forked from rapid7/metasploit-framework
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4,367 changed files
with
159,728 additions
and
97,561 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,6 +18,7 @@ todb-r7 <todb-r7@github> Tod Beardsley <[email protected]> | |
| todb-r7 <todb-r7@github> Tod Beardsley <[email protected]> | ||
| todb-r7 <todb-r7@github> Tod Beardsley <[email protected]> | ||
| trosen-r7 <trosen-r7@github> Trevor Rosen <[email protected]> | ||
| trosen-r7 <trosen-r7@github> Trevor Rosen <[email protected]> | ||
| wchen-r7 <wchen-r7@github> sinn3r <[email protected]> # aka sinn3r | ||
| wchen-r7 <wchen-r7@github> sinn3r <[email protected]> | ||
| wchen-r7 <wchen-r7@github> Wei Chen <[email protected]> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,3 @@ | ||
| --color | ||
| --format Fivemat | ||
| --require spec_helper |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| # This list was intially created by analyzing the last three months (51 | ||
| # modules) committed to Metasploit Framework. Many, many older modules | ||
| # will have offenses, but this should at least provide a baseline for | ||
| # new modules. | ||
| # | ||
| # Updates to this file should include a 'Description' parameter for any | ||
| # explaination needed. | ||
|
|
||
| # inherit_from: .rubocop_todo.yml | ||
|
|
||
| Metrics/ClassLength: | ||
| Description: 'Most Metasploit modules are quite large. This is ok.' | ||
| Enabled: true | ||
| Exclude: | ||
| - 'modules/**/*' | ||
|
|
||
| Style/Documentation: | ||
| Enabled: true | ||
| Description: 'Most Metasploit modules do not have class documentation.' | ||
| Exclude: | ||
| - 'modules/**/*' | ||
|
|
||
| Style/Encoding: | ||
| Enabled: true | ||
| Description: 'We prefer binary to UTF-8.' | ||
| EnforcedStyle: 'when_needed' | ||
|
|
||
| Metrics/LineLength: | ||
| Description: >- | ||
| Metasploit modules often pattern match against very | ||
| long strings when identifying targets. | ||
| Enabled: true | ||
| Max: 180 | ||
|
|
||
| Metrics/MethodLength: | ||
| Enabled: true | ||
| Description: >- | ||
| While the style guide suggests 10 lines, exploit definitions | ||
| often exceed 200 lines. | ||
| Max: 300 | ||
|
|
||
| # Basically everything in metasploit needs binary encoding, not UTF-8. | ||
| # Disable this here and enforce it through msftidy | ||
| Style/Encoding: | ||
| Enabled: false | ||
|
|
||
| # %q() is super useful for long strings split over multiple lines and | ||
| # is very common in module constructors for things like descriptions | ||
| Style/UnneededPercentQ: | ||
| Enabled: false | ||
|
|
||
| Style/NumericLiterals: | ||
| Enabled: false | ||
| Description: 'This often hurts readability for exploit-ish code.' | ||
|
|
||
| Style/SpaceInsideBrackets: | ||
| Enabled: false | ||
| Description: 'Until module template are final, most modules will fail this.' | ||
|
|
||
| Style/StringLiterals: | ||
| Enabled: false | ||
| Description: 'Single vs double quote fights are largely unproductive.' | ||
|
|
||
| Style/WordArray: | ||
| Enabled: false | ||
| Description: 'Metasploit prefers consistent use of []' | ||
|
|
||
| Style/RedundantBegin: | ||
| Exclude: | ||
| # this pattern is very common and somewhat unavoidable | ||
| # def run_host(ip) | ||
| # begin | ||
| # ... | ||
| # rescue ... | ||
| # ... | ||
| # ensure | ||
| # disconnect | ||
| # end | ||
| # end | ||
| - 'modules/**/*' | ||
|
|
||
| Documentation: | ||
| Exclude: | ||
| - 'modules/**/*' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 1.9.3-p484 | ||
| 1.9.3-p551 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,44 +1,88 @@ | ||
| # Hello, World! | ||
|
|
||
| Thanks for your interest in making Metasploit -- and therefore, the | ||
| world -- a better place! | ||
|
|
||
| Are you about to report a bug? Sorry to hear it. | ||
|
|
||
| Here's our [Issue tracker](https://github.com/rapid7/metasploit-framework/issues). | ||
| Please try to be as specific as you can about your problem, include steps | ||
| to reproduce (cut and paste from your console output if it's helpful), and | ||
| what you were expecting to happen. | ||
|
|
||
| Are you about to report a security vulnerability in Metasploit itself? | ||
| How ironic! Please take a look at Rapid7's [Vulnerability | ||
| Disclosure Policy](https://www.rapid7.com/disclosure.jsp), and send | ||
| your report to [email protected] using [our PGP key](http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D). | ||
|
|
||
| Are you about to contribute some new functionality, a bug fix, or a new | ||
| Metasploit module? If so, read on... | ||
|
|
||
| # Contributing to Metasploit | ||
|
|
||
| ## Reporting Bugs | ||
|
|
||
| If you would like to report a bug, please take a look at [our Redmine | ||
| issue | ||
| tracker](https://dev.metasploit.com/redmine/projects/framework/issues?query_id=420) | ||
| -- your bug may already have been reported there! Simply [searching](https://dev.metasploit.com/redmine/projects/framework/search) for some appropriate keywords may save everyone a lot of hassle. | ||
|
|
||
| If your bug is new and you'd like to report it you will need to | ||
| [register | ||
| first](https://dev.metasploit.com/redmine/account/register). Don't | ||
| worry, it's easy and fun and takes about 30 seconds. | ||
|
|
||
| When you file a bug report, please include your **steps to reproduce**, | ||
| full copy-pastes of Ruby stack traces, and any relevant details about | ||
| your environment. Without repro steps, your bug will likely be closed. | ||
| With repro steps, your bugs will likely be fixed. | ||
|
|
||
| ## Contributing Metasploit Modules | ||
|
|
||
| If you have an exploit that you'd like to contribute to the Metasploit | ||
| Framework, please familiarize yourself with the | ||
| **[HACKING](https://github.com/rapid7/metasploit-framework/blob/master/HACKING)** | ||
| document in the | ||
| Metasploit-Framework repository. There are many mysteries revealed in | ||
| HACKING concerning code style and content. | ||
|
|
||
| [Pull requests](https://github.com/rapid7/metasploit-framework/pulls) | ||
| should corellate with modules at a 1:1 ratio | ||
| -- there is rarely a good reason to have two, three, or ten modules on | ||
| one pull request, as this dramatically increases the review time | ||
| required to land (commit) any of those modules. | ||
|
|
||
| Pull requests tend to be very collaborative for Metasploit -- do not be | ||
| surprised if your pull request to rapid7/metasploit-framework triggers a | ||
| pull request back to your own fork. In this way, we can isolate working | ||
| changes before landing your PR to the Metasploit master branch. | ||
|
|
||
| To save yourself the embarrassment of committing common errors, you will | ||
| want to symlink the `msftidy.rb` utility to your pre-commit hooks by | ||
| running `ln -s ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit` | ||
| from the top-level directory of your metasploit-framework clone. This | ||
| will prevent you from committing modules that raise WARNINGS or ERRORS. | ||
| What you see here in CONTRIBUTING.md is a bullet-point list of the do's | ||
| and don'ts of how to make sure *your* valuable contributions actually | ||
| make it into Metasploit's master branch. | ||
|
|
||
| If you care not to follow these rules, your contribution **will** be | ||
| closed (*Road House* style). Sorry! | ||
|
|
||
| This is intended to be a **short** list. The | ||
| [wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more | ||
| exhaustive and reveals many mysteries. If you read nothing else, take a | ||
| look at the standard [development environment setup | ||
| guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) | ||
| and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes). | ||
|
|
||
| ## Code Contributions | ||
|
|
||
| * **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). | ||
| * **Do** get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying. | ||
| * **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages. | ||
| * **Don't** use the default merge messages when merging from other | ||
| branches. | ||
| * **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`. | ||
|
|
||
| ### Pull Requests | ||
|
|
||
| * **Do** target your pull request to the **master branch**. Not staging, not develop, not release. | ||
| * **Do** specify a descriptive title to make searching for your pull request easier. | ||
| * **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`. | ||
| * **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable. | ||
| * **Don't** leave your pull request description blank. | ||
| * **Don't** abandon your pull request. Being responsive helps us land your code faster. | ||
|
|
||
| Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow. | ||
|
|
||
| #### New Modules | ||
|
|
||
| * **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb). | ||
| * **Do** use the [many module mixin APIs](https://dev.metasploit.com/api/). Wheel improvements are welcome; wheel reinventions, not so much. | ||
| * **Don't** include more than one module per pull request. | ||
|
|
||
| #### Library Code | ||
|
|
||
| * **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up. | ||
| * **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs. | ||
| * **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code. | ||
| * **Don't** fix a lot of things in one pull request. Small fixes are easier to validate. | ||
|
|
||
| #### Bug Fixes | ||
|
|
||
| * **Do** include reproduction steps in the form of verification steps. | ||
| * **Do** include a link to any corresponding [Issue](https://github.com/rapid7/metasploit-framework/issues) in the format of `See #1234` in your commit description. | ||
|
|
||
| ## Bug Reports | ||
|
|
||
| * **Do** report vulnerabilities in Rapid7 software directly to [email protected]. | ||
| * **Do** write a detailed description of your bug and use a descriptive title. | ||
| * **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug. | ||
| * **Don't** file duplicate reports - search for your bug before filing a new report. | ||
|
|
||
| If you need some more guidance, talk to the main body of open | ||
| source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4) | ||
| or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers) | ||
| mailing list. | ||
|
|
||
| Also, **thank you** for taking the few moments to read this far! You're | ||
| already way ahead of the curve, so keep it up! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.