librex 0.0.65 → 0.0.66

Sign up to get free protection for your applications and to get access to all the features.
Files changed (482) hide show
  1. data/README.markdown +1 -1
  2. data/lib/rex/arch.rb +1 -0
  3. data/lib/rex/arch/sparc.rb +16 -15
  4. data/lib/rex/arch/sparc.rb.ut.rb +2 -1
  5. data/lib/rex/arch/x86.rb +1 -0
  6. data/lib/rex/arch/x86.rb.ut.rb +2 -1
  7. data/lib/rex/assembly/nasm.rb +1 -0
  8. data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
  9. data/lib/rex/compat.rb +13 -0
  10. data/lib/rex/constants.rb +5 -4
  11. data/lib/rex/elfparsey.rb +3 -2
  12. data/lib/rex/elfparsey/elf.rb +2 -1
  13. data/lib/rex/elfparsey/elfbase.rb +8 -7
  14. data/lib/rex/elfparsey/exceptions.rb +3 -2
  15. data/lib/rex/elfscan.rb +3 -2
  16. data/lib/rex/elfscan/scanner.rb +2 -1
  17. data/lib/rex/elfscan/search.rb +2 -1
  18. data/lib/rex/encoder/alpha2.rb +2 -1
  19. data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
  20. data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
  21. data/lib/rex/encoder/alpha2/generic.rb +37 -60
  22. data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
  23. data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
  24. data/lib/rex/encoder/ndr.rb +1 -0
  25. data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
  26. data/lib/rex/encoder/nonalpha.rb +1 -0
  27. data/lib/rex/encoder/nonupper.rb +1 -0
  28. data/lib/rex/encoder/xdr.rb +9 -8
  29. data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
  30. data/lib/rex/encoder/xor.rb +1 -0
  31. data/lib/rex/encoder/xor/dword.rb +2 -1
  32. data/lib/rex/encoder/xor/dword_additive.rb +2 -1
  33. data/lib/rex/encoders/xor_dword.rb +1 -0
  34. data/lib/rex/encoders/xor_dword_additive.rb +2 -1
  35. data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
  36. data/lib/rex/encoding/xor.rb +2 -1
  37. data/lib/rex/encoding/xor.rb.ts.rb +2 -1
  38. data/lib/rex/encoding/xor/byte.rb +2 -1
  39. data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
  40. data/lib/rex/encoding/xor/dword.rb +2 -1
  41. data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
  42. data/lib/rex/encoding/xor/dword_additive.rb +1 -0
  43. data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
  44. data/lib/rex/encoding/xor/exceptions.rb +1 -0
  45. data/lib/rex/encoding/xor/generic.rb +1 -0
  46. data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
  47. data/lib/rex/encoding/xor/qword.rb +2 -1
  48. data/lib/rex/encoding/xor/word.rb +2 -1
  49. data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
  50. data/lib/rex/exceptions.rb +1 -0
  51. data/lib/rex/exceptions.rb.ut.rb +2 -1
  52. data/lib/rex/exploitation/cmdstager.rb +2 -1
  53. data/lib/rex/exploitation/cmdstager/base.rb +1 -0
  54. data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
  55. data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
  56. data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
  57. data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
  58. data/lib/rex/exploitation/egghunter.rb +12 -11
  59. data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
  60. data/lib/rex/exploitation/encryptjs.rb +1 -0
  61. data/lib/rex/exploitation/heaplib.rb +1 -0
  62. data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
  63. data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
  64. data/lib/rex/exploitation/jsobfu.rb +2 -1
  65. data/lib/rex/exploitation/obfuscatejs.rb +1 -0
  66. data/lib/rex/exploitation/omelet.rb +1 -0
  67. data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
  68. data/lib/rex/exploitation/opcodedb.rb +12 -11
  69. data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
  70. data/lib/rex/exploitation/seh.rb +3 -2
  71. data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
  72. data/lib/rex/file.rb +4 -3
  73. data/lib/rex/file.rb.ut.rb +2 -1
  74. data/lib/rex/image_source.rb +3 -2
  75. data/lib/rex/image_source/disk.rb +3 -2
  76. data/lib/rex/image_source/image_source.rb +3 -2
  77. data/lib/rex/image_source/memory.rb +3 -2
  78. data/lib/rex/io/bidirectional_pipe.rb +1 -0
  79. data/lib/rex/io/datagram_abstraction.rb +2 -1
  80. data/lib/rex/io/ring_buffer.rb +49 -44
  81. data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
  82. data/lib/rex/io/stream.rb +1 -0
  83. data/lib/rex/io/stream_abstraction.rb +1 -0
  84. data/lib/rex/io/stream_server.rb +1 -0
  85. data/lib/rex/job_container.rb +1 -0
  86. data/lib/rex/logging.rb +2 -1
  87. data/lib/rex/logging/log_dispatcher.rb +5 -4
  88. data/lib/rex/logging/log_sink.rb +2 -1
  89. data/lib/rex/logging/sinks/flatfile.rb +4 -3
  90. data/lib/rex/logging/sinks/stderr.rb +2 -1
  91. data/lib/rex/machparsey.rb +2 -1
  92. data/lib/rex/machparsey/exceptions.rb +2 -1
  93. data/lib/rex/machparsey/mach.rb +20 -19
  94. data/lib/rex/machparsey/machbase.rb +27 -26
  95. data/lib/rex/machscan.rb +2 -1
  96. data/lib/rex/machscan/scanner.rb +1 -0
  97. data/lib/rex/mime.rb +2 -1
  98. data/lib/rex/mime/header.rb +1 -0
  99. data/lib/rex/mime/message.rb +4 -1
  100. data/lib/rex/mime/part.rb +2 -1
  101. data/lib/rex/nop/opty2.rb +2 -1
  102. data/lib/rex/nop/opty2.rb.ut.rb +2 -1
  103. data/lib/rex/nop/opty2_tables.rb +1 -0
  104. data/lib/rex/ole.rb +3 -2
  105. data/lib/rex/ole/clsid.rb +3 -2
  106. data/lib/rex/ole/difat.rb +3 -2
  107. data/lib/rex/ole/directory.rb +3 -2
  108. data/lib/rex/ole/direntry.rb +3 -2
  109. data/lib/rex/ole/fat.rb +3 -2
  110. data/lib/rex/ole/header.rb +3 -2
  111. data/lib/rex/ole/minifat.rb +3 -2
  112. data/lib/rex/ole/propset.rb +4 -3
  113. data/lib/rex/ole/samples/create_ole.rb +1 -0
  114. data/lib/rex/ole/samples/dir.rb +1 -0
  115. data/lib/rex/ole/samples/dump_stream.rb +1 -0
  116. data/lib/rex/ole/samples/ole_info.rb +1 -0
  117. data/lib/rex/ole/storage.rb +3 -2
  118. data/lib/rex/ole/stream.rb +3 -2
  119. data/lib/rex/ole/substorage.rb +3 -2
  120. data/lib/rex/ole/util.rb +3 -2
  121. data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
  122. data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
  123. data/lib/rex/parser/appscan_nokogiri.rb +17 -16
  124. data/lib/rex/parser/arguments.rb +2 -1
  125. data/lib/rex/parser/arguments.rb.ut.rb +2 -1
  126. data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
  127. data/lib/rex/parser/ci_nokogiri.rb +4 -3
  128. data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
  129. data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
  130. data/lib/rex/parser/ini.rb +1 -0
  131. data/lib/rex/parser/ini.rb.ut.rb +2 -1
  132. data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
  133. data/lib/rex/parser/ip360_xml.rb +4 -3
  134. data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
  135. data/lib/rex/parser/nessus_xml.rb +3 -2
  136. data/lib/rex/parser/netsparker_xml.rb +10 -9
  137. data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
  138. data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
  139. data/lib/rex/parser/nexpose_xml.rb +1 -0
  140. data/lib/rex/parser/nmap_nokogiri.rb +63 -33
  141. data/lib/rex/parser/nmap_xml.rb +1 -0
  142. data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
  143. data/lib/rex/parser/openvas_nokogiri.rb +172 -0
  144. data/lib/rex/parser/retina_xml.rb +1 -0
  145. data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
  146. data/lib/rex/payloads.rb +2 -1
  147. data/lib/rex/payloads/win32.rb +2 -1
  148. data/lib/rex/payloads/win32/common.rb +2 -1
  149. data/lib/rex/payloads/win32/kernel.rb +2 -1
  150. data/lib/rex/payloads/win32/kernel/common.rb +4 -3
  151. data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
  152. data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
  153. data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
  154. data/lib/rex/peparsey.rb +3 -2
  155. data/lib/rex/peparsey/exceptions.rb +2 -1
  156. data/lib/rex/peparsey/pe.rb +3 -2
  157. data/lib/rex/peparsey/pe_memdump.rb +2 -1
  158. data/lib/rex/peparsey/pebase.rb +2 -1
  159. data/lib/rex/peparsey/section.rb +2 -1
  160. data/lib/rex/pescan.rb +3 -2
  161. data/lib/rex/pescan/analyze.rb +1 -0
  162. data/lib/rex/pescan/scanner.rb +1 -0
  163. data/lib/rex/pescan/search.rb +1 -0
  164. data/lib/rex/platforms.rb +2 -1
  165. data/lib/rex/platforms/windows.rb +2 -1
  166. data/lib/rex/poly.rb +2 -1
  167. data/lib/rex/poly/block.rb +16 -15
  168. data/lib/rex/poly/register.rb +2 -1
  169. data/lib/rex/poly/register/x86.rb +2 -1
  170. data/lib/rex/post.rb +2 -2
  171. data/lib/rex/post/dir.rb +2 -1
  172. data/lib/rex/post/file.rb +1 -0
  173. data/lib/rex/post/file_stat.rb +1 -0
  174. data/lib/rex/post/io.rb +2 -1
  175. data/lib/rex/post/meterpreter.rb +2 -1
  176. data/lib/rex/post/meterpreter/channel.rb +1 -0
  177. data/lib/rex/post/meterpreter/channel_container.rb +2 -1
  178. data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
  179. data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
  180. data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
  181. data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
  182. data/lib/rex/post/meterpreter/client.rb +23 -1
  183. data/lib/rex/post/meterpreter/client_core.rb +10 -5
  184. data/lib/rex/post/meterpreter/dependencies.rb +2 -1
  185. data/lib/rex/post/meterpreter/extension.rb +2 -1
  186. data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
  187. data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
  188. data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
  189. data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
  190. data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
  191. data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
  192. data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
  193. data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
  194. data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
  195. data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
  196. data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
  197. data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
  198. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
  199. data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
  200. data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
  201. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
  202. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
  203. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
  204. data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
  205. data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
  206. data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
  207. data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
  208. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
  209. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
  210. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
  211. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
  212. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
  213. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
  214. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
  215. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
  216. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
  217. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
  218. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
  219. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
  220. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
  221. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
  222. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
  223. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
  224. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
  225. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
  226. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
  227. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
  228. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
  229. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
  230. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
  231. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
  232. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
  233. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
  234. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
  235. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
  236. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
  237. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
  238. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
  239. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
  240. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
  241. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
  242. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
  243. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
  244. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
  245. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
  246. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
  247. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
  248. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
  249. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
  250. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
  251. data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
  252. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
  253. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
  254. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
  255. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
  256. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
  257. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
  258. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
  259. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
  260. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
  261. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
  262. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
  263. data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
  264. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
  265. data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
  266. data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
  267. data/lib/rex/post/meterpreter/packet.rb +26 -6
  268. data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
  269. data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
  270. data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
  271. data/lib/rex/post/meterpreter/ui/console.rb +1 -0
  272. data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
  273. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
  274. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
  275. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
  276. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
  277. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
  278. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
  279. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
  280. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
  281. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
  282. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
  283. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
  284. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
  285. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
  286. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
  287. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
  288. data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
  289. data/lib/rex/post/permission.rb +2 -1
  290. data/lib/rex/post/process.rb +2 -1
  291. data/lib/rex/post/thread.rb +2 -1
  292. data/lib/rex/post/ui.rb +2 -1
  293. data/lib/rex/proto.rb +1 -0
  294. data/lib/rex/proto.rb.ts.rb +2 -1
  295. data/lib/rex/proto/dcerpc.rb +2 -1
  296. data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
  297. data/lib/rex/proto/dcerpc/client.rb +1 -0
  298. data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
  299. data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
  300. data/lib/rex/proto/dcerpc/handle.rb +1 -0
  301. data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
  302. data/lib/rex/proto/dcerpc/ndr.rb +2 -1
  303. data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
  304. data/lib/rex/proto/dcerpc/packet.rb +52 -45
  305. data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
  306. data/lib/rex/proto/dcerpc/response.rb +1 -0
  307. data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
  308. data/lib/rex/proto/dcerpc/uuid.rb +13 -12
  309. data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
  310. data/lib/rex/proto/dhcp.rb +2 -1
  311. data/lib/rex/proto/dhcp/constants.rb +2 -1
  312. data/lib/rex/proto/dhcp/server.rb +4 -3
  313. data/lib/rex/proto/drda.rb +1 -0
  314. data/lib/rex/proto/drda.rb.ts.rb +1 -0
  315. data/lib/rex/proto/drda/constants.rb +1 -0
  316. data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
  317. data/lib/rex/proto/drda/packet.rb +11 -10
  318. data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
  319. data/lib/rex/proto/drda/utils.rb +4 -3
  320. data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
  321. data/lib/rex/proto/http.rb +2 -1
  322. data/lib/rex/proto/http.rb.ts.rb +2 -1
  323. data/lib/rex/proto/http/client.rb +29 -5
  324. data/lib/rex/proto/http/client.rb.ut.rb +1 -0
  325. data/lib/rex/proto/http/handler.rb +2 -1
  326. data/lib/rex/proto/http/handler/erb.rb +5 -4
  327. data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
  328. data/lib/rex/proto/http/handler/proc.rb +1 -0
  329. data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
  330. data/lib/rex/proto/http/header.rb +3 -3
  331. data/lib/rex/proto/http/header.rb.ut.rb +2 -1
  332. data/lib/rex/proto/http/packet.rb +1 -0
  333. data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
  334. data/lib/rex/proto/http/request.rb +23 -22
  335. data/lib/rex/proto/http/request.rb.ut.rb +2 -1
  336. data/lib/rex/proto/http/response.rb +6 -5
  337. data/lib/rex/proto/http/response.rb.ut.rb +7 -6
  338. data/lib/rex/proto/http/server.rb +1 -0
  339. data/lib/rex/proto/http/server.rb.ut.rb +6 -5
  340. data/lib/rex/proto/iax2.rb +1 -0
  341. data/lib/rex/proto/iax2/call.rb +48 -47
  342. data/lib/rex/proto/iax2/client.rb +23 -22
  343. data/lib/rex/proto/iax2/codecs.rb +1 -0
  344. data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
  345. data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
  346. data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
  347. data/lib/rex/proto/iax2/constants.rb +1 -0
  348. data/lib/rex/proto/natpmp.rb +11 -0
  349. data/lib/rex/proto/natpmp/constants.rb +19 -0
  350. data/lib/rex/proto/natpmp/packet.rb +45 -0
  351. data/lib/rex/proto/ntlm.rb +1 -0
  352. data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
  353. data/lib/rex/proto/ntlm/base.rb +38 -37
  354. data/lib/rex/proto/ntlm/constants.rb +1 -0
  355. data/lib/rex/proto/ntlm/crypt.rb +45 -44
  356. data/lib/rex/proto/ntlm/exceptions.rb +1 -0
  357. data/lib/rex/proto/ntlm/message.rb +30 -29
  358. data/lib/rex/proto/ntlm/utils.rb +116 -115
  359. data/lib/rex/proto/proxy/socks4a.rb +1 -0
  360. data/lib/rex/proto/rfb.rb +1 -0
  361. data/lib/rex/proto/rfb.rb.ut.rb +1 -0
  362. data/lib/rex/proto/rfb/cipher.rb +1 -0
  363. data/lib/rex/proto/rfb/client.rb +1 -0
  364. data/lib/rex/proto/rfb/constants.rb +1 -0
  365. data/lib/rex/proto/smb.rb +2 -1
  366. data/lib/rex/proto/smb.rb.ts.rb +2 -1
  367. data/lib/rex/proto/smb/client.rb +23 -22
  368. data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
  369. data/lib/rex/proto/smb/constants.rb +1 -0
  370. data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
  371. data/lib/rex/proto/smb/crypt.rb +3 -2
  372. data/lib/rex/proto/smb/evasions.rb +1 -0
  373. data/lib/rex/proto/smb/exceptions.rb +6 -5
  374. data/lib/rex/proto/smb/simpleclient.rb +1 -0
  375. data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
  376. data/lib/rex/proto/smb/utils.rb +1 -0
  377. data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
  378. data/lib/rex/proto/sunrpc.rb +1 -0
  379. data/lib/rex/proto/sunrpc/client.rb +1 -0
  380. data/lib/rex/proto/tftp.rb +3 -1
  381. data/lib/rex/proto/tftp/client.rb +344 -0
  382. data/lib/rex/proto/tftp/constants.rb +2 -1
  383. data/lib/rex/proto/tftp/server.rb +2 -1
  384. data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
  385. data/lib/rex/registry.rb +14 -0
  386. data/lib/rex/registry/hive.rb +132 -0
  387. data/lib/rex/registry/lfkey.rb +51 -0
  388. data/lib/rex/registry/nodekey.rb +54 -0
  389. data/lib/rex/registry/regf.rb +25 -0
  390. data/lib/rex/registry/valuekey.rb +67 -0
  391. data/lib/rex/registry/valuelist.rb +29 -0
  392. data/lib/rex/ropbuilder.rb +2 -1
  393. data/lib/rex/ropbuilder/rop.rb +3 -2
  394. data/lib/rex/script.rb +1 -0
  395. data/lib/rex/script/base.rb +1 -0
  396. data/lib/rex/script/meterpreter.rb +1 -0
  397. data/lib/rex/script/shell.rb +1 -0
  398. data/lib/rex/service.rb +2 -1
  399. data/lib/rex/service_manager.rb +6 -5
  400. data/lib/rex/service_manager.rb.ut.rb +2 -1
  401. data/lib/rex/services/local_relay.rb +1 -0
  402. data/lib/rex/socket.rb +72 -36
  403. data/lib/rex/socket.rb.ut.rb +1 -0
  404. data/lib/rex/socket/comm.rb +1 -0
  405. data/lib/rex/socket/comm/local.rb +60 -13
  406. data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
  407. data/lib/rex/socket/ip.rb +1 -0
  408. data/lib/rex/socket/parameters.rb +15 -14
  409. data/lib/rex/socket/parameters.rb.ut.rb +2 -1
  410. data/lib/rex/socket/range_walker.rb +71 -26
  411. data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
  412. data/lib/rex/socket/ssl_tcp.rb +1 -0
  413. data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
  414. data/lib/rex/socket/ssl_tcp_server.rb +1 -0
  415. data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
  416. data/lib/rex/socket/subnet_walker.rb +1 -0
  417. data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
  418. data/lib/rex/socket/switch_board.rb +1 -0
  419. data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
  420. data/lib/rex/socket/tcp.rb +4 -3
  421. data/lib/rex/socket/tcp.rb.ut.rb +2 -1
  422. data/lib/rex/socket/tcp_server.rb +1 -0
  423. data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
  424. data/lib/rex/socket/udp.rb +2 -1
  425. data/lib/rex/socket/udp.rb.ut.rb +2 -1
  426. data/lib/rex/struct2.rb +2 -1
  427. data/lib/rex/struct2/c_struct.rb +2 -1
  428. data/lib/rex/struct2/c_struct_template.rb +2 -1
  429. data/lib/rex/struct2/constant.rb +2 -1
  430. data/lib/rex/struct2/element.rb +2 -1
  431. data/lib/rex/struct2/generic.rb +1 -0
  432. data/lib/rex/struct2/restraint.rb +2 -1
  433. data/lib/rex/struct2/s_string.rb +1 -0
  434. data/lib/rex/struct2/s_struct.rb +1 -0
  435. data/lib/rex/sync.rb +2 -1
  436. data/lib/rex/sync/event.rb +1 -0
  437. data/lib/rex/sync/read_write_lock.rb +1 -0
  438. data/lib/rex/sync/ref.rb +2 -1
  439. data/lib/rex/sync/thread_safe.rb +2 -1
  440. data/lib/rex/test.rb +2 -1
  441. data/lib/rex/text.rb +136 -19
  442. data/lib/rex/text.rb.ut.rb +1 -0
  443. data/lib/rex/thread_factory.rb +5 -4
  444. data/lib/rex/time.rb +2 -1
  445. data/lib/rex/transformer.rb +1 -0
  446. data/lib/rex/transformer.rb.ut.rb +2 -1
  447. data/lib/rex/ui.rb +2 -1
  448. data/lib/rex/ui/interactive.rb +10 -9
  449. data/lib/rex/ui/output.rb +1 -0
  450. data/lib/rex/ui/output/none.rb +2 -1
  451. data/lib/rex/ui/progress_tracker.rb +2 -1
  452. data/lib/rex/ui/subscriber.rb +9 -8
  453. data/lib/rex/ui/text/color.rb +1 -0
  454. data/lib/rex/ui/text/color.rb.ut.rb +1 -0
  455. data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
  456. data/lib/rex/ui/text/input.rb +1 -0
  457. data/lib/rex/ui/text/input/buffer.rb +7 -6
  458. data/lib/rex/ui/text/input/readline.rb +14 -13
  459. data/lib/rex/ui/text/input/socket.rb +1 -0
  460. data/lib/rex/ui/text/input/stdio.rb +2 -1
  461. data/lib/rex/ui/text/irb_shell.rb +1 -0
  462. data/lib/rex/ui/text/output.rb +1 -0
  463. data/lib/rex/ui/text/output/buffer.rb +1 -0
  464. data/lib/rex/ui/text/output/file.rb +1 -0
  465. data/lib/rex/ui/text/output/socket.rb +1 -0
  466. data/lib/rex/ui/text/output/stdio.rb +1 -0
  467. data/lib/rex/ui/text/output/tee.rb +1 -0
  468. data/lib/rex/ui/text/progress_tracker.rb +2 -1
  469. data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
  470. data/lib/rex/ui/text/shell.rb +1 -0
  471. data/lib/rex/ui/text/table.rb +20 -14
  472. data/lib/rex/ui/text/table.rb.ut.rb +3 -2
  473. data/lib/rex/zip.rb +1 -0
  474. data/lib/rex/zip/archive.rb +2 -1
  475. data/lib/rex/zip/blocks.rb +3 -2
  476. data/lib/rex/zip/entry.rb +6 -7
  477. data/lib/rex/zip/jar.rb +4 -3
  478. data/lib/rex/zip/samples/comment.rb +1 -0
  479. data/lib/rex/zip/samples/mkwar.rb +1 -0
  480. data/lib/rex/zip/samples/mkzip.rb +1 -0
  481. data/lib/rex/zip/samples/recursive.rb +1 -0
  482. metadata +433 -435
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rexml/document'
2
3
  require 'rex/ui'
3
4
 
@@ -33,9 +34,9 @@ class IP360XMLStreamParser
33
34
  when "macAddress"
34
35
  @state = :is_mac
35
36
  when "os"
36
- @host['os'] = attributes['id']
37
+ @host['os'] = attributes['id']
37
38
  when "vulnerability"
38
- @x = Hash.new
39
+ @x = Hash.new
39
40
  @x['vulnid'] = attributes['id']
40
41
  when "port"
41
42
  @state = :is_port
@@ -50,7 +51,7 @@ class IP360XMLStreamParser
50
51
  @host['apps'].push @y
51
52
  end
52
53
  end
53
-
54
+
54
55
  def text(str)
55
56
  case @state
56
57
  when :is_fqdn
@@ -1,9 +1,10 @@
1
- require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
1
+ # -*- coding: binary -*-
2
+ require "rex/parser/nokogiri_doc_mixin"
2
3
 
3
4
  module Rex
4
5
  module Parser
5
6
 
6
- # If Nokogiri is available, define Template document class.
7
+ # If Nokogiri is available, define Template document class.
7
8
  load_nokogiri && class MbsaDocument < Nokogiri::XML::SAX::Document
8
9
 
9
10
  include NokogiriDocMixin
@@ -57,7 +58,7 @@ module Rex
57
58
  @state.delete_if {|k| k != :current_tag}
58
59
  when "Check"
59
60
  collect_check_data
60
- when "Advice"
61
+ when "Advice"
61
62
  @state[:has_text] = false
62
63
  collect_advice_data
63
64
  when "Detail"
@@ -73,9 +74,9 @@ module Rex
73
74
  end
74
75
  @state[:current_tag].delete name
75
76
  end
76
-
77
+
77
78
  def report_fingerprint(host_object)
78
- return unless host_object.kind_of? Msf::DBManager::Host
79
+ return unless host_object.kind_of? ::Mdm::Host
79
80
  return unless @report_data[:os_fingerprint]
80
81
  fp_note = @report_data[:os_fingerprint].merge(
81
82
  {
@@ -95,7 +96,7 @@ module Rex
95
96
  end
96
97
 
97
98
  def report_vulns(host_object, &block)
98
- return unless host_object.kind_of? Msf::DBManager::Host
99
+ return unless host_object.kind_of? ::Mdm::Host
99
100
  return unless @report_data[:vulns]
100
101
  return if @report_data[:vulns].empty?
101
102
  @report_data[:vulns].each do |vuln|
@@ -163,7 +164,7 @@ module Rex
163
164
  return if @text.strip.empty?
164
165
  os_match = @text.match(/Computer is running (.*)/)
165
166
  return unless os_match
166
- os_info = os_match[1]
167
+ os_info = os_match[1]
167
168
  os_vendor = os_info[/Microsoft/]
168
169
  os_family = os_info[/Windows/]
169
170
  os_version = os_info[/(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/]
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rexml/document'
2
3
  require 'rex/ui'
3
4
 
@@ -17,7 +18,7 @@ class NessusXMLStreamParser
17
18
  def reset_state
18
19
  @host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
19
20
  'port' => {'port' => nil, 'svc_name' => nil, 'proto' => nil, 'severity' => nil,
20
- 'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
21
+ 'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
21
22
  'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
22
23
  @state = :generic_state
23
24
  end
@@ -67,7 +68,7 @@ class NessusXMLStreamParser
67
68
  @state = :msf
68
69
  end
69
70
  end
70
-
71
+
71
72
  def text(str)
72
73
  case @state
73
74
  when :is_fqdn
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Parser
3
4
 
@@ -8,7 +9,7 @@ class NetSparkerXMLStreamParser
8
9
 
9
10
  def initialize(on_found_vuln = nil)
10
11
  self.on_found_vuln = on_found_vuln if on_found_vuln
11
- reset_state
12
+ reset_state
12
13
  end
13
14
 
14
15
  def reset_state
@@ -20,7 +21,7 @@ class NetSparkerXMLStreamParser
20
21
  def tag_start(name, attributes)
21
22
  @state = "in_#{name.downcase}".intern
22
23
  @attr = attributes
23
-
24
+
24
25
  case name
25
26
  when "vulnerability"
26
27
  @vuln['confirmed'] = attributes['confirmed']
@@ -33,7 +34,7 @@ class NetSparkerXMLStreamParser
33
34
  @vuln['url'] ||= ""
34
35
  @vuln['url'] += str
35
36
  when :in_type
36
- @vuln['type'] ||= ""
37
+ @vuln['type'] ||= ""
37
38
  @vuln['type'] += str
38
39
  when :in_severity
39
40
  @vuln['severity'] ||= ""
@@ -42,13 +43,13 @@ class NetSparkerXMLStreamParser
42
43
  @vuln["vparam_type"] ||= ""
43
44
  @vuln["vparam_type"] += str
44
45
  when :in_vulnerableparameter
45
- @vuln["vparam_name"] ||= ""
46
- @vuln["vparam_name"] += str
46
+ @vuln["vparam_name"] ||= ""
47
+ @vuln["vparam_name"] += str
47
48
  when :in_vulnerableparametervalue
48
- @vuln["vparam_value"] ||= ""
49
- @vuln["vparam_value"] += str
49
+ @vuln["vparam_value"] ||= ""
50
+ @vuln["vparam_value"] += str
50
51
  when :in_rawrequest
51
- @vuln["request"] ||= ""
52
+ @vuln["request"] ||= ""
52
53
  @vuln["request"] += str
53
54
  when :in_rawresponse
54
55
  @vuln["response"] ||= ""
@@ -64,7 +65,7 @@ class NetSparkerXMLStreamParser
64
65
  when :generic_state
65
66
  when :in_vulnerability
66
67
  when :in_extrainformation
67
- else
68
+ else
68
69
  # $stderr.puts "unknown state: #{@state}"
69
70
  end
70
71
  end
@@ -1,15 +1,24 @@
1
- require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
1
+ # -*- coding: binary -*-
2
+ require "rex/parser/nokogiri_doc_mixin"
3
+ require "date"
2
4
 
3
5
  module Rex
4
6
  module Parser
5
7
 
6
- # If Nokogiri is available, define Template document class.
8
+ # If Nokogiri is available, define Template document class.
7
9
  load_nokogiri && class NexposeRawDocument < Nokogiri::XML::SAX::Document
8
10
 
9
11
  include NokogiriDocMixin
10
12
 
11
13
  attr_reader :tests
12
14
 
15
+ NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score }
16
+ NEXPOSE_VULN_DETAIL_FIELDS = %W{
17
+ nx_scan_id
18
+ nx_vulnerable_since
19
+ nx_pci_compliance_status
20
+ }
21
+
13
22
  # Triggered every time a new element is encountered. We keep state
14
23
  # ourselves with the @state variable, turning things on when we
15
24
  # get here (and turning things off when we exit in end_element()).
@@ -19,12 +28,13 @@ module Rex
19
28
  @state[:current_tag][name] = true
20
29
  case name
21
30
  when "nodes" # There are two main sections, nodes and VulnerabilityDefinitions
22
- @tests = []
31
+ @tests = {}
23
32
  when "node"
24
33
  record_host(attrs)
25
34
  when "name"
26
35
  @state[:has_text] = true
27
36
  when "endpoint"
37
+ @state.delete(:cached_service_object)
28
38
  record_service(attrs)
29
39
  when "service"
30
40
  record_service_info(attrs)
@@ -33,6 +43,7 @@ module Rex
33
43
  when "os"
34
44
  record_os_fingerprint(attrs)
35
45
  when "test" # All the vulns tested for
46
+ @state[:has_text] = true
36
47
  record_host_test(attrs)
37
48
  record_service_test(attrs)
38
49
  when "vulnerability"
@@ -40,6 +51,27 @@ module Rex
40
51
  when "reference"
41
52
  @state[:has_text] = true
42
53
  record_reference(attrs)
54
+ when "description"
55
+ @state[:has_text] = true
56
+ record_vuln_description(attrs)
57
+ when "solution"
58
+ @state[:has_text] = true
59
+ record_vuln_solution(attrs)
60
+ when "tag"
61
+ @state[:has_text] = true
62
+ when "tags"
63
+ @state[:tags] = []
64
+ #
65
+ # These are markup tags only present within description/solutions
66
+ #
67
+ when "ContainerBlockElement", # Overall container, no formatting
68
+ "Paragraph", # <Paragraph preformat="true">
69
+ "UnorderedList", # List container (bulleted)
70
+ "ListItem", # List item
71
+ "URLLink" # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
72
+
73
+ record_formatted_content(name, attrs)
74
+
43
75
  end
44
76
  end
45
77
 
@@ -58,12 +90,16 @@ module Rex
58
90
  when "name"
59
91
  collect_hostname
60
92
  @state[:has_text] = false
93
+ @text = nil
61
94
  when "endpoint"
62
95
  collect_service_data
96
+ @state.delete(:cached_service_object)
63
97
  when "os"
64
98
  collect_os_fingerprints
65
99
  when "test"
66
- save_test
100
+ report_test(&block)
101
+ @state[:has_text] = false
102
+ @text = nil
67
103
  when "vulnerability"
68
104
  collect_vuln_info
69
105
  report_vuln(&block)
@@ -72,6 +108,31 @@ module Rex
72
108
  @state[:has_text] = false
73
109
  collect_reference
74
110
  @text = nil
111
+ when "description"
112
+ @state[:has_text] = false
113
+ collect_vuln_description
114
+ @text = nil
115
+ when "solution"
116
+ @state[:has_text] = false
117
+ collect_vuln_solution
118
+ @text = nil
119
+ when "tag"
120
+ @state[:has_text] = false
121
+ collect_tag
122
+ @text = nil
123
+ when "tags"
124
+ @report_data[:vuln_tags] = @state[:tags]
125
+ @state.delete(:tags)
126
+ #
127
+ # These are markup tags only present within description/solutions
128
+ #
129
+ when "ContainerBlockElement", # Overall container, no formatting
130
+ "Paragraph", # <Paragraph preformat="true">
131
+ "UnorderedList", # List container (bulleted)
132
+ "ListItem", # List item
133
+ "URLLink" # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
134
+
135
+ collect_formatted_content(name)
75
136
  end
76
137
  @state[:current_tag].delete name
77
138
  end
@@ -86,6 +147,29 @@ module Rex
86
147
  @state[:ref] = nil
87
148
  end
88
149
 
150
+ def collect_vuln_description
151
+ return unless in_tag("description")
152
+ return unless in_tag("vulnerability")
153
+ return unless @state[:vuln]
154
+ @report_data[:vuln_description] = clean_formatted_text( @report_data[:vuln_description_stack].join.strip )
155
+ end
156
+
157
+ def collect_vuln_solution
158
+ return unless in_tag("solution")
159
+ return unless in_tag("vulnerability")
160
+ return unless @state[:vuln]
161
+ @report_data[:vuln_solution] = clean_formatted_text( @report_data[:vuln_solution_stack].join.strip )
162
+ end
163
+
164
+ def collect_tag
165
+ return unless in_tag("tag")
166
+ return unless in_tag("tags")
167
+ return unless in_tag("vulnerability")
168
+ return unless @state[:vuln]
169
+ @state[:tags] ||= []
170
+ @state[:tags] << @text.to_s.strip
171
+ end
172
+
89
173
  def collect_vuln_info
90
174
  return unless in_tag("VulnerabilityDefinitions")
91
175
  return unless in_tag("vulnerability")
@@ -101,49 +185,57 @@ module Rex
101
185
  return unless in_tag("VulnerabilityDefinitions")
102
186
  return unless @report_data[:vuln]
103
187
  return unless @report_data[:vuln][:matches].kind_of? Array
188
+
189
+ ::ActiveRecord::Base.connection_pool.with_connection {
190
+
104
191
  refs = normalize_references(@report_data[:vuln][:refs])
105
192
  refs << "NEXPOSE-#{report_data[:vuln]["id"]}"
106
193
  vuln_instances = @report_data[:vuln][:matches].size
107
194
  db.emit(:vuln, [refs.last,vuln_instances], &block) if block
108
- data = {
109
- :workspace => @args[:wspace],
110
- :name => refs.last,
111
- :info => @report_data[:vuln]["title"],
112
- :refs => refs.uniq
113
- }
114
- hosts_keys = {}
115
- @report_data[:vuln][:matches].each do |match|
116
- host_data = data.dup
117
- host_data[:host] = match[:host]
118
- host_data[:port] = match[:port] if match[:port]
119
- host_data[:proto] = match[:protocol] if match[:protocol]
120
- db_report(:vuln, host_data)
121
- if match[:key]
122
- hosts_keys[host_data[:host]] ||= []
123
- hosts_keys[host_data[:host]] << match[:key]
195
+
196
+ vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] }
197
+ vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] }
198
+
199
+ refs = refs.uniq.map{|x| db.find_or_create_ref(:name => x) }
200
+
201
+ # Assign title and references to all vuln_ids
202
+ # Mass update fails due to the join table || ::Mdm::Vuln.where(:id => vuln_ids).update_all({ :name => @report_data[:vuln]["title"], :refs => refs } )
203
+ vuln_ids.each do |vid|
204
+ vuln = ::Mdm::Vuln.find(vid)
205
+ next unless vuln
206
+ vuln.name = @report_data[:vuln]["title"]
207
+
208
+ if refs.length > 0
209
+ vuln.refs += refs
124
210
  end
125
- end
126
- report_key_note(hosts_keys,data)
127
- @report_data[:vuln] = nil
128
- end
129
211
 
130
- def report_key_note(hosts_keys,data)
131
- return if hosts_keys.empty?
132
- hosts_keys.each do |key_host,key_values|
133
- key_note = {
134
- :workspace => @args[:wspace],
135
- :host => key_host,
136
- :type => "host.vuln.nexpose_keys",
137
- :data => {},
138
- :update => :unique_data
139
- }
140
- key_values.each do |key_value|
141
- key_note[:data][data[:name]] ||= []
142
- next if key_note[:data][data[:name]].include? key_value
143
- key_note[:data][data[:name]] << key_value
212
+ if vuln.changed?
213
+ vuln.save!
144
214
  end
145
- db_report(:note, key_note)
146
215
  end
216
+
217
+ # Mass update vulnerability details across the database based on conditions
218
+ vdet_info = { :title => @report_data[:vuln]["title"] }
219
+ vdet_info[:description] = @report_data[:vuln_description] unless @report_data[:vuln_description].to_s.empty?
220
+ vdet_info[:solution] = @report_data[:vuln_solution] unless @report_data[:vuln_solution].to_s.empty?
221
+ vdet_info[:nx_tags] = @report_data[:vuln_tags].sort.uniq.join(", ") if ( @report_data[:vuln_tags].kind_of?(::Array) and @report_data[:vuln_tags].length > 0 )
222
+ vdet_info[:nx_severity] = @report_data[:vuln]["severity"].to_f if @report_data[:vuln]["severity"]
223
+ vdet_info[:nx_pci_severity] = @report_data[:vuln]["pciSeverity"].to_f if @report_data[:vuln]["pciSeverity"]
224
+ vdet_info[:cvss_score] = @report_data[:vuln]["cvssScore"].to_f if @report_data[:vuln]["cvssScore"]
225
+ vdet_info[:cvss_vector] = @report_data[:vuln]["cvssVector"] if @report_data[:vuln]["cvssVector"]
226
+
227
+ %W{ published added modified }.each do |tf|
228
+ next if not @report_data[:vuln][tf]
229
+ ts = DateTime.parse(@report_data[:vuln][tf]) rescue nil
230
+ next if not ts
231
+ vdet_info[ "nx_#{tf}".to_sym ] = ts
232
+ end
233
+
234
+ ::Mdm::VulnDetail.where(:id => vdet_ids).update_all(vdet_info)
235
+
236
+ @report_data[:vuln] = nil
237
+
238
+ }
147
239
  end
148
240
 
149
241
  def record_reference(attrs)
@@ -155,22 +247,202 @@ module Rex
155
247
  def record_vuln(attrs)
156
248
  return unless in_tag("VulnerabilityDefinitions")
157
249
  vuln = attr_hash(attrs)
158
- matching_tests = @tests.select {|x| x[:id] == vuln["id"].downcase}
250
+ matching_tests = @tests[ vuln["id"].downcase ]
251
+ return unless matching_tests
159
252
  return if matching_tests.empty?
160
253
  @state[:vuln] = vuln
161
254
  @state[:vuln][:matches] = matching_tests
162
255
  end
163
256
 
164
- def save_test
257
+ def record_vuln_description(attrs)
258
+ @report_data[:vuln_description_stack] = []
259
+ end
260
+
261
+ def record_vuln_solution(attrs)
262
+ @report_data[:vuln_solution_stack] = []
263
+ end
264
+
265
+
266
+ def record_formatted_content(name, eattrs)
267
+ attrs = attr_hash(eattrs)
268
+ stack = nil
269
+
270
+ if in_tag("solution")
271
+ stack = @report_data[:vuln_solution_stack]
272
+ end
273
+
274
+ if in_tag("description")
275
+ stack = @report_data[:vuln_description_stack]
276
+ end
277
+
278
+ if in_tag("test")
279
+ stack = @report_data[:vuln_proof_stack]
280
+ end
281
+
282
+ return if not stack
283
+
284
+ @report_data[:formatted_indent] ||= 0
285
+
286
+ data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
287
+ @text = ""
288
+
289
+ case name
290
+ when 'ListItem'
291
+ @report_data[:formatted_indent] = 1
292
+ # data = "\n* " + data
293
+ when 'URLLink'
294
+ @report_data[:formatted_link] = attrs["LinkURL"]
295
+ else
296
+
297
+ if @report_data[:formatted_indent] > 1
298
+ data = (" " * (@report_data[:formatted_indent])) + data
299
+ end
300
+
301
+ if @report_data[:formatted_indent] == 1
302
+ @report_data[:formatted_indent] = 6
303
+ end
304
+ end
305
+
306
+ if data.length > 0
307
+ stack << data
308
+ end
309
+ end
310
+
311
+ def collect_formatted_content(name)
312
+ stack = nil
313
+ prefix = ""
314
+
315
+ if in_tag("solution")
316
+ stack = @report_data[:vuln_solution_stack]
317
+ end
318
+
319
+ if in_tag("description")
320
+ stack = @report_data[:vuln_description_stack]
321
+ end
322
+
323
+ if in_tag("test")
324
+ stack = @report_data[:vuln_proof_stack]
325
+ end
326
+
327
+ return if not stack
328
+
329
+ data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
330
+ @text = ""
331
+
332
+ case name
333
+ when 'URLLink'
334
+ if @report_data[:formatted_link]
335
+ if data != @report_data[:formatted_link]
336
+ if data.empty?
337
+ data << (" " + @report_data[:formatted_link])
338
+ else
339
+ data = " " + data + " ( " + @report_data[:formatted_link] + " )"
340
+ end
341
+ end
342
+ end
343
+ when 'Paragraph'
344
+ data << "\n\n"
345
+ when 'ListItem'
346
+ @report_data[:formatted_indent] = 0
347
+ data << "\n"
348
+ end
349
+
350
+ if data.length > 0
351
+ stack << data
352
+ end
353
+ end
354
+
355
+ # XML Export 2.0 includes additional test keys:
356
+ # <test id="unix-unowned-files-or-dirs" status="vulnerable-exploited" scan-id="6381" vulnerable-since="20120322T124352665" pci-compliance-status="pass">
357
+
358
+ def report_test
165
359
  return unless in_tag("nodes")
166
360
  return unless in_tag("node")
167
361
  return unless @state[:test]
168
- test = { :id => @state[:test][:id]}
169
- test[:host] = @state[:address]
170
- test[:port] = @state[:test][:port] if @state[:test][:port]
171
- test[:protocol] = @state[:test][:protocol] if @state[:test][:protocol]
172
- test[:key] = @state[:test][:key] if @state[:test][:key]
173
- @tests << test
362
+
363
+ vuln_info = {
364
+ :workspace => @args[:wspace],
365
+ # This name will be overwritten during the vuln definition
366
+ # parsing via mass-update.
367
+ :name => "NEXPOSE-" + @state[:test][:id].downcase,
368
+ :host => @state[:cached_host_object] || @state[:address]
369
+ }
370
+
371
+ if in_tag("endpoint") and @state[:test][:port]
372
+ # Verify this port actually has some relation to our tracked state
373
+ # since it may not due to greedy vulnerability matching
374
+ if @state[:cached_service_object] and @state[:cached_service_object].port.to_i == @state[:test][:port].to_i
375
+ vuln_info[:service] = @state[:cached_service_object]
376
+ else
377
+ vuln_info[:port] = @state[:test][:port]
378
+ vuln_info[:proto] = @state[:test][:protocol] if @state[:test][:protocol]
379
+ end
380
+ end
381
+
382
+ # This hash feeds a vuln_details row for this vulnerability
383
+ vdet = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
384
+
385
+ # This hash defines the matching criteria to overwrite an existing entry
386
+ vkey = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
387
+
388
+ if @state[:nx_device_id]
389
+ vdet[:nx_device_id] = @state[:nx_device_id]
390
+ vkey[:nx_device_id] = @state[:nx_device_id]
391
+ end
392
+
393
+ if @state[:test][:key]
394
+ vdet[:nx_proof_key] = @state[:test][:key]
395
+ vkey[:nx_proof_key] = @state[:test][:key]
396
+ end
397
+
398
+ vdet[:nx_console_id] = @nx_console_id if @nx_console_id
399
+ vdet[:nx_vuln_status] = @state[:test][:status] if @state[:test][:status]
400
+
401
+ vdet[:nx_scan_id] = @state[:test][:nx_scan_id] if @state[:test][:nx_scan_id]
402
+ vdet[:nx_pci_compliance_status] = @state[:test][:nx_pci_compliance_status] if @state[:test][:nx_pci_compliance_status]
403
+
404
+ if @state[:test][:nx_vulnerable_since]
405
+ ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil
406
+ vdet[:nx_vulnerable_since] = ts if ts
407
+ end
408
+
409
+ proof = clean_formatted_text(@report_data[:vuln_proof_stack].join.strip)
410
+ @report_data[:vuln_proof_stack] = []
411
+
412
+ vuln_info[:info] = proof
413
+ vdet[:proof] = proof
414
+
415
+ # Configure the find key for vuln_details
416
+ vdet[:key] = vkey
417
+
418
+ # Pass this key to the vuln hash to find existing entries
419
+ # that may have been renamed (re-import nexpose vulns)
420
+ vuln_info[:details_match] = vkey
421
+
422
+ ::ActiveRecord::Base.connection_pool.with_connection {
423
+
424
+ # Report the vulnerability
425
+ vuln = db.report_vuln(vuln_info)
426
+
427
+ if vuln
428
+ # Report the vulnerability details
429
+ detail = db.report_vuln_details(vuln, vdet)
430
+
431
+ # Cache returned host and service objects if necessary
432
+ @state[:cached_host_object] ||= vuln.host
433
+
434
+ # The vuln.service may be found via greedy matching
435
+ if in_tag("endpoint") and vuln.service
436
+ @state[:cached_service_object] ||= vuln.service
437
+ end
438
+
439
+ # Record the ID of this vuln for a future mass update that
440
+ # brings in title, risk, description, solution, etc
441
+ @tests[ @state[:test][:id].downcase ] ||= []
442
+ @tests[ @state[:test][:id].downcase ] << [ vuln.id, detail.id ]
443
+ end
444
+
445
+ }
174
446
  @state[:test] = nil
175
447
  end
176
448
 
@@ -220,7 +492,7 @@ module Rex
220
492
  end
221
493
 
222
494
  def report_fingerprint(host_object)
223
- return unless host_object.kind_of? ::Msf::DBManager::Host
495
+ return unless host_object.kind_of? ::Mdm::Host
224
496
  return unless @report_data[:os].kind_of? Hash
225
497
  note = {
226
498
  :workspace => host_object.workspace,
@@ -239,7 +511,7 @@ module Rex
239
511
  end
240
512
 
241
513
  def report_services(host_object)
242
- return unless host_object.kind_of? ::Msf::DBManager::Host
514
+ return unless host_object.kind_of? ::Mdm::Host
243
515
  return unless @report_data[:ports]
244
516
  return if @report_data[:ports].empty?
245
517
  reported = []
@@ -275,7 +547,7 @@ module Rex
275
547
  if state[:service]["name"] == "<unknown>"
276
548
  sname = nil
277
549
  else
278
- sname = db.nmap_msf_service_map(@state[:service]["name"])
550
+ sname = db.service_name_map(@state[:service]["name"])
279
551
  end
280
552
  port_hash[:name] = sname
281
553
  end
@@ -302,10 +574,16 @@ module Rex
302
574
  return unless in_tag("node")
303
575
  return if in_tag("service")
304
576
  return unless in_tag("tests")
577
+
305
578
  test = attr_hash(attrs)
306
579
  return unless actually_vulnerable(test)
307
580
  @state[:test] = {:id => test["id"].downcase}
308
581
  @state[:test][:key] = test["key"] if test["key"]
582
+ @state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
583
+ @state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
584
+ @state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
585
+
586
+ @report_data[:vuln_proof_stack] = []
309
587
  end
310
588
 
311
589
  def record_service_test(attrs)
@@ -321,6 +599,11 @@ module Rex
321
599
  :protocol => @state[:service]["protocol"],
322
600
  }
323
601
  @state[:test][:key] = test["key"] if test["key"]
602
+ @state[:test][:status] = test["status"] if test["status"]
603
+ @state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
604
+ @state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
605
+ @state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
606
+ @report_data[:vuln_proof_stack] = []
324
607
  end
325
608
 
326
609
  def record_host(attrs)
@@ -330,6 +613,14 @@ module Rex
330
613
  @state[:host_is_alive] = true
331
614
  @state[:address] = host_attrs["address"]
332
615
  @state[:mac] = host_attrs["hardware-address"] if host_attrs["hardware-address"]
616
+
617
+ NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
618
+ fs = f.to_sym
619
+ fk = f.sub(/^nx_/, '').gsub('_', '-')
620
+ if host_attrs[fk]
621
+ @state[fs] = host_attrs[fk]
622
+ end
623
+ end
333
624
  end
334
625
  end
335
626
 
@@ -345,20 +636,49 @@ module Rex
345
636
  @report_data[:mac] = @state[:mac]
346
637
  end
347
638
  end
639
+
640
+ NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
641
+ v = @state[f.to_sym]
642
+ @report_data[f.to_sym] = v if v
643
+ end
348
644
  end
349
645
 
350
646
  def report_host(&block)
351
647
  if host_is_okay
352
648
  db.emit(:address,@report_data[:host],&block) if block
353
- host_object = db_report(:host, @report_data.merge(
354
- :workspace => @args[:wspace] ) )
649
+ device_id = @report_data[:nx_device_id]
650
+
651
+ host_object = db_report(:host, @report_data.merge(:workspace => @args[:wspace] ) )
355
652
  if host_object
356
653
  db.report_import_note(host_object.workspace, host_object)
654
+ if device_id
655
+ detail = {
656
+ :key => { :src => 'nexpose' },
657
+ :src => 'nexpose',
658
+ :nx_device_id => device_id
659
+ }
660
+ detail[:nx_console_id] = @nx_console_id if @nx_console_id
661
+
662
+ NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
663
+ v = @report_data.delete(f.to_sym)
664
+ detail[f.to_sym] = v if v
665
+ end
666
+
667
+
668
+ db.report_host_details(host_object, detail)
669
+ end
357
670
  end
358
671
  host_object
359
672
  end
360
673
  end
361
674
 
675
+ def clean_formatted_text(txt)
676
+ txt.split(/\n/).map{ |t|
677
+ t.sub(/^\s+$/, '').
678
+ sub(/^(\s{6,20})/, ' ')
679
+ }.join("\n").gsub(/\n{4,10}/, "\n\n\n")
680
+ end
681
+
362
682
  end
363
683
 
364
684
  end