Commit Graph

1148 Commits (b1479ec350f037458fcffc7edde30bcd602231a7)

Author SHA1 Message Date
James Barnett a5172e066d
Land #9926, check remote data service before connecting
This PR adds a check prior to connecting to a remote data service
to verify it is online and returning expected data. This prevents
crashes that were occurring when unexpected responses were returned
2018-04-25 14:07:33 -05:00
christopher lee 071a191055 Merge master + workspace removal from http remote data service 2018-04-25 13:39:46 -05:00
Matthew Kienow 43edf46c43
Fix set data service for no database YAML case 2018-04-24 18:34:16 -04:00
Matthew Kienow 359ef27834
Narrow rescue scope to StandardError 2018-04-24 17:19:54 -04:00
Matthew Kienow f66029d129
Validate remote data service instance
Adds simple data service instance validation when registering and
setting a data service.
2018-04-24 16:54:10 -04:00
Matthew Kienow 01dd79173b
Add data proxy and service for online check 2018-04-24 15:11:16 -04:00
James Barnett e5513409db
Include :workspace in db_import opts 2018-04-24 13:53:55 -05:00
James Barnett 31be847213
Add workspace when reporting vuln_attempt 2018-04-19 11:09:13 -05:00
James Barnett aa40ef1789
Grab session_dto workspace from host 2018-04-18 17:38:42 -05:00
James Barnett 82798424b2
Support getting a workspace via id
Also implements a helper method to sanitize sinatra injected
params since it was causing issues downstream. Updated each
use of sinatra params to use this helper method.
2018-04-17 12:35:22 -05:00
James Barnett a8a95a03a3
Implement remote workspace delete 2018-04-17 10:19:40 -05:00
James Barnett f27490dc61
Address PR suggestions and add comments 2018-04-16 16:45:23 -05:00
James Barnett 68ad91763a Merge branch 'rapid7/master' into MS-3062_workspaces 2018-04-16 15:33:59 -05:00
James Barnett 2ef451c349
Land #9873, add notes functionality to remote datastore
This PR enables create, update, and delete functionality for the notes
command and data model when using a remote data service.
2018-04-16 15:03:27 -05:00
Matthew Kienow e283f109a7
Remove commented out code 2018-04-16 14:14:46 -04:00
Matthew Kienow daf67999d6
Raise NotImplementedError in NoteDataService stubs 2018-04-13 12:07:35 -04:00
Matthew Kienow e639fda53c
Fix DB initialization with no database YAML 2018-04-11 09:15:38 -04:00
James Barnett cd48b47760 Fix failing tests.
-Was accidentally deleting opts[:workspace] instead of processing
-Update notes help text expectations
2018-04-10 17:10:32 -05:00
James Barnett e51f41fa34
Merge remote-tracking branch 'msf_jbarnett/fix_services_bugs' into MS-3062_workspaces 2018-04-10 13:35:33 -05:00
James Barnett 90542779ff
Audit models to ensure :workspace is passed only when needed 2018-04-09 14:50:37 -05:00
William Vu e17a788ab5 Remove stray dlog filling framework.log 2018-04-09 13:58:10 -05:00
James Barnett 852bc3d237
Dont inject :workspace into every HTTP request. 2018-04-04 16:30:25 -05:00
James Barnett 6a02712674
Merge remote-tracking branch 'mkienow/MS-3061-remote-notes-read-update-delete' into MS-3062_workspaces 2018-04-04 16:03:43 -05:00
James Barnett e892911fbe
Use a constant for default workspace name 2018-04-02 17:02:14 -05:00
christopher lee 3aed6d6666 Initial 2018-04-02 08:08:23 -05:00
William Vu 840923d591
Land #9738, msfconsole user-friendliness changes 2018-04-01 02:12:53 -05:00
James Barnett ecbbf1d940
Pass workspace when using db_nmap 2018-03-30 15:27:32 -05:00
Matthew Kienow 2b7c3872d4
Add proxy method for find_or_create_note 2018-03-29 18:43:34 -04:00
James Barnett 3b1e3a4256
Missed one more bug in append_workspace 2018-03-29 15:18:31 -05:00
James Barnett 19e01b4b66
Fix bug in append workspace when using :wspace 2018-03-29 15:04:00 -05:00
James Barnett 7f42235ad7
Create default workspace if it doesnt exist 2018-03-28 15:39:24 -05:00
James Barnett d23e33a7bc
Make workspace -v work with updates 2018-03-28 13:31:49 -05:00
James Barnett 1b6aa86d92
Merge remote-tracking branch 'mkienow/MS-3061-remote-notes-read-update-delete' into MS-3062_workspaces 2018-03-27 15:57:41 -05:00
Matthew Kienow 0b5d3d31f9
WIP remote note read, update, delete 2018-03-27 16:36:56 -04:00
James Barnett cfa03a999c
Finish moving current_workspace tracking to client 2018-03-26 15:58:47 -05:00
James Barnett def0e4d93b
Merge branch 'goliath' into MS-3062_workspaces 2018-03-23 11:37:01 -05:00
James Barnett 6b3a4a56dc Merge branch 'rapid7/master' into goliath 2018-03-23 11:26:31 -05:00
James Barnett ed5b22a541
Address more code review comments 2018-03-22 21:47:59 -05:00
James Barnett 6c5a7a663a
Merge branch 'goliath' into MS-2879_db_export 2018-03-22 21:22:23 -05:00
James Barnett 466c97f114
WIP: move tracking active workspace to client side
* Move the @current_workspace tracking to workspace proxy
* Create helper for handling workspace value in opts
* Call framework.db.proxy across dbmanager files now that active ws is tracked in proxy

NOTE: This commit throws an exception when adding a remote data service.
2018-03-22 21:00:06 -05:00
James Barnett 93d4f5cd0b
Last few review comments 2018-03-21 17:50:11 -05:00
James Barnett eee24366c9
Address code review comments and bug 2018-03-21 17:42:54 -05:00
Matthew Kienow 553789557b
Merge branch 'goliath' into MS-2910-remote-vuln-read-update-delete 2018-03-21 01:45:58 -04:00
Aaron Soto 7e5214fef5
Improved CTRL-C edge case, Invalid Options edge case, help output, version output 2018-03-20 13:34:15 -05:00
James Barnett 90bebc2096
Convert workspace update to new api 2018-03-19 14:24:16 -05:00
James Barnett 929fb041ab
Fix bug when adding workspace remotely 2018-03-19 11:01:22 -05:00
James Barnett 35bc8e905e
Refactor workspace delete to be consistent with other commands 2018-03-16 16:11:09 -05:00
James Barnett 8ddaae5fe4
Remove unused code 2018-03-15 12:12:12 -05:00
christopher lee 4d04319d2a Merged master 2018-03-15 11:31:44 -05:00
James Barnett 0d170571da
Fix bug with file name 2018-03-14 15:59:07 -05:00
James Barnett b179603b4a
Externalize db_export command 2018-03-14 15:06:28 -05:00
James Barnett ac5669388a
Merge branch 'goliath' into MS-2879_db_export 2018-03-14 11:37:08 -05:00
Matthew Kienow fcd2bbd1de
workaround attempt to parse nil JSON string value 2018-03-12 14:29:42 -04:00
Matthew Kienow 636284d530
Update session inferred vuln handling
Add remote vuln attempt
2018-03-12 14:26:03 -04:00
h00die ec7a62bc4c move ssh platforms to lib 2018-03-08 21:23:11 -05:00
James Barnett b18ed03407
Merge branch 'goliath' into MS-2909 2018-03-07 14:55:50 -06:00
James Barnett c670748fe3
Update services signature 2018-03-07 13:59:09 -06:00
James Barnett c058d0fba0
WIP: port db_export command 2018-03-06 15:15:27 -06:00
Brent Cook d6871f5733
Land #9614, Juniper post enum module 2018-03-06 10:29:56 -06:00
christopher lee 68d72cbfa7 Goliath Cleanup in preparation for merge to master 2018-03-06 10:21:22 -06:00
James Barnett b42c3ff654 Merge branch 'goliath' into MS-2909 2018-03-02 16:32:55 -06:00
James Barnett fd4032928e
Add services search 2018-03-02 10:57:35 -06:00
christopher lee 4f6b1de9a3 Merge branch 'master' into goliath 2018-03-01 14:14:39 -06:00
James Barnett 06d2482e86
Implement services update
NOTE: This changes functionality for the services command flags.
Previously -s and -p were used for searching for services.
Now the commands will only be used for adds/updates.
If you would like to search, please use -s and pass a search string
2018-02-28 15:12:23 -06:00
James Barnett dffbc67e71
Implement service delete
Also fix bug searching for services by host address
2018-02-27 17:17:07 -06:00
Brent Cook 9597e5294d treat MUST_CHANGE + PASSWORD_EXPIRED as valid 2018-02-27 15:21:21 -06:00
James Barnett c90fabee60
Implement remote service create 2018-02-27 14:20:43 -06:00
James Barnett 9dc6089fcf Merge branch 'goliath' into MS-2909 2018-02-27 11:14:15 -06:00
Brent Cook 66e3ac4c76 treat 'password must change' as a successful login 2018-02-26 17:57:31 -06:00
h00die c7bbc6eca4 juniper post enum module 2018-02-22 21:08:21 -05:00
Matthew Kienow 22752518ea
WIP remote vuln read, update, delete 2018-02-22 13:53:22 -05:00
James Barnett d4440d049d Merge branch 'goliath' of github.com:clee-r7/metasploit-framework into goliath 2018-02-21 11:16:31 -06:00
James Barnett 3005a8b7ce
Merge branch 'rapid7/master' into goliath 2018-02-21 11:16:05 -06:00
James Barnett b3642b1079
Address PR comments 2018-02-20 15:30:37 -06:00
James Barnett 09ae4ac8ac
Add more info to console output 2018-02-20 13:34:33 -06:00
Wei Chen 9a293cd30e Fix #8120, Fix undef method 'gsub' in bavision_cam_login
Fix #8120
2018-02-14 11:03:03 -06:00
James Barnett efd23d37c3
Use common error handling 2018-02-09 16:24:45 -06:00
James Barnett bbd25fc97b
WIP: getting services add working 2018-02-08 17:20:50 -06:00
James Barnett f114092445 Merge branch 'goliath' into MS-2833 2018-02-08 14:32:03 -06:00
jbarnett-r7 352cf295b5
Merge branch 'goliath' into MS-2833 2018-02-07 14:38:26 -06:00
James Barnett 5b35662dbf
Address PR comments 2018-02-07 14:21:31 -06:00
James Barnett cb093d8063
Use proper logging 2018-02-07 10:25:56 -06:00
Matthew Kienow 52b8f405bd
Refactor change host methods, remove debug output 2018-02-06 18:54:05 -05:00
James Barnett 5bc38206c0
Few more loot bugs 2018-02-06 17:22:09 -06:00
James Barnett 6e2503bbd8
Add loot update 2018-02-06 16:16:22 -06:00
Matthew Kienow 629f79ebf7
WIP remote host update 2018-02-06 16:11:46 -05:00
James Barnett 49b88dbef7
Pass loot search using query string 2018-02-05 18:15:05 -06:00
jbarnett-r7 f176e339bc
Merge pull request #12 from clee-r7/ms-2911
Ms 2911
2018-02-05 15:46:28 -06:00
christopher lee 1759621b03 Make 8080 default service port 2018-02-05 15:01:03 -06:00
christopher lee 020a28f5c7 Unify data service command 2018-02-05 13:28:17 -06:00
James Barnett e8b29af208 Merge branch 'goliath' into MS-2833 2018-02-02 17:32:17 -06:00
Matthew Kienow dcf4171cfb
Fix query array encoding issue 2018-02-02 17:16:12 -05:00
christopher lee 5a899d5126 Renamed msfdb to avoid omnibus collision, removed inline data service startup code 2018-02-01 16:28:36 -06:00
christopher lee 3bc0608579 Finish POC cleanup 2018-02-01 13:59:15 -06:00
christopher lee 59bc1a34d5 Remove 'puts' logging and cleanup AWS poc 2018-02-01 13:38:20 -06:00
James Barnett fc7ab6cbff
Merge branch 'externalize-host-data-search' into MS-2833 2018-02-01 11:24:11 -06:00
Matthew Kienow 5c38207a8e
WIP externalize host data search 2018-01-31 16:34:42 -05:00
James Barnett 3ff613db8f
"fix" adding loot from the command line 2018-01-31 10:31:09 -06:00
James Barnett e1b61b8180 Merge branch 'goliath' into MS-2833 2018-01-31 10:06:36 -06:00
Matthew Kienow 3a01a16dcb
Fix issue with workspace in query data 2018-01-25 17:29:58 -05:00
Matthew Kienow 4989e94e68
Add HTTP PUT request method 2018-01-25 10:40:57 -05:00
James Barnett 5505996518 Add loot delete 2018-01-24 16:42:16 -06:00
Matthew Kienow 2ffd627c56
Merge branch 'goliath' into add_https 2018-01-23 18:59:59 -05:00
christopher lee dd65141a22 Merge branch 'goliath' into MS-2891 2018-01-23 10:45:44 -06:00
James Barnett d10cd2d92a
Add verification methods to HTTPS
This commit enables peer verification for SSL.
It also gives the user options to verify the server if the server uses a self-signed cert.
There is an override to skip verification as well.
2018-01-22 18:08:16 -06:00
Christopher Lee 6ffae7f6ad
Merge pull request #9 from clee-r7/correct-api-url
Update API URLs
2018-01-22 15:17:09 -06:00
christopher lee 2521c941d4 Ported singleton calls 2018-01-22 14:57:28 -06:00
Matthew Kienow 2211459b9d
Correct workspace_associations_counts API path 2018-01-20 14:54:14 -05:00
Matthew Kienow b7e5b0f161
Update API URLs per design discussion 2018-01-20 14:50:59 -05:00
Matthew Kienow cb4999c1ac
Add URI query data option to request methods 2018-01-19 16:51:49 -05:00
christopher lee d5978803eb Fix all failing rspec for goliath 2018-01-19 15:16:19 -06:00
James Barnett b8296a809c Merge branch 'goliath' into add_https 2018-01-19 13:33:24 -06:00
James Barnett ff9c69c7c8
Merge branch 'rapid7/master' into goliath 2018-01-19 13:28:17 -06:00
Matthew Kienow 764ecf6562
Land #6 JSON to MDM
Deserialize JSON returned from a remote data service to an in-memory MDM object
2018-01-18 17:21:10 -05:00
James Barnett 0654979be6
Remove separate code path for openstruct for creds.
Also fix RemoteCredentialDataService to work with json_to_mdm
2018-01-18 13:27:33 -06:00
Brent Cook 7fe237abe1
Land #9220, Module cache improvements 2018-01-17 22:34:51 -06:00
Brent Cook 08f622b0ce update version 2018-01-17 17:24:15 -06:00
James Barnett bab9b66521
Only send back one object for host create 2018-01-12 10:52:16 -06:00
James Barnett 809d3d28c7 Merge branch 'rapid7/master' into goliath 2018-01-11 16:18:41 -06:00
James Barnett b2666ad3f2
Update host delete method to return full objects of deleted hosts 2018-01-11 16:12:25 -06:00
Metasploit 18f16e7c66
Bump version of framework to 4.16.32 2018-01-11 10:03:16 -08:00
Matthew Kienow e964e8bcbb
Fix incorrect HTTP request method calls 2018-01-10 23:59:53 -05:00
Matthew Kienow f895169c7f
Fix incorrect HTTP request method calls 2018-01-10 23:53:24 -05:00
James Barnett 3c73892a70
Use json_to_mdm for Credentials. 2018-01-10 16:58:44 -06:00
James Barnett 4a377af5e6
Deserialize JSON to Mdm Object 2018-01-09 15:18:49 -06:00
James Barnett 173705ad35
Add error handling when no data returned from server 2018-01-05 11:44:25 -06:00
Metasploit 3a7a539c84
Bump version of framework to 4.16.31 2018-01-04 12:17:08 -08:00
Metasploit d4de9eef9b
Bump version of framework to 4.16.30 2018-01-04 10:03:21 -08:00
James Barnett 5058c2d36f Merge branch 'goliath' into add_https 2018-01-03 10:51:22 -06:00
James Barnett 4aac8f5c39
Merge branch 'rapid7/master' into goliath 2018-01-02 17:34:40 -06:00
Matthew Kienow 40d15bf3e6
Hash#each style correction 2018-01-02 12:25:14 -05:00
James Barnett f015b926da Merge branch 'goliath' into add_https 2018-01-02 10:38:48 -06:00
Metasploit 7254130b77
Bump version of framework to 4.16.29 2017-12-28 15:19:22 -08:00
Jeffrey Martin 66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Metasploit c681c7881d
Bump version of framework to 4.16.28 2017-12-28 10:03:39 -08:00
Brent Cook 6f1196d30c clarify what's happening when there is a connection failure 2017-12-27 22:32:08 -06:00
Matthew Kienow 5e4836b1e9
Implement hosts remote data store delete
Also, resolve an issue when adding a host where the client-side
raises an exception.
2017-12-26 23:09:23 -05:00
Jon Hart d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
Metasploit 909caa0425
Bump version of framework to 4.16.27 2017-12-21 13:27:52 -08:00
Brent Cook 9d8cb8a8d0 Merge branch '4.x' into upstream-master 2017-12-21 15:17:38 -06:00
Metasploit ee2f10efc5
Bump version of framework to 4.16.26 2017-12-21 10:04:38 -08:00
Jon Hart 962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 18:58:36 -08:00
Jon Hart d0b3abc14b
Better handling of MQTT endpoints which don't require authentication
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
2017-12-20 18:02:52 -08:00
Jeffrey Martin 8cd7185a7f
Land #9313, Add DirectAdmin login_scanner module 2017-12-20 15:23:24 -06:00
Jeffrey Martin 7f8a5d3834
improved credential reporting 2017-12-20 15:09:11 -06:00
Jon Hart b4262662dc
Add missing mqtt login helper 2017-12-20 12:33:49 -08:00
Metasploit 66b1a555a1
Bump version of framework to 4.16.25 2017-12-18 16:33:25 -08:00
Nick Marcoccio be2a3ca270 edited sid comment 2017-12-18 08:18:02 -05:00
Nick Marcoccio f447fa1a12 Added DirectAdmin Login Utillity 2017-12-17 22:43:37 -05:00