Metasploit Framework

Go to file

Brent Cook bbb41c39b8 fix backward meterpreter packet timeout logic The current logic times out every packet almost immediately, making it possible for almost any non-trivial meterpreter session to receive duplicate packets. This causes problems especially with any interactions that involve passing resource handles or pointers back and forth between MSF and meterpreter, since meterpreter can be told to operate on freed pointers, double-closes, etc. This probably fixes tons of heisenbugs, including #3798. To reproduce this, I enabled all debug messages in meterpreter to slow it down, then ran this RC script with a reverse TCP meterpreter, after linking in the test modules: (cd modules/post ln -s ../../test/modules/post/test) die.rc: use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set lhost 192.168.43.1 exploit -j sleep 5 use post/test/services set SESSION 1 run		2014-12-29 08:15:51 -06:00
app	turn nil publics and privates into blanks	2014-09-05 16:06:58 -05:00
config	Disable simplecov on travis-ci	2014-12-05 11:58:09 -06:00
data	Remove references to Redmine in code	2014-12-19 17:27:08 -06:00
db	Update db/schema.rb	2014-11-14 09:39:26 -06:00
documentation	Restore the hallowed developer's guide	2014-12-03 16:50:18 -06:00
external	Readd block_hidden_bind_tcp.asm	2014-12-22 11:13:07 -06:00
features	Disable simplecov on travis-ci	2014-12-05 11:58:09 -06:00
lib	fix backward meterpreter packet timeout logic	2014-12-29 08:15:51 -06:00
modules	Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349 .	2014-12-23 22:36:11 -06:00
plugins	Fix event handlers on ruby 2	2014-12-11 20:08:45 -06:00
script	rails generate cucumber:install	2014-08-27 14:10:04 -05:00
scripts	Merge code in from #2395	2014-12-12 16:22:51 -06:00
spec	Add bind_hidden_tcp to payload spec	2014-12-22 10:37:46 -06:00
test	Fix up comment splats with the correct URI	2014-10-17 11:47:33 -05:00
tools	Remove references to Redmine in code	2014-12-19 17:27:08 -06:00
.gitignore	Also .gitignore the source directory for metakitty	2014-12-03 16:12:30 -06:00
.gitmodules	…
.mailmap	Add and sort other contributors in mailmap	2014-12-19 13:41:06 -06:00
.rspec	Add modern --require to .rspec	2014-10-08 10:55:40 -05:00
.rubocop.yml	Reapply PR #4113 (removed via #4175 )	2014-11-11 15:06:43 -06:00
.ruby-gemset	Restoring ruby and gemset files	2014-05-20 10:17:00 -05:00
.ruby-version	Oh good, another Ruby version bump	2014-11-14 17:28:16 -06:00
.simplecov	Remove fastlib	2014-09-18 15:24:21 -05:00
.travis.yml	Remove references to Redmine in code	2014-12-19 17:27:08 -06:00
.yardopts	update .yardopts	2014-07-24 13:59:04 -05:00
CONTRIBUTING.md	Missed one in CONTRIBUTING.md	2014-12-19 17:32:28 -06:00
COPYING	With 66 days left in 2014, may as well update	2014-10-27 23:07:57 -05:00
Gemfile	Disable simplecov on travis-ci	2014-12-05 11:58:09 -06:00
Gemfile.local.example	Fix example Gemfile.local to work with existing	2014-06-24 00:00:47 -05:00
Gemfile.lock	Updating lockfile post MDM version bump	2014-12-19 20:58:09 -06:00
HACKING	Update link for The Metasploit Development Environment	2014-07-15 10:16:47 -05:00
LICENSE	Remove fastlib	2014-09-18 15:24:21 -05:00
README.md	Normalize links to metakitty, unleashed, and wiki	2014-12-20 12:53:34 -06:00
Rakefile	Merge branch 'feature/MSP-11130/metasploit-framework-spec-constants' into feature/MSP-11147/thread-leak-detection	2014-11-05 15:47:59 -06:00
metasploit-framework-db.gemspec	Lands #4436 , latest version of MDM	2014-12-19 20:56:02 -06:00
metasploit-framework-full.gemspec	Make the version constraint a range	2014-12-19 13:54:13 -06:00
metasploit-framework-pcap.gemspec	Depend on metasloit-framework in optional gemspecs	2014-11-05 12:33:44 -06:00
metasploit-framework.gemspec	Make the version constraint a range	2014-12-19 13:54:13 -06:00
msfbinscan	Fix typo in msfbinscan	2014-12-18 02:43:24 +01:00
msfcli	Add deprecation warning to msfcli, 6 months	2014-12-18 09:39:50 -06:00
msfconsole	Use Rex::Compat.open_file to open profiling report	2014-09-19 11:13:28 -05:00
msfd	Remove fastlib	2014-09-18 15:24:21 -05:00
msfelfscan	Remove fastlib	2014-09-18 15:24:21 -05:00
msfencode	Add a link to PR #4333 in the message	2014-12-09 13:04:35 -06:00
msfmachscan	Remove fastlib	2014-09-18 15:24:21 -05:00
msfpayload	Add a link to PR #4333 in the message	2014-12-09 13:04:35 -06:00
msfpescan	Remove fastlib	2014-09-18 15:24:21 -05:00
msfrop	Remove fastlib	2014-09-18 15:24:21 -05:00
msfrpc	Remove fastlib	2014-09-18 15:24:21 -05:00
msfrpcd	Remove call to legacy db.sink queue, closes #4244	2014-11-22 17:19:12 -06:00
msfupdate	…
msfvenom	Well, should be -1	2014-12-19 16:36:05 -06:00

README.md

Metasploit

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from https://metasploit.com/

Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework

API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api

Questions and suggestions can be sent to: https://lists.sourceforge.net/lists/listinfo/metasploit-hackers

Installing

Generally, you should use the free installer which contains all dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading Metasploit Unleashed, the great community resources, or the wiki.

Contributing

See the Dev Environment Setup guide on GitHub which will walk you through the whole process starting from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more info, see Contributing.