adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6055438476dd4a5f6f5bb3e946744cd97cfda43d
metasploit-gs/modules/auxiliary/admin/http/github_pulls_changes.rb
T
jvazquez-r7 6055438476 up to date
2013-03-12 17:04:27 +01:00

101 lines
2.7 KiB
Ruby
Raw Blame History

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
def initialize
super(
'Name' => 'Gighub pulls requests files changed summary',
'Description' => %q{
This module uses the github api to summarize files changed
by pull requests.
},
'References' =>
[
['URL', 'http://developer.github.com/v3/pulls/#list-pull-requests']
],
'DisclosureDate' => 'Mar 11 2013',
'Author' => [ 'juan vazquez' ],
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT(443),
Opt::RHOST('api.github.com'),
OptString.new("TARGETURI", [true, 'The URI directory where basic auth is enabled', '/']),
OptString.new("OWNER", [true, 'The Repo owner', 'rapid7']),
OptString.new("REPO", [true, 'The Repo name', 'metasploit-framework']),
OptString.new("USERNAME", [true, 'Github username', 'jvazquez-r7']),
OptString.new("PASSWORD", [true, 'Github password',]),
OptBool.new('SSL', [true, 'Use SSL', true])
], self.class)
end
def get_files(id)
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, "repos", @owner, @repo, "pulls", id, "files"),
'method' => 'GET',
'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD'])
})
if res and res.code == 200
if res.headers['X-RateLimit-Remaining'] > 0
print_error("Warning Rate Limit reached retrieving files for ##{id}")
end
files = JSON.parse(res.body)
return files.map { |f| "#{f["filename"]} => #{f["status"]}" }
else
return nil
end
end
def run
@owner = datastore["OWNER"]
@repo = datastore["REPO"]
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, "repos", @owner, @repo, "pulls"),
'method' => 'GET',
'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD'])
})
if res and res.code == 200 and res.headers['X-RateLimit-Remaining'] > 0
pulls = JSON.parse(res.body)
else
print_error("Error retrieving pulls requests")
return
end
results_table = Rex::Ui::Text::Table.new(
'Header' => 'GitHub Pull Requests Summary',
'Indent' => 1,
'Columns' => ['Pull #', 'Pull Title', '# Files', 'Modifications']
)
pulls.each {|p|
if p["state"] == "open"
files = get_files(p["number"])
if files.nil?
results_table << [p["number"], p["title"], "-", "-"]
next
end
results_table << [p["number"], p["title"], files.length, files.join(", ")]
end
}
print_line
print_line(results_table.to_s)
end
end
Reference in New Issue View Git Blame Copy Permalink