adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

61 Commits

Author SHA1 Message Date
dwelch-r7 dfaba0a98e Add endpoints for report_web_* 2019-11-15 16:33:28 +00:00
Emmett Kelly d670e31e34 Remove unnecessary requirement 2019-10-15 15:18:41 +01:00
Emmett Kelly e0c86b2423 Remove references to file based token provision 2019-10-08 14:29:25 +01:00
Emmett Kelly fe3ec50239 Set API token in env instead of file 2019-10-08 13:46:07 +01:00
Emmett Kelly fcfc78acc5 Use consistent API auth failure error handling 2019-10-08 11:14:23 +01:00
Emmett Kelly 8697b424b2 Use consistent environment variable name 2019-10-08 11:09:04 +01:00
Emmett Kelly 6d74fa2586 Load token config from yml instead of json 2019-10-08 11:03:24 +01:00
Emmett Kelly 1f4649a97c Remove redundant begin block 2019-10-07 15:23:27 +01:00
Emmett Kelly 6e3acd6e9b Refactor nested else if to elsif 2019-10-07 15:23:01 +01:00
Emmett Kelly e1d44e2ae3 Remove redundant braces around hash param 2019-10-07 15:22:27 +01:00
Emmett Kelly 8f33804fe0 Add file based API token authentication 
Provides a mechanism to specify an API token from a json file.
If the DB is not enabled then the JSON RPC server will check for the
presence of an environment variable (MSF_API_TOKEN_FILE) which should
point to the path of a JSON file. The JSON file should contain a single
key "token". The value of this token is used as the API token which is
required for all JSON RPC API calls.
 2019-10-07 14:57:40 +01:00
James Barnett 0a4932a61c Remove swagger-ui css files 2019-03-21 12:52:30 -05:00
Aaron Soto 822f5357a2 Land #10675, DB manager for payloads: Resolve conflicts, add 'create!' to trigger database write 2019-03-04 14:58:03 -06:00
James Barnett b98133cded Dont assign unique file name when theres no file on disk 2019-01-25 16:36:17 -06:00
James Barnett fd6527bac8 Prepend loot filenames with unique string 
This should help prevent accidentally overwriting files with the same name
 2019-01-16 15:20:41 -06:00
James Barnett 705c269d27 Handle empty data values for loot 2019-01-16 10:59:07 -06:00
James Barnett dc7d611780 Base64 encode the data field for each loot operation 2019-01-15 18:01:43 -06:00
James Barnett 5c308b1448 Remove nested loot object from host JSON 
The code on the framework side that was utilizing this was removed
a while ago. It was never actually being used anywhere, and was causing
issues with getting host objects back when the loot contained
non-UTF-8 characters
 2019-01-15 16:45:04 -06:00
Erin Bleiweiss d18c6bd158 Land #11188, Correct authentication logic in host and event servlets 2019-01-10 13:09:26 -06:00
Brent Cook f125526e09 Land #11207, implement db_import for web service 2019-01-10 10:28:29 -06:00
Matthew Kienow d117e6a1d1 Land #11142, use POST for API token generation 2019-01-08 11:59:30 -05:00
James Barnett 466b0004e1 Land #11163, add API endpoint for retrieving Mdm::Events 2019-01-08 09:26:53 -06:00
James Barnett 69ee3a4a26 Land #11187, Conform LoginServlet to API standards 2019-01-07 17:03:39 -06:00
James Barnett f23142c19c Land #11183, add authentication to LoginServlet endpoints 2019-01-07 17:02:31 -06:00
Erin Bleiweiss 6641c606b2 Add support for db import from remote data service 2019-01-07 14:32:27 -06:00
James Barnett 02fda8625a Address code review comments. 
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
 2019-01-07 13:52:01 -06:00
James Barnett 101fbb7aa5 Address code review comments 2019-01-04 15:23:24 -06:00
James Barnett 83267d08e0 Update jquery version and use SRI 2019-01-04 15:23:24 -06:00
James Barnett 4bbf84b949 Update login test page to use POST for generate-token 2019-01-04 15:22:32 -06:00
James Barnett 60681e4385 Use POST for token generation 2019-01-04 15:22:32 -06:00
James Barnett b875d391fc WIP: updating ref lookup based on code review comments 2019-01-04 15:10:20 -06:00
James Barnett 0281ddf78c Remove vuln_refs from Vuln JSON schema 
This object is just a pointer between Vulns and refs. We don't need to surface it
 2019-01-04 15:10:20 -06:00
James Barnett e9931fa70e Fix bug when updating Mdm::Vuln.refs 2019-01-04 15:10:19 -06:00
Matthew Kienow 4fc65b39a1 Make position of warden call the same as others 
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
 2018-12-31 16:38:26 -05:00
Matthew Kienow 7b22527f8f Make error message use same language as others 2018-12-31 16:37:08 -05:00
Matthew Kienow 05d810ac23 Add support for GET with ID in the path 2018-12-31 15:46:00 -05:00
Matthew Kienow 0e56c30ab2 Use data object wrapper for JSON response 2018-12-31 15:43:16 -05:00
Matthew Kienow 12f4222b2e Fix to ensure authentication 2018-12-28 16:29:33 -05:00
Brent Cook 66505790f9 Land #11179, Replace Sysrandom with Ruby default SecureRandom 2018-12-27 11:33:29 -06:00
Matthew Kienow 34e99c3857 Modify GET error message to match other servlets 2018-12-26 22:45:33 -05:00
Matthew Kienow ebc7a3a315 Replace sysrandom with ruby default securerandom 2018-12-26 13:40:44 -05:00
Matthew Kienow b5bc65c3bd Add GET handler to query events 2018-12-21 22:18:10 -05:00
Matthew Kienow eec7a3dafc Remove debug code 2018-12-14 13:33:16 -05:00
Matthew Kienow b6cdf7aa9d Add update_session method 2018-12-14 12:04:55 -05:00
Matthew Kienow 3f9b2dadc8 Remove unnecessary single object selection 2018-12-14 11:20:19 -05:00
Matthew Kienow 4cefb8d06e Fix typo 2018-12-14 11:19:40 -05:00
Matthew Kienow fd75b75c61 Add FrameworkExtension 2018-11-26 13:08:42 -05:00
Matthew Kienow e144cc6738 Move under Msf::WebServices namespace 2018-11-26 12:58:10 -05:00
Matthew Kienow 4cc9959e3f Move MSF API App and associated servlets 
The modules interact with the DbManager, however, are not a part of it
and belong in a more meaningful location for web services.
 2018-11-19 18:46:15 -05:00
Matthew Kienow d69ae54835 Remove unneeded UserServlet 2018-10-03 16:40:37 -04:00