Metasploit Framework

Go to file

RageLtMan 18f3815147 Update TLS certificate generation routines Msf relies on Rex::Socket to create TLS certificates for services hosted in the framework and used by some payloads. These certs are flagged by NIDS - snort sid 1-34864 and such. Now that Rex::Socket can accept a @@cert_provider from the Msf namespace, a more robust generation routine can be used by all TLS socket services, provided down from Msf to Rex, using dependencies which Rex does not include. This work adds the faker gem into runtime dependencies, creates an Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides API compatible method invocations with the Rex version, but able to generate higher entropy certs with more variables, options, etc. This should reduce the hit rate against NIDS on the wire, reducing pesky blue team interference until we slip up some other way. Also, with the ability to generate different cert types, we may want to look at extending this effort to probide a more comprehensive key oracle to Framework and consumers. Testing: None yet, internal tests pending. Travis should fail as this requires rex-socket #8.		2017-12-28 21:00:03 -05:00
.github	Add documentation requirement to PR template	2017-04-05 10:03:05 -04:00
app	Move shared example from pro into framework	2016-04-07 13:09:52 -05:00
config	Land #6556 , include Vagrant development environment provisioner	2016-06-09 09:55:37 -05:00
data	Merge branch 'upstream-master' into feature/mqtt-login	2017-12-22 08:07:40 -08:00
db	Bump version of framework to 4.13.11	2017-01-04 14:53:33 -08:00
docker	more docker work	2017-11-28 21:35:20 +01:00
documentation	fix documentation preformat blocks	2017-12-27 22:32:26 -06:00
external	apple_ios/aarch64/shell_reverse_tcp	2017-12-19 15:42:21 +08:00
lib	Update TLS certificate generation routines	2017-12-28 21:00:03 -05:00
modules	Merge branch 'upstream-master' into feature/mqtt-login	2017-12-27 13:08:44 -08:00
plugins	remove more instances of positive?	2017-08-02 12:47:34 -05:00
script	kill cucumber in framework	2017-07-12 08:00:29 -05:00
scripts	remove more unusual raise RuntimeError patterns	2017-11-01 05:59:12 -05:00
spec	Add new method for fetching parsed cookies from an HTTP response	2017-12-20 16:19:44 -08:00
test	use https for metaploit.com links	2017-07-24 06:26:21 -07:00
tools	iOS meterpreter	2017-12-12 23:23:21 +08:00
.dockerignore	more docker work	2017-11-28 21:35:20 +01:00
.gitignore	more docker work	2017-11-28 21:35:20 +01:00
.gitmodules	Add RDI submodule, port Kitrap0d	2013-11-27 16:04:41 +10:00
.mailmap	refine rageltman, add rwhitcroft	2016-12-22 00:58:58 -06:00
.rspec	Add modern --require to .rspec	2014-10-08 10:55:40 -05:00
.rubocop.yml	disable redundant return warning, update a couple others	2017-08-13 23:51:52 -04:00
.ruby-gemset	Remove gitignore, change to metasploit-framework	2013-09-13 12:44:19 -05:00
.ruby-version	bump Ruby to 2.4.2, fix security issues	2017-09-23 21:12:12 -04:00
.simplecov	Remove fastlib	2014-09-18 15:24:21 -05:00
.travis.yml	make travis build the image again	2017-11-28 21:59:26 +01:00
.yardopts	remove HACKING from yardopts	2017-09-07 02:35:56 -05:00
CODE_OF_CONDUCT.md	Add individual contacts	2016-01-13 10:35:39 -06:00
CONTRIBUTING.md	update references to sourceforge ML	2017-08-20 13:23:54 -05:00
COPYING	Updated COPYING	2017-01-17 12:36:26 +10:00
Dockerfile	more docker work	2017-11-28 21:35:20 +01:00
Gemfile	restrict aggregator on arm for now	2017-10-18 13:21:02 -05:00
Gemfile.local.example	update Gemfile.local example, use Gemfile.local if it exists when bundling	2017-04-30 10:57:55 -05:00
Gemfile.lock	Land #9329 , Add basic framework for interacting with MQTT	2017-12-27 14:59:34 -06:00
LICENSE	Update LICENSE for mysql_udf_payload	2017-12-21 21:03:22 -06:00
LICENSE_GEMS	Update rex-exploitation to 0.1.15	2017-10-11 14:09:35 -05:00
README.md	add docker pull badge to readme	2017-12-06 20:34:40 +01:00
Rakefile	trying rspec-retry	2017-06-20 14:02:32 -05:00
Vagrantfile	fix #8693 , update Vagrant to latest rvm syntax	2017-07-10 21:41:50 -05:00
docker-compose.override.yml	more docker work	2017-11-28 21:35:20 +01:00
docker-compose.yml	more docker work	2017-11-28 21:35:20 +01:00
metasploit-framework.gemspec	Update TLS certificate generation routines	2017-12-28 21:00:03 -05:00
msfconsole	Move service stub in x86 encoder to be easily used.	2016-06-23 14:56:03 +02:00
msfd	Removing unnecessary spaces	2017-09-12 10:00:18 -03:00
msfrpc	Removing unnecessary spaces	2017-09-12 10:00:18 -03:00
msfrpcd	Removing unnecessary spaces	2017-09-12 10:00:18 -03:00
msfupdate	update specs	2017-05-27 00:34:12 -05:00
msfvenom	Removing unnecessary spaces	2017-09-12 10:00:18 -03:00

README.md

Metasploit

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from: https://metasploit.com

Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework

New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api

Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

Installing

Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading Metasploit Unleashed, the great community resources, or the wiki.

Contributing

See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.