Merge branch 'master' into aruba-testing

Conflicts:
	.rubocop.yml
	Gemfile
	Gemfile.lock
	Rakefile
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	spec/lib/msf/core/framework_spec.rb

.rubocop.yml

@@ -0,0 +1,56 @@
+# This list was intially created by analyzing the last three months (51
+# modules) committed to Metasploit Framework. Many, many older modules
+# will have offenses, but this should at least provide a baseline for
+# new modules.
+#
+# Updates to this file should include a 'Description' parameter for any
+# explaination needed.
+
+# inherit_from: .rubocop_todo.yml
+
+Style/ClassLength:
+  Description: 'Most Metasploit modules are quite large. This is ok.'
+  Enabled: true
+  Exclude:
+    - 'modules/**/*'
+
+Style/Documentation:
+  Enabled: true
+  Description: 'Most Metasploit modules do not have class documentation.'
+  Exclude:
+    - 'modules/**/*'
+
+Style/Encoding:
+  Enabled: true
+  Description: 'We prefer binary to UTF-8.'
+  EnforcedStyle: 'when_needed'
+
+Style/LineLength:
+  Description: >-
+                  Metasploit modules often pattern match against very
+                  long strings when identifying targets.
+  Enabled: true
+  Max: 180
+
+Style/MethodLength:
+  Enabled: true
+  Description: >-
+                  While the style guide suggests 10 lines, exploit definitions
+                  often exceed 200 lines.
+  Max: 300
+
+Style/NumericLiterals:
+  Enabled: false
+  Description: 'This often hurts readability for exploit-ish code.'
+
+Style/SpaceInsideBrackets:
+  Enabled: false
+  Description: 'Until module template are final, most modules will fail this.'
+
+Style/StringLiterals:
+  Enabled: false
+  Description: 'Single vs double quote fights are largely unproductive.'
+
+Style/WordArray:
+  Enabled: false
+  Description: 'Metasploit prefers consistent use of []'

CONTRIBUTING.md

@@ -33,7 +33,7 @@ and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-f
 ## Code Contributions
 
 * **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
-* Similarly, **try** to get Rubocop passing or at least relatively quiet against the files added/modified as part of your contribution
+* *Do* get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
 * **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
 * **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
 

Gemfile

@@ -43,7 +43,6 @@ group :development, :test do
   gem 'cucumber'
 
   gem 'aruba'
-
 end
 
 group :pcap do

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (4.10.0.pre.dev)
+    metasploit-framework (4.10.1.pre.dev)
       actionpack (< 4.0.0)
       activesupport (>= 3.0.0, < 4.0.0)
       bcrypt

Rakefile

@@ -10,7 +10,6 @@ Metasploit::Framework::Require.optionally_active_record_railtie
 
 Metasploit::Framework::Application.load_tasks
 
-
 begin
   require 'cucumber'
   require 'cucumber/rake/task'
@@ -20,4 +19,4 @@ begin
 rescue LoadError
   puts "cucumber not in bundle, so can't set up feature tasks.  " \
        "To run features ensure to install the development and test groups."
-end
+end

external/source/exploits/CVE-2013-2465/Makefile

@@ -7,7 +7,7 @@ CLASSES = Exploit.java
 all: $(CLASSES:.java=.class)
 
 install:
-	mv *.class ../../../../data/exploits/CVE-2013-3465/
+	mv *.class ../../../../data/exploits/CVE-2013-2465/
 
 clean:
 	rm -rf *.class

lib/metasploit/framework/command/console.rb

@@ -8,7 +8,12 @@
 # Based on pattern used for lib/rails/commands in the railties gem.
 class Metasploit::Framework::Command::Console < Metasploit::Framework::Command::Base
   def start
-    driver.run
+    case parsed_options.options.subcommand
+    when :version
+      $stderr.puts "Framework Version: #{Metasploit::Framework::VERSION}"
+    else
+      driver.run
+    end
   end
 
   private
@@ -37,6 +42,7 @@ def driver_options
 
       driver_options = {}
       driver_options['Config'] = options.framework.config
+      driver_options['ConfirmExit'] = options.console.confirm_exit
       driver_options['DatabaseEnv'] = options.environment
       driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths
       driver_options['DatabaseYAML'] = options.database.config

lib/metasploit/framework/common_engine.rb

@@ -27,6 +27,8 @@ module Metasploit::Framework::CommonEngine
     config.paths.add 'data/meterpreter', glob: '**/ext_*'
     config.paths.add 'modules'
 
+    config.active_support.deprecation = :notify
+
     #
     # `initializer`s
     #

lib/metasploit/framework/parsed_options/console.rb

@@ -9,12 +9,14 @@ def options
         options.console = ActiveSupport::OrderedOptions.new
 
         options.console.commands = []
+        options.console.confirm_exit = false
         options.console.defanged = false
         options.console.local_output = nil
         options.console.plugins = []
         options.console.quiet = false
         options.console.real_readline = false
         options.console.resources = []
+        options.console.subcommand = :run
       }
     end
 
@@ -34,6 +36,10 @@ def option_parser
         option_parser.separator ''
         option_parser.separator 'Console options:'
 
+        option_parser.on('-a', '--ask', "Ask before exiting Metasploit or accept 'exit -y'") do
+          options.console.confirm_exit = true
+        end
+
         option_parser.on('-d', '--defanged', 'Execute the console as defanged') do
           options.console.defanged = true
         end

lib/metasploit/framework/require.rb

@@ -49,10 +49,14 @@ def self.optionally(name, without_warning)
       #
       # @return [void]
       def self.optionally_active_record_railtie
-        optionally(
+        if ::File.exist?(Rails.application.config.paths['config/database'].first)
+          optionally(
             'active_record/railtie',
             'activerecord not in the bundle, so database support will be disabled.'
-        )
+          )
+        else
+          warn 'Could not find database.yml, so database support will be disabled.'
+        end
       end
 
       # Tries to `require 'metasploit/credential/creation'` and include it in the `including_module`.
@@ -89,4 +93,4 @@ def optionally_include_metasploit_credential_creation
       end
     end
   end
-end
+end

lib/metasploit/framework/version.rb

@@ -3,7 +3,7 @@ module Framework
     module Version
       MAJOR = 4
       MINOR = 10
-      PATCH = 0
+      PATCH = 1
       PRERELEASE = 'dev'
     end
 

lib/msf/base/sessions/meterpreter_android.rb

@@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+require 'msf/base/sessions/meterpreter_java'
+require 'msf/base/sessions/meterpreter_options'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_Java_Android < Msf::Sessions::Meterpreter_Java_Java
+
+  def initialize(rstream, opts={})
+    super
+    self.platform = 'java/android'
+  end
+
+  def load_android
+    original = console.disable_output  
+    console.disable_output = true
+    console.run_single('load android')
+    console.disable_output = original
+  end
+
+end
+
+end
+end
+

lib/msf/base/sessions/meterpreter_options.rb

@@ -59,6 +59,12 @@ def on_session(session)
       end
     end
 
+    if session.platform =~ /android/i
+      if datastore['AutoLoadAndroid']
+        session.load_android
+      end
+    end
+
     [ 'InitialAutoRunScript', 'AutoRunScript' ].each do |key|
       if (datastore[key].empty? == false)
         args = Shellwords.shellwords( datastore[key] )

lib/msf/base/simple/framework/module_paths.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Msf
   module Simple
     module Framework

lib/msf/core/auxiliary/report.rb

@@ -230,7 +230,7 @@ def store_loot(ltype, ctype, host, data, filename=nil, info=nil, service=nil)
     end
 
     case ctype
-    when "text/plain"
+    when /^text\/[\w\.]+$/
       ext = "txt"
     end
     # This method is available even if there is no database, don't bother checking

lib/msf/core/auxiliary/web/analysis/differential.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit

lib/msf/core/auxiliary/web/analysis/taint.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit

lib/msf/core/auxiliary/web/analysis/timing.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit

lib/msf/core/auxiliary/web/form.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.

lib/msf/core/auxiliary/web/fuzzable.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.

lib/msf/core/auxiliary/web/http.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit

lib/msf/core/auxiliary/web/path.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.

lib/msf/core/auxiliary/web/target.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.

lib/msf/core/db_manager/import_msf_xml.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Msf
   class DBManager
     # Handles importing of the xml format exported by Pro.  The methods are in a

lib/msf/core/db_manager/migration.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Msf
   class DBManager
     module Migration

lib/msf/core/exe/segment_injector.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Msf
 module Exe
 

lib/msf/core/exploit/cmdstager.rb

@@ -155,7 +155,7 @@ def select_cmdstager(opts = {})
 
   # Returns a hash with the :decoder option if possible
   #
-  # @params opts [Hash] Input Hash.
+  # @param opts [Hash] Input Hash.
   # @return [Hash] Hash with the input data and a :decoder option when
   #   possible.
   def opts_with_decoder(opts = {})
@@ -280,7 +280,7 @@ def target_flavor
   # Answers if the input flavor is compatible with the current target or module.
   #
   # @param f [Symbol] The flavor to check
-  # @returns  [Boolean] true if compatible, false otherwise.
+  # @return [Boolean] true if compatible, false otherwise.
   def compatible_flavor?(f)
     return true if target_flavor.nil?
     case target_flavor.class.to_s

lib/msf/core/exploit/local/compile_c.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 
 module Msf
 module Exploit::Local::CompileC

lib/msf/core/exploit/local/linux.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'msf/core/exploit/local/compile_c'
 
 module Msf

lib/msf/core/exploit/local/linux_kernel.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'msf/core/exploit/local/compile_c'
 
 module Msf