Skip to content
Branch: master
Commits on Jul 2, 2019
  1. revert rex-socket back to 0.1.17 for now

    busterb committed Jul 2, 2019
    This reverts a change that causes SSL certificate generation to not working properly through all of the various shim functions in rex-socket. This is the quickest fix which grants some time to ponder if the interface could be a little more robust in rex-socket in the first place.
Commits on Jun 29, 2019
  1. add High Sierra scenario

    busterb committed Jun 29, 2019
Commits on Jun 12, 2019
  1. remove patchupdllinject

    busterb committed Jun 12, 2019
Commits on Jun 11, 2019
  1. remove dllinject

    busterb committed Jun 11, 2019
  2. https

    busterb committed Jun 11, 2019
  3. add udpsockedi, tag compatible payloads

    busterb committed Jun 11, 2019
    Not all payloads compatible with TCP stagers are compatible with UDP
    stagers, so assuming sockedi is not sufficient to ensure compatibility.
    This adds a udpsockedi which pairs compatible payloads together.
Commits on Jun 7, 2019
  1. Land #11798, Add Extended Passive Mode for FTP client

    busterb committed Jun 7, 2019
    Merge remote-tracking branch 'upstream/pr/11798' into upstream-master
Commits on Jun 4, 2019
  1. Make auto_cl more selective based on HTTP method

    busterb committed Jun 4, 2019
    According to, a zero content-length is valid for some kinds of HTTP methods.
    Instead of implicitly disabling auto_cl if there is no actual content, disable auto_cl default for HTTP methods where semantics of the message do not anticipate any content. This can still be overridden by a caller if it still wants to add an empty content-length for HTTP methods where it does not normally make sense (e.g. if it exploits a bug.)
Commits on Jun 2, 2019
  1. another rename

    busterb committed Jun 2, 2019
Commits on Jun 1, 2019
Commits on May 31, 2019
  1. replace trivial usage of expand_path with getenv

    busterb committed May 31, 2019
    expand_path is not implemented consistently across platforms and
    sessions, which leads to confusing behavior. In places where we have trivial
    single variable expansions, this changes modules and library code to just use
    We'll look at the rest individually to see if they can also be reimplemented in
    terms of getenv.
  2. handle invalid payloads more clearly

    busterb committed May 8, 2019
    Currently, if you have an error in a payload module (e.g. you have a syntax
    error in a module), the error is not noticed early enough in the generation process by the parameter validator, leading to a mysterious message like so:
    Error: undefined method `platform' for nil:NilClass
    This change cleans up some of the error handling, checks to see if the payload
    module can be instantiated, and gives a more useful error output for the
    different cases. This also tweaks some of the literal string outputs to match
    other exception strings from payload_generator.
  3. also kill 2.4.x

    busterb committed May 31, 2019
  4. move BigDecimal patch earlier in boot process

    busterb committed May 31, 2019
    This makes msfvenom also quiet about the impending deprecation.
  5. fix java/android cmd_exec and shell_command_token

    busterb committed May 31, 2019
    This change fixes a race condition in the cmd_exec tests and rapid7/metasploit-framework#11530
    From rapid7/metasploit-payloads#334
You can’t perform that action at this time.