RubyGems - dstruct - Versions diffs - 0.0.1 - Mend

dstruct 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (491) hide show

checksums.yaml +15 -0
data/README.markdown +23 -0
data/examples/smb_example.rb +35 -0
data/lib/rex.rb +108 -0
data/lib/rex/LICENSE +29 -0
data/lib/rex/arch.rb +104 -0
data/lib/rex/arch/sparc.rb +75 -0
data/lib/rex/arch/x86.rb +524 -0
data/lib/rex/assembly/nasm.rb +104 -0
data/lib/rex/codepage.map +104 -0
data/lib/rex/compat.rb +389 -0
data/lib/rex/constants.rb +124 -0
data/lib/rex/elfparsey.rb +9 -0
data/lib/rex/elfparsey/elf.rb +121 -0
data/lib/rex/elfparsey/elfbase.rb +256 -0
data/lib/rex/elfparsey/exceptions.rb +25 -0
data/lib/rex/elfscan.rb +10 -0
data/lib/rex/elfscan/scanner.rb +226 -0
data/lib/rex/elfscan/search.rb +44 -0
data/lib/rex/encoder/alpha2.rb +31 -0
data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
data/lib/rex/encoder/alpha2/generic.rb +90 -0
data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
data/lib/rex/encoder/ndr.rb +90 -0
data/lib/rex/encoder/nonalpha.rb +61 -0
data/lib/rex/encoder/nonupper.rb +64 -0
data/lib/rex/encoder/xdr.rb +107 -0
data/lib/rex/encoder/xor.rb +69 -0
data/lib/rex/encoder/xor/dword.rb +13 -0
data/lib/rex/encoder/xor/dword_additive.rb +13 -0
data/lib/rex/encoders/xor_dword.rb +35 -0
data/lib/rex/encoders/xor_dword_additive.rb +53 -0
data/lib/rex/encoding/xor.rb +20 -0
data/lib/rex/encoding/xor/byte.rb +15 -0
data/lib/rex/encoding/xor/dword.rb +21 -0
data/lib/rex/encoding/xor/dword_additive.rb +92 -0
data/lib/rex/encoding/xor/exceptions.rb +17 -0
data/lib/rex/encoding/xor/generic.rb +146 -0
data/lib/rex/encoding/xor/qword.rb +15 -0
data/lib/rex/encoding/xor/word.rb +21 -0
data/lib/rex/exceptions.rb +275 -0
data/lib/rex/exploitation/cmdstager.rb +10 -0
data/lib/rex/exploitation/cmdstager/base.rb +190 -0
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
data/lib/rex/exploitation/egghunter.rb +425 -0
data/lib/rex/exploitation/encryptjs.rb +78 -0
data/lib/rex/exploitation/heaplib.js.b64 +331 -0
data/lib/rex/exploitation/heaplib.rb +107 -0
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +513 -0
data/lib/rex/exploitation/obfuscatejs.rb +336 -0
data/lib/rex/exploitation/omelet.rb +321 -0
data/lib/rex/exploitation/opcodedb.rb +819 -0
data/lib/rex/exploitation/powershell.rb +62 -0
data/lib/rex/exploitation/powershell/function.rb +63 -0
data/lib/rex/exploitation/powershell/obfu.rb +98 -0
data/lib/rex/exploitation/powershell/output.rb +151 -0
data/lib/rex/exploitation/powershell/param.rb +23 -0
data/lib/rex/exploitation/powershell/parser.rb +183 -0
data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
data/lib/rex/exploitation/powershell/script.rb +99 -0
data/lib/rex/exploitation/ropdb.rb +190 -0
data/lib/rex/exploitation/seh.rb +93 -0
data/lib/rex/file.rb +160 -0
data/lib/rex/image_source.rb +10 -0
data/lib/rex/image_source/disk.rb +58 -0
data/lib/rex/image_source/image_source.rb +44 -0
data/lib/rex/image_source/memory.rb +35 -0
data/lib/rex/io/bidirectional_pipe.rb +161 -0
data/lib/rex/io/datagram_abstraction.rb +35 -0
data/lib/rex/io/ring_buffer.rb +369 -0
data/lib/rex/io/stream.rb +312 -0
data/lib/rex/io/stream_abstraction.rb +209 -0
data/lib/rex/io/stream_server.rb +221 -0
data/lib/rex/job_container.rb +200 -0
data/lib/rex/logging.rb +4 -0
data/lib/rex/logging/log_dispatcher.rb +180 -0
data/lib/rex/logging/log_sink.rb +43 -0
data/lib/rex/logging/sinks/flatfile.rb +56 -0
data/lib/rex/logging/sinks/stderr.rb +44 -0
data/lib/rex/mac_oui.rb +16581 -0
data/lib/rex/machparsey.rb +9 -0
data/lib/rex/machparsey/exceptions.rb +34 -0
data/lib/rex/machparsey/mach.rb +209 -0
data/lib/rex/machparsey/machbase.rb +408 -0
data/lib/rex/machscan.rb +9 -0
data/lib/rex/machscan/scanner.rb +217 -0
data/lib/rex/mime.rb +10 -0
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +78 -0
data/lib/rex/mime/message.rb +150 -0
data/lib/rex/mime/part.rb +50 -0
data/lib/rex/nop/opty2.rb +109 -0
data/lib/rex/nop/opty2_tables.rb +301 -0
data/lib/rex/ole.rb +202 -0
data/lib/rex/ole/clsid.rb +44 -0
data/lib/rex/ole/difat.rb +138 -0
data/lib/rex/ole/directory.rb +228 -0
data/lib/rex/ole/direntry.rb +237 -0
data/lib/rex/ole/docs/dependencies.txt +8 -0
data/lib/rex/ole/docs/references.txt +1 -0
data/lib/rex/ole/fat.rb +96 -0
data/lib/rex/ole/header.rb +201 -0
data/lib/rex/ole/minifat.rb +74 -0
data/lib/rex/ole/propset.rb +141 -0
data/lib/rex/ole/samples/create_ole.rb +27 -0
data/lib/rex/ole/samples/dir.rb +35 -0
data/lib/rex/ole/samples/dump_stream.rb +34 -0
data/lib/rex/ole/samples/ole_info.rb +23 -0
data/lib/rex/ole/storage.rb +392 -0
data/lib/rex/ole/stream.rb +50 -0
data/lib/rex/ole/substorage.rb +46 -0
data/lib/rex/ole/util.rb +154 -0
data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
data/lib/rex/parser/appscan_nokogiri.rb +367 -0
data/lib/rex/parser/arguments.rb +108 -0
data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
data/lib/rex/parser/ci_nokogiri.rb +193 -0
data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
data/lib/rex/parser/group_policy_preferences.rb +185 -0
data/lib/rex/parser/ini.rb +186 -0
data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
data/lib/rex/parser/ip360_xml.rb +98 -0
data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
data/lib/rex/parser/nessus_xml.rb +121 -0
data/lib/rex/parser/netsparker_xml.rb +109 -0
data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
data/lib/rex/parser/nexpose_xml.rb +172 -0
data/lib/rex/parser/nmap_nokogiri.rb +394 -0
data/lib/rex/parser/nmap_xml.rb +166 -0
data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
data/lib/rex/parser/openvas_nokogiri.rb +172 -0
data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
data/lib/rex/parser/retina_xml.rb +110 -0
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
data/lib/rex/payloads.rb +2 -0
data/lib/rex/payloads/win32.rb +3 -0
data/lib/rex/payloads/win32/common.rb +27 -0
data/lib/rex/payloads/win32/kernel.rb +54 -0
data/lib/rex/payloads/win32/kernel/common.rb +55 -0
data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
data/lib/rex/peparsey.rb +10 -0
data/lib/rex/peparsey/exceptions.rb +30 -0
data/lib/rex/peparsey/pe.rb +210 -0
data/lib/rex/peparsey/pe_memdump.rb +61 -0
data/lib/rex/peparsey/pebase.rb +1662 -0
data/lib/rex/peparsey/section.rb +128 -0
data/lib/rex/pescan.rb +11 -0
data/lib/rex/pescan/analyze.rb +366 -0
data/lib/rex/pescan/scanner.rb +230 -0
data/lib/rex/pescan/search.rb +68 -0
data/lib/rex/platforms.rb +2 -0
data/lib/rex/platforms/windows.rb +52 -0
data/lib/rex/poly.rb +134 -0
data/lib/rex/poly/block.rb +480 -0
data/lib/rex/poly/machine.rb +13 -0
data/lib/rex/poly/machine/machine.rb +830 -0
data/lib/rex/poly/machine/x86.rb +509 -0
data/lib/rex/poly/register.rb +101 -0
data/lib/rex/poly/register/x86.rb +41 -0
data/lib/rex/post.rb +7 -0
data/lib/rex/post/dir.rb +51 -0
data/lib/rex/post/file.rb +172 -0
data/lib/rex/post/file_stat.rb +220 -0
data/lib/rex/post/gen.pl +13 -0
data/lib/rex/post/io.rb +182 -0
data/lib/rex/post/meterpreter.rb +5 -0
data/lib/rex/post/meterpreter/channel.rb +446 -0
data/lib/rex/post/meterpreter/channel_container.rb +54 -0
data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
data/lib/rex/post/meterpreter/client.rb +483 -0
data/lib/rex/post/meterpreter/client_core.rb +352 -0
data/lib/rex/post/meterpreter/dependencies.rb +3 -0
data/lib/rex/post/meterpreter/extension.rb +32 -0
data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
data/lib/rex/post/meterpreter/packet.rb +709 -0
data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
data/lib/rex/post/meterpreter/ui/console.rb +142 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
data/lib/rex/post/permission.rb +26 -0
data/lib/rex/post/process.rb +57 -0
data/lib/rex/post/thread.rb +57 -0
data/lib/rex/post/ui.rb +52 -0
data/lib/rex/proto.rb +15 -0
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc.rb +7 -0
data/lib/rex/proto/dcerpc/client.rb +362 -0
data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
data/lib/rex/proto/dcerpc/handle.rb +48 -0
data/lib/rex/proto/dcerpc/ndr.rb +73 -0
data/lib/rex/proto/dcerpc/packet.rb +264 -0
data/lib/rex/proto/dcerpc/response.rb +188 -0
data/lib/rex/proto/dcerpc/uuid.rb +85 -0
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +7 -0
data/lib/rex/proto/dhcp/constants.rb +34 -0
data/lib/rex/proto/dhcp/server.rb +334 -0
data/lib/rex/proto/drda.rb +6 -0
data/lib/rex/proto/drda/constants.rb +50 -0
data/lib/rex/proto/drda/packet.rb +253 -0
data/lib/rex/proto/drda/utils.rb +124 -0
data/lib/rex/proto/http.rb +7 -0
data/lib/rex/proto/http/client.rb +722 -0
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +47 -0
data/lib/rex/proto/http/handler/erb.rb +129 -0
data/lib/rex/proto/http/handler/proc.rb +61 -0
data/lib/rex/proto/http/header.rb +173 -0
data/lib/rex/proto/http/packet.rb +414 -0
data/lib/rex/proto/http/request.rb +354 -0
data/lib/rex/proto/http/response.rb +151 -0
data/lib/rex/proto/http/server.rb +385 -0
data/lib/rex/proto/iax2.rb +2 -0
data/lib/rex/proto/iax2/call.rb +326 -0
data/lib/rex/proto/iax2/client.rb +218 -0
data/lib/rex/proto/iax2/codecs.rb +5 -0
data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
data/lib/rex/proto/iax2/constants.rb +262 -0
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
data/lib/rex/proto/ipmi/rakp2.rb +36 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +7 -0
data/lib/rex/proto/natpmp/constants.rb +19 -0
data/lib/rex/proto/natpmp/packet.rb +45 -0
data/lib/rex/proto/ntlm.rb +8 -0
data/lib/rex/proto/ntlm/base.rb +327 -0
data/lib/rex/proto/ntlm/constants.rb +75 -0
data/lib/rex/proto/ntlm/crypt.rb +412 -0
data/lib/rex/proto/ntlm/exceptions.rb +17 -0
data/lib/rex/proto/ntlm/message.rb +534 -0
data/lib/rex/proto/ntlm/utils.rb +765 -0
data/lib/rex/proto/ntp.rb +3 -0
data/lib/rex/proto/ntp/constants.rb +12 -0
data/lib/rex/proto/ntp/modes.rb +130 -0
data/lib/rex/proto/pjl.rb +31 -0
data/lib/rex/proto/pjl/client.rb +163 -0
data/lib/rex/proto/proxy/socks4a.rb +441 -0
data/lib/rex/proto/rfb.rb +13 -0
data/lib/rex/proto/rfb/cipher.rb +82 -0
data/lib/rex/proto/rfb/client.rb +205 -0
data/lib/rex/proto/rfb/constants.rb +50 -0
data/lib/rex/proto/sip.rb +4 -0
data/lib/rex/proto/sip/response.rb +61 -0
data/lib/rex/proto/smb.rb +8 -0
data/lib/rex/proto/smb/client.rb +2064 -0
data/lib/rex/proto/smb/constants.rb +1064 -0
data/lib/rex/proto/smb/crypt.rb +37 -0
data/lib/rex/proto/smb/evasions.rb +67 -0
data/lib/rex/proto/smb/exceptions.rb +867 -0
data/lib/rex/proto/smb/simpleclient.rb +173 -0
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +104 -0
data/lib/rex/proto/sunrpc.rb +2 -0
data/lib/rex/proto/sunrpc/client.rb +196 -0
data/lib/rex/proto/tftp.rb +13 -0
data/lib/rex/proto/tftp/client.rb +344 -0
data/lib/rex/proto/tftp/constants.rb +39 -0
data/lib/rex/proto/tftp/server.rb +497 -0
data/lib/rex/random_identifier_generator.rb +177 -0
data/lib/rex/registry.rb +14 -0
data/lib/rex/registry/hive.rb +132 -0
data/lib/rex/registry/lfkey.rb +51 -0
data/lib/rex/registry/nodekey.rb +54 -0
data/lib/rex/registry/regf.rb +25 -0
data/lib/rex/registry/valuekey.rb +67 -0
data/lib/rex/registry/valuelist.rb +29 -0
data/lib/rex/ropbuilder.rb +8 -0
data/lib/rex/ropbuilder/rop.rb +271 -0
data/lib/rex/script.rb +42 -0
data/lib/rex/script/base.rb +61 -0
data/lib/rex/script/meterpreter.rb +16 -0
data/lib/rex/script/shell.rb +10 -0
data/lib/rex/service.rb +49 -0
data/lib/rex/service_manager.rb +154 -0
data/lib/rex/services/local_relay.rb +424 -0
data/lib/rex/socket.rb +788 -0
data/lib/rex/socket/comm.rb +120 -0
data/lib/rex/socket/comm/local.rb +526 -0
data/lib/rex/socket/ip.rb +132 -0
data/lib/rex/socket/parameters.rb +363 -0
data/lib/rex/socket/range_walker.rb +470 -0
data/lib/rex/socket/ssl_tcp.rb +345 -0
data/lib/rex/socket/ssl_tcp_server.rb +188 -0
data/lib/rex/socket/subnet_walker.rb +76 -0
data/lib/rex/socket/switch_board.rb +289 -0
data/lib/rex/socket/tcp.rb +79 -0
data/lib/rex/socket/tcp_server.rb +67 -0
data/lib/rex/socket/udp.rb +165 -0
data/lib/rex/sslscan/result.rb +201 -0
data/lib/rex/sslscan/scanner.rb +206 -0
data/lib/rex/struct2.rb +5 -0
data/lib/rex/struct2/c_struct.rb +181 -0
data/lib/rex/struct2/c_struct_template.rb +39 -0
data/lib/rex/struct2/constant.rb +26 -0
data/lib/rex/struct2/element.rb +44 -0
data/lib/rex/struct2/generic.rb +73 -0
data/lib/rex/struct2/restraint.rb +54 -0
data/lib/rex/struct2/s_string.rb +72 -0
data/lib/rex/struct2/s_struct.rb +111 -0
data/lib/rex/sync.rb +6 -0
data/lib/rex/sync/event.rb +85 -0
data/lib/rex/sync/read_write_lock.rb +177 -0
data/lib/rex/sync/ref.rb +58 -0
data/lib/rex/sync/thread_safe.rb +83 -0
data/lib/rex/text.rb +1813 -0
data/lib/rex/thread_factory.rb +43 -0
data/lib/rex/time.rb +66 -0
data/lib/rex/transformer.rb +116 -0
data/lib/rex/ui.rb +22 -0
data/lib/rex/ui/interactive.rb +304 -0
data/lib/rex/ui/output.rb +85 -0
data/lib/rex/ui/output/none.rb +19 -0
data/lib/rex/ui/progress_tracker.rb +97 -0
data/lib/rex/ui/subscriber.rb +160 -0
data/lib/rex/ui/text/color.rb +98 -0
data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
data/lib/rex/ui/text/input.rb +119 -0
data/lib/rex/ui/text/input/buffer.rb +79 -0
data/lib/rex/ui/text/input/readline.rb +129 -0
data/lib/rex/ui/text/input/socket.rb +96 -0
data/lib/rex/ui/text/input/stdio.rb +46 -0
data/lib/rex/ui/text/irb_shell.rb +62 -0
data/lib/rex/ui/text/output.rb +86 -0
data/lib/rex/ui/text/output/buffer.rb +62 -0
data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
data/lib/rex/ui/text/output/file.rb +44 -0
data/lib/rex/ui/text/output/socket.rb +44 -0
data/lib/rex/ui/text/output/stdio.rb +53 -0
data/lib/rex/ui/text/output/tee.rb +56 -0
data/lib/rex/ui/text/progress_tracker.rb +57 -0
data/lib/rex/ui/text/shell.rb +403 -0
data/lib/rex/ui/text/table.rb +346 -0
data/lib/rex/zip.rb +96 -0
data/lib/rex/zip/archive.rb +130 -0
data/lib/rex/zip/blocks.rb +184 -0
data/lib/rex/zip/entry.rb +122 -0
data/lib/rex/zip/jar.rb +283 -0
data/lib/rex/zip/samples/comment.rb +32 -0
data/lib/rex/zip/samples/mkwar.rb +138 -0
data/lib/rex/zip/samples/mkzip.rb +19 -0
data/lib/rex/zip/samples/recursive.rb +58 -0
metadata +536 -0

data/lib/rex/parser/netsparker_xml.rb ADDED

@@ -0,0 +1,109 @@
+# -*- coding: binary -*-
+module Rex
+module Parser
+class NetSparkerXMLStreamParser
+  attr_accessor :on_found_vuln
+  def initialize(on_found_vuln = nil)
+    self.on_found_vuln = on_found_vuln if on_found_vuln
+    reset_state
+  end
+  def reset_state
+    @state = :generic_state
+    @vuln  = {'info' => []}
+    @attr  = {}
+  end
+  def tag_start(name, attributes)
+    @state = "in_#{name.downcase}".intern
+    @attr  = attributes
+    case name
+    when "vulnerability"
+      @vuln = { 'info' => [] }
+      @vuln['confirmed'] = attributes['confirmed']
+    end
+  end
+  def text(str)
+    case @state
+    when :in_url
+      @vuln['url'] ||= ""
+      @vuln['url']  += str
+    when :in_type
+      @vuln['type'] ||= ""
+      @vuln['type']  += str
+    when :in_severity
+      @vuln['severity'] ||= ""
+      @vuln['severity']  += str
+    when :in_vulnerableparametertype
+      @vuln["vparam_type"] ||= ""
+      @vuln["vparam_type"]  += str
+    when :in_vulnerableparameter
+      @vuln["vparam_name"] ||= ""
+      @vuln["vparam_name"]  += str
+    when :in_vulnerableparametervalue
+      @vuln["vparam_value"] ||= ""
+      @vuln["vparam_value"]  += str
+    when :in_rawrequest
+      @vuln["request"] ||= ""
+      @vuln["request"]  += str
+    when :in_rawresponse
+      @vuln["response"] ||= ""
+      @vuln["response"]  += str
+    when :in_info
+      # <info name="Identified Internal Path(s)">C:\AppServ\www\test-apps\dokeos\main\inc\banner.inc.php</info>
+      if not str.to_s.strip.empty?
+        @vuln['info'] << [@attr['name'] || "Information", str]
+      end
+    when :in_netsparker
+    when :in_target
+    when :in_scantime
+    when :generic_state
+    when :in_vulnerability
+    when :in_extrainformation
+    else
+      # $stderr.puts "unknown state: #{@state}"
+    end
+  end
+  def tag_end(name)
+    case name
+    when "vulnerability"
+      @vuln.keys.each do |k|
+        @vuln[k] = @vuln[k].strip if @vuln[k].kind_of?(::String)
+      end
+      on_found_vuln.call(@vuln) if on_found_vuln
+      reset_state
+    end
+  end
+  # We don't need these methods, but they're necessary to keep REXML happy
+  def xmldecl(version, encoding, standalone); end
+  def cdata(data)
+    puts "cdata for #{@state} (#{data.length})"
+    case @state
+    when :in_rawresponse
+      @vuln["response"] = data
+    when :in_rawrequest
+      @vuln["request"] = data
+    when :in_info
+      if not data.to_s.strip.empty?
+        @vuln['info'] << [@attr['name'] || "Information", data]
+      end
+    end
+  end
+  def comment(str); end
+  def instruction(name, instruction); end
+  def attlist; end
+end
+end
+end
+__END__

data/lib/rex/parser/nexpose_raw_nokogiri.rb ADDED

@@ -0,0 +1,686 @@
+# -*- coding: binary -*-
+require "rex/parser/nokogiri_doc_mixin"
+require "date"
+module Rex
+  module Parser
+    # If Nokogiri is available, define Template document class.
+    load_nokogiri && class NexposeRawDocument < Nokogiri::XML::SAX::Document
+    include NokogiriDocMixin
+    attr_reader :tests
+    NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score }
+    NEXPOSE_VULN_DETAIL_FIELDS = %W{
+      nx_scan_id
+      nx_vulnerable_since
+      nx_pci_compliance_status
+    }
+    # Triggered every time a new element is encountered. We keep state
+    # ourselves with the @state variable, turning things on when we
+    # get here (and turning things off when we exit in end_element()).
+    def start_element(name=nil,attrs=[])
+      attrs = normalize_attrs(attrs)
+      block = @block
+      @state[:current_tag][name] = true
+      case name
+      when "nodes" # There are two main sections, nodes and VulnerabilityDefinitions
+        @tests = {}
+      when "node"
+        record_host(attrs)
+      when "name"
+        @state[:has_text] = true
+      when "endpoint"
+        @state.delete(:cached_service_object)
+        record_service(attrs)
+      when "service"
+        record_service_info(attrs)
+      when "fingerprint"
+        record_service_fingerprint(attrs)
+      when "os"
+        record_os_fingerprint(attrs)
+      when "test" # All the vulns tested for
+        @state[:has_text] = true
+        record_host_test(attrs)
+        record_service_test(attrs)
+      when "vulnerability"
+        record_vuln(attrs)
+      when "reference"
+        @state[:has_text] = true
+        record_reference(attrs)
+      when "description"
+        @state[:has_text] = true
+        record_vuln_description(attrs)
+      when "solution"
+        @state[:has_text] = true
+        record_vuln_solution(attrs)
+      when "tag"
+        @state[:has_text] = true
+      when "tags"
+        @state[:tags] = []
+      #
+      # These are markup tags only present within description/solutions
+      #
+      when "ContainerBlockElement",  # Overall container, no formatting
+         "Paragraph",              # <Paragraph preformat="true">
+         "UnorderedList",          # List container (bulleted)
+         "ListItem",               # List item
+         "URLLink"                 # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
+        record_formatted_content(name, attrs)
+      end
+    end
+    # When we exit a tag, this is triggered.
+    def end_element(name=nil)
+      block = @block
+      case name
+      when "node" # Wrap it up
+        collect_host_data
+        host_object = report_host &block
+        report_services(host_object)
+        report_fingerprint(host_object)
+        # Reset the state once we close a host
+        @state.delete_if {|k| k.to_s !~ /^(current_tag|in_nodes)$/}
+        @report_data = {:wspace => @args[:wspace]}
+      when "name"
+        collect_hostname
+        @state[:has_text] = false
+        @text = nil
+      when "endpoint"
+        collect_service_data
+        @state.delete(:cached_service_object)
+      when "os"
+        collect_os_fingerprints
+      when "test"
+        report_test(&block)
+        @state[:has_text] = false
+        @text = nil
+      when "vulnerability"
+        collect_vuln_info
+        report_vuln(&block)
+        @state.delete_if {|k| k.to_s !~ /^(current_tag|in_vulndefs)$/}
+      when "reference"
+        @state[:has_text] = false
+        collect_reference
+        @text = nil
+      when "description"
+        @state[:has_text] = false
+        collect_vuln_description
+        @text = nil
+      when "solution"
+        @state[:has_text] = false
+        collect_vuln_solution
+        @text = nil
+      when "tag"
+        @state[:has_text] = false
+        collect_tag
+        @text = nil
+      when "tags"
+        @report_data[:vuln_tags] = @state[:tags]
+        @state.delete(:tags)
+        #
+        # These are markup tags only present within description/solutions
+        #
+      when "ContainerBlockElement",  # Overall container, no formatting
+         "Paragraph",              # <Paragraph preformat="true">
+         "UnorderedList",          # List container (bulleted)
+         "ListItem",               # List item
+         "URLLink"                 # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
+        collect_formatted_content(name)
+      end
+      @state[:current_tag].delete name
+    end
+    def collect_reference
+      return unless in_tag("references")
+      return unless in_tag("vulnerability")
+      return unless @state[:vuln]
+      @state[:ref][:value] = @text.to_s.strip
+      @report_data[:refs] ||= []
+      @report_data[:refs] << @state[:ref]
+      @state[:ref] = nil
+    end
+    def collect_vuln_description
+      return unless in_tag("description")
+      return unless in_tag("vulnerability")
+      return unless @state[:vuln]
+      @report_data[:vuln_description] = clean_formatted_text( @report_data[:vuln_description_stack].join.strip )
+    end
+    def collect_vuln_solution
+      return unless in_tag("solution")
+      return unless in_tag("vulnerability")
+      return unless @state[:vuln]
+      @report_data[:vuln_solution] = clean_formatted_text( @report_data[:vuln_solution_stack].join.strip )
+    end
+    def collect_tag
+      return unless in_tag("tag")
+      return unless in_tag("tags")
+      return unless in_tag("vulnerability")
+      return unless @state[:vuln]
+      @state[:tags] ||= []
+      @state[:tags] << @text.to_s.strip
+    end
+    def collect_vuln_info
+      return unless in_tag("VulnerabilityDefinitions")
+      return unless in_tag("vulnerability")
+      return unless @state[:vuln]
+      vuln = @state[:vuln]
+      vuln[:refs] = @report_data[:refs]
+      @report_data[:vuln] = vuln
+      @state[:vuln] = nil
+      @report_data[:refs] = nil
+    end
+    def report_vuln(&block)
+      return unless in_tag("VulnerabilityDefinitions")
+      return unless @report_data[:vuln]
+      return unless @report_data[:vuln][:matches].kind_of? Array
+      ::ActiveRecord::Base.connection_pool.with_connection {
+      refs = normalize_references(@report_data[:vuln][:refs])
+      refs << "NEXPOSE-#{report_data[:vuln]["id"]}"
+      vuln_instances = @report_data[:vuln][:matches].size
+      db.emit(:vuln, [refs.last,vuln_instances], &block) if block
+      vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] }
+      vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] }
+      refs = refs.uniq.map{|x| db.find_or_create_ref(:name => x) }
+      # Assign title and references to all vuln_ids
+      # Mass update fails due to the join table || ::Mdm::Vuln.where(:id => vuln_ids).update_all({ :name => @report_data[:vuln]["title"], :refs => refs } )
+      vuln_ids.each do |vid|
+        vuln = ::Mdm::Vuln.find(vid)
+        next unless vuln
+        vuln.name = @report_data[:vuln]["title"]
+        if refs.length > 0
+          vuln.refs += refs
+        end
+        if vuln.changed?
+          vuln.save!
+        end
+      end
+      # Mass update vulnerability details across the database based on conditions
+      vdet_info = { :title => @report_data[:vuln]["title"] }
+      vdet_info[:description]     = @report_data[:vuln_description]      unless @report_data[:vuln_description].to_s.empty?
+      vdet_info[:solution]        = @report_data[:vuln_solution]         unless @report_data[:vuln_solution].to_s.empty?
+      vdet_info[:nx_tags]         = @report_data[:vuln_tags].sort.uniq.join(", ") if ( @report_data[:vuln_tags].kind_of?(::Array) and @report_data[:vuln_tags].length > 0 )
+      vdet_info[:nx_severity]     = @report_data[:vuln]["severity"].to_f          if @report_data[:vuln]["severity"]
+      vdet_info[:nx_pci_severity] = @report_data[:vuln]["pciSeverity"].to_f       if @report_data[:vuln]["pciSeverity"]
+      vdet_info[:cvss_score]      = @report_data[:vuln]["cvssScore"].to_f         if @report_data[:vuln]["cvssScore"]
+      vdet_info[:cvss_vector]     = @report_data[:vuln]["cvssVector"]             if @report_data[:vuln]["cvssVector"]
+      %W{ published added modified }.each do |tf|
+        next if not @report_data[:vuln][tf]
+        ts = DateTime.parse(@report_data[:vuln][tf]) rescue nil
+        next if not ts
+        vdet_info[ "nx_#{tf}".to_sym ] = ts
+      end
+      ::Mdm::VulnDetail.where(:id => vdet_ids).update_all(vdet_info)
+      @report_data[:vuln] = nil
+      }
+    end
+    def record_reference(attrs)
+      return unless in_tag("VulnerabilityDefinitions")
+      return unless in_tag("vulnerability")
+      @state[:ref] = attr_hash(attrs)
+    end
+    def record_vuln(attrs)
+      return unless in_tag("VulnerabilityDefinitions")
+      vuln = attr_hash(attrs)
+      matching_tests = @tests[ vuln["id"].downcase ]
+      return unless matching_tests
+      return if matching_tests.empty?
+      @state[:vuln] = vuln
+      @state[:vuln][:matches] = matching_tests
+    end
+    def record_vuln_description(attrs)
+      @report_data[:vuln_description_stack] = []
+    end
+    def record_vuln_solution(attrs)
+      @report_data[:vuln_solution_stack] = []
+    end
+    def record_formatted_content(name, eattrs)
+      attrs  = attr_hash(eattrs)
+      stack  = nil
+      if in_tag("solution")
+        stack = @report_data[:vuln_solution_stack]
+      end
+      if in_tag("description")
+        stack = @report_data[:vuln_description_stack]
+      end
+      if in_tag("test")
+        stack = @report_data[:vuln_proof_stack]
+      end
+      return if not stack
+      @report_data[:formatted_indent] ||= 0
+      data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
+      @text = ""
+      case name
+      when 'ListItem'
+        @report_data[:formatted_indent] = 1
+        # data = "\n* " + data
+      when 'URLLink'
+        @report_data[:formatted_link] = attrs["LinkURL"]
+      else
+        if @report_data[:formatted_indent] > 1
+          data = (" " * (@report_data[:formatted_indent])) + data
+        end
+        if @report_data[:formatted_indent] == 1
+          @report_data[:formatted_indent] = 6
+        end
+      end
+      if data.length > 0
+        stack << data
+      end
+    end
+    def collect_formatted_content(name)
+      stack  = nil
+      prefix = ""
+      if in_tag("solution")
+        stack = @report_data[:vuln_solution_stack]
+      end
+      if in_tag("description")
+        stack = @report_data[:vuln_description_stack]
+      end
+      if in_tag("test")
+        stack = @report_data[:vuln_proof_stack]
+      end
+      return if not stack
+      data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
+      @text = ""
+      case name
+      when 'URLLink'
+        if @report_data[:formatted_link]
+          if data != @report_data[:formatted_link]
+            if data.empty?
+              data << (" " + @report_data[:formatted_link])
+            else
+              data = " " + data + " ( " + @report_data[:formatted_link] + " )"
+            end
+          end
+        end
+      when 'Paragraph'
+        data << "\n\n"
+      when 'ListItem'
+        @report_data[:formatted_indent] = 0
+        data << "\n"
+      end
+      if data.length > 0
+        stack << data
+      end
+    end
+    # XML Export 2.0 includes additional test keys:
+    # <test id="unix-unowned-files-or-dirs" status="vulnerable-exploited" scan-id="6381" vulnerable-since="20120322T124352665" pci-compliance-status="pass">
+    def report_test
+      return unless in_tag("nodes")
+      return unless in_tag("node")
+      return unless @state[:test]
+      vuln_info = {
+        :workspace => @args[:wspace],
+        # This name will be overwritten during the vuln definition
+        # parsing via mass-update.
+        :name => "NEXPOSE-" + @state[:test][:id].downcase,
+        :host => @state[:cached_host_object] || @state[:address]
+      }
+      if in_tag("endpoint") and @state[:test][:port]
+        # Verify this port actually has some relation to our tracked state
+        # since it may not due to greedy vulnerability matching
+        if @state[:cached_service_object] and @state[:cached_service_object].port.to_i == @state[:test][:port].to_i
+          vuln_info[:service] = @state[:cached_service_object]
+        else
+          vuln_info[:port]  = @state[:test][:port]
+          vuln_info[:proto] = @state[:test][:protocol] if @state[:test][:protocol]
+        end
+      end
+      # This hash feeds a vuln_details row for this vulnerability
+      vdet = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
+      # This hash defines the matching criteria to overwrite an existing entry
+      vkey = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
+      if @state[:nx_device_id]
+        vdet[:nx_device_id] = @state[:nx_device_id]
+        vkey[:nx_device_id] = @state[:nx_device_id]
+      end
+      if @state[:test][:key]
+        vdet[:nx_proof_key] = @state[:test][:key]
+        vkey[:nx_proof_key] = @state[:test][:key]
+      end
+      vdet[:nx_console_id]  = @nx_console_id if @nx_console_id
+      vdet[:nx_vuln_status] = @state[:test][:status] if @state[:test][:status]
+      vdet[:nx_scan_id] = @state[:test][:nx_scan_id] if @state[:test][:nx_scan_id]
+      vdet[:nx_pci_compliance_status] = @state[:test][:nx_pci_compliance_status] if @state[:test][:nx_pci_compliance_status]
+      if @state[:test][:nx_vulnerable_since]
+        ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil
+        vdet[:nx_vulnerable_since] = ts if ts
+      end
+      proof = clean_formatted_text(@report_data[:vuln_proof_stack].join.strip)
+      @report_data[:vuln_proof_stack] = []
+      vuln_info[:info] = proof
+      vdet[:proof]     = proof
+      # Configure the find key for vuln_details
+      vdet[:key] = vkey
+      # Pass this key to the vuln hash to find existing entries
+      # that may have been renamed (re-import nexpose vulns)
+      vuln_info[:details_match] = vkey
+      ::ActiveRecord::Base.connection_pool.with_connection {
+      # Report the vulnerability
+      vuln = db.report_vuln(vuln_info)
+      if vuln
+        # Report the vulnerability details
+        detail = db.report_vuln_details(vuln, vdet)
+        # Cache returned host and service objects if necessary
+        @state[:cached_host_object] ||= vuln.host
+        # The vuln.service may be found via greedy matching
+        if in_tag("endpoint") and vuln.service
+          @state[:cached_service_object] ||= vuln.service
+        end
+        # Record the ID of this vuln for a future mass update that
+        # brings in title, risk, description, solution, etc
+        @tests[ @state[:test][:id].downcase ] ||= []
+        @tests[ @state[:test][:id].downcase ] << [ vuln.id, detail.id ]
+      end
+      }
+      @state[:test] = nil
+    end
+    def record_os_fingerprint(attrs)
+      return unless in_tag("nodes")
+      return unless in_tag("fingerprints")
+      return unless in_tag("node")
+      return if in_tag("service")
+      @state[:os] = attr_hash(attrs)
+    end
+    # Just keep the highest scoring, which is usually the most vague. :(
+    def collect_os_fingerprints
+      @report_data[:os] ||= {}
+      return unless @state[:os]["certainty"].to_f > 0
+      return if @report_data[:os]["os_certainty"].to_f > @state[:os]["certainty"].to_f
+      @report_data[:os] = {} # Zero it out if we're replacing it.
+      @report_data[:os]["os_certainty"] = @state[:os]["certainty"]
+      @report_data[:os]["os_vendor"] = @state[:os]["vendor"]
+      @report_data[:os]["os_family"] = @state[:os]["family"]
+      @report_data[:os]["os_product"] = @state[:os]["product"]
+      @report_data[:os]["os_version"] = @state[:os]["version"]
+      @report_data[:os]["os_arch"] = @state[:os]["arch"]
+    end
+    # Just taking the first one.
+    def collect_hostname
+      if in_tag("node")
+        @state[:hostname] ||= @text.to_s.strip if @text
+        @text = nil
+      end
+    end
+    def record_service_fingerprint(attrs)
+      return unless in_tag("nodes")
+      return unless in_tag("node")
+      return unless in_tag("service")
+      return unless in_tag("fingerprint")
+      @state[:service_fingerprint] = attr_hash(attrs)
+    end
+    def record_service_info(attrs)
+      return unless in_tag("nodes")
+      return unless in_tag("node")
+      return unless in_tag("service")
+      @state[:service].merge! attr_hash(attrs)
+    end
+    def report_fingerprint(host_object)
+      return unless host_object.kind_of? ::Mdm::Host
+      return unless @report_data[:os].kind_of? Hash
+      note = {
+        :workspace => host_object.workspace,
+        :host => host_object,
+        :type => "host.os.nexpose_fingerprint",
+        :data => {
+          :family => @report_data[:os]["os_family"],
+          :certainty => @report_data[:os]["os_certainty"]
+        }
+      }
+      note[:data][:vendor] = @report_data[:os]["os_vendor"] if @report_data[:os]["os_vendor"]
+      note[:data][:product] = @report_data[:os]["os_product"] if @report_data[:os]["os_prduct"]
+      note[:data][:version] = @report_data[:os]["os_version"] if @report_data[:os]["os_version"]
+      note[:data][:arch] = @report_data[:os]["os_arch"] if @report_data[:os]["os_arch"]
+      db_report(:note, note)
+    end
+    def report_services(host_object)
+      return unless host_object.kind_of? ::Mdm::Host
+      return unless @report_data[:ports]
+      return if @report_data[:ports].empty?
+      reported = []
+      @report_data[:ports].each do |svc|
+        reported << db_report(:service, svc.merge(:host => host_object))
+      end
+      reported
+    end
+    def record_service(attrs)
+      return unless in_tag("nodes")
+      return unless in_tag("node")
+      return unless in_tag("endpoint")
+      @state[:service] = attr_hash(attrs)
+    end
+    def collect_service_data
+      return unless in_tag("node")
+      return unless in_tag("endpoint")
+      port_hash = {}
+      @report_data[:ports] ||= []
+      @state[:service].each do |k,v|
+        case k
+        when "protocol"
+          port_hash[:proto] = v
+        when "port"
+          port_hash[:port] = v
+        when "status"
+          port_hash[:status] = (v == "open" ? Msf::ServiceState::Open : Msf::ServiceState::Closed)
+        end
+      end
+      if @state[:service]
+        if state[:service]["name"] == "<unknown>"
+          sname = nil
+        else
+          sname = db.service_name_map(@state[:service]["name"])
+        end
+        port_hash[:name] = sname
+      end
+      if @state[:service_fingerprint]
+        info = []
+        info << @state[:service_fingerprint]["product"] if @state[:service_fingerprint]["product"]
+        info << @state[:service_fingerprint]["version"] if @state[:service_fingerprint]["version"]
+        port_hash[:info] = info.join(" ") if info[0]
+      end
+      @report_data[:ports] << port_hash.clone
+      @state.delete :service_fingerprint
+      @state.delete :service
+      @report_data[:ports]
+    end
+    def actually_vulnerable(test)
+      return false unless test.has_key? "status"
+      return false unless test.has_key? "id"
+      ['vulnerable-exploited', 'vulnerable-version', 'potential'].include? test["status"]
+    end
+    def record_host_test(attrs)
+      return unless in_tag("nodes")
+      return unless in_tag("node")
+      return if in_tag("service")
+      return unless in_tag("tests")
+      test = attr_hash(attrs)
+      return unless actually_vulnerable(test)
+      @state[:test] = {:id => test["id"].downcase}
+      @state[:test][:key] = test["key"] if test["key"]
+      @state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
+      @state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
+      @state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
+      @report_data[:vuln_proof_stack] = []
+    end
+    def record_service_test(attrs)
+      return unless in_tag("nodes")
+      return unless in_tag("node")
+      return unless in_tag("service")
+      return unless in_tag("tests")
+      test = attr_hash(attrs)
+      return unless actually_vulnerable(test)
+      @state[:test] = {
+        :id => test["id"].downcase,
+        :port => @state[:service]["port"],
+        :protocol => @state[:service]["protocol"],
+      }
+      @state[:test][:key] = test["key"] if test["key"]
+      @state[:test][:status] = test["status"] if test["status"]
+      @state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
+      @state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
+      @state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
+      @report_data[:vuln_proof_stack] = []
+    end
+    def record_host(attrs)
+      return unless in_tag("nodes")
+      host_attrs = attr_hash(attrs)
+      if host_attrs["status"] == "alive"
+        @state[:host_is_alive] = true
+        @state[:address] = host_attrs["address"]
+        @state[:mac] = host_attrs["hardware-address"] if host_attrs["hardware-address"]
+        NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+          fs = f.to_sym
+          fk = f.sub(/^nx_/, '').gsub('_', '-')
+          if host_attrs[fk]
+            @state[fs] = host_attrs[fk]
+          end
+        end
+      end
+    end
+    def collect_host_data
+      return unless in_tag("node")
+      @report_data[:host] = @state[:address]
+      @report_data[:state] = Msf::HostState::Alive
+      @report_data[:name] = @state[:hostname] if @state[:hostname]
+      if @state[:mac]
+        if @state[:mac] =~ /[0-9a-fA-f]{12}/
+          @report_data[:mac] = @state[:mac].scan(/.{2}/).join(":")
+        else
+          @report_data[:mac] = @state[:mac]
+        end
+      end
+      NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+        v = @state[f.to_sym]
+        @report_data[f.to_sym] = v if v
+      end
+    end
+    def report_host(&block)
+      if host_is_okay
+        db.emit(:address,@report_data[:host],&block) if block
+        device_id   = @report_data[:nx_device_id]
+        host_object = db_report(:host, @report_data.merge(:workspace => @args[:wspace] ) )
+        if host_object
+          db.report_import_note(host_object.workspace, host_object)
+          if device_id
+            detail = {
+              :key => { :src => 'nexpose' },
+              :src => 'nexpose',
+              :nx_device_id => device_id
+            }
+            detail[:nx_console_id] = @nx_console_id if @nx_console_id
+            NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+              v = @report_data.delete(f.to_sym)
+              detail[f.to_sym] = v if v
+            end
+            db.report_host_details(host_object, detail)
+          end
+        end
+        host_object
+      end
+    end
+    def clean_formatted_text(txt)
+      txt.split(/\n/).map{ |t|
+        t.sub(/^\s+$/, '').
+          sub(/^(\s{6,20})/, '      ')
+      }.join("\n").gsub(/\n{4,10}/, "\n\n\n")
+    end
+  end
+end
+end