Commit Graph

585 Commits (8bc1417c8c4964e09283a34e4a9207f1087f18a8)

Author SHA1 Message Date
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Pearce Barry 7df85a24aa
Initial Tools Hardware repo with ELM327 chipset as sample for HWBridg… 2017-01-19 22:23:57 -06:00
Brent Cook 4abc5a5a2f revert unrelated changes 2016-12-22 00:36:41 -06:00
James Lee 26d8738950
Drop names so we can remove dup addresses 2016-12-20 18:45:36 -06:00
Brent Cook e52d67cb8c add architecture check 2016-11-20 19:09:26 -06:00
Brent Cook 5b4f96eeac remove more refs 2016-09-20 14:31:28 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Pearce Barry 7b1d9596c7
Land #7068, Introduce 'mettle' - new POSIX meterpreter 2016-07-11 22:38:40 -05:00
Brent Cook a362d8b9c8 update payload test generator to work with MetasploitModules 2016-07-06 15:53:06 -05:00
Tod Beardsley 7a321c7350
Import, sign, and publish signed dev keys
This largely automates the process of importing developer keys,
much like `import-dev-keys.sh`, but also takes the additional, sadly
manual step of signing the key with your default key, and uploading
those keys to https://sks-keyservers.net.

In effect, you are stating that you trust keys published on keybase.io
and are listed as such on the official Metasploit-Framework development
wiki.

If your own default key either has no passphrase, or has a passphrase
cached in a keymanager, the process merely requires you hit `y` for
every key, and `y` again for keys with multiple IDs. Otherwise, you
will need to provide your passphrase for each signing. Temporarily
removing the passphrase alleviates this pain.

Of course, this assumes you actually trust the development wiki
and keybase to do the right thing. The tradition is to individually
verify each key through some personally invented means, such as in
person with a government ID check.

Note that `import-dev-keys.sh` currently lists a number of keys
not on Keybase, and that functionality has not been carried over
to this script.
2016-07-06 10:33:02 -05:00
Brent Cook f9f47f7a79 fix tools that need rex-text to function 2016-07-05 02:38:40 -05:00
x90" * 365 3fe4ffb225 Change default pattern length
Changed from 1024 to 8192 per previous version.
2016-07-03 16:08:54 -04:00
Brent Cook cc30ece6ce tell the user what to do 2016-06-14 11:54:55 -05:00
William Vu 3ed85b6b25 Add missing rank check to msftidy 2016-06-14 11:48:05 -05:00
Andrey 92b62d010f Update md5_lookup.rb
:)
2016-06-02 18:49:22 +03:00
Brent Cook 10dcc44e2d
Land #6446, Speedup pattern_create/offset options parsing 2016-05-14 09:50:19 -05:00
Brent Cook 680709c5f2 move requires into run 2016-05-14 09:50:02 -05:00
Brent Cook dd0d68a2b4 speed up options parsing (only require framework when running) 2016-05-14 09:47:08 -05:00
Brent Cook 057c25e188
Land #6446, Cleanup pattern_create/pattern_offset and document options 2016-05-13 22:09:35 -05:00
Brent Cook 7cfc4d4523 fix odd indentation and style issues 2016-05-13 22:06:18 -05:00
Brent Cook 901b793406 fix some minor indent and style issues 2016-05-13 21:51:54 -05:00
Brent Cook 7b83b06ad5 whitespace and remove useless comments 2016-05-13 21:45:41 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
x90" * 365 c3e618ad37 Update pattern_create.rb 2016-04-14 15:54:30 -04:00
x90" * 365 2a1831f4f2 Update pattern_offset.rb 2016-04-14 15:29:57 -04:00
x90" * 365 7f112c9c7d Update pattern_create.rb 2016-04-14 15:11:36 -04:00
x90" * 365 f9304fcc00 Update pattern_offset.rb 2016-04-14 15:11:02 -04:00
x90" * 365 a71d40d25b Update pattern_offset.rb
Test
2016-04-14 12:59:36 -04:00
wchen-r7 bc48ebd43b Use patch_finder for msu_finder 2016-03-29 23:21:01 -05:00
Spencer McIntyre 631e24c02b Update the msftidy warning for module class names 2016-03-16 13:31:24 -04:00
Brent Cook 558f810165
Land #6667, add a dev script for finding Metasploit release notes for modules 2016-03-13 14:03:54 -05:00
wchen-r7 69de3adf7a Fix a typo in the file name 2016-03-11 13:50:13 -06:00
wchen-r7 1546bf32ed Add a dev script to find Metasploit release notes
This script allows you to find the release notes of a:

* Pull request number for a bug fix, or a notable change.
* A module name (preferably just use the short name)
2016-03-11 13:44:38 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook 659af68b16
Land #6388, update msftidy check for new preferred Metasploit module base class 2016-03-06 17:12:20 -06:00
Brent Cook cc436fe438 update to new preferred base class for modules 2016-03-06 17:11:51 -06:00
Brent Cook e1db3ef369
Land #6388, Update msftidy to error when module super class is incorrect 2016-03-06 16:53:11 -06:00
William Vu 55724eb777 Set the exit status correctly 2016-03-02 09:39:23 -06:00
William Vu 538ee1ec36 Print a helpful message on LoadError 2016-03-02 09:39:23 -06:00
William Vu 92d4929b3d
Land #6543, msu_finder link update 2016-02-09 17:06:23 -06:00
Brent Cook bb556e5b87
Land #6529, added a file PR history exploration tool 2016-02-09 17:01:58 -06:00
Brent Cook 7fe61dce70 added support for GITHUB_OAUTH_TOKEN 2016-02-09 17:01:19 -06:00
wchen-r7 aaf1d2c312 Update downloadable link pattern for msu_finder 2016-02-07 12:26:37 -06:00
ghettoeinstein af3f6c4655 Update msu_finder.rb
Corrected spelling of "script"
2016-02-06 09:27:05 -08:00
wchen-r7 d5296d6150 Add documentation 2016-02-03 22:06:10 -06:00
wchen-r7 c82c147f31 Correct usage example 2016-02-03 21:53:22 -06:00
wchen-r7 8c8f4a39e8 Change to file_pull_requests.rb 2016-02-03 21:50:17 -06:00
wchen-r7 23fdadd31f chmod +x 2016-02-03 16:57:50 -06:00
wchen-r7 3ff2c98f99 Add tool module_pull_requests
This tool allows you to find all the rapid7/metasploit-framework
pull requests associated with a particular Metasploit module.
2016-02-03 16:53:03 -06:00
wchen-r7 4bd2be5dfa Add preserved_identifiers support 2016-01-28 14:36:42 -06:00
x90" * 365 7f726b1b66 Updated Requires
rex/text and msfevn
2016-01-07 00:55:45 -05:00
x90" * 365 e7dc3aa99c Added Argument Error Handling 2016-01-06 22:34:58 -05:00
x90" * 365 7e70cb6fe8 Re-write pattern_create layout and options
Updated pattern_create.rb to be more consistent other tools and modules in Metasploit.  Provided a usage example for undocumented custom set feature that allows removal of bad characters.

Usage: ./pattern_create.rb [options]
Example: ./pattern_create.rb -l 50 -s ABC,def,123
Ad1Ad2Ad3Ae1Ae2Ae3Af1Af2Af3Bd1Bd2Bd3Be1Be2Be3Bf1Bf

Specific options:
    -l, --length <length>            The length of the pattern
    -s, --sets <ABC,def,123>         Custom Pattern Sets
    -h, --help                       Show this message
2016-01-06 22:15:56 -05:00
x90" * 365 cedb4b7340 Update egghunter.rb msfenv requirements
On Stock Kali 2.0 (after apt-get upgrade), the following command errors ./egghunter.rb --list-formats.  Adding the require 'msfenv' to the file alleviates the issue.

root@kali:/usr/share/metasploit-framework/tools/exploit# ./egghunter.rb --list-formats
/usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- rkelly (LoadError)
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex/proto/http/response.rb:5:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex/proto/http.rb:4:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex/proto.rb:2:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex.rb:79:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/msf/core.rb:17:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/msf/base.rb:17:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from ./egghunter.rb:9:in `<main>'
2016-01-04 17:21:21 -05:00
Jon Hart 140637ef43
Refactor msftidy to allow easier stdout/stderr testing 2015-12-24 10:54:13 -08:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 6b0ae754bd
Anchor all regexen 2015-12-23 08:33:47 -08:00
Jon Hart 26fa916cc9
Update msftidy to error when module super class is incorrect
Fixes #6365
2015-12-22 13:38:31 -08:00
wchen-r7 467267b3be Fix #6260, add timeout and verbose option
Fix #6260
2015-11-19 11:30:16 -06:00
Jon Hart f34bf544d3
Update msftidy to flag authors with unbalanced angle brackets 2015-11-06 13:23:14 -08:00
William Vu a53df44c55 Move msftidy back to tools/dev
This is where it belongs.
2015-11-05 13:56:28 -06:00
wchen-r7 e0801b39ba Fix undef method has_key for module_references.rb tool
I made a typo. Should be has_key?, not has_key
2015-10-26 23:12:01 -05:00
Brent Cook 9d51abe4b5 fix msftidy link 2015-10-07 16:52:21 -05:00
wchen-r7 10dc637658 Fix typo 2015-10-06 16:16:58 -05:00
wchen-r7 97f07f1312 Fix base path 2015-10-06 10:30:52 -05:00
wchen-r7 540af3e5ae Move tools 2015-10-05 22:49:54 -05:00
jvazquez-r7 5a7ac8c29a
Land #6030, @wchen-r7's Microsoft Patch Finder 2015-10-02 13:33:27 -05:00
wchen-r7 c4bba0269c Change print_debug 2015-10-02 12:48:12 -05:00
wchen-r7 f97cd97fa5 Update documentation 2015-10-02 12:45:17 -05:00
wchen-r7 e226526dee Update help 2015-10-02 12:37:01 -05:00
jvazquez-r7 69f3d88ea6
Ensure uniq on #find_msb_numbers 2015-10-02 11:38:36 -05:00
jvazquez-r7 b107213a6e
Update documentation / TODO 2015-10-02 11:37:43 -05:00
jvazquez-r7 507f778056
Do some code reorganization with @wchen-r7 2015-10-02 11:35:06 -05:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
wchen-r7 418374b4b2 Regex -q 2015-10-01 10:21:31 -05:00
wchen-r7 dc3f1c84ed Update help 2015-10-01 01:01:02 -05:00
wchen-r7 0d7d6376c2 Follow the Google API limit 2015-10-01 00:54:15 -05:00
wchen-r7 4c1678ef5c I don't need i 2015-09-30 23:01:23 -05:00
wchen-r7 e2098822eb Update msu_finder and rspec 2015-09-30 23:00:46 -05:00
wchen-r7 bc1be7f213 some progress with rspec 2015-09-29 17:20:30 -05:00
wchen-r7 8f1999e227 Add dev tool MSFT MSU finder (msu_finder.rb)
You can use this tool to find MSFT patches. Please see -h for more
information.
2015-09-28 18:44:31 -05:00
wchen-r7 939999f43c Check \ 2015-09-16 13:43:11 -05:00
wchen-r7 eb018f3d29 No 7zip 2015-09-12 03:07:15 -05:00
wchen-r7 5480886927 Do absolute path 2015-09-09 22:00:35 -05:00
wchen-r7 ab1d61d80b Add MSU extractor
If you do patch test/analysis/diffing, you might find this tool
handy. This tool will automatically extract all the *.msu files,
and then you can search for the patched files you're looking for
quickly.

The workflow would be something like this:

1. You download the patches from:
   http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard

2. You put all the *.msu files in one directory.

3. Run this tool: extract_msu.bat [path to *.msu files]

4. The tool should extract the updates. After it's done, you can
   use Windows to search for the file(s) you're looking for.
2015-09-09 21:34:07 -05:00
HD Moore 1aa7c596ce
Land #5967, add PACKETSTORM reference types. 2015-09-01 23:25:26 -05:00
HD Moore 77f56c563b Land #5867, add PACKETSTORM reference types 2015-09-01 23:25:01 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
wchen-r7 eb47973533 Check debug.keystore 2015-08-24 15:08:45 -05:00
wchen-r7 8825db5c98 Add MSF APK installer
You can use this script to install your msf apk to your android
emulator.
2015-08-22 21:53:04 -05:00
Roberto Soares 495ca55a7b Added PacketStorm (PKT) for verification by msftidy 2015-08-20 00:41:55 -03:00
Roberto Soares 496e47a094 Added PacketStorm (PKT) in module_reference tool 2015-08-20 00:39:11 -03:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Brent Cook 3aab9aa74c move BSSID checker to tools, fixup rubocop warnings, add OS X example 2015-08-14 17:13:11 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00