A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
This commit does a few tidies of code, as well as adds the ability to
write all the kiwi output to disk as well as to the console. We can't
yet add this stuff to the credential DB because it's tied to machine,
where the creds that come out of kiwi are often tied to domains.
This also removes duplicate creds from the output list, and gets rid of
the auth id stuff from the output too (not sure why it was useful
before).
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
James Lee
Jack64
wchen-r7
William Vu
jvazquez-r7
HD Moore
Samuel Huckins
Brent Cook
Mo Sadek
OJ
g0tmi1k