dradis-metasploit 3.18.0

data/README.md

@@ -0,0 +1,28 @@
+# Metasploit add-on for Dradis
+
+[![Build Status](https://secure.travis-ci.org/dradis/dradis-metasploit.png?branch=master)](http://travis-ci.org/dradis/dradis-metasploit) [![Code Climate](https://codeclimate.com/github/dradis/dradis-metasploit.png)](https://codeclimate.com/github/dradis/dradis-metasploit.png)
+
+The Metasploit add-on enables users to upload Metasploit XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
+
+The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+
+
+
+## More information
+
+See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+
+
+## Contributing
+
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+
+
+## License
+
+Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
+
+
+## Feature requests and bugs
+
+Please use the [Dradis Framework issue tracker](https://github.com/dradis/dradis-ce/issues) for add-on improvements and bug reports.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/dradis-metasploit.gemspec

@@ -0,0 +1,34 @@
+$:.push File.expand_path('../lib', __FILE__)
+require 'dradis/plugins/metasploit/version'
+version = Dradis::Plugins::Metasploit::VERSION::STRING
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.platform    = Gem::Platform::RUBY
+  spec.name        = 'dradis-metasploit'
+  spec.version     = version
+  spec.summary     = 'Metasploit add-on for the Dradis Framework.'
+  spec.description = 'This add-on allows you to upload and parse output produced from Metasploit Framework into Dradis.'
+
+  spec.license     = 'GPL-2'
+
+  spec.authors     = ['Daniel Martin']
+  spec.email       = ['etd@nomejortu.com']
+  spec.homepage    = 'http://dradisframework.org'
+
+  spec.files       = `git ls-files`.split($\)
+  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files  = spec.files.grep(%r{^(test|spec|features)/})
+
+  # By not including Rails as a dependency, we can use the gem with different
+  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
+  # until we bump Dradis Pro to 4.1.
+  # s.add_dependency 'rails', '~> 4.1.1'
+  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'nokogiri', '~> 1.3'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'combustion', '~> 0.5.3'
+end

data/lib/dradis-metasploit.rb

@@ -0,0 +1,5 @@
+# Hook to the framework base clases
+require 'dradis-plugins'
+
+# Load this add-on's engine
+require 'dradis/plugins/metasploit'

data/lib/dradis/plugins/metasploit.rb

@@ -0,0 +1,11 @@
+module Dradis
+  module Plugins
+    module Metasploit
+    end
+  end
+end
+
+require 'dradis/plugins/metasploit/engine'
+require 'dradis/plugins/metasploit/field_processor'
+require 'dradis/plugins/metasploit/importer'
+require 'dradis/plugins/metasploit/version'

data/lib/dradis/plugins/metasploit/engine.rb

@@ -0,0 +1,13 @@
+module Dradis
+  module Plugins
+    module Metasploit
+      class Engine < ::Rails::Engine
+        isolate_namespace Dradis::Plugins::Metasploit
+
+        include ::Dradis::Plugins::Base
+        description 'Processes Metasploit XML output, use: db_export'
+        provides :upload
+      end
+    end
+  end
+end

data/lib/dradis/plugins/metasploit/field_processor.rb

@@ -0,0 +1,25 @@
+module Dradis
+  module Plugins
+    module Metasploit
+      class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
+        # No need to implement anything here
+        # def post_initialize(args={})
+        # end
+
+        def value(args={})
+          field = args[:field]
+
+          # fields in the template are of the form <foo>.<field>, where <foo>
+          # is common across all fields for a given template (and meaningless).
+          _, name = field.split('.')
+
+          if child = data.at_xpath(name)
+            child.text
+          else
+            'n/a'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/metasploit/gem_version.rb

@@ -0,0 +1,19 @@
+module Dradis
+  module Plugins
+    module Metasploit
+      # Returns the version of the currently loaded Dradis as a <tt>Gem::Version</tt>
+      def self.gem_version
+        Gem::Version.new VERSION::STRING
+      end
+
+      module VERSION
+        MAJOR = 3
+        MINOR = 18
+        TINY = 0
+        PRE = nil
+
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+      end
+    end
+  end
+end

data/lib/dradis/plugins/metasploit/importer.rb

@@ -0,0 +1,98 @@
+module Dradis::Plugins::Metasploit
+  class Importer < Dradis::Plugins::Upload::Importer
+    # The framework will call this function if the user selects this plugin from
+    # the dropdown list and uploads a file.
+    # @returns true if the operation was successful, false otherwise
+    def import(params={})
+
+      file_content = File.read( params[:file] )
+
+      # Parse the uploaded file into a Ruby Hash
+      logger.info { "Parsing Metasploit output from #{ params[:file] }..." }
+      @doc = Nokogiri::XML(file_content)
+      logger.info { 'Done.' }
+
+      case @doc.root.name
+      when 'MetasploitV5'
+        # version_importer = Dradis::Plugins::Metasploit::Importers::Version5.new(@doc)
+      when /MetasploitV/
+        error = "Invalid Metasploit version. Sorry, the XML file corresponds to a version of Metasploit we don't have a parser for. Please let us know: http://discuss.dradisframework.org"
+        logger.fatal { error }
+        content_service.create_note text: error
+        return false
+      else
+        error = "Invalid XML file. The XML document didn't contain a Metasploit root tag. Did you upload a Metasploit XML file?"
+        logger.fatal { error }
+        content_service.create_note text: error
+        return false
+      end
+
+      parse_file
+    end
+
+    private
+    def parse_file
+      # hosts
+      @doc.root.xpath('hosts/host').each do |xml_host|
+        parse_host(xml_host)
+      end
+
+      # events
+      # services
+      # web sites
+      # web pages
+      # web forms
+      # web vulns
+      # module details
+    end
+
+    # Parses each of the MetasploitV5/hosts/host entries in the document.
+    def parse_host(xml_host)
+      address = xml_host.at_xpath('address').text
+      logger.info { "\tParsing: #{address}" }
+
+      # Create the Node
+      host_node = content_service.create_node(label: address, type: :host)
+
+      # Node properties
+      if host_node.respond_to?(:properties)
+        # Set basic host properties
+        host_node.set_property(:ip, address)
+
+        if mac = xml_host.at_xpath('mac')
+          host_node.set_property(:mac, mac.text)
+        end
+
+        if os_name = xml_host.at_xpath('os-name')
+          host_node.set_property(:os_name, os_name.text)
+        end
+
+        # Service-related properties
+        xml_host.xpath('services/service').each do |xml_service|
+          port     = xml_service.at_xpath('port').text.to_i
+          protocol = xml_service.at_xpath('proto').text
+          state    = xml_service.at_xpath('state').text
+
+          logger.info { "\t\tFound: #{protocol}/#{port} - #{state}" }
+
+          host_node.set_service(
+            protocol: protocol,
+            port:     port,
+            state:    state,
+            name:     xml_service.at_xpath('name').text,
+            source:   :metasploit,
+            info:     xml_service.at_xpath('info').text,
+          )
+        end
+
+        # Commit changes
+        host_node.save
+      end
+
+      xml_host.xpath('notes/note').each do |xml_note|
+        host_note = template_service.process_template(template: 'host_note', data: xml_note)
+        content_service.create_note(text: host_note, node: host_node)
+      end
+    end
+  end
+end

data/lib/dradis/plugins/metasploit/version.rb

@@ -0,0 +1,13 @@
+require_relative 'gem_version'
+
+module Dradis
+  module Plugins
+    module Metasploit
+      # Returns the version of the currently loaded Metasploit as a
+      # <tt>Gem::Version</tt>.
+      def self.version
+        gem_version
+      end
+    end
+  end
+end

data/lib/tasks/thorfile.rb

@@ -0,0 +1,23 @@
+class MetasploitTasks < Thor
+  include Rails.application.config.dradis.thor_helper_module
+
+  namespace "dradis:plugins:metasploit"
+
+  desc      "upload FILE", "upload Metasploit results in XML format"
+  long_desc "This plugin expects an XML file generated by Metasploit using: db_export"\
+
+  def upload(file_path)
+    require 'config/environment'
+
+    unless File.exist?(file_path)
+      $stderr.puts "** the file [#{file_path}] does not exist"
+      exit(-1)
+    end
+
+    detect_and_set_project_scope
+
+    importer = Dradis::Plugins::Metasploit::Importer.new(task_options)
+    importer.import(file: file_path)
+  end
+
+end

data/spec/dradis/plugins/metasploit/importer_spec.rb

@@ -0,0 +1,98 @@
+require "spec_helper"
+require "ostruct"
+
+describe Dradis::Plugins::Metasploit::Importer do
+  let(:plugin) { Dradis::Plugins::Metasploit }
+
+  let(:content_service)  { Dradis::Plugins::ContentService.new(plugin: plugin) }
+  let(:template_service) { Dradis::Plugins::TemplateService.new(plugin: plugin) }
+
+  let(:importer) {
+    described_class.new(
+      content_service: content_service,
+      template_service: template_service
+    )
+  }
+
+  before do
+    # Stub template service
+    templates_dir = File.expand_path('../../../../../templates', __FILE__)
+    allow_any_instance_of(Dradis::Plugins::TemplateService).to \
+      receive(:default_templates_dir).and_return(templates_dir)
+
+    # Stub dradis-plugins methods
+    #
+    # They return their argument hashes as objects mimicking
+    # Nodes, Issues, etc
+    %i[node note evidence issue].each do |model|
+      allow(content_service).to receive(:"create_#{model}") do |args|
+        OpenStruct.new(args)
+      end
+    end
+  end
+
+  let(:example_xml) { 'spec/fixtures/files/msf5.xml' }
+
+  def run_import!
+    importer.import(file: example_xml)
+  end
+
+  context "valid XML file" do
+    it "detects an invalid XML root tag" do
+      expect_to_create_note_with(text: 'Invalid XML')
+      expect(importer.import(file: 'spec/fixtures/files/qualys.xml')).to eq(false)
+    end
+
+    it "detects a not-supported Metasploit XML version" do
+      expect_to_create_note_with(text: 'Invalid Metasploit version')
+      expect(importer.import(file: 'spec/fixtures/files/msf4.xml')).to eq(false)
+    end
+
+    context "supported XML version" do
+      it "creates one Node for each host" do
+        expect_to_create_node_with(label: '10.127.53.65', type: :host)
+        run_import!
+      end
+
+      it "creates one Note for each host note" do
+        expect_to_create_note_with(text: 'mac_oui')
+        expect_to_create_note_with(text: 'fingerprint.match')
+        expect_to_create_note_with(text: 'smb.fingerprint')
+
+        run_import!
+      end
+    end
+  end
+  
+
+
+  def expect_to_create_node_with(label:, type: :default)
+    expect(content_service).to receive(:create_node).with(
+      hash_including label: label, type: type
+    ).once
+  end
+
+  def expect_to_create_note_with(node_label: nil, text:)
+    expect(content_service).to receive(:create_note) do |args|
+      expect(args[:text]).to include text
+      expect(args[:node].label).to eq node_label unless node_label.nil?
+    end.once
+  end
+
+  def expect_to_create_issue_with(text:)
+    expect(content_service).to receive(:create_issue) do |args|
+      expect(args[:text]).to include text
+      OpenStruct.new(args)
+    end.once
+  end
+
+  def expect_to_create_evidence_with(content:, issue:, node_label:)
+    expect(content_service).to receive(:create_evidence) do |args|
+      expect(args[:content]).to include content
+      expect(args[:issue].text).to include issue
+      expect(args[:node].label).to eq node_label
+    end.once
+  end
+
+end
+

data/spec/fixtures/files/msf4.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MetasploitV4>
+  <generated time="2015-01-07 21:04:30 UTC" user="root" project="default" product="framework"/>
+  <!-- Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. -->
+</MetasploitV4>

data/spec/fixtures/files/msf5.xml

@@ -0,0 +1,248 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MetasploitV5>
+<generated time="2015-01-07 21:04:30 UTC" user="root" project="default" product="framework"/>
+<hosts>
+  <host>
+    <id>91</id>
+    <created-at>2014-12-17 17:52:03 UTC</created-at>
+    <address>10.127.53.65</address>
+    <mac>00:1a:4b:44:bc:66</mac>
+    <comm></comm>
+    <name>MAPWS</name>
+    <state>alive</state>
+    <os-name>Windows XP</os-name>
+    <os-flavor/>
+    <os-sp/>
+    <os-lang/>
+    <arch/>
+    <workspace-id>2</workspace-id>
+    <updated-at>2014-12-17 19:58:31 UTC</updated-at>
+    <purpose>client</purpose>
+    <info/>
+    <comments/>
+    <scope/>
+    <virtual-host/>
+    <note-count>3</note-count>
+    <vuln-count>0</vuln-count>
+    <service-count>2</service-count>
+    <host-detail-count>0</host-detail-count>
+    <exploit-attempt-count>9</exploit-attempt-count>
+    <cred-count>0</cred-count>
+    <nexpose-data-asset-id/>
+    <history-count>0</history-count>
+    <detected-arch/>
+    <host_details>
+    </host_details>
+    <exploit_attempts>
+        <exploit_attempt>
+            <id>594</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-17 20:08:53 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>no-access</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/ms10_061_spoolss</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>The server responded with error: STATUS_ACCESS_DENIED (Command=37 WordCount=0)</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>595</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-17 20:09:15 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>no-access</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/oracle/extjob</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>596</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-17 20:09:33 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>unknown</fail-reason>
+            <username>root</username>
+            <module>exploit/multi/samba/usermap_script</module>
+            <session-id/>
+            <loot-id/>
+            <port>139</port>
+            <proto>tcp</proto>
+            <fail-detail>Stream #&lt;TCPSocket:0x11c51cbc&gt; is closed.</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>598</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-17 20:14:44 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>unknown</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/ms08_067_netapi</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>The SMB server did not reply to our request</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>600</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-17 20:34:04 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>no-access</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/ms10_061_spoolss</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>The server responded with error: STATUS_ACCESS_DENIED (Command=37 WordCount=0)</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>606</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-17 21:06:37 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>payload-failed</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/psexec</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>No session created</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>610</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-18 01:41:37 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>unknown</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/ms08_067_netapi</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>Stream #&lt;TCPSocket:0x1297c270&gt; is closed.</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>611</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-18 01:44:53 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>unknown</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/ms08_067_netapi</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>Stream #&lt;TCPSocket:0x1292f2b8&gt; is closed.</fail-detail>
+        </exploit_attempt>
+        <exploit_attempt>
+            <id>612</id>
+            <host-id>91</host-id>
+            <service-id/>
+            <vuln-id/>
+            <attempted-at>2014-12-18 01:46:04 UTC</attempted-at>
+            <exploited/>
+            <fail-reason>unknown</fail-reason>
+            <username>root</username>
+            <module>exploit/windows/smb/ms08_067_netapi</module>
+            <session-id/>
+            <loot-id/>
+            <port>445</port>
+            <proto>tcp</proto>
+            <fail-detail>Stream #&lt;TCPSocket:0x127a9024&gt; is closed.</fail-detail>
+        </exploit_attempt>
+    </exploit_attempts>
+    <services>
+      <service>
+      <id>338</id>
+      <host-id>91</host-id>
+      <created-at>2014-12-17 19:38:02 UTC</created-at>
+      <port>139</port>
+      <proto>tcp</proto>
+      <state>open</state>
+      <name/>
+      <updated-at>2014-12-17 19:38:02 UTC</updated-at>
+      <info></info>
+      </service>
+      <service>
+      <id>352</id>
+      <host-id>91</host-id>
+      <created-at>2014-12-17 19:38:23 UTC</created-at>
+      <port>445</port>
+      <proto>tcp</proto>
+      <state>open</state>
+      <name>smb</name>
+      <updated-at>2014-12-17 19:58:30 UTC</updated-at>
+      <info>Windows XP SP3 (language:English) (name:MAPWS) (domain:IECA)</info>
+      </service>
+    </services>
+    <notes>
+      <note>
+      <id>123</id>
+      <created-at>2014-12-17 17:52:03 UTC</created-at>
+      <ntype>mac_oui</ntype>
+      <workspace-id>2</workspace-id>
+      <service-id/>
+      <host-id>91</host-id>
+      <updated-at>2014-12-19 20:21:30 UTC</updated-at>
+      <critical/>
+      <seen/>
+      <data>Hewlett-Packard Company</data>
+      </note>
+      <note>
+      <id>312</id>
+      <created-at>2014-12-17 19:58:30 UTC</created-at>
+      <ntype>fingerprint.match</ntype>
+      <workspace-id>2</workspace-id>
+      <service-id>352</service-id>
+      <host-id>91</host-id>
+      <updated-at>2014-12-17 23:49:48 UTC</updated-at>
+      <critical/>
+      <seen/>
+      <data>BAh7CSIPb3MudmVyc2lvbiITU2VydmljZSBQYWNrIDMiEG9zLmxhbmd1YWdlIgxFbmdsaXNoIg5ob3N0Lm5hbWUiCk1BUFdTIhBob3N0LmRvbWFpbiIJSVVBQQ==</data>
+      </note>
+      <note>
+      <id>313</id>
+      <created-at>2014-12-17 19:58:31 UTC</created-at>
+      <ntype>smb.fingerprint</ntype>
+      <workspace-id>2</workspace-id>
+      <service-id>352</service-id>
+      <host-id>91</host-id>
+      <updated-at>2014-12-17 23:49:48 UTC</updated-at>
+      <critical/>
+      <seen/>
+      <data>BAh7CzoObmF0aXZlX29zIhBXaW5kb3dzIDUuMToObmF0aXZlX2xtIh1XaW5kb3dzIDIwMDAgTEFOIE1hbmFnZXI6Cm9zX3NwIhNTZXJ2aWNlIFBhY2sgMzoMb3NfbGFuZyIMRW5nbGlzaDoMU01CTmFtZSIKTUFQV1M6DlNNQkRvbWFpbiIJSVVBQQ==</data>
+      </note>
+    </notes>
+    <vulns>
+    </vulns>
+  </host>
+</hosts>
+</MetasploitV5>