L
645a4c6d26
Remove ysoserial JRMPClient && JRMPListener payload
2020-04-27 10:50:09 -05:00
L
d7768c3476
fixed tools/payloads/ysoserial/find_ysoserial_offsets.rb
2020-04-27 10:49:25 -05:00
L
7576a9d1c3
Support ysoserial alongside ysoserial-modified payload (including cmd, bash, powershell, none)
2020-04-27 10:48:53 -05:00
L
d39b1c911d
Fix bug of find_bysoserial_offsets
2020-04-27 10:48:04 -05:00
Tod Beardsley
ec10216f6b
Fix broken link to broken PKS for key verification
2020-04-26 11:12:06 -05:00
William Vu
21653f09c2
Fix bad regex in ZDI reference check for msftidy
2020-04-23 00:47:52 -05:00
Josh
2c80859564
ZDI Public Numbers can be 4 digits, ZDI-19-1045
...
Also, technically, ZDI Public Numbers will always have a min of 3 digits.
The number is essentially `"num_as_string".ljust(3, '0')`, so this should be {3,4}
or {3,5} if they ever get that high ;) I could find no ZDI- references or similar that
only had 2 digits in the last number part
references:
https://www.zerodayinitiative.com/advisories/ZDI-19-1045/
https://www.zerodayinitiative.com/advisories/ZDI-05-001/
2020-04-22 14:46:21 -05:00
tperry-r7
62dd03c348
Land #13188 new msftidy_docs
...
Land #13188 new msftidy_docs. Change Options from bold to h3 instead.
2020-04-06 10:08:06 -05:00
Brent Cook
8451c1345b
Land #10579 , add sharphound post module, upstream updating tool
2020-04-03 09:10:40 -05:00
Brent Cook
b18a2fd463
Support inline transforms on tools, make some code snazzier
2020-04-02 21:32:10 -05:00
Brent Cook
f2d3cdca4b
make check_external_scripts executable
2020-04-02 21:11:09 -05:00
h00die
f3ebd26e73
add rhosts
2020-04-02 19:19:10 -04:00
h00die
f9ecbc2179
new tidy_docs checks
2020-04-02 19:10:39 -04:00
Adam Galway
556af54850
Land #13176 , issue_finder ignores bad python files
2020-03-31 13:19:41 +01:00
h00die
2c11ea84e7
remove bad python files from issue_finder
2020-03-30 22:48:10 -04:00
Auxilus
c000ced363
update nasm_shell.rb
2020-03-25 02:21:08 +05:30
Auxilus
e517948f11
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into patch-5
2020-03-25 02:15:56 +05:30
h00die
f5c4f593f5
check for more default instructional text
2020-03-24 09:51:21 -04:00
h00die
e7da6e77a5
remove and check for instruction text
2020-03-24 09:15:04 -04:00
Auxilus
b090bb53cf
make makeiplist and nasm_shell tools faster
2020-03-21 19:07:21 +05:30
Auxilus
ccfb1b92b6
make tools/exploit/pattern_* faster
2020-03-21 00:12:15 +05:30
William Vu
e643afb681
Fix find_ysoserial_offsets.rb and prettify JSON
2020-03-13 14:22:32 -05:00
Jeffrey Martin
cda9fd2a08
lock license_finder at 5.11.1 due to bundler 2.x
2020-02-28 08:57:19 -06:00
h00die
c0e34581f2
add external script checker
2020-02-08 15:59:32 -05:00
William Vu
793d5c3342
chmod +x tools/dev/msftidy_docs.rb
...
a099481f66
failed to do so.
2020-02-06 19:21:07 -06:00
h00die
bd48588fd5
catch false positive spaces at eol from code indent
2020-01-28 14:28:18 -05:00
h00die
0c13102432
long lines ok in code blocks
2020-01-22 21:08:32 -05:00
h00die
a099481f66
fix logic bug and chmod +x
2020-01-22 19:24:01 -05:00
h00die
322b3f8a8b
msftidy_docs first add
2020-01-22 17:39:48 -05:00
Brent Cook
ce991071e4
Land #12524 , update most python code with python 3 compatibility
2019-12-23 14:49:08 -06:00
Brent Cook
20e6568f00
revert killerbee to python2
2019-12-20 09:44:29 -06:00
Brendan Coles
ddf9cf71ab
Add check_executable check to msftidy
2019-11-30 07:25:27 +00:00
Cristina Muñoz
311b03af93
Action remainder of code review changes.
...
- Revert files that will only run as python2.
- Remove superfluous calls to list()
- Other minor cleanup
2019-11-01 19:24:22 -07:00
Cristina Muñoz
8563a29003
Convert all python code to python3. Fixes #12506 .
2019-10-31 14:16:14 -07:00
Shelby Pace
42b251be01
generate random c within compile_random_c
2019-10-18 08:28:25 -05:00
Shelby Pace
3c50f3d54e
add generate_random_c method
2019-10-15 12:50:58 -05:00
h00die
5084e59ee5
add links
2019-10-06 18:13:52 -04:00
h00die
c9cde76842
additional cleanup
2019-10-02 21:03:00 -04:00
h00die
cbc7d1e6aa
add headings, run date, tab to space
2019-09-28 12:03:51 -04:00
hkerma
98c9654d19
created a 'docs' directory in /tools. Added a tool to find missing documentations and/or modules
2019-09-18 16:09:53 +02:00
William Vu
e3463d0cd8
Prefer Rex::Text.dehex over Rex::Text.hex_to_raw
2019-08-14 20:32:30 -05:00
James Lee
760f4fc25d
Fix typo, full_name -> fullname
2019-08-12 19:30:43 -05:00
Brent Cook
0308f80c0e
fix Failure scoping (needed for libraries)
2019-04-08 09:57:22 -05:00
William Vu
c1758037b9
Include only common module types in Authors check
2019-03-29 10:44:22 -05:00
Pearce Barry
20f868c15c
Complain loudly if module has no 'Author' metadata.
2019-03-26 13:27:57 -05:00
Brent Cook
8d069e4888
Land #11446 , add msftidy support for SideEffects Stability Reliability check
2019-02-25 11:25:04 -06:00
Brent Cook
8cc3070cc8
don't require whitespace
2019-02-25 11:24:30 -06:00
Jeffrey Martin
5bd34e7d4c
cleaner read of JSON cache
2019-02-21 23:20:43 -06:00
Jeffrey Martin
98e95eeb18
remove unused imports and vars
2019-02-21 23:14:55 -06:00
Jeffrey Martin
dd864e8f6e
enhance -f for `evasion` type
2019-02-21 23:11:39 -06:00
Jeffrey Martin
dcaf477097
support -f from JSON
2019-02-21 23:10:07 -06:00
Jeffrey Martin
1bae9ccf31
update module authors to consume JSON cache
2019-02-21 22:56:04 -06:00
Jacob Robles
c09c15649f
SideEffects Stability Reliability check
2019-02-21 12:38:26 -06:00
Brent Cook
5fc7167beb
Merge remote-tracking branch 'upstream/master' into land-10812-
2019-02-07 09:31:02 -06:00
Brent Cook
46d7ab9795
don't refer to non-existent idx
2019-02-07 00:42:28 -06:00
Brendan Coles
d38e12c124
Add URL scheme and Base64.encode64 checks to msftdiy
2019-02-04 21:16:01 +00:00
Wei Chen
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
Wei Chen
85555b81c4
Update code for Ruby coding style standards
2019-01-15 17:08:54 -06:00
asoto-r7
ddd9ab2041
Fixed an off-by-one error in the fingerprinting randomization
2019-01-14 17:42:59 -06:00
Matthew Kienow
5e28bccda9
Move msfdb_ws since it is deprecated by msfdb
2019-01-09 23:40:02 -05:00
asoto-r7
ddebc291f2
Added partial 'ysoserial-modified' support, along with debug flags
2019-01-04 16:43:06 -06:00
asoto-r7
7557624c00
ysoserial: Generated more compact JSON and renamed script
2018-12-18 15:42:50 -06:00
asoto-r7
349a366e84
ysoserial: Changes from code review
2018-12-17 15:41:31 -06:00
asoto-r7
fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads
2018-12-14 12:51:08 -06:00
William Vu
2b231d33e5
Add comment clarifying why we need the day for ISO
2018-11-16 13:25:01 -06:00
William Vu
2302acaab7
Accept ISO 8601 DisclosureDate with compatibility
...
Zalgo.
2018-11-16 12:03:01 -06:00
William Vu
f25d7dbaa8
Revert Date.parse check for DisclosureDate
...
An approximation of https://en.wikipedia.org/wiki/Robustness_principle .
2018-11-16 11:48:44 -06:00
William Vu
d65ba41e31
Use non-greedy regex against DisclosureDate
...
Zalgo. He comes.
wvu@kharak:~/metasploit-framework:bug/msftidy$ tools/dev/msftidy.rb modules/exploits/unix/webapp/jquery_file_upload.rb
"Oct 9 2018', # Larry"
wvu@kharak:~/metasploit-framework:bug/msftidy$
2018-11-16 11:40:12 -06:00
William Vu
3dd47b34b0
Rework DisclosureDate check to match core code
...
Framework core uses Date.parse, so many date formats are valid.
There is no reason we shouldn't be using ISO 8601 dates.
2018-11-16 11:05:47 -06:00
William Vu
a30403dbfe
Improve DisclosureDate regex
2018-11-16 03:46:51 -06:00
William Vu
02bb2d45d3
Make day in DisclosureDate optional for msftidy
...
Defaults to the first day of the month.
2018-11-16 03:00:39 -06:00
Christopher Krause
ea0ba6b7a7
fix: google geolocation recon script
2018-11-02 05:52:54 +01:00
Green-m
7b1b2198cb
resolve confiict.
2018-10-17 17:33:01 +08:00
Green-m
941b015525
Add shebang.
2018-10-17 16:23:56 +08:00
William Vu
0b8926715e
Reactively check for invalid module names
2018-10-10 14:33:59 -05:00
Tim W
f2ebdd4cdf
add apple_ios/armle/meterpreter/reverse_tcp
2018-10-10 17:39:51 +08:00
Wei Chen
b012fa1275
Update msftidy
2018-10-06 15:59:05 -05:00
William Vu
2186322134
Stop being an idiot about the regex and rewrite it
...
There was no reason to shoehorn in zero-length assertions.
2018-10-05 13:50:19 -05:00
William Vu
05ac3875bc
Improve check_snake_case_filename check in msftidy
...
We also remove the separator, since the file is basenamed.
2018-10-05 11:55:17 -05:00
Erin Bleiweiss
e753eddb6b
Ignore 'No CVE' warning if NOCVE reason was provided in notes
2018-08-31 16:53:44 -05:00
Christian Mehlmauer
69d321000e
check double quotes
2018-08-29 06:49:37 +02:00
Christian Mehlmauer
31d4d4f5ff
expand check
2018-08-29 06:42:01 +02:00
Christian Mehlmauer
7431ae401b
fix more errors
2018-08-28 13:49:31 +02:00
Christian Mehlmauer
a66556b436
fix msftidy errors
2018-08-28 13:12:43 +02:00
Christian Mehlmauer
1381e1f3e0
also check https
2018-08-27 21:44:42 +02:00
Brendan Coles
9725e90ba7
Fix msftdiy EDB link check
2018-08-26 04:18:38 +00:00
Jacob Robles
2833330f21
Land #10365 , script allows you to find modules without a specific reference
2018-07-26 09:54:58 -05:00
Wei Chen
8c84295752
Use full name instead of short to reduce FP
2018-07-24 13:00:59 -05:00
Wei Chen
08b0ea9bde
Clean up option
2018-07-24 12:57:58 -05:00
Wei Chen
8a4e831ad2
display full name
2018-07-24 12:38:24 -05:00
Wei Chen
5955e3e42d
Do some logging to track progress
2018-07-24 11:43:29 -05:00
Wei Chen
1c33c489d6
rm r7 blog ref because URL ref can do the same thing too
2018-07-24 11:05:54 -05:00
Wei Chen
a7284cfff1
Check file path for db
2018-07-24 10:54:24 -05:00
Wei Chen
f6538c4cd7
Have a way to able to ignore certain modules
2018-07-24 10:28:07 -05:00
Wei Chen
a70c85580b
Add a script to find CVEs based on existing references
2018-07-24 10:23:24 -05:00
Wei Chen
1049deba70
This script allows you to find modules without a specific reference
2018-07-23 22:25:36 -05:00
asoto-r7
e9a2a1cdae
Land #10307 , Add missing CVE check to msftidy
2018-07-18 18:09:20 -05:00
Brent Cook
08290b81c0
Land #10282 , Add support for running external modules outside of msfconsole
2018-07-18 17:38:40 -05:00
William Vu
0b0a9bfd32
Remove check_sock_get from run_checks
2018-07-18 09:47:17 -05:00
William Vu
b78a0878b8
Upgrade info checks to warning
...
Also nix get vs. get_once check, since it's inconsistent in practice.
2018-07-18 00:05:48 -05:00
William Vu
ae9677c1c2
Rework msftidy retvals
...
INFO should not be an error. Also prevent retval overflow.
2018-07-17 18:11:16 -05:00
William Vu
d355f51969
Switch warn to info
...
Nothing to warn about, just something to note and check.
2018-07-13 14:55:17 -05:00
William Vu
b8bdceccb8
Add missing CVE check to msftidy
2018-07-13 14:19:00 -05:00
Jacob Robles
f30c4e0465
Land #10226 , Add code randomization capabilities to Metasploit::Framework::Compiler
2018-07-12 11:20:04 -05:00
Adam Cammack
0dd89bf428
Add standalone runner for external modules
2018-07-10 10:24:07 -05:00
Wei Chen
922081d87e
Make sure module_reference is able to continue loading rb modules
2018-07-06 14:58:43 -05:00
Wei Chen
a60fc3dc00
Fix code based on feedback from Jacob
2018-07-06 00:00:28 -05:00
Wei Chen
856b7e3d0c
Remove randomized_compile_c
2018-06-29 00:09:28 -05:00
Wei Chen
38b2a21e90
Add random_compile_c
2018-06-29 00:08:32 -05:00
Wei Chen
8e058dd1a5
Rename file
2018-06-27 00:09:36 -05:00
Wei Chen
dcaa623075
make random compiling work
2018-06-27 00:09:04 -05:00
Wei Chen
823647fbe1
Add compile_random_c func && support optional func collection
2018-06-25 16:50:05 -05:00
Wei Chen
90bc7d2294
Update randomizer for progress
2018-06-22 18:22:29 -05:00
Brent Cook
f12e106137
refresh standalone psexec a bit
2018-05-07 00:24:38 -05:00
Brent Cook
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
Brent Cook
26e732d8a1
make memdump executable again
2018-04-01 23:25:45 -05:00
Brent Cook
bd8a1f1377
remove list_interfaces, it's part of the network_interface gem
2018-03-29 11:50:36 -05:00
Adam Cammack
71149e9c68
Remove executable Ruby files from classic loading
2018-03-23 14:49:06 -05:00
g0tmi1k
a0cbb898a3
Fix up makeiplist.rb, so empty arguments doesn't error out
2018-03-20 12:51:15 +00:00
g0tmi1k
8463ed99b0
Add standardised header comments
2018-03-20 11:33:34 +00:00
g0tmi1k
90251f3e6c
Add python extension
2018-02-09 15:13:30 +00:00
g0tmi1k
e1a47cd124
Set permissions on ./tools/*.{rb,exe,sh}
2018-02-09 15:13:09 +00:00
Brent Cook
6aebc1fdbd
remove more checks
2018-01-22 16:40:30 -06:00
Brent Cook
387f78c6a3
allow UTF-8 module names and authors
2018-01-12 01:51:05 -05:00
Tim
c4e20e01e3
iOS meterpreter
2017-12-12 23:23:21 +08:00
Brent Cook
56eb828cc5
add e500v2 payloads
2017-10-30 14:04:10 -05:00
Christian Mehlmauer
7578913058
rework msftidy exit codes
2017-09-15 10:27:04 +02:00
h00die
a1583de055
added pound shebang to vxencrypt
2017-09-14 10:09:31 -04:00
heitor.gouvea@ima.sp.gov.br
1c44406e94
Removing unnecessary spaces
2017-09-12 10:00:18 -03:00
h00die
8f05f7eeb6
add tool to dump descriptions
2017-08-24 21:41:46 -04:00
Brent Cook
33e134418a
rename decode methods as well, keep this working for ruby X.X
2017-08-17 03:27:12 -04:00
Brent Cook
7a1a5d2658
don't override standard string 'encode' methods
2017-08-17 03:20:45 -04:00
Brent Cook
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
Brent Cook
cc3168933f
update mettle payloads, template generator
2017-07-18 13:13:38 -05:00
Brent Cook
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
Brent Cook
577f4da498
add LICENSE_GEMS generation tool, update licenses
2017-05-10 16:19:03 -05:00
Brent Cook
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
William Vu
f718ea0dc7
Add self.class check for register_*
2017-04-26 03:56:06 -05:00
William Vu
f25d7dce54
Add check for require 'msf/core'
2017-04-26 02:54:02 -05:00
William Vu
228de518f0
Remove horrid title casing check
2017-04-26 02:53:59 -05:00
Pearce Barry
fc3a880c0d
Land #8214 , Fix ELM327 ISOTP commands
2017-04-19 15:05:12 -05:00
Brent Cook
a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
Stefan Schake
910d34a64b
Fix ELM327 ISOTP commands
2017-04-10 12:57:07 +02:00
William Vu
8549ec9fe3
Update $std{out,err} fix for msftidy
2017-04-06 17:54:07 -05:00
Bryan Chu
b25f549f32
Fix msftidy false +ves for quote-enclosed stdouts
...
Combined old regex in next if statement with a new one
Now catches stdouts enclosed in quotes on a single line
2017-03-27 18:29:58 -04:00
Javier Godinez
bb3f69e1e1
now running aggregator under screen
2017-03-24 22:33:04 -07:00
Pearce Barry
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
William Vu
f9ecefe465
Land #8031 , nil fixes for HWBridge
2017-03-19 22:37:28 -05:00
Javier Godinez
66c3154745
Initial commit of instance launcher userdata
2017-03-18 21:52:49 -07:00
Pearce Barry
095a110e65
Code and doc tweaks (minor).
...
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00