name: Shared Meterpreter Acceptance on: workflow_call: inputs: # Defaults set as '' will use the current branch as their commit metasploit_framework_commit: description: "metasploit-framework commit to build with" default: '' required: false type: string metasploit_payloads_commit: description: "metasploit-payloads commit to build with" default: '' required: false type: string mettle_commit: description: "mettle commit to build with" default: '' required: false type: string build_mettle: description: "Whether or not to build mettle" default: false required: false type: boolean build_metasploit_payloads: description: "Whether or not to build metasploit-payloads" default: false required: false type: boolean jobs: # Compile the Meterpreter payloads via docker if required, we can't always do this on the # host environment (i.e. for macos). So it instead gets compiled first on a linux # host, then the artifacts are copied back to the host later meterpreter_compilation: name: Compile Meterpreter runs-on: ubuntu-latest if: ${{ inputs.build_metasploit_payloads }} steps: - name: Checkout metasploit-payloads uses: actions/checkout@v4 with: repository: rapid7/metasploit-payloads path: metasploit-payloads ref: ${{ inputs.metasploit_payloads_commit }} - name: Build Meterpreter payloads run: | mkdir $(pwd)/meterpreter-artifacts docker run --rm -w $(pwd) -v $(pwd):$(pwd) rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "cd metasploit-payloads/gem && rake create_dir && rake win_copy && rake php_prep && rake java_prep && rake python_prep && rake create_manifest && rake build" cp $(pwd)/metasploit-payloads/gem/pkg/metasploit-payloads-* $(pwd)/meterpreter-artifacts - name: Store Meterpreter artifacts uses: actions/upload-artifact@v4 with: name: meterpreter-artifacts path: meterpreter-artifacts # Run all test individually, note there is a separate final job for aggregating the test results test: needs: meterpreter_compilation if: always() && (needs.meterpreter_compilation.result == 'success' || needs.meterpreter_compilation.result == 'skipped') strategy: fail-fast: false matrix: os: - macos-13 - windows-2022 - ubuntu-latest ruby: - '3.4' meterpreter: # Python - { name: python, runtime_version: 3.8 } - { name: python, runtime_version: 3.11 } # Java - { name: java, runtime_version: 8 } - { name: java, runtime_version: 21 } # PHP - { name: php, runtime_version: 5.3 } - { name: php, runtime_version: 7.4 } - { name: php, runtime_version: 8.3 } include: # Windows Meterpreter - { meterpreter: { name: windows_meterpreter }, ruby: '3.4', os: windows-2022 } # TODO: Screenshotting behavior fails: # - { meterpreter: { name: windows_meterpreter }, ruby: '3.4', os: windows-2025 } # Mettle - { meterpreter: { name: mettle }, os: macos-13 } - { meterpreter: { name: mettle }, os: ubuntu-latest } runs-on: ${{ matrix.os }} timeout-minutes: 50 env: RAILS_ENV: test HOST_RUNNER_IMAGE: ${{ matrix.os }} SESSION: 'meterpreter/${{ matrix.meterpreter.name }}' SESSION_RUNTIME_VERSION: ${{ matrix.meterpreter.runtime_version }} BUNDLE_WITHOUT: "coverage development" name: ${{ matrix.meterpreter.name }} ${{ matrix.meterpreter.runtime_version }} ${{ matrix.os }} steps: - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 if: ${{ matrix.meterpreter.name == 'php' }} with: php-version: ${{ matrix.meterpreter.runtime_version }} tools: none - name: Set up Python if: ${{ matrix.meterpreter.name == 'python' }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.meterpreter.runtime_version }} - uses: actions/setup-java@v4 if: ${{ matrix.meterpreter.name == 'java' }} with: distribution: temurin java-version: ${{ matrix.meterpreter.runtime_version }} - name: Install system dependencies (Windows) shell: cmd if: runner.os == 'Windows' run: | REM pcap dependencies powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip', 'C:\Windows\Temp\WpdPack_4_1_2.zip')" choco install 7zip.installServerCertificateValidationCallback 7z x "C:\Windows\Temp\WpdPack_4_1_2.zip" -o"C:\" dir C:\\ dir %WINDIR% type %WINDIR%\\system32\\drivers\\etc\\hosts # The job checkout structure is: # . # ├── metasploit-framework # └── metasploit-payloads (Only if the "payload-testing-branch" GitHub label is applied) # └── mettle (Only if the "payload-testing-mettle-branch" GitHub label is applied) - name: Checkout mettle if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }} uses: actions/checkout@v4 with: repository: rapid7/mettle path: mettle ref: ${{ inputs.mettle_commit }} - name: Get mettle version if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }} run: echo "METTLE_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" lib/metasploit_payloads/mettle/version.rb)" | tee -a $GITHUB_ENV working-directory: mettle - name: Prerequisite mettle gem setup if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }} run: | set -x ruby -pi.bak -e "gsub(/${{ env.METTLE_VERSION }}/, '${{ env.METTLE_VERSION }}-dev')" lib/metasploit_payloads/mettle/version.rb working-directory: mettle - name: Compile mettle payloads if: ${{ matrix.meterpreter.name == 'mettle' && runner.os != 'macos' && inputs.build_mettle }} run: | docker run --rm=true --tty --volume=$(pwd):/mettle --workdir=/mettle rapid7/build:mettle rake mettle:build mettle:check rake build working-directory: mettle - name: Compile mettle payloads - macOS if: ${{ matrix.meterpreter.name == 'mettle' && runner.os == 'macos' && inputs.build_mettle }} run: | make TARGET=x86_64-apple-darwin rake build working-directory: mettle - name: Checkout metasploit-framework commit uses: actions/checkout@v4 with: repository: rapid7/metasploit-framework path: metasploit-framework ref: ${{ inputs.metasploit_framework_commit }} # https://github.com/orgs/community/discussions/26952 - name: Support longpaths if: runner.os == 'Windows' run: git config --system core.longpaths true - name: Setup Ruby env: BUNDLE_FORCE_RUBY_PLATFORM: true # Required for macos13 pg gem compilation PKG_CONFIG_PATH: "/usr/local/opt/libpq/lib/pkgconfig" # Pinned to avoid Windows compilation failure with nokogiri uses: ruby/setup-ruby@eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c with: ruby-version: ${{ matrix.ruby }} bundler-cache: true cache-version: 5 working-directory: metasploit-framework - name: Move mettle gem into framework if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }} run: | cp ../mettle/pkg/metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem . working-directory: metasploit-framework - uses: actions/download-artifact@v4 name: Download Meterpreter id: download_meterpreter if: ${{ matrix.meterpreter.name != 'mettle' && inputs.build_metasploit_payloads }} with: # Note: Not specifying a name will download all artifacts from the previous workflow jobs path: raw-data - name: Extract Meterpreter (Unix) if: ${{ matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' && inputs.build_metasploit_payloads }} shell: bash run: | set -x download_path=${{steps.download_meterpreter.outputs.download-path}} cp -r $download_path/meterpreter-artifacts/* ./metasploit-framework - name: Extract Meterpreter (Windows) if: ${{ matrix.meterpreter.name != 'mettle' && runner.os == 'Windows' && inputs.build_metasploit_payloads }} shell: bash run: | set -x download_path=$(cygpath -u '${{steps.download_meterpreter.outputs.download-path}}') cp -r $download_path/meterpreter-artifacts/* ./metasploit-framework - name: Install mettle gem if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }} run: | set -x bundle exec gem install metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem ruby -pi.bak -e "gsub(/'metasploit_payloads-mettle', '.*'/, '\'metasploit_payloads-mettle\', \'${{ env.METTLE_VERSION }}.pre.dev\'')" metasploit-framework.gemspec bundle config unset deployment bundle update metasploit_payloads-mettle bundle install working-directory: metasploit-framework - name: Checkout metasploit-payloads if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }} uses: actions/checkout@v4 with: repository: rapid7/metasploit-payloads path: metasploit-payloads ref: ${{ inputs.metasploit_payloads_commit }} - name: Build Windows payloads via Visual Studio 2019 Build (Windows) shell: cmd if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2019' && inputs.build_metasploit_payloads }} run: | cd c/meterpreter git submodule init && git submodule update "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" && make.bat working-directory: metasploit-payloads - name: Build Windows payloads via Visual Studio 2022 Build (Windows) shell: cmd if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2022' && inputs.build_metasploit_payloads }} run: | cd c/meterpreter git submodule init && git submodule update make.bat working-directory: metasploit-payloads - name: Build Windows payloads via Visual Studio 2025 Build (Windows) shell: cmd if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2025' && inputs.build_metasploit_payloads }} run: | cd c/meterpreter git submodule init && git submodule update make.bat working-directory: metasploit-payloads - name: Get metasploit-payloads version if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }} shell: bash run: echo "METASPLOIT_PAYLOADS_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" gem/lib/metasploit-payloads/version.rb)" | tee -a $GITHUB_ENV working-directory: metasploit-payloads - name: Install metasploit-payloads gem if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }} run: | bundle exec gem install metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem working-directory: metasploit-framework - name: Remove metasploit-payloads version from metasploit-framework.gemspec if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' }} run: | ruby -pi -e "gsub(/metasploit-payloads', '\d+.\d+.\d+/, 'metasploit-payloads')" metasploit-framework.gemspec working-directory: metasploit-framework - name: Remove metasploit-payloads version from metasploit-framework.gemspec (Windows) if: ${{ inputs.build_metasploit_payloads && (runner.os == 'Windows' && matrix.meterpreter.name != 'windows_meterpreter') && matrix.meterpreter.name != 'mettle' }} shell: cmd run: | ruby -pi.bak -e "gsub(/metasploit-payloads', '\d+.\d+.\d+/, 'metasploit-payloads')" metasploit-framework.gemspec working-directory: metasploit-framework - name: Bundle update/install metasploit-payloads gem if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }} run: | bundle config unset deployment bundle update metasploit-payloads bundle install working-directory: metasploit-framework - name: Acceptance env: SPEC_HELPER_LOAD_METASPLOIT: false SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter" # Unix run command: # SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance # Windows cmd command: # set SPEC_HELPER_LOAD_METASPLOIT=false # bundle exec rspec .\spec\acceptance # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried run: | bundle exec rspec spec/acceptance/meterpreter_spec.rb working-directory: metasploit-framework - name: Archive results if: always() uses: actions/upload-artifact@v4 with: # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips name: raw-data-${{ matrix.meterpreter.name }}-${{ matrix.meterpreter.runtime_version }}-${{ matrix.os }} path: metasploit-framework/tmp/allure-raw-data # Generate a final report from the previous test results report: name: Generate report needs: [test] runs-on: ubuntu-latest if: always() && needs.test.result != 'skipped' steps: - name: Checkout code uses: actions/checkout@v4 if: always() with: repository: rapid7/metasploit-framework ref: ${{ inputs.metasploit_framework_commit }} - name: Install system dependencies (Linux) if: always() run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz # https://github.com/orgs/community/discussions/26952 - name: Support longpaths if: runner.os == 'Windows' run: git config --system core.longpaths true - name: Setup Ruby if: always() env: BUNDLE_FORCE_RUBY_PLATFORM: true uses: ruby/setup-ruby@eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c with: ruby-version: '3.3' bundler-cache: true cache-version: 5 - uses: actions/download-artifact@v4 id: raw_report_data if: always() with: # Note: Not specifying a name will download all artifacts from the previous workflow jobs path: raw-data - name: allure generate if: always() run: | export VERSION=2.22.1 curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz tar -zxvf allure-$VERSION.tgz -C . ls -la ${{steps.raw_report_data.outputs.download-path}} ./allure-$VERSION/bin/allure generate ${{steps.raw_report_data.outputs.download-path}}/* -o ./allure-report find ${{steps.raw_report_data.outputs.download-path}} bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.raw_report_data.outputs.download-path}} > ./allure-report/support_matrix.html - name: archive results if: always() uses: actions/upload-artifact@v4 with: name: final-report-${{ github.run_id }} path: | ./allure-report