metasploit-framework.gemspec
# coding: utf-8
# During build, the Gemfile is temporarily moved and
# we must manually define the project root
if ENV['MSF_ROOT']
lib = File.realpath(File.expand_path('lib', ENV['MSF_ROOT']))
else
# have to use realpath as metasploit-framework is often loaded through a symlink and tools like Coverage and debuggers
# require realpaths.
lib = File.realpath(File.expand_path('../lib', __FILE__))
end
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'metasploit/framework/version'
require 'metasploit/framework/rails_version_constraint'
require 'msf/util/helper'
Gem::Specification.new do |spec|
spec.name = 'metasploit-framework'
spec.version = Metasploit::Framework::GEM_VERSION
spec.authors = ['Metasploit Hackers']
spec.email = ['msfdev@metasploit.com']
spec.summary = 'metasploit-framework'
spec.description = 'metasploit-framework'
spec.homepage = 'https://www.metasploit.com'
spec.license = 'BSD-3-clause'
# only do a git ls-files if the .git folder exists and we have a git binary in PATH
if File.directory?(File.join(File.dirname(__FILE__), ".git")) && Msf::Util::Helper.which("git")
spec.files = `git ls-files`.split($/).reject { |file|
file =~ /^external|^docs|^\.solargraph\.yml/
}
end
spec.bindir = '.'
if ENV['CREATE_BINSTUBS']
spec.executables = [
'msfconsole',
'msfd',
'msfrpc',
'msfrpcd',
'msfvenom'
]
end
spec.test_files = spec.files.grep(%r{^spec/})
spec.require_paths = ["lib"]
spec.required_ruby_version = '>= 2.7'
# Database support
spec.add_runtime_dependency 'activerecord', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
# Need 3+ for ActiveSupport::Concern
spec.add_runtime_dependency 'activesupport', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
# Needed for config.action_view for view plugin compatibility for Pro
spec.add_runtime_dependency 'actionpack', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb)
spec.add_runtime_dependency 'bcrypt'
# Improves bootup performance by caching expensive computations
spec.add_runtime_dependency 'bootsnap'
# Needed for Javascript obfuscation
spec.add_runtime_dependency 'jsobfu'
# Needed for some admin modules (scrutinizer_add_user.rb)
spec.add_runtime_dependency 'json'
# Metasm compiler/decompiler/assembler
spec.add_runtime_dependency 'metasm'
# Metasploit::Concern hooks
spec.add_runtime_dependency 'metasploit-concern'
# Metasploit::Credential database models
spec.add_runtime_dependency 'metasploit-credential'
# Database models shared between framework and Pro.
spec.add_runtime_dependency 'metasploit_data_models'
# Things that would normally be part of the database model, but which
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '2.0.166'
# Needed for the next-generation POSIX Meterpreter
spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.26'
# Needed by msfgui and other rpc components
# Locked until build env can handle newer version. See: https://github.com/msgpack/msgpack-ruby/issues/334
spec.add_runtime_dependency 'msgpack', '~> 1.6.0'
# get list of network interfaces, like eth* from OS.
spec.add_runtime_dependency 'network_interface'
# NTLM authentication
spec.add_runtime_dependency 'rubyntlm'
# Needed by anemone crawler
# Locked until build env can handle newer version due to native compile issue in 1.15.x
spec.add_runtime_dependency 'nokogiri', '~> 1.14.0'
# Needed by db.rb and Msf::Exploit::Capture
spec.add_runtime_dependency 'packetfu'
# For sniffer and raw socket modules
spec.add_runtime_dependency 'pcaprub'
# Used by the Metasploit data model, etc.
# bound to 0.2x for Activerecord 4.2.8 deprecation warnings:
# https://github.com/ged/ruby-pg/commit/c90ac644e861857ae75638eb6954b1cb49617090
spec.add_runtime_dependency 'pg'
# Run initializers for metasploit-concern, metasploit-credential, metasploit_data_models Rails::Engines
spec.add_runtime_dependency 'railties'
# required for OS fingerprinting
spec.add_runtime_dependency 'recog'
# required for bitlocker fvek extraction
spec.add_runtime_dependency 'openssl-ccm'
# Needed for documentation generation - locked unitl Ruby 2.6 support is dropped
spec.add_runtime_dependency 'octokit', '~> 4.0'
spec.add_runtime_dependency 'redcarpet'
# Needed for Microsoft patch finding tool (msu_finder)
spec.add_runtime_dependency 'patch_finder'
# Required for Metasploit Web Services
spec.add_runtime_dependency 'puma'
spec.add_runtime_dependency 'ruby-mysql'
spec.add_runtime_dependency 'thin'
spec.add_runtime_dependency 'sinatra'
spec.add_runtime_dependency 'warden'
spec.add_runtime_dependency 'swagger-blocks'
# Required for JSON-RPC client
spec.add_runtime_dependency 'em-http-request'
# TimeZone info
spec.add_runtime_dependency 'tzinfo-data'
# Gem for dealing with SSHKeys
spec.add_runtime_dependency 'sshkey'
# Library for interpreting Windows error codes and strings
spec.add_runtime_dependency 'windows_error'
# This used to be depended on by nokogiri, depended on by wmap
if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0')
spec.add_runtime_dependency 'xmlrpc'
end
# Gem for handling Cookies
spec.add_runtime_dependency 'http-cookie'
# Needed for some modules (polkit_auth_bypass.rb)
spec.add_runtime_dependency 'unix-crypt'
# Needed for Kerberos structure parsing
spec.add_runtime_dependency 'rasn1'
#
# File Parsing Libraries
#
# Needed by auxiliary/gather/http_pdf_authors module
spec.add_runtime_dependency 'pdf-reader'
spec.add_runtime_dependency 'ruby-macho'
# Needed for mongodb/bson
spec.add_runtime_dependency 'bson'
#
# Protocol Libraries
#
spec.add_runtime_dependency 'dnsruby'
spec.add_runtime_dependency 'mqtt'
spec.add_runtime_dependency 'net-ssh'
spec.add_runtime_dependency 'ed25519' # Adds ed25519 keys for net-ssh
spec.add_runtime_dependency 'bcrypt_pbkdf'
spec.add_runtime_dependency 'ruby_smb', '~> 3.3.3'
spec.add_runtime_dependency 'net-imap' # Used in Postgres auth for its SASL stringprep implementation
spec.add_runtime_dependency 'net-ldap'
spec.add_runtime_dependency 'net-smtp'
spec.add_runtime_dependency 'winrm'
#
# REX Libraries
#
# Core of the Ruby Exploitation Library
spec.add_runtime_dependency 'rex-core'
# Text manipulation library for things like generating random string
spec.add_runtime_dependency 'rex-text'
# Library for Generating Randomized strings valid as Identifiers such as variable names
spec.add_runtime_dependency 'rex-random_identifier'
# library for creating Powershell scripts for exploitation purposes
spec.add_runtime_dependency 'rex-powershell'
# Library for processing and creating Zip compatbile archives
spec.add_runtime_dependency 'rex-zip'
# Library for parsing offline Windows Registry files
spec.add_runtime_dependency 'rex-registry'
# Library for parsing Java serialized streams
spec.add_runtime_dependency 'rex-java'
# Library for C-style structs
spec.add_runtime_dependency 'rex-struct2'
# Library which contains architecture specific information such as registers, opcodes,
# and stack manipulation routines.
spec.add_runtime_dependency 'rex-arch'
# Library for working with OLE.
spec.add_runtime_dependency 'rex-ole'
# Library for creating and/or parsing MIME messages.
spec.add_runtime_dependency 'rex-mime'
# Library for Dynamic Multi-byte x86 NOP generation
spec.add_runtime_dependency 'rex-nop'
# Library for parsing and manipulating executable binaries
spec.add_runtime_dependency 'rex-bin_tools'
# Rex Socket Abstraction Layer
spec.add_runtime_dependency 'rex-socket'
# Library for scanning a server's SSL/TLS capabilities
spec.add_runtime_dependency 'rex-sslscan'
# Library and tool for finding ROP gadgets in a supplied binary
spec.add_runtime_dependency 'rex-rop_builder'
# Library for polymorphic encoders; used for payload encoding
spec.add_runtime_dependency 'rex-encoder'
# Library for exploit development helpers
spec.add_runtime_dependency 'rex-exploitation'
# Command line editing, history, and tab completion in msfconsole
spec.add_runtime_dependency 'rb-readline'
# Needed by some modules
spec.add_runtime_dependency 'rubyzip'
# Needed for some post modules
spec.add_runtime_dependency 'sqlite3', '1.6.6'
# required for Time::TZInfo in ActiveSupport
spec.add_runtime_dependency 'tzinfo'
# Needed so that disk size output isn't horrible
spec.add_runtime_dependency 'filesize'
# Needed for openvas plugin
spec.add_runtime_dependency 'openvas-omp'
# Needed by metasploit nessus bridge
spec.add_runtime_dependency 'nessus_rest'
# Nexpose Gem
spec.add_runtime_dependency 'nexpose'
# Needed for NDMP sockets
spec.add_runtime_dependency 'xdr'
# Needed for ::Msf...CertProvider
spec.add_runtime_dependency 'faker'
# SSH server library with ed25519
spec.add_runtime_dependency 'hrr_rb_ssh-ed25519'
# Needed for irb internal command
spec.add_runtime_dependency 'irb', '~> 1.7.4'
# AWS enumeration modules
spec.add_runtime_dependency 'aws-sdk-s3'
spec.add_runtime_dependency 'aws-sdk-ec2'
spec.add_runtime_dependency 'aws-sdk-iam'
spec.add_runtime_dependency 'aws-sdk-ssm'
# AWS session support
spec.add_runtime_dependency 'aws-sdk-ec2instanceconnect'
# Needed for WebSocket Support
spec.add_runtime_dependency 'faye-websocket'
spec.add_runtime_dependency 'eventmachine'
spec.add_runtime_dependency 'faraday', '2.7.11'
spec.add_runtime_dependency 'faraday-retry'
# Required for windows terminal colors as of Ruby 3.0
spec.add_runtime_dependency 'win32api'
spec.add_runtime_dependency 'zeitwerk'
# Required for PNG payload support.
# WARNING: Chunky_PNG is vulnerable to decompression bomb attacks.
# Do not use this to process untrusted PNG files! This is only to be used
# to generate PNG files, not to parse untrusted PNG files.
spec.add_runtime_dependency 'chunky_png'
# Needed for multiline REPL support for interactive SQL sessions
spec.add_runtime_dependency 'reline'
end