Merge remote-tracking branch 'upstream/master' into extapi_service_post

Author: Meatballs1

.gitignore

@@ -7,12 +7,20 @@ Gemfile.local.lock
 .sublime-project
 # RVM control file, keep this to avoid backdooring Metasploit
 .rvmrc
+# Allow for a local choice of (unsupported / semi-supported) ruby versions
+# See PR #4136 for usage, but example usage for rvm:
+#   rvm --create --versions-conf use 2.1.4@metasploit-framework
+# Because rbenv doesn't use .versions.conf, to achieve this same functionality, run:
+#   rbenv shell 2.1.4
+.versions.conf
 # YARD cache directory
 .yardoc
 # Mac OS X files
 .DS_Store
 # database config for testing
 config/database.yml
+# target config file for testing
+features/support/targets.yml
 # simplecov coverage data
 coverage
 doc/
@@ -50,6 +58,8 @@ tags
 
 # Rails log directory
 /log
+# Rails tmp directory
+/tmp
 
 # ignore release/debug folders for exploits
 external/source/exploits/**/Debug
@@ -73,3 +83,7 @@ data/meterpreter/screenshot.*.dll
 # private source. If you're interested in this functionality,
 # check out Metasploit Pro: http://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
+
+# Avoid checking in metakitty, the source for
+# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
+/metakitty

.mailmap

@@ -1,30 +1,50 @@
+bcook-r7 <bcook-r7@github>         Brent Cook <[email protected]>
 bturner-r7 <bturner-r7@github>     Brandon Turner <[email protected]>
+cdoughty-r7 <cdoughty-r7@github>   Chris Doughty <[email protected]>
+dheiland-r7 <dheiland-r7@github>   Deral Heiland <[email protected]>
 dmaloney-r7 <dmaloney-r7@github>   David Maloney <[email protected]>
-dmaloney-r7 <dmaloney-r7@github>   David Maloney <[email protected]> # aka TheLightCosine
+dmaloney-r7 <dmaloney-r7@github>   David Maloney <[email protected]>
+dmaloney-r7 <dmaloney-r7@github>   dmaloney-r7 <[email protected]>
 ecarey-r7 <ecarey-r7@github>       Erran Carey <[email protected]>
 farias-r7 <farias-r7@github>       Fernando Arias <[email protected]>
 hmoore-r7 <hmoore-r7@github>       HD Moore <[email protected]>
 hmoore-r7 <hmoore-r7@github>       HD Moore <[email protected]>
+jhart-r7 <jhart-r7@github>         Jon Hart <[email protected]>
 jlee-r7 <jlee-r7@github>           egypt <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]>
-joev-r7 <joev-r7@github>           joev <[email protected]>
 joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
+joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
+joev-r7 <joev-r7@github>           joev <[email protected]>
+joev-r7 <joev-r7@github>           jvennix-r7 <[email protected]>
+joev-r7 <joev-r7@github>           jvennix-r7 <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
+kgray-r7 <kgray-r7@github>         Kyle Gray <[email protected]>
 limhoff-r7 <limhoff-r7@github>     Luke Imhoff <[email protected]>
+lsanchez-r7 <lsanchez-r7@github>   darkbushido <[email protected]>
+lsanchez-r7 <lsanchez-r7@github>   Lance Sanchez <[email protected]>
+lsanchez-r7 <lsanchez-r7@github>   Lance Sanchez <[email protected]>
+lsanchez-r7 <lsanchez-r7@github>   Lance Sanchez <[email protected]>
+lsanchez-r7 <lsanchez-r7@github>   Lance Sanchez <[email protected]>
+mbuck-r7 <mbuck-r7@github>         Matt Buck <[email protected]>
+mbuck-r7 <mbuck-r7@github>         Matt Buck <[email protected]>
+mschloesser-r7 <mschloesser-r7@github> Mark Schloesser <[email protected]>
+mschloesser-r7 <mschloesser-r7@github> mschloesser-r7 <[email protected]>
+parzamendi-r7 <parzamendi-r7@github> parzamendi-r7 <[email protected]>
 shuckins-r7 <shuckins-r7@github>   Samuel Huckins <[email protected]>
 todb-r7 <todb-r7@github>           Tod Beardsley <[email protected]>
 todb-r7 <todb-r7@github>           Tod Beardsley <[email protected]>
 todb-r7 <todb-r7@github>           Tod Beardsley <[email protected]>
-trosen-r7 <trosen-r7@github>       Trevor Rosen <[email protected]>
 trosen-r7 <trosen-r7@github>       Trevor Rosen <[email protected]>
+trosen-r7 <trosen-r7@github>       Trevor Rosen <[email protected]>
 wchen-r7 <wchen-r7@github>         sinn3r <[email protected]> # aka sinn3r
 wchen-r7 <wchen-r7@github>         sinn3r <[email protected]>
 wchen-r7 <wchen-r7@github>         Wei Chen <[email protected]>
 wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
 wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
 wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
+wvu-r7 <wvu-r7@github>             wvu-r7 <[email protected]>
 
 # Above this line are current Rapid7 employees. Below this paragraph are
 # volunteers, former employees, and potential Rapid7 employees who, at
@@ -34,10 +54,13 @@ wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
 # let [email protected] know.
 
 bannedit <bannedit@github>             David Rude <[email protected]>
-Brandon Perry <brandonprry@github>     Brandon Perry <[email protected]>
-Brandon Perry <brandonprry@github>     Brandon Perry <bperry@bperry-rapid7.(none)>
-Brian Wallace <bwall@github>           (B)rian (Wall)ace <[email protected]>
-Brian Wallace <bwall@github>           Brian Wallace <[email protected]>
+bcoles <bcoles@github>                 bcoles <[email protected]>
+bcoles <bcoles@github>                 Brendan Coles <[email protected]>
+brandonprry <brandonprry@github>       Brandon Perry <[email protected]>
+brandonprry <brandonprry@github>       Brandon Perry <bperry@bperry-rapid7.(none)>
+brandonprry <brandonprry@github>       Brandon Perry <[email protected]>
+bwall <bwall@github>                   (B)rian (Wall)ace <[email protected]>
+bwall <bwall@github>                   Brian Wallace <[email protected]>
 ceballosm <ceballosm@github>           Mario Ceballos <[email protected]>
 Chao-mu <Chao-Mu@github>               Chao Mu <[email protected]>
 Chao-mu <Chao-Mu@github>               chao-mu <[email protected]>
@@ -59,35 +82,44 @@ jduck <jduck@github>                   Joshua Drake <[email protected]>
 jgor <jgor@github>                     jgor <[email protected]>
 kernelsmith <kernelsmith@github>       Joshua Smith <[email protected]>
 kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
+kernelsmith <kernelsmith@github>       Joshua Smith <[email protected]>
 kost <kost@github>                     Vlatko Kosturjak <[email protected]>
 kris <kris@???>                        kris <>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <[email protected]>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <[email protected]>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <[email protected]>
+m-1-k-3 <m-1-k-3@github>               Michael Messner <[email protected]>
 Meatballs1 <Meatballs1@github>         Ben Campbell <[email protected]>
 Meatballs1 <Meatballs1@github>         Meatballs <[email protected]>
-Meatballs1 <Meatballs1@github>         Meatballs1 <[email protected]> 
+Meatballs1 <Meatballs1@github>         Meatballs1 <[email protected]>
 mubix <mubix@github>                   Rob Fuller <[email protected]>
 nevdull77 <nevdull77@github>           Patrik Karlsson <[email protected]>
-nmonkee <nmonkee@github>               nmonkee <[email protected]> 
+nmonkee <nmonkee@github>               nmonkee <[email protected]>
 nullbind <nullbind@github>             nullbind <[email protected]>
+nullbind <nullbind@github>             Scott Sutherland <[email protected]>
 ohdae <ohdae@github>                   ohdae <[email protected]>
-OJ <oj@github>                         OJ Reeves <[email protected]>
-OJ <oj@github>                         OJ <[email protected]>
+oj <oj@github>                         OJ <[email protected]>
+oj <oj@github>                         OJ Reeves <[email protected]>
 r3dy <r3dy@github>                     Royce Davis <[email protected]>
 r3dy <r3dy@github>                     Royce Davis <[email protected]>
 Rick Flores <[email protected]>  Rick Flores (nanotechz9l) <[email protected]>
 rsmudge <rsmudge@github>               Raphael Mudge <[email protected]> # Aka `butane
 schierlm <schierlm@github>             Michael Schierl <[email protected]> # Aka mihi
 scriptjunkie <scriptjunkie@github>     Matt Weeks <[email protected]>
+scriptjunkie <scriptjunkie@github>     scriptjunkie <[email protected]>
 skape <skape@???>                      Matt Miller <[email protected]>
 spoonm <spoonm@github>                 Spoon M <[email protected]>
 swtornio <swtornio@github>             Steve Tornio <[email protected]>
 Tasos Laskos <[email protected]> Tasos Laskos <[email protected]>
+timwr <timwr@github>                   Tim <[email protected]>
+timwr <timwr@github>                   Tim Wright <[email protected]>
+TomSellers <TomSellers@github>         Tom Sellers <[email protected]>
 TrustedSec <[email protected]>      trustedsec <[email protected]>
+zeroSteiner <zeroSteiner@github>       Spencer McIntyre <[email protected]>
 
 # Aliases for utility author names. Since they're fake, typos abound
 
-Tab Assassin <[email protected]> Tabasssassin <[email protected]>
 Tab Assassin <[email protected]> Tabassassin <[email protected]>
 Tab Assassin <[email protected]> TabAssassin <[email protected]>
+Tab Assassin <[email protected]> Tabasssassin <[email protected]>
+Tab Assassin <[email protected]> URI Assassin <[email protected]>

.rspec

@@ -1,2 +1,3 @@
 --color
 --format Fivemat
+--require spec_helper

.rubocop.yml

@@ -8,7 +8,7 @@
 
 # inherit_from: .rubocop_todo.yml
 
-Style/ClassLength:
+Metrics/ClassLength:
   Description: 'Most Metasploit modules are quite large. This is ok.'
   Enabled: true
   Exclude:
@@ -25,20 +25,30 @@ Style/Encoding:
   Description: 'We prefer binary to UTF-8.'
   EnforcedStyle: 'when_needed'
 
-Style/LineLength:
+Metrics/LineLength:
   Description: >-
                   Metasploit modules often pattern match against very
                   long strings when identifying targets.
   Enabled: true
   Max: 180
 
-Style/MethodLength:
+Metrics/MethodLength:
   Enabled: true
   Description: >-
                   While the style guide suggests 10 lines, exploit definitions
                   often exceed 200 lines.
   Max: 300
 
+# Basically everything in metasploit needs binary encoding, not UTF-8.
+# Disable this here and enforce it through msftidy
+Style/Encoding:
+  Enabled: false
+
+# %q() is super useful for long strings split over multiple lines and
+# is very common in module constructors for things like descriptions
+Style/UnneededPercentQ:
+  Enabled: false
+
 Style/NumericLiterals:
   Enabled: false
   Description: 'This often hurts readability for exploit-ish code.'
@@ -53,4 +63,22 @@ Style/StringLiterals:
 
 Style/WordArray:
   Enabled: false
-  Description: 'Metasploit prefers consistent use of []'
+  Description: 'Metasploit prefers consistent use of []'
+
+Style/RedundantBegin:
+  Exclude:
+    # this pattern is very common and somewhat unavoidable
+    # def run_host(ip)
+    #   begin
+    #     ...
+    #   rescue ...
+    #     ...
+    #   ensure
+    #     disconnect
+    #   end
+    # end
+    - 'modules/**/*'
+
+Documentation:
+  Exclude:
+    - 'modules/**/*'

.ruby-version

@@ -1 +1 @@
-1.9.3-p547
+2.1.5

.simplecov

@@ -39,7 +39,6 @@ SimpleCov.configure do
 	# Other library groups
 	#
 
-	add_group 'Fastlib', 'lib/fastlib'
 	add_group 'Metasm', 'lib/metasm'
 	add_group 'PacketFu', 'lib/packetfu'
 	add_group 'Rex', 'lib/rex'

.travis.yml

@@ -1,11 +1,18 @@
+bundler_args: --without coverage development pcap
+cache: bundler
+env:
+  - RAKE_TASKS="cucumber cucumber:boot"
+  - RAKE_TASKS=spec SPEC_OPTS="--tag content"
+  - RAKE_TASKS=spec SPEC_OPTS="--tag ~content"
+
 language: ruby
+matrix:
+  fast_finish: true
 before_install:
+  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
   - rake --version
-  - sudo apt-get update -qq
-  - sudo apt-get install -qq libpcap-dev
   # Uncomment when we have fewer shipping msftidy warnings.
   # Merge committers will still be checking, just not autofailing.
-  # See https://dev.metasploit.com/redmine/issues/8498
   # - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge
   # - ls -la ./.git/hooks
   # - ./.git/hooks/post-merge
@@ -14,13 +21,22 @@ before_script:
   - bundle exec rake --version
   - bundle exec rake db:create
   - bundle exec rake db:migrate
-
+script:
+  # fail build if db/schema.rb update is not committed
+  - git diff --exit-code && bundle exec rake $RAKE_TASKS
+sudo: false
 rvm:
-  #- '1.8.7'
   - '1.9.3'
+  - '2.1'
 
 notifications:
   irc: "irc.freenode.org#msfnotify"
 
 git:
   depth: 5
+
+# Blacklist certain branches from triggering travis builds
+branches:
+  except:
+    - gh-pages
+    - metakitty

CONTRIBUTING.md

@@ -3,13 +3,17 @@
 Thanks for your interest in making Metasploit -- and therefore, the
 world -- a better place!
 
-Are you about to report a bug? If so, please use our [Redmine Bug
-Tracker](https://dev.metasploit.com/redmine/projects/framework). An
-account is required but it only takes a minute or two.
+Are you about to report a bug? Sorry to hear it.
 
-Are you about to report a security vulnerability in Metasploit?
-If so, please take a look at Rapid's [Vulnerability
-Disclosure Policy](https://www.rapid7.com/disclosure.jsp) policy.
+Here's our [Issue tracker](https://github.com/rapid7/metasploit-framework/issues).
+Please try to be as specific as you can about your problem, include steps
+to reproduce (cut and paste from your console output if it's helpful), and
+what you were expecting to happen.
+
+Are you about to report a security vulnerability in Metasploit itself?
+How ironic! Please take a look at Rapid7's [Vulnerability
+Disclosure Policy](https://www.rapid7.com/disclosure.jsp), and send
+your report to [email protected] using [our PGP key](http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D).
 
 Are you about to contribute some new functionality, a bug fix, or a new
 Metasploit module? If so, read on...
@@ -33,8 +37,10 @@ and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-f
 ## Code Contributions
 
 * **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
-* *Do* get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
+* **Do** get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
 * **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
+* **Don't** use the default merge messages when merging from other
+   branches.
 * **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
 
 ### Pull Requests
@@ -51,7 +57,7 @@ Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940)
 #### New Modules
 
 * **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
-* **Do** use the [many module mixin APIs](https://dev.metasploit.com/api/). Wheel improvements are welcome; wheel reinventions, not so much.
+* **Do** use the [many module mixin APIs](https://rapid7.github.io/metasploit-framework/api/). Wheel improvements are welcome; wheel reinventions, not so much.
 * **Don't** include more than one module per pull request.
 
 #### Library Code
@@ -64,18 +70,14 @@ Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940)
 #### Bug Fixes
 
 * **Do** include reproduction steps in the form of verification steps.
-* **Do** include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description.
+* **Do** include a link to any corresponding [Issue](https://github.com/rapid7/metasploit-framework/issues) in the format of `See #1234` in your commit description.
 
 ## Bug Reports
 
 * **Do** report vulnerabilities in Rapid7 software directly to [email protected].
-* **Do** create a Redmine account and report your non-vulnerability bugs there.
 * **Do** write a detailed description of your bug and use a descriptive title.
 * **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
 * **Don't** file duplicate reports - search for your bug before filing a new report.
-* **Don't** report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead.
-
-Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow.
 
 If you need some more guidance, talk to the main body of open
 source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 2006-2013, Rapid7, Inc.
+Copyright (C) 2006-2015, Rapid7, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,