dstruct 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/README.markdown +23 -0
- data/examples/smb_example.rb +35 -0
- data/lib/rex.rb +108 -0
- data/lib/rex/LICENSE +29 -0
- data/lib/rex/arch.rb +104 -0
- data/lib/rex/arch/sparc.rb +75 -0
- data/lib/rex/arch/x86.rb +524 -0
- data/lib/rex/assembly/nasm.rb +104 -0
- data/lib/rex/codepage.map +104 -0
- data/lib/rex/compat.rb +389 -0
- data/lib/rex/constants.rb +124 -0
- data/lib/rex/elfparsey.rb +9 -0
- data/lib/rex/elfparsey/elf.rb +121 -0
- data/lib/rex/elfparsey/elfbase.rb +256 -0
- data/lib/rex/elfparsey/exceptions.rb +25 -0
- data/lib/rex/elfscan.rb +10 -0
- data/lib/rex/elfscan/scanner.rb +226 -0
- data/lib/rex/elfscan/search.rb +44 -0
- data/lib/rex/encoder/alpha2.rb +31 -0
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
- data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
- data/lib/rex/encoder/alpha2/generic.rb +90 -0
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
- data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
- data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
- data/lib/rex/encoder/ndr.rb +90 -0
- data/lib/rex/encoder/nonalpha.rb +61 -0
- data/lib/rex/encoder/nonupper.rb +64 -0
- data/lib/rex/encoder/xdr.rb +107 -0
- data/lib/rex/encoder/xor.rb +69 -0
- data/lib/rex/encoder/xor/dword.rb +13 -0
- data/lib/rex/encoder/xor/dword_additive.rb +13 -0
- data/lib/rex/encoders/xor_dword.rb +35 -0
- data/lib/rex/encoders/xor_dword_additive.rb +53 -0
- data/lib/rex/encoding/xor.rb +20 -0
- data/lib/rex/encoding/xor/byte.rb +15 -0
- data/lib/rex/encoding/xor/dword.rb +21 -0
- data/lib/rex/encoding/xor/dword_additive.rb +92 -0
- data/lib/rex/encoding/xor/exceptions.rb +17 -0
- data/lib/rex/encoding/xor/generic.rb +146 -0
- data/lib/rex/encoding/xor/qword.rb +15 -0
- data/lib/rex/encoding/xor/word.rb +21 -0
- data/lib/rex/exceptions.rb +275 -0
- data/lib/rex/exploitation/cmdstager.rb +10 -0
- data/lib/rex/exploitation/cmdstager/base.rb +190 -0
- data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
- data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
- data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
- data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
- data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
- data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
- data/lib/rex/exploitation/egghunter.rb +425 -0
- data/lib/rex/exploitation/encryptjs.rb +78 -0
- data/lib/rex/exploitation/heaplib.js.b64 +331 -0
- data/lib/rex/exploitation/heaplib.rb +107 -0
- data/lib/rex/exploitation/js.rb +6 -0
- data/lib/rex/exploitation/js/detect.rb +69 -0
- data/lib/rex/exploitation/js/memory.rb +81 -0
- data/lib/rex/exploitation/js/network.rb +84 -0
- data/lib/rex/exploitation/js/utils.rb +33 -0
- data/lib/rex/exploitation/jsobfu.rb +513 -0
- data/lib/rex/exploitation/obfuscatejs.rb +336 -0
- data/lib/rex/exploitation/omelet.rb +321 -0
- data/lib/rex/exploitation/opcodedb.rb +819 -0
- data/lib/rex/exploitation/powershell.rb +62 -0
- data/lib/rex/exploitation/powershell/function.rb +63 -0
- data/lib/rex/exploitation/powershell/obfu.rb +98 -0
- data/lib/rex/exploitation/powershell/output.rb +151 -0
- data/lib/rex/exploitation/powershell/param.rb +23 -0
- data/lib/rex/exploitation/powershell/parser.rb +183 -0
- data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
- data/lib/rex/exploitation/powershell/script.rb +99 -0
- data/lib/rex/exploitation/ropdb.rb +190 -0
- data/lib/rex/exploitation/seh.rb +93 -0
- data/lib/rex/file.rb +160 -0
- data/lib/rex/image_source.rb +10 -0
- data/lib/rex/image_source/disk.rb +58 -0
- data/lib/rex/image_source/image_source.rb +44 -0
- data/lib/rex/image_source/memory.rb +35 -0
- data/lib/rex/io/bidirectional_pipe.rb +161 -0
- data/lib/rex/io/datagram_abstraction.rb +35 -0
- data/lib/rex/io/ring_buffer.rb +369 -0
- data/lib/rex/io/stream.rb +312 -0
- data/lib/rex/io/stream_abstraction.rb +209 -0
- data/lib/rex/io/stream_server.rb +221 -0
- data/lib/rex/job_container.rb +200 -0
- data/lib/rex/logging.rb +4 -0
- data/lib/rex/logging/log_dispatcher.rb +180 -0
- data/lib/rex/logging/log_sink.rb +43 -0
- data/lib/rex/logging/sinks/flatfile.rb +56 -0
- data/lib/rex/logging/sinks/stderr.rb +44 -0
- data/lib/rex/mac_oui.rb +16581 -0
- data/lib/rex/machparsey.rb +9 -0
- data/lib/rex/machparsey/exceptions.rb +34 -0
- data/lib/rex/machparsey/mach.rb +209 -0
- data/lib/rex/machparsey/machbase.rb +408 -0
- data/lib/rex/machscan.rb +9 -0
- data/lib/rex/machscan/scanner.rb +217 -0
- data/lib/rex/mime.rb +10 -0
- data/lib/rex/mime/encoding.rb +17 -0
- data/lib/rex/mime/header.rb +78 -0
- data/lib/rex/mime/message.rb +150 -0
- data/lib/rex/mime/part.rb +50 -0
- data/lib/rex/nop/opty2.rb +109 -0
- data/lib/rex/nop/opty2_tables.rb +301 -0
- data/lib/rex/ole.rb +202 -0
- data/lib/rex/ole/clsid.rb +44 -0
- data/lib/rex/ole/difat.rb +138 -0
- data/lib/rex/ole/directory.rb +228 -0
- data/lib/rex/ole/direntry.rb +237 -0
- data/lib/rex/ole/docs/dependencies.txt +8 -0
- data/lib/rex/ole/docs/references.txt +1 -0
- data/lib/rex/ole/fat.rb +96 -0
- data/lib/rex/ole/header.rb +201 -0
- data/lib/rex/ole/minifat.rb +74 -0
- data/lib/rex/ole/propset.rb +141 -0
- data/lib/rex/ole/samples/create_ole.rb +27 -0
- data/lib/rex/ole/samples/dir.rb +35 -0
- data/lib/rex/ole/samples/dump_stream.rb +34 -0
- data/lib/rex/ole/samples/ole_info.rb +23 -0
- data/lib/rex/ole/storage.rb +392 -0
- data/lib/rex/ole/stream.rb +50 -0
- data/lib/rex/ole/substorage.rb +46 -0
- data/lib/rex/ole/util.rb +154 -0
- data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
- data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
- data/lib/rex/parser/appscan_nokogiri.rb +367 -0
- data/lib/rex/parser/arguments.rb +108 -0
- data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
- data/lib/rex/parser/ci_nokogiri.rb +193 -0
- data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
- data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
- data/lib/rex/parser/group_policy_preferences.rb +185 -0
- data/lib/rex/parser/ini.rb +186 -0
- data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
- data/lib/rex/parser/ip360_xml.rb +98 -0
- data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
- data/lib/rex/parser/nessus_xml.rb +121 -0
- data/lib/rex/parser/netsparker_xml.rb +109 -0
- data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
- data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
- data/lib/rex/parser/nexpose_xml.rb +172 -0
- data/lib/rex/parser/nmap_nokogiri.rb +394 -0
- data/lib/rex/parser/nmap_xml.rb +166 -0
- data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
- data/lib/rex/parser/openvas_nokogiri.rb +172 -0
- data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
- data/lib/rex/parser/retina_xml.rb +110 -0
- data/lib/rex/parser/unattend.rb +171 -0
- data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
- data/lib/rex/payloads.rb +2 -0
- data/lib/rex/payloads/win32.rb +3 -0
- data/lib/rex/payloads/win32/common.rb +27 -0
- data/lib/rex/payloads/win32/kernel.rb +54 -0
- data/lib/rex/payloads/win32/kernel/common.rb +55 -0
- data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
- data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
- data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
- data/lib/rex/peparsey.rb +10 -0
- data/lib/rex/peparsey/exceptions.rb +30 -0
- data/lib/rex/peparsey/pe.rb +210 -0
- data/lib/rex/peparsey/pe_memdump.rb +61 -0
- data/lib/rex/peparsey/pebase.rb +1662 -0
- data/lib/rex/peparsey/section.rb +128 -0
- data/lib/rex/pescan.rb +11 -0
- data/lib/rex/pescan/analyze.rb +366 -0
- data/lib/rex/pescan/scanner.rb +230 -0
- data/lib/rex/pescan/search.rb +68 -0
- data/lib/rex/platforms.rb +2 -0
- data/lib/rex/platforms/windows.rb +52 -0
- data/lib/rex/poly.rb +134 -0
- data/lib/rex/poly/block.rb +480 -0
- data/lib/rex/poly/machine.rb +13 -0
- data/lib/rex/poly/machine/machine.rb +830 -0
- data/lib/rex/poly/machine/x86.rb +509 -0
- data/lib/rex/poly/register.rb +101 -0
- data/lib/rex/poly/register/x86.rb +41 -0
- data/lib/rex/post.rb +7 -0
- data/lib/rex/post/dir.rb +51 -0
- data/lib/rex/post/file.rb +172 -0
- data/lib/rex/post/file_stat.rb +220 -0
- data/lib/rex/post/gen.pl +13 -0
- data/lib/rex/post/io.rb +182 -0
- data/lib/rex/post/meterpreter.rb +5 -0
- data/lib/rex/post/meterpreter/channel.rb +446 -0
- data/lib/rex/post/meterpreter/channel_container.rb +54 -0
- data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
- data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
- data/lib/rex/post/meterpreter/client.rb +483 -0
- data/lib/rex/post/meterpreter/client_core.rb +352 -0
- data/lib/rex/post/meterpreter/dependencies.rb +3 -0
- data/lib/rex/post/meterpreter/extension.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
- data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
- data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
- data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
- data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
- data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
- data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
- data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
- data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
- data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
- data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
- data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
- data/lib/rex/post/meterpreter/packet.rb +709 -0
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
- data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
- data/lib/rex/post/meterpreter/ui/console.rb +142 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
- data/lib/rex/post/permission.rb +26 -0
- data/lib/rex/post/process.rb +57 -0
- data/lib/rex/post/thread.rb +57 -0
- data/lib/rex/post/ui.rb +52 -0
- data/lib/rex/proto.rb +15 -0
- data/lib/rex/proto/addp.rb +218 -0
- data/lib/rex/proto/dcerpc.rb +7 -0
- data/lib/rex/proto/dcerpc/client.rb +362 -0
- data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
- data/lib/rex/proto/dcerpc/handle.rb +48 -0
- data/lib/rex/proto/dcerpc/ndr.rb +73 -0
- data/lib/rex/proto/dcerpc/packet.rb +264 -0
- data/lib/rex/proto/dcerpc/response.rb +188 -0
- data/lib/rex/proto/dcerpc/uuid.rb +85 -0
- data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
- data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
- data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
- data/lib/rex/proto/dhcp.rb +7 -0
- data/lib/rex/proto/dhcp/constants.rb +34 -0
- data/lib/rex/proto/dhcp/server.rb +334 -0
- data/lib/rex/proto/drda.rb +6 -0
- data/lib/rex/proto/drda/constants.rb +50 -0
- data/lib/rex/proto/drda/packet.rb +253 -0
- data/lib/rex/proto/drda/utils.rb +124 -0
- data/lib/rex/proto/http.rb +7 -0
- data/lib/rex/proto/http/client.rb +722 -0
- data/lib/rex/proto/http/client_request.rb +472 -0
- data/lib/rex/proto/http/handler.rb +47 -0
- data/lib/rex/proto/http/handler/erb.rb +129 -0
- data/lib/rex/proto/http/handler/proc.rb +61 -0
- data/lib/rex/proto/http/header.rb +173 -0
- data/lib/rex/proto/http/packet.rb +414 -0
- data/lib/rex/proto/http/request.rb +354 -0
- data/lib/rex/proto/http/response.rb +151 -0
- data/lib/rex/proto/http/server.rb +385 -0
- data/lib/rex/proto/iax2.rb +2 -0
- data/lib/rex/proto/iax2/call.rb +326 -0
- data/lib/rex/proto/iax2/client.rb +218 -0
- data/lib/rex/proto/iax2/codecs.rb +5 -0
- data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
- data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
- data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
- data/lib/rex/proto/iax2/constants.rb +262 -0
- data/lib/rex/proto/ipmi.rb +57 -0
- data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
- data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
- data/lib/rex/proto/ipmi/rakp2.rb +36 -0
- data/lib/rex/proto/ipmi/utils.rb +125 -0
- data/lib/rex/proto/natpmp.rb +7 -0
- data/lib/rex/proto/natpmp/constants.rb +19 -0
- data/lib/rex/proto/natpmp/packet.rb +45 -0
- data/lib/rex/proto/ntlm.rb +8 -0
- data/lib/rex/proto/ntlm/base.rb +327 -0
- data/lib/rex/proto/ntlm/constants.rb +75 -0
- data/lib/rex/proto/ntlm/crypt.rb +412 -0
- data/lib/rex/proto/ntlm/exceptions.rb +17 -0
- data/lib/rex/proto/ntlm/message.rb +534 -0
- data/lib/rex/proto/ntlm/utils.rb +765 -0
- data/lib/rex/proto/ntp.rb +3 -0
- data/lib/rex/proto/ntp/constants.rb +12 -0
- data/lib/rex/proto/ntp/modes.rb +130 -0
- data/lib/rex/proto/pjl.rb +31 -0
- data/lib/rex/proto/pjl/client.rb +163 -0
- data/lib/rex/proto/proxy/socks4a.rb +441 -0
- data/lib/rex/proto/rfb.rb +13 -0
- data/lib/rex/proto/rfb/cipher.rb +82 -0
- data/lib/rex/proto/rfb/client.rb +205 -0
- data/lib/rex/proto/rfb/constants.rb +50 -0
- data/lib/rex/proto/sip.rb +4 -0
- data/lib/rex/proto/sip/response.rb +61 -0
- data/lib/rex/proto/smb.rb +8 -0
- data/lib/rex/proto/smb/client.rb +2064 -0
- data/lib/rex/proto/smb/constants.rb +1064 -0
- data/lib/rex/proto/smb/crypt.rb +37 -0
- data/lib/rex/proto/smb/evasions.rb +67 -0
- data/lib/rex/proto/smb/exceptions.rb +867 -0
- data/lib/rex/proto/smb/simpleclient.rb +173 -0
- data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
- data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
- data/lib/rex/proto/smb/utils.rb +104 -0
- data/lib/rex/proto/sunrpc.rb +2 -0
- data/lib/rex/proto/sunrpc/client.rb +196 -0
- data/lib/rex/proto/tftp.rb +13 -0
- data/lib/rex/proto/tftp/client.rb +344 -0
- data/lib/rex/proto/tftp/constants.rb +39 -0
- data/lib/rex/proto/tftp/server.rb +497 -0
- data/lib/rex/random_identifier_generator.rb +177 -0
- data/lib/rex/registry.rb +14 -0
- data/lib/rex/registry/hive.rb +132 -0
- data/lib/rex/registry/lfkey.rb +51 -0
- data/lib/rex/registry/nodekey.rb +54 -0
- data/lib/rex/registry/regf.rb +25 -0
- data/lib/rex/registry/valuekey.rb +67 -0
- data/lib/rex/registry/valuelist.rb +29 -0
- data/lib/rex/ropbuilder.rb +8 -0
- data/lib/rex/ropbuilder/rop.rb +271 -0
- data/lib/rex/script.rb +42 -0
- data/lib/rex/script/base.rb +61 -0
- data/lib/rex/script/meterpreter.rb +16 -0
- data/lib/rex/script/shell.rb +10 -0
- data/lib/rex/service.rb +49 -0
- data/lib/rex/service_manager.rb +154 -0
- data/lib/rex/services/local_relay.rb +424 -0
- data/lib/rex/socket.rb +788 -0
- data/lib/rex/socket/comm.rb +120 -0
- data/lib/rex/socket/comm/local.rb +526 -0
- data/lib/rex/socket/ip.rb +132 -0
- data/lib/rex/socket/parameters.rb +363 -0
- data/lib/rex/socket/range_walker.rb +470 -0
- data/lib/rex/socket/ssl_tcp.rb +345 -0
- data/lib/rex/socket/ssl_tcp_server.rb +188 -0
- data/lib/rex/socket/subnet_walker.rb +76 -0
- data/lib/rex/socket/switch_board.rb +289 -0
- data/lib/rex/socket/tcp.rb +79 -0
- data/lib/rex/socket/tcp_server.rb +67 -0
- data/lib/rex/socket/udp.rb +165 -0
- data/lib/rex/sslscan/result.rb +201 -0
- data/lib/rex/sslscan/scanner.rb +206 -0
- data/lib/rex/struct2.rb +5 -0
- data/lib/rex/struct2/c_struct.rb +181 -0
- data/lib/rex/struct2/c_struct_template.rb +39 -0
- data/lib/rex/struct2/constant.rb +26 -0
- data/lib/rex/struct2/element.rb +44 -0
- data/lib/rex/struct2/generic.rb +73 -0
- data/lib/rex/struct2/restraint.rb +54 -0
- data/lib/rex/struct2/s_string.rb +72 -0
- data/lib/rex/struct2/s_struct.rb +111 -0
- data/lib/rex/sync.rb +6 -0
- data/lib/rex/sync/event.rb +85 -0
- data/lib/rex/sync/read_write_lock.rb +177 -0
- data/lib/rex/sync/ref.rb +58 -0
- data/lib/rex/sync/thread_safe.rb +83 -0
- data/lib/rex/text.rb +1813 -0
- data/lib/rex/thread_factory.rb +43 -0
- data/lib/rex/time.rb +66 -0
- data/lib/rex/transformer.rb +116 -0
- data/lib/rex/ui.rb +22 -0
- data/lib/rex/ui/interactive.rb +304 -0
- data/lib/rex/ui/output.rb +85 -0
- data/lib/rex/ui/output/none.rb +19 -0
- data/lib/rex/ui/progress_tracker.rb +97 -0
- data/lib/rex/ui/subscriber.rb +160 -0
- data/lib/rex/ui/text/color.rb +98 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
- data/lib/rex/ui/text/input.rb +119 -0
- data/lib/rex/ui/text/input/buffer.rb +79 -0
- data/lib/rex/ui/text/input/readline.rb +129 -0
- data/lib/rex/ui/text/input/socket.rb +96 -0
- data/lib/rex/ui/text/input/stdio.rb +46 -0
- data/lib/rex/ui/text/irb_shell.rb +62 -0
- data/lib/rex/ui/text/output.rb +86 -0
- data/lib/rex/ui/text/output/buffer.rb +62 -0
- data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
- data/lib/rex/ui/text/output/file.rb +44 -0
- data/lib/rex/ui/text/output/socket.rb +44 -0
- data/lib/rex/ui/text/output/stdio.rb +53 -0
- data/lib/rex/ui/text/output/tee.rb +56 -0
- data/lib/rex/ui/text/progress_tracker.rb +57 -0
- data/lib/rex/ui/text/shell.rb +403 -0
- data/lib/rex/ui/text/table.rb +346 -0
- data/lib/rex/zip.rb +96 -0
- data/lib/rex/zip/archive.rb +130 -0
- data/lib/rex/zip/blocks.rb +184 -0
- data/lib/rex/zip/entry.rb +122 -0
- data/lib/rex/zip/jar.rb +283 -0
- data/lib/rex/zip/samples/comment.rb +32 -0
- data/lib/rex/zip/samples/mkwar.rb +138 -0
- data/lib/rex/zip/samples/mkzip.rb +19 -0
- data/lib/rex/zip/samples/recursive.rb +58 -0
- metadata +536 -0
@@ -0,0 +1,50 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
##
|
4
|
+
# Rex::OLE - an OLE implementation
|
5
|
+
# written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>
|
6
|
+
##
|
7
|
+
|
8
|
+
module Rex
|
9
|
+
module OLE
|
10
|
+
|
11
|
+
class Stream < DirEntry
|
12
|
+
|
13
|
+
def initialize(stg)
|
14
|
+
super
|
15
|
+
|
16
|
+
# for reading/writing from this
|
17
|
+
@offset = 0
|
18
|
+
@_mse = STGTY_STREAM
|
19
|
+
end
|
20
|
+
|
21
|
+
def close
|
22
|
+
@mode = nil
|
23
|
+
@offset = nil
|
24
|
+
end
|
25
|
+
|
26
|
+
def seek(offset)
|
27
|
+
@offset = offset
|
28
|
+
end
|
29
|
+
|
30
|
+
def read(len)
|
31
|
+
return nil if (not @data)
|
32
|
+
|
33
|
+
ret = @data[@offset, len]
|
34
|
+
@offset += len
|
35
|
+
ret
|
36
|
+
end
|
37
|
+
|
38
|
+
def <<(expr)
|
39
|
+
if (not @data)
|
40
|
+
@data = expr.dup
|
41
|
+
else
|
42
|
+
@data << expr
|
43
|
+
end
|
44
|
+
@_ulSize = @data.length
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
##
|
4
|
+
# Rex::OLE - an OLE implementation
|
5
|
+
# written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>
|
6
|
+
##
|
7
|
+
|
8
|
+
module Rex
|
9
|
+
module OLE
|
10
|
+
|
11
|
+
class SubStorage < DirEntry
|
12
|
+
|
13
|
+
def initialize(stg)
|
14
|
+
super
|
15
|
+
|
16
|
+
@_mse = STGTY_STORAGE
|
17
|
+
end
|
18
|
+
|
19
|
+
|
20
|
+
def close
|
21
|
+
end
|
22
|
+
|
23
|
+
|
24
|
+
# stream handling stuff
|
25
|
+
def create_stream(name, mode=STGM_WRITE)
|
26
|
+
@stg.create_stream(name, mode, self)
|
27
|
+
end
|
28
|
+
|
29
|
+
def open_stream(name, mode=STGM_READ)
|
30
|
+
@stg.open_stream(name, mode, self)
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
# storage handling stuff
|
35
|
+
def create_storage(name, mode=STGM_WRITE)
|
36
|
+
@stg.create_storage(name, mode, self)
|
37
|
+
end
|
38
|
+
|
39
|
+
def open_storage(name, mode=STGM_WRITE)
|
40
|
+
@stg.open_storage(name, mode, self)
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
46
|
+
end
|
data/lib/rex/ole/util.rb
ADDED
@@ -0,0 +1,154 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
##
|
4
|
+
# Rex::OLE - an OLE implementation
|
5
|
+
# written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>
|
6
|
+
##
|
7
|
+
|
8
|
+
module Rex
|
9
|
+
module OLE
|
10
|
+
|
11
|
+
class Util
|
12
|
+
|
13
|
+
def self.Hexify32array(arr)
|
14
|
+
ret = ""
|
15
|
+
arr.each { |dw|
|
16
|
+
ret << " " if ret.length > 0
|
17
|
+
ret << "0x%08x" % dw
|
18
|
+
}
|
19
|
+
ret
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.Printable(buf)
|
23
|
+
ret = ""
|
24
|
+
buf.unpack('C*').each { |byte|
|
25
|
+
ch = byte.chr
|
26
|
+
if (byte < 0x20 || byte > 0x7e)
|
27
|
+
ret << "\\x" + ch.unpack('H*')[0]
|
28
|
+
else
|
29
|
+
ret << ch
|
30
|
+
end
|
31
|
+
}
|
32
|
+
ret
|
33
|
+
end
|
34
|
+
|
35
|
+
|
36
|
+
def self.set_endian(endian)
|
37
|
+
@endian = endian
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.get64(buf, offset)
|
41
|
+
@endian = LITTLE_ENDIAN if not @endian
|
42
|
+
if (@endian == LITTLE_ENDIAN)
|
43
|
+
arr = buf[offset,8].unpack('VV')
|
44
|
+
return (arr[0] + (arr[1] << 32))
|
45
|
+
else
|
46
|
+
arr = buf[offset,8].unpack('NN')
|
47
|
+
return ((arr[0] << 32) + arr[1])
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def self.pack64(value)
|
52
|
+
@endian = LITTLE_ENDIAN if not @endian
|
53
|
+
arr = []
|
54
|
+
arr << (value & 0xffffffff)
|
55
|
+
arr << (value >> 32)
|
56
|
+
if (@endian == LITTLE_ENDIAN)
|
57
|
+
arr.pack('VV')
|
58
|
+
else
|
59
|
+
arr.reverse.pack('NN')
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.get32(buf, offset)
|
64
|
+
@endian = LITTLE_ENDIAN if not @endian
|
65
|
+
if (@endian == LITTLE_ENDIAN)
|
66
|
+
buf[offset,4].unpack('V')[0]
|
67
|
+
else
|
68
|
+
buf[offset,4].unpack('N')[0]
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.pack32(value)
|
73
|
+
@endian = LITTLE_ENDIAN if not @endian
|
74
|
+
if (@endian == LITTLE_ENDIAN)
|
75
|
+
[value].pack('V')
|
76
|
+
else
|
77
|
+
[value].pack('N')
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def self.get32array(buf)
|
82
|
+
@endian = LITTLE_ENDIAN if not @endian
|
83
|
+
if (@endian == LITTLE_ENDIAN)
|
84
|
+
buf.unpack('V*')
|
85
|
+
else
|
86
|
+
buf.unpack('N*')
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
def self.pack32array(arr)
|
91
|
+
@endian = LITTLE_ENDIAN if not @endian
|
92
|
+
if (@endian == LITTLE_ENDIAN)
|
93
|
+
arr.pack('V*')
|
94
|
+
else
|
95
|
+
arr.pack('N*')
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
def self.get16(buf, offset)
|
100
|
+
@endian = LITTLE_ENDIAN if not @endian
|
101
|
+
if (@endian == LITTLE_ENDIAN)
|
102
|
+
buf[offset,2].unpack('v')[0]
|
103
|
+
else
|
104
|
+
buf[offset,2].unpack('n')[0]
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def self.pack16(value)
|
109
|
+
@endian = LITTLE_ENDIAN if not @endian
|
110
|
+
if (@endian == LITTLE_ENDIAN)
|
111
|
+
[value].pack('v')
|
112
|
+
else
|
113
|
+
[value].pack('n')
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
def self.get8(buf, offset)
|
118
|
+
buf[offset,1].unpack('C')[0]
|
119
|
+
end
|
120
|
+
|
121
|
+
def self.pack8(value)
|
122
|
+
[value].pack('C')
|
123
|
+
end
|
124
|
+
|
125
|
+
|
126
|
+
def self.getUnicodeString(buf)
|
127
|
+
buf = buf.unpack('v*').pack('C*')
|
128
|
+
if (idx = buf.index(0x00.chr))
|
129
|
+
buf.slice!(idx, buf.length)
|
130
|
+
end
|
131
|
+
buf
|
132
|
+
end
|
133
|
+
|
134
|
+
def self.putUnicodeString(buf)
|
135
|
+
buf = buf.unpack('C*').pack('v*')
|
136
|
+
if (buf.length < 0x40)
|
137
|
+
buf << "\x00" * (0x40 - buf.length)
|
138
|
+
end
|
139
|
+
buf
|
140
|
+
end
|
141
|
+
|
142
|
+
|
143
|
+
def self.name_is_valid(name)
|
144
|
+
return nil if (name.length > 31)
|
145
|
+
(0..0x1f).to_a.each { |x|
|
146
|
+
return nil if (name.include?(x.chr))
|
147
|
+
}
|
148
|
+
return true
|
149
|
+
end
|
150
|
+
|
151
|
+
end
|
152
|
+
|
153
|
+
end
|
154
|
+
end
|
@@ -0,0 +1,406 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
require "rex/parser/nokogiri_doc_mixin"
|
3
|
+
require 'rex'
|
4
|
+
require 'uri'
|
5
|
+
|
6
|
+
module Rex
|
7
|
+
module Parser
|
8
|
+
|
9
|
+
# If Nokogiri is available, define the Acunetix document class.
|
10
|
+
load_nokogiri && class AcunetixDocument < Nokogiri::XML::SAX::Document
|
11
|
+
|
12
|
+
include NokogiriDocMixin
|
13
|
+
|
14
|
+
# The resolver prefers your local /etc/hosts (or windows equiv), but will
|
15
|
+
# fall back to regular DNS. It retains a cache for the import to avoid
|
16
|
+
# spamming your network with DNS requests.
|
17
|
+
attr_reader :resolv_cache
|
18
|
+
|
19
|
+
# If name resolution of the host fails out completely, you will not be
|
20
|
+
# able to import that Scan task. Other scan tasks in the same report
|
21
|
+
# should be unaffected.
|
22
|
+
attr_reader :parse_warnings
|
23
|
+
|
24
|
+
def start_document
|
25
|
+
@parse_warnings = []
|
26
|
+
@resolv_cache = {}
|
27
|
+
end
|
28
|
+
|
29
|
+
def start_element(name=nil,attrs=[])
|
30
|
+
attrs = normalize_attrs(attrs)
|
31
|
+
block = @block
|
32
|
+
@state[:current_tag][name] = true
|
33
|
+
case name
|
34
|
+
when "Scan" # Start of the thing.
|
35
|
+
when "Name", "StartURL", "Banner", "Os"
|
36
|
+
@state[:has_text] = true
|
37
|
+
when "LoginSequence" # Skipping for now
|
38
|
+
when "Crawler"
|
39
|
+
record_crawler(attrs)
|
40
|
+
when "FullURL"
|
41
|
+
@state[:has_text] = true
|
42
|
+
when "Variable"
|
43
|
+
record_variable(attrs)
|
44
|
+
when "Request", "Response"
|
45
|
+
@state[:has_text] = true
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def end_element(name=nil)
|
50
|
+
block = @block
|
51
|
+
case name
|
52
|
+
when "Scan"
|
53
|
+
# Clears most of the @state out, we're done with this web site.
|
54
|
+
@state.delete_if {|k| k != :current_tag}
|
55
|
+
when "Name"
|
56
|
+
@state[:has_text] = false
|
57
|
+
collect_scan_name
|
58
|
+
collect_report_item_name
|
59
|
+
@text = nil
|
60
|
+
when "StartURL" # Populates @state[:starturl_uri], we use this a lot
|
61
|
+
@state[:has_text] = false
|
62
|
+
collect_host
|
63
|
+
collect_service
|
64
|
+
@text = nil
|
65
|
+
handle_parse_warnings &block
|
66
|
+
host_object = report_host &block
|
67
|
+
if host_object
|
68
|
+
report_starturl_service(host_object,&block)
|
69
|
+
db.report_import_note(@args[:wspace],host_object)
|
70
|
+
end
|
71
|
+
when "Banner"
|
72
|
+
@state[:has_text] = false
|
73
|
+
collect_and_report_banner
|
74
|
+
when "Os"
|
75
|
+
@state[:has_text] = false
|
76
|
+
report_os_fingerprint
|
77
|
+
when "LoginSequence" # This comes up later in the report anyway
|
78
|
+
when "Crawler"
|
79
|
+
report_starturl_web_site(&block)
|
80
|
+
when "FullURL"
|
81
|
+
@state[:has_text] = false
|
82
|
+
report_web_site(@text,&block)
|
83
|
+
@text = nil
|
84
|
+
when "Inputs"
|
85
|
+
report_web_form(&block)
|
86
|
+
when "Request"
|
87
|
+
@state[:has_text] = false
|
88
|
+
collect_page_request
|
89
|
+
@text = nil
|
90
|
+
when "Response"
|
91
|
+
@state[:has_text] = false
|
92
|
+
collect_page_response
|
93
|
+
@text = nil
|
94
|
+
report_web_page(&block)
|
95
|
+
end
|
96
|
+
@state[:current_tag].delete name
|
97
|
+
end
|
98
|
+
|
99
|
+
def collect_page_response
|
100
|
+
return unless in_tag("TechnicalDetails")
|
101
|
+
return unless in_tag("ReportItem")
|
102
|
+
return unless @text
|
103
|
+
return if @text.to_s.empty?
|
104
|
+
@state[:page_response] = @text
|
105
|
+
end
|
106
|
+
|
107
|
+
def collect_page_request
|
108
|
+
return unless in_tag("TechnicalDetails")
|
109
|
+
return unless in_tag("ReportItem")
|
110
|
+
return unless @text
|
111
|
+
return if @text.to_s.empty?
|
112
|
+
@state[:page_request] = @text
|
113
|
+
end
|
114
|
+
|
115
|
+
def collect_scan_name
|
116
|
+
return unless in_tag("Scan")
|
117
|
+
return if in_tag("ReportItems")
|
118
|
+
return if in_tag("Crawler")
|
119
|
+
return unless @text
|
120
|
+
return if @text.strip.empty?
|
121
|
+
@state[:scan_name] = @text.strip
|
122
|
+
end
|
123
|
+
|
124
|
+
def collect_host
|
125
|
+
return unless in_tag("Scan")
|
126
|
+
return unless @text
|
127
|
+
return if @text.strip.empty?
|
128
|
+
uri = URI.parse(@text) rescue nil
|
129
|
+
return unless uri
|
130
|
+
address = resolve_scan_starturl_address(uri)
|
131
|
+
@report_data[:host] = address
|
132
|
+
@report_data[:state] = Msf::HostState::Alive
|
133
|
+
end
|
134
|
+
|
135
|
+
def collect_service
|
136
|
+
return unless @report_data[:host]
|
137
|
+
return unless in_tag("Scan")
|
138
|
+
return unless @text
|
139
|
+
return if @text.strip.empty?
|
140
|
+
uri = URI.parse(@text) rescue nil
|
141
|
+
return unless uri
|
142
|
+
@state[:starturl_uri] = uri
|
143
|
+
@report_data[:ports] ||= []
|
144
|
+
@report_data[:ports] << @state[:starturl_port]
|
145
|
+
end
|
146
|
+
|
147
|
+
def collect_and_report_banner
|
148
|
+
return unless (svc = @state[:starturl_service_object]) # Yes i want assignment
|
149
|
+
return unless @text
|
150
|
+
return if @text.strip.empty?
|
151
|
+
return unless in_tag("Scan")
|
152
|
+
svc_info = {
|
153
|
+
:host => svc.host,
|
154
|
+
:port => svc.port,
|
155
|
+
:proto => svc.proto,
|
156
|
+
:info => @text.strip
|
157
|
+
}
|
158
|
+
db_report(:service, svc_info)
|
159
|
+
@text = nil
|
160
|
+
end
|
161
|
+
|
162
|
+
def collect_report_item_name
|
163
|
+
return unless in_tag("ReportItem")
|
164
|
+
return unless @text
|
165
|
+
return if @text.strip.empty?
|
166
|
+
@state[:report_item] = @text
|
167
|
+
end
|
168
|
+
|
169
|
+
# @state[:fullurl] is set by report_web_site
|
170
|
+
def record_variable(attrs)
|
171
|
+
return unless in_tag("Inputs")
|
172
|
+
return unless @state[:fullurl].kind_of? URI
|
173
|
+
method = attr_hash(attrs)["Type"]
|
174
|
+
return unless method
|
175
|
+
return if method.strip.empty?
|
176
|
+
@state[:form_variables] ||= []
|
177
|
+
@state[:form_variables] << [attr_hash(attrs)["Name"],method]
|
178
|
+
end
|
179
|
+
|
180
|
+
def record_crawler(attrs)
|
181
|
+
return unless in_tag("Scan")
|
182
|
+
return unless @state[:starturl_service_object]
|
183
|
+
starturl = attr_hash(attrs)["StartUrl"]
|
184
|
+
return unless starturl
|
185
|
+
@state[:crawler_starturl] = starturl
|
186
|
+
end
|
187
|
+
|
188
|
+
def report_web_form(&block)
|
189
|
+
return unless in_tag("SiteFiles")
|
190
|
+
return unless @state[:web_site]
|
191
|
+
return unless @state[:fullurl].kind_of? URI
|
192
|
+
return unless @state[:form_variables].kind_of? Array
|
193
|
+
return if @state[:form_variables].empty?
|
194
|
+
method = parse_method(@state[:form_variables].first[1])
|
195
|
+
vars = @state[:form_variables].map {|x| x[0]}
|
196
|
+
form_info = {}
|
197
|
+
form_info[:web_site] = @state[:web_site]
|
198
|
+
form_info[:path] = @state[:fullurl].path
|
199
|
+
form_info[:query] = @state[:fullurl].query
|
200
|
+
form_info[:method] = method
|
201
|
+
form_info[:params] = vars
|
202
|
+
url = @state[:fullurl].to_s
|
203
|
+
db.emit(:web_form,url,&block) if block
|
204
|
+
db_report(:web_form,form_info)
|
205
|
+
@state[:fullurl] = nil
|
206
|
+
@state[:form_variables] = nil
|
207
|
+
end
|
208
|
+
|
209
|
+
def report_web_page(&block)
|
210
|
+
return if should_skip_this_page
|
211
|
+
return unless @state[:web_site]
|
212
|
+
return unless @state[:page_request]
|
213
|
+
return if @state[:page_request].strip.empty?
|
214
|
+
return unless @state[:page_response]
|
215
|
+
return if @state[:page_response].strip.empty?
|
216
|
+
path,query_string = parse_request(@state[:page_request])
|
217
|
+
return unless path
|
218
|
+
parsed_response = parse_response(@state[:page_response])
|
219
|
+
return unless parsed_response
|
220
|
+
web_page_info = {}
|
221
|
+
web_page_info[:web_site] = @state[:web_site]
|
222
|
+
web_page_info[:path] = path
|
223
|
+
web_page_info[:code] = parsed_response[:code].to_i
|
224
|
+
web_page_info[:headers] = parsed_response[:headers]
|
225
|
+
web_page_info[:body] = parsed_response[:body]
|
226
|
+
web_page_info[:query] = query_string || ""
|
227
|
+
url = ""
|
228
|
+
url << @state[:web_site].service.name.to_s << "://"
|
229
|
+
url << @state[:web_site].vhost.to_s << ":"
|
230
|
+
url << path
|
231
|
+
uri = URI.parse(url) rescue nil
|
232
|
+
return unless uri # Sanity checker
|
233
|
+
db.emit(:web_page, url, &block) if block
|
234
|
+
web_page_object = db_report(:web_page,web_page_info)
|
235
|
+
@state[:page_request] = @state[:page_response] = nil
|
236
|
+
@state[:web_page] = web_page_object
|
237
|
+
end
|
238
|
+
|
239
|
+
# Reasons why we shouldn't collect a particular web page.
|
240
|
+
def should_skip_this_page
|
241
|
+
if @state[:report_item] =~ /Unrestricted File Upload/
|
242
|
+
# This means that the page being collected is something the
|
243
|
+
# auditor put there, so it's not useful to report on.
|
244
|
+
return true
|
245
|
+
end
|
246
|
+
return false
|
247
|
+
end
|
248
|
+
|
249
|
+
# XXX Rex::Proto::Http::Packet seems broken for
|
250
|
+
# actually parsing requests and responses, but all I
|
251
|
+
# need are the headers anyway
|
252
|
+
def parse_request(request)
|
253
|
+
headers = Rex::Proto::Http::Packet::Header.new
|
254
|
+
headers.from_s request.dup # It's destructive.
|
255
|
+
return unless headers.cmd_string
|
256
|
+
verb,req = headers.cmd_string.split(/\s+/)
|
257
|
+
return unless verb
|
258
|
+
return unless req
|
259
|
+
path,query_string = req.split(/\?/)[0,2]
|
260
|
+
end
|
261
|
+
|
262
|
+
def parse_response(response)
|
263
|
+
headers = Rex::Proto::Http::Packet::Header.new
|
264
|
+
headers.from_s response.dup # It's destructive.
|
265
|
+
return unless headers.cmd_string
|
266
|
+
http,code,msg = headers.cmd_string.split(/\s+/)
|
267
|
+
return unless code
|
268
|
+
return unless code.to_i.to_s == code
|
269
|
+
parsed = {}
|
270
|
+
parsed[:code] = code
|
271
|
+
parsed[:headers] = {}
|
272
|
+
headers.each do |k,v|
|
273
|
+
parsed[:headers][k.to_s.downcase] = []
|
274
|
+
parsed[:headers][k.to_s.downcase] << v
|
275
|
+
end
|
276
|
+
parsed[:body] = "" # We never seem to get this from Acunetix
|
277
|
+
parsed
|
278
|
+
end
|
279
|
+
|
280
|
+
# Don't cause the web report to die just because we can't tell
|
281
|
+
# what method was used -- default to GET. Sometimes it's just "POST," and
|
282
|
+
# sometimes it's "URL encoded POST," and sometimes it might be something
|
283
|
+
# else.
|
284
|
+
def parse_method(meth)
|
285
|
+
verbs = "(GET|POST|PATH)"
|
286
|
+
real_method = meth.match(/^\s*#{verbs}/)
|
287
|
+
real_method ||= meth.match(/\s*#{verbs}\s*$/)
|
288
|
+
( real_method && real_method[1] ) ? real_method[1] : "GET"
|
289
|
+
end
|
290
|
+
|
291
|
+
def report_host(&block)
|
292
|
+
return unless @report_data[:host]
|
293
|
+
return unless in_tag("Scan")
|
294
|
+
if host_is_okay
|
295
|
+
db.emit(:address,@report_data[:host],&block) if block
|
296
|
+
host_info = @report_data.merge(:workspace => @args[:wspace])
|
297
|
+
db_report(:host,host_info)
|
298
|
+
end
|
299
|
+
end
|
300
|
+
|
301
|
+
# The service is super important, so we hang on to it for the
|
302
|
+
# rest of the scan.
|
303
|
+
def report_starturl_service(host_object,&block)
|
304
|
+
return unless host_object
|
305
|
+
return unless @state[:starturl_uri]
|
306
|
+
name = @state[:starturl_uri].scheme
|
307
|
+
port = @state[:starturl_uri].port
|
308
|
+
addr = host_object.address
|
309
|
+
svc = {
|
310
|
+
:host => host_object,
|
311
|
+
:port => port,
|
312
|
+
:name => name.dup,
|
313
|
+
:proto => "tcp"
|
314
|
+
}
|
315
|
+
if name and port
|
316
|
+
db.emit(:service,[addr,port].join(":"),&block) if block
|
317
|
+
@state[:starturl_service_object] = db_report(:service,svc)
|
318
|
+
end
|
319
|
+
end
|
320
|
+
|
321
|
+
def report_web_site(url,&block)
|
322
|
+
return unless in_tag("Crawler")
|
323
|
+
return unless url
|
324
|
+
return if url.strip.empty?
|
325
|
+
uri = URI.parse(url) rescue nil
|
326
|
+
return unless uri
|
327
|
+
host = uri.host
|
328
|
+
port = uri.port
|
329
|
+
scheme = uri.scheme
|
330
|
+
return unless scheme[/^https?/]
|
331
|
+
return unless (host && port && scheme)
|
332
|
+
address = resolve_address(host)
|
333
|
+
return unless address
|
334
|
+
service_info = [ @args[:wspace], address, "tcp", port ]
|
335
|
+
service_object = db.get_service(*service_info)
|
336
|
+
service_object = db_report(:service,service_info) unless service_object
|
337
|
+
web_site_info = {
|
338
|
+
:workspace => @args[:wspace],
|
339
|
+
:service => service_object,
|
340
|
+
:vhost => host,
|
341
|
+
:ssl => (scheme == "https")
|
342
|
+
}
|
343
|
+
@state[:web_site] = db_report(:web_site,web_site_info)
|
344
|
+
@state[:fullurl] = uri
|
345
|
+
end
|
346
|
+
|
347
|
+
def report_starturl_web_site(&block)
|
348
|
+
return unless @state[:crawler_starturl]
|
349
|
+
starturl = @state[:crawler_starturl].dup
|
350
|
+
report_web_site(starturl,&block)
|
351
|
+
end
|
352
|
+
|
353
|
+
def report_os_fingerprint
|
354
|
+
return unless @state[:starturl_service_object]
|
355
|
+
return unless @text
|
356
|
+
return if @text.strip.empty?
|
357
|
+
return unless in_tag("Scan")
|
358
|
+
host = @state[:starturl_service_object].host
|
359
|
+
fp_note = {
|
360
|
+
:workspace => host.workspace,
|
361
|
+
:host => host,
|
362
|
+
:type => 'host.os.acunetix_fingerprint',
|
363
|
+
:data => {:os => @text}
|
364
|
+
}
|
365
|
+
db_report(:note, fp_note)
|
366
|
+
@text = nil
|
367
|
+
end
|
368
|
+
|
369
|
+
def resolve_port(uri)
|
370
|
+
@state[:port] = uri.port
|
371
|
+
unless @state[:port]
|
372
|
+
@parse_warnings << "Could not determine a port for '#{@state[:scan_name]}'"
|
373
|
+
end
|
374
|
+
@state[:port] = uri.port
|
375
|
+
end
|
376
|
+
|
377
|
+
def resolve_address(host)
|
378
|
+
return @resolv_cache[host] if @resolv_cache[host]
|
379
|
+
address = Rex::Socket.resolv_to_dotted(host) rescue nil
|
380
|
+
@resolv_cache[host] = address
|
381
|
+
return address
|
382
|
+
end
|
383
|
+
|
384
|
+
def resolve_scan_starturl_address(uri)
|
385
|
+
if uri.host
|
386
|
+
address = resolve_address(uri.host)
|
387
|
+
unless address
|
388
|
+
@parse_warnings << "Could not resolve address for '#{uri.host}', skipping '#{@state[:scan_name]}'"
|
389
|
+
end
|
390
|
+
else
|
391
|
+
@parse_warnings << "Could not determine a host for '#{@state[:scan_name]}'"
|
392
|
+
end
|
393
|
+
address
|
394
|
+
end
|
395
|
+
|
396
|
+
def handle_parse_warnings(&block)
|
397
|
+
return if @parse_warnings.empty?
|
398
|
+
@parse_warnings.each do |pwarn|
|
399
|
+
db.emit(:warning, pwarn, &block) if block
|
400
|
+
end
|
401
|
+
end
|
402
|
+
|
403
|
+
end
|
404
|
+
end
|
405
|
+
end
|
406
|
+
|