rex-socket 0.1.26 → 0.1.30
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/rex/socket.rb +3 -1
- data/lib/rex/socket/parameters.rb +22 -5
- data/lib/rex/socket/range_walker.rb +167 -105
- data/lib/rex/socket/ssl.rb +11 -1
- data/lib/rex/socket/ssl_tcp.rb +3 -24
- data/lib/rex/socket/switch_board.rb +1 -1
- data/lib/rex/socket/version.rb +1 -1
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 647d60dcc0fb176246243a7eaed1ca68a35c596c7034cf4de863ca233d08d9f0
|
4
|
+
data.tar.gz: 80fcd4c8fe671a6da97a5e262700331dfa5fe0292c679952b510abdc7af13cfa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a5c001e83da2f988ff40eefcd5175bdf0684b22c5529820be68c9eda4b6d862a6f88bbd39a950941a30bcccc5b9a21479a44982e56a4e351b353c0ce480bc9a9
|
7
|
+
data.tar.gz: bdc211d907a45d1a0701fbc34721712fec81dea7e9417d1b3e94259916e13779a1e91e1742fd2b9526aaf4c8839c62373e58183c3ac7ad7dea64c3b8fd5d093d
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/lib/rex/socket.rb
CHANGED
@@ -14,6 +14,8 @@ module Rex
|
|
14
14
|
###
|
15
15
|
module Socket
|
16
16
|
|
17
|
+
LogSource = 'rex-socket'
|
18
|
+
|
17
19
|
module Comm
|
18
20
|
end
|
19
21
|
|
@@ -745,7 +747,7 @@ module Socket
|
|
745
747
|
peer_name = Socket.from_sockaddr(self.getpeername)
|
746
748
|
rescue ::Errno::EINVAL => e
|
747
749
|
# Ruby's getpeername method may call rb_sys_fail("getpeername(2)")
|
748
|
-
elog("#{e.message} (#{e.class})#{e.backtrace * "\n"}\n",
|
750
|
+
elog("#{e.message} (#{e.class})#{e.backtrace * "\n"}\n", LogSource, LEV_3)
|
749
751
|
end
|
750
752
|
|
751
753
|
return peer_name
|
@@ -110,10 +110,7 @@ class Rex::Socket::Parameters
|
|
110
110
|
self.sslctx = hash['SSLContext']
|
111
111
|
end
|
112
112
|
|
113
|
-
|
114
|
-
if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
|
115
|
-
self.ssl_version = hash['SSLVersion']
|
116
|
-
end
|
113
|
+
self.ssl_version = hash.fetch('SSLVersion', nil)
|
117
114
|
|
118
115
|
supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
|
119
116
|
if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
|
@@ -383,7 +380,27 @@ class Rex::Socket::Parameters
|
|
383
380
|
|
384
381
|
# What version of SSL to use (Auto, SSL2, SSL3, SSL23, TLS1)
|
385
382
|
# @return [String,Symbol]
|
386
|
-
|
383
|
+
attr_reader :ssl_version
|
384
|
+
def ssl_version=(version)
|
385
|
+
# Let the caller specify a particular SSL/TLS version
|
386
|
+
case version
|
387
|
+
when 'SSL2'
|
388
|
+
version = :SSLv2
|
389
|
+
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
|
390
|
+
when 'SSL23', 'TLS', 'Auto'
|
391
|
+
version = :SSLv23
|
392
|
+
when 'SSL3'
|
393
|
+
version = :SSLv3
|
394
|
+
when 'TLS1','TLS1.0'
|
395
|
+
version = :TLSv1
|
396
|
+
when 'TLS1.1'
|
397
|
+
version = :TLSv1_1
|
398
|
+
when 'TLS1.2'
|
399
|
+
version = :TLSv1_2
|
400
|
+
end
|
401
|
+
|
402
|
+
@ssl_version = version
|
403
|
+
end
|
387
404
|
|
388
405
|
# What specific SSL Cipher(s) to use, may be a string containing the cipher
|
389
406
|
# name or an array of strings containing cipher names e.g.
|
@@ -23,6 +23,9 @@ module Socket
|
|
23
23
|
###
|
24
24
|
class RangeWalker
|
25
25
|
|
26
|
+
MATCH_IPV4_RANGE = /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
|
27
|
+
private_constant :MATCH_IPV4_RANGE
|
28
|
+
|
26
29
|
# The total number of IPs within the range
|
27
30
|
#
|
28
31
|
# @return [Fixnum]
|
@@ -74,108 +77,37 @@ class RangeWalker
|
|
74
77
|
# @return [self]
|
75
78
|
# @return [false] if +parseme+ cannot be parsed
|
76
79
|
def parse(parseme)
|
77
|
-
return nil
|
80
|
+
return nil unless parseme
|
81
|
+
|
78
82
|
ranges = []
|
79
83
|
parseme.split(', ').map{ |a| a.split(' ') }.flatten.each do |arg|
|
80
|
-
opts = {}
|
81
84
|
|
82
85
|
# Handle IPv6 CIDR first
|
83
86
|
if arg.include?(':') && arg.include?('/')
|
84
|
-
|
85
|
-
|
86
|
-
ip_part, mask_part = arg.split("/")
|
87
|
-
return false unless (0..128).include? mask_part.to_i
|
87
|
+
next if (new_ranges = parse_ipv6_cidr(arg)).nil?
|
88
88
|
|
89
|
-
addr, scope_id = ip_part.split('%')
|
90
|
-
return false unless Rex::Socket.is_ipv6?(addr)
|
91
|
-
|
92
|
-
range = expand_cidr(addr + '/' + mask_part)
|
93
|
-
range.options[:scope_id] = scope_id if scope_id
|
94
|
-
ranges.push(range)
|
95
89
|
# Handle plain IPv6 next (support ranges, but not CIDR)
|
96
90
|
elsif arg.include?(':')
|
97
|
-
|
98
|
-
|
99
|
-
# Handle a single address
|
100
|
-
if addrs.length == 1
|
101
|
-
addr, scope_id = addrs[0].split('%')
|
102
|
-
opts[:scope_id] = scope_id if scope_id
|
103
|
-
opts[:ipv6] = true
|
104
|
-
|
105
|
-
return false unless Rex::Socket.is_ipv6?(addr)
|
106
|
-
addr = Rex::Socket.addr_atoi(addr)
|
107
|
-
ranges.push(Range.new(addr, addr, opts))
|
108
|
-
next
|
109
|
-
end
|
110
|
-
|
111
|
-
addr1, scope_id = addrs[0].split('%')
|
112
|
-
opts[:scope_id] = scope_id if scope_id
|
113
|
-
opts[:ipv6] = true
|
114
|
-
|
115
|
-
addr2, scope_id = addrs[1].split('%')
|
116
|
-
( opts[:scope_id] ||= scope_id ) if scope_id
|
117
|
-
|
118
|
-
# Both have to be IPv6 for this to work
|
119
|
-
return false unless (Rex::Socket.is_ipv6?(addr1) && Rex::Socket.is_ipv6?(addr2))
|
120
|
-
|
121
|
-
# Handle IPv6 ranges in the form of 2001::1-2001::10
|
122
|
-
addr1 = Rex::Socket.addr_atoi(addr1)
|
123
|
-
addr2 = Rex::Socket.addr_atoi(addr2)
|
124
|
-
|
125
|
-
ranges.push(Range.new(addr1, addr2, opts))
|
126
|
-
next
|
91
|
+
next if (new_ranges = parse_ipv6(arg)).nil?
|
127
92
|
|
128
93
|
# Handle IPv4 CIDR
|
129
94
|
elsif arg.include?("/")
|
130
|
-
|
131
|
-
return false if !valid_cidr_chars?(arg)
|
132
|
-
ip_part, mask_part = arg.split("/")
|
133
|
-
return false unless (0..32).include? mask_part.to_i
|
134
|
-
if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
|
135
|
-
return false unless ip_part =~ Rex::Socket::MATCH_IPV4
|
136
|
-
end
|
137
|
-
begin
|
138
|
-
Rex::Socket.getaddress(ip_part) # This allows for "www.metasploit.com/24" which is fun.
|
139
|
-
rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
|
140
|
-
return false # Can't resolve the ip_part, so bail.
|
141
|
-
end
|
142
|
-
|
143
|
-
expanded = expand_cidr(arg)
|
144
|
-
if expanded
|
145
|
-
ranges.push(expanded)
|
146
|
-
else
|
147
|
-
return false
|
148
|
-
end
|
95
|
+
next if (new_ranges = parse_ipv4_cidr(arg)).nil?
|
149
96
|
|
150
97
|
# Handle hostnames
|
151
98
|
elsif arg =~ /[^-0-9,.*]/
|
152
|
-
|
153
|
-
# unmolested to force a DNS lookup.
|
154
|
-
begin
|
155
|
-
ranges += Rex::Socket.addr_atoi_list(arg).map { |a| Range.new(a, a, opts) }
|
156
|
-
rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
|
157
|
-
return false
|
158
|
-
end
|
99
|
+
next if (new_ranges = parse_hostname(arg)).nil?
|
159
100
|
|
160
101
|
# Handle IPv4 ranges
|
161
|
-
elsif arg =~
|
162
|
-
|
102
|
+
elsif arg =~ MATCH_IPV4_RANGE
|
163
103
|
# Then it's in the format of 1.2.3.4-5.6.7.8
|
164
|
-
|
165
|
-
|
166
|
-
start, stop = Rex::Socket.addr_atoi($1), Rex::Socket.addr_atoi($2)
|
167
|
-
return false if start > stop # The end is greater than the beginning.
|
168
|
-
ranges.push(Range.new(start, stop, opts))
|
169
|
-
rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
|
170
|
-
return false
|
171
|
-
end
|
104
|
+
next if (new_ranges = parse_ipv4_ranges(arg)).nil?
|
105
|
+
|
172
106
|
else
|
173
|
-
|
174
|
-
expanded = expand_nmap(arg)
|
175
|
-
if expanded
|
176
|
-
expanded.each { |r| ranges.push(r) }
|
177
|
-
end
|
107
|
+
next if (new_ranges = expand_nmap(arg)).nil?
|
178
108
|
end
|
109
|
+
|
110
|
+
ranges += new_ranges
|
179
111
|
end
|
180
112
|
|
181
113
|
# Remove any duplicate ranges
|
@@ -198,11 +130,12 @@ class RangeWalker
|
|
198
130
|
self
|
199
131
|
end
|
200
132
|
|
201
|
-
# Returns the next
|
133
|
+
# Returns the next host in the range.
|
202
134
|
#
|
203
|
-
# @return [String] The next
|
204
|
-
def
|
205
|
-
return
|
135
|
+
# @return [Hash<Symbol, String>] The next host in the range
|
136
|
+
def next_host
|
137
|
+
return unless valid?
|
138
|
+
|
206
139
|
if (@curr_addr > @ranges[@curr_range_index].stop)
|
207
140
|
# Then we are at the end of this range. Grab the next one.
|
208
141
|
|
@@ -213,14 +146,26 @@ class RangeWalker
|
|
213
146
|
|
214
147
|
@curr_addr = @ranges[@curr_range_index].start
|
215
148
|
end
|
216
|
-
addr = Rex::Socket.addr_itoa(@curr_addr, @ranges[@curr_range_index].ipv6?)
|
217
149
|
|
218
|
-
|
219
|
-
|
150
|
+
range = @ranges[@curr_range_index]
|
151
|
+
addr = Rex::Socket.addr_itoa(@curr_addr, range.ipv6?)
|
152
|
+
|
153
|
+
if range.options[:scope_id]
|
154
|
+
addr = addr + '%' + range.options[:scope_id]
|
220
155
|
end
|
221
156
|
|
157
|
+
hostname = range.is_a?(Host) ? range.hostname : nil
|
158
|
+
|
222
159
|
@curr_addr += 1
|
223
|
-
return addr
|
160
|
+
return { address: addr, hostname: hostname }
|
161
|
+
end
|
162
|
+
|
163
|
+
# Returns the next IP address.
|
164
|
+
#
|
165
|
+
# @return [String] The next address in the range
|
166
|
+
def next_ip
|
167
|
+
return nil if (host = next_host).nil?
|
168
|
+
host[:address]
|
224
169
|
end
|
225
170
|
|
226
171
|
alias :next :next_ip
|
@@ -271,7 +216,7 @@ class RangeWalker
|
|
271
216
|
# {#next_ip}
|
272
217
|
#
|
273
218
|
# @return [self]
|
274
|
-
def
|
219
|
+
def each_ip(&block)
|
275
220
|
while (ip = next_ip)
|
276
221
|
block.call(ip)
|
277
222
|
end
|
@@ -280,6 +225,17 @@ class RangeWalker
|
|
280
225
|
self
|
281
226
|
end
|
282
227
|
|
228
|
+
alias each each_ip
|
229
|
+
|
230
|
+
def each_host(&block)
|
231
|
+
while (host_hash = next_host)
|
232
|
+
block.call(host_hash)
|
233
|
+
end
|
234
|
+
reset
|
235
|
+
|
236
|
+
self
|
237
|
+
end
|
238
|
+
|
283
239
|
#
|
284
240
|
# Returns an Array with one element, a {Range} defined by the given CIDR
|
285
241
|
# block.
|
@@ -291,7 +247,7 @@ class RangeWalker
|
|
291
247
|
def expand_cidr(arg)
|
292
248
|
start,stop = Rex::Socket.cidr_crack(arg)
|
293
249
|
if !start or !stop
|
294
|
-
return
|
250
|
+
return
|
295
251
|
end
|
296
252
|
range = Range.new
|
297
253
|
range.start = Rex::Socket.addr_atoi(start)
|
@@ -319,18 +275,16 @@ class RangeWalker
|
|
319
275
|
#
|
320
276
|
def expand_nmap(arg)
|
321
277
|
# Can't really do anything with IPv6
|
322
|
-
return
|
278
|
+
return if arg.include?(":")
|
323
279
|
|
324
280
|
# nmap calls these errors, but it's hard to catch them with our
|
325
281
|
# splitting below, so short-cut them here
|
326
|
-
return
|
282
|
+
return if arg.include?(",-") or arg.include?("-,")
|
327
283
|
|
328
284
|
bytes = []
|
329
285
|
sections = arg.split('.')
|
330
|
-
|
331
|
-
|
332
|
-
return false
|
333
|
-
end
|
286
|
+
return unless sections.length == 4 # Too many or not enough dots
|
287
|
+
|
334
288
|
sections.each { |section|
|
335
289
|
if section.empty?
|
336
290
|
# pretty sure this is an unintentional artifact of the C
|
@@ -344,7 +298,7 @@ class RangeWalker
|
|
344
298
|
# I think this ought to be 1-254, but this is how nmap does it.
|
345
299
|
section = "0-255"
|
346
300
|
elsif section.include?("*")
|
347
|
-
return
|
301
|
+
return
|
348
302
|
end
|
349
303
|
|
350
304
|
# Break down the sections into ranges like so
|
@@ -361,18 +315,18 @@ class RangeWalker
|
|
361
315
|
# if the upper bound is empty, stop at 255
|
362
316
|
#
|
363
317
|
bounds = r.split('-', -1)
|
364
|
-
return
|
318
|
+
return if (bounds.length > 2)
|
365
319
|
|
366
320
|
bounds[0] = 0 if bounds[0].nil? or bounds[0].empty?
|
367
321
|
bounds[1] = 255 if bounds[1].nil? or bounds[1].empty?
|
368
322
|
bounds.map!{|b| b.to_i}
|
369
|
-
return
|
323
|
+
return if bounds[0] > bounds[1]
|
370
324
|
else
|
371
325
|
# Then it's a single value
|
372
326
|
bounds[0] = r.to_i
|
373
327
|
end
|
374
|
-
return
|
375
|
-
return
|
328
|
+
return if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
|
329
|
+
return if bounds[1] and bounds[0] > bounds[1]
|
376
330
|
if bounds[1]
|
377
331
|
bounds[0].upto(bounds[1]) do |i|
|
378
332
|
sets.push(i)
|
@@ -430,6 +384,98 @@ class RangeWalker
|
|
430
384
|
|
431
385
|
protected
|
432
386
|
|
387
|
+
def parse_hostname(arg)
|
388
|
+
begin
|
389
|
+
ranges = Rex::Socket.getaddresses(arg).map { |addr| Host.new(addr, arg) }
|
390
|
+
rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
|
391
|
+
return
|
392
|
+
end
|
393
|
+
|
394
|
+
ranges
|
395
|
+
end
|
396
|
+
|
397
|
+
def parse_ipv4_cidr(arg)
|
398
|
+
# Then it's CIDR notation and needs special case
|
399
|
+
return if !valid_cidr_chars?(arg)
|
400
|
+
|
401
|
+
ip_part, mask_part = arg.split("/")
|
402
|
+
return unless (0..32).include? mask_part.to_i
|
403
|
+
if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
|
404
|
+
return unless Rex::Socket.is_ipv4?(ip_part)
|
405
|
+
end
|
406
|
+
|
407
|
+
begin
|
408
|
+
hosts = Rex::Socket.getaddresses(ip_part).select { |addr| Rex::Socket.is_ipv4?(addr) } # drop non-IPv4 addresses
|
409
|
+
rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
|
410
|
+
return # Can't resolve the ip_part, so bail.
|
411
|
+
end
|
412
|
+
|
413
|
+
hosts.map { |addr| expand_cidr("#{addr}/#{mask_part}") }
|
414
|
+
end
|
415
|
+
|
416
|
+
def parse_ipv4_ranges(arg)
|
417
|
+
# Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
|
418
|
+
return unless arg =~ MATCH_IPV4_RANGE
|
419
|
+
|
420
|
+
begin
|
421
|
+
start, stop = Rex::Socket.addr_atoi($1), Rex::Socket.addr_atoi($2)
|
422
|
+
return if start > stop # The end is greater than the beginning.
|
423
|
+
range = Range.new(start, stop)
|
424
|
+
rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
|
425
|
+
return
|
426
|
+
end
|
427
|
+
|
428
|
+
[range]
|
429
|
+
end
|
430
|
+
|
431
|
+
def parse_ipv6(arg)
|
432
|
+
opts = {}
|
433
|
+
addrs = arg.split('-', 2)
|
434
|
+
|
435
|
+
# Handle a single address
|
436
|
+
if addrs.length == 1
|
437
|
+
addr, scope_id = addrs[0].split('%')
|
438
|
+
opts[:scope_id] = scope_id if scope_id
|
439
|
+
opts[:ipv6] = true
|
440
|
+
|
441
|
+
return unless Rex::Socket.is_ipv6?(addr)
|
442
|
+
addr = Rex::Socket.addr_atoi(addr)
|
443
|
+
range = Range.new(addr, addr, opts)
|
444
|
+
else
|
445
|
+
addr1, scope_id = addrs[0].split('%')
|
446
|
+
opts[:scope_id] = scope_id if scope_id
|
447
|
+
opts[:ipv6] = true
|
448
|
+
|
449
|
+
addr2, scope_id = addrs[1].split('%')
|
450
|
+
( opts[:scope_id] ||= scope_id ) if scope_id
|
451
|
+
|
452
|
+
# Both have to be IPv6 for this to work
|
453
|
+
return unless (Rex::Socket.is_ipv6?(addr1) && Rex::Socket.is_ipv6?(addr2))
|
454
|
+
|
455
|
+
# Handle IPv6 ranges in the form of 2001::1-2001::10
|
456
|
+
addr1 = Rex::Socket.addr_atoi(addr1)
|
457
|
+
addr2 = Rex::Socket.addr_atoi(addr2)
|
458
|
+
|
459
|
+
range = Range.new(addr1, addr2, opts)
|
460
|
+
end
|
461
|
+
|
462
|
+
[range]
|
463
|
+
end
|
464
|
+
|
465
|
+
def parse_ipv6_cidr(arg)
|
466
|
+
return if !valid_cidr_chars?(arg)
|
467
|
+
|
468
|
+
ip_part, mask_part = arg.split("/")
|
469
|
+
return unless (0..128).include? mask_part.to_i
|
470
|
+
|
471
|
+
addr, scope_id = ip_part.split('%')
|
472
|
+
return unless Rex::Socket.is_ipv6?(addr)
|
473
|
+
|
474
|
+
range = expand_cidr(addr + '/' + mask_part)
|
475
|
+
range.options[:scope_id] = scope_id if scope_id
|
476
|
+
[range]
|
477
|
+
end
|
478
|
+
|
433
479
|
def valid_cidr_chars?(arg)
|
434
480
|
return false if arg.include? ',-' # Improper CIDR notation (can't mix with 1,3 or 1-3 style IP ranges)
|
435
481
|
return false if arg.scan("/").size > 1 # ..but there are too many slashes
|
@@ -464,7 +510,7 @@ class Range
|
|
464
510
|
def initialize(start=nil, stop=nil, options=nil)
|
465
511
|
@start = start
|
466
512
|
@stop = stop
|
467
|
-
@options = options
|
513
|
+
@options = options || {}
|
468
514
|
end
|
469
515
|
|
470
516
|
# Compare attributes with +other+
|
@@ -488,5 +534,21 @@ class Range
|
|
488
534
|
end
|
489
535
|
end
|
490
536
|
|
537
|
+
# A single host
|
538
|
+
class Host < Range
|
539
|
+
attr_accessor :hostname
|
540
|
+
|
541
|
+
def initialize(address, hostname=nil, options=nil)
|
542
|
+
address = Rex::Socket.addr_atoi(address) if address.is_a? String
|
543
|
+
|
544
|
+
super(address, address, options)
|
545
|
+
@hostname = hostname
|
546
|
+
end
|
547
|
+
|
548
|
+
def address
|
549
|
+
Rex::Socket.addr_itoa(@start)
|
550
|
+
end
|
551
|
+
|
552
|
+
end
|
491
553
|
end
|
492
554
|
end
|
data/lib/rex/socket/ssl.rb
CHANGED
@@ -11,6 +11,9 @@ require 'openssl'
|
|
11
11
|
###
|
12
12
|
module Rex::Socket::Ssl
|
13
13
|
|
14
|
+
# Default to SSLv23 (automatically negotiate)
|
15
|
+
DEFAULT_SSL_VERSION = :SSLv23
|
16
|
+
|
14
17
|
module CertProvider
|
15
18
|
|
16
19
|
def self.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil)
|
@@ -122,7 +125,14 @@ module Rex::Socket::Ssl
|
|
122
125
|
key, cert, chain = ssl_generate_certificate(cert_vars: {cn: params.ssl_cn})
|
123
126
|
end
|
124
127
|
|
125
|
-
|
128
|
+
version = params&.ssl_version || DEFAULT_SSL_VERSION
|
129
|
+
# Raise an error if no selected versions are supported
|
130
|
+
unless Rex::Socket::SslTcp.system_ssl_methods.include? version
|
131
|
+
raise ArgumentError,
|
132
|
+
"This version of Ruby does not support the requested SSL/TLS version #{version}"
|
133
|
+
end
|
134
|
+
|
135
|
+
ctx = OpenSSL::SSL::SSLContext.new(version)
|
126
136
|
ctx.key = key
|
127
137
|
ctx.cert = cert
|
128
138
|
ctx.extra_chain_cert = chain
|
data/lib/rex/socket/ssl_tcp.rb
CHANGED
@@ -65,35 +65,14 @@ begin
|
|
65
65
|
def initsock(params = nil)
|
66
66
|
super
|
67
67
|
|
68
|
-
|
69
|
-
version = :SSLv23
|
70
|
-
|
71
|
-
# Let the caller specify a particular SSL/TLS version
|
72
|
-
if params
|
73
|
-
case params.ssl_version
|
74
|
-
when 'SSL2', :SSLv2
|
75
|
-
version = :SSLv2
|
76
|
-
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
|
77
|
-
when 'SSL23', :SSLv23, 'TLS', 'Auto'
|
78
|
-
version = :SSLv23
|
79
|
-
when 'SSL3', :SSLv3
|
80
|
-
version = :SSLv3
|
81
|
-
when 'TLS1','TLS1.0', :TLSv1
|
82
|
-
version = :TLSv1
|
83
|
-
when 'TLS1.1', :TLSv1_1
|
84
|
-
version = :TLSv1_1
|
85
|
-
when 'TLS1.2', :TLSv1_2
|
86
|
-
version = :TLSv1_2
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
68
|
+
version = params&.ssl_version || Rex::Socket::Ssl::DEFAULT_SSL_VERSION
|
90
69
|
# Raise an error if no selected versions are supported
|
91
70
|
unless Rex::Socket::SslTcp.system_ssl_methods.include? version
|
92
71
|
raise ArgumentError,
|
93
|
-
"This version of Ruby does not support the requested SSL/TLS version #{
|
72
|
+
"This version of Ruby does not support the requested SSL/TLS version #{version}"
|
94
73
|
end
|
95
74
|
|
96
|
-
# Try
|
75
|
+
# Try initializing the socket with this SSL/TLS version
|
97
76
|
# This will throw an exception if it fails
|
98
77
|
initsock_with_ssl_version(params, version)
|
99
78
|
|
data/lib/rex/socket/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-socket
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.30
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date: 2021-
|
96
|
+
date: 2021-08-05 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
metadata.gz.sig
CHANGED
Binary file
|