up to date

modules/auxiliary/admin/http/github_pulls_changes.rb

@@ -0,0 +1,100 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+
+class Metasploit4 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::HttpClient
+
+	def initialize
+		super(
+			'Name'           => 'Gighub pulls requests files changed summary',
+			'Description'    => %q{
+					This module uses the github api to summarize files changed
+				by pull requests.
+			},
+			'References'     =>
+				[
+					['URL', 'http://developer.github.com/v3/pulls/#list-pull-requests']
+				],
+			'DisclosureDate' => 'Mar 11 2013',
+			'Author'         => [ 'juan vazquez' ],
+			'License'        => MSF_LICENSE
+		)
+
+		register_options(
+			[
+				Opt::RPORT(443),
+				Opt::RHOST('api.github.com'),
+				OptString.new("TARGETURI", [true, 'The URI directory where basic auth is enabled', '/']),
+				OptString.new("OWNER", [true, 'The Repo owner', 'rapid7']),
+				OptString.new("REPO", [true, 'The Repo name', 'metasploit-framework']),
+				OptString.new("USERNAME", [true, 'Github username', 'jvazquez-r7']),
+				OptString.new("PASSWORD", [true, 'Github password',]),
+				OptBool.new('SSL', [true, 'Use SSL', true])
+			], self.class)
+	end
+
+	def get_files(id)
+		res = send_request_cgi({
+			'uri'       => normalize_uri(target_uri.path, "repos", @owner, @repo, "pulls", id, "files"),
+			'method'    => 'GET',
+			'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD'])
+		})
+
+		if res and res.code == 200
+			if res.headers['X-RateLimit-Remaining'] > 0
+				print_error("Warning Rate Limit reached retrieving files for ##{id}")
+			end
+			files = JSON.parse(res.body)
+			return files.map { |f| "#{f["filename"]} => #{f["status"]}" }
+		else
+			return nil
+		end
+	end
+
+	def run
+
+		@owner = datastore["OWNER"]
+		@repo = datastore["REPO"]
+
+		res = send_request_cgi({
+			'uri'       => normalize_uri(target_uri.path, "repos", @owner, @repo, "pulls"),
+			'method'    => 'GET',
+			'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD'])
+		})
+
+		if res and res.code == 200 and res.headers['X-RateLimit-Remaining'] > 0
+			pulls = JSON.parse(res.body)
+		else
+			print_error("Error retrieving pulls requests")
+			return
+		end
+
+		results_table = Rex::Ui::Text::Table.new(
+			'Header'  => 'GitHub Pull Requests Summary',
+			'Indent'  => 1,
+			'Columns' => ['Pull #', 'Pull Title', '# Files', 'Modifications']
+		)
+
+		pulls.each {|p|
+			if p["state"] == "open"
+				files = get_files(p["number"])
+				if files.nil?
+					results_table << [p["number"], p["title"], "-", "-"]
+					next
+				end
+
+				results_table << [p["number"], p["title"], files.length, files.join(", ")]
+			end
+		}
+
+		print_line
+		print_line(results_table.to_s)
+	end
+end