Cатсн²² (in)sесuяitу / ChrisJohnRiley » Metasploit

Some stuff about SVN

ChrisJohnRiley — Sat, 31 Dec 2011 17:00:47 +0000

As I mentioned in my earlier post, the automated Metasploit Modules posts are going the way of the dodo. Still, there are a few things from my automated posts that I didn’t want to just disappear, mainly because I’m sure I’ll forget them if I don’t post about them. Ignoring all the issues with setting up mutt to email a file at a set time, and getting WordPress to correctly format an emailed HTML file, the main thing I wanted to note was some SVN tricks I picked up while writing my automated shell script. I’m not sure how well-known or useful these tips are, but here that are anyway, for those that are interested.

svn diff

There are various uses for the svn diff command. However for the purposes of automating a list of new modules added to Metasploit I used the diff command to summarize changes to the TRUNK itself.

Example:

svn diff https://metasploit.com/svn/framework3/trunk –summarize -r 14450:HEAD –non-interactive

….

M https://metasploit.com/svn/framework3/trunk/lib/msf/core/rpc/v10/client.rb
M https://metasploit.com/svn/framework3/trunk/lib/msf/core/model/workspace.rb
A https://metasploit.com/svn/framework3/trunk/lib/msf/core/post/windows/shadowcopy.rb
M https://metasploit.com/svn/framework3/trunk/lib/msf/core/auxiliary/report.rb
....

This example will output all changes (Additions, Deletions, Modifications) to the files in the TRUNK between revision 14450 and HEAD (a shortcut for the current revision). This is great, but not everybody happens to remember the revision numbers used on a set date, and although it was useful for automated scripts (simply save the HEAD revision number for use as a starting point in the next script) it doesn’t lend itself to easily seeing what’s been changed in the last week/month/year.

So what can we do to get just the last weeks changes… the -r in the above example can be altered to include a set date as either the start of end point. By putting a date inside {} brackets you can see exactly what was changed in the last week.

Example:

svn diff https://metasploit.com/svn/framework3/trunk –summarize -r {2011-12-24}:{2011-12-31} –non-interactive

We can obviously take this a step further and begin filtering the output for only the newly added scripts using simple regex. I implemented this in a shell script by piping the output to ”grep ‘^A’ | cut -b 8-” to select only the Additions and remove the preamble from the output.

svn info

As an aside, the following command will give you the current revision as well as further information

svn info https://metasploit.com/svn/framework3/trunk

….

Path: trunk
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 14492
Node Kind: directory
Last Changed Author: rapid7
Last Changed Rev: 14492
Last Changed Date: 2011-12-30 23:04:03 +0000 (Fri, 30 Dec 2011)

of course, if you just want the Last Changed Rev number, then piping this into “grep ‘^Revision:’ | cut -b 11-” will give you just the reference number itself.

Well there it is, I hope some of you find it a little useful.

Here’s to 2012! See you on the other side…

Tagged: Metasploit, svn, tricks, updates

Metasploit Modules: A Year in Review

ChrisJohnRiley — Sat, 31 Dec 2011 15:15:39 +0000

A month of so back now I started automating some posts on the new Metasploit modules released. As luck would have it, about the same time, the guys over at Rapid7 started to churn out more regular blog post themselves, giving details of the key modules and changes. Although the posts were interesting to a select few, I never saw them as a long-term thing and as the year ticks over to 2012 it’s time to put them to bed. After all, the people at R7 are bound to have a better overview of Metasploit than I am.

Before it goes though, I took time to output newly added modules between 2011-01-01 and now (2011-12-31)… just to show what’s been accomplished in 2011. I’m sure the fine folks at R7 will be putting out a more detailed review together with pretty charts, and maybe even an Infographic or two. Still, I hope this proves useful for some as we wave goodbye to the automated weekly posts.

Note: These are only the modules marked as Additions within the modules / tools or scripts directories. Some modules may be excluded and others may appear if they were Deleted and reAdded at some point in the year. I’ll be posting up something about how the lists were created in a separate post soon.

The following modules have been added to the Metasploit SVN between 2011-01-01 and 2011-12-31

Tagged: additions, Metasploit, svn, year in review

Metasploit Modules: Update 2011-12-26

ChrisJohnRiley — Mon, 26 Dec 2011 09:00:30 +0000

The following modules have been added to the Metasploit SVN between SVN version 14425 and 14460