RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/exploitation/js/network.rb ADDED

@@ -0,0 +1,84 @@
+# -*- coding: binary -*-
+require 'msf/core'
+module Rex
+module Exploitation
+module Js
+#
+# Provides networking functions in JavaScript
+#
+class Network
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :inject_xhr_shim automatically stubs XHR to use ActiveXObject when needed.
+  #   defaults to true.
+  # @return [String] javascript code to perform a synchronous ajax request to the remote
+  #   and returns the response
+  def self.ajax_download(opts={})
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_download.js"))
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ xmlHttp oArg }
+          }
+      }).obfuscate
+    end
+    xhr_shim(opts) + js
+  end
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :inject_xhr_shim automatically stubs XHR to use ActiveXObject when needed.
+  #   defaults to true.
+  # @return [String] javascript code to perform a synchronous or asynchronous ajax request to
+  #   the remote with the data specified.
+  def self.ajax_post(opts={})
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_post.js"))
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ xmlHttp cb path data }
+          }
+        }).obfuscate
+    end
+    xhr_shim(opts) + js
+  end
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :inject_xhr_shim false causes this method to return ''. defaults to true.
+  # @return [String] javascript code that adds XMLHttpRequest to the global scope if it
+  #   does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor)
+  def self.xhr_shim(opts={})
+    return '' unless opts.fetch(:inject_xhr_shim, true)
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "xhr_shim.js"))
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ activeObjs idx }
+          }
+        }
+      ).obfuscate
+    end
+    js
+  end
+end
+end
+end
+end

data/lib/rex/exploitation/js/utils.rb ADDED

@@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+require 'msf/core'
+require 'rex/text'
+require 'rex/exploitation/jsobfu'
+module Rex
+module Exploitation
+module Js
+#
+# Javascript utilities
+#
+class Utils
+  def self.base64
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "utils", "base64.js"))
+    opts = {
+      'Symbols' => {
+        'Variables' => %w{ Base64 encoding result _keyStr encoded_data utftext input_idx
+          input output chr chr1 chr2 chr3 enc1 enc2 enc3 enc4 },
+        'Methods'   => %w{ _utf8_encode _utf8_decode encode decode }
+      }
+    }
+    ::Rex::Exploitation::ObfuscateJS.new(js, opts).to_s
+  end
+end
+end
+end
+end

data/lib/rex/exploitation/jsobfu.rb CHANGED

@@ -1,9 +1,7 @@
 # -*- coding: binary -*-
-##
-# $Id: jsobfu.rb 15548 2012-06-29 06:08:20Z rapid7 $
-##
 require 'rex/text'
+require 'rex/random_identifier_generator'
 require 'rkelly'
 module Rex
@@ -50,412 +48,438 @@ module Exploitation
 #
 class JSObfu
-	#
-	# Abstract Syntax Tree generated by RKelly::Parser#parse
-	#
-	attr_reader :ast
-	#
-	# Saves +code+ for later obfuscation with #obfuscate
-	#
-	def initialize(code)
-		@code = code
-		@funcs = {}
-		@vars  = {}
-		@debug = false
-	end
-	#
-	# Add +str+ to the un-obfuscated code.
-	#
-	# Calling this method after #obfuscate is undefined
-	#
-	def <<(str)
-		@code << str
-	end
-	#
-	# Return the (possibly obfuscated) code as a string.
-	#
-	# If #obfuscate has not been called before this, returns the parsed,
-	# unobfuscated code.  This can be useful for example to remove comments and
-	# standardize spacing.
-	#
-	def to_s
-		parse if not @ast
-		@ast.to_ecma
-	end
-	#
-	# Return the obfuscated name of a symbol
-	#
-	# You MUST call #obfuscate before this method!
-	#
-	def sym(lookup)
-		if @vars[lookup]
-			ret = @vars[lookup]
-		elsif @funcs[lookup]
-			ret = @funcs[lookup]
-		else
-			ret = lookup
-		end
-		ret
-	end
-	#
-	# Parse and obfuscate
-	#
-	def obfuscate
-		parse
-		obfuscate_r(@ast)
-	end
+  # these keywords should never be used as a random var name
+  # source: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Reserved_Words
+  RESERVED_KEYWORDS = %w(
+    break case catch continue debugger default delete do else finally
+    for function if in instanceof new return switch this throw try
+    typeof var void while with class enum export extends import super
+    implements interface let package private protected public static yield
+  )
+  #
+  # Abstract Syntax Tree generated by RKelly::Parser#parse
+  #
+  attr_reader :ast
+  #
+  # Saves +code+ for later obfuscation with #obfuscate
+  #
+  def initialize(code)
+    @code = code
+    @funcs = {}
+    @vars  = {}
+    @debug = false
+    @rand_gen = Rex::RandomIdentifierGenerator.new(
+      :max_length => 15,
+      :first_char_set => Rex::Text::Alpha+"_$",
+      :char_set => Rex::Text::AlphaNumeric+"_$"
+    )
+  end
+  #
+  # Add +str+ to the un-obfuscated code.
+  #
+  # Calling this method after #obfuscate is undefined
+  #
+  def <<(str)
+    @code << str
+  end
+  #
+  # Return the (possibly obfuscated) code as a string.
+  #
+  # If #obfuscate has not been called before this, returns the parsed,
+  # unobfuscated code.  This can be useful for example to remove comments and
+  # standardize spacing.
+  #
+  def to_s
+    parse if not @ast
+    @ast.to_ecma
+  end
+  #
+  # Return the obfuscated name of a symbol
+  #
+  # You MUST call #obfuscate before this method!
+  #
+  def sym(lookup)
+    if @vars[lookup]
+      ret = @vars[lookup]
+    elsif @funcs[lookup]
+      ret = @funcs[lookup]
+    else
+      ret = lookup
+    end
+    ret
+  end
+  #
+  # Parse and obfuscate
+  #
+  def obfuscate
+    parse
+    obfuscate_r(@ast)
+  end
+  # @return [String] a unique random var name that is not a reserved keyword
+  def random_var_name
+    loop do
+      text = random_string
+      unless @vars.has_value?(text) or RESERVED_KEYWORDS.include?(text)
+        return text
+      end
+    end
+  end
 protected
-	#
-	# Recursive method to obfuscate the given +ast+.
-	#
-	# +ast+ should be the result of RKelly::Parser#parse
-	#
-	def obfuscate_r(ast)
-		ast.each do |node|
-			#if node.respond_to? :value and node.value.kind_of? String and node.value =~ /bodyOnLoad/i
-			#	$stdout.puts("bodyOnLoad: #{node.class}: #{node.value}")
-			#end
-			case node
-			when nil
-				nil
-			when ::RKelly::Nodes::SourceElementsNode
-				# Recurse
-				obfuscate_r(node.value)
-			#when ::RKelly::Nodes::ObjectLiteralNode
-				# TODO
-				#$stdout.puts(node.methods - Object.new.methods)
-				#$stdout.puts(node.value.inspect)
-			when ::RKelly::Nodes::PropertyNode
-				# Property names must be bare words or string literals NOT
-				# expressions!  Can't use transform_string() here
-				if node.name =~ /^[a-zA-Z_][a-zA-Z0-9_]*$/
-					n = '"'
-					node.name.unpack("C*") { |c|
-						case rand(3)
-						when 0; n << "\\x%02x"%(c)
-						when 1; n << "\\#{c.to_s 8}"
-						when 2; n << [c].pack("C")
-						end
-					}
-					n << '"'
-					node.name = n
-				end
-			# Variables
-			when ::RKelly::Nodes::VarDeclNode
-				if @vars[node.name].nil?
-					#@vars[node.name] = "var_#{Rex::Text.rand_text_alpha(3+rand(12))}_#{node.name}"
-					@vars[node.name] = "#{Rex::Text.rand_text_alpha(3+rand(12))}"
-				end
-				node.name = @vars[node.name]
-			when ::RKelly::Nodes::ParameterNode
-				if @vars[node.value].nil?
-					#@vars[node.value] = "param_#{Rex::Text.rand_text_alpha(3+rand(12))}_#{node.value}"
-					@vars[node.value] = "#{Rex::Text.rand_text_alpha(3+rand(12))}"
-				end
-				node.value = @vars[node.value]
-			when ::RKelly::Nodes::ResolveNode
-				#$stdout.puts("Resolve bodyOnload: #{@vars[node.value]}") if "bodyOnLoad" == node.value
-				node.value = @vars[node.value] if @vars[node.value]
-			when ::RKelly::Nodes::DotAccessorNode
-				case node.value
-				when ::RKelly::Nodes::ResolveNode
-					if @vars[node.value.value]
-						node.value.value = @vars[node.value.value]
-					end
-				#else
-				#	$stderr.puts("Non-resolve node as target of dotaccessor: #{node.value.class}")
-				end
-			# Functions
-			when ::RKelly::Nodes::FunctionDeclNode
-				#$stdout.puts("FunctionDecl: #{node.value}")
-				# Functions can also act as objects, so store them in the vars
-				# and the functions list so we can replace them in both places
-				if @funcs[node.value].nil? and not @funcs.values.include?(node.value)
-					#@funcs[node.value] = "func_#{Rex::Text.rand_text_alpha(3+rand(12))}_#{node.value}"
-					@funcs[node.value] = "#{Rex::Text.rand_text_alpha(3+rand(12))}"
-					if @vars[node.value].nil?
-						@vars[node.value] = @funcs[node.value]
-					end
-					node.value = @funcs[node.value]
-				end
-			when ::RKelly::Nodes::FunctionCallNode
-				# The value of a FunctionCallNode is some sort of accessor node or a ResolveNode
-				# so this is basically useless
-				#$stdout.puts("Function call: #{node.name} => #{@funcs[node.name]}")
-				#node.value = @funcs[node.value] if @funcs[node.value]
-			# Transformers
-			when ::RKelly::Nodes::NumberNode
-				node.value = transform_number(node.value)
-			when ::RKelly::Nodes::StringNode
-				node.value = transform_string(node.value)
-			else
-				#$stderr.puts "#{node.class}: #{node.value}"
-				#$stderr.puts "#{node.class}"
-			end
-			#unless node.kind_of? ::RKelly::Nodes::SourceElementsNode
-			#	$stderr.puts "#{node.class}: #{node.value}"
-			#end
-		end
-		nil
-	end
-	#
-	# Generate an Abstract Syntax Tree (#ast) for later obfuscation
-	#
-	def parse
-		parser = RKelly::Parser.new
-		@ast = parser.parse(@code)
-	end
-	#
-	# Convert a number to a random base (decimal, octal, or hexedecimal).
-	#
-	# Given 10 as input, the possible return values are:
-	#   "10"
-	#   "0xa"
-	#   "012"
-	#
-	def rand_base(num)
-		case rand(3)
-		when 0; num.to_s
-		when 1; "0%o" % num
-		when 2; "0x%x" % num
-		end
-	end
-	#
-	# Return a mathematical expression that will evaluate to the given number
-	# +num+.
-	#
-	# +num+ can be a float or an int, but should never be negative.
-	#
-	def transform_number(num)
-		case num
-		when Fixnum
-			if num == 0
-				r = rand(10) + 1
-				transformed = "('#{Rex::Text.rand_text_alpha(r)}'.length - #{r})"
-			elsif num > 0 and num < 10
-				# use a random string.length for small numbers
-				transformed = "'#{Rex::Text.rand_text_alpha(num)}'.length"
-			else
-				transformed = "("
-				divisor = rand(num) + 1
-				a = num / divisor.to_i
-				b = num - (a * divisor)
-				# recurse half the time for a
-				a = (rand(2) == 0) ? transform_number(a) : rand_base(a)
-				# recurse half the time for divisor
-				divisor = (rand(2) == 0) ? transform_number(divisor) : rand_base(divisor)
-				transformed << "#{a}*#{divisor}"
-				transformed << "+#{b}"
-				transformed << ")"
-			end
-		when Float
-			transformed = "(#{num - num.floor} + #{rand_base(num.floor)})"
-		end
-		#puts("#{num} == #{transformed}")
-		transformed
-	end
-	#
-	# Convert a javascript string into something that will generate that string.
-	#
-	# Randomly calls one of the +transform_string_*+ methods
-	#
-	def transform_string(str)
-		quote = str[0,1]
-		# pull off the quotes
-		str = str[1,str.length - 2]
-		return quote*2 if str.length == 0
-		case rand(2)
-		when 0
-			transformed = transform_string_split_concat(str, quote)
-		when 1
-			transformed = transform_string_fromCharCode(str)
-		#when 2
-		#	# Currently no-op
-		#	transformed = transform_string_unescape(str)
-		end
-		#$stderr.puts "Obfuscating str: #{str.ljust 30} #{transformed}"
-		transformed
-	end
-	#
-	# Split a javascript string, +str+, without breaking escape sequences.
-	#
-	# The maximum length of each piece of the string is half the total length
-	# of the string, ensuring we (almost) always split into at least two
-	# pieces.  This won't always be true when given a string like "AA\x41",
-	# where escape sequences artificially increase the total length (escape
-	# sequences are considered a single character).
-	#
-	# Returns an array of two-element arrays.  The zeroeth element is a
-	# randomly generated variable name, the first is a piece of the string
-	# contained in +quote+s.
-	#
-	# See #escape_length
-	#
-	def safe_split(str, quote)
-		parts = []
-		max_len = str.length / 2
-		while str.length > 0
-			len = 0
-			loop do
-				e_len = escape_length(str[len..-1])
-				e_len = 1 if e_len.nil?
-				len += e_len
-				# if we've reached the end of the string, bail
-				break unless str[len]
-				break if len > max_len
-				# randomize the length of each part
-				break if (rand(4) == 0)
-			end
-			part = str.slice!(0, len)
-			var = Rex::Text.rand_text_alpha(4)
-			parts.push( [ var, "#{quote}#{part}#{quote}" ] )
-		end
-		parts
-	end
-	#
-	# Stolen from obfuscatejs.rb
-	#
-	# Determines the length of an escape sequence
-	#
-	def escape_length(str)
-		esc_len = nil
-		if str[0,1] == "\\"
-			case str[1,1]
-			when "u"; esc_len = 6     # unicode \u1234
-			when "x"; esc_len = 4     # hex, \x41
-			when /[0-7]/              # octal, \123, \0
-				str[1,3] =~ /([0-7]{1,3})/
-				if $1.to_i(8) > 255
-					str[1,3] =~ /([0-7]{1,2})/
-				end
-				esc_len = 1 + $1.length
-			else; esc_len = 2         # \" \n, etc.
-			end
-		end
-		esc_len
-	end
-	#
-	# Split a javascript string, +str+, into multiple randomly-ordered parts
-	# and return an anonymous javascript function that joins them in the
-	# correct order.  This method can be called safely on strings containing
-	# escape sequences.  See #safe_split.
-	#
-	def transform_string_split_concat(str, quote)
-		parts = safe_split(str, quote)
-		func = "(function () { var "
-		ret = "; return "
-		parts.sort { |a,b| rand }.each do |part|
-			func << "#{part[0]}=#{part[1]},"
-		end
-		func.chop!
-		ret  << parts.map{|part| part[0]}.join("+")
-		final = func + ret + " })()"
-		final
-	end
-	# TODO
-	#def transform_string_unescape(str)
-	#	str
-	#end
-	#
-	# Return a call to String.fromCharCode() with each char of the input as arguments
-	#
-	# Example:
-	#   input : "A\n"
-	#   output: String.fromCharCode(0x41, 10)
-	#
-	def transform_string_fromCharCode(str)
-		buf = "String.fromCharCode("
-		bytes = str.unpack("C*")
-		len = 0
-		while str.length > 0
-			if str[0,1] == "\\"
-				str.slice!(0,1)
-				# then this is an escape sequence and we need to deal with all
-				# the special cases
-				case str[0,1]
-				# For chars that contain their non-escaped selves, step past
-				# the backslash and let the rand_base() below decide how to
-				# represent the character.
-				when '"', "'", "\\", " "
-					char = str.slice!(0,1).unpack("C").first
-				# For symbolic escapes, use the known value
-				when "n"; char = 0x0a; str.slice!(0,1)
-				when "t"; char = 0x09; str.slice!(0,1)
-				# Lastly, if it's a hex, unicode, or octal escape, pull out the
-				# real value and use that
-				when "x"
-					# Strip the x
-					str.slice!(0,1)
-					char = str.slice!(0,2).to_i 16
-				when "u"
-					# This can potentially lose information in the case of
-					# characters like \u0041, but since regular ascii is stored
-					# as unicode internally, String.fromCharCode(0x41) will be
-					# represented as 00 41 in memory anyway, so it shouldn't
-					# matter.
-					str.slice!(0,1)
-					char = str.slice!(0,4).to_i 16
-				when /[0-7]/
-					# Octals are a bit harder since they are variable width and
-					# don't necessarily mean what you might think. For example,
-					# "\61" == "1" and "\610" == "10".  610 is a valid octal
-					# number, but not a valid ascii character.  Javascript will
-					# interpreter as much as it can as a char and use the rest
-					# as a literal.  Boo.
-					str =~ /([0-7]{1,3})/
-					char = $1.to_i 8
-					if char > 255
-						str =~ /([0-7]{1,2})/
-						char = $1.to_i 8
-					end
-					str.slice!(0,$1.length)
-				end
-			else
-				char = str.slice!(0,1).unpack("C").first
-			end
-			buf << "#{rand_base(char)},"
-		end
-		# Strip off the last comma
-		buf = buf[0,buf.length-1] + ")"
-		transformed = buf
-		transformed
-	end
+  # @return [String] a random string
+  def random_string
+    @rand_gen.generate
+  end
+  #
+  # Recursive method to obfuscate the given +ast+.
+  #
+  # +ast+ should be the result of RKelly::Parser#parse
+  #
+  def obfuscate_r(ast)
+    ast.each do |node|
+      #if node.respond_to? :value and node.value.kind_of? String and node.value =~ /bodyOnLoad/i
+      #	$stdout.puts("bodyOnLoad: #{node.class}: #{node.value}")
+      #end
+      case node
+      when nil
+        nil
+      when ::RKelly::Nodes::SourceElementsNode
+        # Recurse
+        obfuscate_r(node.value)
+      #when ::RKelly::Nodes::ObjectLiteralNode
+        # TODO
+        #$stdout.puts(node.methods - Object.new.methods)
+        #$stdout.puts(node.value.inspect)
+      when ::RKelly::Nodes::PropertyNode
+        # Property names must be bare words or string literals NOT
+        # expressions!  Can't use transform_string() here
+        if node.name =~ /^[a-zA-Z_][a-zA-Z0-9_]*$/
+          n = '"'
+          node.name.unpack("C*") { |c|
+            case rand(3)
+            when 0; n << "\\x%02x"%(c)
+            when 1; n << "\\#{c.to_s 8}"
+            when 2; n << [c].pack("C")
+            end
+          }
+          n << '"'
+          node.instance_variable_set(:@name, n)
+        end
+      # Variables
+      when ::RKelly::Nodes::VarDeclNode
+        if @vars[node.name].nil?
+          @vars[node.name] = random_var_name
+        end
+        node.name = @vars[node.name]
+      when ::RKelly::Nodes::ParameterNode
+        if @vars[node.value].nil?
+          @vars[node.value] = random_var_name
+        end
+        node.value = @vars[node.value]
+      when ::RKelly::Nodes::ResolveNode
+        #$stdout.puts("Resolve bodyOnload: #{@vars[node.value]}") if "bodyOnLoad" == node.value
+        node.value = @vars[node.value] if @vars[node.value]
+      when ::RKelly::Nodes::DotAccessorNode
+        case node.value
+        when ::RKelly::Nodes::ResolveNode
+          if @vars[node.value.value]
+            node.value.value = @vars[node.value.value]
+          end
+        #else
+        #	$stderr.puts("Non-resolve node as target of dotaccessor: #{node.value.class}")
+        end
+      # Functions
+      when ::RKelly::Nodes::FunctionDeclNode
+        #$stdout.puts("FunctionDecl: #{node.value}")
+        # Functions can also act as objects, so store them in the vars
+        # and the functions list so we can replace them in both places
+        if @funcs[node.value].nil? and not @funcs.values.include?(node.value)
+          @funcs[node.value] = random_var_name
+          if @vars[node.value].nil?
+            @vars[node.value] = @funcs[node.value]
+          end
+          node.value = @funcs[node.value]
+        end
+      when ::RKelly::Nodes::FunctionCallNode
+        # The value of a FunctionCallNode is some sort of accessor node or a ResolveNode
+        # so this is basically useless
+        #$stdout.puts("Function call: #{node.name} => #{@funcs[node.name]}")
+        #node.value = @funcs[node.value] if @funcs[node.value]
+      # Transformers
+      when ::RKelly::Nodes::NumberNode
+        node.value = transform_number(node.value)
+      when ::RKelly::Nodes::StringNode
+        node.value = transform_string(node.value)
+      else
+        #$stderr.puts "#{node.class}: #{node.value}"
+        #$stderr.puts "#{node.class}"
+      end
+      #unless node.kind_of? ::RKelly::Nodes::SourceElementsNode
+      #	$stderr.puts "#{node.class}: #{node.value}"
+      #end
+    end
+    nil
+  end
+  #
+  # Generate an Abstract Syntax Tree (#ast) for later obfuscation
+  #
+  def parse
+    parser = RKelly::Parser.new
+    @ast = parser.parse(@code)
+  end
+  #
+  # Convert a number to a random base (decimal, octal, or hexedecimal).
+  #
+  # Given 10 as input, the possible return values are:
+  #   "10"
+  #   "0xa"
+  #   "012"
+  #
+  def rand_base(num)
+    case rand(3)
+    when 0; num.to_s
+    when 1; "0%o" % num
+    when 2; "0x%x" % num
+    end
+  end
+  #
+  # Return a mathematical expression that will evaluate to the given number
+  # +num+.
+  #
+  # +num+ can be a float or an int, but should never be negative.
+  #
+  def transform_number(num)
+    case num
+    when Fixnum
+      if num == 0
+        r = rand(10) + 1
+        transformed = "('#{Rex::Text.rand_text_alpha(r)}'.length - #{r})"
+      elsif num > 0 and num < 10
+        # use a random string.length for small numbers
+        transformed = "'#{Rex::Text.rand_text_alpha(num)}'.length"
+      else
+        transformed = "("
+        divisor = rand(num) + 1
+        a = num / divisor.to_i
+        b = num - (a * divisor)
+        # recurse half the time for a
+        a = (rand(2) == 0) ? transform_number(a) : rand_base(a)
+        # recurse half the time for divisor
+        divisor = (rand(2) == 0) ? transform_number(divisor) : rand_base(divisor)
+        transformed << "#{a}*#{divisor}"
+        transformed << "+#{b}"
+        transformed << ")"
+      end
+    when Float
+      transformed = "(#{num - num.floor} + #{rand_base(num.floor)})"
+    end
+    #puts("#{num} == #{transformed}")
+    transformed
+  end
+  #
+  # Convert a javascript string into something that will generate that string.
+  #
+  # Randomly calls one of the +transform_string_*+ methods
+  #
+  def transform_string(str)
+    quote = str[0,1]
+    # pull off the quotes
+    str = str[1,str.length - 2]
+    return quote*2 if str.length == 0
+    case rand(2)
+    when 0
+      transformed = transform_string_split_concat(str, quote)
+    when 1
+      transformed = transform_string_fromCharCode(str)
+    #when 2
+    #	# Currently no-op
+    #	transformed = transform_string_unescape(str)
+    end
+    #$stderr.puts "Obfuscating str: #{str.ljust 30} #{transformed}"
+    transformed
+  end
+  #
+  # Split a javascript string, +str+, without breaking escape sequences.
+  #
+  # The maximum length of each piece of the string is half the total length
+  # of the string, ensuring we (almost) always split into at least two
+  # pieces.  This won't always be true when given a string like "AA\x41",
+  # where escape sequences artificially increase the total length (escape
+  # sequences are considered a single character).
+  #
+  # Returns an array of two-element arrays.  The zeroeth element is a
+  # randomly generated variable name, the first is a piece of the string
+  # contained in +quote+s.
+  #
+  # See #escape_length
+  #
+  def safe_split(str, quote)
+    parts = []
+    max_len = str.length / 2
+    while str.length > 0
+      len = 0
+      loop do
+        e_len = escape_length(str[len..-1])
+        e_len = 1 if e_len.nil?
+        len += e_len
+        # if we've reached the end of the string, bail
+        break unless str[len]
+        break if len > max_len
+        # randomize the length of each part
+        break if (rand(4) == 0)
+      end
+      part = str.slice!(0, len)
+      var = Rex::Text.rand_text_alpha(4)
+      parts.push( [ var, "#{quote}#{part}#{quote}" ] )
+    end
+    parts
+  end
+  #
+  # Stolen from obfuscatejs.rb
+  #
+  # Determines the length of an escape sequence
+  #
+  def escape_length(str)
+    esc_len = nil
+    if str[0,1] == "\\"
+      case str[1,1]
+      when "u"; esc_len = 6     # unicode \u1234
+      when "x"; esc_len = 4     # hex, \x41
+      when /[0-7]/              # octal, \123, \0
+        str[1,3] =~ /([0-7]{1,3})/
+        if $1.to_i(8) > 255
+          str[1,3] =~ /([0-7]{1,2})/
+        end
+        esc_len = 1 + $1.length
+      else; esc_len = 2         # \" \n, etc.
+      end
+    end
+    esc_len
+  end
+  #
+  # Split a javascript string, +str+, into multiple randomly-ordered parts
+  # and return an anonymous javascript function that joins them in the
+  # correct order.  This method can be called safely on strings containing
+  # escape sequences.  See #safe_split.
+  #
+  def transform_string_split_concat(str, quote)
+    parts = safe_split(str, quote)
+    func = "(function () { var "
+    ret = "; return "
+    parts.sort { |a,b| rand }.each do |part|
+      func << "#{part[0]}=#{part[1]},"
+    end
+    func.chop!
+    ret  << parts.map{|part| part[0]}.join("+")
+    final = func + ret + " })()"
+    final
+  end
+  # TODO
+  #def transform_string_unescape(str)
+  #	str
+  #end
+  #
+  # Return a call to String.fromCharCode() with each char of the input as arguments
+  #
+  # Example:
+  #   input : "A\n"
+  #   output: String.fromCharCode(0x41, 10)
+  #
+  def transform_string_fromCharCode(str)
+    buf = "String.fromCharCode("
+    bytes = str.unpack("C*")
+    len = 0
+    while str.length > 0
+      if str[0,1] == "\\"
+        str.slice!(0,1)
+        # then this is an escape sequence and we need to deal with all
+        # the special cases
+        case str[0,1]
+        # For chars that contain their non-escaped selves, step past
+        # the backslash and let the rand_base() below decide how to
+        # represent the character.
+        when '"', "'", "\\", " "
+          char = str.slice!(0,1).unpack("C").first
+        # For symbolic escapes, use the known value
+        when "n"; char = 0x0a; str.slice!(0,1)
+        when "t"; char = 0x09; str.slice!(0,1)
+        # Lastly, if it's a hex, unicode, or octal escape, pull out the
+        # real value and use that
+        when "x"
+          # Strip the x
+          str.slice!(0,1)
+          char = str.slice!(0,2).to_i 16
+        when "u"
+          # This can potentially lose information in the case of
+          # characters like \u0041, but since regular ascii is stored
+          # as unicode internally, String.fromCharCode(0x41) will be
+          # represented as 00 41 in memory anyway, so it shouldn't
+          # matter.
+          str.slice!(0,1)
+          char = str.slice!(0,4).to_i 16
+        when /[0-7]/
+          # Octals are a bit harder since they are variable width and
+          # don't necessarily mean what you might think. For example,
+          # "\61" == "1" and "\610" == "10".  610 is a valid octal
+          # number, but not a valid ascii character.  Javascript will
+          # interpreter as much as it can as a char and use the rest
+          # as a literal.  Boo.
+          str =~ /([0-7]{1,3})/
+          char = $1.to_i 8
+          if char > 255
+            str =~ /([0-7]{1,2})/
+            char = $1.to_i 8
+          end
+          str.slice!(0,$1.length)
+        end
+      else
+        char = str.slice!(0,1).unpack("C").first
+      end
+      buf << "#{rand_base(char)},"
+    end
+    # Strip off the last comma
+    buf = buf[0,buf.length-1] + ")"
+    transformed = buf
+    transformed
+  end
 end
@@ -465,24 +489,24 @@ end
 =begin
 if __FILE__ == $0
-	if ARGV[0]
-		code = File.read(ARGV[0])
-	else
-		#require 'rex/exploitation/javascriptosdetect'
-		#code = Rex::Exploitation::JavascriptOSDetect.new.to_s
-		code = <<-EOS
-			// Should alert "0123456789"
-			var a = "0\\612\\063\\x34\\x35\\x36\\x37\\x38\\u0039";
-			var a,b=2,c=3;
-			alert(a);
-			// should alert "asdfjkl;"
-			var d = (function() { var foo = "jkl;", blah = "asdf"; return blah + foo; })();
-			alert(d);
-		EOS
-	end
-	js = Rex::Exploitation::JSObfu.new(code)
-	js.obfuscate
-	puts js.to_s
+  if ARGV[0]
+    code = File.read(ARGV[0])
+  else
+    #require 'rex/exploitation/javascriptosdetect'
+    #code = Rex::Exploitation::JavascriptOSDetect.new.to_s
+    code = <<-EOS
+      // Should alert "0123456789"
+      var a = "0\\612\\063\\x34\\x35\\x36\\x37\\x38\\u0039";
+      var a,b=2,c=3;
+      alert(a);
+      // should alert "asdfjkl;"
+      var d = (function() { var foo = "jkl;", blah = "asdf"; return blah + foo; })();
+      alert(d);
+    EOS
+  end
+  js = Rex::Exploitation::JSObfu.new(code)
+  js.obfuscate
+  puts js.to_s
 end