metasploit-credential 0.14.3 → 0.14.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/metasploit/credential.rb +20 -0
- data/lib/metasploit/credential/core_validations.rb +103 -107
- data/lib/metasploit/credential/creation.rb +482 -489
- data/lib/metasploit/credential/engine.rb +32 -27
- data/lib/metasploit/credential/exporter.rb +1 -0
- data/lib/metasploit/credential/exporter/base.rb +29 -37
- data/lib/metasploit/credential/importer.rb +2 -1
- data/lib/metasploit/credential/importer/base.rb +54 -61
- data/lib/metasploit/credential/origin.rb +8 -0
- data/lib/metasploit/credential/search.rb +8 -0
- data/lib/metasploit/credential/search/operation.rb +6 -0
- data/lib/metasploit/credential/search/operator.rb +6 -0
- data/lib/metasploit/credential/version.rb +4 -2
- data/spec/dummy/config/database.yml +11 -13
- metadata +7 -2
@@ -1,35 +1,40 @@
|
|
1
1
|
require 'rails'
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
3
|
+
# Rails engine for Metasploit::Credential.
|
4
|
+
class Metasploit::Credential::Engine < Rails::Engine
|
5
|
+
# @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl
|
6
|
+
config.generators do |g|
|
7
|
+
g.assets false
|
8
|
+
g.fixture_replacement :factory_girl, dir: 'spec/factories'
|
9
|
+
g.helper false
|
10
|
+
g.test_framework :rspec, fixture: false
|
11
|
+
end
|
12
|
+
|
13
|
+
# Remove ActiveSupport::Dependencies loading paths to save time during constant resolution and to ensure that
|
14
|
+
# metasploit_data_models is properly declaring all autoloads and not falling back on ActiveSupport::Dependencies
|
15
|
+
config.paths.each_value do |path|
|
16
|
+
path.skip_autoload!
|
17
|
+
path.skip_autoload_once!
|
18
|
+
path.skip_eager_load!
|
19
|
+
path.skip_load_path!
|
20
|
+
end
|
16
21
|
|
17
|
-
|
18
|
-
|
22
|
+
# metasploit-concern only works with ActiveSupport::Dependencies.autoloading because the extended class only
|
23
|
+
# knows about the concerns from the load hooks and so the extended class can't use Kernel.autoload to load the
|
24
|
+
# concerns.
|
25
|
+
config.paths.add 'app/concerns', autoload: true
|
19
26
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
27
|
+
initializer 'metasploit_credential.prepend_factory_path',
|
28
|
+
# factory paths from the final Rails.application
|
29
|
+
after: 'factory_girl.set_factory_paths',
|
30
|
+
# before metasploit_data_models because it prepends
|
31
|
+
before: 'metasploit_data_models.prepend_factory_path' do
|
32
|
+
if defined? FactoryGirl
|
33
|
+
relative_definition_file_path = config.generators.options[:factory_girl][:dir]
|
34
|
+
definition_file_path = root.join(relative_definition_file_path)
|
28
35
|
|
29
|
-
|
30
|
-
|
31
|
-
end
|
32
|
-
end
|
36
|
+
# unshift so that projects that use metasploit-credential can modify metasploit_credential_* factories
|
37
|
+
FactoryGirl.definition_file_paths.unshift definition_file_path
|
33
38
|
end
|
34
39
|
end
|
35
40
|
end
|
@@ -1,42 +1,34 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
# @return[Mdm::Workspace]
|
24
|
-
attr_accessor :workspace
|
25
|
-
end
|
26
|
-
|
27
|
-
|
28
|
-
#
|
29
|
-
# Instance Methods
|
30
|
-
#
|
1
|
+
# Defines attributes common to allow exporters.
|
2
|
+
module Metasploit::Credential::Exporter::Base
|
3
|
+
extend ActiveSupport::Concern
|
4
|
+
|
5
|
+
included do
|
6
|
+
include ActiveModel::Validations
|
7
|
+
|
8
|
+
# @!attribute data
|
9
|
+
# A {Hash} that holds the credentials data to be exported.
|
10
|
+
# @return [Hash]
|
11
|
+
attr_accessor :data
|
12
|
+
|
13
|
+
# @!attribute output
|
14
|
+
# An {IO} that holds the exported data. {File} in normal usage.
|
15
|
+
# @return [IO]
|
16
|
+
attr_accessor :output
|
17
|
+
|
18
|
+
# @!attribute workspace
|
19
|
+
# The {Mdm::Workspace} that the credentials will be exported from
|
20
|
+
# @return[Mdm::Workspace]
|
21
|
+
attr_accessor :workspace
|
22
|
+
end
|
31
23
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
public_send("#{attribute}=", value)
|
36
|
-
end
|
37
|
-
end
|
24
|
+
#
|
25
|
+
# Instance Methods
|
26
|
+
#
|
38
27
|
|
39
|
-
|
28
|
+
# @param attributes [Hash{Symbol => String,nil}]
|
29
|
+
def initialize(attributes={})
|
30
|
+
attributes.each do |attribute, value|
|
31
|
+
public_send("#{attribute}=", value)
|
40
32
|
end
|
41
33
|
end
|
42
34
|
end
|
@@ -1,77 +1,70 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
# Defines common attributes and helpers for all importers.
|
5
|
-
module Base
|
6
|
-
extend ActiveSupport::Concern
|
1
|
+
# Defines common attributes and helpers for all importers.
|
2
|
+
module Metasploit::Credential::Importer::Base
|
3
|
+
extend ActiveSupport::Concern
|
7
4
|
|
8
|
-
|
9
|
-
|
10
|
-
|
5
|
+
#
|
6
|
+
# Constants
|
7
|
+
#
|
11
8
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
9
|
+
# Whitelist of the {Metasploit::Credential::Private} subclass names allowed
|
10
|
+
# in long-form CSV imports.
|
11
|
+
LONG_FORM_ALLOWED_PRIVATE_TYPE_NAMES = [
|
12
|
+
Metasploit::Credential::NonreplayableHash,
|
13
|
+
Metasploit::Credential::NTLMHash,
|
14
|
+
Metasploit::Credential::Password,
|
15
|
+
Metasploit::Credential::PostgresMD5,
|
16
|
+
Metasploit::Credential::SSHKey].map(&:name)
|
20
17
|
|
21
18
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
19
|
+
# Whitelist of the {Metasploit::Credential::Private} subclass names allowed
|
20
|
+
# in short-form CSV imports.
|
21
|
+
SHORT_FORM_ALLOWED_PRIVATE_TYPE_NAMES = [
|
22
|
+
Metasploit::Credential::NonreplayableHash,
|
23
|
+
Metasploit::Credential::NTLMHash,
|
24
|
+
Metasploit::Credential::Password,
|
25
|
+
Metasploit::Credential::PostgresMD5].map(&:name)
|
29
26
|
|
30
|
-
|
31
|
-
|
27
|
+
included do
|
28
|
+
include ActiveModel::Validations
|
32
29
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
30
|
+
# @!attribute filename
|
31
|
+
# The name of the file that is being imported
|
32
|
+
# @return [String]
|
33
|
+
attr_accessor :filename
|
37
34
|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
35
|
+
# @!attribute input
|
36
|
+
# An {IO} that holds the import data. {File} in normal usage, {StringIO} in testing
|
37
|
+
# @return [IO]
|
38
|
+
attr_accessor :input
|
42
39
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
40
|
+
# @!attribute origin
|
41
|
+
# An {Metasploit::Credential::Origin} that represents the discrete
|
42
|
+
# importation of this set of credential objects
|
43
|
+
# @return [Metasploit::Credential::Origin::Import]
|
44
|
+
attr_accessor :origin
|
48
45
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
46
|
+
# @!attribute workspace
|
47
|
+
# The {Mdm::Workspace} that the credentials will be imported into
|
48
|
+
# @return[Mdm::Workspace]
|
49
|
+
attr_accessor :workspace
|
53
50
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
validates :origin, presence: true
|
59
|
-
validates :input, presence: true
|
60
|
-
end
|
51
|
+
#
|
52
|
+
# Validations
|
53
|
+
#
|
61
54
|
|
55
|
+
validates :origin, presence: true
|
56
|
+
validates :input, presence: true
|
57
|
+
end
|
62
58
|
|
63
|
-
#
|
64
|
-
# Instance Methods
|
65
|
-
#
|
66
59
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
public_send("#{attribute}=", value)
|
71
|
-
end
|
72
|
-
end
|
60
|
+
#
|
61
|
+
# Instance Methods
|
62
|
+
#
|
73
63
|
|
74
|
-
|
64
|
+
# @param attributes [Hash{Symbol => String,nil}]
|
65
|
+
def initialize(attributes={})
|
66
|
+
attributes.each do |attribute, value|
|
67
|
+
public_send("#{attribute}=", value)
|
75
68
|
end
|
76
69
|
end
|
77
|
-
end
|
70
|
+
end
|
@@ -1,5 +1,13 @@
|
|
1
1
|
# Namespace for `Metasploit::Credential::Core#origin`s for `Metasploit::Credential::Core`s.
|
2
2
|
module Metasploit::Credential::Origin
|
3
|
+
extend ActiveSupport::Autoload
|
4
|
+
|
5
|
+
autoload :CrackedPassword
|
6
|
+
autoload :Import
|
7
|
+
autoload :Manual
|
8
|
+
autoload :Service
|
9
|
+
autoload :Session
|
10
|
+
|
3
11
|
# The prefix for table name of `ActiveRecord::Base` subclasses in the namespace.
|
4
12
|
#
|
5
13
|
# @return [String] `'metasploit_credential_origin_'`
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Namespace for {Metasploit::Credential} custom {Metasploit::Credential::Search::Operation operations} and
|
2
|
+
# {Metasploit::Credential::Search::Operator operators}.
|
3
|
+
module Metasploit::Credential::Search
|
4
|
+
extend ActiveSupport::Autoload
|
5
|
+
|
6
|
+
autoload :Operation
|
7
|
+
autoload :Operator
|
8
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# @note Must use nested module as `metasploit/credential/version` is used in `metasploit-credential.gemspec` before
|
2
|
+
# `metasploit/credential` itself is expected to be loaded.
|
1
3
|
module Metasploit
|
2
4
|
module Credential
|
3
5
|
# Holds components of {VERSION} as defined by {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0}.
|
@@ -6,8 +8,8 @@ module Metasploit
|
|
6
8
|
MAJOR = 0
|
7
9
|
# The minor version number, scoped to the {MAJOR} version number.
|
8
10
|
MINOR = 14
|
9
|
-
# The patch number, scoped to the {MINOR} version number.
|
10
|
-
PATCH =
|
11
|
+
# The patch number, scoped to the {MAJOR} and {MINOR} version number.
|
12
|
+
PATCH = 4
|
11
13
|
|
12
14
|
# The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the {PRERELEASE} in the
|
13
15
|
# {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.
|
@@ -1,22 +1,20 @@
|
|
1
1
|
# Please only use postgresql bound to a TCP port.
|
2
|
-
|
2
|
+
development: &pgsql
|
3
3
|
adapter: postgresql
|
4
|
+
database: metasploit_credential_development
|
4
5
|
username: msf
|
5
|
-
password:
|
6
|
+
password: p4ssw0rd4lyfe
|
6
7
|
host: localhost
|
7
8
|
port: 5432
|
8
|
-
pool:
|
9
|
+
pool: 5
|
9
10
|
timeout: 5
|
10
11
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
12
|
+
# Warning: The database defined as "test" will be erased and
|
13
|
+
# re-generated from your development database when you run "rake".
|
14
|
+
# Do not set this db to the same as development or production.
|
15
|
+
#
|
16
|
+
# Note also, sqlite3 is totally unsupported by Metasploit now.
|
15
17
|
test:
|
16
|
-
|
17
|
-
|
18
|
-
<<: *defaults
|
18
|
+
<<: *pgsql
|
19
|
+
database: metasploit_credential_test
|
19
20
|
|
20
|
-
production:
|
21
|
-
database: metasploit_cr_prod
|
22
|
-
<<: *defaults
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-credential
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.14.
|
4
|
+
version: 0.14.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Luke Imhoff
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-
|
12
|
+
date: 2015-04-07 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: metasploit-concern
|
@@ -192,6 +192,9 @@ files:
|
|
192
192
|
- lib/metasploit/credential/importer/zip.rb
|
193
193
|
- lib/metasploit/credential/migrator.rb
|
194
194
|
- lib/metasploit/credential/origin.rb
|
195
|
+
- lib/metasploit/credential/search.rb
|
196
|
+
- lib/metasploit/credential/search/operation.rb
|
197
|
+
- lib/metasploit/credential/search/operator.rb
|
195
198
|
- lib/metasploit/credential/text.rb
|
196
199
|
- lib/metasploit/credential/version.rb
|
197
200
|
- lib/tasks/databases.rake
|
@@ -300,6 +303,8 @@ metadata: {}
|
|
300
303
|
post_install_message:
|
301
304
|
rdoc_options: []
|
302
305
|
require_paths:
|
306
|
+
- app/models
|
307
|
+
- app/validators
|
303
308
|
- lib
|
304
309
|
required_ruby_version: !ruby/object:Gem::Requirement
|
305
310
|
requirements:
|