RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/exploitation/js/network.rb ADDED

@@ -0,0 +1,84 @@
+# -*- coding: binary -*-
+require 'msf/core'
+module Rex
+module Exploitation
+module Js
+#
+# Provides networking functions in JavaScript
+#
+class Network
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :inject_xhr_shim automatically stubs XHR to use ActiveXObject when needed.
+  #   defaults to true.
+  # @return [String] javascript code to perform a synchronous ajax request to the remote
+  #   and returns the response
+  def self.ajax_download(opts={})
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_download.js"))
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ xmlHttp oArg }
+          }
+      }).obfuscate
+    end
+    xhr_shim(opts) + js
+  end
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :inject_xhr_shim automatically stubs XHR to use ActiveXObject when needed.
+  #   defaults to true.
+  # @return [String] javascript code to perform a synchronous or asynchronous ajax request to
+  #   the remote with the data specified.
+  def self.ajax_post(opts={})
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_post.js"))
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ xmlHttp cb path data }
+          }
+        }).obfuscate
+    end
+    xhr_shim(opts) + js
+  end
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :inject_xhr_shim false causes this method to return ''. defaults to true.
+  # @return [String] javascript code that adds XMLHttpRequest to the global scope if it
+  #   does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor)
+  def self.xhr_shim(opts={})
+    return '' unless opts.fetch(:inject_xhr_shim, true)
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "xhr_shim.js"))
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ activeObjs idx }
+          }
+        }
+      ).obfuscate
+    end
+    js
+  end
+end
+end
+end
+end

data/lib/rex/exploitation/js/utils.rb ADDED

@@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+require 'msf/core'
+require 'rex/text'
+require 'rex/exploitation/jsobfu'
+module Rex
+module Exploitation
+module Js
+#
+# Javascript utilities
+#
+class Utils
+  def self.base64
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "utils", "base64.js"))
+    opts = {
+      'Symbols' => {
+        'Variables' => %w{ Base64 encoding result _keyStr encoded_data utftext input_idx
+          input output chr chr1 chr2 chr3 enc1 enc2 enc3 enc4 },
+        'Methods'   => %w{ _utf8_encode _utf8_decode encode decode }
+      }
+    }
+    ::Rex::Exploitation::ObfuscateJS.new(js, opts).to_s
+  end
+end
+end
+end
+end

data/lib/rex/exploitation/jsobfu.rb CHANGED

@@ -1,9 +1,7 @@
 # -*- coding: binary -*-
-##
-# $Id: jsobfu.rb 15548 2012-06-29 06:08:20Z rapid7 $
-##
 require 'rex/text'
+require 'rex/random_identifier_generator'
 require 'rkelly'
 module Rex
@@ -50,412 +48,438 @@ module Exploitation
 #
 class JSObfu
-	#
-	# Abstract Syntax Tree generated by RKelly::Parser#parse
-	#
-	attr_reader :ast
-	#
-	# Saves +code+ for later obfuscation with #obfuscate
-	#
-	def initialize(code)
-		@code = code
-		@funcs = {}
-		@vars  = {}
-		@debug = false
-	end
-	#
-	# Add +str+ to the un-obfuscated code.
-	#
-	# Calling this method after #obfuscate is undefined
-	#
-	def <<(str)
-		@code << str
-	end
-	#
-	# Return the (possibly obfuscated) code as a string.
-	#
-	# If #obfuscate has not been called before this, returns the parsed,
-	# unobfuscated code.  This can be useful for example to remove comments and
-	# standardize spacing.
-	#
-	def to_s
-		parse if not @ast
-		@ast.to_ecma
-	end
-	#
-	# Return the obfuscated name of a symbol
-	#
-	# You MUST call #obfuscate before this method!
-	#
-	def sym(lookup)
-		if @vars[lookup]
-			ret = @vars[lookup]
-		elsif @funcs[lookup]
-			ret = @funcs[lookup]
-		else
-			ret = lookup
-		end
-		ret
-	end
-	#
-	# Parse and obfuscate
-	#
-	def obfuscate
-		parse
-		obfuscate_r(@ast)
-	end
+  # these keywords should never be used as a random var name
+  # source: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Reserved_Words
+  RESERVED_KEYWORDS = %w(
+    break case catch continue debugger default delete do else finally
+    for function if in instanceof new return switch this throw try
+    typeof var void while with class enum export extends import super
+    implements interface let package private protected public static yield
+  )
+  #
+  # Abstract Syntax Tree generated by RKelly::Parser#parse
+  #
+  attr_reader :ast
+  #
+  # Saves +code+ for later obfuscation with #obfuscate
+  #
+  def initialize(code)
+    @code = code
+    @funcs = {}
+    @vars  = {}
+    @debug = false
+    @rand_gen = Rex::RandomIdentifierGenerator.new(
+      :max_length => 15,
+      :first_char_set => Rex::Text::Alpha+"_$",
+      :char_set => Rex::Text::AlphaNumeric+"_$"
+    )
+  end
+  #
+  # Add +str+ to the un-obfuscated code.
+  #
+  # Calling this method after #obfuscate is undefined
+  #
+  def <<(str)
+    @code << str
+  end
+  #
+  # Return the (possibly obfuscated) code as a string.
+  #
+  # If #obfuscate has not been called before this, returns the parsed,
+  # unobfuscated code.  This can be useful for example to remove comments and
+  # standardize spacing.
+  #
+  def to_s
+    parse if not @ast
+    @ast.to_ecma
+  end
+  #
+  # Return the obfuscated name of a symbol
+  #
+  # You MUST call #obfuscate before this method!
+  #
+  def sym(lookup)
+    if @vars[lookup]
+      ret = @vars[lookup]
+    elsif @funcs[lookup]
+      ret = @funcs[lookup]
+    else
+      ret = lookup
+    end
+    ret
+  end
+  #
+  # Parse and obfuscate
+  #
+  def obfuscate
+    parse
+    obfuscate_r(@ast)
+  end
+  # @return [String] a unique random var name that is not a reserved keyword
+  def random_var_name
+    loop do
+      text = random_string
+      unless @vars.has_value?(text) or RESERVED_KEYWORDS.include?(text)
+        return text
+      end
+    end
+  end
 protected
-	#
-	# Recursive method to obfuscate the given +ast+.
-	#
-	# +ast+ should be the result of RKelly::Parser#parse
-	#
-	def obfuscate_r(ast)
-		ast.each do |node|
-			#if node.respond_to? :value and node.value.kind_of? String and node.value =~ /bodyOnLoad/i
-			#	$stdout.puts("bodyOnLoad: #{node.class}: #{node.value}")
-			#end
-			case node
-			when nil
-				nil
-			when ::RKelly::Nodes::SourceElementsNode
-				# Recurse
-				obfuscate_r(node.value)
-			#when ::RKelly::Nodes::ObjectLiteralNode
-				# TODO
-				#$stdout.puts(node.methods - Object.new.methods)
-				#$stdout.puts(node.value.inspect)
-			when ::RKelly::Nodes::PropertyNode
-				# Property names must be bare words or string literals NOT
-				# expressions!  Can't use transform_string() here
-				if node.name =~ /^[a-zA-Z_][a-zA-Z0-9_]*$/
-					n = '"'
-					node.name.unpack("C*") { |c|
-						case rand(3)
-						when 0; n << "\\x%02x"%(c)
-						when 1; n << "\\#{c.to_s 8}"
-						when 2; n << [c].pack("C")
-						end
-					}
-					n << '"'
-					node.name = n
-				end
-			# Variables
-			when ::RKelly::Nodes::VarDeclNode
-				if @vars[node.name].nil?
-					#@vars[node.name] = "var_#{Rex::Text.rand_text_alpha(3+rand(12))}_#{node.name}"
-					@vars[node.name] = "#{Rex::Text.rand_text_alpha(3+rand(12))}"
-				end
-				node.name = @vars[node.name]
-			when ::RKelly::Nodes::ParameterNode
-				if @vars[node.value].nil?
-					#@vars[node.value] = "param_#{Rex::Text.rand_text_alpha(3+rand(12))}_#{node.value}"
-					@vars[node.value] = "#{Rex::Text.rand_text_alpha(3+rand(12))}"
-				end
-				node.value = @vars[node.value]
-			when ::RKelly::Nodes::ResolveNode
-				#$stdout.puts("Resolve bodyOnload: #{@vars[node.value]}") if "bodyOnLoad" == node.value
-				node.value = @vars[node.value] if @vars[node.value]
-			when ::RKelly::Nodes::DotAccessorNode
-				case node.value
-				when ::RKelly::Nodes::ResolveNode
-					if @vars[node.value.value]
-						node.value.value = @vars[node.value.value]
-					end
-				#else
-				#	$stderr.puts("Non-resolve node as target of dotaccessor: #{node.value.class}")
-				end
-			# Functions
-			when ::RKelly::Nodes::FunctionDeclNode
-				#$stdout.puts("FunctionDecl: #{node.value}")
-				# Functions can also act as objects, so store them in the vars
-				# and the functions list so we can replace them in both places
-				if @funcs[node.value].nil? and not @funcs.values.include?(node.value)
-					#@funcs[node.value] = "func_#{Rex::Text.rand_text_alpha(3+rand(12))}_#{node.value}"
-					@funcs[node.value] = "#{Rex::Text.rand_text_alpha(3+rand(12))}"
-					if @vars[node.value].nil?
-						@vars[node.value] = @funcs[node.value]
-					end
-					node.value = @funcs[node.value]
-				end
-			when ::RKelly::Nodes::FunctionCallNode
-				# The value of a FunctionCallNode is some sort of accessor node or a ResolveNode
-				# so this is basically useless
-				#$stdout.puts("Function call: #{node.name} => #{@funcs[node.name]}")
-				#node.value = @funcs[node.value] if @funcs[node.value]
-			# Transformers
-			when ::RKelly::Nodes::NumberNode
-				node.value = transform_number(node.value)
-			when ::RKelly::Nodes::StringNode
-				node.value = transform_string(node.value)
-			else
-				#$stderr.puts "#{node.class}: #{node.value}"
-				#$stderr.puts "#{node.class}"
-			end
-			#unless node.kind_of? ::RKelly::Nodes::SourceElementsNode
-			#	$stderr.puts "#{node.class}: #{node.value}"
-			#end
-		end
-		nil
-	end
-	#
-	# Generate an Abstract Syntax Tree (#ast) for later obfuscation
-	#
-	def parse
-		parser = RKelly::Parser.new
-		@ast = parser.parse(@code)
-	end
-	#
-	# Convert a number to a random base (decimal, octal, or hexedecimal).
-	#
-	# Given 10 as input, the possible return values are:
-	#   "10"
-	#   "0xa"
-	#   "012"
-	#
-	def rand_base(num)
-		case rand(3)
-		when 0; num.to_s
-		when 1; "0%o" % num
-		when 2; "0x%x" % num
-		end
-	end
-	#
-	# Return a mathematical expression that will evaluate to the given number
-	# +num+.
-	#
-	# +num+ can be a float or an int, but should never be negative.
-	#
-	def transform_number(num)
-		case num
-		when Fixnum
-			if num == 0
-				r = rand(10) + 1
-				transformed = "('#{Rex::Text.rand_text_alpha(r)}'.length - #{r})"
-			elsif num > 0 and num < 10
-				# use a random string.length for small numbers
-				transformed = "'#{Rex::Text.rand_text_alpha(num)}'.length"
-			else
-				transformed = "("
-				divisor = rand(num) + 1
-				a = num / divisor.to_i
-				b = num - (a * divisor)
-				# recurse half the time for a
-				a = (rand(2) == 0) ? transform_number(a) : rand_base(a)
-				# recurse half the time for divisor
-				divisor = (rand(2) == 0) ? transform_number(divisor) : rand_base(divisor)
-				transformed << "#{a}*#{divisor}"
-				transformed << "+#{b}"
-				transformed << ")"
-			end
-		when Float
-			transformed = "(#{num - num.floor} + #{rand_base(num.floor)})"
-		end
-		#puts("#{num} == #{transformed}")
-		transformed
-	end
-	#
-	# Convert a javascript string into something that will generate that string.
-	#
-	# Randomly calls one of the +transform_string_*+ methods
-	#
-	def transform_string(str)
-		quote = str[0,1]
-		# pull off the quotes
-		str = str[1,str.length - 2]
-		return quote*2 if str.length == 0
-		case rand(2)
-		when 0
-			transformed = transform_string_split_concat(str, quote)
-		when 1
-			transformed = transform_string_fromCharCode(str)
-		#when 2
-		#	# Currently no-op
-		#	transformed = transform_string_unescape(str)
-		end
-		#$stderr.puts "Obfuscating str: #{str.ljust 30} #{transformed}"
-		transformed
-	end
-	#
-	# Split a javascript string, +str+, without breaking escape sequences.
-	#
-	# The maximum length of each piece of the string is half the total length
-	# of the string, ensuring we (almost) always split into at least two
-	# pieces.  This won't always be true when given a string like "AA\x41",
-	# where escape sequences artificially increase the total length (escape
-	# sequences are considered a single character).
-	#
-	# Returns an array of two-element arrays.  The zeroeth element is a
-	# randomly generated variable name, the first is a piece of the string
-	# contained in +quote+s.
-	#
-	# See #escape_length
-	#
-	def safe_split(str, quote)
-		parts = []
-		max_len = str.length / 2
-		while str.length > 0
-			len = 0
-			loop do
-				e_len = escape_length(str[len..-1])
-				e_len = 1 if e_len.nil?
-				len += e_len
-				# if we've reached the end of the string, bail
-				break unless str[len]
-				break if len > max_len
-				# randomize the length of each part
-				break if (rand(4) == 0)
-			end
-			part = str.slice!(0, len)
-			var = Rex::Text.rand_text_alpha(4)
-			parts.push( [ var, "#{quote}#{part}#{quote}" ] )
-		end
-		parts
-	end
-	#
-	# Stolen from obfuscatejs.rb
-	#
-	# Determines the length of an escape sequence
-	#
-	def escape_length(str)
-		esc_len = nil
-		if str[0,1] == "\\"
-			case str[1,1]
-			when "u"; esc_len = 6     # unicode \u1234
-			when "x"; esc_len = 4     # hex, \x41
-			when /[0-7]/              # octal, \123, \0
-				str[1,3] =~ /([0-7]{1,3})/
-				if $1.to_i(8) > 255
-					str[1,3] =~ /([0-7]{1,2})/
-				end
-				esc_len = 1 + $1.length
-			else; esc_len = 2         # \" \n, etc.
-			end
-		end
-		esc_len
-	end
-	#
-	# Split a javascript string, +str+, into multiple randomly-ordered parts
-	# and return an anonymous javascript function that joins them in the
-	# correct order.  This method can be called safely on strings containing
-	# escape sequences.  See #safe_split.
-	#
-	def transform_string_split_concat(str, quote)
-		parts = safe_split(str, quote)
-		func = "(function () { var "
-		ret = "; return "
-		parts.sort { |a,b| rand }.each do |part|
-			func << "#{part[0]}=#{part[1]},"
-		end
-		func.chop!
-		ret  << parts.map{|part| part[0]}.join("+")
-		final = func + ret + " })()"
-		final
-	end
-	# TODO
-	#def transform_string_unescape(str)
-	#	str
-	#end
-	#
-	# Return a call to String.fromCharCode() with each char of the input as arguments
-	#
-	# Example:
-	#   input : "A\n"
-	#   output: String.fromCharCode(0x41, 10)
-	#
-	def transform_string_fromCharCode(str)
-		buf = "String.fromCharCode("
-		bytes = str.unpack("C*")
-		len = 0
-		while str.length > 0
-			if str[0,1] == "\\"
-				str.slice!(0,1)
-				# then this is an escape sequence and we need to deal with all
-				# the special cases
-				case str[0,1]
-				# For chars that contain their non-escaped selves, step past
-				# the backslash and let the rand_base() below decide how to
-				# represent the character.
-				when '"', "'", "\\", " "
-					char = str.slice!(0,1).unpack("C").first
-				# For symbolic escapes, use the known value
-				when "n"; char = 0x0a; str.slice!(0,1)
-				when "t"; char = 0x09; str.slice!(0,1)
-				# Lastly, if it's a hex, unicode, or octal escape, pull out the
-				# real value and use that
-				when "x"
-					# Strip the x
-					str.slice!(0,1)
-					char = str.slice!(0,2).to_i 16
-				when "u"
-					# This can potentially lose information in the case of
-					# characters like \u0041, but since regular ascii is stored
-					# as unicode internally, String.fromCharCode(0x41) will be
-					# represented as 00 41 in memory anyway, so it shouldn't
-					# matter.
-					str.slice!(0,1)
-					char = str.slice!(0,4).to_i 16
-				when /[0-7]/
-					# Octals are a bit harder since they are variable width and
-					# don't necessarily mean what you might think. For example,
-					# "\61" == "1" and "\610" == "10".  610 is a valid octal
-					# number, but not a valid ascii character.  Javascript will
-					# interpreter as much as it can as a char and use the rest
-					# as a literal.  Boo.
-					str =~ /([0-7]{1,3})/
-					char = $1.to_i 8
-					if char > 255
-						str =~ /([0-7]{1,2})/
-						char = $1.to_i 8
-					end
-					str.slice!(0,$1.length)
-				end
-			else
-				char = str.slice!(0,1).unpack("C").first
-			end
-			buf << "#{rand_base(char)},"
-		end
-		# Strip off the last comma
-		buf = buf[0,buf.length-1] + ")"
-		transformed = buf
-		transformed
-	end
+  # @return [String] a random string
+  def random_string
+    @rand_gen.generate
+  end
+  #
+  # Recursive method to obfuscate the given +ast+.
+  #
+  # +ast+ should be the result of RKelly::Parser#parse
+  #
+  def obfuscate_r(ast)
+    ast.each do |node|
+      #if node.respond_to? :value and node.value.kind_of? String and node.value =~ /bodyOnLoad/i
+      #	$stdout.puts("bodyOnLoad: #{node.class}: #{node.value}")
+      #end
+      case node
+      when nil
+        nil
+      when ::RKelly::Nodes::SourceElementsNode
+        # Recurse
+        obfuscate_r(node.value)
+      #when ::RKelly::Nodes::ObjectLiteralNode
+        # TODO
+        #$stdout.puts(node.methods - Object.new.methods)
+        #$stdout.puts(node.value.inspect)
+      when ::RKelly::Nodes::PropertyNode
+        # Property names must be bare words or string literals NOT
+        # expressions!  Can't use transform_string() here
+        if node.name =~ /^[a-zA-Z_][a-zA-Z0-9_]*$/
+          n = '"'
+          node.name.unpack("C*") { |c|
+            case rand(3)
+            when 0; n << "\\x%02x"%(c)
+            when 1; n << "\\#{c.to_s 8}"
+            when 2; n << [c].pack("C")
+            end
+          }
+          n << '"'
+          node.instance_variable_set(:@name, n)
+        end
+      # Variables
+      when ::RKelly::Nodes::VarDeclNode
+        if @vars[node.name].nil?
+          @vars[node.name] = random_var_name
+        end
+        node.name = @vars[node.name]
+      when ::RKelly::Nodes::ParameterNode
+        if @vars[node.value].nil?
+          @vars[node.value] = random_var_name
+        end
+        node.value = @vars[node.value]
+      when ::RKelly::Nodes::ResolveNode
+        #$stdout.puts("Resolve bodyOnload: #{@vars[node.value]}") if "bodyOnLoad" == node.value
+        node.value = @vars[node.value] if @vars[node.value]
+      when ::RKelly::Nodes::DotAccessorNode
+        case node.value
+        when ::RKelly::Nodes::ResolveNode
+          if @vars[node.value.value]
+            node.value.value = @vars[node.value.value]
+          end
+        #else
+        #	$stderr.puts("Non-resolve node as target of dotaccessor: #{node.value.class}")
+        end
+      # Functions
+      when ::RKelly::Nodes::FunctionDeclNode
+        #$stdout.puts("FunctionDecl: #{node.value}")
+        # Functions can also act as objects, so store them in the vars
+        # and the functions list so we can replace them in both places
+        if @funcs[node.value].nil? and not @funcs.values.include?(node.value)
+          @funcs[node.value] = random_var_name
+          if @vars[node.value].nil?
+            @vars[node.value] = @funcs[node.value]
+          end
+          node.value = @funcs[node.value]
+        end
+      when ::RKelly::Nodes::FunctionCallNode
+        # The value of a FunctionCallNode is some sort of accessor node or a ResolveNode
+        # so this is basically useless
+        #$stdout.puts("Function call: #{node.name} => #{@funcs[node.name]}")
+        #node.value = @funcs[node.value] if @funcs[node.value]
+      # Transformers
+      when ::RKelly::Nodes::NumberNode
+        node.value = transform_number(node.value)
+      when ::RKelly::Nodes::StringNode
+        node.value = transform_string(node.value)
+      else
+        #$stderr.puts "#{node.class}: #{node.value}"
+        #$stderr.puts "#{node.class}"
+      end
+      #unless node.kind_of? ::RKelly::Nodes::SourceElementsNode
+      #	$stderr.puts "#{node.class}: #{node.value}"
+      #end
+    end
+    nil
+  end
+  #
+  # Generate an Abstract Syntax Tree (#ast) for later obfuscation
+  #
+  def parse
+    parser = RKelly::Parser.new
+    @ast = parser.parse(@code)
+  end
+  #
+  # Convert a number to a random base (decimal, octal, or hexedecimal).
+  #
+  # Given 10 as input, the possible return values are:
+  #   "10"
+  #   "0xa"
+  #   "012"
+  #
+  def rand_base(num)
+    case rand(3)
+    when 0; num.to_s
+    when 1; "0%o" % num
+    when 2; "0x%x" % num
+    end
+  end
+  #
+  # Return a mathematical expression that will evaluate to the given number
+  # +num+.
+  #
+  # +num+ can be a float or an int, but should never be negative.
+  #
+  def transform_number(num)
+    case num
+    when Fixnum
+      if num == 0
+        r = rand(10) + 1
+        transformed = "('#{Rex::Text.rand_text_alpha(r)}'.length - #{r})"
+      elsif num > 0 and num < 10
+        # use a random string.length for small numbers
+        transformed = "'#{Rex::Text.rand_text_alpha(num)}'.length"
+      else
+        transformed = "("
+        divisor = rand(num) + 1
+        a = num / divisor.to_i
+        b = num - (a * divisor)
+        # recurse half the time for a
+        a = (rand(2) == 0) ? transform_number(a) : rand_base(a)
+        # recurse half the time for divisor
+        divisor = (rand(2) == 0) ? transform_number(divisor) : rand_base(divisor)
+        transformed << "#{a}*#{divisor}"
+        transformed << "+#{b}"
+        transformed << ")"
+      end
+    when Float
+      transformed = "(#{num - num.floor} + #{rand_base(num.floor)})"
+    end
+    #puts("#{num} == #{transformed}")
+    transformed
+  end
+  #
+  # Convert a javascript string into something that will generate that string.
+  #
+  # Randomly calls one of the +transform_string_*+ methods
+  #
+  def transform_string(str)
+    quote = str[0,1]
+    # pull off the quotes
+    str = str[1,str.length - 2]
+    return quote*2 if str.length == 0
+    case rand(2)
+    when 0
+      transformed = transform_string_split_concat(str, quote)
+    when 1
+      transformed = transform_string_fromCharCode(str)
+    #when 2
+    #	# Currently no-op
+    #	transformed = transform_string_unescape(str)
+    end
+    #$stderr.puts "Obfuscating str: #{str.ljust 30} #{transformed}"
+    transformed
+  end
+  #
+  # Split a javascript string, +str+, without breaking escape sequences.
+  #
+  # The maximum length of each piece of the string is half the total length
+  # of the string, ensuring we (almost) always split into at least two
+  # pieces.  This won't always be true when given a string like "AA\x41",
+  # where escape sequences artificially increase the total length (escape
+  # sequences are considered a single character).
+  #
+  # Returns an array of two-element arrays.  The zeroeth element is a
+  # randomly generated variable name, the first is a piece of the string
+  # contained in +quote+s.
+  #
+  # See #escape_length
+  #
+  def safe_split(str, quote)
+    parts = []
+    max_len = str.length / 2
+    while str.length > 0
+      len = 0
+      loop do
+        e_len = escape_length(str[len..-1])
+        e_len = 1 if e_len.nil?
+        len += e_len
+        # if we've reached the end of the string, bail
+        break unless str[len]
+        break if len > max_len
+        # randomize the length of each part
+        break if (rand(4) == 0)
+      end
+      part = str.slice!(0, len)
+      var = Rex::Text.rand_text_alpha(4)
+      parts.push( [ var, "#{quote}#{part}#{quote}" ] )
+    end
+    parts
+  end
+  #
+  # Stolen from obfuscatejs.rb
+  #
+  # Determines the length of an escape sequence
+  #
+  def escape_length(str)
+    esc_len = nil
+    if str[0,1] == "\\"
+      case str[1,1]
+      when "u"; esc_len = 6     # unicode \u1234
+      when "x"; esc_len = 4     # hex, \x41
+      when /[0-7]/              # octal, \123, \0
+        str[1,3] =~ /([0-7]{1,3})/
+        if $1.to_i(8) > 255
+          str[1,3] =~ /([0-7]{1,2})/
+        end
+        esc_len = 1 + $1.length
+      else; esc_len = 2         # \" \n, etc.
+      end
+    end
+    esc_len
+  end
+  #
+  # Split a javascript string, +str+, into multiple randomly-ordered parts
+  # and return an anonymous javascript function that joins them in the
+  # correct order.  This method can be called safely on strings containing
+  # escape sequences.  See #safe_split.
+  #
+  def transform_string_split_concat(str, quote)
+    parts = safe_split(str, quote)
+    func = "(function () { var "
+    ret = "; return "
+    parts.sort { |a,b| rand }.each do |part|
+      func << "#{part[0]}=#{part[1]},"
+    end
+    func.chop!
+    ret  << parts.map{|part| part[0]}.join("+")
+    final = func + ret + " })()"
+    final
+  end
+  # TODO
+  #def transform_string_unescape(str)
+  #	str
+  #end
+  #
+  # Return a call to String.fromCharCode() with each char of the input as arguments
+  #
+  # Example:
+  #   input : "A\n"
+  #   output: String.fromCharCode(0x41, 10)
+  #
+  def transform_string_fromCharCode(str)
+    buf = "String.fromCharCode("
+    bytes = str.unpack("C*")
+    len = 0
+    while str.length > 0
+      if str[0,1] == "\\"
+        str.slice!(0,1)
+        # then this is an escape sequence and we need to deal with all
+        # the special cases
+        case str[0,1]
+        # For chars that contain their non-escaped selves, step past
+        # the backslash and let the rand_base() below decide how to
+        # represent the character.
+        when '"', "'", "\\", " "
+          char = str.slice!(0,1).unpack("C").first
+        # For symbolic escapes, use the known value
+        when "n"; char = 0x0a; str.slice!(0,1)
+        when "t"; char = 0x09; str.slice!(0,1)
+        # Lastly, if it's a hex, unicode, or octal escape, pull out the
+        # real value and use that
+        when "x"
+          # Strip the x
+          str.slice!(0,1)
+          char = str.slice!(0,2).to_i 16
+        when "u"
+          # This can potentially lose information in the case of
+          # characters like \u0041, but since regular ascii is stored
+          # as unicode internally, String.fromCharCode(0x41) will be
+          # represented as 00 41 in memory anyway, so it shouldn't
+          # matter.
+          str.slice!(0,1)
+          char = str.slice!(0,4).to_i 16
+        when /[0-7]/
+          # Octals are a bit harder since they are variable width and
+          # don't necessarily mean what you might think. For example,
+          # "\61" == "1" and "\610" == "10".  610 is a valid octal
+          # number, but not a valid ascii character.  Javascript will
+          # interpreter as much as it can as a char and use the rest
+          # as a literal.  Boo.
+          str =~ /([0-7]{1,3})/
+          char = $1.to_i 8
+          if char > 255
+            str =~ /([0-7]{1,2})/
+            char = $1.to_i 8
+          end
+          str.slice!(0,$1.length)
+        end
+      else
+        char = str.slice!(0,1).unpack("C").first
+      end
+      buf << "#{rand_base(char)},"
+    end
+    # Strip off the last comma
+    buf = buf[0,buf.length-1] + ")"
+    transformed = buf
+    transformed
+  end
 end
@@ -465,24 +489,24 @@ end
 =begin
 if __FILE__ == $0
-	if ARGV[0]
-		code = File.read(ARGV[0])
-	else
-		#require 'rex/exploitation/javascriptosdetect'
-		#code = Rex::Exploitation::JavascriptOSDetect.new.to_s
-		code = <<-EOS
-			// Should alert "0123456789"
-			var a = "0\\612\\063\\x34\\x35\\x36\\x37\\x38\\u0039";
-			var a,b=2,c=3;
-			alert(a);
-			// should alert "asdfjkl;"
-			var d = (function() { var foo = "jkl;", blah = "asdf"; return blah + foo; })();
-			alert(d);
-		EOS
-	end
-	js = Rex::Exploitation::JSObfu.new(code)
-	js.obfuscate
-	puts js.to_s
+  if ARGV[0]
+    code = File.read(ARGV[0])
+  else
+    #require 'rex/exploitation/javascriptosdetect'
+    #code = Rex::Exploitation::JavascriptOSDetect.new.to_s
+    code = <<-EOS
+      // Should alert "0123456789"
+      var a = "0\\612\\063\\x34\\x35\\x36\\x37\\x38\\u0039";
+      var a,b=2,c=3;
+      alert(a);
+      // should alert "asdfjkl;"
+      var d = (function() { var foo = "jkl;", blah = "asdf"; return blah + foo; })();
+      alert(d);
+    EOS
+  end
+  js = Rex::Exploitation::JSObfu.new(code)
+  js.obfuscate
+  puts js.to_s
 end