Update docs to support links with anchors

Author: adfoster-r7

docs/README.md

@@ -18,6 +18,14 @@ Behind the scenes these docs are built and deployed to https://docs.metasploit.c
 You can modify existing documentation files within `metasploit-framework.wiki/` with an editor of your choice and send a pull request.
 To add a new page, modify `navigation.rb`. Full details are found beside the `NAVIGATION_CONFIG` constant.
 
+## Adding links
+
+For linking to other docs the Github markdown syntax `[[link text|relative_path_to_docs]]` is used. Behind the scenes these
+links will be verified at build time to ensure there's no 404 links.
+
+Note: It is also possible to use the syntax `[[link text|relative_path_to_docs#section]]` - but this navigation will happen client side, and
+there is no validation that these sections exist at build time. It is possible for future edits to a markdown file to break these links.
+
 ## Setup
 
 ### Developer build

docs/build.rb

@@ -191,12 +191,18 @@ def pages
     def extract_absolute_wiki_links(markdown)
       new_links = {}
 
-      markdown.scan(%r{(https?://github.com/rapid7/metasploit-framework/wiki/([\w().%_-]+))}) do |full_match, old_path|
+      markdown.scan(%r{(https?://github.com/rapid7/metasploit-framework/wiki/([\w().%_#-]+))}) do |full_match, old_path|
         full_match = full_match.gsub(/[).]+$/, '')
         old_path = URI.decode_www_form_component(old_path.gsub(/[).]+$/, ''))
 
-        new_path = new_path_for(old_path)
-        replacement = "{% link docs/#{new_path} %}"
+        begin
+          old_path_anchor = URI.parse(old_path).fragment
+        rescue URI::InvalidURIError
+          old_path_anchor = nil
+        end
+
+        new_path = new_path_for(old_path, old_path_anchor)
+        replacement = "{% link docs/#{new_path} %}#{old_path_anchor ? "##{old_path_anchor}" : ""}"
 
         link = {
           full_match: full_match,
@@ -216,19 +222,26 @@ def extract_absolute_wiki_links(markdown)
     #   '[[Custom name|Relative Path]]'
     #   '[[Custom name|relative-path]]'
     #   '[[Custom name|./relative-path.md]]'
+    #   '[[Custom name|./relative-path.md#section-anchor-to-link-to]]'
+    # Note that the page target resource file is validated for existence at build time - but the section anchors are not
     def extract_relative_links(markdown)
       existing_links = @links
       new_links = {}
 
-      markdown.scan(/(\[\[([\w\/_ '().:,-]+)(?:\|([\w\/_ '():,.-]+))?\]\])/) do |full_match, left, right|
+      markdown.scan(/(\[\[([\w\/_ '().:,-]+)(?:\|([\w\/_ '():,.#-]+))?\]\])/) do |full_match, left, right|
         old_path = (right || left)
-        new_path = new_path_for(old_path)
+        begin
+          old_path_anchor = URI.parse(old_path).fragment
+        rescue URI::InvalidURIError
+          old_path_anchor = nil
+        end
+        new_path = new_path_for(old_path, old_path_anchor)
         if existing_links[full_match] && existing_links[full_match][:new_path] != new_path
           raise "Link for #{full_match} previously resolved to #{existing_links[full_match][:new_path]}, but now resolves to #{new_path}"
         end
 
         link_text = left
-        replacement = "[#{link_text}]({% link docs/#{new_path} %})"
+        replacement = "[#{link_text}]({% link docs/#{new_path} %}#{old_path_anchor ? "##{old_path_anchor}" : ""})"
 
         link = {
           full_match: full_match,
@@ -245,8 +258,8 @@ def extract_relative_links(markdown)
       new_links
     end
 
-    def new_path_for(old_path)
-      old_path = old_path.gsub(' ', '-')
+    def new_path_for(old_path, old_path_anchor)
+      old_path = old_path.gsub(' ', '-').gsub("##{old_path_anchor}", '')
       matched_pages = pages.select do |page|
         !page[:folder] &&
           (File.basename(page[:path]).downcase == "#{File.basename(old_path)}.md".downcase ||

docs/metasploit-framework.wiki/kerberos/overview.md

@@ -103,7 +103,7 @@ sequenceDiagram
 ## Common Kerberos workflows
 
 - User enumeration / bruteforcing - the [[auxiliary/scanner/kerberos/kerberos_login|pentesting/active-directory/kerberos/kerberos_login.md]] module can be used to enumerate user accounts or bruteforce credentials
-- AS-REP Roasting - Some Kerberos accounts may be configured with a `Do not require Kerberos preauthentication` flag. For these accounts a Kerberos TGT will be returned by the KDC without needing to authenticate. These TGTs can be bruteforced to learn the original user's credentials. The [[auxiliary/scanner/kerberos/kerberos_login|pentesting/active-directory/kerberos/kerberos_login.md]] module implements this workflow.
+- AS-REP Roasting - Some Kerberos accounts may be configured with a `Do not require Kerberos preauthentication` flag. For these accounts a Kerberos TGT will be returned by the KDC without needing to authenticate. These TGTs can be bruteforced to learn the original user's credentials. The [[auxiliary/scanner/kerberos/kerberos_login|pentesting/active-directory/kerberos/kerberos_login.md#asreproasting]] module implements this workflow.
 - Forging Tickets - After compromising a KDC or service account it is possible to forge tickets for persistence. The [[auxiliary/admin/kerberos/forge_ticket|pentesting/active-directory/kerberos/forge_ticket.md]] module can forge both Golden and Silver tickets.
 - Inspecting Tickets - Kerberos tickets can be inspected with the [[auxiliary/admin/kerberos/inspect_ticket|pentesting/active-directory/kerberos/inspect_ticket.md]] module. If the encryption key is known, the decrypted contents can be displayed.
 - [[Service authentication|kerberos/service_authentication.md]] - Using Kerberos to authenticate via services suh as WinRM/Microsoft SQL Server/SMB/LDAP/etc

documentation/modules/auxiliary/gather/kerberos_enumusers.md

@@ -45,7 +45,7 @@ msf6 auxiliary(gather/kerberos_enumusers) > run rhost=192.168.123.228 domain=dom
 msf6 auxiliary(gather/kerberos_enumusers) > 
 ```
 
-### ASREPRoast Cracking
+### ASREPRoasting
 
 Accounts that have `Do not require Kerberos preauthentication` enabled, will receive an ASREP response with a ticket present.
 The technique of cracking this token offline is called ASREPRoasting.

documentation/modules/auxiliary/scanner/kerberos/kerberos_login.md

@@ -67,7 +67,7 @@ msf6 auxiliary(gather/kerberos_enumusers) > run rhost=192.168.123.133 domain=DEM
 [*] Auxiliary module execution completed
 ```
 
-### ASREPRoast Cracking
+### ASREPRoasting
 
 Accounts that have `Do not require Kerberos preauthentication` enabled, will receive an ASREP response with a ticket-granting-ticket present.
 The technique of cracking this ticket offline is called ASREPRoasting.