This is an experiment to see what it would take to convert *all* option
assignment, parsing, and validation to use Ruby's builtin optparse. Our
current situation in the command dispatchers is a mishmash of bespoke
and Rex code, both with odd behaviors. Modules use a more formalized
system, but it is also a bit janky and unlike most other tools a
pentester might use.
The first step is to refactor the console commands to use Ruby's builtin
option parsing to reduce code and increase homogeneity among the various
functions. Next we plan to explore what it would take to invoke modules
from within Metasploit this way (this would be Metasploit 5+ only).
Refactoring `grep` seems to have been a success. There is now less code;
the code that declares and handles the options are now in the same
place; long options are now supported; adjacent, argument-less short
opts now work as expected; patterns can now begin with a `-`; and option
arguments are now validated. Additionally, optparse's argument
coercion/validation code can be extended for custom types/validations to
support more specialized commands.
Add authentication to MsfServlet as a simple workaround to an issue
that occurs when data_services cmd is used to add a remote service
that requires an API token and no token or an invalid token are
provided.
Previously an authentication failure message would indicate that the
error was permissions related yet the error code remained 401. The fix
allows the Authentication::Strategies classes to specify an error code
that is returned to the user.
Shelby Pace
h00die
Metasploit
Wei Chen
James Barnett
William Vu
bwatters-r7
Jacob Robles
Brendan Coles
Adam Cammack
asoto-r7
Brent Cook
Matthew Kienow
Tim W