18f3815147
Msf relies on Rex::Socket to create TLS certificates for services hosted in the framework and used by some payloads. These certs are flagged by NIDS - snort sid 1-34864 and such. Now that Rex::Socket can accept a @@cert_provider from the Msf namespace, a more robust generation routine can be used by all TLS socket services, provided down from Msf to Rex, using dependencies which Rex does not include. This work adds the faker gem into runtime dependencies, creates an Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides API compatible method invocations with the Rex version, but able to generate higher entropy certs with more variables, options, etc. This should reduce the hit rate against NIDS on the wire, reducing pesky blue team interference until we slip up some other way. Also, with the ability to generate different cert types, we may want to look at extending this effort to probide a more comprehensive key oracle to Framework and consumers. Testing: None yet, internal tests pending. Travis should fail as this requires rex-socket #8. |
||
---|---|---|
.github | ||
app | ||
config | ||
data | ||
db | ||
docker | ||
documentation | ||
external | ||
lib | ||
modules | ||
plugins | ||
script | ||
scripts | ||
spec | ||
test | ||
tools | ||
.dockerignore | ||
.gitignore | ||
.gitmodules | ||
.mailmap | ||
.rspec | ||
.rubocop.yml | ||
.ruby-gemset | ||
.ruby-version | ||
.simplecov | ||
.travis.yml | ||
.yardopts | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
COPYING | ||
Dockerfile | ||
Gemfile | ||
Gemfile.local.example | ||
Gemfile.lock | ||
LICENSE | ||
LICENSE_GEMS | ||
README.md | ||
Rakefile | ||
Vagrantfile | ||
docker-compose.override.yml | ||
docker-compose.yml | ||
metasploit-framework.gemspec | ||
msfconsole | ||
msfd | ||
msfrpc | ||
msfrpcd | ||
msfupdate | ||
msfvenom |
README.md
Metasploit
The Metasploit Framework is released under a BSD-style license. See COPYING for more details.
The latest version of this software is available from: https://metasploit.com
Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework
New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1
API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api
Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list
Installing
Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.
Using Metasploit
Metasploit can do all sorts of things. The first thing you'll want to do
is start msfconsole
, but after that, you'll probably be best served by
reading Metasploit Unleashed, the great community
resources, or the wiki.
Contributing
See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.