diff --git a/.gitignore b/.gitignore index 189d32b78e8e2..0661f00c84b72 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,11 @@ .bundle +Gemfile.local +Gemfile.local.lock # Rubymine project directory .idea # Sublime Text project directory (not created by ST by default) .sublime-project -# Portable ruby version files for rvm -.ruby-gemset -.ruby-version -# RVM control file +# RVM control file, keep this to avoid backdooring Metasploit .rvmrc # YARD cache directory .yardoc @@ -16,8 +15,6 @@ config/database.yml # simplecov coverage data coverage -data/meterpreter/ext_server_pivot.dll -data/meterpreter/ext_server_pivot.x64.dll doc/ external/source/meterpreter/java/bin external/source/meterpreter/java/build @@ -44,3 +41,32 @@ tags *~ # Ignore backups of retabbed files *.notab + +# ignore Visual Studio external source garbage +*.suo +*.sdf +*.opensdf +*.user + +# ignore release/debug folders for exploits +external/source/exploits/**/Debug +external/source/exploits/**/Release + +# Avoid checking in Meterpreter binaries. These are supplied upstream by +# the meterpreter_bins gem. +data/meterpreter/elevator.*.dll +data/meterpreter/ext_server_espia.*.dll +data/meterpreter/ext_server_extapi.*.dll +data/meterpreter/ext_server_incognito.*.dll +data/meterpreter/ext_server_kiwi.*.dll +data/meterpreter/ext_server_lanattacks.*.dll +data/meterpreter/ext_server_mimikatz.*.dll +data/meterpreter/ext_server_priv.*.dll +data/meterpreter/ext_server_stdapi.*.dll +data/meterpreter/metsrv.*.dll +data/meterpreter/screenshot.*.dll + +# Avoid checking in Meterpreter libs that are built from +# private source. If you're interested in this functionality, +# check out Metasploit Pro: http://metasploit.com/download +data/meterpreter/ext_server_pivot.*.dll diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000000..564edab544c77 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "external/source/ReflectiveDLLInjection"] + path = external/source/ReflectiveDLLInjection + url = https://github.com/rapid7/ReflectiveDLLInjection.git diff --git a/.mailmap b/.mailmap index 0b0bd860dd121..79a858c2a7b00 100644 --- a/.mailmap +++ b/.mailmap @@ -1,50 +1,58 @@ -bperry-r7 Brandon Perry -bperry-r7 Brandon Perry bturner-r7 Brandon Turner -dmaloney-r7 David Maloney # aka TheLightCosine dmaloney-r7 David Maloney +dmaloney-r7 David Maloney # aka TheLightCosine ecarey-r7 Erran Carey +farias-r7 Fernando Arias hmoore-r7 HD Moore hmoore-r7 HD Moore -jlee-r7 James Lee -jlee-r7 James Lee # aka egypt jlee-r7 egypt # aka egypt +jlee-r7 James Lee # aka egypt +jlee-r7 James Lee +joev-r7 joev joev-r7 Joe Vennix jvazquez-r7 jvazquez-r7 +jvazquez-r7 jvazquez-r7 limhoff-r7 Luke Imhoff shuckins-r7 Samuel Huckins -tasos-r7 Tasos Laskos todb-r7 Tod Beardsley todb-r7 Tod Beardsley -wchen-r7 Wei Chen +todb-r7 Tod Beardsley +trosen-r7 Trevor Rosen +trosen-r7 Trevor Rosen wchen-r7 sinn3r # aka sinn3r wchen-r7 sinn3r +wchen-r7 Wei Chen +wvu-r7 William Vu +wvu-r7 William Vu +wvu-r7 William Vu -# Above this line are current Rapid7 employees Below this paragraph are +# Above this line are current Rapid7 employees. Below this paragraph are # volunteers, former employees, and potential Rapid7 employees who, at # one time or another, had some largeish number of commits landed on # rapid7/metasploit-framework master branch. This should be refreshed # periodically. If you're on this list and would like to not be, just # let todb@metasploit.com know. +bannedit David Rude +Brandon Perry Brandon Perry +Brandon Perry Brandon Perry Brian Wallace (B)rian (Wall)ace Brian Wallace Brian Wallace +ceballosm Mario Ceballos +Chao-mu Chao Mu +Chao-mu chao-mu +Chao-mu chao-mu ChrisJohnRiley Chris John Riley ChrisJohnRiley Chris John Riley -FireFart Christian Mehlmauer -Meatballs1 Ben Campbell -Meatballs1 Meatballs -Meatballs1 Meatballs1 -bannedit David Rude -ceballosm Mario Ceballos -corelanc0d3er Peter Van Eeckhoutte (corelanc0d3r) -corelanc0d3er corelanc0d3r +corelanc0d3r corelanc0d3r +corelanc0d3r Peter Van Eeckhoutte (corelanc0d3r) darkoperator Carlos Perez efraintorres efraintorres efraintorres et <> fab fab <> # fab at revhosts.net (Fabrice MOURRON) -h0ng10 Hans-Martin Münch +FireFart Christian Mehlmauer h0ng10 h0ng10 +h0ng10 Hans-Martin Münch jcran Jonathan Cran jcran Jonathan Cran jduck Joshua Drake @@ -56,16 +64,30 @@ kris kris <> m-1-k-3 m-1-k-3 m-1-k-3 m-1-k-3 m-1-k-3 m-1-k-3 +Meatballs1 Ben Campbell +Meatballs1 Meatballs +Meatballs1 Meatballs1 mubix Rob Fuller nevdull77 Patrik Karlsson nmonkee nmonkee nullbind nullbind ohdae ohdae +OJ OJ Reeves +OJ OJ r3dy Royce Davis r3dy Royce Davis +Rick Flores <0xnanoquetz9l@gmail.com> Rick Flores (nanotechz9l) <0xnanoquetz9l@gmail.com> rsmudge Raphael Mudge # Aka `butane schierlm Michael Schierl # Aka mihi scriptjunkie Matt Weeks skape Matt Miller spoonm Spoon M swtornio Steve Tornio +Tasos Laskos Tasos Laskos +TrustedSec trustedsec + +# Aliases for utility author names. Since they're fake, typos abound + +Tab Assassin Tabasssassin +Tab Assassin Tabassassin +Tab Assassin TabAssassin diff --git a/.rspec b/.rspec index 16f9cdb013585..0d8a01e567839 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,2 @@ --color ---format documentation +--format Fivemat diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000000000..a8a443fbd5767 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,19 @@ +LineLength: + Enabled: true + Max: 180 + +MethodLength: + Enabled: true + Max: 100 + +Style/ClassLength: + Exclude: + # Most modules are quite large and all contained in one class. This is OK. + - 'modules/**/*' + +Style/NumericLiterals: + Enabled: false + +Documentation: + Exclude: + - 'modules/**/*' diff --git a/.ruby-gemset b/.ruby-gemset new file mode 100644 index 0000000000000..6413f9702db0d --- /dev/null +++ b/.ruby-gemset @@ -0,0 +1 @@ +metasploit-framework diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000000000..75bfecd56a229 --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +1.9.3-p547 diff --git a/.travis.yml b/.travis.yml index 9c98a8aacd545..0b946b2c5c627 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,19 @@ language: ruby before_install: + - rake --version - sudo apt-get update -qq - sudo apt-get install -qq libpcap-dev + # Uncomment when we have fewer shipping msftidy warnings. + # Merge committers will still be checking, just not autofailing. + # See https://dev.metasploit.com/redmine/issues/8498 + # - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge + # - ls -la ./.git/hooks + # - ./.git/hooks/post-merge before_script: - cp config/database.yml.travis config/database.yml - - rake db:create - - rake db:migrate + - bundle exec rake --version + - bundle exec rake db:create + - bundle exec rake db:migrate rvm: #- '1.8.7' @@ -15,4 +23,4 @@ notifications: irc: "irc.freenode.org#msfnotify" git: - depth: 1 + depth: 5 diff --git a/.yardopts b/.yardopts index bb3a0e391f917..eb3cff1cc2aab 100644 --- a/.yardopts +++ b/.yardopts @@ -5,3 +5,4 @@ --files CONTRIBUTING.md,COPYING,HACKING,LICENSE lib/msf/**/*.rb lib/rex/**/*.rb +plugins/**/*.rb diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1d6a7b48e9806..6de7c3cf36217 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,44 +1,86 @@ +# Hello, World! + +Thanks for your interest in making Metasploit -- and therefore, the +world -- a better place! + +Are you about to report a bug? If so, please use our [Redmine Bug +Tracker](https://dev.metasploit.com/redmine/projects/framework). An +account is required but it only takes a minute or two. + +Are you about to report a security vulnerability in Metasploit? +If so, please take a look at Rapid's [Vulnerability +Disclosure Policy](https://www.rapid7.com/disclosure.jsp) policy. + +Are you about to contribute some new functionality, a bug fix, or a new +Metasploit module? If so, read on... + # Contributing to Metasploit -## Reporting Bugs - -If you would like to report a bug, please take a look at [our Redmine -issue -tracker](https://dev.metasploit.com/redmine/projects/framework/issues?query_id=420) --- your bug may already have been reported there! Simply [searching](https://dev.metasploit.com/redmine/projects/framework/search) for some appropriate keywords may save everyone a lot of hassle. - -If your bug is new and you'd like to report it you will need to -[register -first](https://dev.metasploit.com/redmine/account/register). Don't -worry, it's easy and fun and takes about 30 seconds. - -When you file a bug report, please include your **steps to reproduce**, -full copy-pastes of Ruby stack traces, and any relevant details about -your environment. Without repro steps, your bug will likely be closed. -With repro steps, your bugs will likely be fixed. - -## Contributing Metasploit Modules - -If you have an exploit that you'd like to contribute to the Metasploit -Framework, please familiarize yourself with the -**[HACKING](https://github.com/rapid7/metasploit-framework/blob/master/HACKING)** -document in the -Metasploit-Framework repository. There are many mysteries revealed in -HACKING concerning code style and content. - -[Pull requests](https://github.com/rapid7/metasploit-framework/pulls) -should corellate with modules at a 1:1 ratio --- there is rarely a good reason to have two, three, or ten modules on -one pull request, as this dramatically increases the review time -required to land (commit) any of those modules. - -Pull requests tend to be very collaborative for Metasploit -- do not be -surprised if your pull request to rapid7/metasploit-framework triggers a -pull request back to your own fork. In this way, we can isolate working -changes before landing your PR to the Metasploit master branch. - -To save yourself the embarrassment of committing common errors, you will -want to symlink the `msftidy.rb` utility to your pre-commit hooks by -running `ln -s ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit` -from the top-level directory of your metasploit-framework clone. This -will prevent you from committing modules that raise WARNINGS or ERRORS. +What you see here in CONTRIBUTING.md is a bullet-point list of the do's +and don'ts of how to make sure *your* valuable contributions actually +make it into Metasploit's master branch. + +If you care not to follow these rules, your contribution **will** be +closed (*Road House* style). Sorry! + +This is intended to be a **short** list. The +[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more +exhaustive and reveals many mysteries. If you read nothing else, take a +look at the standard [development environment setup +guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) +and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes). + +## Code Contributions + +* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). +* Similarly, **try** to get Rubocop passing or at least relatively quiet against the files added/modified as part of your contribution +* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages. +* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`. + +### Pull Requests + +* **Do** target your pull request to the **master branch**. Not staging, not develop, not release. +* **Do** specify a descriptive title to make searching for your pull request easier. +* **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`. +* **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable. +* **Don't** leave your pull request description blank. +* **Don't** abandon your pull request. Being responsive helps us land your code faster. + +Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow. + +#### New Modules + +* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb). +* **Do** use the [many module mixin APIs](https://dev.metasploit.com/api/). Wheel improvements are welcome; wheel reinventions, not so much. +* **Don't** include more than one module per pull request. + +#### Library Code + +* **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up. +* **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs. +* **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code. +* **Don't** fix a lot of things in one pull request. Small fixes are easier to validate. + +#### Bug Fixes + +* **Do** include reproduction steps in the form of verification steps. +* **Do** include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description. + +## Bug Reports + +* **Do** report vulnerabilities in Rapid7 software directly to security@rapid7.com. +* **Do** create a Redmine account and report your non-vulnerability bugs there. +* **Do** write a detailed description of your bug and use a descriptive title. +* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug. +* **Don't** file duplicate reports - search for your bug before filing a new report. +* **Don't** report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead. + +Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow. + +If you need some more guidance, talk to the main body of open +source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4) +or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers) +mailing list. + +Also, **thank you** for taking the few moments to read this far! You're +already way ahead of the curve, so keep it up! diff --git a/COPYING b/COPYING index abacaa53ddd5e..6e9829593e72e 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (C) 2006-2013, Rapid7 Inc. +Copyright (C) 2006-2013, Rapid7, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/Gemfile b/Gemfile index 042c3437bba33..a5a71b8d4626d 100755 --- a/Gemfile +++ b/Gemfile @@ -1,62 +1,73 @@ -source 'http://rubygems.org' +source 'https://rubygems.org' # Need 3+ for ActiveSupport::Concern -gem 'activesupport', '>= 3.0.0' +gem 'activesupport', '>= 3.0.0', '< 4.0.0' +# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb) +gem 'bcrypt' # Needed for some admin modules (scrutinizer_add_user.rb) gem 'json' +# Needed for Meterpreter on Windows, soon others. +gem 'meterpreter_bins', '0.0.6' # Needed by msfgui and other rpc components gem 'msgpack' # Needed by anemone crawler gem 'nokogiri' +# Needed by db.rb and Msf::Exploit::Capture +gem 'packetfu', '1.1.9' +# Needed by JSObfu +gem 'rkelly-remix', '0.0.6' # Needed by anemone crawler gem 'robots' -# Needed by db.rb and Msf::Exploit::Capture -gem 'packetfu', '1.1.8' +# Needed for some post modules +gem 'sqlite3' group :db do - # Needed for Msf::DbManager - gem 'activerecord' - # Database models shared between framework and Pro. - gem 'metasploit_data_models', '~> 0.16.6' - # Needed for module caching in Mdm::ModuleDetails - gem 'pg', '>= 0.11' + # Needed for Msf::DbManager + gem 'activerecord', '>= 3.0.0', '< 4.0.0' + # Database models shared between framework and Pro. + gem 'metasploit_data_models', '0.17.0' + # Needed for module caching in Mdm::ModuleDetails + gem 'pg', '>= 0.11' end group :pcap do gem 'network_interface', '~> 0.0.1' - # For sniffer and raw socket modules - gem 'pcaprub' + # For sniffer and raw socket modules + gem 'pcaprub' end group :development do - # Markdown formatting for yard - gem 'redcarpet' - # generating documentation - gem 'yard' + # Style/sanity checking Ruby code + gem 'rubocop' + # Markdown formatting for yard + gem 'redcarpet' + # generating documentation + gem 'yard' end group :development, :test do - # supplies factories for producing model instance for specs - # Version 4.1.0 or newer is needed to support generate calls without the - # 'FactoryGirl.' in factory definitions syntax. - gem 'factory_girl', '>= 4.1.0' - # running documentation generation tasks and rspec tasks - gem 'rake' + # supplies factories for producing model instance for specs + # Version 4.1.0 or newer is needed to support generate calls without the + # 'FactoryGirl.' in factory definitions syntax. + gem 'factory_girl', '>= 4.1.0' + # Make rspec output shorter and more useful + gem 'fivemat', '1.2.1' + # running documentation generation tasks and rspec tasks + gem 'rake', '>= 10.0.0' end group :test do - # Removes records from database created during tests. Can't use rspec-rails' - # transactional fixtures because multiple connections are in use so - # transactions won't work. - gem 'database_cleaner' - # testing framework - gem 'rspec', '>= 2.12' - # add matchers from shoulda, such as query_the_database, which is useful for - # testing that the Msf::DBManager activation is respected. - gem 'shoulda-matchers' - # code coverage for tests - # any version newer than 0.5.4 gives an Encoding error when trying to read the source files. - gem 'simplecov', '0.5.4', :require => false - # Manipulate Time.now in specs - gem 'timecop' + # Removes records from database created during tests. Can't use rspec-rails' + # transactional fixtures because multiple connections are in use so + # transactions won't work. + gem 'database_cleaner' + # testing framework + gem 'rspec', '>= 2.12' + gem 'shoulda-matchers' + # code coverage for tests + # any version newer than 0.5.4 gives an Encoding error when trying to read the source files. + # see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0) + gem 'simplecov', '0.5.4', :require => false + # Manipulate Time.now in specs + gem 'timecop' end diff --git a/Gemfile.local.example b/Gemfile.local.example new file mode 100644 index 0000000000000..9788ec95dc610 --- /dev/null +++ b/Gemfile.local.example @@ -0,0 +1,36 @@ +## +# Example Gemfile.local file for Metasploit Framework +# +# The Gemfile.local file provides a way to use other gems that are not +# included in the standard Gemfile provided with Metasploit. +# This filename is included in Metasploit's .gitignore file, so local changes +# to this file will not accidentally show up in future pull requests. This +# example Gemfile.local includes all gems in Gemfile using instance_eval. +# It also creates a new bundle group, 'local', to hold additional gems. +# +# This file will not be used by default within the framework. As such, one +# must first install the custom Gemfile.local with bundle: +# bundle install --gemfile Gemfile.local +# +# Note that msfupdate does not consider Gemfile.local when updating the +# framework. If it is used, it may be necessary to run the above bundle +# command after the update. +# +### + +# Include the Gemfile included with the framework. This is very +# important for picking up new gem dependencies. +msf_gemfile = File.join(File.dirname(__FILE__), 'Gemfile') +if File.readable?(msf_gemfile) + instance_eval(File.read(msf_gemfile)) +end + +# Create a custom group +group :local do + # Use pry to help view and interact with objects in the framework + gem 'pry', '~> 0.9' + # Use pry-debugger to step through code during development + gem 'pry-debugger', '~> 0.2' + # Add the lab gem so that the 'lab' plugin will work again + gem 'lab', '~> 0.2.7' +end diff --git a/Gemfile.lock b/Gemfile.lock index c532448b29098..0ae4dcf18e2f4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,84 +1,105 @@ GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: - activemodel (3.2.13) - activesupport (= 3.2.13) + activemodel (3.2.14) + activesupport (= 3.2.14) builder (~> 3.0.0) - activerecord (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) + activerecord (3.2.14) + activemodel (= 3.2.14) + activesupport (= 3.2.14) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activesupport (3.2.13) - i18n (= 0.6.1) + activesupport (3.2.14) + i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.2) - bourne (1.4.0) - mocha (~> 0.13.2) + ast (2.0.0) + bcrypt (3.1.7) builder (3.0.4) - database_cleaner (0.9.1) - diff-lcs (1.2.2) + database_cleaner (1.1.1) + diff-lcs (1.2.4) factory_girl (4.2.0) activesupport (>= 3.0.0) - i18n (0.6.1) - json (1.7.7) - metaclass (0.0.1) - metasploit_data_models (0.16.6) + fivemat (1.2.1) + i18n (0.6.5) + json (1.8.0) + metasploit_data_models (0.17.0) activerecord (>= 3.2.13) activesupport pg - mocha (0.13.3) - metaclass (~> 0.0.1) - msgpack (0.5.4) + meterpreter_bins (0.0.6) + mini_portile (0.5.1) + msgpack (0.5.5) multi_json (1.0.4) network_interface (0.0.1) - nokogiri (1.5.9) - packetfu (1.1.8) + nokogiri (1.6.0) + mini_portile (~> 0.5.0) + packetfu (1.1.9) + parser (2.1.9) + ast (>= 1.1, < 3.0) + slop (~> 3.4, >= 3.4.5) pcaprub (0.11.3) - pg (0.15.1) - rake (10.0.4) - redcarpet (2.2.2) + pg (0.16.0) + powerpack (0.0.9) + rainbow (2.0.0) + rake (10.1.0) + redcarpet (3.0.0) + rkelly-remix (0.0.6) robots (0.10.1) - rspec (2.13.0) - rspec-core (~> 2.13.0) - rspec-expectations (~> 2.13.0) - rspec-mocks (~> 2.13.0) - rspec-core (2.13.1) - rspec-expectations (2.13.0) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.5) + rspec-expectations (2.14.2) diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.13.0) - shoulda-matchers (1.5.2) + rspec-mocks (2.14.3) + rubocop (0.23.0) + json (>= 1.7.7, < 2) + parser (~> 2.1.9) + powerpack (~> 0.0.6) + rainbow (>= 1.99.1, < 3.0) + ruby-progressbar (~> 1.4) + ruby-progressbar (1.5.1) + shoulda-matchers (2.3.0) activesupport (>= 3.0.0) - bourne (~> 1.3) simplecov (0.5.4) multi_json (~> 1.0.3) simplecov-html (~> 0.5.3) simplecov-html (0.5.3) - timecop (0.6.1) + slop (3.5.0) + sqlite3 (1.3.9) + timecop (0.6.3) tzinfo (0.3.37) - yard (0.8.5.2) + yard (0.8.7) PLATFORMS ruby DEPENDENCIES - activerecord - activesupport (>= 3.0.0) + activerecord (>= 3.0.0, < 4.0.0) + activesupport (>= 3.0.0, < 4.0.0) + bcrypt database_cleaner factory_girl (>= 4.1.0) + fivemat (= 1.2.1) json - metasploit_data_models (~> 0.16.6) + metasploit_data_models (= 0.17.0) + meterpreter_bins (= 0.0.6) msgpack network_interface (~> 0.0.1) nokogiri - packetfu (= 1.1.8) + packetfu (= 1.1.9) pcaprub pg (>= 0.11) - rake + rake (>= 10.0.0) redcarpet + rkelly-remix (= 0.0.6) robots rspec (>= 2.12) + rubocop shoulda-matchers simplecov (= 0.5.4) + sqlite3 timecop yard diff --git a/HACKING b/HACKING index 23c0acd463930..17343a9f03ea4 100644 --- a/HACKING +++ b/HACKING @@ -1,152 +1,38 @@ -# $Id$ +HACKING +======= -This file contains some brief instructions on contributing to the -Metasploit Framework. +(Last updated: 2014-03-04) -Code Style -========== +This document almost entirely deprecated by: -In order to maintain consistency and readability, we ask that you -adhere to the following style guidelines: +CONTRIBUTING.md - - Hard tabs, not spaces - - Try to keep your lines under 100 columns (assuming four-space tabs) - - do; end instead of {} for a block - - Always use str[0,1] instead of str[0] - (This avoids a known ruby 1.8/1.9 incompatibility.) - - Method names should always be lower_case and words separated by "_" - - Variable names should be lower case with words separated by "_" - - Don't depend on any external gems or libraries without talking to - todb to resolve packaging and licensing issues +in the same directory as this file, and to a lesser extent: -You can use the the "./tools/msftidy.rb" script to do some rudimentary -checking for various violations. +The Metasploit Development Environment +https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment +Common Coding Mistakes +https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes -Code No-Nos -=========== +The Ruby Style Guide +https://github.com/bbatsov/ruby-style-guide -1. Don't print to standard output. Doing so means that users of -interfaces other than msfconsole, such as msfrpc and msfgui, won't see -your output. You can use print_line to accomplish the same thing as -puts. +Ruby 1.9: What to Expect +http://slideshow.rubyforge.org/ruby19.html -2. Don't read from standard input, doing so will make your code -lock up the entire module when called from other interfaces. If you -need user input, you can either register an option or expose an -interactive session type specific for the type of exploit. +You can use the the "./tools/msftidy.rb" script against your new and +changed modules to do some rudimentary checking for various style and +syntax violations. -3. Don't use "sleep". It has been known to cause issues with -multi-threaded programs on various platforms running an older version of -Ruby such as 1.8. Instead, we use "select(nil, nil, nil,