dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
71,587 Commits 10 Branches 885 Tags 1.3 GiB
Commit Graph

799 Commits

Author SHA1 Message Date
L 645a4c6d26 Remove ysoserial JRMPClient && JRMPListener payload 2020-04-27 10:50:09 -05:00
L d7768c3476 fixed tools/payloads/ysoserial/find_ysoserial_offsets.rb 2020-04-27 10:49:25 -05:00
L 7576a9d1c3 Support ysoserial alongside ysoserial-modified payload (including cmd, bash, powershell, none) 2020-04-27 10:48:53 -05:00
L d39b1c911d Fix bug of find_bysoserial_offsets 2020-04-27 10:48:04 -05:00
Tod Beardsley ec10216f6b
Fix broken link to broken PKS for key verification 2020-04-26 11:12:06 -05:00
William Vu 21653f09c2 Fix bad regex in ZDI reference check for msftidy 2020-04-23 00:47:52 -05:00
Josh 2c80859564
ZDI Public Numbers can be 4 digits, ZDI-19-1045 
Also, technically, ZDI Public Numbers will always have a min of 3 digits.
The number is essentially `"num_as_string".ljust(3, '0')`, so this should be {3,4}
or {3,5} if they ever get that high ;) I could find no ZDI- references or similar that
only had 2 digits in the last number part

references:
https://www.zerodayinitiative.com/advisories/ZDI-19-1045/
https://www.zerodayinitiative.com/advisories/ZDI-05-001/
 2020-04-22 14:46:21 -05:00
tperry-r7 62dd03c348
Land #13188 new msftidy_docs 
Land #13188 new msftidy_docs. Change Options from bold to h3 instead.
 2020-04-06 10:08:06 -05:00
Brent Cook 8451c1345b
Land #10579, add sharphound post module, upstream updating tool 2020-04-03 09:10:40 -05:00
Brent Cook b18a2fd463 Support inline transforms on tools, make some code snazzier 2020-04-02 21:32:10 -05:00
Brent Cook f2d3cdca4b make check_external_scripts executable 2020-04-02 21:11:09 -05:00
h00die f3ebd26e73 add rhosts 2020-04-02 19:19:10 -04:00
h00die f9ecbc2179 new tidy_docs checks 2020-04-02 19:10:39 -04:00
Adam Galway 556af54850
Land #13176, issue_finder ignores bad python files 2020-03-31 13:19:41 +01:00
h00die 2c11ea84e7 remove bad python files from issue_finder 2020-03-30 22:48:10 -04:00
Auxilus c000ced363 update nasm_shell.rb 2020-03-25 02:21:08 +05:30
Auxilus e517948f11 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into patch-5 2020-03-25 02:15:56 +05:30
h00die f5c4f593f5 check for more default instructional text 2020-03-24 09:51:21 -04:00
h00die e7da6e77a5 remove and check for instruction text 2020-03-24 09:15:04 -04:00
Auxilus b090bb53cf make makeiplist and nasm_shell tools faster 2020-03-21 19:07:21 +05:30
Auxilus ccfb1b92b6 make tools/exploit/pattern_* faster 2020-03-21 00:12:15 +05:30
William Vu e643afb681 Fix find_ysoserial_offsets.rb and prettify JSON 2020-03-13 14:22:32 -05:00
Jeffrey Martin cda9fd2a08
lock license_finder at 5.11.1 due to bundler 2.x 2020-02-28 08:57:19 -06:00
h00die c0e34581f2 add external script checker 2020-02-08 15:59:32 -05:00
William Vu 793d5c3342 chmod +x tools/dev/msftidy_docs.rb 
a099481f66 failed to do so.
 2020-02-06 19:21:07 -06:00
h00die bd48588fd5 catch false positive spaces at eol from code indent 2020-01-28 14:28:18 -05:00
h00die 0c13102432 long lines ok in code blocks 2020-01-22 21:08:32 -05:00
h00die a099481f66 fix logic bug and chmod +x 2020-01-22 19:24:01 -05:00
h00die 322b3f8a8b msftidy_docs first add 2020-01-22 17:39:48 -05:00
Brent Cook ce991071e4
Land #12524, update most python code with python 3 compatibility 2019-12-23 14:49:08 -06:00
Brent Cook 20e6568f00 revert killerbee to python2 2019-12-20 09:44:29 -06:00
Brendan Coles ddf9cf71ab Add check_executable check to msftidy 2019-11-30 07:25:27 +00:00
Cristina Muñoz 311b03af93 Action remainder of code review changes. 
- Revert files that will only run as python2.
- Remove superfluous calls to list()
- Other minor cleanup
 2019-11-01 19:24:22 -07:00
Cristina Muñoz 8563a29003 Convert all python code to python3. Fixes #12506. 2019-10-31 14:16:14 -07:00
Shelby Pace 42b251be01
generate random c within compile_random_c 2019-10-18 08:28:25 -05:00
Shelby Pace 3c50f3d54e
add generate_random_c method 2019-10-15 12:50:58 -05:00
h00die 5084e59ee5 add links 2019-10-06 18:13:52 -04:00
h00die c9cde76842 additional cleanup 2019-10-02 21:03:00 -04:00
h00die cbc7d1e6aa add headings, run date, tab to space 2019-09-28 12:03:51 -04:00
hkerma 98c9654d19 created a 'docs' directory in /tools. Added a tool to find missing documentations and/or modules 2019-09-18 16:09:53 +02:00
William Vu e3463d0cd8 Prefer Rex::Text.dehex over Rex::Text.hex_to_raw 2019-08-14 20:32:30 -05:00
James Lee 760f4fc25d
Fix typo, full_name -> fullname 2019-08-12 19:30:43 -05:00
Brent Cook 0308f80c0e fix Failure scoping (needed for libraries) 2019-04-08 09:57:22 -05:00
William Vu c1758037b9 Include only common module types in Authors check 2019-03-29 10:44:22 -05:00
Pearce Barry 20f868c15c Complain loudly if module has no 'Author' metadata. 2019-03-26 13:27:57 -05:00
Brent Cook 8d069e4888
Land #11446, add msftidy support for SideEffects Stability Reliability check 2019-02-25 11:25:04 -06:00
Brent Cook 8cc3070cc8 don't require whitespace 2019-02-25 11:24:30 -06:00
Jeffrey Martin 5bd34e7d4c
cleaner read of JSON cache 2019-02-21 23:20:43 -06:00
Jeffrey Martin 98e95eeb18
remove unused imports and vars 2019-02-21 23:14:55 -06:00
Jeffrey Martin dd864e8f6e
enhance -f for `evasion` type 2019-02-21 23:11:39 -06:00
Jeffrey Martin dcaf477097
support -f from JSON 2019-02-21 23:10:07 -06:00
Jeffrey Martin 1bae9ccf31
update module authors to consume JSON cache 2019-02-21 22:56:04 -06:00
Jacob Robles c09c15649f
SideEffects Stability Reliability check 2019-02-21 12:38:26 -06:00
Brent Cook 5fc7167beb Merge remote-tracking branch 'upstream/master' into land-10812- 2019-02-07 09:31:02 -06:00
Brent Cook 46d7ab9795 don't refer to non-existent idx 2019-02-07 00:42:28 -06:00
Brendan Coles d38e12c124 Add URL scheme and Base64.encode64 checks to msftdiy 2019-02-04 21:16:01 +00:00
Wei Chen 27d6fffdad
Land #11125, Import/generate `ysoserial` Java serialization objects 2019-01-15 17:09:56 -06:00
Wei Chen 85555b81c4 Update code for Ruby coding style standards 2019-01-15 17:08:54 -06:00
asoto-r7 ddd9ab2041
Fixed an off-by-one error in the fingerprinting randomization 2019-01-14 17:42:59 -06:00
Matthew Kienow 5e28bccda9
Move msfdb_ws since it is deprecated by msfdb 2019-01-09 23:40:02 -05:00
asoto-r7 ddebc291f2
Added partial 'ysoserial-modified' support, along with debug flags 2019-01-04 16:43:06 -06:00
asoto-r7 7557624c00
ysoserial: Generated more compact JSON and renamed script 2018-12-18 15:42:50 -06:00
asoto-r7 349a366e84
ysoserial: Changes from code review 2018-12-17 15:41:31 -06:00
asoto-r7 fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads 2018-12-14 12:51:08 -06:00
William Vu 2b231d33e5 Add comment clarifying why we need the day for ISO 2018-11-16 13:25:01 -06:00
William Vu 2302acaab7 Accept ISO 8601 DisclosureDate with compatibility 
Zalgo.
 2018-11-16 12:03:01 -06:00
William Vu f25d7dbaa8 Revert Date.parse check for DisclosureDate 
An approximation of https://en.wikipedia.org/wiki/Robustness_principle.
 2018-11-16 11:48:44 -06:00
William Vu d65ba41e31 Use non-greedy regex against DisclosureDate 
Zalgo. He comes.

wvu@kharak:~/metasploit-framework:bug/msftidy$ tools/dev/msftidy.rb modules/exploits/unix/webapp/jquery_file_upload.rb
"Oct 9 2018', # Larry"
wvu@kharak:~/metasploit-framework:bug/msftidy$
 2018-11-16 11:40:12 -06:00
William Vu 3dd47b34b0 Rework DisclosureDate check to match core code 
Framework core uses Date.parse, so many date formats are valid.

There is no reason we shouldn't be using ISO 8601 dates.
 2018-11-16 11:05:47 -06:00
William Vu a30403dbfe Improve DisclosureDate regex 2018-11-16 03:46:51 -06:00
William Vu 02bb2d45d3 Make day in DisclosureDate optional for msftidy 
Defaults to the first day of the month.
 2018-11-16 03:00:39 -06:00
Christopher Krause ea0ba6b7a7 fix: google geolocation recon script 2018-11-02 05:52:54 +01:00
Green-m 7b1b2198cb
resolve confiict. 2018-10-17 17:33:01 +08:00
Green-m 941b015525
Add shebang. 2018-10-17 16:23:56 +08:00
William Vu 0b8926715e Reactively check for invalid module names 2018-10-10 14:33:59 -05:00
Tim W f2ebdd4cdf add apple_ios/armle/meterpreter/reverse_tcp 2018-10-10 17:39:51 +08:00
Wei Chen b012fa1275 Update msftidy 2018-10-06 15:59:05 -05:00
William Vu 2186322134 Stop being an idiot about the regex and rewrite it 
There was no reason to shoehorn in zero-length assertions.
 2018-10-05 13:50:19 -05:00
William Vu 05ac3875bc Improve check_snake_case_filename check in msftidy 
We also remove the separator, since the file is basenamed.
 2018-10-05 11:55:17 -05:00
Erin Bleiweiss e753eddb6b
Ignore 'No CVE' warning if NOCVE reason was provided in notes 2018-08-31 16:53:44 -05:00
Christian Mehlmauer 69d321000e
check double quotes 2018-08-29 06:49:37 +02:00
Christian Mehlmauer 31d4d4f5ff
expand check 2018-08-29 06:42:01 +02:00
Christian Mehlmauer 7431ae401b
fix more errors 2018-08-28 13:49:31 +02:00
Christian Mehlmauer a66556b436
fix msftidy errors 2018-08-28 13:12:43 +02:00
Christian Mehlmauer 1381e1f3e0
also check https 2018-08-27 21:44:42 +02:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
Jacob Robles 2833330f21
Land #10365, script allows you to find modules without a specific reference 2018-07-26 09:54:58 -05:00
Wei Chen 8c84295752 Use full name instead of short to reduce FP 2018-07-24 13:00:59 -05:00
Wei Chen 08b0ea9bde Clean up option 2018-07-24 12:57:58 -05:00
Wei Chen 8a4e831ad2 display full name 2018-07-24 12:38:24 -05:00
Wei Chen 5955e3e42d Do some logging to track progress 2018-07-24 11:43:29 -05:00
Wei Chen 1c33c489d6 rm r7 blog ref because URL ref can do the same thing too 2018-07-24 11:05:54 -05:00
Wei Chen a7284cfff1 Check file path for db 2018-07-24 10:54:24 -05:00
Wei Chen f6538c4cd7 Have a way to able to ignore certain modules 2018-07-24 10:28:07 -05:00
Wei Chen a70c85580b Add a script to find CVEs based on existing references 2018-07-24 10:23:24 -05:00
Wei Chen 1049deba70 This script allows you to find modules without a specific reference 2018-07-23 22:25:36 -05:00
asoto-r7 e9a2a1cdae
Land #10307, Add missing CVE check to msftidy 2018-07-18 18:09:20 -05:00
Brent Cook 08290b81c0
Land #10282, Add support for running external modules outside of msfconsole 2018-07-18 17:38:40 -05:00
William Vu 0b0a9bfd32 Remove check_sock_get from run_checks 2018-07-18 09:47:17 -05:00
William Vu b78a0878b8 Upgrade info checks to warning 
Also nix get vs. get_once check, since it's inconsistent in practice.
 2018-07-18 00:05:48 -05:00
William Vu ae9677c1c2 Rework msftidy retvals 
INFO should not be an error. Also prevent retval overflow.
 2018-07-17 18:11:16 -05:00
William Vu d355f51969 Switch warn to info 
Nothing to warn about, just something to note and check.
 2018-07-13 14:55:17 -05:00
William Vu b8bdceccb8 Add missing CVE check to msftidy 2018-07-13 14:19:00 -05:00
Jacob Robles f30c4e0465
Land #10226, Add code randomization capabilities to Metasploit::Framework::Compiler 2018-07-12 11:20:04 -05:00
Adam Cammack 0dd89bf428
Add standalone runner for external modules 2018-07-10 10:24:07 -05:00
Wei Chen 922081d87e Make sure module_reference is able to continue loading rb modules 2018-07-06 14:58:43 -05:00
Wei Chen a60fc3dc00 Fix code based on feedback from Jacob 2018-07-06 00:00:28 -05:00
Wei Chen 856b7e3d0c Remove randomized_compile_c 2018-06-29 00:09:28 -05:00
Wei Chen 38b2a21e90 Add random_compile_c 2018-06-29 00:08:32 -05:00
Wei Chen 8e058dd1a5 Rename file 2018-06-27 00:09:36 -05:00
Wei Chen dcaa623075 make random compiling work 2018-06-27 00:09:04 -05:00
Wei Chen 823647fbe1 Add compile_random_c func && support optional func collection 2018-06-25 16:50:05 -05:00
Wei Chen 90bc7d2294 Update randomizer for progress 2018-06-22 18:22:29 -05:00
Brent Cook f12e106137 refresh standalone psexec a bit 2018-05-07 00:24:38 -05:00
Brent Cook 226ef160ff
Land #9748, Convert the smbloris DoS into an external module 
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
 2018-04-02 23:25:10 -05:00
Brent Cook 26e732d8a1 make memdump executable again 2018-04-01 23:25:45 -05:00
Brent Cook bd8a1f1377 remove list_interfaces, it's part of the network_interface gem 2018-03-29 11:50:36 -05:00
Adam Cammack 71149e9c68
Remove executable Ruby files from classic loading 2018-03-23 14:49:06 -05:00
g0tmi1k a0cbb898a3 Fix up makeiplist.rb, so empty arguments doesn't error out 2018-03-20 12:51:15 +00:00
g0tmi1k 8463ed99b0 Add standardised header comments 2018-03-20 11:33:34 +00:00
g0tmi1k 90251f3e6c Add python extension 2018-02-09 15:13:30 +00:00
g0tmi1k e1a47cd124 Set permissions on ./tools/*.{rb,exe,sh} 2018-02-09 15:13:09 +00:00
Brent Cook 6aebc1fdbd remove more checks 2018-01-22 16:40:30 -06:00
Brent Cook 387f78c6a3 allow UTF-8 module names and authors 2018-01-12 01:51:05 -05:00
Tim c4e20e01e3 iOS meterpreter 2017-12-12 23:23:21 +08:00
Brent Cook 56eb828cc5 add e500v2 payloads 2017-10-30 14:04:10 -05:00
Christian Mehlmauer 7578913058
rework msftidy exit codes 2017-09-15 10:27:04 +02:00
h00die a1583de055 added pound shebang to vxencrypt 2017-09-14 10:09:31 -04:00
heitor.gouvea@ima.sp.gov.br 1c44406e94 Removing unnecessary spaces 2017-09-12 10:00:18 -03:00
h00die 8f05f7eeb6 add tool to dump descriptions 2017-08-24 21:41:46 -04:00
Brent Cook 33e134418a rename decode methods as well, keep this working for ruby X.X 2017-08-17 03:27:12 -04:00
Brent Cook 7a1a5d2658 don't override standard string 'encode' methods 2017-08-17 03:20:45 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook cc3168933f update mettle payloads, template generator 2017-07-18 13:13:38 -05:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
Brent Cook 577f4da498 add LICENSE_GEMS generation tool, update licenses 2017-05-10 16:19:03 -05:00
Brent Cook 353191992f move mettle payloads to meterpreter, add reverse_http/s stageless 2017-04-26 17:06:34 -05:00
William Vu f718ea0dc7 Add self.class check for register_* 2017-04-26 03:56:06 -05:00
William Vu f25d7dce54 Add check for require 'msf/core' 2017-04-26 02:54:02 -05:00
William Vu 228de518f0 Remove horrid title casing check 2017-04-26 02:53:59 -05:00
Pearce Barry fc3a880c0d
Land #8214, Fix ELM327 ISOTP commands 2017-04-19 15:05:12 -05:00
Brent Cook a9857eb1c2
Land #8099, Aux module to launch instances in AWS 2017-04-14 14:12:10 -05:00
Stefan Schake 910d34a64b Fix ELM327 ISOTP commands 2017-04-10 12:57:07 +02:00
William Vu 8549ec9fe3
Update $std{out,err} fix for msftidy 2017-04-06 17:54:07 -05:00
Bryan Chu b25f549f32 Fix msftidy false +ves for quote-enclosed stdouts 
Combined old regex in next if statement with a new one

Now catches stdouts enclosed in quotes on a single line
 2017-03-27 18:29:58 -04:00
Javier Godinez bb3f69e1e1 now running aggregator under screen 2017-03-24 22:33:04 -07:00
Pearce Barry 06ebb22a8f
Land #8065, Zigbee Hardware Bridge Extension 2017-03-20 10:44:15 -05:00
William Vu f9ecefe465
Land #8031, nil fixes for HWBridge 2017-03-19 22:37:28 -05:00
Javier Godinez 66c3154745 Initial commit of instance launcher userdata 2017-03-18 21:52:49 -07:00
Pearce Barry 095a110e65
Code and doc tweaks (minor). 
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
 2017-03-16 21:43:36 -05:00