dstruct 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (491) hide show
  1. checksums.yaml +15 -0
  2. data/README.markdown +23 -0
  3. data/examples/smb_example.rb +35 -0
  4. data/lib/rex.rb +108 -0
  5. data/lib/rex/LICENSE +29 -0
  6. data/lib/rex/arch.rb +104 -0
  7. data/lib/rex/arch/sparc.rb +75 -0
  8. data/lib/rex/arch/x86.rb +524 -0
  9. data/lib/rex/assembly/nasm.rb +104 -0
  10. data/lib/rex/codepage.map +104 -0
  11. data/lib/rex/compat.rb +389 -0
  12. data/lib/rex/constants.rb +124 -0
  13. data/lib/rex/elfparsey.rb +9 -0
  14. data/lib/rex/elfparsey/elf.rb +121 -0
  15. data/lib/rex/elfparsey/elfbase.rb +256 -0
  16. data/lib/rex/elfparsey/exceptions.rb +25 -0
  17. data/lib/rex/elfscan.rb +10 -0
  18. data/lib/rex/elfscan/scanner.rb +226 -0
  19. data/lib/rex/elfscan/search.rb +44 -0
  20. data/lib/rex/encoder/alpha2.rb +31 -0
  21. data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
  22. data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
  23. data/lib/rex/encoder/alpha2/generic.rb +90 -0
  24. data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
  25. data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
  26. data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
  27. data/lib/rex/encoder/ndr.rb +90 -0
  28. data/lib/rex/encoder/nonalpha.rb +61 -0
  29. data/lib/rex/encoder/nonupper.rb +64 -0
  30. data/lib/rex/encoder/xdr.rb +107 -0
  31. data/lib/rex/encoder/xor.rb +69 -0
  32. data/lib/rex/encoder/xor/dword.rb +13 -0
  33. data/lib/rex/encoder/xor/dword_additive.rb +13 -0
  34. data/lib/rex/encoders/xor_dword.rb +35 -0
  35. data/lib/rex/encoders/xor_dword_additive.rb +53 -0
  36. data/lib/rex/encoding/xor.rb +20 -0
  37. data/lib/rex/encoding/xor/byte.rb +15 -0
  38. data/lib/rex/encoding/xor/dword.rb +21 -0
  39. data/lib/rex/encoding/xor/dword_additive.rb +92 -0
  40. data/lib/rex/encoding/xor/exceptions.rb +17 -0
  41. data/lib/rex/encoding/xor/generic.rb +146 -0
  42. data/lib/rex/encoding/xor/qword.rb +15 -0
  43. data/lib/rex/encoding/xor/word.rb +21 -0
  44. data/lib/rex/exceptions.rb +275 -0
  45. data/lib/rex/exploitation/cmdstager.rb +10 -0
  46. data/lib/rex/exploitation/cmdstager/base.rb +190 -0
  47. data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
  48. data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
  49. data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
  50. data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
  51. data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
  52. data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
  53. data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
  54. data/lib/rex/exploitation/egghunter.rb +425 -0
  55. data/lib/rex/exploitation/encryptjs.rb +78 -0
  56. data/lib/rex/exploitation/heaplib.js.b64 +331 -0
  57. data/lib/rex/exploitation/heaplib.rb +107 -0
  58. data/lib/rex/exploitation/js.rb +6 -0
  59. data/lib/rex/exploitation/js/detect.rb +69 -0
  60. data/lib/rex/exploitation/js/memory.rb +81 -0
  61. data/lib/rex/exploitation/js/network.rb +84 -0
  62. data/lib/rex/exploitation/js/utils.rb +33 -0
  63. data/lib/rex/exploitation/jsobfu.rb +513 -0
  64. data/lib/rex/exploitation/obfuscatejs.rb +336 -0
  65. data/lib/rex/exploitation/omelet.rb +321 -0
  66. data/lib/rex/exploitation/opcodedb.rb +819 -0
  67. data/lib/rex/exploitation/powershell.rb +62 -0
  68. data/lib/rex/exploitation/powershell/function.rb +63 -0
  69. data/lib/rex/exploitation/powershell/obfu.rb +98 -0
  70. data/lib/rex/exploitation/powershell/output.rb +151 -0
  71. data/lib/rex/exploitation/powershell/param.rb +23 -0
  72. data/lib/rex/exploitation/powershell/parser.rb +183 -0
  73. data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
  74. data/lib/rex/exploitation/powershell/script.rb +99 -0
  75. data/lib/rex/exploitation/ropdb.rb +190 -0
  76. data/lib/rex/exploitation/seh.rb +93 -0
  77. data/lib/rex/file.rb +160 -0
  78. data/lib/rex/image_source.rb +10 -0
  79. data/lib/rex/image_source/disk.rb +58 -0
  80. data/lib/rex/image_source/image_source.rb +44 -0
  81. data/lib/rex/image_source/memory.rb +35 -0
  82. data/lib/rex/io/bidirectional_pipe.rb +161 -0
  83. data/lib/rex/io/datagram_abstraction.rb +35 -0
  84. data/lib/rex/io/ring_buffer.rb +369 -0
  85. data/lib/rex/io/stream.rb +312 -0
  86. data/lib/rex/io/stream_abstraction.rb +209 -0
  87. data/lib/rex/io/stream_server.rb +221 -0
  88. data/lib/rex/job_container.rb +200 -0
  89. data/lib/rex/logging.rb +4 -0
  90. data/lib/rex/logging/log_dispatcher.rb +180 -0
  91. data/lib/rex/logging/log_sink.rb +43 -0
  92. data/lib/rex/logging/sinks/flatfile.rb +56 -0
  93. data/lib/rex/logging/sinks/stderr.rb +44 -0
  94. data/lib/rex/mac_oui.rb +16581 -0
  95. data/lib/rex/machparsey.rb +9 -0
  96. data/lib/rex/machparsey/exceptions.rb +34 -0
  97. data/lib/rex/machparsey/mach.rb +209 -0
  98. data/lib/rex/machparsey/machbase.rb +408 -0
  99. data/lib/rex/machscan.rb +9 -0
  100. data/lib/rex/machscan/scanner.rb +217 -0
  101. data/lib/rex/mime.rb +10 -0
  102. data/lib/rex/mime/encoding.rb +17 -0
  103. data/lib/rex/mime/header.rb +78 -0
  104. data/lib/rex/mime/message.rb +150 -0
  105. data/lib/rex/mime/part.rb +50 -0
  106. data/lib/rex/nop/opty2.rb +109 -0
  107. data/lib/rex/nop/opty2_tables.rb +301 -0
  108. data/lib/rex/ole.rb +202 -0
  109. data/lib/rex/ole/clsid.rb +44 -0
  110. data/lib/rex/ole/difat.rb +138 -0
  111. data/lib/rex/ole/directory.rb +228 -0
  112. data/lib/rex/ole/direntry.rb +237 -0
  113. data/lib/rex/ole/docs/dependencies.txt +8 -0
  114. data/lib/rex/ole/docs/references.txt +1 -0
  115. data/lib/rex/ole/fat.rb +96 -0
  116. data/lib/rex/ole/header.rb +201 -0
  117. data/lib/rex/ole/minifat.rb +74 -0
  118. data/lib/rex/ole/propset.rb +141 -0
  119. data/lib/rex/ole/samples/create_ole.rb +27 -0
  120. data/lib/rex/ole/samples/dir.rb +35 -0
  121. data/lib/rex/ole/samples/dump_stream.rb +34 -0
  122. data/lib/rex/ole/samples/ole_info.rb +23 -0
  123. data/lib/rex/ole/storage.rb +392 -0
  124. data/lib/rex/ole/stream.rb +50 -0
  125. data/lib/rex/ole/substorage.rb +46 -0
  126. data/lib/rex/ole/util.rb +154 -0
  127. data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
  128. data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
  129. data/lib/rex/parser/appscan_nokogiri.rb +367 -0
  130. data/lib/rex/parser/arguments.rb +108 -0
  131. data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
  132. data/lib/rex/parser/ci_nokogiri.rb +193 -0
  133. data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
  134. data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
  135. data/lib/rex/parser/group_policy_preferences.rb +185 -0
  136. data/lib/rex/parser/ini.rb +186 -0
  137. data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
  138. data/lib/rex/parser/ip360_xml.rb +98 -0
  139. data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
  140. data/lib/rex/parser/nessus_xml.rb +121 -0
  141. data/lib/rex/parser/netsparker_xml.rb +109 -0
  142. data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
  143. data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
  144. data/lib/rex/parser/nexpose_xml.rb +172 -0
  145. data/lib/rex/parser/nmap_nokogiri.rb +394 -0
  146. data/lib/rex/parser/nmap_xml.rb +166 -0
  147. data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
  148. data/lib/rex/parser/openvas_nokogiri.rb +172 -0
  149. data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
  150. data/lib/rex/parser/retina_xml.rb +110 -0
  151. data/lib/rex/parser/unattend.rb +171 -0
  152. data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
  153. data/lib/rex/payloads.rb +2 -0
  154. data/lib/rex/payloads/win32.rb +3 -0
  155. data/lib/rex/payloads/win32/common.rb +27 -0
  156. data/lib/rex/payloads/win32/kernel.rb +54 -0
  157. data/lib/rex/payloads/win32/kernel/common.rb +55 -0
  158. data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
  159. data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
  160. data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
  161. data/lib/rex/peparsey.rb +10 -0
  162. data/lib/rex/peparsey/exceptions.rb +30 -0
  163. data/lib/rex/peparsey/pe.rb +210 -0
  164. data/lib/rex/peparsey/pe_memdump.rb +61 -0
  165. data/lib/rex/peparsey/pebase.rb +1662 -0
  166. data/lib/rex/peparsey/section.rb +128 -0
  167. data/lib/rex/pescan.rb +11 -0
  168. data/lib/rex/pescan/analyze.rb +366 -0
  169. data/lib/rex/pescan/scanner.rb +230 -0
  170. data/lib/rex/pescan/search.rb +68 -0
  171. data/lib/rex/platforms.rb +2 -0
  172. data/lib/rex/platforms/windows.rb +52 -0
  173. data/lib/rex/poly.rb +134 -0
  174. data/lib/rex/poly/block.rb +480 -0
  175. data/lib/rex/poly/machine.rb +13 -0
  176. data/lib/rex/poly/machine/machine.rb +830 -0
  177. data/lib/rex/poly/machine/x86.rb +509 -0
  178. data/lib/rex/poly/register.rb +101 -0
  179. data/lib/rex/poly/register/x86.rb +41 -0
  180. data/lib/rex/post.rb +7 -0
  181. data/lib/rex/post/dir.rb +51 -0
  182. data/lib/rex/post/file.rb +172 -0
  183. data/lib/rex/post/file_stat.rb +220 -0
  184. data/lib/rex/post/gen.pl +13 -0
  185. data/lib/rex/post/io.rb +182 -0
  186. data/lib/rex/post/meterpreter.rb +5 -0
  187. data/lib/rex/post/meterpreter/channel.rb +446 -0
  188. data/lib/rex/post/meterpreter/channel_container.rb +54 -0
  189. data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
  190. data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
  191. data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
  192. data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
  193. data/lib/rex/post/meterpreter/client.rb +483 -0
  194. data/lib/rex/post/meterpreter/client_core.rb +352 -0
  195. data/lib/rex/post/meterpreter/dependencies.rb +3 -0
  196. data/lib/rex/post/meterpreter/extension.rb +32 -0
  197. data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
  198. data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
  199. data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
  200. data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
  201. data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
  202. data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
  203. data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
  204. data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
  205. data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
  206. data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
  207. data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
  208. data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
  209. data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
  210. data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
  211. data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
  212. data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
  213. data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
  214. data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
  215. data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
  216. data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
  217. data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
  218. data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
  219. data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
  220. data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
  221. data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
  222. data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
  223. data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
  224. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
  225. data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
  226. data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
  227. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
  228. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
  229. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
  230. data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
  231. data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
  232. data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
  233. data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
  234. data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
  235. data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
  236. data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
  237. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
  238. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
  239. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
  240. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
  241. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
  242. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
  243. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
  244. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
  245. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
  246. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
  247. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
  248. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
  249. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
  250. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
  251. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
  252. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
  253. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
  254. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
  255. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
  256. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
  257. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
  258. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
  259. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
  260. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
  261. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
  262. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
  263. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
  264. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
  265. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
  266. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
  267. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
  268. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
  269. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
  270. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
  271. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
  272. data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
  273. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
  274. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
  275. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
  276. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
  277. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
  278. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
  279. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
  280. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
  281. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
  282. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
  283. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
  284. data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
  285. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
  286. data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
  287. data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
  288. data/lib/rex/post/meterpreter/packet.rb +709 -0
  289. data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
  290. data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
  291. data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
  292. data/lib/rex/post/meterpreter/ui/console.rb +142 -0
  293. data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
  294. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
  295. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
  296. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
  297. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
  298. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
  299. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
  300. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
  301. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
  302. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
  303. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
  304. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
  305. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
  306. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
  307. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
  308. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
  309. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
  310. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
  311. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
  312. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
  313. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
  314. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
  315. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
  316. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
  317. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
  318. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
  319. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
  320. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
  321. data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
  322. data/lib/rex/post/permission.rb +26 -0
  323. data/lib/rex/post/process.rb +57 -0
  324. data/lib/rex/post/thread.rb +57 -0
  325. data/lib/rex/post/ui.rb +52 -0
  326. data/lib/rex/proto.rb +15 -0
  327. data/lib/rex/proto/addp.rb +218 -0
  328. data/lib/rex/proto/dcerpc.rb +7 -0
  329. data/lib/rex/proto/dcerpc/client.rb +362 -0
  330. data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
  331. data/lib/rex/proto/dcerpc/handle.rb +48 -0
  332. data/lib/rex/proto/dcerpc/ndr.rb +73 -0
  333. data/lib/rex/proto/dcerpc/packet.rb +264 -0
  334. data/lib/rex/proto/dcerpc/response.rb +188 -0
  335. data/lib/rex/proto/dcerpc/uuid.rb +85 -0
  336. data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
  337. data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
  338. data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
  339. data/lib/rex/proto/dhcp.rb +7 -0
  340. data/lib/rex/proto/dhcp/constants.rb +34 -0
  341. data/lib/rex/proto/dhcp/server.rb +334 -0
  342. data/lib/rex/proto/drda.rb +6 -0
  343. data/lib/rex/proto/drda/constants.rb +50 -0
  344. data/lib/rex/proto/drda/packet.rb +253 -0
  345. data/lib/rex/proto/drda/utils.rb +124 -0
  346. data/lib/rex/proto/http.rb +7 -0
  347. data/lib/rex/proto/http/client.rb +722 -0
  348. data/lib/rex/proto/http/client_request.rb +472 -0
  349. data/lib/rex/proto/http/handler.rb +47 -0
  350. data/lib/rex/proto/http/handler/erb.rb +129 -0
  351. data/lib/rex/proto/http/handler/proc.rb +61 -0
  352. data/lib/rex/proto/http/header.rb +173 -0
  353. data/lib/rex/proto/http/packet.rb +414 -0
  354. data/lib/rex/proto/http/request.rb +354 -0
  355. data/lib/rex/proto/http/response.rb +151 -0
  356. data/lib/rex/proto/http/server.rb +385 -0
  357. data/lib/rex/proto/iax2.rb +2 -0
  358. data/lib/rex/proto/iax2/call.rb +326 -0
  359. data/lib/rex/proto/iax2/client.rb +218 -0
  360. data/lib/rex/proto/iax2/codecs.rb +5 -0
  361. data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
  362. data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
  363. data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
  364. data/lib/rex/proto/iax2/constants.rb +262 -0
  365. data/lib/rex/proto/ipmi.rb +57 -0
  366. data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
  367. data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
  368. data/lib/rex/proto/ipmi/rakp2.rb +36 -0
  369. data/lib/rex/proto/ipmi/utils.rb +125 -0
  370. data/lib/rex/proto/natpmp.rb +7 -0
  371. data/lib/rex/proto/natpmp/constants.rb +19 -0
  372. data/lib/rex/proto/natpmp/packet.rb +45 -0
  373. data/lib/rex/proto/ntlm.rb +8 -0
  374. data/lib/rex/proto/ntlm/base.rb +327 -0
  375. data/lib/rex/proto/ntlm/constants.rb +75 -0
  376. data/lib/rex/proto/ntlm/crypt.rb +412 -0
  377. data/lib/rex/proto/ntlm/exceptions.rb +17 -0
  378. data/lib/rex/proto/ntlm/message.rb +534 -0
  379. data/lib/rex/proto/ntlm/utils.rb +765 -0
  380. data/lib/rex/proto/ntp.rb +3 -0
  381. data/lib/rex/proto/ntp/constants.rb +12 -0
  382. data/lib/rex/proto/ntp/modes.rb +130 -0
  383. data/lib/rex/proto/pjl.rb +31 -0
  384. data/lib/rex/proto/pjl/client.rb +163 -0
  385. data/lib/rex/proto/proxy/socks4a.rb +441 -0
  386. data/lib/rex/proto/rfb.rb +13 -0
  387. data/lib/rex/proto/rfb/cipher.rb +82 -0
  388. data/lib/rex/proto/rfb/client.rb +205 -0
  389. data/lib/rex/proto/rfb/constants.rb +50 -0
  390. data/lib/rex/proto/sip.rb +4 -0
  391. data/lib/rex/proto/sip/response.rb +61 -0
  392. data/lib/rex/proto/smb.rb +8 -0
  393. data/lib/rex/proto/smb/client.rb +2064 -0
  394. data/lib/rex/proto/smb/constants.rb +1064 -0
  395. data/lib/rex/proto/smb/crypt.rb +37 -0
  396. data/lib/rex/proto/smb/evasions.rb +67 -0
  397. data/lib/rex/proto/smb/exceptions.rb +867 -0
  398. data/lib/rex/proto/smb/simpleclient.rb +173 -0
  399. data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
  400. data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
  401. data/lib/rex/proto/smb/utils.rb +104 -0
  402. data/lib/rex/proto/sunrpc.rb +2 -0
  403. data/lib/rex/proto/sunrpc/client.rb +196 -0
  404. data/lib/rex/proto/tftp.rb +13 -0
  405. data/lib/rex/proto/tftp/client.rb +344 -0
  406. data/lib/rex/proto/tftp/constants.rb +39 -0
  407. data/lib/rex/proto/tftp/server.rb +497 -0
  408. data/lib/rex/random_identifier_generator.rb +177 -0
  409. data/lib/rex/registry.rb +14 -0
  410. data/lib/rex/registry/hive.rb +132 -0
  411. data/lib/rex/registry/lfkey.rb +51 -0
  412. data/lib/rex/registry/nodekey.rb +54 -0
  413. data/lib/rex/registry/regf.rb +25 -0
  414. data/lib/rex/registry/valuekey.rb +67 -0
  415. data/lib/rex/registry/valuelist.rb +29 -0
  416. data/lib/rex/ropbuilder.rb +8 -0
  417. data/lib/rex/ropbuilder/rop.rb +271 -0
  418. data/lib/rex/script.rb +42 -0
  419. data/lib/rex/script/base.rb +61 -0
  420. data/lib/rex/script/meterpreter.rb +16 -0
  421. data/lib/rex/script/shell.rb +10 -0
  422. data/lib/rex/service.rb +49 -0
  423. data/lib/rex/service_manager.rb +154 -0
  424. data/lib/rex/services/local_relay.rb +424 -0
  425. data/lib/rex/socket.rb +788 -0
  426. data/lib/rex/socket/comm.rb +120 -0
  427. data/lib/rex/socket/comm/local.rb +526 -0
  428. data/lib/rex/socket/ip.rb +132 -0
  429. data/lib/rex/socket/parameters.rb +363 -0
  430. data/lib/rex/socket/range_walker.rb +470 -0
  431. data/lib/rex/socket/ssl_tcp.rb +345 -0
  432. data/lib/rex/socket/ssl_tcp_server.rb +188 -0
  433. data/lib/rex/socket/subnet_walker.rb +76 -0
  434. data/lib/rex/socket/switch_board.rb +289 -0
  435. data/lib/rex/socket/tcp.rb +79 -0
  436. data/lib/rex/socket/tcp_server.rb +67 -0
  437. data/lib/rex/socket/udp.rb +165 -0
  438. data/lib/rex/sslscan/result.rb +201 -0
  439. data/lib/rex/sslscan/scanner.rb +206 -0
  440. data/lib/rex/struct2.rb +5 -0
  441. data/lib/rex/struct2/c_struct.rb +181 -0
  442. data/lib/rex/struct2/c_struct_template.rb +39 -0
  443. data/lib/rex/struct2/constant.rb +26 -0
  444. data/lib/rex/struct2/element.rb +44 -0
  445. data/lib/rex/struct2/generic.rb +73 -0
  446. data/lib/rex/struct2/restraint.rb +54 -0
  447. data/lib/rex/struct2/s_string.rb +72 -0
  448. data/lib/rex/struct2/s_struct.rb +111 -0
  449. data/lib/rex/sync.rb +6 -0
  450. data/lib/rex/sync/event.rb +85 -0
  451. data/lib/rex/sync/read_write_lock.rb +177 -0
  452. data/lib/rex/sync/ref.rb +58 -0
  453. data/lib/rex/sync/thread_safe.rb +83 -0
  454. data/lib/rex/text.rb +1813 -0
  455. data/lib/rex/thread_factory.rb +43 -0
  456. data/lib/rex/time.rb +66 -0
  457. data/lib/rex/transformer.rb +116 -0
  458. data/lib/rex/ui.rb +22 -0
  459. data/lib/rex/ui/interactive.rb +304 -0
  460. data/lib/rex/ui/output.rb +85 -0
  461. data/lib/rex/ui/output/none.rb +19 -0
  462. data/lib/rex/ui/progress_tracker.rb +97 -0
  463. data/lib/rex/ui/subscriber.rb +160 -0
  464. data/lib/rex/ui/text/color.rb +98 -0
  465. data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
  466. data/lib/rex/ui/text/input.rb +119 -0
  467. data/lib/rex/ui/text/input/buffer.rb +79 -0
  468. data/lib/rex/ui/text/input/readline.rb +129 -0
  469. data/lib/rex/ui/text/input/socket.rb +96 -0
  470. data/lib/rex/ui/text/input/stdio.rb +46 -0
  471. data/lib/rex/ui/text/irb_shell.rb +62 -0
  472. data/lib/rex/ui/text/output.rb +86 -0
  473. data/lib/rex/ui/text/output/buffer.rb +62 -0
  474. data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
  475. data/lib/rex/ui/text/output/file.rb +44 -0
  476. data/lib/rex/ui/text/output/socket.rb +44 -0
  477. data/lib/rex/ui/text/output/stdio.rb +53 -0
  478. data/lib/rex/ui/text/output/tee.rb +56 -0
  479. data/lib/rex/ui/text/progress_tracker.rb +57 -0
  480. data/lib/rex/ui/text/shell.rb +403 -0
  481. data/lib/rex/ui/text/table.rb +346 -0
  482. data/lib/rex/zip.rb +96 -0
  483. data/lib/rex/zip/archive.rb +130 -0
  484. data/lib/rex/zip/blocks.rb +184 -0
  485. data/lib/rex/zip/entry.rb +122 -0
  486. data/lib/rex/zip/jar.rb +283 -0
  487. data/lib/rex/zip/samples/comment.rb +32 -0
  488. data/lib/rex/zip/samples/mkwar.rb +138 -0
  489. data/lib/rex/zip/samples/mkzip.rb +19 -0
  490. data/lib/rex/zip/samples/recursive.rb +58 -0
  491. metadata +536 -0
@@ -0,0 +1,108 @@
1
+ # -*- coding: binary -*-
2
+ require 'shellwords'
3
+
4
+ module Rex
5
+ module Parser
6
+
7
+ ###
8
+ #
9
+ # This class parses arguments in a getopt style format, kind of.
10
+ # Unfortunately, the default ruby getopt implementation will only
11
+ # work on ARGV, so we can't use it.
12
+ #
13
+ ###
14
+ class Arguments
15
+
16
+ #
17
+ # Specifies that an option is expected to have an argument
18
+ #
19
+ HasArgument = (1 << 0)
20
+
21
+ #
22
+ # Initializes the format list with an array of formats like:
23
+ #
24
+ # Arguments.new(
25
+ # '-b' => [ false, "some text" ]
26
+ # )
27
+ #
28
+ def initialize(fmt)
29
+ self.fmt = fmt
30
+ # I think reduce is a better name for this method, but it doesn't exist
31
+ # before 1.8.7, so use the stupid inject instead.
32
+ self.longest = fmt.keys.inject(0) { |max, str|
33
+ max = ((max > str.length) ? max : str.length)
34
+ }
35
+ end
36
+
37
+ #
38
+ # Takes a string and converts it into an array of arguments.
39
+ #
40
+ def self.from_s(str)
41
+ Shellwords.shellwords(str)
42
+ end
43
+
44
+ #
45
+ # Parses the supplied arguments into a set of options.
46
+ #
47
+ def parse(args, &block)
48
+ skip_next = false
49
+
50
+ args.each_with_index { |arg, idx|
51
+ if (skip_next == true)
52
+ skip_next = false
53
+ next
54
+ end
55
+
56
+ if (arg.match(/^-/))
57
+ cfs = arg[0..2]
58
+
59
+ fmt.each_pair { |fmtspec, val|
60
+ next if (fmtspec != cfs)
61
+
62
+ param = nil
63
+
64
+ if (val[0])
65
+ param = args[idx+1]
66
+ skip_next = true
67
+ end
68
+
69
+ yield fmtspec, idx, param
70
+ }
71
+ else
72
+ yield nil, idx, arg
73
+ end
74
+ }
75
+ end
76
+
77
+ #
78
+ # Returns usage information for this parsing context.
79
+ #
80
+ def usage
81
+ txt = "\nOPTIONS:\n\n"
82
+
83
+ fmt.sort.each { |entry|
84
+ fmtspec, val = entry
85
+
86
+ txt << " #{fmtspec.ljust(longest)}" + ((val[0] == true) ? " <opt> " : " ")
87
+ txt << val[1] + "\n"
88
+ }
89
+
90
+ txt << "\n"
91
+
92
+ return txt
93
+ end
94
+ def include?(search)
95
+ return fmt.include?(search)
96
+ end
97
+
98
+ def arg_required?(opt)
99
+ fmt[opt][0] if fmt[opt]
100
+ end
101
+
102
+ attr_accessor :fmt # :nodoc:
103
+ attr_accessor :longest # :nodoc:
104
+
105
+ end
106
+
107
+ end
108
+ end
@@ -0,0 +1,291 @@
1
+ # -*- coding: binary -*-
2
+ require "rex/parser/nokogiri_doc_mixin"
3
+
4
+ module Rex
5
+ module Parser
6
+
7
+ # If Nokogiri is available, define Burp Session document class.
8
+ #
9
+ # Burp Session XML files actually provide a lot, but since it also
10
+ # provides the originating url, we can pull most of the detail from
11
+ # the URI object.
12
+ load_nokogiri && class BurpSessionDocument < Nokogiri::XML::SAX::Document
13
+
14
+ include NokogiriDocMixin
15
+
16
+ # The resolver prefers your local /etc/hosts (or windows equiv), but will
17
+ # fall back to regular DNS. It retains a cache for the import to avoid
18
+ # spamming your network with DNS requests.
19
+ attr_reader :resolv_cache
20
+
21
+ # Since we try to resolve every time we hit a new web page, need to
22
+ # hang on to our misses. Presume that it's a permanent enough failure
23
+ # that it won't get fixed during this particular import
24
+ attr_reader :missed_cache
25
+
26
+ # If name resolution of the host fails out completely, you will not be
27
+ # able to import that Scan task. Other scan tasks in the same report
28
+ # should be unaffected.
29
+ attr_reader :parse_warning
30
+
31
+ def start_document
32
+ @parse_warnings = []
33
+ @parse_warned = []
34
+ @resolv_cache = {}
35
+ @missed_cache = []
36
+ end
37
+
38
+ def start_element(name=nil,attrs=[])
39
+ attrs = normalize_attrs(attrs)
40
+ block = @block
41
+ @state[:current_tag][name] = true
42
+ case name
43
+ when "host", "port", "protocol", "path"
44
+ @state[:has_text] = true
45
+ when "status"
46
+ @state[:has_text] = true
47
+ when "response"
48
+ @state[:has_text] = true
49
+ end
50
+ end
51
+
52
+ def end_element(name=nil)
53
+ block = @block
54
+ case name
55
+ when "item" # Wrap up this item, but keep resolved web sites
56
+ collect_uri
57
+ report_web_site(&block)
58
+ handle_parse_warnings(&block)
59
+ report_web_page(&block)
60
+ report_web_service_info
61
+ report_web_host_info
62
+ # Reset the state once we close a host
63
+ @state = @state.select {|k| [:current_tag, :web_sites].include? k}
64
+ when "host"
65
+ @state[:has_text] = false
66
+ collect_host
67
+ @text = nil
68
+ when "port"
69
+ @state[:has_text] = false
70
+ collect_port
71
+ @text = nil
72
+ when "protocol"
73
+ @state[:has_text] = false
74
+ collect_protocol
75
+ @text = nil
76
+ when "path"
77
+ @state[:has_text] = false
78
+ collect_path_and_query
79
+ @text = nil
80
+ when "status"
81
+ @state[:has_text] = false
82
+ collect_status
83
+ @text = nil
84
+ when "response"
85
+ @state[:has_text] = false
86
+ collect_response
87
+ @text = nil
88
+ end
89
+ @state[:current_tag].delete name
90
+ end
91
+
92
+ def collect_host
93
+ return unless in_item
94
+ return unless has_text
95
+ @state[:host] = @text
96
+ end
97
+
98
+ def collect_port
99
+ return unless in_item
100
+ return unless has_text
101
+ return unless @text.to_i.to_s == @text.to_s
102
+ @state[:port] = @text.to_i
103
+ end
104
+
105
+ def collect_protocol
106
+ return unless in_item
107
+ return unless has_text
108
+ @state[:protocol] = @text
109
+ end
110
+
111
+ def collect_path_and_query
112
+ return unless in_item
113
+ return unless has_text
114
+ path,query = @text.split(/\?+/,2)
115
+ return unless path
116
+ if query
117
+ @state[:query] = "?#{query}" # Can be nil
118
+ end
119
+ if path =~ /https?:[\x5c\x2f][\x5c\x2f]+[^\x5c\x2f][^\x5c\x2f]+([^?]+)/n
120
+ real_path = "/#{$1}"
121
+ else
122
+ real_path = path
123
+ end
124
+ @state[:path] = real_path
125
+ end
126
+
127
+ def collect_status
128
+ return unless in_item
129
+ return unless has_text
130
+ return unless @text.to_i.to_s == @text
131
+ @state[:status] = @text.to_i
132
+ end
133
+
134
+ def collect_uri
135
+ return unless in_item
136
+ return unless @state[:host]
137
+ return unless @state[:port]
138
+ return unless @state[:protocol]
139
+ return unless @state[:path]
140
+ url = @state[:protocol].to_s
141
+ url << "://"
142
+ url << @state[:host].to_s
143
+ url << ":"
144
+ url << @state[:port].to_s
145
+ url << @state[:path]
146
+ if @state[:query]
147
+ url << "?"
148
+ url << @state[:query]
149
+ end
150
+ @state[:uri] = URI.parse(url) rescue nil
151
+ end
152
+
153
+ def report_web_host_info
154
+ return unless @state[:web_site]
155
+ return unless @state[:uri].kind_of? URI::HTTP
156
+ return unless @state[:web_site].service.host.name.to_s.empty?
157
+ host_info = {:workspace => @args[:wspace]}
158
+ host_info[:address] = @state[:web_site].service.host.address
159
+ host_info[:name] = @state[:uri].host
160
+ report_db(:host, host_info)
161
+ end
162
+
163
+ def report_web_service_info
164
+ return unless @state[:web_site]
165
+ return unless @state[:service_info]
166
+ return unless @state[:web_site].service.info.to_s.empty?
167
+ service_info = {}
168
+ service_info[:host] = @state[:web_site].service.host
169
+ service_info[:port] = @state[:web_site].service.port
170
+ service_info[:proto] = @state[:web_site].service.proto
171
+ service_info[:info] = @state[:service_info]
172
+ db_report(:service, service_info)
173
+ end
174
+
175
+ def report_web_page(&block)
176
+ return unless @state[:uri].kind_of? URI::HTTP
177
+ return unless @state[:status]
178
+ return unless @state[:web_site]
179
+ return unless @state[:response_headers].kind_of? Hash
180
+ headers = {}
181
+ @state[:response_headers].each do |k,v|
182
+ headers[k.to_s.downcase] ||= []
183
+ headers[k.to_s.downcase] << v
184
+ end
185
+ if headers["server"].kind_of? Array
186
+ @state[:service_info] = headers["server"].first
187
+ end
188
+ return unless @state[:response_body]
189
+ web_page_info = {:workspace => @args[:wspace]}
190
+ web_page_info[:web_site] = @state[:web_site]
191
+ web_page_info[:code] = @state[:status]
192
+ web_page_info[:path] = @state[:uri].path
193
+ web_page_info[:headers] = headers
194
+ web_page_info[:body] = @state[:response_body]
195
+ web_page_info[:query] = @state[:uri].query
196
+ url = @state[:uri].to_s.gsub(/\?.*/,"")
197
+ db.emit(:web_page, url, &block) if block
198
+ db_report(:web_page, web_page_info)
199
+ end
200
+
201
+ def report_web_site(&block)
202
+ return unless @state[:uri].kind_of? URI::HTTP
203
+ vhost = @state[:uri].host
204
+ web_site_info = {:workspace => @args[:wspace]}
205
+ web_site_info[:vhost] = vhost
206
+ address = resolve_vhost_address(@state[:uri])
207
+ return unless address
208
+ web_site_info[:host] = address
209
+ web_site_info[:port] = @state[:uri].port
210
+ web_site_info[:ssl] = @state[:uri].kind_of? URI::HTTPS
211
+ web_site_obj = db_report(:web_site, web_site_info)
212
+ return unless web_site_obj
213
+ @state[:web_sites] ||= []
214
+ url = "#{@state[:uri].scheme}://#{@state[:uri].host}:#{@state[:uri].port}"
215
+ unless @state[:web_sites].include? web_site_obj
216
+ db.emit(:web_site, url, &block)
217
+ @state[:web_sites] << web_site_obj
218
+ end
219
+ @state[:web_site] = web_site_obj
220
+ end
221
+
222
+ def collect_response
223
+ return unless in_item
224
+ return unless has_text
225
+ response_text = @text.dup
226
+ response_header_text,response_body_text = response_text.split(/\r*\n\r*\n/n,2)
227
+ return unless response_header_text
228
+ response_header = Rex::Proto::Http::Packet::Header.new
229
+ response_header.from_s response_header_text
230
+ @state[:response_headers] = response_header
231
+ @state[:response_body] = response_body_text
232
+ end
233
+
234
+ def in_item
235
+ return false unless in_tag("item")
236
+ return false unless in_tag("items")
237
+ return true
238
+ end
239
+
240
+ def has_text
241
+ return false unless @text
242
+ return false if @text.strip.empty?
243
+ @text = @text.strip
244
+ end
245
+
246
+ def handle_parse_warnings(&block)
247
+ return if @parse_warnings.empty?
248
+ return unless block
249
+ @parse_warnings.each_with_index do |pwarn,i|
250
+ unless @parse_warned.include? i
251
+ db.emit(:warning, pwarn, &block)
252
+ @parse_warned << i
253
+ end
254
+ end
255
+ end
256
+
257
+ def resolve_address(host)
258
+ return @resolv_cache[host] if @resolv_cache[host]
259
+ return false if @missed_cache.include? host
260
+ address = Rex::Socket.resolv_to_dotted(host) rescue nil
261
+ @resolv_cache[host] = address
262
+ if address
263
+ block = @block
264
+ db.emit(:address, address, &block) if block
265
+ else
266
+ @missed_cache << host
267
+ end
268
+ return address
269
+ end
270
+
271
+ # Alias this
272
+ def resolve_vhost_address(uri)
273
+ if uri.host
274
+ address = resolve_address(uri.host)
275
+ case address
276
+ when false
277
+ return false
278
+ when nil
279
+ @parse_warnings << "Could not resolve address for '#{uri.host}', skipping."
280
+ end
281
+ else
282
+ @parse_warnings << "Could not determine a host for this import."
283
+ end
284
+ address
285
+ end
286
+
287
+ end
288
+
289
+ end
290
+ end
291
+
@@ -0,0 +1,193 @@
1
+ # -*- coding: binary -*-
2
+ require "rex/parser/nokogiri_doc_mixin"
3
+
4
+ require 'msf/core'
5
+
6
+ module Rex
7
+ module Parser
8
+
9
+ # If Nokogiri is available, define the document class.
10
+ load_nokogiri && class CIDocument < Nokogiri::XML::SAX::Document
11
+
12
+ include NokogiriDocMixin
13
+
14
+ attr_reader :text
15
+
16
+ def initialize(*args)
17
+ super(*args)
18
+ @state[:has_text] = true
19
+ end
20
+
21
+ # Triggered every time a new element is encountered. We keep state
22
+ # ourselves with the @state variable, turning things on when we
23
+ # get here (and turning things off when we exit in end_element()).
24
+ def start_element(name=nil,attrs=[])
25
+ attrs = normalize_attrs(attrs)
26
+ block = @block
27
+
28
+ r = { :e => name }
29
+ attrs.each { |pair| r[pair[0]] = pair[1] }
30
+
31
+ if @state[:path]
32
+ @state[:path].push r
33
+ end
34
+
35
+ case name
36
+ when "entity"
37
+ @state[:path] = [ r ]
38
+ record_device(r)
39
+ when "property"
40
+ return if not @state[:address]
41
+ return if not @state[:props]
42
+ @state[:props] << [ r["type"], r["key"]]
43
+ end
44
+ end
45
+
46
+ # When we exit a tag, this is triggered.
47
+ def end_element(name=nil)
48
+ block = @block
49
+ case name
50
+ when "entity" # Wrap it up
51
+ if @state[:address]
52
+ host_object = report_host &block
53
+ report_services(host_object)
54
+ report_vulns(host_object)
55
+ end
56
+ # Reset the state once we close a host
57
+ @report_data = {:wspace => @args[:wspace]}
58
+ @state[:root] = {}
59
+ when "property"
60
+ if @state[:props]
61
+ @text.strip! if @text
62
+ process_property
63
+ @state[:props].pop
64
+ end
65
+ end
66
+ @state[:path].pop
67
+ @text = nil
68
+ end
69
+
70
+ def record_device(info)
71
+ if info["class"] and info["class"] == "host" and info["name"]
72
+ address = info["name"].to_s.gsub(/^.*\//, '')
73
+ return if address !~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/
74
+ @state[:address] = address
75
+ @state[:props] = []
76
+ end
77
+ end
78
+
79
+ def process_property
80
+ return if not @state[:props]
81
+ return if not @state[:props].length > 0
82
+ @state[:root] ||= {}
83
+ @cobj = @state[:root]
84
+ property_parser(0)
85
+ end
86
+
87
+ def property_parser(idx)
88
+ return if not @state[:props][idx]
89
+ case @state[:props][idx][0]
90
+ when "container", "ports", "entity", "properties"
91
+ @cobj[ @state[:props][idx][1] ] ||= {}
92
+ @cobj = @cobj[ @state[:props][idx][1] ]
93
+ else
94
+ @cobj[ state[:props][idx][1] ] = @text
95
+ end
96
+ property_parser(idx + 1)
97
+ end
98
+
99
+ def report_host(&block)
100
+ @report_data = {
101
+ :ports => [:ignore],
102
+ :state => Msf::HostState::Alive,
103
+ :host => @state[:address]
104
+ }
105
+
106
+ if @state[:root]["dns names"] and @state[:root]["dns names"].keys.length > 0
107
+ @report_data[:name] = @state[:root]["dns names"].keys.first
108
+ end
109
+
110
+ if host_is_okay
111
+ @report_data.delete(:ports)
112
+
113
+ db.emit(:address, @report_data[:host],&block) if block
114
+ host_object = db_report(:host, @report_data.merge(
115
+ :workspace => @args[:wspace] ) )
116
+ if host_object
117
+ db.report_import_note(host_object.workspace, host_object)
118
+ end
119
+ host_object
120
+ end
121
+ end
122
+
123
+ def report_services(host_object)
124
+ return unless host_object.kind_of? ::Mdm::Host
125
+
126
+ snames = {}
127
+ ( @state[:root]["services"] || {} ).each_pair do |sname, sinfo|
128
+ sinfo.each_pair do |pinfo,pdata|
129
+ snames[pinfo] = sname.dup
130
+ end
131
+ end
132
+
133
+ reported = []
134
+ if @state[:root]["tcp_ports"]
135
+ @state[:root]["tcp_ports"].each_pair do |pn, ps|
136
+ ps = "open" if ps == "listen"
137
+ svc = { :port => pn.to_i, :state => ps, :proto => 'tcp'}
138
+ if @state[:root]["Banners"] and @state[:root]["Banners"][pn.to_s]
139
+ svc[:info] = @state[:root]["Banners"][pn.to_s]
140
+ end
141
+ svc[:name] = snames["#{pn}-tcp"] if snames["#{pn}-tcp"]
142
+ reported << db_report(:service, svc.merge(:host => host_object))
143
+ end
144
+ end
145
+
146
+ if @state[:root]["udp_ports"]
147
+ @state[:root]["udp_ports"].each_pair do |pn, ps|
148
+ ps = "open" if ps == "listen"
149
+ svc = { :port => pn.to_i, :state => ps, :proto => 'udp'}
150
+ svc[:name] = snames["#{pn}-udp"] if snames["#{pn}-tcp"]
151
+ reported << db_report(:service, svc.merge(:host => host_object))
152
+ end
153
+ end
154
+
155
+ ( @state[:root]["services"] || {} ).each_pair do |sname, sinfo|
156
+ sinfo.each_pair do |pinfo,pdata|
157
+ sport,sproto = pinfo.split("-")
158
+ db_report(:note, {
159
+ :host => host_object,
160
+ :port => sport.to_i,
161
+ :proto => sproto,
162
+ :ntype => "ci.#{sname}.fingerprint",
163
+ :data => pdata
164
+ })
165
+ end
166
+ end
167
+
168
+ reported
169
+ end
170
+
171
+ def report_vulns(host_object)
172
+ vuln_count = 0
173
+ block = @block
174
+ return unless host_object.kind_of? ::Mdm::Host
175
+ return unless @state[:root]["Vulnerabilities"]
176
+ @state[:root]["Vulnerabilities"].each_pair do |cve, vinfo|
177
+ vinfo.each_pair do |vname, vdesc|
178
+ data = {
179
+ :workspace => host_object.workspace,
180
+ :host => host_object,
181
+ :name => vname,
182
+ :info => vdesc,
183
+ :refs => [ cve ]
184
+ }
185
+ db_report(:vuln, data)
186
+ end
187
+ end
188
+ end
189
+
190
+ end
191
+ end
192
+ end
193
+