Commit Graph

642 Commits (9a068e92215ce2fcf4a59bd2227425ad89c3498c)

Author SHA1 Message Date
Wei Chen 27d6fffdad
Land #11125, Import/generate `ysoserial` Java serialization objects 2019-01-15 17:09:56 -06:00
Wei Chen 85555b81c4 Update code for Ruby coding style standards 2019-01-15 17:08:54 -06:00
asoto-r7 ddd9ab2041
Fixed an off-by-one error in the fingerprinting randomization 2019-01-14 17:42:59 -06:00
Matthew Kienow 5e28bccda9
Move msfdb_ws since it is deprecated by msfdb 2019-01-09 23:40:02 -05:00
asoto-r7 ddebc291f2
Added partial 'ysoserial-modified' support, along with debug flags 2019-01-04 16:43:06 -06:00
asoto-r7 7557624c00
ysoserial: Generated more compact JSON and renamed script 2018-12-18 15:42:50 -06:00
asoto-r7 349a366e84
ysoserial: Changes from code review 2018-12-17 15:41:31 -06:00
asoto-r7 fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads 2018-12-14 12:51:08 -06:00
William Vu 2b231d33e5 Add comment clarifying why we need the day for ISO 2018-11-16 13:25:01 -06:00
William Vu 2302acaab7 Accept ISO 8601 DisclosureDate with compatibility
Zalgo.
2018-11-16 12:03:01 -06:00
William Vu f25d7dbaa8 Revert Date.parse check for DisclosureDate
An approximation of https://en.wikipedia.org/wiki/Robustness_principle.
2018-11-16 11:48:44 -06:00
William Vu d65ba41e31 Use non-greedy regex against DisclosureDate
Zalgo. He comes.

wvu@kharak:~/metasploit-framework:bug/msftidy$ tools/dev/msftidy.rb modules/exploits/unix/webapp/jquery_file_upload.rb
"Oct 9 2018', # Larry"
wvu@kharak:~/metasploit-framework:bug/msftidy$
2018-11-16 11:40:12 -06:00
William Vu 3dd47b34b0 Rework DisclosureDate check to match core code
Framework core uses Date.parse, so many date formats are valid.

There is no reason we shouldn't be using ISO 8601 dates.
2018-11-16 11:05:47 -06:00
William Vu a30403dbfe Improve DisclosureDate regex 2018-11-16 03:46:51 -06:00
William Vu 02bb2d45d3 Make day in DisclosureDate optional for msftidy
Defaults to the first day of the month.
2018-11-16 03:00:39 -06:00
Christopher Krause ea0ba6b7a7 fix: google geolocation recon script 2018-11-02 05:52:54 +01:00
Green-m 7b1b2198cb
resolve confiict. 2018-10-17 17:33:01 +08:00
Green-m 941b015525
Add shebang. 2018-10-17 16:23:56 +08:00
William Vu 0b8926715e Reactively check for invalid module names 2018-10-10 14:33:59 -05:00
Wei Chen b012fa1275 Update msftidy 2018-10-06 15:59:05 -05:00
William Vu 2186322134 Stop being an idiot about the regex and rewrite it
There was no reason to shoehorn in zero-length assertions.
2018-10-05 13:50:19 -05:00
William Vu 05ac3875bc Improve check_snake_case_filename check in msftidy
We also remove the separator, since the file is basenamed.
2018-10-05 11:55:17 -05:00
Erin Bleiweiss e753eddb6b
Ignore 'No CVE' warning if NOCVE reason was provided in notes 2018-08-31 16:53:44 -05:00
Christian Mehlmauer 69d321000e
check double quotes 2018-08-29 06:49:37 +02:00
Christian Mehlmauer 31d4d4f5ff
expand check 2018-08-29 06:42:01 +02:00
Christian Mehlmauer 7431ae401b
fix more errors 2018-08-28 13:49:31 +02:00
Christian Mehlmauer a66556b436
fix msftidy errors 2018-08-28 13:12:43 +02:00
Christian Mehlmauer 1381e1f3e0
also check https 2018-08-27 21:44:42 +02:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
Jacob Robles 2833330f21
Land #10365, script allows you to find modules without a specific reference 2018-07-26 09:54:58 -05:00
Wei Chen 8c84295752 Use full name instead of short to reduce FP 2018-07-24 13:00:59 -05:00
Wei Chen 08b0ea9bde Clean up option 2018-07-24 12:57:58 -05:00
Wei Chen 8a4e831ad2 display full name 2018-07-24 12:38:24 -05:00
Wei Chen 5955e3e42d Do some logging to track progress 2018-07-24 11:43:29 -05:00
Wei Chen 1c33c489d6 rm r7 blog ref because URL ref can do the same thing too 2018-07-24 11:05:54 -05:00
Wei Chen a7284cfff1 Check file path for db 2018-07-24 10:54:24 -05:00
Wei Chen f6538c4cd7 Have a way to able to ignore certain modules 2018-07-24 10:28:07 -05:00
Wei Chen a70c85580b Add a script to find CVEs based on existing references 2018-07-24 10:23:24 -05:00
Wei Chen 1049deba70 This script allows you to find modules without a specific reference 2018-07-23 22:25:36 -05:00
asoto-r7 e9a2a1cdae
Land #10307, Add missing CVE check to msftidy 2018-07-18 18:09:20 -05:00
Brent Cook 08290b81c0
Land #10282, Add support for running external modules outside of msfconsole 2018-07-18 17:38:40 -05:00
William Vu 0b0a9bfd32 Remove check_sock_get from run_checks 2018-07-18 09:47:17 -05:00
William Vu b78a0878b8 Upgrade info checks to warning
Also nix get vs. get_once check, since it's inconsistent in practice.
2018-07-18 00:05:48 -05:00
William Vu ae9677c1c2 Rework msftidy retvals
INFO should not be an error. Also prevent retval overflow.
2018-07-17 18:11:16 -05:00
William Vu d355f51969 Switch warn to info
Nothing to warn about, just something to note and check.
2018-07-13 14:55:17 -05:00
William Vu b8bdceccb8 Add missing CVE check to msftidy 2018-07-13 14:19:00 -05:00
Jacob Robles f30c4e0465
Land #10226, Add code randomization capabilities to Metasploit::Framework::Compiler 2018-07-12 11:20:04 -05:00
Adam Cammack 0dd89bf428
Add standalone runner for external modules 2018-07-10 10:24:07 -05:00
Wei Chen 922081d87e Make sure module_reference is able to continue loading rb modules 2018-07-06 14:58:43 -05:00
Wei Chen a60fc3dc00 Fix code based on feedback from Jacob 2018-07-06 00:00:28 -05:00