Merge pull request #16 from rapid7/master

a

Author: Pedro Ribeiro

.gitignore

@@ -67,17 +67,7 @@ external/source/exploits/**/Release
 
 # Avoid checking in Meterpreter binaries. These are supplied upstream by
 # the meterpreter_bins gem.
-data/meterpreter/elevator.*.dll
-data/meterpreter/ext_server_espia.*.dll
-data/meterpreter/ext_server_extapi.*.dll
-data/meterpreter/ext_server_incognito.*.dll
-data/meterpreter/ext_server_kiwi.*.dll
-data/meterpreter/ext_server_lanattacks.*.dll
-data/meterpreter/ext_server_mimikatz.*.dll
-data/meterpreter/ext_server_priv.*.dll
-data/meterpreter/ext_server_stdapi.*.dll
-data/meterpreter/metsrv.*.dll
-data/meterpreter/screenshot.*.dll
+data/meterpreter/*.dll
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,

.mailmap

@@ -13,11 +13,6 @@ jhart-r7 <jhart-r7@github>         Jon Hart <[email protected]>
 jlee-r7 <jlee-r7@github>           egypt <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]>
-joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
-joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
-joev-r7 <joev-r7@github>           joev <[email protected]>
-joev-r7 <joev-r7@github>           jvennix-r7 <[email protected]>
-joev-r7 <joev-r7@github>           jvennix-r7 <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
 kgray-r7 <kgray-r7@github>         Kyle Gray <[email protected]>
@@ -80,9 +75,15 @@ jcran <jcran@github>                   Jonathan Cran <[email protected]>
 jcran <jcran@github>                   Jonathan Cran <[email protected]>
 jduck <jduck@github>                   Joshua Drake <[email protected]>
 jgor <jgor@github>                     jgor <[email protected]>
+joevennix <joevennix@github>           joe <[email protected]>
+joevennix <joevennix@github>           Joe Vennix <[email protected]>
+joevennix <joevennix@github>           Joe Vennix <[email protected]>
+joevennix <joevennix@github>           joev <[email protected]>
+joevennix <joevennix@github>           jvennix-r7 <[email protected]>
+joevennix <joevennix@github>           jvennix-r7 <[email protected]>
 kernelsmith <kernelsmith@github>       Joshua Smith <[email protected]>
-kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
 kernelsmith <kernelsmith@github>       Joshua Smith <[email protected]>
+kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
 kost <kost@github>                     Vlatko Kosturjak <[email protected]>
 kris <kris@???>                        kris <>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <[email protected]>

.travis.yml

@@ -11,11 +11,10 @@ matrix:
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
   - rake --version
-  # Uncomment when we have fewer shipping msftidy warnings.
-  # Merge committers will still be checking, just not autofailing.
-  # - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge
-  # - ls -la ./.git/hooks
-  # - ./.git/hooks/post-merge
+  # Fail build if msftidy is not successful
+  - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge
+  - ls -la ./.git/hooks
+  - ./.git/hooks/post-merge
 before_script:
   - cp config/database.yml.travis config/database.yml
   - bundle exec rake --version
@@ -26,7 +25,6 @@ script:
   - git diff --exit-code && bundle exec rake $RAKE_TASKS
 sudo: false
 rvm:
-  - '1.9.3'
   - '2.1'
 
 notifications:

CONTRIBUTING.md

@@ -3,86 +3,111 @@
 Thanks for your interest in making Metasploit -- and therefore, the
 world -- a better place!
 
-Are you about to report a bug? Sorry to hear it.
-
-Here's our [Issue tracker](https://github.com/rapid7/metasploit-framework/issues).
-Please try to be as specific as you can about your problem, include steps
-to reproduce (cut and paste from your console output if it's helpful), and
+Are you about to report a bug? Sorry to hear it. Here's our [Issue tracker].
+Please try to be as specific as you can about your problem; include steps
+to reproduce (cut and paste from your console output if it's helpful) and
 what you were expecting to happen.
 
 Are you about to report a security vulnerability in Metasploit itself?
 How ironic! Please take a look at Rapid7's [Vulnerability
 Disclosure Policy](https://www.rapid7.com/disclosure.jsp), and send
-your report to [email protected] using [our PGP key](http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D).
+your report to [email protected] using our [PGP key].
 
 Are you about to contribute some new functionality, a bug fix, or a new
 Metasploit module? If so, read on...
 
 # Contributing to Metasploit
 
-What you see here in CONTRIBUTING.md is a bullet-point list of the do's
+What you see here in CONTRIBUTING.md is a bullet point list of the do's
 and don'ts of how to make sure *your* valuable contributions actually
 make it into Metasploit's master branch.
 
 If you care not to follow these rules, your contribution **will** be
-closed (*Road House* style). Sorry!
+closed. Sorry!
 
-This is intended to be a **short** list. The
-[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more
+This is intended to be a **short** list. The [wiki] is much more
 exhaustive and reveals many mysteries. If you read nothing else, take a
-look at the standard [development environment setup
-guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment)
-and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes).
+look at the standard [development environment setup] guide
+and Metasploit's [Common Coding Mistakes].
 
 ## Code Contributions
 
-* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
-* **Do** get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
-* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
-* **Don't** use the default merge messages when merging from other
-   branches.
-* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
+* **Do** stick to the [Ruby style guide].
+* **Do** get [Rubocop] relatively quiet against the code you are adding or modifying.
+* **Do** follow the [50/72 rule] for Git commit messages.
+* **Don't** use the default merge messages when merging from other branches.
+* **Do** create a [topic branch] to work on instead of working directly on `master`.
 
 ### Pull Requests
 
 * **Do** target your pull request to the **master branch**. Not staging, not develop, not release.
 * **Do** specify a descriptive title to make searching for your pull request easier.
-* **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`.
-* **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable.
+* **Do** include [console output], especially for witnessable effects in `msfconsole`.
+* **Do** list [verification steps] so your code is testable.
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.
 
-Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow.
+Pull requests [PR#2940] and [PR#3043] are a couple good examples to follow.
 
 #### New Modules
 
-* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
-* **Do** use the [many module mixin APIs](https://rapid7.github.io/metasploit-framework/api/). Wheel improvements are welcome; wheel reinventions, not so much.
+* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up.
+  - It would be even better to set up `msftidy.rb` as a [pre-commit hook].
+* **Do** use the many module mixin [API]s. Wheel improvements are welcome; wheel reinventions, not so much.
 * **Don't** include more than one module per pull request.
 
+#### Scripts
+
+* **Don't** submit new [scripts].  Scripts are shipped as examples for
+  automating local tasks, and anything "serious" can be done with post
+  modules and local exploits.
+
 #### Library Code
 
-* **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up.
-* **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs.
-* **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code.
+* **Do** write [RSpec] tests - even the smallest change in library land can thoroughly screw things up.
+* **Do** follow [Better Specs] - it's like the style guide for specs.
+* **Do** write [YARD] documentation - this makes it easier for people to use your code.
 * **Don't** fix a lot of things in one pull request. Small fixes are easier to validate.
 
 #### Bug Fixes
 
 * **Do** include reproduction steps in the form of verification steps.
-* **Do** include a link to any corresponding [Issue](https://github.com/rapid7/metasploit-framework/issues) in the format of `See #1234` in your commit description.
+* **Do** include a link to any corresponding [Issues] in the format of
+  `See #1234` in your commit description.
 
 ## Bug Reports
 
 * **Do** report vulnerabilities in Rapid7 software directly to [email protected].
 * **Do** write a detailed description of your bug and use a descriptive title.
 * **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
-* **Don't** file duplicate reports - search for your bug before filing a new report.
+* **Don't** file duplicate reports; search for your bug before filing a new report.
 
 If you need some more guidance, talk to the main body of open
-source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)
-or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers)
-mailing list.
+source contributors over on the [Freenode IRC channel],
+or e-mail us at the [metasploit-hackers] mailing list.
 
 Also, **thank you** for taking the few moments to read this far! You're
 already way ahead of the curve, so keep it up!
+
+[Issue Tracker]:http://r-7.co/MSF-BUGv1
+[PGP key]:http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D
+[wiki]:https://github.com/rapid7/metasploit-framework/wiki
+[scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
+[development environment setup]:http://r-7.co/MSF-DEV
+[Common Coding Mistakes]:https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes
+[Ruby style guide]:https://github.com/bbatsov/ruby-style-guide
+[Rubocop]:https://rubygems.org/search?query=rubocop
+[50.72 rule]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[topic branch]:http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches
+[console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
+[verification steps]:https://help.github.com/articles/writing-on-github#task-lists
+[PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
+[PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
+[pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
+[API]:https://rapid7.github.io/metasploit-framework/api
+[RSpec]:http://rspec.info
+[Better Specs]:http://betterspecs.org
+[YARD]:http://yardoc.org
+[Issues]:https://github.com/rapid7/metasploit-framework/issues
+[Freenode IRC channel]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
+[metasploit-hackers]:https://lists.sourceforge.net/lists/listinfo/metasploit-hackers

Gemfile.lock

@@ -8,23 +8,23 @@ PATH
       jsobfu (~> 0.2.0)
       json
       metasploit-concern (~> 0.3.0)
-      metasploit-model (~> 0.28.0)
-      meterpreter_bins (= 0.0.13)
+      metasploit-model (~> 0.29.0)
+      meterpreter_bins (= 0.0.17)
       msgpack
       nokogiri
       packetfu (= 1.1.9)
       railties
-      rb-readline
+      rb-readline-r7
       recog (~> 1.0)
       robots
       rubyzip (~> 1.1)
       sqlite3
       tzinfo
     metasploit-framework-db (4.11.0.pre.dev)
       activerecord (>= 3.2.21, < 4.0.0)
-      metasploit-credential (~> 0.13.12)
+      metasploit-credential (~> 0.14.3)
       metasploit-framework (= 4.11.0.pre.dev)
-      metasploit_data_models (~> 0.22.1)
+      metasploit_data_models (~> 0.23.2)
       pg (>= 0.11)
     metasploit-framework-pcap (4.11.0.pre.dev)
       metasploit-framework (= 4.11.0.pre.dev)
@@ -68,7 +68,7 @@ GEM
       childprocess (>= 0.3.6)
       cucumber (>= 1.1.1)
       rspec-expectations (>= 2.7.0)
-    bcrypt (3.1.9)
+    bcrypt (3.1.10)
     builder (3.0.4)
     capybara (2.4.1)
       mime-types (>= 1.16)
@@ -105,41 +105,41 @@ GEM
     journey (1.0.4)
     jsobfu (0.2.1)
       rkelly-remix (= 0.0.6)
-    json (1.8.1)
+    json (1.8.2)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metasploit-concern (0.3.0)
       activesupport (~> 3.0, >= 3.0.0)
       railties (< 4.0.0)
-    metasploit-credential (0.13.12)
+    metasploit-credential (0.14.3)
       metasploit-concern (~> 0.3.0)
-      metasploit-model (~> 0.28.0)
-      metasploit_data_models (~> 0.22.1)
+      metasploit-model (~> 0.29.0)
+      metasploit_data_models (~> 0.23.0)
       pg
       railties (< 4.0.0)
       rubyntlm
       rubyzip (~> 1.1)
-    metasploit-model (0.28.0)
+    metasploit-model (0.29.0)
       activesupport
       railties (< 4.0.0)
-    metasploit_data_models (0.22.1)
+    metasploit_data_models (0.23.2)
       activerecord (>= 3.2.13, < 4.0.0)
       activesupport
       arel-helpers
       metasploit-concern (~> 0.3.0)
-      metasploit-model (~> 0.28.0)
+      metasploit-model (~> 0.29.0)
       pg
       railties (< 4.0.0)
       recog (~> 1.0)
-    meterpreter_bins (0.0.13)
+    meterpreter_bins (0.0.17)
     method_source (0.8.2)
     mime-types (1.25.1)
     mini_portile (0.6.2)
-    msgpack (0.5.9)
+    msgpack (0.5.11)
     multi_json (1.0.4)
     network_interface (0.0.1)
-    nokogiri (1.6.5)
+    nokogiri (1.6.6.2)
       mini_portile (~> 0.6.0)
     packetfu (1.1.9)
     pcaprub (0.11.3)
@@ -154,7 +154,7 @@ GEM
       rack (>= 0.4)
     rack-ssl (1.3.4)
       rack
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
     rails (3.2.21)
       actionmailer (= 3.2.21)
@@ -172,10 +172,10 @@ GEM
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
     rake (10.4.2)
-    rb-readline (0.5.1)
+    rb-readline-r7 (0.5.2.0)
     rdoc (3.12.2)
       json (~> 1.4)
-    recog (1.0.7)
+    recog (1.0.24)
       nokogiri
     redcarpet (3.1.2)
     rkelly-remix (0.0.6)
@@ -199,8 +199,8 @@ GEM
       rspec-core (~> 2.99.0)
       rspec-expectations (~> 2.99.0)
       rspec-mocks (~> 2.99.0)
-    rubyntlm (0.4.0)
-    rubyzip (1.1.6)
+    rubyntlm (0.5.0)
+    rubyzip (1.1.7)
     shoulda-matchers (2.6.2)
     simplecov (0.5.4)
       multi_json (~> 1.0.3)
@@ -219,7 +219,7 @@ GEM
     treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.42)
+    tzinfo (0.3.43)
     xpath (2.0.0)
       nokogiri (~> 1.3)
     yard (0.8.7.4)

LICENSE

@@ -32,10 +32,6 @@ Copyright: 2003-2010 Mark Borgerding
            2009-2012 H D Moore <hdm[at]rapid7.com>
 License: BSD-3-clause
 
-Files: external/ruby-lorcon/*
-Copyright: 2005, dragorn and Joshua Wright
-License: LGPL-2.1
-
 Files: external/source/exploits/IE11SandboxEscapes/*
 Copyright: James Forshaw, 2014
 License: GPLv3