github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity
38,214 Commits 20 Branches 919 Tags 1.3 GiB
35a780c6a8
Commit Graph

1826 Commits

Author SHA1 Message Date
dmohanty-r7
f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
David Maloney
55b38ad089
Land #6398, content length header 
lands wei's content length header pr
 2016-05-04 11:53:46 -05:00
dmohanty-r7
050061762b Fix db_manager rspec tests 
MS-255
 2016-04-28 13:17:02 -05:00
wchen-r7
d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST 
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
 2016-04-28 11:44:10 -05:00
James Lee
e7f0163c2e
Apparently super doesn't work the same here in 2.3 
But it doesn't matter, the value just needs to be before the current
time, so replace it with a simpler solution.
 2016-04-26 10:35:41 -05:00
wchen-r7
47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection 
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
 2016-04-25 14:30:46 -05:00
Brent Cook
7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
Brent Cook
e75ce8b248 update test to hook exist? rather than exists? 2016-04-21 06:56:48 -04:00
thao doan
e70d967b4e Land #6763, Add rspec for lib/metasploit/framework/login_scanner/redis 2016-04-18 10:05:24 -07:00
Brent Cook
d3e5dffe26
whitespace 2016-04-13 22:20:42 -05:00
Brent Cook
6ce7055130
Land #6737, Added reverse shell JCL payload for z/OS 2016-04-13 22:19:15 -05:00
Brent Cook
09873f2f9c
Land #6717, Add new cmd mainframe payload (generic_jcl) for z/OS 2016-04-13 22:10:23 -05:00
wchen-r7
6c5886afba Resolve #6736, Add rspec for login_scanner/redis lib 
Resolve #6736
 2016-04-08 11:41:08 -05:00
William Vu
22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
David Maloney
8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
wchen-r7
f7dd326b16
Land #6455, Fix dns labels/names size limits for lib/net/dns/names/names 2016-04-01 21:57:09 -05:00
Bigendian Smalls
6a4d7e3b58
Revshell cmd JCL payload for z/OS 
Added a JCL-based reverse shell.  Uses the same source code as the
shellcode version does.  Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
 2016-03-31 20:42:42 -05:00
wchen-r7
46d4b533f3 Add rspec for lib/net/dns/names/names.rb 2016-03-31 11:29:30 -05:00
wchen-r7
bc48ebd43b Use patch_finder for msu_finder 2016-03-29 23:21:01 -05:00
wchen-r7
1bcd3fac25
Land #6724, Import workspace IP validation from Mdm 
MS-902
 2016-03-29 18:31:47 -05:00
Adam Cammack
3b0170e87d
Import workspace IP validation from Mdm 
This allows us to actually test the validations, since the code calls
out to Rex::Socket::RangeWalker.

MS-902
 2016-03-29 17:56:22 -05:00
Bigendian Smalls
a6518b5273
Add generic JCL cmd payload for z/OS (mainframe) 
This payload does nothing but return successfully.  It can be used to
test exploits and as a basis for other JCL cmd payloads.
 2016-03-28 21:01:39 -05:00
wchen-r7
c4735bd72a Fix rspec pull_request_finder_spec.rb 2016-03-24 20:56:46 -05:00
wchen-r7
57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee
1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Adam Cammack
32fe9ae55d
Remove dead version check in db_manager.rb 
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
 2016-03-16 15:24:55 -05:00
Brent Cook
903807d039 update spec for pre-check 2016-03-15 14:21:01 -05:00
Brent Cook
dabe5c8465
Land #6655, use MetasploitModule as module class name 2016-03-13 13:48:31 -05:00
David Maloney
88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
wchen-r7
860159fa00 Update rspec 2016-03-08 11:37:25 -06:00
wchen-r7
58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook
659af68b16
Land #6388, update msftidy check for new preferred Metasploit module base class 2016-03-06 17:12:20 -06:00
Brent Cook
cc436fe438 update to new preferred base class for modules 2016-03-06 17:11:51 -06:00
Brent Cook
a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook
e1db3ef369
Land #6388, Update msftidy to error when module super class is incorrect 2016-03-06 16:53:11 -06:00
Brent Cook
0fc4ebf4ab
Land #6618, Improve Content-Length behavior in Rex HTTP 2016-03-06 16:38:44 -06:00
Brent Cook
8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Gregory Mikeska
c2f7360a9a
replace deprecated 'ignore' with 'transient' 2016-02-29 14:57:09 -06:00
wchen-r7
bff4b4d5fc Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP 
This patches changes two things:

1. If a module has a custom Content-Length, it will respect that
   instead of forcing its own.

2. If a request does not have anything in the body, the
   Content-Length header will not be set.

Fix #6609
Fix #6587
 2016-02-29 10:50:21 -06:00
wchen-r7
814d53aee0 Add rspec for Msf::Util::DocumentGenerator::PullrequestFinder 2016-02-24 15:13:04 -06:00
wchen-r7
753e0f7693 Add rspec for Msf::Util::DocumentGenerator::DocumentNormalizer 2016-02-23 15:34:34 -06:00
joev
39f1113bca Remove unused spec. 2016-02-18 22:20:13 -06:00
OJ
44eb2d6a80
Merge branch 'upstream/master' into default-xor 2016-02-11 14:30:18 +10:00
Brent Cook
2386cb1344
Land #6527, add support for importing Burp suite vuln exports 2016-02-10 13:19:21 -06:00
wchen-r7
942eec5fee Update rspec 2016-02-07 12:37:08 -06:00
Brian Patterson
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported. 2016-02-04 10:30:56 -06:00
Brent Cook
c0ed57db43
Land #6267, the rest of the rspec3 updates 2016-01-29 11:36:58 -06:00
Brent Cook
d35d0993c1 should -> expect 2016-01-29 11:36:38 -06:00
Brent Cook
ac822943b1
Land #6267, update to rspec3 2016-01-29 11:33:30 -06:00