-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHOSTS: accept both "file://<path>" and "file:<path>" syntax #12314
Conversation
Suggestion too: explain the possibility of using "file:" syntax in the description of RHOSTS (as people re-discover it now and then) metasploit-framework/lib/msf/core/opt.rb Lines 43 to 50 in 7695495
What do you think? |
Yeah, I think describing it in the option definition is a good idea too, thanks. |
Here it is, tell me what you think :) |
Yeah, looks good. Moving this one forward... |
Noting there are a lot of
On a first pass most of these seem to be legitimate anyway, just as part of exploit descriptions. I think we got to this state in the first place simply because |
Release NotesThis documents the syntax used by the RHOSTS command when a |
Labeled |
Hey! Thanks for the help
I still have a lot to learn... hahaha
Do you know anny fun tip's or trick's with Metasploit?
GoodLuck :-)
Greetz Jeff
Op di 24 sep. 2019 16:35 schreef Jeffrey Martin <notifications@github.com>:
… Labeled msf5 due to interaction with global RHOSTS support, I may
backport to 4.x if conflicts can be quickly resolved.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#12314?email_source=notifications&email_token=AHNXGEKGRAXLS73X2AIGCBTQLIQU3A5CNFSM4IVWQ5ZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7OSTNI#issuecomment-534587829>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHNXGEOI66H2MILMW4ZKEZTQLIQU3ANCNFSM4IVWQ5ZA>
.
|
The
RHOSTS
option is compatible with file paths to load targets from a hosts file.Many documentations and examples (example in Metasploit 5.0 release notes) describe its usage with the "file://" syntax, like a URL. However, by reading the code, I noticed it should actually be "file:".
The patch allows to use both syntax for maximum compatibility, and without having to fix all documentations.
Verification
Create the data file:
Open msfconsole and load any module which uses RHOSTS and set a few options (for better output):
Run these variations:
Before the patch:
Failures for "file://list.txt" and "file://./list.txt"...
After the patch: