152

Constant was unqualified in some of the reorganized Msf::DBManager code
because that code was take advantage of the old nested lexical scope
that included `Msf`.
2014-10-17 09:29:01 -05:00
Luke Imhoff e822920298
Msf::Module::Author -> Msf::Author
MSP-11126

`Msf::Module::Author` was already aliased to `Msf::Author`.  This just
moved `Msf::Module::Author` to that alias to free up
`Msf::Module::Author` so it can be used for a concern for
`Msf::Module`'s author methods.
2014-10-17 08:59:54 -05:00
Luke Imhoff b5039c3817
Extract Msf::Module::Network
MSP-11126
2014-10-16 15:51:59 -05:00
Luke Imhoff 2e538bd72d
Extract Msf::Module::Search
MSP-11126
2014-10-16 15:27:54 -05:00
Luke Imhoff 7743fdb2f9
Extract Msf::Module::FullName
MSP-11126
2014-10-16 15:24:59 -05:00
Jon Hart 8fdae8fbfb Move protocol and lifetime to mixin, use correct map_target if CHOST 2014-10-16 13:24:17 -07:00
Luke Imhoff 0e53548c82
Extract Msf::Target
MSP-11126
2014-10-16 15:13:18 -05:00
Luke Imhoff e5cc456be7
Extract Msf::Platform
MSP-11126
2014-10-16 15:11:59 -05:00
Luke Imhoff 27c006a8f9
Extract Msf::SiteReference
MSP-11126
2014-10-16 15:09:55 -05:00
Luke Imhoff 9981271e2a
extract Msf::Reference
MSP-11126
2014-10-16 15:03:21 -05:00
Luke Imhoff c8730ca55b
Extract Msf::Author
MSP-11126
2014-10-16 14:59:15 -05:00
Luke Imhoff fe5ffa9cec
Standardize on autoload over require
MSP-11126

Standardize on autoload to prevent trying to use colliding names for
included Module with Modules/Classes just under the namespace.
2014-10-16 14:58:08 -05:00
Luke Imhoff d5c7a50e86
Extract Msf::Module::Rank
MSP-11126
2014-10-16 14:39:33 -05:00
Luke Imhoff e6f442697b
Extract Msf::Module::Type
MSP-11126
2014-10-16 14:23:21 -05:00
Luke Imhoff e418f98d45
arch -> Msf::Module::Arch
MSP-11126
2014-10-16 13:21:11 -05:00
Luke Imhoff 44b2e5e35c
Extract Msf::Module::Arch
MSP-11126
2014-10-16 13:14:56 -05:00
Luke Imhoff 31c93e9dbc
Extract Msf::Module::ModuleInfo
MSP-11126
2014-10-16 13:01:42 -05:00
Trevor Rosen c503e8a3d8
Merge branch 'landing/4026' into upstream-master
Land #4026

* db.rb (DBManager) now in multiple files
* Cucumber coverage for DB-related msfconsole commands
2014-10-16 11:52:57 -05:00
Luke Imhoff f9caa4d25e
Extract Msf::Module::Options
MSP-11126

Methods for registering, derigsterings, and validating options.
2014-10-16 11:14:42 -05:00
Luke Imhoff c50cb2eb8a
Extract Msf::Module::UI::*::Verbose and shared examples
MSP-11126
2014-10-16 10:05:45 -05:00
Luke Imhoff a9a6f0c5f9
Extract Msf::Module::UI::Line
MSP-11126
2014-10-16 09:50:07 -05:00
Luke Imhoff bc2bd99698
Extract Msf::Module::UI::Message
MSP-11126
2014-10-16 09:39:30 -05:00
Luke Imhoff f5d09f735e
Extract Msf::Module::Compatibility
MSP-11126
2014-10-16 09:14:57 -05:00
Luke Imhoff 85169d5e8d
Extract Msf::Module::DataStore
MSP-11126
2014-10-16 09:03:23 -05:00
Luke Imhoff f068d669d6
Extract Msf::Module::ModuleStore
MSP-11126
2014-10-16 09:03:07 -05:00
Luke Imhoff 370daaed5e
Extract Msf::Module::Failure
MSP-11126

Move `Msf::Module::Failure` to a file of its own.
2014-10-16 09:02:55 -05:00
James Lee 41a57b7ba5
Re-enable proxies for HTTP-based login scanners 2014-10-15 17:00:44 -05:00
Tod Beardsley d5a0b81680
Land #4024, auto-negotiate SSL versions
Thanks @hmoore-r7!
2014-10-15 16:04:38 -05:00
Tod Beardsley 62be638258
Add 'Auto' to tcp.rb as well. 2014-10-15 16:01:42 -05:00
James Lee 3a9c2f95c9
Add magic encoding to new files 2014-10-15 14:23:34 -05:00
James Lee 2986031db5
Move SMBServer into its own file 2014-10-15 14:22:23 -05:00
James Lee 1064488ada
Whitespace 2014-10-15 14:21:39 -05:00
Luke Imhoff 9456506e3d
Merge branch 'master' into feature/MSP-11124/msf-dbmanager-reorg
MSP-11124
2014-10-15 14:08:55 -05:00
Luke Imhoff 1f7ad1cac9
unserialize_object -> Msf::DBManager::Import::MetasploitFramework
MSP-11124
2014-10-15 14:03:18 -05:00
Luke Imhoff bed98fe43b
nils_for_nulls -> Msf::DBManager::Import::MetasploitFramework
MSP-11124
2014-10-15 13:59:03 -05:00
HD Moore fcd9b4b293 Allow non-SSLv3 Meterpreters (auto-negotiate) 2014-10-15 13:57:51 -05:00
Luke Imhoff ac30990177
Move libpcap helpers to Libpcap module
MSP-11124
2014-10-15 13:55:24 -05:00
Luke Imhoff 7aed88f11b
Extract Msf::DBManager::Import::Report
MSP-11124
2014-10-15 13:51:57 -05:00
HD Moore cb3a4afac5 Typo: request -> requested in message 2014-10-15 13:48:22 -05:00
Luke Imhoff e5e051c905
Extract Msf::DBManager::Import::Wapiti
MSP-11124
2014-10-15 13:42:54 -05:00
Luke Imhoff e65a386d3d
Extract Msf::DBManager::Import::Spiceworks
MSP-11124
2014-10-15 13:37:35 -05:00
HD Moore 7516512650 Raise an ArgumentError vs RuntimeError for backwards compatibility 2014-10-15 13:30:38 -05:00
HD Moore a762d871bf Autonegotiate SSL/TLS versions when not explicit 2014-10-15 13:26:40 -05:00
Luke Imhoff dfe690ac52
Extract Msf::DBManager::Import::Retina
MSP-11124
2014-10-15 13:23:12 -05:00
Luke Imhoff 8af280b1cb
Extract Msf::DBManager::Import::Outpost24
MSP-11124
2014-10-15 13:16:11 -05:00
Luke Imhoff eff95221da
Order methods
MSP-11124
2014-10-15 13:14:20 -05:00
Luke Imhoff cf555e2390
Extract Msf::DBManager::Import::OpenVAS
MSP-11124
2014-10-15 13:11:49 -05:00
Luke Imhoff 5d6044786a
Extract Msf::DBManager::Import::Nmap
MSP-11124
2014-10-15 13:06:28 -05:00
Luke Imhoff cf3a3a0d65
Move nexpose requires to appropriate module
MSP-11124
2014-10-15 12:54:30 -05:00
Luke Imhoff 16f143c2ed
Extract Msf::DBManager::Import::Nikto
MSP-11124
2014-10-15 12:51:16 -05:00
Luke Imhoff e64a14c748
Extract Msf::DBManager::Import::Nexpose::Simple
MSP-11124
2014-10-15 12:40:04 -05:00
Tod Beardsley c4d1a4c7dc
Revert #4022, as the solution is incomplete
Revert "Land 4022, datastore should default TLS1 vs SSL3"

This reverts commit 4c8662c6c1, reversing
changes made to 0937f32ff9.
2014-10-15 12:32:08 -05:00
Luke Imhoff 2b861f91e9
Extract Msf::DBManager::Import::Nexpose::Raw
MSP-11124
2014-10-15 11:59:03 -05:00
Luke Imhoff c371eab26a
Extract Msf::DBManager::Import::Netsparker
MSP-11124
2014-10-15 11:46:38 -05:00
Luke Imhoff a73b0e2283
Move requires for nessus parses to appropriate module
MSP-11124
2014-10-15 11:42:00 -05:00
Luke Imhoff b43035145d
Move nessus helper function to closest module
MSP-11124
2014-10-15 11:39:23 -05:00
Luke Imhoff aae6dc9066
Extract Msf::DBManager::Import::Nessus::XML::V*
MSP-11124

Extract different versions of Nessus XML format.
2014-10-15 11:34:37 -05:00
Luke Imhoff a0494b2eeb
Extract Msf::DBManager::Import::Nessus::XML
MSP-11124
2014-10-15 11:27:23 -05:00
Luke Imhoff 0c861848bc
Extract Msf::DBManager::Import::Nessus::NBE
MSP-11124
2014-10-15 11:21:26 -05:00
Luke Imhoff d0d0c478aa
Extract Msf::DBManager::Import::MetasploitFramework::Credential
MSP-11124
2014-10-15 11:12:13 -05:00
Luke Imhoff 46a2c47dfe
Extract Msf::DBManager::Import::MetasploitFramework::Zip
MSP-11124
2014-10-15 10:59:41 -05:00
Tod Beardsley 1754b23ffb
Datastore options should default to TLS1, not SSL3
Otherwise, we risk getting our connections killed by particularly
aggressive DPI devices (IPS, firewalls, etc)

Squashed commit of the following:

commit 5e203851d5c9dce1fe984b106ce3031a3653e54b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:19:04 2014 -0500

    Whoops missed one

commit 477b15a08e06e74d725f1c45486b37e4b403e3c2
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:16:59 2014 -0500

    Other datastore options also want TLS1 as default

commit 8d397bd9b500ff6a8462170b4c39849228494795
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:12:06 2014 -0500

    TCP datastore opts default to TLS1

    Old encryption is old. See also: POODLE
2014-10-15 10:28:53 -05:00
Luke Imhoff 65885c8cc8
MsfXml -> MetasploitFramework::XML
MSP-11124
2014-10-15 10:25:42 -05:00
Luke Imhoff ac9a593b43
import_msf_file -> Msf::DBManager::Import::MsfXml
MSP-11124
2014-10-15 10:02:42 -05:00
Luke Imhoff d870188377
Extract Msf::DBManager::Import::MBSA
MSP-11124
2014-10-15 09:54:03 -05:00
Luke Imhoff f29408680f
Extract Msf::DBManager::Import::Libpcap
MSP-11124
2014-10-15 09:48:23 -05:00
Luke Imhoff 44968400e9
Extract Msf::DBManager::Import::IPList
MSP-11124
2014-10-15 09:42:11 -05:00
Luke Imhoff e5236e9b56
Extract Msf::DBManager::Import::FusionVM
MSP-11124
2014-10-15 09:36:29 -05:00
Luke Imhoff 2e85dc910a
Extracts Msf::DBManager::Import::Foundstone
MSP-11124
2014-10-15 09:27:53 -05:00
Luke Imhoff 68a1ebd2fb
Extract Msf::DBManager::Import::CI
MSP-11124
2014-10-15 09:23:08 -05:00
Luke Imhoff 8d628c221b
Extract Msf::DBManager::Import::Burp
MSP-11124
2014-10-15 09:16:57 -05:00
Luke Imhoff f42307a6ff
Extract Msf::DBManager::Import::Appscan
MSP-11124
2014-10-15 09:12:38 -05:00
Luke Imhoff dcac8a45ee
Extract Msf::DBManager::Import::Amap
MSP-11124
2014-10-15 09:06:03 -05:00
Jon Hart 07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful 2014-10-15 06:39:38 -07:00
HD Moore 6cf62765de Default to TLSv1 for RPC connections 2014-10-15 01:20:43 -05:00
James Lee 5434996969
Move TcpServer into its own file 2014-10-14 18:43:40 -05:00
Jon Hart ea6824c46f WIP of NAT-PMP rework 2014-10-14 14:20:24 -07:00
Luke Imhoff a00d039796
Move require for IP360 XML parser
MSP-11124
2014-10-14 16:18:47 -05:00
Luke Imhoff 599bcc33a9
Extract Msf::DBManager::Import::IP360::V3
MSP-11124
2014-10-14 16:16:47 -05:00
Tod Beardsley e68aaa4226
Don't disclose empty disclosure dates
For rapid7#4015
2014-10-14 16:02:23 -05:00
Luke Imhoff 81c18c96ee
Extract Msf::DBManager::Import::IP260::ASPL
MSP-11124
2014-10-14 15:58:43 -05:00
Luke Imhoff 6c0f549abb
Extract Msf::DBManager::Import::Acunetix
MSP-11124
2014-10-14 15:40:29 -05:00
Luke Imhoff 0c10b5a859
Extract #handle_qualys to Msf::DBManager::Import::Qualys
MSP-11124
2014-10-14 15:32:22 -05:00
Luke Imhoff 11bcac8a4e
Extract Msf::DBManager::Import::Qualys::Scan
MSP-11124
2014-10-14 15:19:55 -05:00
William Vu f612c8cd3e
Add disclosure date to info 2014-10-14 15:15:24 -05:00
William Vu fdd79e64c3
Land #4010, ReverseAllowProxy clarification 2014-10-14 15:10:50 -05:00
Tod Beardsley e010d70913
No need for that bool option 2014-10-14 14:59:57 -05:00
Tod Beardsley bf0a5d038e
Add an animation to comfort the user
Sometimes msfconsole takes a little while to start.

This adds a fairly common ASCII spinner to the startup sequence.

I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.

That said, it works for me.
2014-10-14 14:54:45 -05:00
William Vu 5c4f61057f
Show available actions for info 2014-10-14 12:41:02 -05:00
Pedro Laguna 70d1eefaa9 Update reverse_tcp.rb
As I am using a exploit that does a check on the Server HTTP headers to identify the target I saw an error message that reads like this:

>The target server fingerprint "" does not match "(?-mix:(Jetty|JBoss))", use 'set FingerprintCheck false' to disable this check.

Then, while using a HTTP proxy to analyse the requests I am presented with an error that tells me to set another internal option to override a default behaviour. Although it should be pretty clear to everyone using the metasploit framework, I think it is more convenient if all error messages have the same format/way to present suggestions, in this case, presenting the full command the user needs to introduce in order to carry on with the execution of the exploit.
2014-10-14 11:24:59 +01:00
Luke Imhoff 1f49f767dc
Extract Msf::DBManager::Import::Qualys::Asset
MSP-11124
2014-10-13 16:06:15 -05:00
Luke Imhoff a7d1577494
ImportMsfXml -> Import::MsfXml
MSP-11124
2014-10-13 15:46:13 -05:00
Luke Imhoff 87825d40b1
Fix migration.rb loading
MSP-11124
2014-10-13 15:39:15 -05:00
Luke Imhoff b8ea44235b
Remove nesting in Msf::DBManager::ImportMsfXml
MSP-11124

Don't use nested modules to prevent Msf::DBManager::ImportMsfXml from
being the declaring location for Msf::DBManager.
2014-10-13 15:37:16 -05:00
Luke Imhoff ef04261686
Fix indentation in Msf::DBManager
MSP-11124
2014-10-13 15:26:19 -05:00
Luke Imhoff c6ea3a3880
Distribute requires to where they are needed
MSP-11124

Push requires down to the Msf::DBManager mixins that actually need them.
2014-10-13 15:24:56 -05:00
Luke Imhoff 4371254dd2
Reorder remaining code in Msf::DBManager
MSP-11124
2014-10-13 15:13:28 -05:00
Luke Imhoff 2dd925c18c
Move add_rails_engine_migration_paths to Msf::DBManager::Migration
MSP-11124
2014-10-13 15:01:14 -05:00
Luke Imhoff 1dfaba1884
Remove nesting in Msf::DBManager::Migration
MSP-11124

To prevent migration.rb as counting as the definer of `Msf::DBManager`.
2014-10-13 14:56:08 -05:00
Luke Imhoff bc4d2ff152
Extract Msf::DBManager::Adapter
MSP-11124

Extract methods related to setting up the adapter/driver(s).
2014-10-13 14:49:26 -05:00
Luke Imhoff 930b020211
Extract Msf::DBManager::Connection
MSP-11124

Extract methods that connect, disconnect and show status of connection
to database.
2014-10-13 12:07:13 -05:00
Luke Imhoff f472411c8c
Extract Msf::DBManager::Web
MSP-11124

Extract `Mdm::Web*` methods.
2014-10-13 11:59:39 -05:00
Luke Imhoff 5067e43ac1
Extract Msf::DBManager::VulnAttempt
MSP-11124

Extract `Mdm::VulnAttempt` methods.
2014-10-13 11:32:15 -05:00
Luke Imhoff e7e12ec6a5
Extract Msf::DBManager::Route
MSP-11124

Extract `Mdm::Route` methods.
2014-10-13 11:23:37 -05:00
Luke Imhoff 8011187aa9
Extract Msf::DBManager::SessionEvent
MSP-11124

Extract `Mdm::SessionEvent` methods.
2014-10-13 11:13:39 -05:00
Luke Imhoff 1f86712d63
Extract Msf::DBManager::HostTag
MSP-11124

Extract `Mdm::HostTag` method.
2014-10-13 11:00:36 -05:00
Luke Imhoff 1811d4e58f
Extract Msf::DBManager::Session
MSP-11124

Extract methods related to `Mdm::Session`s.
2014-10-13 10:50:11 -05:00
Luke Imhoff f16b3f05b4
Extract Msf::DBManager::HostDetail
MSP-11124

Extract method related to `Mdm::HostDetail`s.
2014-10-13 10:15:14 -05:00
Luke Imhoff 87ee06b792
Extract Msf::DBManager::Ref
MSP-11124

Extract methods related to `Mdm::Ref`s.
2014-10-13 10:06:37 -05:00
Luke Imhoff 5668a2820e
Move #report_artifact to Msf::DBManager::Report
MSP-11124
2014-10-13 10:00:19 -05:00
Luke Imhoff 43c9909636
Extract Msf::DBManager::VulnDetail
MSP-11124

Extract methods related to `Mdm::VulnDetail`s.
2014-10-13 09:54:38 -05:00
Luke Imhoff f42f8e106a
Extract Msf::DBManager::ExploitAttempt
MSP-11124

Extract methods that create `Mdm::ExploitAttempt`s.
2014-10-13 09:41:32 -05:00
Luke Imhoff e0f76a7517
Extract Msf::DBManager::Task
MSP-11124

Extract methods related to `Mdm::Task`s.
2014-10-13 09:28:48 -05:00
Luke Imhoff 90b50339c3
Extract Msf::DBManager::Report
MSP-11124

Extract methods related to the obsolete `Mdm::Report`.  These methods
should be deleted, but since this branch is just for moves, I won't
delete them now.
2014-10-13 09:19:39 -05:00
Luke Imhoff 9632c83cde
Extract Msf::DBManager::Event
MSP-11124

Extract methods related to `Mdm::Event`s.
2014-10-13 09:05:10 -05:00
Luke Imhoff 89d588272e
Extract Msf::DBManager::Client
MSP-11124

Extract methods related to `Mdm::Client`s.
2014-10-13 08:27:09 -05:00
Jon Hart 458da2bca4
Land #3988, @wchen-r7's fix for #3985, a lack of logging for 'check' 2014-10-12 18:46:35 -07:00
sinn3r 96be53dcf1
Land #3962 - Show selected action 2014-10-12 14:02:40 -05:00
William Vu a04ad3aa8c
Update print_error to reflect new usage 2014-10-10 14:38:26 -05:00
William Vu 26743b4c38
Rewrite existing code to use HasActions
And fix a bug in the initial use case where mod.action was dropped.
2014-10-10 14:35:54 -05:00
William Vu 7e7e0259e4 Fix tab completion for post actions 2014-10-10 12:24:23 -05:00
William Vu 238a30a769
Update print_error to include post modules 2014-10-10 12:12:43 -05:00
nstarke f8d6af6d4e Rescuing from JSON Parse
Previous code was not using any sort of exception handling
for parsing the response body.  I have added a rescue block
for JSON errors to remedy this problem.
2014-10-10 12:41:11 +00:00
sinn3r 48d2343152 Fix #3985 - check command should elog 2014-10-10 01:06:37 -05:00
nstarke 472985a8a8 Adding Buffalo Linkstation NAS Login Scanner
I have added a login scanner for the Buffalo Linkstation
NAS.  I have been testing against version 1.68 of the
firmware.  Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
Luke Imhoff 08aee23966
Extract Msf::DBManager::Vuln
MSP-11124

Extract all methods related to `Mdm::Vuln`s from `Msf::DBManager`.
2014-10-09 15:47:34 -05:00
Luke Imhoff 2fa02f5c44
Extract Msf::DBManager::Note
Extract all methods related to `Mdm::Note`s.
2014-10-09 15:29:07 -05:00
Luke Imhoff 0bc71ecd24
Extract Msf::DBManager::Loot
MSP-11124
2014-10-09 15:15:40 -05:00
Luke Imhoff cb9bdd96c7
Extract Msf::DBManager::Import
MSP-11124

Extract all methods dealing with imports.
2014-10-09 14:51:24 -05:00
Luke Imhoff d18dcf5961
Extract Msf::DBManager::ExploitedHost
MSP-11124

Extract methods related to `Mdm::ExploitedHost`s.
2014-10-09 12:54:04 -05:00
Spencer McIntyre a535d236f6
Land #3947, login scanner for jenkins by @nstarke 2014-10-09 12:59:02 -04:00
Luke Imhoff ceba04d556
Extract Msf::DBManager::Cred
MSP-11124

Extract methods related to `Mdm::Cred`s.
2014-10-09 11:41:04 -05:00
Luke Imhoff 0284edf430
Extract Msf::DBManager::Service
MSP-11124

Extract methods related to `Mdm::Service`s.
2014-10-09 11:31:29 -05:00
Luke Imhoff 0cfac32290
Extract Msf::DBManager::Host
MSP-11124

Extract methods related to `Mdm::Host`s.
2014-10-09 11:11:36 -05:00
Luke Imhoff bb26f4f303
Extract Msf::DBManager::Wmap
MSP-11124

Extract methods that are commented as related to WMAP.
2014-10-09 10:13:34 -05:00
Luke Imhoff b0147c994a
Extract Msf::DBManager::IPAddress
MSP-11124

Extract the IP address validation methods to
`Msf::DBManager::IPAddress`.
2014-10-09 09:35:19 -05:00
Luke Imhoff 3a96ae9be9
Move #match_values to Msf::DBManager::ModuleCache
MSP-11124

`#match_values` is only used in `#search_modules`, so `#match_values`
should be grouped with `#search_modules` in
`Msf::DBManager::ModuleCache`.
2014-10-09 09:18:03 -05:00
Luke Imhoff d4a94366a6
Extract Msf::DBManager::ModuleCache
MSP-11124

Extract methods related to the module cache state and maintenance to
`Msf::DBManager::ModuleCache`.
2014-10-09 08:53:41 -05:00
Luke Imhoff ee0de997d5
Extract Msf::DBManager::Workspace
MSP-11124

Gather together all workspace related methods into
`Msf::DBManager::Workspace` and include it in `Msf::DBManager`.
2014-10-08 15:46:35 -05:00
Luke Imhoff a64036f6cf
Move Msf::DBManager#sync to Msf::DBManager::Sink
MSP-11124

The comment on `#sync` says it's related to `sink`, so move it into its
Module.
2014-10-08 15:38:56 -05:00
Luke Imhoff a054259ee5
Extract Msf::DBManager::Sink
MSP-11124

Extract attributes and methods associated with the deprecated sink.
2014-10-08 15:26:28 -05:00
William Vu 1d766ba95b
Rename dump_auxiliary_action{,s}
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
jvazquez-r7 f30309fe81
Land #3919, @wchen-r7's Fixes #3914, Inconsistent unicode names 2014-10-08 14:46:14 -05:00
William Vu f6a9cfcc52
Break away the elsif into a separate if
In case exploits support actions for some crazy reason in the future.
2014-10-08 14:30:41 -05:00
Luke Imhoff 15f9461279
Merge db.rb into db_manager.rb
MSP-11124

The class name is DBManager, so the correct file name is db_manager.rb
2014-10-08 14:27:22 -05:00
Luke Imhoff cffc74d571
Extract Msf::DBImportError
MSP-11124
2014-10-08 14:14:35 -05:00
William Vu b2ba6e7ae1
Make the code more maintainable
Despite the code around it.

Thanks for the advice, @jlee-r7!
2014-10-08 14:14:28 -05:00
Luke Imhoff 7a5ce19735
Fix code style
MSP-11124

Fix comment style and order methods.
2014-10-08 14:07:05 -05:00
Luke Imhoff 6824515949
Fix indentation and whitespace in Msf::DatabaseEvent
MSP-11124
2014-10-08 14:04:21 -05:00
Luke Imhoff 2206a86387
Extract Msf::DatabaseEvent
MSP-11124

Extract `Msf::DatabaseEvent` from `lib/msf/core/db.rb` into a more
conventional `lib/msf/core/database_event.rb`.
2014-10-08 14:01:58 -05:00
jvazquez-r7 dbc199ad77 space after commas 2014-10-08 13:56:59 -05:00
Luke Imhoff 6b3d70ce00
Fix code style in Msf::ServiceState
MSP-11124
2014-10-08 13:52:42 -05:00
Luke Imhoff 46156fbbc6
Fix indentation in Msf::ServiceState
MSP-11124
2014-10-08 13:50:26 -05:00
Luke Imhoff 57d9dc306c
Extract Msf::ServiceState
MSP-11124

Extract Msf::ServiceState from `lib/msf/core/db.rb` and put it into
`lib/msf/core/service_state.rb`.
2014-10-08 13:45:15 -05:00
William Vu c0ef2c7938
Support post modules
I kinda hate this code.

TODO: Get rid of and/or and the extra parens.
2014-10-08 13:23:50 -05:00
Luke Imhoff 0708ac1361
Fix comment style in Msf::HostState
MSP-11124
2014-10-08 11:47:04 -05:00
Luke Imhoff 5ecd194a0d
Fix indent in Msf::HostState
MSP-11124
2014-10-08 11:43:28 -05:00
Luke Imhoff 6e6780da86
Split Msf::HostState into own file
MSP-11124
2014-10-08 11:37:59 -05:00
William Vu a8b5bf4625
Show selected auxiliary action 2014-10-07 14:34:41 -05:00
nstarke eed0958de5 Fixing Comment
Comment was incorrect and needed to be fixed.
2014-10-07 11:28:40 -05:00
jvazquez-r7 0ec855cd07 Add debug log for ARCH_CMD encoder results 2014-10-06 22:34:09 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
jvazquez-r7 260e829a59 Fix PayloadGenerator to have platform into account, so msfvenom works as expected 2014-10-06 19:20:59 -05:00
jvazquez-r7 0089810026 Merge to update 2014-10-06 19:09:31 -05:00
jvazquez-r7 212762e1d6 Delete RequiredCmd for unix cmd encoders, favor EncoderType 2014-10-06 18:42:21 -05:00
sinn3r 17f278effd Fix #3822 - Support file:// syntax for check() 2014-10-06 13:37:14 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Tod Beardsley 097d2bfbb5
Land #3922: Metasploit Park banner 2014-10-03 16:32:56 -05:00
Tod Beardsley d048bb7725 Add some color to the msfpark banner
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
Samuel Huckins f2fc0d88ef Lands #3943, changes to engine require 2014-10-03 14:26:50 -05:00
Matt Buck 0bb4eac259
Rename the method for optional requires
MSP-11412
2014-10-03 14:06:13 -05:00
Matt Buck 88cbf22ef0
Optionally require mdm, as well
MSP-11412
2014-10-03 13:49:39 -05:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
sinn3r 6f50ef581c
Land #3935 - Fix SNMP scanners on OS X/FreeBSD 2014-10-02 16:38:36 -05:00
sinn3r 6d7870a4ac
Land #3934 - New :vuln_test option to BES 2014-10-02 16:31:50 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Matt Buck dabec92e61
Ensure require of metasploit/credential/engine is optional 2014-10-02 14:46:56 -05:00
Matt Buck 7ed1977d0b
Specific require all metasploit gem dependencies' engines
MSP-11412
2014-10-02 14:20:10 -05:00
sinn3r 0820a4fe6a
Land #3933 - Fix cmd_exec with Python Meterpreter on OS X 2014-10-02 13:48:19 -05:00
Samuel Huckins 0dfd8e25b8
Land #3846, Rex::ImageSource specs 2014-10-02 12:33:56 -05:00
Joe Vennix 7861b17e16
Use write() to fix SNMP on osx/freebsd. 2014-10-02 09:15:43 -05:00
Joe Vennix 6571213f1c
Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
Joe Vennix b1b8cba4c5
Rescue an IOError on channel double-close.
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
James Lee 5cb016c1b1
Use Match constant in BES as well 2014-10-01 16:17:13 -05:00
James Lee a75d47aad9
Use yardoc for new methods
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
William Vu 909ac522d1
Add metasploit-park.txt banner to msfconsole
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
sinn3r 1e2d860ae1 Fix #3914 - Inconsistent unicode names 2014-09-30 12:19:27 -05:00
sinn3r 7163b8c55a Fixes #3915 - NoMethodError private method `rhost'
There's no self.rhost, but rhost is defined
2014-09-30 11:34:16 -05:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
HD Moore 8fa666b75d Verbose messages on why a connection is closed 2014-09-28 17:41:21 -07:00
Meatballs d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
Meatballs e14dd9900b
Land #3896, Change Max LOGLEVEL to 3 2014-09-28 09:18:29 +01:00
Meatballs 67c25c20ca
Land #3357, Run Local Exploits in AutoRunScript 2014-09-28 09:12:26 +01:00
Meatballs 3fc57109e6 Dont rescue Exception 2014-09-28 09:12:03 +01:00
sinn3r ae82ebc734 Change max LogLevel to 3
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
jvazquez-r7 e1f00a83bc Fix Rex because domainname and domain_name were duplicated 2014-09-26 13:40:52 -05:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
HD Moore 52ffddd639 Adds domain and url options to DHCP/PXE server, lands #3889
There are serious style and code quality issues with this class and normally I would push for a full refactor, but given the urgency of delivering DHCP functionality to support the bash issues, we will have to refactor the DHCP Server code another day.
2014-09-25 22:43:51 -05:00
Ramon de C Valle bdac82bc7c Fix lib/msf/core/exploit/dhcp.rb 2014-09-25 22:18:26 -03:00
Ramon de C Valle 5dde73bb51 Add domain name and url options to DHCP server 2014-09-25 19:58:42 -03:00
Joe Vennix 2b02174999
Yank Android->jsobfu integration. Not really needed currently. 2014-09-25 16:00:37 -05:00
Joe Vennix b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
Joe Vennix 5d234c0e01
Pass #send in this so jsobfu is not confused. 2014-09-24 15:07:14 -05:00
Jon Hart 650b65250f Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2014-09-22 11:51:10 -07:00
Jon Hart 4e9f1282de
Land #3834, @jabra-'s updates to UDPscanner to support spoofing 2014-09-22 11:49:53 -07:00
Jon Hart e86b18cdd4
Add sanity check for NUM_REQUESTS 2014-09-22 11:48:39 -07:00
jvazquez-r7 a677749f5b Add specs for #read_asciiz and fix bugs there 2014-09-22 12:14:21 -05:00
Luke Imhoff f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling
MSP-11368
2014-09-22 10:00:07 -05:00
William Vu ebacb26e51
Land #3838, msfvenom badchar fix 2014-09-22 03:08:57 -05:00
Joe Vennix d9e6f2896f
Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r e1cfc74c32 Move jsobfu to a mixin 2014-09-21 00:39:04 -05:00
sinn3r cd037466a6 upate doc 2014-09-20 23:40:47 -05:00
sinn3r 9191af6241 Update js_obfuscate 2014-09-20 23:38:35 -05:00
sinn3r a9420befa4 Default to 0 2014-09-20 21:39:20 -05:00
sinn3r 046045c608 Chagne option description 2014-09-20 21:38:57 -05:00
sinn3r fd5aee02d7 Update js_obfuscate 2014-09-20 21:36:17 -05:00
sinn3r 7bab825224 Last changes 2014-09-20 18:39:09 -05:00
sinn3r 135bed254d Update BrowserExploitServer for JSObfu 2014-09-20 17:59:36 -05:00
Joe Vennix d9a713b415
Decode the badchars string correctly. 2014-09-20 17:48:03 -05:00
Josh Abraham cd8b1318e0 send data based on input not @probe 2014-09-20 15:18:58 -04:00
Josh Abraham 3fb00ece9e refactored the code based on PR feedback 2014-09-20 14:10:00 -04:00
sinn3r d52236fe05
Land #3835 - JSObfu to a gem 2014-09-20 01:38:45 -05:00
Joe Vennix 8e1b00ce95
Adds JSObfu.disabled for spec stubbing, fixes BES specs. 2014-09-19 20:42:05 -05:00
Joe Vennix 0f4be63903
Move JSObfu a gem then pull it into the Rex namespace. 2014-09-19 19:10:39 -05:00
Luke Imhoff 5884cbc196
Optimize skip logic in #update_all_module_details
MSP-11368

Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`.  This change is a 8.20% average reduction in boot
time compare to b863978028, for a overall
reduction of 40.95% over b5c3c87790.
See statistics at
https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
2014-09-19 15:34:10 -05:00
jvazquez-r7 b16085baa6
Land #3244, @dmaloney-r7's fix for integer comparisions on metasm 2014-09-19 15:31:37 -05:00
Luke Imhoff 8b5a146067
Wrap Array#include? usage
MSP-11368

Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
2014-09-19 14:38:12 -05:00
Josh Abraham c216cf8c53 added spoofing capabilities to udp_scanner 2014-09-19 10:29:05 -04:00
Luke Imhoff b863978028
Remove fastlib
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
David Maloney 5ff4a55cd2
smb connection error not setting result properly
if the initial connection from the SMB LoginScanner fails
it wouldn't set the target information on the result. this could cause
smb_login to throw a stack trace when it calls invalidate_login
2014-09-16 15:24:14 -05:00
David Maloney e5aa5c4014
missing postgres rescues 2014-09-16 15:04:07 -05:00