rex-socket 0.1.27 → 0.1.31
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/rex/socket.rb +1 -1
- data/lib/rex/socket/parameters.rb +22 -5
- data/lib/rex/socket/range_walker.rb +18 -20
- data/lib/rex/socket/ssl.rb +11 -1
- data/lib/rex/socket/ssl_tcp.rb +3 -24
- data/lib/rex/socket/version.rb +1 -1
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 398f01b37a1c460126d7d3d375f0bf332667e025402c71864637d3c9803de7f4
|
4
|
+
data.tar.gz: ee7bb9810a863055fdf614671831ed60ce2397e524f53aa8c5e211bb274670ab
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 404fd949220d753521ba39f90cea3fab95668519a293c496ec5e1689a004467a30ca948cb42fd81744cc56e5a50976a97c96be786403a8f90b84514c52d8330e
|
7
|
+
data.tar.gz: 5b940b7536739271b96f9cf97008d3c490a54cdac119b0b9bbe42848c29ee21e78058c989f65c9a50384d0ac291a003f5a86b5a09904cee0c9aca31de9a576ef
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/lib/rex/socket.rb
CHANGED
@@ -730,7 +730,7 @@ module Socket
|
|
730
730
|
# Wrapper around getsockname that stores the local address and local port values.
|
731
731
|
#
|
732
732
|
def getlocalname
|
733
|
-
if self.localhost
|
733
|
+
if [nil, '0.0.0.0', '::'].include?(self.localhost) && [nil, 0].include?(self.localport)
|
734
734
|
_, self.localhost, self.localport = getsockname
|
735
735
|
end
|
736
736
|
|
@@ -110,10 +110,7 @@ class Rex::Socket::Parameters
|
|
110
110
|
self.sslctx = hash['SSLContext']
|
111
111
|
end
|
112
112
|
|
113
|
-
|
114
|
-
if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
|
115
|
-
self.ssl_version = hash['SSLVersion']
|
116
|
-
end
|
113
|
+
self.ssl_version = hash.fetch('SSLVersion', nil)
|
117
114
|
|
118
115
|
supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
|
119
116
|
if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
|
@@ -383,7 +380,27 @@ class Rex::Socket::Parameters
|
|
383
380
|
|
384
381
|
# What version of SSL to use (Auto, SSL2, SSL3, SSL23, TLS1)
|
385
382
|
# @return [String,Symbol]
|
386
|
-
|
383
|
+
attr_reader :ssl_version
|
384
|
+
def ssl_version=(version)
|
385
|
+
# Let the caller specify a particular SSL/TLS version
|
386
|
+
case version
|
387
|
+
when 'SSL2'
|
388
|
+
version = :SSLv2
|
389
|
+
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
|
390
|
+
when 'SSL23', 'TLS', 'Auto'
|
391
|
+
version = :SSLv23
|
392
|
+
when 'SSL3'
|
393
|
+
version = :SSLv3
|
394
|
+
when 'TLS1','TLS1.0'
|
395
|
+
version = :TLSv1
|
396
|
+
when 'TLS1.1'
|
397
|
+
version = :TLSv1_1
|
398
|
+
when 'TLS1.2'
|
399
|
+
version = :TLSv1_2
|
400
|
+
end
|
401
|
+
|
402
|
+
@ssl_version = version
|
403
|
+
end
|
387
404
|
|
388
405
|
# What specific SSL Cipher(s) to use, may be a string containing the cipher
|
389
406
|
# name or an array of strings containing cipher names e.g.
|
@@ -84,27 +84,27 @@ class RangeWalker
|
|
84
84
|
|
85
85
|
# Handle IPv6 CIDR first
|
86
86
|
if arg.include?(':') && arg.include?('/')
|
87
|
-
|
87
|
+
next if (new_ranges = parse_ipv6_cidr(arg)).nil?
|
88
88
|
|
89
89
|
# Handle plain IPv6 next (support ranges, but not CIDR)
|
90
90
|
elsif arg.include?(':')
|
91
|
-
|
91
|
+
next if (new_ranges = parse_ipv6(arg)).nil?
|
92
92
|
|
93
93
|
# Handle IPv4 CIDR
|
94
94
|
elsif arg.include?("/")
|
95
|
-
|
95
|
+
next if (new_ranges = parse_ipv4_cidr(arg)).nil?
|
96
96
|
|
97
97
|
# Handle hostnames
|
98
98
|
elsif arg =~ /[^-0-9,.*]/
|
99
|
-
|
99
|
+
next if (new_ranges = parse_hostname(arg)).nil?
|
100
100
|
|
101
101
|
# Handle IPv4 ranges
|
102
102
|
elsif arg =~ MATCH_IPV4_RANGE
|
103
103
|
# Then it's in the format of 1.2.3.4-5.6.7.8
|
104
|
-
|
104
|
+
next if (new_ranges = parse_ipv4_ranges(arg)).nil?
|
105
105
|
|
106
106
|
else
|
107
|
-
new_ranges = expand_nmap(arg)
|
107
|
+
next if (new_ranges = expand_nmap(arg)).nil?
|
108
108
|
end
|
109
109
|
|
110
110
|
ranges += new_ranges
|
@@ -134,7 +134,7 @@ class RangeWalker
|
|
134
134
|
#
|
135
135
|
# @return [Hash<Symbol, String>] The next host in the range
|
136
136
|
def next_host
|
137
|
-
return
|
137
|
+
return unless valid?
|
138
138
|
|
139
139
|
if (@curr_addr > @ranges[@curr_range_index].stop)
|
140
140
|
# Then we are at the end of this range. Grab the next one.
|
@@ -247,7 +247,7 @@ class RangeWalker
|
|
247
247
|
def expand_cidr(arg)
|
248
248
|
start,stop = Rex::Socket.cidr_crack(arg)
|
249
249
|
if !start or !stop
|
250
|
-
return
|
250
|
+
return
|
251
251
|
end
|
252
252
|
range = Range.new
|
253
253
|
range.start = Rex::Socket.addr_atoi(start)
|
@@ -275,18 +275,16 @@ class RangeWalker
|
|
275
275
|
#
|
276
276
|
def expand_nmap(arg)
|
277
277
|
# Can't really do anything with IPv6
|
278
|
-
return
|
278
|
+
return if arg.include?(":")
|
279
279
|
|
280
280
|
# nmap calls these errors, but it's hard to catch them with our
|
281
281
|
# splitting below, so short-cut them here
|
282
|
-
return
|
282
|
+
return if arg.include?(",-") or arg.include?("-,")
|
283
283
|
|
284
284
|
bytes = []
|
285
285
|
sections = arg.split('.')
|
286
|
-
|
287
|
-
|
288
|
-
return false
|
289
|
-
end
|
286
|
+
return unless sections.length == 4 # Too many or not enough dots
|
287
|
+
|
290
288
|
sections.each { |section|
|
291
289
|
if section.empty?
|
292
290
|
# pretty sure this is an unintentional artifact of the C
|
@@ -300,7 +298,7 @@ class RangeWalker
|
|
300
298
|
# I think this ought to be 1-254, but this is how nmap does it.
|
301
299
|
section = "0-255"
|
302
300
|
elsif section.include?("*")
|
303
|
-
return
|
301
|
+
return
|
304
302
|
end
|
305
303
|
|
306
304
|
# Break down the sections into ranges like so
|
@@ -317,18 +315,18 @@ class RangeWalker
|
|
317
315
|
# if the upper bound is empty, stop at 255
|
318
316
|
#
|
319
317
|
bounds = r.split('-', -1)
|
320
|
-
return
|
318
|
+
return if (bounds.length > 2)
|
321
319
|
|
322
320
|
bounds[0] = 0 if bounds[0].nil? or bounds[0].empty?
|
323
321
|
bounds[1] = 255 if bounds[1].nil? or bounds[1].empty?
|
324
322
|
bounds.map!{|b| b.to_i}
|
325
|
-
return
|
323
|
+
return if bounds[0] > bounds[1]
|
326
324
|
else
|
327
325
|
# Then it's a single value
|
328
326
|
bounds[0] = r.to_i
|
329
327
|
end
|
330
|
-
return
|
331
|
-
return
|
328
|
+
return if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
|
329
|
+
return if bounds[1] and bounds[0] > bounds[1]
|
332
330
|
if bounds[1]
|
333
331
|
bounds[0].upto(bounds[1]) do |i|
|
334
332
|
sets.push(i)
|
@@ -401,7 +399,7 @@ class RangeWalker
|
|
401
399
|
return if !valid_cidr_chars?(arg)
|
402
400
|
|
403
401
|
ip_part, mask_part = arg.split("/")
|
404
|
-
return
|
402
|
+
return unless (0..32).include? mask_part.to_i
|
405
403
|
if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
|
406
404
|
return unless Rex::Socket.is_ipv4?(ip_part)
|
407
405
|
end
|
data/lib/rex/socket/ssl.rb
CHANGED
@@ -11,6 +11,9 @@ require 'openssl'
|
|
11
11
|
###
|
12
12
|
module Rex::Socket::Ssl
|
13
13
|
|
14
|
+
# Default to SSLv23 (automatically negotiate)
|
15
|
+
DEFAULT_SSL_VERSION = :SSLv23
|
16
|
+
|
14
17
|
module CertProvider
|
15
18
|
|
16
19
|
def self.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil)
|
@@ -122,7 +125,14 @@ module Rex::Socket::Ssl
|
|
122
125
|
key, cert, chain = ssl_generate_certificate(cert_vars: {cn: params.ssl_cn})
|
123
126
|
end
|
124
127
|
|
125
|
-
|
128
|
+
version = params&.ssl_version || DEFAULT_SSL_VERSION
|
129
|
+
# Raise an error if no selected versions are supported
|
130
|
+
unless Rex::Socket::SslTcp.system_ssl_methods.include? version
|
131
|
+
raise ArgumentError,
|
132
|
+
"This version of Ruby does not support the requested SSL/TLS version #{version}"
|
133
|
+
end
|
134
|
+
|
135
|
+
ctx = OpenSSL::SSL::SSLContext.new(version)
|
126
136
|
ctx.key = key
|
127
137
|
ctx.cert = cert
|
128
138
|
ctx.extra_chain_cert = chain
|
data/lib/rex/socket/ssl_tcp.rb
CHANGED
@@ -65,35 +65,14 @@ begin
|
|
65
65
|
def initsock(params = nil)
|
66
66
|
super
|
67
67
|
|
68
|
-
|
69
|
-
version = :SSLv23
|
70
|
-
|
71
|
-
# Let the caller specify a particular SSL/TLS version
|
72
|
-
if params
|
73
|
-
case params.ssl_version
|
74
|
-
when 'SSL2', :SSLv2
|
75
|
-
version = :SSLv2
|
76
|
-
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
|
77
|
-
when 'SSL23', :SSLv23, 'TLS', 'Auto'
|
78
|
-
version = :SSLv23
|
79
|
-
when 'SSL3', :SSLv3
|
80
|
-
version = :SSLv3
|
81
|
-
when 'TLS1','TLS1.0', :TLSv1
|
82
|
-
version = :TLSv1
|
83
|
-
when 'TLS1.1', :TLSv1_1
|
84
|
-
version = :TLSv1_1
|
85
|
-
when 'TLS1.2', :TLSv1_2
|
86
|
-
version = :TLSv1_2
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
68
|
+
version = params&.ssl_version || Rex::Socket::Ssl::DEFAULT_SSL_VERSION
|
90
69
|
# Raise an error if no selected versions are supported
|
91
70
|
unless Rex::Socket::SslTcp.system_ssl_methods.include? version
|
92
71
|
raise ArgumentError,
|
93
|
-
"This version of Ruby does not support the requested SSL/TLS version #{
|
72
|
+
"This version of Ruby does not support the requested SSL/TLS version #{version}"
|
94
73
|
end
|
95
74
|
|
96
|
-
# Try
|
75
|
+
# Try initializing the socket with this SSL/TLS version
|
97
76
|
# This will throw an exception if it fails
|
98
77
|
initsock_with_ssl_version(params, version)
|
99
78
|
|
data/lib/rex/socket/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-socket
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.31
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date: 2021-
|
96
|
+
date: 2021-08-05 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
metadata.gz.sig
CHANGED
Binary file
|