adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,138 Commits 27 Branches 1,043 Tags
373eb3dda045fa045c0fa3ccafed62dffccb98fb
Commit Graph

77 Commits

Author SHA1 Message Date
jvazquez-r7 fdb66d978b Fix remainings be_truthy and be_falsey conditionals 2014-09-02 13:22:21 -05:00
jvazquez-r7 9cec62d52b Merge branch 'specs_its' into fix_deprecation_warnings 2014-09-02 13:14:21 -05:00
jvazquez-r7 d7af3a628d Avoid its on Msf::ModuleManager::Cache shared examples specs 2014-09-02 12:02:26 -05:00
jvazquez-r7 b37e1a5421 Solve conflicts 2014-08-26 17:51:37 -05:00
Joshua Smith 1fa26e2afb cleans up a bunch of spec msftidy issues 2014-08-26 15:24:08 -05:00
jvazquez-r7 042b8a3672 Switch from pending to skip in specs 2014-08-26 15:17:00 -05:00
jvazquez-r7 41420a97d5 Solve conflicts 2014-08-26 09:04:05 -05:00
jvazquez-r7 60ecf4e8c4 Use be_truthy instead of be_true 2014-08-25 23:58:08 -05:00
jvazquez-r7 dd1c015e4e Use be_falsey 2014-08-25 17:34:55 -05:00
darkbushido ad6eed01a2 .to_credential now assigns a parent 
Metasploit::Credential::Core#to_credential will set the parent to the original core objext
Metasploit::Framework::Credential#to_credential also sets the parent to itself.
 2014-07-31 14:52:27 -05:00
David Maloney 939e585658 refactor all loginscanners 
loginscanners now use LoginStatus constants
for the result statuses
 2014-07-15 13:17:56 -05:00
David Maloney 846679bef9 change Result status 
result bojects now use Login::status constants
for their status
 2014-07-15 11:39:38 -05:00
James Lee 4b16985eb8 Stop trying more creds for a user after success 
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
 2014-07-10 17:48:58 -05:00
David Maloney 8833429987 make shared example usage more readable 
this seems less obtuse
 2014-07-10 12:58:13 -05:00
David Maloney 7dc58d060e make only one each method 
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
 2014-07-10 12:35:09 -05:00
David Maloney 25ee278097 strip vestigial realms 
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
 2014-07-09 17:46:56 -05:00
David Maloney c7b37743ef working realm coercion 
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
 2014-07-09 15:56:39 -05:00
David Maloney 24fced822e coerce realm_key when it exists 
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
 2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0 REALM_KEY not _TYPE 
arg typos
 2014-07-09 14:01:41 -05:00
James Lee cff2e1a1c1 And remove specs referencing obsolete accessors 2014-07-07 12:37:14 -05:00
Lance Sanchez c1877cfba2 fixing the broken to_credential test 
MSP-9912
 2014-06-27 10:06:38 -05:00
Lance Sanchez b5351eec2b adding .to_credential 
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
 2014-06-26 11:05:59 -05:00
Lance Sanchez 07d548caeb dropping lib from shared examples 
MSP-9912
 2014-06-25 14:32:43 -05:00
Luke Imhoff af99c0c01e Remove should_receive(:with_connection) from specs 
MSP-10127

Causes specs to randomly fail when with_connection calls from
before(:each) or after(:each) are intercepted by the should_receive
call.
 2014-06-19 16:24:53 -05:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection 
Add a CredCollection class and refactor WinRM bruteforce module
 2014-06-06 11:53:28 -05:00
David Maloney 90b52814b1 fix some spec issues for recent changes 2014-06-06 11:52:49 -05:00
Luke Imhoff ca63d2201e Update init_module_paths spec to match Rails::Engine behavior 
MSP-9653
 2014-06-02 14:26:35 -05:00
James Lee 5d1a0397ed Add Tomcat login scanner 2014-05-21 14:28:54 -05:00
James Lee 9582d82fba Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner 2014-05-15 13:59:48 -05:00
James Lee 99f8fbbc9c Add WinRM login scanner 
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
  simpler and easier
* Adds support for default ports to HTTP. This should probably be
  rafactored up into Base
* Removes spec that complains about port being unset (which now fails
  because defaults ensure it's always set)
 2014-05-14 14:35:49 -05:00
dmaloney-r7 acaf713229 Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential 
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
 2014-05-14 11:15:07 -05:00
James Lee 08a7acef3f Make sure fail case is correct 
`rand(1000)` would return 0 one in a thousand times, causing this test to
randomly fail at that interval
 2014-05-14 10:22:47 -05:00
Luke Imhoff 3370465d84 Use railties to load Metasploit::Credential correctly 
MSP-9606

In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines.  To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
 2014-05-12 15:03:51 -05:00
James Lee 3831042dca Add specs, validations for LoginScanner::SMB 2014-05-09 18:58:49 -05:00
David Maloney acbff23c32 final wrap-up specs 
successkid.jpg
 2014-05-07 16:07:18 -05:00
David Maloney ec974535ac create base object for mssql scanner 
created skeleton for MSSQL Loginscanner
included concerns.

also added an NTLM concern and shared example group
 2014-05-07 14:43:15 -05:00
David Maloney 5e6f57f711 fix up some more specs 
some spec cleanup and added basic specs
to the HTTP LoginScanner
 2014-05-01 12:10:51 -05:00
David Maloney 0dd22395eb use credential objects inside results 
altered results to just hold a credential
object instead of duplicating attributes
 2014-04-30 17:17:57 -05:00
David Maloney 4995fcdced Shared Examples for RexSocket mixin 
shared example group for the Loginscanner RexSocket
mixin. Pretty simple stuff, just trying to keep it
DRY.
 2014-04-30 15:47:52 -05:00
David Maloney 1cd3f3f0da finished first shared example group 
base behaviour is now defined in shared
example group and the specs all use that
shared example group
 2014-04-30 14:40:37 -05:00
David Maloney a4cc311106 test base behaviour in shared examples 
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
 2014-04-30 14:35:29 -05:00
Tab Assassin 2e8d19edcf Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
Brandon Turner 4760000bca Replace mock with double in specs 
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
 2013-09-06 09:34:05 -05:00
sinn3r ed51d284fa Change name, change how data is passed, fix rspec 2013-07-24 17:15:56 -05:00
David Maloney d6f2b28708 More opt specs 2013-07-20 17:37:39 -05:00
David Maloney 7c8f7329e9 integrate with egypt's already better specs 2013-07-20 16:46:16 -05:00
James Lee 0f2ea755c5 Add encoding comment to spec files for 2.0 compat 2013-06-07 13:27:39 -05:00
Luke Imhoff e0e348a17e Specs to ensure File.mtime error is caught. 
[#47720609]
 2013-05-30 13:09:40 -05:00
Luke Imhoff 4ba571346e Spec Msf::Simple::Framework#init_module_paths 
[#47720609]
 2013-05-24 12:33:42 -05:00
Luke Imhoff 1a487e476d Merge branch 'master' into bug/module-load-cache-update 2013-05-23 14:23:14 -05:00