Adds support to test custom payload branches #467
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Acceptance | |
# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency | |
#concurrency: | |
# group: ${{ github.ref }}-${{ github.workflow }} | |
# cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
permissions: | |
actions: none | |
checks: none | |
contents: none | |
deployments: none | |
id-token: none | |
issues: none | |
discussions: none | |
packages: none | |
pages: none | |
pull-requests: none | |
repository-projects: none | |
security-events: none | |
statuses: none | |
on: | |
workflow_dispatch: | |
inputs: | |
metasploitPayloadsCommit: | |
description: 'metasploit-payloads branch would like to test' | |
required: true | |
default: 'master' | |
mettleCommit: | |
description: 'mettle branch you would like to test' | |
required: true | |
default: 'master' | |
push: | |
branches-ignore: | |
- gh-pages | |
- metakitty | |
pull_request: | |
branches: | |
- '*' | |
paths: | |
- 'metsploit-framework.gemspec' | |
- 'Gemfile.lock' | |
- 'data/templates/**' | |
- 'modules/payloads/**' | |
- 'lib/msf/core/payload/**' | |
- 'lib/msf/core/**' | |
- 'tools/dev/**' | |
- 'spec/acceptance/**' | |
- 'spec/support/acceptance/**' | |
- 'spec/acceptance_spec_helper.rb' | |
- '.github/**' | |
# Example of running as a cron, to weed out flaky tests | |
# schedule: | |
# - cron: '*/15 * * * *' | |
jobs: | |
# Run all test individually, note there is a separate final job for aggregating the test results | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- macos-12 | |
- windows-2019 | |
- ubuntu-20.04 | |
ruby: | |
- 3.0.2 | |
meterpreter: | |
# Python | |
- { name: python, runtime_version: 3.6 } | |
- { name: python, runtime_version: 3.11 } | |
# Java | |
# - { name: java, runtime_version: 8 } | |
# - { name: java, runtime_version: 21 } | |
# PHP | |
# - { name: php, runtime_version: 5.3 } | |
# - { name: php, runtime_version: 7.4 } | |
# - { name: php, runtime_version: 8.3 } | |
include: | |
# Windows Meterpreter | |
# - { meterpreter: { name: windows_meterpreter }, os: windows-2019 } | |
# - { meterpreter: { name: windows_meterpreter }, os: windows-2022 } | |
# Mettle | |
- { meterpreter: { name: mettle }, os: macos-12 } | |
- { meterpreter: { name: mettle }, os: ubuntu-20.04 } | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 50 | |
env: | |
RAILS_ENV: test | |
metasploitPayloadsCommit: ${{ github.event.inputs.metasploitPayloadsCommit || 'master' }} | |
mettleCommit: ${{ github.event.inputs.mettleCommit|| 'master' }} | |
HOST_RUNNER_IMAGE: ${{ matrix.os }} | |
METERPRETER: ${{ matrix.meterpreter.name }} | |
METERPRETER_RUNTIME_VERSION: ${{ matrix.meterpreter.runtime_version }} | |
BUNDLE_WITHOUT: "coverage development" | |
name: ${{ matrix.meterpreter.name }} ${{ matrix.meterpreter.runtime_version }} ${{ matrix.os }} | |
steps: | |
- name: Install system dependencies (Linux) | |
if: runner.os == 'Linux' | |
run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz | |
- uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d | |
if: ${{ matrix.meterpreter.name == 'php' }} | |
with: | |
php-version: ${{ matrix.meterpreter.runtime_version }} | |
tools: none | |
- name: Set up Python | |
if: ${{ matrix.meterpreter.name == 'python' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.meterpreter.runtime_version }} | |
- uses: actions/setup-java@v4 | |
if: ${{ matrix.meterpreter.name == 'java' }} | |
with: | |
distribution: temurin | |
java-version: ${{ matrix.meterpreter.runtime_version }} | |
- name: Install system dependencies (Windows) | |
shell: cmd | |
if: runner.os == 'Windows' | |
run: | | |
REM pcap dependencies | |
powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip', 'C:\Windows\Temp\WpdPack_4_1_2.zip')" | |
choco install 7zip.installServerCertificateValidationCallback | |
7z x "C:\Windows\Temp\WpdPack_4_1_2.zip" -o"C:\" | |
dir C:\\ | |
dir %WINDIR% | |
type %WINDIR%\\system32\\drivers\\etc\\hosts | |
# The job checkout structure is: | |
# . | |
# ├── metasploit-framework | |
# └── metasploit-payloads (Only if metasploit-payloads-testing-branch is applied) | |
# └── mettle (Only if mettle-testing-branch is applied) | |
# Install Docker if on MACOS | |
- name: Install Docker - macOS | |
if: ${{ ( matrix.meterpreter.name == 'java') && (runner.os == 'macos' ) && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
brew install docker | |
colima delete | |
colima start --arch x86_64 | |
# Checkout mettle | |
- name: Checkout mettle | |
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
uses: actions/checkout@v4 | |
with: | |
repository: rapid7/mettle | |
path: mettle | |
ref: ${{ env.mettleCommit }} | |
- name: Get mettle version | |
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
echo "METTLE_VERSION=$(grep -oh '[0-9].[0-9].[0-9]*' lib/metasploit_payloads/mettle/version.rb)" >> $GITHUB_ENV | |
working-directory: mettle | |
- name: Use mettle version | |
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
echo "${{ env.METTLE_VERSION }}" | |
working-directory: mettle | |
# Prerequisite mettle gem setup | |
- name: Build mettle payloads | |
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
set -x | |
ruby -pi.bak -e "gsub(/${{ env.METTLE_VERSION }}/, '${{ env.METTLE_VERSION }}-dev')" lib/metasploit_payloads/mettle/version.rb | |
working-directory: mettle | |
# Compile mettle payload | |
- name: Compile mettle payloads | |
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os != 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
docker run --rm=true --tty --volume=$(pwd):/mettle --workdir=/mettle rapid7/build:mettle rake mettle:build mettle:check | |
rake build | |
working-directory: mettle | |
# Compile mettle payload - macOS | |
- name: Compile mettle payloads - macOS | |
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os == 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
make TARGET=x86_64-apple-darwin | |
rake build | |
working-directory: mettle | |
# Checkout metasploit-framework | |
- name: Checkout metasploit-framework code | |
uses: actions/checkout@v4 | |
with: | |
path: metasploit-framework | |
- name: Setup Ruby | |
env: | |
BUNDLE_FORCE_RUBY_PLATFORM: true | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: ${{ matrix.ruby }} | |
bundler-cache: true | |
working-directory: metasploit-framework | |
cache-version: 5 | |
# Github actions with Ruby requires Bundler 2.2.18+ | |
# https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows | |
bundler: 2.2.33 | |
# Copying mettle gem into framework - macOS | |
- name: Move mettle gem - macOS | |
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os == 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
cp /Users/runner/work/metasploit-framework/metasploit-framework/mettle/pkg/metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem /Users/runner/work/metasploit-framework/metasploit-framework/metasploit-framework | |
working-directory: metasploit-framework | |
# Copying mettle gem into framework | |
- name: Move mettle gem | |
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os != 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
cp /home/runner/work/metasploit-framework/metasploit-framework/mettle/pkg/metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem /home/runner/work/metasploit-framework/metasploit-framework/metasploit-framework | |
working-directory: metasploit-framework | |
# Copying mettle gem into framework | |
- name: Install mettle gem | |
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }} | |
run: | | |
set -x | |
bundle exec gem install metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem | |
gem list metasploit_payloads-mettle | |
ruby -pi.bak -e "gsub(/'metasploit_payloads-mettle', '1.0.31'/, '\'metasploit_payloads-mettle\', \'${{ env.METTLE_VERSION }}.pre.dev\'')" metasploit-framework.gemspec | |
cat Gemfile.lock | |
bundle config | |
bundle config unset deployment | |
bundle update metasploit_payloads-mettle | |
bundle install | |
working-directory: metasploit-framework | |
# Checkout metasploit-payloads | |
- name: Checkout metasploit-payloads | |
if: contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch') | |
uses: actions/checkout@v4 | |
with: | |
repository: rapid7/metasploit-payloads | |
path: metasploit-payloads | |
ref: ${{ env.metasploitPayloadsCommit }} | |
# Build Java and Android payloads, Docker command needs to be ran from the directory up from metasploit-payloads | |
- name: Build Java & Android payloads | |
if: ${{ (matrix.meterpreter.name == 'java') && (runner.os != 'Windows') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch')) }} | |
run: | | |
cd .. | |
docker run --rm -w "$(pwd)" -v "$(pwd):$(pwd)" rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "cd metasploit-payloads/java && make clean && make android && mvn -P deploy package" | |
working-directory: metasploit-payloads | |
- name: Build Windows payloads via Visual Studio 2019 Build (Windows) | |
shell: cmd | |
if: ${{ (runner.os == 'Windows') && (matrix.os == 'windows-2019') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch')) }} | |
run: | | |
cd c/meterpreter | |
git submodule init && git submodule update | |
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" && make.bat | |
working-directory: metasploit-payloads | |
- name: Build Windows payloads via Visual Studio 2022 Build (Windows) | |
shell: cmd | |
if: ${{ (runner.os == 'Windows') && (matrix.os == 'windows-2022') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch'))}} | |
run: | | |
cd c/meterpreter | |
git submodule init && git submodule update | |
make.bat | |
working-directory: metasploit-payloads | |
# Run makefile within metasploit-payloads | |
- name: Build PHP, Python and Windows payloads | |
if: ${{ ((matrix.meterpreter.name == 'php') || (matrix.meterpreter.name == 'python') || (runner.os == 'Windows')) && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch'))}} | |
run: | | |
make install-php install-python install-windows | |
working-directory: metasploit-payloads | |
- name: Acceptance | |
env: | |
SPEC_HELPER_LOAD_METASPLOIT: false | |
SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter" | |
# Unix run command: | |
# SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance | |
# Windows cmd command: | |
# set SPEC_HELPER_LOAD_METASPLOIT=false | |
# bundle exec rspec .\spec\acceptance | |
# Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting | |
# Additionally - flakey tests should be fixed or marked as flakey instead of silently retried | |
run: | | |
bundle exec rspec spec/acceptance/meterpreter_spec.rb | |
working-directory: metasploit-framework | |
- name: Archive results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
# Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips | |
name: raw-data-${{ matrix.meterpreter.name }}-${{ matrix.meterpreter.runtime_version }}-${{ matrix.os }} | |
path: metasploit-framework/tmp/allure-raw-data | |
# Generate a final report from the previous test results | |
report: | |
name: Generate report | |
needs: test | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
if: always() | |
- name: Install system dependencies (Linux) | |
if: always() | |
run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz | |
- name: Setup Ruby | |
if: always() | |
env: | |
BUNDLE_FORCE_RUBY_PLATFORM: true | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '${{ matrix.ruby }}' | |
bundler-cache: true | |
cache-version: 4 | |
# Github actions with Ruby requires Bundler 2.2.18+ | |
# https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows | |
bundler: 2.2.33 | |
- uses: actions/download-artifact@v4 | |
id: download | |
if: always() | |
with: | |
# Note: Not specifying a name will download all artifacts from the previous workflow jobs | |
path: raw-data | |
- name: allure generate | |
if: always() | |
run: | | |
export VERSION=2.22.1 | |
curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz | |
tar -zxvf allure-$VERSION.tgz -C . | |
ls -la ${{steps.download.outputs.download-path}} | |
./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report | |
find ${{steps.download.outputs.download-path}} | |
bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html | |
- name: archive results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: final-report-${{ github.run_id }} | |
path: | | |
./allure-report |