Commit Graph

211 Commits (8d12118d1f9333e92b0de7d7350a7f0b2ed1a4c6)

Author SHA1 Message Date
Luke Imhoff 122928d952
Remove redundant rb-readline from Gemfile
MSP-11585

The entry in the gemspec is sufficient.
2014-11-06 14:51:10 -06:00
Luke Imhoff 06222911f6
Move pcap bundler group to metasploit-framework-pcap.gemspec
MSP-11578

This will allow Metasploit Pro to use the
metasploit-framework-pcap.gemspec to ensure it has the correct version of
gems that were previously only in metasploit-framework's Gemfile and so
weren't being checked for version compatibility when Pro used
metasploit-framework.gemspec.
2014-11-05 09:40:57 -06:00
Luke Imhoff a56a063b84
Move db bundler group to metasploit-framework-db.gemspec
MSP-11578

This will allow Metasploit Pro to use the
metasploit-framework-db.gemspec to ensure it has the correct version of
gems that were previously only in metasploit-framework's Gemfile and so
weren't being checked for version compatibility when Pro used
metasploit-framework.gemspec.
2014-11-05 08:58:46 -06:00
darkbushido 2d7c517e2f
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile.lock
2014-11-04 15:34:25 -06:00
James Lee 867329d4b3 Fix readline by mucking with load path 2014-10-29 22:14:49 -05:00
Matt Buck 25d1caabb5
Merge branch 'master' into staging/rails-4.0
Conflicts:
	Gemfile
	Gemfile.lock
	metasploit-framework.gemspec
2014-10-14 15:20:15 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Matt Buck 478dbd32f2
Bump to newly-released versions of gems
MSP-11412
2014-10-03 12:07:23 -05:00
Matt Buck f748256e47
Use the prerelease versions of the gems
MSP-11412
2014-10-03 10:29:10 -05:00
Matt Buck 04dbfb9ad6
Bump metasploit gem dependencies
MSP-11412
2014-10-02 18:11:13 -05:00
Matt Buck 71efeb0c26
Also PATH out the deps for metasploit-credential and metasploit_data_models
MSP-11412
2014-10-02 14:08:35 -05:00
Matt Buck 05c71af03c PATH out the deps to metasploit-concern and metasploit-model, for the moment 2014-10-02 13:29:50 -05:00
jvazquez-r7 80d36ec08a
Land #3833, @darkbushido's cucumber fixes 2014-09-19 11:03:41 -05:00
Luke Imhoff 39d302a120
Update metasploit_data_models
MSP-11359

Include fix for loading from metasploit_data_models/lib.
2014-09-18 12:35:26 -05:00
Luke Imhoff 03cc69d902
Update gems
MSP-11359
2014-09-18 11:33:22 -05:00
Luke Imhoff 21d6e4afb3
Move metasploit-concern to gemspec
MSP-11359

The dependency on `metasploit-concern` should not have been in the db
group as `Metasploit::Concern.run` is called for
`Msf::Exploit:Remote::HttpServer`, which works without the db group
installed.  This is a fix for a bug from #3781.
2014-09-18 09:33:57 -05:00
darkbushido 93cd53a800
setting cucumber-rails require to false in Gemfile
this stops the warning about cucumber being double required from showing up
2014-09-11 15:47:42 -05:00
Joe Vennix 6ade4d8dab
Kill empty line in Gemfile. 2014-09-11 14:47:17 -05:00
Joe Vennix 37e6173d1f
Make Metasploit::Concern a first-class dep.
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
darkbushido 19a063e861
cucumber rails is not required by default anymore 2014-09-04 13:04:08 -05:00
darkbushido 3b75b98148
updating to rails 4 2014-09-03 12:20:51 -05:00
darkbushido 13a0b8da83
Merge branch 'master' into aruba-testing-with-updated-master
Conflicts:
	Gemfile.lock
	config/cucumber.yml
	features/support/env.rb
	features/support/hooks.rb
	lib/tasks/cucumber.rake
2014-09-02 13:56:02 -05:00
Luke Imhoff bfc509c18a
Add feature that tests --yaml is favored over others
MSP-11153
2014-08-27 16:46:23 -05:00
Luke Imhoff 1857c6ae39
Add aruba
MSP-11153

aruba adds steps for testing commandline applications with cucumber.
2014-08-27 14:22:20 -05:00
Luke Imhoff 2f48f7c48c
rails generate cucumber:install
MSP-11153

Add cucumber-rails for testing msfconsole's loading of database.yml from
different paths.
2014-08-27 14:10:04 -05:00
darkbushido 984f073c7d
changing from cucumber to cucumber-rails
using the MSF_DATABASE_CONFIG to tell msfconsole where to find the database.yml
2014-08-27 13:44:34 -05:00
darkbushido 2877cdc362 Merge branch 'master' into aruba-testing 2014-08-25 14:09:37 -05:00
David Maloney e9dea358b8
gemfile change 2014-08-19 10:32:44 -05:00
darkbushido a09037ffa3
Merge branch 'master' into aruba-testing
Conflicts:
	.rubocop.yml
	Gemfile
	Gemfile.lock
	Rakefile
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 09:06:53 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
darkbushido c82ba34f7c
working on a first pass at cucumber for framework 2014-08-13 14:28:28 -05:00
Luke Imhoff 225c6da616
Remove rubocop because it causes backtrace
MSP-11046

See https://gist.github.com/limhoff-r7/7c398b5f4c44ed40cf1f
2014-08-12 10:47:26 -05:00
Tod Beardsley 47cb906408
Remove rubocop and msftidy touchpoints
Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.

While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).
2014-08-12 10:37:58 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Samuel Huckins 49a91ac5bb
Updating metasploit-credential dep to v0.8.6 2014-08-02 17:43:08 -05:00
Luke Imhoff 3bd4279038
Update metasploit-credential
MSP-10963
2014-08-02 01:01:53 -05:00
Luke Imhoff c69c06af89
Update metasploit-credential
MSP-10963
2014-08-01 22:05:45 -05:00
Trevor Rosen 8fda4ee239
Fix fd leak and blind IO#gets in pwdump import
MSP-10715
2014-07-29 15:15:47 -05:00
Luke Imhoff f3eb708dd1
Update metasploit_data_models and metasploit-credential for tag search
MSP-10029

Use metasploit_data_models that supports searching Mdm::Tag and a
compatible metasploit-credential.  Needed so
Metasploit::Credential::Core#tags can be searched in Pro.
2014-07-22 09:07:18 -05:00
Luke Imhoff f8af435df6
Fix version restrictions on metasploit-credential
MSP-10029

The '<' version should have been '0.8' and not '0.7.10' because '0.8' is
the next incompatible version number.
2014-07-21 19:44:20 -05:00
Luke Imhoff 1a10b21e7f
Use metasploit-credential with association search
MSP-10029
2014-07-21 13:39:17 -05:00
Luke Imhoff a4e5c36de5
Update to metasploit-credential to use gem.
MSP-10808
2014-07-21 12:57:20 -05:00
Tod Beardsley 19477dbfef
Land #3537 from @PagedeGeek, msfcrawler fix 2014-07-17 13:38:15 -05:00
Joshua Smith 9fb18f13cc
Land #3541, adds hpricot to gemfile 2014-07-17 11:14:13 -05:00
David Maloney 0d3abf26e8
use latest metasploit-credential 2014-07-16 15:38:50 -05:00
Tod Beardsley 5fa639c640
Land #3528, add Rubocop from @jhart-r7
This adds the gem to the :development group in the Gemfile, as well as
wires up msftidy to use it.
2014-07-16 13:45:44 -05:00
Lance Sanchez 1e2df81397
Attempting to fix a gemfile mergeconflict
MSP-10721
2014-07-16 10:22:27 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
Samuel fe72bac8c8 fix crawler hpricot 2014-07-16 13:23:40 +02:00
Trevor Rosen 2f460f32c3
Fix Gemfile deps 2014-07-15 21:52:57 -05:00
David Maloney 7c0633f0a7
gemfile fix 2014-07-15 15:38:02 -05:00
Jon Hart 73736c70b6 Add Rubocop to the Metasploit project
This is a work in progress because the code base is old and the style
varies wildly, however .rubocop.yml can (and should) be tweaked over
time to change standards as we see fit.  As it stands right now there
are few (if any) modules that pass Rubocop.
2014-07-15 10:43:08 -07:00
David Maloney 846679bef9
change Result status
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict.
Conflicts:
	Gemfile.lock
2014-07-09 17:43:42 -05:00
David Maloney 59c90bba22
version lock rspec
rspec 3 will cause problems for us right now
2014-07-09 12:21:41 -05:00
David Maloney e5abfea36a
require new metasploit-credential and -model
get the new Realm Key constants after the
move to -model
2014-07-09 10:43:57 -05:00
Luke Imhoff dd75c645c3
Update metasploit-credential
MSP-10663
2014-07-08 19:44:38 -05:00
Lance Sanchez d7450dcbdf
updating dependencies
metasploit-credential to pre.electro.pre.release
metasploit-data-models to 0.18.0

MSP-10654
2014-07-07 17:02:22 -05:00
Luke Imhoff 271fae07cf
Update to compatible dependencies
MSP-10654
2014-07-07 14:41:03 -05:00
HD Moore 8f39590f0f
Framework is currently pegged to 0.17.0. Closes #3495 2014-07-07 09:43:05 -05:00
HD Moore 740f75d0bf Match masters preferred MDM version 2014-07-06 09:52:04 -05:00
HD Moore 16af8b8c5c Use MDM 0.17.0 stock as master branch is broken.
This resolves all issues I know of with the recog branch on
Metasploit Framework, but obviously most of the benefits of
this branch come from having a recog-aware MDM, something
that can't happen until MDM 0.17.6+ is supported by the
framework.

In short, this should be good to merge, but will not solve
the intended problems until MDM 0.17.6+ is fixed for MSF
2014-07-06 09:36:08 -05:00
HD Moore 90f3916259 Remove duplicate packetfu inclusion after merge 2014-07-06 09:19:14 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
Chris Doughty 9b35b0e13a Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
This reverts commit bba8bd3498, reversing
changes made to 002234993f.
2014-06-25 13:24:07 -05:00
David Maloney 06da2d81e4
use fixed version of credential 2014-06-20 12:34:42 -05:00
David Maloney a929a55404
fix show command parsing
this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
2014-06-20 10:48:42 -05:00
Tod Beardsley 1b9d24ad0c
Include the Meterpreter bins 2014-06-19 16:04:40 -05:00
David Maloney 53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
Conflicts:
	Gemfile
2014-06-19 12:45:53 -05:00
David Maloney d3c77b345c
report cracked credentials
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
James Lee b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
David Maloney 641559ec12
put pry in gemfile
include pry in the development group of the framework
gemfile
2014-06-18 11:47:36 -05:00
Joe Vennix b8cedf14a8
Update gemfile dependencies. I have no idea if i need to tag this or wtf. 2014-06-17 12:14:17 -05:00
Samuel Huckins 57c7d30bc4
Updated MC tag to 0.4.2
MSP-10006
2014-06-16 15:34:42 -05:00
David Maloney a5fb898904
actually set max run time
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
Joe Vennix eeef98d0e4
Update gemfile. 2014-06-12 15:43:44 -05:00
Trevor Rosen 8d06cb7679 Creds version bump 2014-06-11 14:09:31 -05:00
Trevor Rosen e8752f9c56 Point to correct creds version 2014-06-11 13:38:35 -05:00
Trevor Rosen a92660376c Update credentials tag 2014-06-11 13:29:09 -05:00
David Maloney e9d9806408
invalidate_login
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
David Maloney dc590008a7
add invalidate_login call
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
Lance Sanchez eead9f097a
updating creds to v0.3.0
MSP-9653
2014-06-05 16:31:17 -05:00
Lance Sanchez d10867ea9e
updating the gemfile
metasploit-concern v0.1.0 has been released
metasploit-credential is now on the v0.2.0-electro-release tag

MSP-9653
2014-06-05 14:26:40 -05:00
Luke Imhoff 80a75e1e9c
Update Gemfile.lock
MSP-9653

Forgot to `bundle install` after changing the metasploit-credential
version.
2014-06-02 13:27:56 -05:00
Luke Imhoff 898b108863
Gemspec
MSP-9653

Add gemspec for metasploit-framework so that pro can declare it as a
proper dependency.  DO NOT release metasploit-framework to rubygems: it
is 47 MB and would be not be nice to their servers.
2014-06-02 13:03:07 -05:00
James Lee cc1e81ecb7
Add sqlite3 to Gemfile
Fixes all the post modules that require it to parse pilfered sqlite DB
files.
2014-05-27 10:29:55 -05:00
HD Moore 81194684ae Require MDM >= 0.17.2 for Recog support 2014-05-19 11:41:44 -05:00
HD Moore 1d205081cb Merge Gemfile changes properly 2014-05-18 11:10:31 -05:00
Luke Imhoff 14cf51db91
Remove unused DatabaseCleaner
MSP-9606

DatabaseCleaner is no longer used in the specs since the use of railties
allowed the use of transactional fixtures.
2014-05-13 09:13:47 -05:00
Luke Imhoff b1598e83c3
Re-enable `bundle install --without db` support
MSP-9606

Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed.  NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
Luke Imhoff 3370465d84
Use railties to load Metasploit::Credential correctly
MSP-9606

In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines.  To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
Luke Imhoff cadc2dd81f
Order Gemfile
MSP-9606
2014-05-09 13:47:00 -05:00
Brandon Turner 97ef53a1d1
Add upper bound for active-* gems
We do not yet support ActiveRecord and ActiveSupport 4.x, so ensure our
Gemfile declares this.
2014-04-18 16:45:07 -05:00
Tod Beardsley af19efbd71
Use the new bcrypt gem, not bcrypt-ruby
See the change upstream at:

273946f2ba

Reported by @ZeroChaos
2014-04-18 15:02:42 -05:00
Joe Vennix 5170b7230b
Tweak Gemfile comment. 2014-04-09 17:24:45 -05:00
Joe Vennix 57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
HD Moore 2bc6668312 Point gemfile to the dependent git repos in github vs local 2014-04-01 08:55:10 -07:00
Samuel Huckins a78bc822d0 Gemfile update for new MDM version
* Updated MDM is live
2014-03-19 15:04:20 -05:00