Commit Graph

637 Commits (c63c225c9c2e6857db5908231e5a000d9619d5cf)

Author SHA1 Message Date
Craig Smith 53dbd03b35 Baud rate when supplied on the command line was not properly being converted to an integer. 2017-01-22 18:15:27 -08:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Pearce Barry 7df85a24aa
Initial Tools Hardware repo with ELM327 chipset as sample for HWBridg… 2017-01-19 22:23:57 -06:00
Brent Cook 4abc5a5a2f revert unrelated changes 2016-12-22 00:36:41 -06:00
James Lee 26d8738950
Drop names so we can remove dup addresses 2016-12-20 18:45:36 -06:00
Brent Cook e52d67cb8c add architecture check 2016-11-20 19:09:26 -06:00
Brent Cook 5b4f96eeac remove more refs 2016-09-20 14:31:28 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Pearce Barry 7b1d9596c7
Land #7068, Introduce 'mettle' - new POSIX meterpreter 2016-07-11 22:38:40 -05:00
Brent Cook a362d8b9c8 update payload test generator to work with MetasploitModules 2016-07-06 15:53:06 -05:00
Tod Beardsley 7a321c7350
Import, sign, and publish signed dev keys
This largely automates the process of importing developer keys,
much like `import-dev-keys.sh`, but also takes the additional, sadly
manual step of signing the key with your default key, and uploading
those keys to https://sks-keyservers.net.

In effect, you are stating that you trust keys published on keybase.io
and are listed as such on the official Metasploit-Framework development
wiki.

If your own default key either has no passphrase, or has a passphrase
cached in a keymanager, the process merely requires you hit `y` for
every key, and `y` again for keys with multiple IDs. Otherwise, you
will need to provide your passphrase for each signing. Temporarily
removing the passphrase alleviates this pain.

Of course, this assumes you actually trust the development wiki
and keybase to do the right thing. The tradition is to individually
verify each key through some personally invented means, such as in
person with a government ID check.

Note that `import-dev-keys.sh` currently lists a number of keys
not on Keybase, and that functionality has not been carried over
to this script.
2016-07-06 10:33:02 -05:00
Brent Cook f9f47f7a79 fix tools that need rex-text to function 2016-07-05 02:38:40 -05:00
x90" * 365 3fe4ffb225 Change default pattern length
Changed from 1024 to 8192 per previous version.
2016-07-03 16:08:54 -04:00
Brent Cook cc30ece6ce tell the user what to do 2016-06-14 11:54:55 -05:00
William Vu 3ed85b6b25 Add missing rank check to msftidy 2016-06-14 11:48:05 -05:00
Andrey 92b62d010f Update md5_lookup.rb
:)
2016-06-02 18:49:22 +03:00
Brent Cook 10dcc44e2d
Land #6446, Speedup pattern_create/offset options parsing 2016-05-14 09:50:19 -05:00
Brent Cook 680709c5f2 move requires into run 2016-05-14 09:50:02 -05:00
Brent Cook dd0d68a2b4 speed up options parsing (only require framework when running) 2016-05-14 09:47:08 -05:00
Brent Cook 057c25e188
Land #6446, Cleanup pattern_create/pattern_offset and document options 2016-05-13 22:09:35 -05:00
Brent Cook 7cfc4d4523 fix odd indentation and style issues 2016-05-13 22:06:18 -05:00
Brent Cook 901b793406 fix some minor indent and style issues 2016-05-13 21:51:54 -05:00
Brent Cook 7b83b06ad5 whitespace and remove useless comments 2016-05-13 21:45:41 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
x90" * 365 c3e618ad37 Update pattern_create.rb 2016-04-14 15:54:30 -04:00
x90" * 365 2a1831f4f2 Update pattern_offset.rb 2016-04-14 15:29:57 -04:00
x90" * 365 7f112c9c7d Update pattern_create.rb 2016-04-14 15:11:36 -04:00
x90" * 365 f9304fcc00 Update pattern_offset.rb 2016-04-14 15:11:02 -04:00
x90" * 365 a71d40d25b Update pattern_offset.rb
Test
2016-04-14 12:59:36 -04:00
wchen-r7 bc48ebd43b Use patch_finder for msu_finder 2016-03-29 23:21:01 -05:00
Spencer McIntyre 631e24c02b Update the msftidy warning for module class names 2016-03-16 13:31:24 -04:00
Brent Cook 558f810165
Land #6667, add a dev script for finding Metasploit release notes for modules 2016-03-13 14:03:54 -05:00
wchen-r7 69de3adf7a Fix a typo in the file name 2016-03-11 13:50:13 -06:00
wchen-r7 1546bf32ed Add a dev script to find Metasploit release notes
This script allows you to find the release notes of a:

* Pull request number for a bug fix, or a notable change.
* A module name (preferably just use the short name)
2016-03-11 13:44:38 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook 659af68b16
Land #6388, update msftidy check for new preferred Metasploit module base class 2016-03-06 17:12:20 -06:00
Brent Cook cc436fe438 update to new preferred base class for modules 2016-03-06 17:11:51 -06:00
Brent Cook e1db3ef369
Land #6388, Update msftidy to error when module super class is incorrect 2016-03-06 16:53:11 -06:00
William Vu 55724eb777 Set the exit status correctly 2016-03-02 09:39:23 -06:00
William Vu 538ee1ec36 Print a helpful message on LoadError 2016-03-02 09:39:23 -06:00
William Vu 92d4929b3d
Land #6543, msu_finder link update 2016-02-09 17:06:23 -06:00
Brent Cook bb556e5b87
Land #6529, added a file PR history exploration tool 2016-02-09 17:01:58 -06:00
Brent Cook 7fe61dce70 added support for GITHUB_OAUTH_TOKEN 2016-02-09 17:01:19 -06:00
wchen-r7 aaf1d2c312 Update downloadable link pattern for msu_finder 2016-02-07 12:26:37 -06:00
ghettoeinstein af3f6c4655 Update msu_finder.rb
Corrected spelling of "script"
2016-02-06 09:27:05 -08:00
wchen-r7 d5296d6150 Add documentation 2016-02-03 22:06:10 -06:00
wchen-r7 c82c147f31 Correct usage example 2016-02-03 21:53:22 -06:00
wchen-r7 8c8f4a39e8 Change to file_pull_requests.rb 2016-02-03 21:50:17 -06:00
wchen-r7 23fdadd31f chmod +x 2016-02-03 16:57:50 -06:00
wchen-r7 3ff2c98f99 Add tool module_pull_requests
This tool allows you to find all the rapid7/metasploit-framework
pull requests associated with a particular Metasploit module.
2016-02-03 16:53:03 -06:00
wchen-r7 4bd2be5dfa Add preserved_identifiers support 2016-01-28 14:36:42 -06:00
x90" * 365 7f726b1b66 Updated Requires
rex/text and msfevn
2016-01-07 00:55:45 -05:00
x90" * 365 e7dc3aa99c Added Argument Error Handling 2016-01-06 22:34:58 -05:00
x90" * 365 7e70cb6fe8 Re-write pattern_create layout and options
Updated pattern_create.rb to be more consistent other tools and modules in Metasploit.  Provided a usage example for undocumented custom set feature that allows removal of bad characters.

Usage: ./pattern_create.rb [options]
Example: ./pattern_create.rb -l 50 -s ABC,def,123
Ad1Ad2Ad3Ae1Ae2Ae3Af1Af2Af3Bd1Bd2Bd3Be1Be2Be3Bf1Bf

Specific options:
    -l, --length <length>            The length of the pattern
    -s, --sets <ABC,def,123>         Custom Pattern Sets
    -h, --help                       Show this message
2016-01-06 22:15:56 -05:00
x90" * 365 cedb4b7340 Update egghunter.rb msfenv requirements
On Stock Kali 2.0 (after apt-get upgrade), the following command errors ./egghunter.rb --list-formats.  Adding the require 'msfenv' to the file alleviates the issue.

root@kali:/usr/share/metasploit-framework/tools/exploit# ./egghunter.rb --list-formats
/usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- rkelly (LoadError)
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex/proto/http/response.rb:5:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex/proto/http.rb:4:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex/proto.rb:2:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/rex.rb:79:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/msf/core.rb:17:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/share/metasploit-framework/lib/msf/base.rb:17:in `<top (required)>'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from ./egghunter.rb:9:in `<main>'
2016-01-04 17:21:21 -05:00
Jon Hart 140637ef43
Refactor msftidy to allow easier stdout/stderr testing 2015-12-24 10:54:13 -08:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 6b0ae754bd
Anchor all regexen 2015-12-23 08:33:47 -08:00
Jon Hart 26fa916cc9
Update msftidy to error when module super class is incorrect
Fixes #6365
2015-12-22 13:38:31 -08:00
wchen-r7 467267b3be Fix #6260, add timeout and verbose option
Fix #6260
2015-11-19 11:30:16 -06:00
Jon Hart f34bf544d3
Update msftidy to flag authors with unbalanced angle brackets 2015-11-06 13:23:14 -08:00
William Vu a53df44c55 Move msftidy back to tools/dev
This is where it belongs.
2015-11-05 13:56:28 -06:00
wchen-r7 e0801b39ba Fix undef method has_key for module_references.rb tool
I made a typo. Should be has_key?, not has_key
2015-10-26 23:12:01 -05:00
Brent Cook 9d51abe4b5 fix msftidy link 2015-10-07 16:52:21 -05:00
wchen-r7 10dc637658 Fix typo 2015-10-06 16:16:58 -05:00
wchen-r7 97f07f1312 Fix base path 2015-10-06 10:30:52 -05:00
wchen-r7 540af3e5ae Move tools 2015-10-05 22:49:54 -05:00
jvazquez-r7 5a7ac8c29a
Land #6030, @wchen-r7's Microsoft Patch Finder 2015-10-02 13:33:27 -05:00
wchen-r7 c4bba0269c Change print_debug 2015-10-02 12:48:12 -05:00
wchen-r7 f97cd97fa5 Update documentation 2015-10-02 12:45:17 -05:00
wchen-r7 e226526dee Update help 2015-10-02 12:37:01 -05:00
jvazquez-r7 69f3d88ea6
Ensure uniq on #find_msb_numbers 2015-10-02 11:38:36 -05:00
jvazquez-r7 b107213a6e
Update documentation / TODO 2015-10-02 11:37:43 -05:00
jvazquez-r7 507f778056
Do some code reorganization with @wchen-r7 2015-10-02 11:35:06 -05:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
wchen-r7 418374b4b2 Regex -q 2015-10-01 10:21:31 -05:00
wchen-r7 dc3f1c84ed Update help 2015-10-01 01:01:02 -05:00
wchen-r7 0d7d6376c2 Follow the Google API limit 2015-10-01 00:54:15 -05:00
wchen-r7 4c1678ef5c I don't need i 2015-09-30 23:01:23 -05:00
wchen-r7 e2098822eb Update msu_finder and rspec 2015-09-30 23:00:46 -05:00
wchen-r7 bc1be7f213 some progress with rspec 2015-09-29 17:20:30 -05:00
wchen-r7 8f1999e227 Add dev tool MSFT MSU finder (msu_finder.rb)
You can use this tool to find MSFT patches. Please see -h for more
information.
2015-09-28 18:44:31 -05:00
wchen-r7 939999f43c Check \ 2015-09-16 13:43:11 -05:00
wchen-r7 eb018f3d29 No 7zip 2015-09-12 03:07:15 -05:00
wchen-r7 5480886927 Do absolute path 2015-09-09 22:00:35 -05:00
wchen-r7 ab1d61d80b Add MSU extractor
If you do patch test/analysis/diffing, you might find this tool
handy. This tool will automatically extract all the *.msu files,
and then you can search for the patched files you're looking for
quickly.

The workflow would be something like this:

1. You download the patches from:
   http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard

2. You put all the *.msu files in one directory.

3. Run this tool: extract_msu.bat [path to *.msu files]

4. The tool should extract the updates. After it's done, you can
   use Windows to search for the file(s) you're looking for.
2015-09-09 21:34:07 -05:00
HD Moore 1aa7c596ce
Land #5967, add PACKETSTORM reference types. 2015-09-01 23:25:26 -05:00
HD Moore 77f56c563b Land #5867, add PACKETSTORM reference types 2015-09-01 23:25:01 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
wchen-r7 eb47973533 Check debug.keystore 2015-08-24 15:08:45 -05:00
wchen-r7 8825db5c98 Add MSF APK installer
You can use this script to install your msf apk to your android
emulator.
2015-08-22 21:53:04 -05:00
Roberto Soares 495ca55a7b Added PacketStorm (PKT) for verification by msftidy 2015-08-20 00:41:55 -03:00
Roberto Soares 496e47a094 Added PacketStorm (PKT) in module_reference tool 2015-08-20 00:39:11 -03:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Brent Cook 3aab9aa74c move BSSID checker to tools, fixup rubocop warnings, add OS X example 2015-08-14 17:13:11 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
Roberto Soares 77f96769da Update msftidy. 2015-07-30 01:33:48 -03:00
Roberto Soares a687e71832 Added check for the WPVDB in msftidy. 2015-07-30 01:22:48 -03:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
Tod Beardsley ae73cd3c6c
Add a bash script to import dev keys
This merely makes it easy and fun to import all developer keys used over
the past year to your local GPG keychain. This will make the task of
reviewing merge commits for signedness much easier, especially if you
use a nicelog alias such as this one:

https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40

This does not handle automating checking for signatures as part of
Travis-CI -- for that, see PR #5337, a work in progress.
2015-05-13 10:29:55 -05:00
jvazquez-r7 46b678e9d2
Add msftidy check for datastore option DEBUG usage 2015-04-21 12:22:24 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 292087c849
Add check for modules registering a DEBUG option 2015-04-21 11:56:41 -05:00
jvazquez-r7 88ed8406d1
Add check for (v)print_debug to msftidy 2015-04-21 11:27:22 -05:00
William Vu 832487cad7 Consolidate on one check and fix false positives 2015-04-16 18:01:28 -05:00
Christian Mehlmauer 40f6b086c2
fix regex 2015-04-16 21:51:31 +02:00
Christian Mehlmauer 0815791fee
fix regex 2015-04-16 21:48:16 +02:00
Christian Mehlmauer af277195f5
check for valid values 2015-04-16 21:43:47 +02:00
Christian Mehlmauer 4469fcd9e8
add fail_with error 2015-04-16 20:04:08 +02:00
Tod Beardsley 72b9647b31
Land #5057, CVE fixups 2015-04-03 16:36:11 -05:00
sinn3r a333632a69 Add standalone tool for jsobfu 2015-04-03 11:30:23 -05:00
William Vu df0398f958 Update msftidy for the new CVE format
https://cve.mitre.org/cve/identifiers/syntaxchange.html
2015-03-31 22:15:33 -05:00
William Vu 376bf13f1e
Land #5000, tools/dev/add_pr_fetch.rb 2015-03-24 17:10:49 -05:00
William Vu aa1a3580b8 chmod +x tools/dev/set_binary_encoding.rb
Missed in #4875.
2015-03-24 17:10:31 -05:00
William Vu d3773aed55 Rename add-pr-remote.rb to add_pr_fetch.rb 2015-03-24 17:05:43 -05:00
Tod Beardsley 3dec83c1df
Utility for adding PR fetch refs 2015-03-24 10:20:34 -05:00
sinn3r 1910a6c6c5 Correct filename for missing-payload-tests.rb
missing-payload-tests.rb is not the correct file format we follow,
it should be missing_payload_tests.rb
2015-03-24 00:50:09 -05:00
Christian Mehlmauer 71c544c3c5
added newline at end of file 2015-03-24 06:19:27 +01:00
sinn3r 315948e403 Extra newline 2015-03-21 13:49:50 -05:00
sinn3r 848dc07020 var name needs a default 2015-03-21 12:20:29 -05:00
sinn3r f45e8f49eb Custom var name 2015-03-21 12:18:02 -05:00
sinn3r 2be5ae3bab Fix bugs 2015-03-21 12:14:00 -05:00
sinn3r 0ff114bcd6 use #!/usr/bin/env ruby 2015-03-20 23:48:13 -05:00
sinn3r e09f9ca0bc Provide an example 2015-03-20 20:55:30 -05:00
sinn3r 96bcdd211c Finished rspec 2015-03-20 20:53:04 -05:00
sinn3r 487ddfc09c no need for Interrupt 2015-03-20 16:39:00 -05:00
sinn3r 582bfdad64 explain arch 2015-03-20 16:37:42 -05:00
sinn3r 9ecfd36d9e comments 2015-03-20 16:34:58 -05:00
sinn3r 79a6f1cd09 fix option bug 2015-03-20 16:33:19 -05:00
sinn3r 6da216f3a4 More options 2015-03-20 16:30:29 -05:00
sinn3r af8f645d1c This starts to work 2015-03-20 16:15:43 -05:00
sinn3r fe267fb5a6 Here's a starting point 2015-03-20 14:15:14 -05:00
Brent Cook db56fcb1b8 update tools/missing-payload-tests to give correct advice
The template spec for new payloads needed updating to match the new cached
payload size spec.
2015-03-16 18:10:10 -05:00
William Vu cd992d5ea6
Land #4875, rm some old and crufty tools 2015-03-10 00:02:04 -05:00
William Vu ab70223107 Remove note about resplat.rb in msftidy 2015-03-10 00:00:29 -05:00
HD Moore 99e2b05597 Move the cache update logic into a utility class 2015-03-09 15:29:58 -05:00
HD Moore 8c635243d3 Fix whitespace in the regex, implements Msf::Payload.dynamic_size? 2015-03-09 13:15:06 -05:00
HD Moore 2e49791bef This implements payload size caching, speeding up framework loads 2015-03-07 20:44:19 -06:00
Tod Beardsley 0353602829
Add back set_binary_encoding.rb
[See #4875]
2015-03-05 12:05:05 -06:00
Tod Beardsley 4ad9638682
Remove some old and crufty /tools
It's possible someone still wants the Webscarab stand-alone importer,
but I cannot imagine that after years of bitrot that is even viable in
its current state.

The rest of them are all older development tools that are no longer
needed (normal vim/rubymine auto-formatting will do the trick).
2015-03-04 16:46:40 -06:00
sinn3r 0597d2defb
Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
William Vu c73892b721 Nuke datastore modification check from orbit 2015-02-11 12:46:40 -06:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00