RubyGems - librex - Versions diffs - 0.0.65 → 0.0.66 - Mend

librex 0.0.65 → 0.0.66

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (482) hide show

data/README.markdown +1 -1
data/lib/rex/arch.rb +1 -0
data/lib/rex/arch/sparc.rb +16 -15
data/lib/rex/arch/sparc.rb.ut.rb +2 -1
data/lib/rex/arch/x86.rb +1 -0
data/lib/rex/arch/x86.rb.ut.rb +2 -1
data/lib/rex/assembly/nasm.rb +1 -0
data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
data/lib/rex/compat.rb +13 -0
data/lib/rex/constants.rb +5 -4
data/lib/rex/elfparsey.rb +3 -2
data/lib/rex/elfparsey/elf.rb +2 -1
data/lib/rex/elfparsey/elfbase.rb +8 -7
data/lib/rex/elfparsey/exceptions.rb +3 -2
data/lib/rex/elfscan.rb +3 -2
data/lib/rex/elfscan/scanner.rb +2 -1
data/lib/rex/elfscan/search.rb +2 -1
data/lib/rex/encoder/alpha2.rb +2 -1
data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
data/lib/rex/encoder/alpha2/generic.rb +37 -60
data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
data/lib/rex/encoder/ndr.rb +1 -0
data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
data/lib/rex/encoder/nonalpha.rb +1 -0
data/lib/rex/encoder/nonupper.rb +1 -0
data/lib/rex/encoder/xdr.rb +9 -8
data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
data/lib/rex/encoder/xor.rb +1 -0
data/lib/rex/encoder/xor/dword.rb +2 -1
data/lib/rex/encoder/xor/dword_additive.rb +2 -1
data/lib/rex/encoders/xor_dword.rb +1 -0
data/lib/rex/encoders/xor_dword_additive.rb +2 -1
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
data/lib/rex/encoding/xor.rb +2 -1
data/lib/rex/encoding/xor.rb.ts.rb +2 -1
data/lib/rex/encoding/xor/byte.rb +2 -1
data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/dword.rb +2 -1
data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/dword_additive.rb +1 -0
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/exceptions.rb +1 -0
data/lib/rex/encoding/xor/generic.rb +1 -0
data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/qword.rb +2 -1
data/lib/rex/encoding/xor/word.rb +2 -1
data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
data/lib/rex/exceptions.rb +1 -0
data/lib/rex/exceptions.rb.ut.rb +2 -1
data/lib/rex/exploitation/cmdstager.rb +2 -1
data/lib/rex/exploitation/cmdstager/base.rb +1 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
data/lib/rex/exploitation/egghunter.rb +12 -11
data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
data/lib/rex/exploitation/encryptjs.rb +1 -0
data/lib/rex/exploitation/heaplib.rb +1 -0
data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
data/lib/rex/exploitation/jsobfu.rb +2 -1
data/lib/rex/exploitation/obfuscatejs.rb +1 -0
data/lib/rex/exploitation/omelet.rb +1 -0
data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
data/lib/rex/exploitation/opcodedb.rb +12 -11
data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
data/lib/rex/exploitation/seh.rb +3 -2
data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
data/lib/rex/file.rb +4 -3
data/lib/rex/file.rb.ut.rb +2 -1
data/lib/rex/image_source.rb +3 -2
data/lib/rex/image_source/disk.rb +3 -2
data/lib/rex/image_source/image_source.rb +3 -2
data/lib/rex/image_source/memory.rb +3 -2
data/lib/rex/io/bidirectional_pipe.rb +1 -0
data/lib/rex/io/datagram_abstraction.rb +2 -1
data/lib/rex/io/ring_buffer.rb +49 -44
data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
data/lib/rex/io/stream.rb +1 -0
data/lib/rex/io/stream_abstraction.rb +1 -0
data/lib/rex/io/stream_server.rb +1 -0
data/lib/rex/job_container.rb +1 -0
data/lib/rex/logging.rb +2 -1
data/lib/rex/logging/log_dispatcher.rb +5 -4
data/lib/rex/logging/log_sink.rb +2 -1
data/lib/rex/logging/sinks/flatfile.rb +4 -3
data/lib/rex/logging/sinks/stderr.rb +2 -1
data/lib/rex/machparsey.rb +2 -1
data/lib/rex/machparsey/exceptions.rb +2 -1
data/lib/rex/machparsey/mach.rb +20 -19
data/lib/rex/machparsey/machbase.rb +27 -26
data/lib/rex/machscan.rb +2 -1
data/lib/rex/machscan/scanner.rb +1 -0
data/lib/rex/mime.rb +2 -1
data/lib/rex/mime/header.rb +1 -0
data/lib/rex/mime/message.rb +4 -1
data/lib/rex/mime/part.rb +2 -1
data/lib/rex/nop/opty2.rb +2 -1
data/lib/rex/nop/opty2.rb.ut.rb +2 -1
data/lib/rex/nop/opty2_tables.rb +1 -0
data/lib/rex/ole.rb +3 -2
data/lib/rex/ole/clsid.rb +3 -2
data/lib/rex/ole/difat.rb +3 -2
data/lib/rex/ole/directory.rb +3 -2
data/lib/rex/ole/direntry.rb +3 -2
data/lib/rex/ole/fat.rb +3 -2
data/lib/rex/ole/header.rb +3 -2
data/lib/rex/ole/minifat.rb +3 -2
data/lib/rex/ole/propset.rb +4 -3
data/lib/rex/ole/samples/create_ole.rb +1 -0
data/lib/rex/ole/samples/dir.rb +1 -0
data/lib/rex/ole/samples/dump_stream.rb +1 -0
data/lib/rex/ole/samples/ole_info.rb +1 -0
data/lib/rex/ole/storage.rb +3 -2
data/lib/rex/ole/stream.rb +3 -2
data/lib/rex/ole/substorage.rb +3 -2
data/lib/rex/ole/util.rb +3 -2
data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
data/lib/rex/parser/appscan_nokogiri.rb +17 -16
data/lib/rex/parser/arguments.rb +2 -1
data/lib/rex/parser/arguments.rb.ut.rb +2 -1
data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
data/lib/rex/parser/ci_nokogiri.rb +4 -3
data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
data/lib/rex/parser/ini.rb +1 -0
data/lib/rex/parser/ini.rb.ut.rb +2 -1
data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
data/lib/rex/parser/ip360_xml.rb +4 -3
data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
data/lib/rex/parser/nessus_xml.rb +3 -2
data/lib/rex/parser/netsparker_xml.rb +10 -9
data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
data/lib/rex/parser/nexpose_xml.rb +1 -0
data/lib/rex/parser/nmap_nokogiri.rb +63 -33
data/lib/rex/parser/nmap_xml.rb +1 -0
data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
data/lib/rex/parser/openvas_nokogiri.rb +172 -0
data/lib/rex/parser/retina_xml.rb +1 -0
data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
data/lib/rex/payloads.rb +2 -1
data/lib/rex/payloads/win32.rb +2 -1
data/lib/rex/payloads/win32/common.rb +2 -1
data/lib/rex/payloads/win32/kernel.rb +2 -1
data/lib/rex/payloads/win32/kernel/common.rb +4 -3
data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
data/lib/rex/peparsey.rb +3 -2
data/lib/rex/peparsey/exceptions.rb +2 -1
data/lib/rex/peparsey/pe.rb +3 -2
data/lib/rex/peparsey/pe_memdump.rb +2 -1
data/lib/rex/peparsey/pebase.rb +2 -1
data/lib/rex/peparsey/section.rb +2 -1
data/lib/rex/pescan.rb +3 -2
data/lib/rex/pescan/analyze.rb +1 -0
data/lib/rex/pescan/scanner.rb +1 -0
data/lib/rex/pescan/search.rb +1 -0
data/lib/rex/platforms.rb +2 -1
data/lib/rex/platforms/windows.rb +2 -1
data/lib/rex/poly.rb +2 -1
data/lib/rex/poly/block.rb +16 -15
data/lib/rex/poly/register.rb +2 -1
data/lib/rex/poly/register/x86.rb +2 -1
data/lib/rex/post.rb +2 -2
data/lib/rex/post/dir.rb +2 -1
data/lib/rex/post/file.rb +1 -0
data/lib/rex/post/file_stat.rb +1 -0
data/lib/rex/post/io.rb +2 -1
data/lib/rex/post/meterpreter.rb +2 -1
data/lib/rex/post/meterpreter/channel.rb +1 -0
data/lib/rex/post/meterpreter/channel_container.rb +2 -1
data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
data/lib/rex/post/meterpreter/client.rb +23 -1
data/lib/rex/post/meterpreter/client_core.rb +10 -5
data/lib/rex/post/meterpreter/dependencies.rb +2 -1
data/lib/rex/post/meterpreter/extension.rb +2 -1
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
data/lib/rex/post/meterpreter/packet.rb +26 -6
data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
data/lib/rex/post/meterpreter/ui/console.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
data/lib/rex/post/permission.rb +2 -1
data/lib/rex/post/process.rb +2 -1
data/lib/rex/post/thread.rb +2 -1
data/lib/rex/post/ui.rb +2 -1
data/lib/rex/proto.rb +1 -0
data/lib/rex/proto.rb.ts.rb +2 -1
data/lib/rex/proto/dcerpc.rb +2 -1
data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
data/lib/rex/proto/dcerpc/client.rb +1 -0
data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
data/lib/rex/proto/dcerpc/handle.rb +1 -0
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
data/lib/rex/proto/dcerpc/ndr.rb +2 -1
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
data/lib/rex/proto/dcerpc/packet.rb +52 -45
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
data/lib/rex/proto/dcerpc/response.rb +1 -0
data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
data/lib/rex/proto/dcerpc/uuid.rb +13 -12
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
data/lib/rex/proto/dhcp.rb +2 -1
data/lib/rex/proto/dhcp/constants.rb +2 -1
data/lib/rex/proto/dhcp/server.rb +4 -3
data/lib/rex/proto/drda.rb +1 -0
data/lib/rex/proto/drda.rb.ts.rb +1 -0
data/lib/rex/proto/drda/constants.rb +1 -0
data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
data/lib/rex/proto/drda/packet.rb +11 -10
data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
data/lib/rex/proto/drda/utils.rb +4 -3
data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
data/lib/rex/proto/http.rb +2 -1
data/lib/rex/proto/http.rb.ts.rb +2 -1
data/lib/rex/proto/http/client.rb +29 -5
data/lib/rex/proto/http/client.rb.ut.rb +1 -0
data/lib/rex/proto/http/handler.rb +2 -1
data/lib/rex/proto/http/handler/erb.rb +5 -4
data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
data/lib/rex/proto/http/handler/proc.rb +1 -0
data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
data/lib/rex/proto/http/header.rb +3 -3
data/lib/rex/proto/http/header.rb.ut.rb +2 -1
data/lib/rex/proto/http/packet.rb +1 -0
data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
data/lib/rex/proto/http/request.rb +23 -22
data/lib/rex/proto/http/request.rb.ut.rb +2 -1
data/lib/rex/proto/http/response.rb +6 -5
data/lib/rex/proto/http/response.rb.ut.rb +7 -6
data/lib/rex/proto/http/server.rb +1 -0
data/lib/rex/proto/http/server.rb.ut.rb +6 -5
data/lib/rex/proto/iax2.rb +1 -0
data/lib/rex/proto/iax2/call.rb +48 -47
data/lib/rex/proto/iax2/client.rb +23 -22
data/lib/rex/proto/iax2/codecs.rb +1 -0
data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
data/lib/rex/proto/iax2/constants.rb +1 -0
data/lib/rex/proto/natpmp.rb +11 -0
data/lib/rex/proto/natpmp/constants.rb +19 -0
data/lib/rex/proto/natpmp/packet.rb +45 -0
data/lib/rex/proto/ntlm.rb +1 -0
data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
data/lib/rex/proto/ntlm/base.rb +38 -37
data/lib/rex/proto/ntlm/constants.rb +1 -0
data/lib/rex/proto/ntlm/crypt.rb +45 -44
data/lib/rex/proto/ntlm/exceptions.rb +1 -0
data/lib/rex/proto/ntlm/message.rb +30 -29
data/lib/rex/proto/ntlm/utils.rb +116 -115
data/lib/rex/proto/proxy/socks4a.rb +1 -0
data/lib/rex/proto/rfb.rb +1 -0
data/lib/rex/proto/rfb.rb.ut.rb +1 -0
data/lib/rex/proto/rfb/cipher.rb +1 -0
data/lib/rex/proto/rfb/client.rb +1 -0
data/lib/rex/proto/rfb/constants.rb +1 -0
data/lib/rex/proto/smb.rb +2 -1
data/lib/rex/proto/smb.rb.ts.rb +2 -1
data/lib/rex/proto/smb/client.rb +23 -22
data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
data/lib/rex/proto/smb/constants.rb +1 -0
data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
data/lib/rex/proto/smb/crypt.rb +3 -2
data/lib/rex/proto/smb/evasions.rb +1 -0
data/lib/rex/proto/smb/exceptions.rb +6 -5
data/lib/rex/proto/smb/simpleclient.rb +1 -0
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
data/lib/rex/proto/smb/utils.rb +1 -0
data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
data/lib/rex/proto/sunrpc.rb +1 -0
data/lib/rex/proto/sunrpc/client.rb +1 -0
data/lib/rex/proto/tftp.rb +3 -1
data/lib/rex/proto/tftp/client.rb +344 -0
data/lib/rex/proto/tftp/constants.rb +2 -1
data/lib/rex/proto/tftp/server.rb +2 -1
data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
data/lib/rex/registry.rb +14 -0
data/lib/rex/registry/hive.rb +132 -0
data/lib/rex/registry/lfkey.rb +51 -0
data/lib/rex/registry/nodekey.rb +54 -0
data/lib/rex/registry/regf.rb +25 -0
data/lib/rex/registry/valuekey.rb +67 -0
data/lib/rex/registry/valuelist.rb +29 -0
data/lib/rex/ropbuilder.rb +2 -1
data/lib/rex/ropbuilder/rop.rb +3 -2
data/lib/rex/script.rb +1 -0
data/lib/rex/script/base.rb +1 -0
data/lib/rex/script/meterpreter.rb +1 -0
data/lib/rex/script/shell.rb +1 -0
data/lib/rex/service.rb +2 -1
data/lib/rex/service_manager.rb +6 -5
data/lib/rex/service_manager.rb.ut.rb +2 -1
data/lib/rex/services/local_relay.rb +1 -0
data/lib/rex/socket.rb +72 -36
data/lib/rex/socket.rb.ut.rb +1 -0
data/lib/rex/socket/comm.rb +1 -0
data/lib/rex/socket/comm/local.rb +60 -13
data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
data/lib/rex/socket/ip.rb +1 -0
data/lib/rex/socket/parameters.rb +15 -14
data/lib/rex/socket/parameters.rb.ut.rb +2 -1
data/lib/rex/socket/range_walker.rb +71 -26
data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
data/lib/rex/socket/ssl_tcp.rb +1 -0
data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
data/lib/rex/socket/ssl_tcp_server.rb +1 -0
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
data/lib/rex/socket/subnet_walker.rb +1 -0
data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
data/lib/rex/socket/switch_board.rb +1 -0
data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
data/lib/rex/socket/tcp.rb +4 -3
data/lib/rex/socket/tcp.rb.ut.rb +2 -1
data/lib/rex/socket/tcp_server.rb +1 -0
data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
data/lib/rex/socket/udp.rb +2 -1
data/lib/rex/socket/udp.rb.ut.rb +2 -1
data/lib/rex/struct2.rb +2 -1
data/lib/rex/struct2/c_struct.rb +2 -1
data/lib/rex/struct2/c_struct_template.rb +2 -1
data/lib/rex/struct2/constant.rb +2 -1
data/lib/rex/struct2/element.rb +2 -1
data/lib/rex/struct2/generic.rb +1 -0
data/lib/rex/struct2/restraint.rb +2 -1
data/lib/rex/struct2/s_string.rb +1 -0
data/lib/rex/struct2/s_struct.rb +1 -0
data/lib/rex/sync.rb +2 -1
data/lib/rex/sync/event.rb +1 -0
data/lib/rex/sync/read_write_lock.rb +1 -0
data/lib/rex/sync/ref.rb +2 -1
data/lib/rex/sync/thread_safe.rb +2 -1
data/lib/rex/test.rb +2 -1
data/lib/rex/text.rb +136 -19
data/lib/rex/text.rb.ut.rb +1 -0
data/lib/rex/thread_factory.rb +5 -4
data/lib/rex/time.rb +2 -1
data/lib/rex/transformer.rb +1 -0
data/lib/rex/transformer.rb.ut.rb +2 -1
data/lib/rex/ui.rb +2 -1
data/lib/rex/ui/interactive.rb +10 -9
data/lib/rex/ui/output.rb +1 -0
data/lib/rex/ui/output/none.rb +2 -1
data/lib/rex/ui/progress_tracker.rb +2 -1
data/lib/rex/ui/subscriber.rb +9 -8
data/lib/rex/ui/text/color.rb +1 -0
data/lib/rex/ui/text/color.rb.ut.rb +1 -0
data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
data/lib/rex/ui/text/input.rb +1 -0
data/lib/rex/ui/text/input/buffer.rb +7 -6
data/lib/rex/ui/text/input/readline.rb +14 -13
data/lib/rex/ui/text/input/socket.rb +1 -0
data/lib/rex/ui/text/input/stdio.rb +2 -1
data/lib/rex/ui/text/irb_shell.rb +1 -0
data/lib/rex/ui/text/output.rb +1 -0
data/lib/rex/ui/text/output/buffer.rb +1 -0
data/lib/rex/ui/text/output/file.rb +1 -0
data/lib/rex/ui/text/output/socket.rb +1 -0
data/lib/rex/ui/text/output/stdio.rb +1 -0
data/lib/rex/ui/text/output/tee.rb +1 -0
data/lib/rex/ui/text/progress_tracker.rb +2 -1
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
data/lib/rex/ui/text/shell.rb +1 -0
data/lib/rex/ui/text/table.rb +20 -14
data/lib/rex/ui/text/table.rb.ut.rb +3 -2
data/lib/rex/zip.rb +1 -0
data/lib/rex/zip/archive.rb +2 -1
data/lib/rex/zip/blocks.rb +3 -2
data/lib/rex/zip/entry.rb +6 -7
data/lib/rex/zip/jar.rb +4 -3
data/lib/rex/zip/samples/comment.rb +1 -0
data/lib/rex/zip/samples/mkwar.rb +1 -0
data/lib/rex/zip/samples/mkzip.rb +1 -0
data/lib/rex/zip/samples/recursive.rb +1 -0
metadata +433 -435

data/lib/rex/parser/ip360_xml.rb CHANGED

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rexml/document'
 require 'rex/ui'
@@ -33,9 +34,9 @@ class IP360XMLStreamParser
 		when "macAddress"
 			@state = :is_mac
 		when "os"
-			@host['os'] = attributes['id']
+			@host['os'] = attributes['id']
 		when "vulnerability"
-			@x = Hash.new
+			@x = Hash.new
 			@x['vulnid'] = attributes['id']
 		when "port"
 			@state = :is_port
@@ -50,7 +51,7 @@ class IP360XMLStreamParser
 			@host['apps'].push @y
 		end
 	end
 	def text(str)
 		case @state
 		when :is_fqdn

data/lib/rex/parser/mbsa_nokogiri.rb CHANGED

@@ -1,9 +1,10 @@
-require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+# -*- coding: binary -*-
+require "rex/parser/nokogiri_doc_mixin"
 module Rex
 	module Parser
-		# If Nokogiri is available, define Template document class.
+		# If Nokogiri is available, define Template document class.
 		load_nokogiri && class MbsaDocument < Nokogiri::XML::SAX::Document
 		include NokogiriDocMixin
@@ -57,7 +58,7 @@ module Rex
 				@state.delete_if {|k| k != :current_tag}
 			when "Check"
 				collect_check_data
-			when "Advice"
+			when "Advice"
 				@state[:has_text] = false
 				collect_advice_data
 			when "Detail"
@@ -73,9 +74,9 @@ module Rex
 			end
 			@state[:current_tag].delete name
 		end
 		def report_fingerprint(host_object)
-			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:os_fingerprint]
 			fp_note = @report_data[:os_fingerprint].merge(
 				{
@@ -95,7 +96,7 @@ module Rex
 		end
 		def report_vulns(host_object, &block)
-			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:vulns]
 			return if @report_data[:vulns].empty?
 			@report_data[:vulns].each do |vuln|
@@ -163,7 +164,7 @@ module Rex
 			return if @text.strip.empty?
 			os_match = @text.match(/Computer is running (.*)/)
 			return unless os_match
-			os_info = os_match[1]
+			os_info = os_match[1]
 			os_vendor = os_info[/Microsoft/]
 			os_family = os_info[/Windows/]
 			os_version = os_info[/(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/]

data/lib/rex/parser/nessus_xml.rb CHANGED

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rexml/document'
 require 'rex/ui'
@@ -17,7 +18,7 @@ class NessusXMLStreamParser
 	def reset_state
 		@host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
 			'port' => {'port' => nil, 'svc_name'  => nil, 'proto' => nil, 'severity' => nil,
-			'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
+			'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
 			'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
 		@state = :generic_state
 	end
@@ -67,7 +68,7 @@ class NessusXMLStreamParser
 			@state = :msf
 		end
 	end
 	def text(str)
 		case @state
 		when :is_fqdn

data/lib/rex/parser/netsparker_xml.rb CHANGED

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Rex
 module Parser
@@ -8,7 +9,7 @@ class NetSparkerXMLStreamParser
 	def initialize(on_found_vuln = nil)
 		self.on_found_vuln = on_found_vuln if on_found_vuln
-		reset_state
+		reset_state
 	end
 	def reset_state
@@ -20,7 +21,7 @@ class NetSparkerXMLStreamParser
 	def tag_start(name, attributes)
 		@state = "in_#{name.downcase}".intern
 		@attr  = attributes
 		case name
 		when "vulnerability"
 			@vuln['confirmed'] = attributes['confirmed']
@@ -33,7 +34,7 @@ class NetSparkerXMLStreamParser
 			@vuln['url'] ||= ""
 			@vuln['url']  += str
 		when :in_type
-			@vuln['type'] ||= ""
+			@vuln['type'] ||= ""
 			@vuln['type']  += str
 		when :in_severity
 			@vuln['severity'] ||= ""
@@ -42,13 +43,13 @@ class NetSparkerXMLStreamParser
 			@vuln["vparam_type"] ||= ""
 			@vuln["vparam_type"]  += str
 		when :in_vulnerableparameter
-			@vuln["vparam_name"] ||= ""
-			@vuln["vparam_name"]  += str
+			@vuln["vparam_name"] ||= ""
+			@vuln["vparam_name"]  += str
 		when :in_vulnerableparametervalue
-			@vuln["vparam_value"] ||= ""
-			@vuln["vparam_value"]  += str
+			@vuln["vparam_value"] ||= ""
+			@vuln["vparam_value"]  += str
 		when :in_rawrequest
-			@vuln["request"] ||= ""
+			@vuln["request"] ||= ""
 			@vuln["request"]  += str
 		when :in_rawresponse
 			@vuln["response"] ||= ""
@@ -64,7 +65,7 @@ class NetSparkerXMLStreamParser
 		when :generic_state
 		when :in_vulnerability
 		when :in_extrainformation
-		else
+		else
 			# $stderr.puts "unknown state: #{@state}"
 		end
 	end

data/lib/rex/parser/nexpose_raw_nokogiri.rb CHANGED

@@ -1,15 +1,24 @@
-require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+# -*- coding: binary -*-
+require "rex/parser/nokogiri_doc_mixin"
+require "date"
 module Rex
 	module Parser
-		# If Nokogiri is available, define Template document class.
+		# If Nokogiri is available, define Template document class.
 		load_nokogiri && class NexposeRawDocument < Nokogiri::XML::SAX::Document
 		include NokogiriDocMixin
 		attr_reader :tests
+		NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score }
+		NEXPOSE_VULN_DETAIL_FIELDS = %W{
+			nx_scan_id
+			nx_vulnerable_since
+			nx_pci_compliance_status
+		}
 		# Triggered every time a new element is encountered. We keep state
 		# ourselves with the @state variable, turning things on when we
 		# get here (and turning things off when we exit in end_element()).
@@ -19,12 +28,13 @@ module Rex
 			@state[:current_tag][name] = true
 			case name
 			when "nodes" # There are two main sections, nodes and VulnerabilityDefinitions
-				@tests = []
+				@tests = {}
 			when "node"
 				record_host(attrs)
 			when "name"
 				@state[:has_text] = true
 			when "endpoint"
+				@state.delete(:cached_service_object)
 				record_service(attrs)
 			when "service"
 				record_service_info(attrs)
@@ -33,6 +43,7 @@ module Rex
 			when "os"
 				record_os_fingerprint(attrs)
 			when "test" # All the vulns tested for
+				@state[:has_text] = true
 				record_host_test(attrs)
 				record_service_test(attrs)
 			when "vulnerability"
@@ -40,6 +51,27 @@ module Rex
 			when "reference"
 				@state[:has_text] = true
 				record_reference(attrs)
+			when "description"
+				@state[:has_text] = true
+				record_vuln_description(attrs)
+			when "solution"
+				@state[:has_text] = true
+				record_vuln_solution(attrs)
+			when "tag"
+				@state[:has_text] = true
+			when "tags"
+				@state[:tags] = []
+			#
+			# These are markup tags only present within description/solutions
+			#
+			when "ContainerBlockElement",  # Overall container, no formatting
+				 "Paragraph",              # <Paragraph preformat="true">
+				 "UnorderedList",          # List container (bulleted)
+				 "ListItem",               # List item
+				 "URLLink"                 # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
+				record_formatted_content(name, attrs)
 			end
 		end
@@ -58,12 +90,16 @@ module Rex
 			when "name"
 				collect_hostname
 				@state[:has_text] = false
+				@text = nil
 			when "endpoint"
 				collect_service_data
+				@state.delete(:cached_service_object)
 			when "os"
 				collect_os_fingerprints
 			when "test"
-				save_test
+				report_test(&block)
+				@state[:has_text] = false
+				@text = nil
 			when "vulnerability"
 				collect_vuln_info
 				report_vuln(&block)
@@ -72,6 +108,31 @@ module Rex
 				@state[:has_text] = false
 				collect_reference
 				@text = nil
+			when "description"
+				@state[:has_text] = false
+				collect_vuln_description
+				@text = nil
+			when "solution"
+				@state[:has_text] = false
+				collect_vuln_solution
+				@text = nil
+			when "tag"
+				@state[:has_text] = false
+				collect_tag
+				@text = nil
+			when "tags"
+				@report_data[:vuln_tags] = @state[:tags]
+				@state.delete(:tags)
+				#
+				# These are markup tags only present within description/solutions
+				#
+			when "ContainerBlockElement",  # Overall container, no formatting
+				 "Paragraph",              # <Paragraph preformat="true">
+				 "UnorderedList",          # List container (bulleted)
+				 "ListItem",               # List item
+				 "URLLink"                 # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
+				collect_formatted_content(name)
 			end
 			@state[:current_tag].delete name
 		end
@@ -86,6 +147,29 @@ module Rex
 			@state[:ref] = nil
 		end
+		def collect_vuln_description
+			return unless in_tag("description")
+			return unless in_tag("vulnerability")
+			return unless @state[:vuln]
+			@report_data[:vuln_description] = clean_formatted_text( @report_data[:vuln_description_stack].join.strip )
+		end
+		def collect_vuln_solution
+			return unless in_tag("solution")
+			return unless in_tag("vulnerability")
+			return unless @state[:vuln]
+			@report_data[:vuln_solution] = clean_formatted_text( @report_data[:vuln_solution_stack].join.strip )
+		end
+		def collect_tag
+			return unless in_tag("tag")
+			return unless in_tag("tags")
+			return unless in_tag("vulnerability")
+			return unless @state[:vuln]
+			@state[:tags] ||= []
+			@state[:tags] << @text.to_s.strip
+		end
 		def collect_vuln_info
 			return unless in_tag("VulnerabilityDefinitions")
 			return unless in_tag("vulnerability")
@@ -101,49 +185,57 @@ module Rex
 			return unless in_tag("VulnerabilityDefinitions")
 			return unless @report_data[:vuln]
 			return unless @report_data[:vuln][:matches].kind_of? Array
+			::ActiveRecord::Base.connection_pool.with_connection {
 			refs = normalize_references(@report_data[:vuln][:refs])
 			refs << "NEXPOSE-#{report_data[:vuln]["id"]}"
 			vuln_instances = @report_data[:vuln][:matches].size
 			db.emit(:vuln, [refs.last,vuln_instances], &block) if block
-			data = {
-				:workspace => @args[:wspace],
-				:name => refs.last,
-				:info => @report_data[:vuln]["title"],
-				:refs => refs.uniq
-			}
-			hosts_keys = {}
-			@report_data[:vuln][:matches].each do |match|
-				host_data = data.dup
-				host_data[:host] = match[:host]
-				host_data[:port] = match[:port] if match[:port]
-				host_data[:proto] = match[:protocol] if match[:protocol]
-				db_report(:vuln, host_data)
-				if match[:key]
-					hosts_keys[host_data[:host]] ||= []
-					hosts_keys[host_data[:host]] << match[:key]
+			vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] }
+			vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] }
+			refs = refs.uniq.map{|x| db.find_or_create_ref(:name => x) }
+			# Assign title and references to all vuln_ids
+			# Mass update fails due to the join table || ::Mdm::Vuln.where(:id => vuln_ids).update_all({ :name => @report_data[:vuln]["title"], :refs => refs } )
+			vuln_ids.each do |vid|
+				vuln = ::Mdm::Vuln.find(vid)
+				next unless vuln
+				vuln.name = @report_data[:vuln]["title"]
+				if refs.length > 0
+					vuln.refs += refs
 				end
-			end
-			report_key_note(hosts_keys,data)
-			@report_data[:vuln] = nil
-		end
-		def report_key_note(hosts_keys,data)
-			return if hosts_keys.empty?
-			hosts_keys.each do |key_host,key_values|
-				key_note = {
-					:workspace => @args[:wspace],
-					:host => key_host,
-					:type => "host.vuln.nexpose_keys",
-					:data => {},
-					:update => :unique_data
-				}
-				key_values.each do |key_value|
-					key_note[:data][data[:name]] ||= []
-					next if key_note[:data][data[:name]].include? key_value
-					key_note[:data][data[:name]] << key_value
+				if vuln.changed?
+					vuln.save!
 				end
-				db_report(:note, key_note)
 			end
+			# Mass update vulnerability details across the database based on conditions
+			vdet_info = { :title => @report_data[:vuln]["title"] }
+			vdet_info[:description]     = @report_data[:vuln_description]      unless @report_data[:vuln_description].to_s.empty?
+			vdet_info[:solution]        = @report_data[:vuln_solution]         unless @report_data[:vuln_solution].to_s.empty?
+			vdet_info[:nx_tags]         = @report_data[:vuln_tags].sort.uniq.join(", ") if ( @report_data[:vuln_tags].kind_of?(::Array) and @report_data[:vuln_tags].length > 0 )
+			vdet_info[:nx_severity]     = @report_data[:vuln]["severity"].to_f          if @report_data[:vuln]["severity"]
+			vdet_info[:nx_pci_severity] = @report_data[:vuln]["pciSeverity"].to_f       if @report_data[:vuln]["pciSeverity"]
+			vdet_info[:cvss_score]      = @report_data[:vuln]["cvssScore"].to_f         if @report_data[:vuln]["cvssScore"]
+			vdet_info[:cvss_vector]     = @report_data[:vuln]["cvssVector"]             if @report_data[:vuln]["cvssVector"]
+			%W{ published added modified }.each do |tf|
+				next if not @report_data[:vuln][tf]
+				ts = DateTime.parse(@report_data[:vuln][tf]) rescue nil
+				next if not ts
+				vdet_info[ "nx_#{tf}".to_sym ] = ts
+			end
+			::Mdm::VulnDetail.where(:id => vdet_ids).update_all(vdet_info)
+			@report_data[:vuln] = nil
+			}
 		end
 		def record_reference(attrs)
@@ -155,22 +247,202 @@ module Rex
 		def record_vuln(attrs)
 			return unless in_tag("VulnerabilityDefinitions")
 			vuln = attr_hash(attrs)
-			matching_tests = @tests.select {|x| x[:id] == vuln["id"].downcase}
+			matching_tests = @tests[ vuln["id"].downcase ]
+			return unless matching_tests
 			return if matching_tests.empty?
 			@state[:vuln] = vuln
 			@state[:vuln][:matches] = matching_tests
 		end
-		def save_test
+		def record_vuln_description(attrs)
+			@report_data[:vuln_description_stack] = []
+		end
+		def record_vuln_solution(attrs)
+			@report_data[:vuln_solution_stack] = []
+		end
+		def record_formatted_content(name, eattrs)
+			attrs  = attr_hash(eattrs)
+			stack  = nil
+			if in_tag("solution")
+				stack = @report_data[:vuln_solution_stack]
+			end
+			if in_tag("description")
+				stack = @report_data[:vuln_description_stack]
+			end
+			if in_tag("test")
+				stack = @report_data[:vuln_proof_stack]
+			end
+			return if not stack
+			@report_data[:formatted_indent] ||= 0
+			data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
+			@text = ""
+			case name
+			when 'ListItem'
+				@report_data[:formatted_indent] = 1
+				# data = "\n* " + data
+			when 'URLLink'
+				@report_data[:formatted_link] = attrs["LinkURL"]
+			else
+				if @report_data[:formatted_indent] > 1
+					data = (" " * (@report_data[:formatted_indent])) + data
+				end
+				if @report_data[:formatted_indent] == 1
+					@report_data[:formatted_indent] = 6
+				end
+			end
+			if data.length > 0
+				stack << data
+			end
+		end
+		def collect_formatted_content(name)
+			stack  = nil
+			prefix = ""
+			if in_tag("solution")
+				stack = @report_data[:vuln_solution_stack]
+			end
+			if in_tag("description")
+				stack = @report_data[:vuln_description_stack]
+			end
+			if in_tag("test")
+				stack = @report_data[:vuln_proof_stack]
+			end
+			return if not stack
+			data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
+			@text = ""
+			case name
+			when 'URLLink'
+				if @report_data[:formatted_link]
+					if data != @report_data[:formatted_link]
+						if data.empty?
+							data << (" " + @report_data[:formatted_link])
+						else
+							data = " " + data + " ( " + @report_data[:formatted_link] + " )"
+						end
+					end
+				end
+			when 'Paragraph'
+				data << "\n\n"
+			when 'ListItem'
+				@report_data[:formatted_indent] = 0
+				data << "\n"
+			end
+			if data.length > 0
+				stack << data
+			end
+		end
+		# XML Export 2.0 includes additional test keys:
+		# <test id="unix-unowned-files-or-dirs" status="vulnerable-exploited" scan-id="6381" vulnerable-since="20120322T124352665" pci-compliance-status="pass">
+		def report_test
 			return unless in_tag("nodes")
 			return unless in_tag("node")
 			return unless @state[:test]
-			test = { :id => @state[:test][:id]}
-			test[:host] = @state[:address]
-			test[:port] = @state[:test][:port] if @state[:test][:port]
-			test[:protocol] = @state[:test][:protocol] if @state[:test][:protocol]
-			test[:key] = @state[:test][:key] if @state[:test][:key]
-			@tests << test
+			vuln_info = {
+				:workspace => @args[:wspace],
+				# This name will be overwritten during the vuln definition
+				# parsing via mass-update.
+				:name => "NEXPOSE-" + @state[:test][:id].downcase,
+				:host => @state[:cached_host_object] || @state[:address]
+			}
+			if in_tag("endpoint") and @state[:test][:port]
+				# Verify this port actually has some relation to our tracked state
+				# since it may not due to greedy vulnerability matching
+				if @state[:cached_service_object] and @state[:cached_service_object].port.to_i == @state[:test][:port].to_i
+					vuln_info[:service] = @state[:cached_service_object]
+				else
+					vuln_info[:port]  = @state[:test][:port]
+					vuln_info[:proto] = @state[:test][:protocol] if @state[:test][:protocol]
+				end
+			end
+			# This hash feeds a vuln_details row for this vulnerability
+			vdet = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
+			# This hash defines the matching criteria to overwrite an existing entry
+			vkey = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
+			if @state[:nx_device_id]
+				vdet[:nx_device_id] = @state[:nx_device_id]
+				vkey[:nx_device_id] = @state[:nx_device_id]
+			end
+			if @state[:test][:key]
+				vdet[:nx_proof_key] = @state[:test][:key]
+				vkey[:nx_proof_key] = @state[:test][:key]
+			end
+			vdet[:nx_console_id]  = @nx_console_id if @nx_console_id
+			vdet[:nx_vuln_status] = @state[:test][:status] if @state[:test][:status]
+			vdet[:nx_scan_id] = @state[:test][:nx_scan_id] if @state[:test][:nx_scan_id]
+			vdet[:nx_pci_compliance_status] = @state[:test][:nx_pci_compliance_status] if @state[:test][:nx_pci_compliance_status]
+			if @state[:test][:nx_vulnerable_since]
+				ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil
+				vdet[:nx_vulnerable_since] = ts if ts
+			end
+			proof = clean_formatted_text(@report_data[:vuln_proof_stack].join.strip)
+			@report_data[:vuln_proof_stack] = []
+			vuln_info[:info] = proof
+			vdet[:proof]     = proof
+			# Configure the find key for vuln_details
+			vdet[:key] = vkey
+			# Pass this key to the vuln hash to find existing entries
+			# that may have been renamed (re-import nexpose vulns)
+			vuln_info[:details_match] = vkey
+			::ActiveRecord::Base.connection_pool.with_connection {
+			# Report the vulnerability
+			vuln = db.report_vuln(vuln_info)
+			if vuln
+				# Report the vulnerability details
+				detail = db.report_vuln_details(vuln, vdet)
+				# Cache returned host and service objects if necessary
+				@state[:cached_host_object] ||= vuln.host
+				# The vuln.service may be found via greedy matching
+				if in_tag("endpoint") and vuln.service
+					@state[:cached_service_object] ||= vuln.service
+				end
+				# Record the ID of this vuln for a future mass update that
+				# brings in title, risk, description, solution, etc
+				@tests[ @state[:test][:id].downcase ] ||= []
+				@tests[ @state[:test][:id].downcase ] << [ vuln.id, detail.id ]
+			end
+			}
 			@state[:test] = nil
 		end
@@ -220,7 +492,7 @@ module Rex
 		end
 		def report_fingerprint(host_object)
-			return unless host_object.kind_of? ::Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:os].kind_of? Hash
 			note = {
 				:workspace => host_object.workspace,
@@ -239,7 +511,7 @@ module Rex
 		end
 		def report_services(host_object)
-			return unless host_object.kind_of? ::Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:ports]
 			return if @report_data[:ports].empty?
 			reported = []
@@ -275,7 +547,7 @@ module Rex
 				if state[:service]["name"] == "<unknown>"
 					sname = nil
 				else
-					sname = db.nmap_msf_service_map(@state[:service]["name"])
+					sname = db.service_name_map(@state[:service]["name"])
 				end
 				port_hash[:name] = sname
 			end
@@ -302,10 +574,16 @@ module Rex
 			return unless in_tag("node")
 			return if in_tag("service")
 			return unless in_tag("tests")
 			test = attr_hash(attrs)
 			return unless actually_vulnerable(test)
 			@state[:test] = {:id => test["id"].downcase}
 			@state[:test][:key] = test["key"] if test["key"]
+			@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
+			@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
+			@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
+			@report_data[:vuln_proof_stack] = []
 		end
 		def record_service_test(attrs)
@@ -321,6 +599,11 @@ module Rex
 				:protocol => @state[:service]["protocol"],
 			}
 			@state[:test][:key] = test["key"] if test["key"]
+			@state[:test][:status] = test["status"] if test["status"]
+			@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
+			@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
+			@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
+			@report_data[:vuln_proof_stack] = []
 		end
 		def record_host(attrs)
@@ -330,6 +613,14 @@ module Rex
 				@state[:host_is_alive] = true
 				@state[:address] = host_attrs["address"]
 				@state[:mac] = host_attrs["hardware-address"] if host_attrs["hardware-address"]
+				NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+					fs = f.to_sym
+					fk = f.sub(/^nx_/, '').gsub('_', '-')
+					if host_attrs[fk]
+						@state[fs] = host_attrs[fk]
+					end
+				end
 			end
 		end
@@ -345,20 +636,49 @@ module Rex
 					@report_data[:mac] = @state[:mac]
 				end
 			end
+			NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+				v = @state[f.to_sym]
+				@report_data[f.to_sym] = v if v
+			end
 		end
 		def report_host(&block)
 			if host_is_okay
 				db.emit(:address,@report_data[:host],&block) if block
-				host_object = db_report(:host, @report_data.merge(
-					:workspace => @args[:wspace] ) )
+				device_id   = @report_data[:nx_device_id]
+				host_object = db_report(:host, @report_data.merge(:workspace => @args[:wspace] ) )
 				if host_object
 					db.report_import_note(host_object.workspace, host_object)
+					if device_id
+						detail = {
+							:key => { :src => 'nexpose' },
+							:src => 'nexpose',
+							:nx_device_id => device_id
+						}
+						detail[:nx_console_id] = @nx_console_id if @nx_console_id
+						NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+							v = @report_data.delete(f.to_sym)
+							detail[f.to_sym] = v if v
+						end
+						db.report_host_details(host_object, detail)
+					end
 				end
 				host_object
 			end
 		end
+		def clean_formatted_text(txt)
+			txt.split(/\n/).map{ |t|
+				t.sub(/^\s+$/, '').
+				  sub(/^(\s{6,20})/, '      ')
+			}.join("\n").gsub(/\n{4,10}/, "\n\n\n")
+		end
 	end
 end