84374fe92c
Merge branch 'staging/electro-release' into bug/MSP-11050/rails_root
2014-08-12 13:54:38 -05:00
12f1234296
always set our rails root to our root
...
this works fine when calling any framework binaries
from their path as CWD. if you call tehm from another path
you will get an incorrect root which can cause certain things to load
incorrectly
Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-08-12 13:53:28 -05:00
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry
2014-08-12 11:22:51 -05:00
e051272a20
Fix typo
...
MSP-11046
`ActiveSupport::OrderedOptions` automatically create an attribute for
any missing keys, so when `options.console.resource` was used it would
return `nil` instead of the erroring. The correct option name was
`options.console.resources` (note the pluralization).
2014-08-12 10:49:35 -05:00
9096a8a1f5
Remove Msf::Framework::VersionAPI
...
MSP-10998
It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
22db5aad8a
Remove Msf::Framework::VersionCore
...
MSP-10998
It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
ceaffce727
Merge branch 'pr/3593' into staging/electro-release
2014-08-01 16:01:10 -05:00
ab7111120b
and all the rest
...
finally!
2014-08-01 14:54:18 -05:00
4821851ae4
telnet and ssh next
2014-08-01 14:47:08 -05:00
12902b0a6d
the refactor continues!
2014-08-01 14:41:03 -05:00
b74813b9a1
mysql and pop3 now
2014-08-01 14:30:33 -05:00
2e7738c788
http and mssql now
2014-08-01 14:22:58 -05:00
e6a0e079b6
Merge pull request #3596 from darkbushido/bug/MSP-10937/adding-parent-to-cores-to-credential
...
.to_credential now assigns a parent
2014-08-01 13:13:48 -05:00
33f73a8af7
refactor db2
2014-08-01 13:00:27 -05:00
439b893fea
refactor axislogin
2014-08-01 12:30:16 -05:00
0fffb179fa
refactor afp_login
2014-08-01 12:10:52 -05:00
db345fcb58
make credential_collection always set private_type
2014-08-01 11:57:35 -05:00
a380646667
start refactoring ftp loginscanner
2014-08-01 11:47:13 -05:00
320f032dfe
add to_h to result
2014-08-01 11:46:43 -05:00
dbde046f44
use to_h instead of to_hash
...
apparently ruby 2 adds this as a standard method so
we should stay compliant
2014-08-01 09:45:51 -05:00
0e65792f43
Merge branch 'staging/electro-release' into feature/loginscanner-report-dry
2014-08-01 09:41:30 -05:00
0ad2a7c89b
Bump version to 4.10.0
2014-07-31 23:43:46 -05:00
374c6532fa
add to_hash to Credential
...
begining of the chain to DRYing up
credential reporting in the loginscanner
2014-07-31 18:10:48 -05:00
ad6eed01a2
.to_credential now assigns a parent
...
Metasploit::Credential::Core#to_credential will set the parent to the original core objext
Metasploit::Framework::Credential#to_credential also sets the parent to itself.
2014-07-31 14:52:27 -05:00
7cc5af589f
Only require config/application.rb when Rails.application not set
...
MSP-10964
Allows other Rails::Applications to use the commands.
2014-07-31 13:32:22 -05:00
f9ab7f7a88
Only error out if Rails.env differs from options.environment
...
MSP-10964
2014-07-31 13:28:21 -05:00
aa2e26f8f2
Allow RAILS_ENV to override default environment of 'production'
...
MSP-10964
2014-07-31 13:24:23 -05:00
6a72572237
Wrap comments at 80
2014-07-31 09:41:08 -05:00
ceb8a0f5c2
Extract option require pattern to helper Module
...
MSP-10905
`Metasplot::Framework::Require.optionally` can be used to optionally
require a library and then issue a warning if the require fails or run a
block when it succeeds.
2014-07-30 10:07:53 -05:00
1a6d4843c7
Merge branch 'staging/electro-release' into bug/MSP-10905/msfconsole-database
...
MSP-10905
2014-07-29 15:52:11 -05:00
ba4891bca0
Restore Rails.groups arguments
...
MSP-10905
They don't cause a problem.
2014-07-29 15:50:52 -05:00
38da44c26b
Fix arity difference between rails and msfconsole options
...
MSP-10905
2014-07-29 14:32:42 -05:00
04541ac724
Parse msfconsole options before initializing Rails
...
MSP-10905
2014-07-29 14:07:14 -05:00
78a3263cfe
have Credentials remember their aprents
...
a Credential object can be created from several
other types of objects. Keep a reference to the originating
'parent' so we can find our way back
2014-07-29 11:20:52 -05:00
064d624322
changing Credential == operator
...
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
6c1a3f4992
Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
...
Now able to complete without error.
MSP-10817 #land
2014-07-23 15:55:42 -05:00
ffd7d28bc6
Merge pull request #3559 from dmaloney-r7/feature/MSP-10230/snmp_login
...
MSP-10230 #land
2014-07-23 13:59:37 -05:00
b7d15d0b08
simple fix to mysql loginscanner
...
typo caused connection_timeout default to not get set
2014-07-23 12:07:57 -05:00
e54f5e8ee7
working snmp_login module
2014-07-22 12:44:21 -05:00
c553fcac73
start refacotirng snmp_login
2014-07-22 11:46:22 -05:00
0eb4fc0ed1
community string collection
...
add community string collection to handle snmp loginscanner
credentials
2014-07-22 11:44:31 -05:00
addecb6311
Fix running shipped bins by using a config file
...
This should get everything working again.
MSP-10817
2014-07-21 18:26:50 -05:00
a2a75ffb03
Fix typo and full path issue
...
Previously, the JtR library was prepending the path to data/john/ for
shipped bins; without it, modules weren't finding the executables.
2014-07-21 17:58:27 -05:00
9db951cadc
Add sane defaults for HTTP method and path.
2014-07-21 14:57:28 -05:00
1ad04eb2d9
Merge pull request #111 from rapid7/bug/MSP-10714-gem-version
...
Fix gem version to support rubygems < 2.1
2014-07-16 13:23:33 -05:00
e637237574
Use the Rubygems 2.2 version convention
...
Substitute version dashes with ".pre.".
MSP-10714
2014-07-16 11:13:14 -05:00
044fdb8c55
Fix gem version to support rubygems < 2.1
...
MSP-10714
2014-07-15 19:02:39 -05:00
ea57ad0126
fix connection error on base
...
missed a reference to connection_error on the
loginscanner base. this would prevent us from
bailing out early if we have too many connection errors
2014-07-15 16:21:13 -05:00
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
9857bac6b1
add NO_AUTH_REQUIRED
2014-07-15 14:38:41 -05:00
939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
f3ec386240
Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success
...
Feature/msp 10686/stop after user success
2014-07-14 14:56:23 -05:00
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
cc93dbbe29
Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
...
Feature/msp 9707/smb bruteforce refactor
MSP-9707 #land
2014-07-11 11:33:12 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
097d5d68ce
Display 'realm\user' for AD instead of 'user@realm'
2014-07-10 14:31:42 -05:00
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
818bd1946d
final tweak for the http case
...
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
a319d5270e
set default connection tiemouts
...
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
1a0200f711
one more strip
2014-07-09 17:50:28 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
bb3525419e
Rescue the right thing
...
MSP-9707
2014-07-09 17:44:53 -05:00
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
7325cfec64
add default realm values
...
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
2014-07-09 11:19:25 -05:00
bc18ca5762
add REALM_KEY to each LoginScanner
...
each LoginScanner should now know
what kind of REALM it takes
2014-07-09 10:53:37 -05:00
b65989ff0c
Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files
...
Use glob instead of entries
2014-07-08 14:29:24 -05:00
567435f508
Use glob instead of entries
...
Fixes the case where a non-ruby file exists in the login_scanner/
directory
2014-07-08 11:00:33 -05:00
38419dae83
fix to_credential on core
...
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
2014-07-07 18:05:04 -05:00
2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 16:32:39 -05:00
db8b0c907b
Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
...
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
c4c7ff519f
Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type
...
Add private_type and realm_key accessors to Framework::Credential
2014-07-07 15:43:18 -05:00
b52c13228c
make private_type validation conditional
...
there are times when this won't be filled in
but the credential is still valid
2014-07-07 15:40:52 -05:00
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 13:19:34 -05:00
b7cfc927c4
Add private_type and realm_key accessors
2014-07-07 13:07:28 -05:00
5c406a2aa5
Remove successes and failures
...
No reason to store them and they could fill a ton of unnecessary memory.
2014-07-07 12:33:15 -05:00
7035064f3d
Assignment alignment for Dave
2014-07-07 12:30:04 -05:00
8df3ada087
Better docs
2014-07-07 10:18:42 -05:00
325d2d25b9
Fix requires and derp typos
2014-07-07 10:09:45 -05:00
311f43f1e4
Constpocalypse
2014-07-03 18:49:46 -05:00
b7a55d402d
Add likely service ports and names for HTTP
2014-07-02 23:41:31 -05:00
9dde47a0bc
Add a simple classes_for_service method
2014-07-02 23:31:56 -05:00
b5351eec2b
adding .to_credential
...
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential
MSP-9912
2014-06-26 11:05:59 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
3c85601426
not every version has dupe supression
2014-06-19 16:28:23 -05:00
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
2d9c6f832a
Moar parens!!1!!
2014-06-19 10:07:21 -05:00
fd0e24cdb2
moar docs!
2014-06-18 11:38:07 -05:00
4b4d9796c5
more minor cleanup
...
cleanup from code review
2014-06-18 11:24:55 -05:00
9f11170c3b
some minor cleanup on jtr stuff
...
minor cleanup to code nstyling stuff
2014-06-18 10:57:41 -05:00
d473d86ef0
use tr instead of gsub for mutation
...
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
2014-06-17 10:29:09 -05:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
a81b0ed17b
rename method to_file
...
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
2014-06-16 18:03:06 -05:00
95beaa4f7e
correct self-eating array nature
...
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
2014-06-16 17:37:18 -05:00
a92a58417f
memoize the mutation keys
...
it was recalculating the mutation rules
everytime, and there is no reason to do this
2014-06-16 17:18:52 -05:00
f1a39ef973
enumerators all done with specs
...
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
9af811a2ed
we need to pass in a workspace
2014-06-15 15:52:57 -05:00
897b0b1ee5
wordlist enumerators with some specs
...
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
a00ff5aeef
yield custom_wordlist words
2014-06-15 12:16:21 -05:00
41d6b326f2
specs for wordlist validations
...
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
a5fb898904
actually set max run time
...
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
33519b1fcd
cracker validations and specs
...
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
10f3531bbb
add exectuable validator
...
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
2014-06-14 18:01:24 -05:00
21f29c4da9
more filepath validators
...
added filepath validations to cracker
also made them all conditional validations
2014-06-14 17:54:37 -05:00
1dd69a5228
wordlist validators
...
added custom fielpath vaidator and
added validations to the wordlist class
2014-06-14 17:49:47 -05:00
466576d03f
jtr wordlist validations started
...
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
19231b7c8f
starting skeleton on wordlist class
...
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
2014-06-14 15:48:25 -05:00
41f7bc1372
add common root words wordlist
...
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
873d6e5b99
add all the specs
2014-06-14 12:28:17 -05:00
b784bea48e
slow roll of specs for jtr cracker
...
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
df705c2edc
Gotta keep 'em sepArated.
...
MSP-9712
2014-06-12 16:03:02 -05:00
5fd117a015
fix userpass file stack trace
...
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
2014-06-12 12:39:36 -05:00
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
9affc753c0
Merge pull request #66 from rapid7/feature/cred-collection-prepend
...
Add ability to prepend creds to a collection
2014-06-11 14:34:54 -05:00
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
4d53c18ac4
fix version
2014-06-06 12:07:22 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
c61b47063d
vnc add missing exception catch
...
linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
2014-06-05 15:32:08 -05:00
b1136752be
Add Credential#== to facilitate specs
2014-06-05 11:37:48 -05:00
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
b1ff6b95b5
Better docs
2014-06-04 14:44:53 -05:00
41644970bf
Add a CredentialCollection
...
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
edc9f94d41
fixing issues raised in code review
...
MSP-9678
2014-06-03 11:15:26 -05:00
15fffb1668
Adding in some tests
...
cleaning up the regex a bit
MSP-9678
2014-06-02 13:50:30 -05:00
9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-02 13:40:11 -05:00
ebf61bef22
Metasploit::Framework::Engine
...
MSP-9653
Rails::Engine version of Metasploit::Framework::Application that can be
used by downstream projects, like Pro to get the shared behaviors, like
modules path adding, meterpreter extension merging, and binary default
encoding.
2014-06-02 13:00:22 -05:00
9d326fcb24
Extra common engine and fix default encoding
...
MSP-9653
Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine. Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
2014-06-02 12:57:48 -05:00
3ebe7dfbc8
Gem version
...
MSP-9653
Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
f2a2975bc1
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-06-02 10:56:54 -05:00
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
2c6f89a58d
add sane default for connection timeout
2014-05-29 11:12:59 -05:00
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
572e4f2bdf
Fix dumb missing options and add spec
2014-05-28 16:32:38 -05:00
1bc2140fa6
Telnet LoginScanner basics
...
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
747395e383
create telnet clinet mixin
...
copy paste existing stuff repurposed for use
in a real class instead of a metasploit module
2014-05-28 13:53:50 -05:00
07a61ae696
adding in changes from before my vacation..
...
MSP-9678
2014-05-28 13:18:28 -05:00
3ac2182984
First stab at axis2 login scanner
2014-05-27 23:53:04 -05:00
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
d9687d87f9
Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
...
Specs passing post update.
MSP-9667 #land
2014-05-16 11:29:31 -05:00
02a9d7f15d
minor cleanup
...
minor style changes found in code review
2014-05-16 11:20:04 -05:00
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
8a9abb90c0
Add specs for connection error conditions
2014-05-15 10:06:17 -05:00
e9b3f10ba7
Drying up some of the status codes
...
MSP-9678
2014-05-14 17:02:26 -05:00
59050d9bf1
Add specs for WinRM, improve those for HTTP
2014-05-14 15:13:29 -05:00
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
...
MSP-9686
2014-05-14 13:24:13 -05:00
a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
...
MSP-9686
2014-05-14 13:22:41 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
6a029bee02
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-05-14 10:13:46 -05:00
f34090946e
derp
2014-05-14 10:10:57 -05:00
06796fb27c
returning the result class
...
MSP-9678
2014-05-14 10:09:52 -05:00
2faa015bf3
some minor cleanup
...
minor edits requested by kronicdeth during
code review
2014-05-14 10:09:26 -05:00
8a9027b21d
Add better #inspect for Credential and Result
2014-05-14 10:04:40 -05:00
3c0625e393
hacking on the pop3 login scanner
...
MSP-9678
2014-05-14 09:44:23 -05:00
72b3c4da35
working DB2 loginscanner
...
w00t
2014-05-13 14:41:15 -05:00
162038bde4
Merge pull request #19 from rapid7/feature/login_scanner/smb
...
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
f5751d6a85
first pass at attempt_login for DB2
...
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
2d7e90d5df
Remove vestigal require
2014-05-13 13:39:40 -05:00
5dcf3efd1a
skeleton for DB2 loginscanner
...
add basic skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
f84d763382
refactoring conditional logic
...
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
fe3acf08f5
Handle exceptions without error_code
...
Also sets smb_direct in attempt_login, which makes this work correctly
when port wasn't set in the constructor.
2014-05-12 10:31:11 -05:00
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
ee6a9f99b3
Add require for active_model
...
Having proper requires allows loading scanners in IRB without msfconsole
2014-05-09 18:16:19 -05:00
4e76330643
Add skeleton for VNC lgoinscanner
...
Add skeleton and specs for the VNC Loginscanner
MSP-9686
2014-05-09 11:55:15 -05:00
c77412d373
Merge pull request #13 from rapid7/feature/login_scanner/mysql
...
Add LoginScanner for MySQL
MSP-9676 #land
2014-05-08 15:05:24 -05:00
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
d16a4a4c1d
add sane defaults to MySQl
...
MySQL LoginScanner now with sane defaults
for TCP evasion stuff
2014-05-08 13:57:58 -05:00
cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql
2014-05-08 13:55:09 -05:00
2d2b5ea9e4
Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb
2014-05-08 13:45:06 -05:00
e0c6e90ae8
trivial cleanup work
...
whitespace and alignment stuff
2014-05-08 13:42:52 -05:00
13fe8c0869
Default Credential#paired to true
2014-05-08 13:34:31 -05:00
20edabb0f5
mySQL Loginscanner with specs to match
...
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
2014-05-07 18:34:34 -05:00
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
338ed7bd18
First attempt at smb login scanner
2014-05-07 16:38:56 -05:00
7a476dc21a
fully operational lgoinscanner
...
Now you will witness the power of this fully operational
LoginScanner. fire at will, Commander!
2014-05-07 15:57:06 -05:00
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
234e129523
add NTLM concern for loginscanners
...
add a new concern for LoginScanners
that provides the basic accessors and validations
for anything requiring NTLM
2014-05-07 14:28:10 -05:00
e6b15541ff
replace datastore calls
...
replace datastore calls with stub
methods that will be implmeneted by the loginscanner
2014-05-07 11:41:49 -05:00
9ad5ae44be
Add abstract attempt_login and cleanup some docs
2014-05-06 15:24:18 -05:00
6077135782
extract login neccisary methods
...
create new mssql mixin. extract only the methods
required for mssql_login to work and copy them
into this mixin.
2014-05-06 11:59:21 -05:00
5e6f57f711
fix up some more specs
...
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
1a5abc49d1
Merge branch 'staging/electro_release' into feature/login_scanners/mixin_refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/ssh_key.rb
2014-05-01 10:19:00 -05:00
0dd22395eb
use credential objects inside results
...
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
3d94a1f77d
Merge branch 'feature/http_login_scanner' into staging/electro_release
2014-04-30 16:30:46 -05:00
2483a37c04
Rexsocket mixin for LoginScanners
...
add a mixin for Rex Socket dependent behaviour
in certain Loginscanners to DRY up code more
2014-04-30 15:43:28 -05:00
6a41697955
Add require
2014-04-30 15:03:49 -05:00
a4cc311106
test base behaviour in shared examples
...
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
f1e303d400
add connection error handling
...
if we get too many connection errors
or too many errors in a row, we bail on
the host
2014-04-30 14:06:18 -05:00
a08421b30f
apply reasonable defaults
...
give each lgoinscanner the ability to select
reasonable defaults for certain attributes
2014-04-30 13:56:29 -05:00
ea8dc4db5d
Handle connection errors
...
Also fix up some yardoc issues
2014-04-30 13:33:39 -05:00
b617be3dda
Move doc to the right place
2014-04-30 13:30:42 -05:00
ad264cb031
remove dead variable
...
dead variable left in a method from
a previous code iteration. removed
2014-04-30 13:30:09 -05:00
90882f803b
use base mixin in scanners
...
refactor the LoginScanner classes to use the
new Base mixin. Still some more cleanup to be done
2014-04-30 13:29:14 -05:00
7978587428
add lgoinscanner base mixin
...
start moving common behaviour for
all LoginScanners into a mixin
2014-04-30 13:11:48 -05:00
f61ede7fd2
fix merge wonkiness
2014-04-30 10:23:20 -05:00
e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
...
Conflicts:
lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
e8e5a7f72b
Add initial stab at LoginScanner::HTTP
2014-04-30 00:55:45 -05:00
ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
...
MSP-9684 #land
2014-04-29 15:21:56 -05:00
5c24eab526
add snmp specific behaviour
...
add the snmp specific attempt_login behaviour
to gear this login scanner to the right protocol.
2014-04-29 14:08:30 -05:00
f1105ebe48
basic template copypasta
...
copy the ssh scanner as a template to
start the SNMP scanner from
2014-04-29 10:14:23 -05:00
00b9c99c89
fix class documentation copypasta
2014-04-29 10:13:11 -05:00
08b2974454
fix class documentation
2014-04-29 10:12:26 -05:00
0fcfb9d655
add proxies to ssh scanner
...
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
35a039848c
add sshkey loginscanner
...
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
2346d583ed
touchups and specsfor FTP Scanner
...
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
838a444b23
first pass of FTP LoginScanner
...
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
1f9cf8c68f
add the mixins for tcp and ftp
...
skimmed down, non-module dependent mixins
for TCP client and Ftp client. neccesary for
loginscanner work
2014-04-24 13:39:04 -05:00
3a66723741
nake scan! more generic
...
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
ed8f87d3cf
allow scan! to take a blcok
...
by allowing scan! to take block
and yield the result of each attempt
we can do things like have a module print out
status messages
2014-04-23 12:41:10 -05:00
d25f0d8f6c
cash host resolution
...
if we successfuly resolve the host during
the validation, then alter host to the resolved
address to avoid the overhead of subsequent
DNS requests.
2014-04-22 15:34:16 -05:00
0439569ffb
more documentation work
...
added some more YARD docs
2014-04-22 11:48:14 -05:00
a613d044f5
more cleanup work
...
some code and documentation DRY work
2014-04-22 11:38:24 -05:00
bc092af855
Fix credential docs
...
expanded return types for the Credential
object to be more accurate
2014-04-22 11:05:12 -05:00
b731889c79
add class level documentation
...
add some comments for YARD to have class
level documentation for each class
2014-04-22 10:59:28 -05:00
526bb4989a
more explicit requires
...
LoginScanner module brings in all the deps
while the individual classes require
the module then to get their deps.
2014-04-22 10:28:01 -05:00
645eef51b7
Rename CredDetail to Credential
...
it was felt this was better naming
for the class. Refactored all occurence
2014-04-22 10:25:36 -05:00
f079d3f3a9
move requires into module
...
move all the requires into the LoginScanner
module area to clean up requires
2014-04-21 19:14:50 -05:00
9c6528f13f
use the CredDetail class
...
now that we have the new CredDetail
class, use it instead of hashes
2014-04-21 18:58:23 -05:00
1a6ef8dced
allow for balnk passwords
...
have to alter validation slightly
to allow for blank passwords
2014-04-21 18:57:28 -05:00
fd1777a79f
add CredDetail class
...
rather than passing dumb hashes around
added a CredDetail class that comes
with it's own conditional validations
2014-04-21 18:26:38 -05:00
de2bb7d66c
dd tests for #scan!
...
the scan! method is mostly done
and has unit tests
2014-04-21 17:59:50 -05:00
2e11f80a98
refactor to use Result class
...
we now use a Result class to handle
all result codes from the login attempt
2014-04-21 15:35:16 -05:00
d313047532
add loginscanner result class
...
add a result class to have more
tightly defined return values from
the loginscanner classes
2014-04-21 15:11:56 -05:00
aa1d1be786
do not create sessions with scanner
...
the session creation behaviour is
currently inextricably linked to module
behaviour. We will have our scanner class
only return success status. The calling module
will be responsible for opening sessions afterwards.
2014-04-21 11:38:48 -05:00
7571fe1f68
fix host validation
...
host validation was buggy, fixed it
2014-04-21 11:34:40 -05:00
9a15a2be04
basic login attempt functionality
...
groundowkr now layed for trying
authentication attempts on the
SSH LoginScanner, with test coverage
2014-04-18 20:08:28 -05:00
85349ccec4
SSH connection exception handling
...
added in the exception handling
around the Net::SSH conenction
in attempt_login
2014-04-18 18:13:05 -05:00
17b4d4a416
Add more attributes and validations
...
Added some more attributes neccesary
for the actual running of the login scan
as well as accompanying validations and
specs
2014-04-18 16:23:35 -05:00
756488b581
last of the validations
...
finalized validation for SSH lgoinscanner
2014-04-16 13:34:23 -05:00
bf20ed5812
add validations for cred_details
...
Adds validator for the cred_details
attribute on the SSH Login Scanner.
Makes sure propper input is always supplied
for the scanner.
2014-04-16 13:20:14 -05:00
434391c308
add host validations to ssh scanner
...
add validations to the :host attribute
on the SSH LoginScanner
2014-04-16 10:26:00 -05:00
02a17b8612
namespace change to Metasploit
...
chaning the code to live in the namespace of
Metasploit::Framework instead of Msf::Auxiliary
MSP-9683
2014-04-15 17:11:25 -05:00
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
David Maloney
Luke Imhoff
darkbushido
Brandon Turner
James Lee
Samuel Huckins
Joe Vennix
cdoughty-r7
Trevor Rosen
Lance Sanchez
Lance Sanchez
Tab Assassin