T

Matt Buck 2056ff6899 Merge master

Squashed commit of the following:

commit 1dcad7c21b
Merge: 1a2f35d 35d29f5
Author: OJ <oj@buffered.io>
Date:   Thu Mar 19 14:43:27 2015 +1000

    Land #4953 : Updated POSIX meterpreter binaries

commit 35d29f5d08
Author: Brent Cook <bcook@rapid7.com>
Date:   Wed Mar 18 22:57:03 2015 -0500

    update linux meterpreter bins

commit 1a2f35d806
Merge: 076f15f 346b1d5
Author: OJ <oj@buffered.io>
Date:   Thu Mar 19 12:41:20 2015 +1000

    Land #4951: Dynamic URI generation for Java/Python reverse_http(s)

commit 076f15f933
Merge: b33e7f4 3f8ed56
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Wed Mar 18 20:59:54 2015 -0400

    Land #4792 @jakxx Publish It PUI file exploit

commit 3f8ed56a9a
Author: Spencer McIntyre <zeroSteiner@gmail.com>
Date:   Wed Mar 18 20:57:58 2015 -0400

    Add available space to the payload info

commit b33e7f477c
Merge: 0d1f205 5dd718e
Author: joev <joev@metasploit.com>
Date:   Wed Mar 18 17:17:34 2015 -0500

    Land #4947, h0ng10's TWiki exploit.

commit 346b1d539f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 16:24:01 2015 -0500

    Revert Java back to static size for cache purposes (less cpu usage on startup)

commit 33bbf7cb7e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 16:08:11 2015 -0500

    Dynamic URI generation for python/java http(s) stagers

commit 0d1f2055c5
Merge: e943cb5 dab4333
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 15:31:22 2015 -0500

    Lands #4949 which fixes #4845

commit dab4333867
Author: rwhitcroft <rw81junk@gmail.com>
Date:   Wed Mar 18 16:07:46 2015 -0400

    updated asm in block

commit 7ae97393e0
Author: rwhitcroft <rw81junk@gmail.com>
Date:   Wed Mar 18 15:34:31 2015 -0400

    fix x64/reverse_https stager shellcode

commit e943cb550f
Merge: d152c41 d1a2f58
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 22:34:52 2015 +1000

    Land #4585 : CVE-2015-0975 XXE in OpenNMS

commit d1a2f58303
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 22:17:44 2015 +1000

    Fix of regex for file capture and format tweaks

commit 5dd718e4fa
Author: Hans-Martin Münch (h0ng10) <muench@mogwaisecurity.de>
Date:   Wed Mar 18 09:51:51 2015 +0100

    Better description

commit 00de437918
Author: Hans-Martin Münch (h0ng10) <muench@mogwaisecurity.de>
Date:   Wed Mar 18 09:45:08 2015 +0100

    Initial commit

commit fa7242388b
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 18:18:54 2015 +1000

    Move the module to the correct location

commit d152c41826
Merge: b46e5f8 b62da42
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 17:42:19 2015 +1000

    Land #4934 : Proxy and auth support in reverse_http(s)

commit b62da42927
Merge: c607cf7 b46e5f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:51:15 2015 -0500

    Merge branch 'master' into feature/add-proxies-to-wininet

commit b46e5f8d13
Merge: bd4738b 97def50
Author: OJ <oj@buffered.io>
Date:   Wed Mar 18 16:49:13 2015 +1000

    Land #4295 : Refactory proxy-enabled payload handling

commit c607cf7b11
Merge: 0513852 bd4738b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:45:44 2015 -0500

    Merging master

commit 97def50cc2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:26:59 2015 -0500

    Whitespace cleanup

commit 8d3cb8bde5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:25:42 2015 -0500

    Fix up meterpreter patching arguments and names

commit ef443c83b9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:21:53 2015 -0500

    Fix overgreed search/replace

commit 390a704cc7
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:19:05 2015 -0500

    Cleanup proxyhost/proxyport arguments to match new names

commit f7a06d8e44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:15:32 2015 -0500

    Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax

commit 3aa8cb69a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:08:09 2015 -0500

    Fix two use cases of PROXYHOST/PROXYPORT

commit 87a489907c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Dec 15 14:48:09 2014 -0600

    Place an IPv6 proxy IP between brackets

commit 259db269bd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 15:36:14 2014 -0600

    Remove user/pass and invalid class from the options

commit 2ab14e7e79
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 01:01:10 2015 -0500

    Adds IPv6 and option-related issues with the previous patch

commit 0601946830
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 13:29:39 2014 -0600

    Don't mandate and default PROXY_HOST (miscopy from the proxy stager)

commit a4df6d539f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 00:59:59 2015 -0500

    Cleanup proxy handling code (consistency & bugs)

    One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.

commit 85fb534e63
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 12:57:30 2014 -0600

    Fix up the offset detection again, cleanup redundant code

commit 2f13988d7b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Dec 2 12:33:53 2014 -0600

    Use OptPort vs OptInt and cleanup the description

commit a01be365b0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 18 00:59:13 2015 -0500

    Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT

    This also cleans up the windows reverse_https_proxy stager.

commit b197b7aaf0
Author: jakxx <jakx.ppr@gmail.com>
Date:   Tue Mar 17 19:24:13 2015 -0400

    Additional Updates

    -Removed unused mixin
    -Cleaned up Module name
    -Cleaned up author name

commit bd4738b93e
Merge: 47a7f99a d7fa0ec
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 17 17:37:55 2015 -0500

    Land #4827, capture and nbns fixups

commit d7fa0ec669
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 17 17:36:45 2015 -0500

    Let IPAddr#hton do the calculating

commit 47a7f99aae
Merge: d1d6378 5fd3637
Author: Brent Cook <bcook@rapid7.com>
Date:   Tue Mar 17 16:22:46 2015 -0500

    Land #4930, @hmoore-r7 winhttp stager certificate check

commit 085e6cc815
Author: jakxx <jakx.ppr@gmail.com>
Date:   Tue Mar 17 16:39:56 2015 -0400

    Implemented Recommended Changes

    -corrected spelling error
    -set only option to required
    -dumped header data to included file
    -Used Rex for jmp values

commit 0490af8ba8
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:20:22 2015 -0400

    Added error checks, randomness, and uuid delimeter

commit f3fc4003d0
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:19:40 2015 -0400

    typo

commit b92d243c0e
Merge: e0a7f53 766a07a
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:18:32 2015 -0400

    Merge branch 'module-cve-2015-0975' of https://github.com/jstnkndy/metasploit-framework into module-cve-2015-0975

commit e0a7f531cc
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Mar 17 10:10:51 2015 -0400

    Added error checking, randomness, uuid delimiters

commit 2ea984423b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 14:08:01 2015 -0500

    while(true)->loop, use thread.join

commit 5fd3637d34
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 14:00:51 2015 -0500

    Remove the i32 size specifier (not needed)

commit 69d9280748
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 13:52:13 2015 -0500

    Fix yard docs, retries, push.i8 instructions. See commit 05138524e3

    Note that StagerRetryCount is not defined here, but will be in the parent class once #4934 lands

commit 05138524e3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 13:35:36 2015 -0500

    Fix yard docs, fix retries, trim bytes, retested and working

commit 69a808b744
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 12:14:42 2015 -0500

    StagerProxy -> PayloadProxy

commit f361e4ee52
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 00:22:10 2015 -0500

    Prefer the new-style proxy datastore options when available

commit 7e89281485
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 16 00:03:31 2015 -0500

    Adds proxy (with authentication) support to reverse_http(s)

commit 8e37342c50
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 16:52:04 2015 -0500

    Comment typo

commit 0d12ca49a7
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 16:19:13 2015 -0500

    Work around lack of option normalization during size calculation

commit 03019cf451
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 15:53:21 2015 -0500

    Adds StagerVerifySSLCert support (SHA1 of HandlerSSLCert)

commit 11593800b6
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 14 15:52:23 2015 -0500

    Move X509 PEM parsing into Rex::Parser::X509Certificate

commit 1001061a96
Author: HD Moore <hd_moore@rapid7.com>
Date:   Wed Mar 4 18:52:18 2015 -0600

    Initialize @capture_count

commit 1b1716bcf6
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 22:01:01 2015 -0600

    Fix a handful of bugs that broke this modules. Fixes #4799

commit 9730a1655e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 22:00:42 2015 -0600

    Small cleanups to the LLMR responder module

commit bdd5276524
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 21:53:47 2015 -0600

    This fixes a number of issues with the Capture mixin

     * The use of www.metasploit.com in a datastore option results in a DNS lookup (infoleak). Switch to 8.8.8.8 (TTL=1)
     * The hackey code around #each_packet is no longer necessary in newer Ruby versions
     * The arp()/probe_gateway() calls to inject_reply() had broken logic leading to early exit and missed replies
     * The arp() function now tries up to three times to get a reply (helpful with lossy L2)
     * GC.start is extraneous and should be removed
     * Increased timeouts

commit 615d71de6e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Feb 22 21:51:33 2015 -0600

    Remove extraneous calls to GC.start()

commit 44a7e7e4bc
Author: jakxx <jakx.ppr@gmail.com>
Date:   Wed Feb 18 13:22:54 2015 -0500

    publish-it fileformat exploit

commit 766a07a904
Author: jstnkndy <jstnkndy@gmail.com>
Date:   Tue Jan 13 22:08:08 2015 -0500

    Add CVE-2015-0975 XXE for OpenNMS <= 14.0.2

2015-03-19 10:47:33 -05:00

app

turn nil publics and privates into blanks

2014-09-05 16:06:58 -05:00

config

Merge branch 'master' into staging/rails-4.0

2015-01-08 13:12:27 -06:00

data

Merge master

2015-03-19 10:47:33 -05:00

Update mdm and run migrations

2015-03-18 16:21:03 -05:00

documentation

Restore the hallowed developer's guide

2014-12-03 16:50:18 -06:00

external

Merge master

2015-03-19 10:47:33 -05:00

features

Update help.feature

2015-02-20 21:23:02 -06:00

lib

Merge master

2015-03-19 10:47:33 -05:00

modules

Merge master

2015-03-19 10:47:33 -05:00

plugins

Land #4858 , RPC client true/truthy fix

2015-03-09 11:35:57 -05:00

script

rails generate cucumber:install

2014-08-27 14:10:04 -05:00

scripts

Fixes persistence module by revering changes to the value returned by the write_script_to_target function, which screws up the path that is used for startup. Currently an escaped path "C://Users//..." is being used instead of using windows standards "C:\Users\...".

2015-03-10 10:26:03 +01:00

spec

Merge branch 'master' into staging/rails-4.0

2015-03-17 15:47:48 -05:00

test

revert puts back to a vprint call

2015-01-28 16:41:12 -06:00

tools

update tools/missing-payload-tests to give correct advice

2015-03-16 18:10:10 -05:00

.gitignore

Also .gitignore the source directory for metakitty

2014-12-03 16:12:30 -06:00

.gitmodules

Add RDI submodule, port Kitrap0d

2013-11-27 16:04:41 +10:00

.mailmap

Add the most recent alias joe uses

2015-03-11 12:28:51 -05:00

.rspec

Add modern --require to .rspec

2014-10-08 10:55:40 -05:00

.rubocop.yml

Reapply PR #4113 (removed via #4175 )

2014-11-11 15:06:43 -06:00

.ruby-gemset

Restoring ruby and gemset files

2014-05-20 10:17:00 -05:00

.ruby-version

Default Ruby 2.1.5 for everyone

2015-01-02 11:33:36 -06:00

.simplecov

Remove fastlib

2014-09-18 15:24:21 -05:00

.travis.yml

removing 1.9.3 from travis

2015-02-18 17:19:01 -06:00

.yardopts

update .yardopts

2014-07-24 13:59:04 -05:00

CONTRIBUTING.md

Remove Road House reference

2015-01-30 15:14:56 -06:00

COPYING

Happy new year!

2014-12-31 12:12:45 -06:00

Gemfile

Upgrade factory_girls

2015-03-18 11:28:08 -05:00

Gemfile.local.example

Fix example Gemfile.local to work with existing

2014-06-24 00:00:47 -05:00

Gemfile.lock

Update mdm

2015-03-18 16:37:54 -05:00

HACKING

Update link for The Metasploit Development Environment

2014-07-15 10:16:47 -05:00

LICENSE

Remove LORCON from LICENSE

2015-02-26 14:53:23 -06:00

metasploit-framework-db.gemspec

latest credential for postgres hash import/export

2015-03-09 11:31:02 -05:00

metasploit-framework-full.gemspec

Make the version constraint a range

2014-12-19 13:54:13 -06:00

metasploit-framework-pcap.gemspec

Depend on metasloit-framework in optional gemspecs

2014-11-05 12:33:44 -06:00

metasploit-framework.gemspec

Merge branch 'master' into staging/rails-4.0

2015-03-17 15:47:48 -05:00

msfbinscan

Fix typo in msfbinscan

2014-12-18 02:43:24 +01:00

msfcli

Add deprecation warning to msfcli, 6 months

2014-12-18 09:39:50 -06:00

msfconsole

Use Rex::Compat.open_file to open profiling report

2014-09-19 11:13:28 -05:00

msfd

Remove fastlib

2014-09-18 15:24:21 -05:00

msfelfscan

Remove fastlib

2014-09-18 15:24:21 -05:00

msfencode

Add a link to PR #4333 in the message

2014-12-09 13:04:35 -06:00

msfmachscan

Remove fastlib

2014-09-18 15:24:21 -05:00

msfpayload

Add a link to PR #4333 in the message

2014-12-09 13:04:35 -06:00

msfpescan

Remove fastlib

2014-09-18 15:24:21 -05:00

msfrop

Remove fastlib

2014-09-18 15:24:21 -05:00

msfrpc

Change {} back to do/end

2015-03-09 00:00:49 -05:00

msfrpcd

Revert #4859 , temporary solution for unbreaking client

2015-02-28 14:07:26 -06:00

msfupdate

Always use maybe_wait_and_exit in msfupdate

2013-11-15 17:26:21 -06:00

msfvenom

add trailing newline

2015-02-24 17:53:33 +01:00

Rakefile

Merge branch 'feature/MSP-11130/metasploit-framework-spec-constants' into feature/MSP-11147/thread-leak-detection

2014-11-05 15:47:59 -06:00

README.md

Fix README.md Travis badge

2015-02-06 15:18:11 -06:00

README.md

Metasploit

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from https://metasploit.com/

Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework

New bugs and feature requests should be directed to: http://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api

Questions and suggestions can be sent to: https://lists.sourceforge.net/lists/listinfo/metasploit-hackers

Installing

Generally, you should use the free installer which contains all dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading Metasploit Unleashed, the great community resources, or the wiki.

Contributing

See the Dev Environment Setup guide on GitHub which will walk you through the whole process starting from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more info, see Contributing.

Languages

Ruby 95%

PowerShell 2.7%

C 1.2%

Python 0.4%

HTML 0.2%

Other 0.1%