RubyGems - librex - Versions diffs - 0.0.65 → 0.0.66 - Mend

librex 0.0.65 → 0.0.66

Files changed (482) hide show

data/README.markdown +1 -1
data/lib/rex/arch.rb +1 -0
data/lib/rex/arch/sparc.rb +16 -15
data/lib/rex/arch/sparc.rb.ut.rb +2 -1
data/lib/rex/arch/x86.rb +1 -0
data/lib/rex/arch/x86.rb.ut.rb +2 -1
data/lib/rex/assembly/nasm.rb +1 -0
data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
data/lib/rex/compat.rb +13 -0
data/lib/rex/constants.rb +5 -4
data/lib/rex/elfparsey.rb +3 -2
data/lib/rex/elfparsey/elf.rb +2 -1
data/lib/rex/elfparsey/elfbase.rb +8 -7
data/lib/rex/elfparsey/exceptions.rb +3 -2
data/lib/rex/elfscan.rb +3 -2
data/lib/rex/elfscan/scanner.rb +2 -1
data/lib/rex/elfscan/search.rb +2 -1
data/lib/rex/encoder/alpha2.rb +2 -1
data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
data/lib/rex/encoder/alpha2/generic.rb +37 -60
data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
data/lib/rex/encoder/ndr.rb +1 -0
data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
data/lib/rex/encoder/nonalpha.rb +1 -0
data/lib/rex/encoder/nonupper.rb +1 -0
data/lib/rex/encoder/xdr.rb +9 -8
data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
data/lib/rex/encoder/xor.rb +1 -0
data/lib/rex/encoder/xor/dword.rb +2 -1
data/lib/rex/encoder/xor/dword_additive.rb +2 -1
data/lib/rex/encoders/xor_dword.rb +1 -0
data/lib/rex/encoders/xor_dword_additive.rb +2 -1
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
data/lib/rex/encoding/xor.rb +2 -1
data/lib/rex/encoding/xor.rb.ts.rb +2 -1
data/lib/rex/encoding/xor/byte.rb +2 -1
data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/dword.rb +2 -1
data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/dword_additive.rb +1 -0
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/exceptions.rb +1 -0
data/lib/rex/encoding/xor/generic.rb +1 -0
data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
data/lib/rex/encoding/xor/qword.rb +2 -1
data/lib/rex/encoding/xor/word.rb +2 -1
data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
data/lib/rex/exceptions.rb +1 -0
data/lib/rex/exceptions.rb.ut.rb +2 -1
data/lib/rex/exploitation/cmdstager.rb +2 -1
data/lib/rex/exploitation/cmdstager/base.rb +1 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
data/lib/rex/exploitation/egghunter.rb +12 -11
data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
data/lib/rex/exploitation/encryptjs.rb +1 -0
data/lib/rex/exploitation/heaplib.rb +1 -0
data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
data/lib/rex/exploitation/jsobfu.rb +2 -1
data/lib/rex/exploitation/obfuscatejs.rb +1 -0
data/lib/rex/exploitation/omelet.rb +1 -0
data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
data/lib/rex/exploitation/opcodedb.rb +12 -11
data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
data/lib/rex/exploitation/seh.rb +3 -2
data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
data/lib/rex/file.rb +4 -3
data/lib/rex/file.rb.ut.rb +2 -1
data/lib/rex/image_source.rb +3 -2
data/lib/rex/image_source/disk.rb +3 -2
data/lib/rex/image_source/image_source.rb +3 -2
data/lib/rex/image_source/memory.rb +3 -2
data/lib/rex/io/bidirectional_pipe.rb +1 -0
data/lib/rex/io/datagram_abstraction.rb +2 -1
data/lib/rex/io/ring_buffer.rb +49 -44
data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
data/lib/rex/io/stream.rb +1 -0
data/lib/rex/io/stream_abstraction.rb +1 -0
data/lib/rex/io/stream_server.rb +1 -0
data/lib/rex/job_container.rb +1 -0
data/lib/rex/logging.rb +2 -1
data/lib/rex/logging/log_dispatcher.rb +5 -4
data/lib/rex/logging/log_sink.rb +2 -1
data/lib/rex/logging/sinks/flatfile.rb +4 -3
data/lib/rex/logging/sinks/stderr.rb +2 -1
data/lib/rex/machparsey.rb +2 -1
data/lib/rex/machparsey/exceptions.rb +2 -1
data/lib/rex/machparsey/mach.rb +20 -19
data/lib/rex/machparsey/machbase.rb +27 -26
data/lib/rex/machscan.rb +2 -1
data/lib/rex/machscan/scanner.rb +1 -0
data/lib/rex/mime.rb +2 -1
data/lib/rex/mime/header.rb +1 -0
data/lib/rex/mime/message.rb +4 -1
data/lib/rex/mime/part.rb +2 -1
data/lib/rex/nop/opty2.rb +2 -1
data/lib/rex/nop/opty2.rb.ut.rb +2 -1
data/lib/rex/nop/opty2_tables.rb +1 -0
data/lib/rex/ole.rb +3 -2
data/lib/rex/ole/clsid.rb +3 -2
data/lib/rex/ole/difat.rb +3 -2
data/lib/rex/ole/directory.rb +3 -2
data/lib/rex/ole/direntry.rb +3 -2
data/lib/rex/ole/fat.rb +3 -2
data/lib/rex/ole/header.rb +3 -2
data/lib/rex/ole/minifat.rb +3 -2
data/lib/rex/ole/propset.rb +4 -3
data/lib/rex/ole/samples/create_ole.rb +1 -0
data/lib/rex/ole/samples/dir.rb +1 -0
data/lib/rex/ole/samples/dump_stream.rb +1 -0
data/lib/rex/ole/samples/ole_info.rb +1 -0
data/lib/rex/ole/storage.rb +3 -2
data/lib/rex/ole/stream.rb +3 -2
data/lib/rex/ole/substorage.rb +3 -2
data/lib/rex/ole/util.rb +3 -2
data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
data/lib/rex/parser/appscan_nokogiri.rb +17 -16
data/lib/rex/parser/arguments.rb +2 -1
data/lib/rex/parser/arguments.rb.ut.rb +2 -1
data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
data/lib/rex/parser/ci_nokogiri.rb +4 -3
data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
data/lib/rex/parser/ini.rb +1 -0
data/lib/rex/parser/ini.rb.ut.rb +2 -1
data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
data/lib/rex/parser/ip360_xml.rb +4 -3
data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
data/lib/rex/parser/nessus_xml.rb +3 -2
data/lib/rex/parser/netsparker_xml.rb +10 -9
data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
data/lib/rex/parser/nexpose_xml.rb +1 -0
data/lib/rex/parser/nmap_nokogiri.rb +63 -33
data/lib/rex/parser/nmap_xml.rb +1 -0
data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
data/lib/rex/parser/openvas_nokogiri.rb +172 -0
data/lib/rex/parser/retina_xml.rb +1 -0
data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
data/lib/rex/payloads.rb +2 -1
data/lib/rex/payloads/win32.rb +2 -1
data/lib/rex/payloads/win32/common.rb +2 -1
data/lib/rex/payloads/win32/kernel.rb +2 -1
data/lib/rex/payloads/win32/kernel/common.rb +4 -3
data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
data/lib/rex/peparsey.rb +3 -2
data/lib/rex/peparsey/exceptions.rb +2 -1
data/lib/rex/peparsey/pe.rb +3 -2
data/lib/rex/peparsey/pe_memdump.rb +2 -1
data/lib/rex/peparsey/pebase.rb +2 -1
data/lib/rex/peparsey/section.rb +2 -1
data/lib/rex/pescan.rb +3 -2
data/lib/rex/pescan/analyze.rb +1 -0
data/lib/rex/pescan/scanner.rb +1 -0
data/lib/rex/pescan/search.rb +1 -0
data/lib/rex/platforms.rb +2 -1
data/lib/rex/platforms/windows.rb +2 -1
data/lib/rex/poly.rb +2 -1
data/lib/rex/poly/block.rb +16 -15
data/lib/rex/poly/register.rb +2 -1
data/lib/rex/poly/register/x86.rb +2 -1
data/lib/rex/post.rb +2 -2
data/lib/rex/post/dir.rb +2 -1
data/lib/rex/post/file.rb +1 -0
data/lib/rex/post/file_stat.rb +1 -0
data/lib/rex/post/io.rb +2 -1
data/lib/rex/post/meterpreter.rb +2 -1
data/lib/rex/post/meterpreter/channel.rb +1 -0
data/lib/rex/post/meterpreter/channel_container.rb +2 -1
data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
data/lib/rex/post/meterpreter/client.rb +23 -1
data/lib/rex/post/meterpreter/client_core.rb +10 -5
data/lib/rex/post/meterpreter/dependencies.rb +2 -1
data/lib/rex/post/meterpreter/extension.rb +2 -1
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
data/lib/rex/post/meterpreter/packet.rb +26 -6
data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
data/lib/rex/post/meterpreter/ui/console.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
data/lib/rex/post/permission.rb +2 -1
data/lib/rex/post/process.rb +2 -1
data/lib/rex/post/thread.rb +2 -1
data/lib/rex/post/ui.rb +2 -1
data/lib/rex/proto.rb +1 -0
data/lib/rex/proto.rb.ts.rb +2 -1
data/lib/rex/proto/dcerpc.rb +2 -1
data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
data/lib/rex/proto/dcerpc/client.rb +1 -0
data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
data/lib/rex/proto/dcerpc/handle.rb +1 -0
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
data/lib/rex/proto/dcerpc/ndr.rb +2 -1
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
data/lib/rex/proto/dcerpc/packet.rb +52 -45
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
data/lib/rex/proto/dcerpc/response.rb +1 -0
data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
data/lib/rex/proto/dcerpc/uuid.rb +13 -12
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
data/lib/rex/proto/dhcp.rb +2 -1
data/lib/rex/proto/dhcp/constants.rb +2 -1
data/lib/rex/proto/dhcp/server.rb +4 -3
data/lib/rex/proto/drda.rb +1 -0
data/lib/rex/proto/drda.rb.ts.rb +1 -0
data/lib/rex/proto/drda/constants.rb +1 -0
data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
data/lib/rex/proto/drda/packet.rb +11 -10
data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
data/lib/rex/proto/drda/utils.rb +4 -3
data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
data/lib/rex/proto/http.rb +2 -1
data/lib/rex/proto/http.rb.ts.rb +2 -1
data/lib/rex/proto/http/client.rb +29 -5
data/lib/rex/proto/http/client.rb.ut.rb +1 -0
data/lib/rex/proto/http/handler.rb +2 -1
data/lib/rex/proto/http/handler/erb.rb +5 -4
data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
data/lib/rex/proto/http/handler/proc.rb +1 -0
data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
data/lib/rex/proto/http/header.rb +3 -3
data/lib/rex/proto/http/header.rb.ut.rb +2 -1
data/lib/rex/proto/http/packet.rb +1 -0
data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
data/lib/rex/proto/http/request.rb +23 -22
data/lib/rex/proto/http/request.rb.ut.rb +2 -1
data/lib/rex/proto/http/response.rb +6 -5
data/lib/rex/proto/http/response.rb.ut.rb +7 -6
data/lib/rex/proto/http/server.rb +1 -0
data/lib/rex/proto/http/server.rb.ut.rb +6 -5
data/lib/rex/proto/iax2.rb +1 -0
data/lib/rex/proto/iax2/call.rb +48 -47
data/lib/rex/proto/iax2/client.rb +23 -22
data/lib/rex/proto/iax2/codecs.rb +1 -0
data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
data/lib/rex/proto/iax2/constants.rb +1 -0
data/lib/rex/proto/natpmp.rb +11 -0
data/lib/rex/proto/natpmp/constants.rb +19 -0
data/lib/rex/proto/natpmp/packet.rb +45 -0
data/lib/rex/proto/ntlm.rb +1 -0
data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
data/lib/rex/proto/ntlm/base.rb +38 -37
data/lib/rex/proto/ntlm/constants.rb +1 -0
data/lib/rex/proto/ntlm/crypt.rb +45 -44
data/lib/rex/proto/ntlm/exceptions.rb +1 -0
data/lib/rex/proto/ntlm/message.rb +30 -29
data/lib/rex/proto/ntlm/utils.rb +116 -115
data/lib/rex/proto/proxy/socks4a.rb +1 -0
data/lib/rex/proto/rfb.rb +1 -0
data/lib/rex/proto/rfb.rb.ut.rb +1 -0
data/lib/rex/proto/rfb/cipher.rb +1 -0
data/lib/rex/proto/rfb/client.rb +1 -0
data/lib/rex/proto/rfb/constants.rb +1 -0
data/lib/rex/proto/smb.rb +2 -1
data/lib/rex/proto/smb.rb.ts.rb +2 -1
data/lib/rex/proto/smb/client.rb +23 -22
data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
data/lib/rex/proto/smb/constants.rb +1 -0
data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
data/lib/rex/proto/smb/crypt.rb +3 -2
data/lib/rex/proto/smb/evasions.rb +1 -0
data/lib/rex/proto/smb/exceptions.rb +6 -5
data/lib/rex/proto/smb/simpleclient.rb +1 -0
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
data/lib/rex/proto/smb/utils.rb +1 -0
data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
data/lib/rex/proto/sunrpc.rb +1 -0
data/lib/rex/proto/sunrpc/client.rb +1 -0
data/lib/rex/proto/tftp.rb +3 -1
data/lib/rex/proto/tftp/client.rb +344 -0
data/lib/rex/proto/tftp/constants.rb +2 -1
data/lib/rex/proto/tftp/server.rb +2 -1
data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
data/lib/rex/registry.rb +14 -0
data/lib/rex/registry/hive.rb +132 -0
data/lib/rex/registry/lfkey.rb +51 -0
data/lib/rex/registry/nodekey.rb +54 -0
data/lib/rex/registry/regf.rb +25 -0
data/lib/rex/registry/valuekey.rb +67 -0
data/lib/rex/registry/valuelist.rb +29 -0
data/lib/rex/ropbuilder.rb +2 -1
data/lib/rex/ropbuilder/rop.rb +3 -2
data/lib/rex/script.rb +1 -0
data/lib/rex/script/base.rb +1 -0
data/lib/rex/script/meterpreter.rb +1 -0
data/lib/rex/script/shell.rb +1 -0
data/lib/rex/service.rb +2 -1
data/lib/rex/service_manager.rb +6 -5
data/lib/rex/service_manager.rb.ut.rb +2 -1
data/lib/rex/services/local_relay.rb +1 -0
data/lib/rex/socket.rb +72 -36
data/lib/rex/socket.rb.ut.rb +1 -0
data/lib/rex/socket/comm.rb +1 -0
data/lib/rex/socket/comm/local.rb +60 -13
data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
data/lib/rex/socket/ip.rb +1 -0
data/lib/rex/socket/parameters.rb +15 -14
data/lib/rex/socket/parameters.rb.ut.rb +2 -1
data/lib/rex/socket/range_walker.rb +71 -26
data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
data/lib/rex/socket/ssl_tcp.rb +1 -0
data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
data/lib/rex/socket/ssl_tcp_server.rb +1 -0
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
data/lib/rex/socket/subnet_walker.rb +1 -0
data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
data/lib/rex/socket/switch_board.rb +1 -0
data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
data/lib/rex/socket/tcp.rb +4 -3
data/lib/rex/socket/tcp.rb.ut.rb +2 -1
data/lib/rex/socket/tcp_server.rb +1 -0
data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
data/lib/rex/socket/udp.rb +2 -1
data/lib/rex/socket/udp.rb.ut.rb +2 -1
data/lib/rex/struct2.rb +2 -1
data/lib/rex/struct2/c_struct.rb +2 -1
data/lib/rex/struct2/c_struct_template.rb +2 -1
data/lib/rex/struct2/constant.rb +2 -1
data/lib/rex/struct2/element.rb +2 -1
data/lib/rex/struct2/generic.rb +1 -0
data/lib/rex/struct2/restraint.rb +2 -1
data/lib/rex/struct2/s_string.rb +1 -0
data/lib/rex/struct2/s_struct.rb +1 -0
data/lib/rex/sync.rb +2 -1
data/lib/rex/sync/event.rb +1 -0
data/lib/rex/sync/read_write_lock.rb +1 -0
data/lib/rex/sync/ref.rb +2 -1
data/lib/rex/sync/thread_safe.rb +2 -1
data/lib/rex/test.rb +2 -1
data/lib/rex/text.rb +136 -19
data/lib/rex/text.rb.ut.rb +1 -0
data/lib/rex/thread_factory.rb +5 -4
data/lib/rex/time.rb +2 -1
data/lib/rex/transformer.rb +1 -0
data/lib/rex/transformer.rb.ut.rb +2 -1
data/lib/rex/ui.rb +2 -1
data/lib/rex/ui/interactive.rb +10 -9
data/lib/rex/ui/output.rb +1 -0
data/lib/rex/ui/output/none.rb +2 -1
data/lib/rex/ui/progress_tracker.rb +2 -1
data/lib/rex/ui/subscriber.rb +9 -8
data/lib/rex/ui/text/color.rb +1 -0
data/lib/rex/ui/text/color.rb.ut.rb +1 -0
data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
data/lib/rex/ui/text/input.rb +1 -0
data/lib/rex/ui/text/input/buffer.rb +7 -6
data/lib/rex/ui/text/input/readline.rb +14 -13
data/lib/rex/ui/text/input/socket.rb +1 -0
data/lib/rex/ui/text/input/stdio.rb +2 -1
data/lib/rex/ui/text/irb_shell.rb +1 -0
data/lib/rex/ui/text/output.rb +1 -0
data/lib/rex/ui/text/output/buffer.rb +1 -0
data/lib/rex/ui/text/output/file.rb +1 -0
data/lib/rex/ui/text/output/socket.rb +1 -0
data/lib/rex/ui/text/output/stdio.rb +1 -0
data/lib/rex/ui/text/output/tee.rb +1 -0
data/lib/rex/ui/text/progress_tracker.rb +2 -1
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
data/lib/rex/ui/text/shell.rb +1 -0
data/lib/rex/ui/text/table.rb +20 -14
data/lib/rex/ui/text/table.rb.ut.rb +3 -2
data/lib/rex/zip.rb +1 -0
data/lib/rex/zip/archive.rb +2 -1
data/lib/rex/zip/blocks.rb +3 -2
data/lib/rex/zip/entry.rb +6 -7
data/lib/rex/zip/jar.rb +4 -3
data/lib/rex/zip/samples/comment.rb +1 -0
data/lib/rex/zip/samples/mkwar.rb +1 -0
data/lib/rex/zip/samples/mkzip.rb +1 -0
data/lib/rex/zip/samples/recursive.rb +1 -0
metadata +433 -435

data/lib/rex/parser/ip360_xml.rb CHANGED

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rexml/document'
 require 'rex/ui'
@@ -33,9 +34,9 @@ class IP360XMLStreamParser
 		when "macAddress"
 			@state = :is_mac
 		when "os"
-			@host['os'] = attributes['id']
+			@host['os'] = attributes['id']
 		when "vulnerability"
-			@x = Hash.new
+			@x = Hash.new
 			@x['vulnid'] = attributes['id']
 		when "port"
 			@state = :is_port
@@ -50,7 +51,7 @@ class IP360XMLStreamParser
 			@host['apps'].push @y
 		end
 	end
 	def text(str)
 		case @state
 		when :is_fqdn

data/lib/rex/parser/mbsa_nokogiri.rb CHANGED

@@ -1,9 +1,10 @@
-require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+# -*- coding: binary -*-
+require "rex/parser/nokogiri_doc_mixin"
 module Rex
 	module Parser
-		# If Nokogiri is available, define Template document class.
+		# If Nokogiri is available, define Template document class.
 		load_nokogiri && class MbsaDocument < Nokogiri::XML::SAX::Document
 		include NokogiriDocMixin
@@ -57,7 +58,7 @@ module Rex
 				@state.delete_if {|k| k != :current_tag}
 			when "Check"
 				collect_check_data
-			when "Advice"
+			when "Advice"
 				@state[:has_text] = false
 				collect_advice_data
 			when "Detail"
@@ -73,9 +74,9 @@ module Rex
 			end
 			@state[:current_tag].delete name
 		end
 		def report_fingerprint(host_object)
-			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:os_fingerprint]
 			fp_note = @report_data[:os_fingerprint].merge(
 				{
@@ -95,7 +96,7 @@ module Rex
 		end
 		def report_vulns(host_object, &block)
-			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:vulns]
 			return if @report_data[:vulns].empty?
 			@report_data[:vulns].each do |vuln|
@@ -163,7 +164,7 @@ module Rex
 			return if @text.strip.empty?
 			os_match = @text.match(/Computer is running (.*)/)
 			return unless os_match
-			os_info = os_match[1]
+			os_info = os_match[1]
 			os_vendor = os_info[/Microsoft/]
 			os_family = os_info[/Windows/]
 			os_version = os_info[/(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/]

data/lib/rex/parser/nessus_xml.rb CHANGED

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rexml/document'
 require 'rex/ui'
@@ -17,7 +18,7 @@ class NessusXMLStreamParser
 	def reset_state
 		@host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
 			'port' => {'port' => nil, 'svc_name'  => nil, 'proto' => nil, 'severity' => nil,
-			'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
+			'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
 			'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
 		@state = :generic_state
 	end
@@ -67,7 +68,7 @@ class NessusXMLStreamParser
 			@state = :msf
 		end
 	end
 	def text(str)
 		case @state
 		when :is_fqdn

data/lib/rex/parser/netsparker_xml.rb CHANGED

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Rex
 module Parser
@@ -8,7 +9,7 @@ class NetSparkerXMLStreamParser
 	def initialize(on_found_vuln = nil)
 		self.on_found_vuln = on_found_vuln if on_found_vuln
-		reset_state
+		reset_state
 	end
 	def reset_state
@@ -20,7 +21,7 @@ class NetSparkerXMLStreamParser
 	def tag_start(name, attributes)
 		@state = "in_#{name.downcase}".intern
 		@attr  = attributes
 		case name
 		when "vulnerability"
 			@vuln['confirmed'] = attributes['confirmed']
@@ -33,7 +34,7 @@ class NetSparkerXMLStreamParser
 			@vuln['url'] ||= ""
 			@vuln['url']  += str
 		when :in_type
-			@vuln['type'] ||= ""
+			@vuln['type'] ||= ""
 			@vuln['type']  += str
 		when :in_severity
 			@vuln['severity'] ||= ""
@@ -42,13 +43,13 @@ class NetSparkerXMLStreamParser
 			@vuln["vparam_type"] ||= ""
 			@vuln["vparam_type"]  += str
 		when :in_vulnerableparameter
-			@vuln["vparam_name"] ||= ""
-			@vuln["vparam_name"]  += str
+			@vuln["vparam_name"] ||= ""
+			@vuln["vparam_name"]  += str
 		when :in_vulnerableparametervalue
-			@vuln["vparam_value"] ||= ""
-			@vuln["vparam_value"]  += str
+			@vuln["vparam_value"] ||= ""
+			@vuln["vparam_value"]  += str
 		when :in_rawrequest
-			@vuln["request"] ||= ""
+			@vuln["request"] ||= ""
 			@vuln["request"]  += str
 		when :in_rawresponse
 			@vuln["response"] ||= ""
@@ -64,7 +65,7 @@ class NetSparkerXMLStreamParser
 		when :generic_state
 		when :in_vulnerability
 		when :in_extrainformation
-		else
+		else
 			# $stderr.puts "unknown state: #{@state}"
 		end
 	end

data/lib/rex/parser/nexpose_raw_nokogiri.rb CHANGED

@@ -1,15 +1,24 @@
-require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+# -*- coding: binary -*-
+require "rex/parser/nokogiri_doc_mixin"
+require "date"
 module Rex
 	module Parser
-		# If Nokogiri is available, define Template document class.
+		# If Nokogiri is available, define Template document class.
 		load_nokogiri && class NexposeRawDocument < Nokogiri::XML::SAX::Document
 		include NokogiriDocMixin
 		attr_reader :tests
+		NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score }
+		NEXPOSE_VULN_DETAIL_FIELDS = %W{
+			nx_scan_id
+			nx_vulnerable_since
+			nx_pci_compliance_status
+		}
 		# Triggered every time a new element is encountered. We keep state
 		# ourselves with the @state variable, turning things on when we
 		# get here (and turning things off when we exit in end_element()).
@@ -19,12 +28,13 @@ module Rex
 			@state[:current_tag][name] = true
 			case name
 			when "nodes" # There are two main sections, nodes and VulnerabilityDefinitions
-				@tests = []
+				@tests = {}
 			when "node"
 				record_host(attrs)
 			when "name"
 				@state[:has_text] = true
 			when "endpoint"
+				@state.delete(:cached_service_object)
 				record_service(attrs)
 			when "service"
 				record_service_info(attrs)
@@ -33,6 +43,7 @@ module Rex
 			when "os"
 				record_os_fingerprint(attrs)
 			when "test" # All the vulns tested for
+				@state[:has_text] = true
 				record_host_test(attrs)
 				record_service_test(attrs)
 			when "vulnerability"
@@ -40,6 +51,27 @@ module Rex
 			when "reference"
 				@state[:has_text] = true
 				record_reference(attrs)
+			when "description"
+				@state[:has_text] = true
+				record_vuln_description(attrs)
+			when "solution"
+				@state[:has_text] = true
+				record_vuln_solution(attrs)
+			when "tag"
+				@state[:has_text] = true
+			when "tags"
+				@state[:tags] = []
+			#
+			# These are markup tags only present within description/solutions
+			#
+			when "ContainerBlockElement",  # Overall container, no formatting
+				 "Paragraph",              # <Paragraph preformat="true">
+				 "UnorderedList",          # List container (bulleted)
+				 "ListItem",               # List item
+				 "URLLink"                 # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
+				record_formatted_content(name, attrs)
 			end
 		end
@@ -58,12 +90,16 @@ module Rex
 			when "name"
 				collect_hostname
 				@state[:has_text] = false
+				@text = nil
 			when "endpoint"
 				collect_service_data
+				@state.delete(:cached_service_object)
 			when "os"
 				collect_os_fingerprints
 			when "test"
-				save_test
+				report_test(&block)
+				@state[:has_text] = false
+				@text = nil
 			when "vulnerability"
 				collect_vuln_info
 				report_vuln(&block)
@@ -72,6 +108,31 @@ module Rex
 				@state[:has_text] = false
 				collect_reference
 				@text = nil
+			when "description"
+				@state[:has_text] = false
+				collect_vuln_description
+				@text = nil
+			when "solution"
+				@state[:has_text] = false
+				collect_vuln_solution
+				@text = nil
+			when "tag"
+				@state[:has_text] = false
+				collect_tag
+				@text = nil
+			when "tags"
+				@report_data[:vuln_tags] = @state[:tags]
+				@state.delete(:tags)
+				#
+				# These are markup tags only present within description/solutions
+				#
+			when "ContainerBlockElement",  # Overall container, no formatting
+				 "Paragraph",              # <Paragraph preformat="true">
+				 "UnorderedList",          # List container (bulleted)
+				 "ListItem",               # List item
+				 "URLLink"                 # <URLLink LinkURL="http://support.microsoft.com/kb/887429" LinkTitle="http://support.microsoft.com/kb/887429" href="http://support.microsoft.com/kb/887429">KB 887429</URLLink>
+				collect_formatted_content(name)
 			end
 			@state[:current_tag].delete name
 		end
@@ -86,6 +147,29 @@ module Rex
 			@state[:ref] = nil
 		end
+		def collect_vuln_description
+			return unless in_tag("description")
+			return unless in_tag("vulnerability")
+			return unless @state[:vuln]
+			@report_data[:vuln_description] = clean_formatted_text( @report_data[:vuln_description_stack].join.strip )
+		end
+		def collect_vuln_solution
+			return unless in_tag("solution")
+			return unless in_tag("vulnerability")
+			return unless @state[:vuln]
+			@report_data[:vuln_solution] = clean_formatted_text( @report_data[:vuln_solution_stack].join.strip )
+		end
+		def collect_tag
+			return unless in_tag("tag")
+			return unless in_tag("tags")
+			return unless in_tag("vulnerability")
+			return unless @state[:vuln]
+			@state[:tags] ||= []
+			@state[:tags] << @text.to_s.strip
+		end
 		def collect_vuln_info
 			return unless in_tag("VulnerabilityDefinitions")
 			return unless in_tag("vulnerability")
@@ -101,49 +185,57 @@ module Rex
 			return unless in_tag("VulnerabilityDefinitions")
 			return unless @report_data[:vuln]
 			return unless @report_data[:vuln][:matches].kind_of? Array
+			::ActiveRecord::Base.connection_pool.with_connection {
 			refs = normalize_references(@report_data[:vuln][:refs])
 			refs << "NEXPOSE-#{report_data[:vuln]["id"]}"
 			vuln_instances = @report_data[:vuln][:matches].size
 			db.emit(:vuln, [refs.last,vuln_instances], &block) if block
-			data = {
-				:workspace => @args[:wspace],
-				:name => refs.last,
-				:info => @report_data[:vuln]["title"],
-				:refs => refs.uniq
-			}
-			hosts_keys = {}
-			@report_data[:vuln][:matches].each do |match|
-				host_data = data.dup
-				host_data[:host] = match[:host]
-				host_data[:port] = match[:port] if match[:port]
-				host_data[:proto] = match[:protocol] if match[:protocol]
-				db_report(:vuln, host_data)
-				if match[:key]
-					hosts_keys[host_data[:host]] ||= []
-					hosts_keys[host_data[:host]] << match[:key]
+			vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] }
+			vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] }
+			refs = refs.uniq.map{|x| db.find_or_create_ref(:name => x) }
+			# Assign title and references to all vuln_ids
+			# Mass update fails due to the join table || ::Mdm::Vuln.where(:id => vuln_ids).update_all({ :name => @report_data[:vuln]["title"], :refs => refs } )
+			vuln_ids.each do |vid|
+				vuln = ::Mdm::Vuln.find(vid)
+				next unless vuln
+				vuln.name = @report_data[:vuln]["title"]
+				if refs.length > 0
+					vuln.refs += refs
 				end
-			end
-			report_key_note(hosts_keys,data)
-			@report_data[:vuln] = nil
-		end
-		def report_key_note(hosts_keys,data)
-			return if hosts_keys.empty?
-			hosts_keys.each do |key_host,key_values|
-				key_note = {
-					:workspace => @args[:wspace],
-					:host => key_host,
-					:type => "host.vuln.nexpose_keys",
-					:data => {},
-					:update => :unique_data
-				}
-				key_values.each do |key_value|
-					key_note[:data][data[:name]] ||= []
-					next if key_note[:data][data[:name]].include? key_value
-					key_note[:data][data[:name]] << key_value
+				if vuln.changed?
+					vuln.save!
 				end
-				db_report(:note, key_note)
 			end
+			# Mass update vulnerability details across the database based on conditions
+			vdet_info = { :title => @report_data[:vuln]["title"] }
+			vdet_info[:description]     = @report_data[:vuln_description]      unless @report_data[:vuln_description].to_s.empty?
+			vdet_info[:solution]        = @report_data[:vuln_solution]         unless @report_data[:vuln_solution].to_s.empty?
+			vdet_info[:nx_tags]         = @report_data[:vuln_tags].sort.uniq.join(", ") if ( @report_data[:vuln_tags].kind_of?(::Array) and @report_data[:vuln_tags].length > 0 )
+			vdet_info[:nx_severity]     = @report_data[:vuln]["severity"].to_f          if @report_data[:vuln]["severity"]
+			vdet_info[:nx_pci_severity] = @report_data[:vuln]["pciSeverity"].to_f       if @report_data[:vuln]["pciSeverity"]
+			vdet_info[:cvss_score]      = @report_data[:vuln]["cvssScore"].to_f         if @report_data[:vuln]["cvssScore"]
+			vdet_info[:cvss_vector]     = @report_data[:vuln]["cvssVector"]             if @report_data[:vuln]["cvssVector"]
+			%W{ published added modified }.each do |tf|
+				next if not @report_data[:vuln][tf]
+				ts = DateTime.parse(@report_data[:vuln][tf]) rescue nil
+				next if not ts
+				vdet_info[ "nx_#{tf}".to_sym ] = ts
+			end
+			::Mdm::VulnDetail.where(:id => vdet_ids).update_all(vdet_info)
+			@report_data[:vuln] = nil
+			}
 		end
 		def record_reference(attrs)
@@ -155,22 +247,202 @@ module Rex
 		def record_vuln(attrs)
 			return unless in_tag("VulnerabilityDefinitions")
 			vuln = attr_hash(attrs)
-			matching_tests = @tests.select {|x| x[:id] == vuln["id"].downcase}
+			matching_tests = @tests[ vuln["id"].downcase ]
+			return unless matching_tests
 			return if matching_tests.empty?
 			@state[:vuln] = vuln
 			@state[:vuln][:matches] = matching_tests
 		end
-		def save_test
+		def record_vuln_description(attrs)
+			@report_data[:vuln_description_stack] = []
+		end
+		def record_vuln_solution(attrs)
+			@report_data[:vuln_solution_stack] = []
+		end
+		def record_formatted_content(name, eattrs)
+			attrs  = attr_hash(eattrs)
+			stack  = nil
+			if in_tag("solution")
+				stack = @report_data[:vuln_solution_stack]
+			end
+			if in_tag("description")
+				stack = @report_data[:vuln_description_stack]
+			end
+			if in_tag("test")
+				stack = @report_data[:vuln_proof_stack]
+			end
+			return if not stack
+			@report_data[:formatted_indent] ||= 0
+			data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
+			@text = ""
+			case name
+			when 'ListItem'
+				@report_data[:formatted_indent] = 1
+				# data = "\n* " + data
+			when 'URLLink'
+				@report_data[:formatted_link] = attrs["LinkURL"]
+			else
+				if @report_data[:formatted_indent] > 1
+					data = (" " * (@report_data[:formatted_indent])) + data
+				end
+				if @report_data[:formatted_indent] == 1
+					@report_data[:formatted_indent] = 6
+				end
+			end
+			if data.length > 0
+				stack << data
+			end
+		end
+		def collect_formatted_content(name)
+			stack  = nil
+			prefix = ""
+			if in_tag("solution")
+				stack = @report_data[:vuln_solution_stack]
+			end
+			if in_tag("description")
+				stack = @report_data[:vuln_description_stack]
+			end
+			if in_tag("test")
+				stack = @report_data[:vuln_proof_stack]
+			end
+			return if not stack
+			data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ")
+			@text = ""
+			case name
+			when 'URLLink'
+				if @report_data[:formatted_link]
+					if data != @report_data[:formatted_link]
+						if data.empty?
+							data << (" " + @report_data[:formatted_link])
+						else
+							data = " " + data + " ( " + @report_data[:formatted_link] + " )"
+						end
+					end
+				end
+			when 'Paragraph'
+				data << "\n\n"
+			when 'ListItem'
+				@report_data[:formatted_indent] = 0
+				data << "\n"
+			end
+			if data.length > 0
+				stack << data
+			end
+		end
+		# XML Export 2.0 includes additional test keys:
+		# <test id="unix-unowned-files-or-dirs" status="vulnerable-exploited" scan-id="6381" vulnerable-since="20120322T124352665" pci-compliance-status="pass">
+		def report_test
 			return unless in_tag("nodes")
 			return unless in_tag("node")
 			return unless @state[:test]
-			test = { :id => @state[:test][:id]}
-			test[:host] = @state[:address]
-			test[:port] = @state[:test][:port] if @state[:test][:port]
-			test[:protocol] = @state[:test][:protocol] if @state[:test][:protocol]
-			test[:key] = @state[:test][:key] if @state[:test][:key]
-			@tests << test
+			vuln_info = {
+				:workspace => @args[:wspace],
+				# This name will be overwritten during the vuln definition
+				# parsing via mass-update.
+				:name => "NEXPOSE-" + @state[:test][:id].downcase,
+				:host => @state[:cached_host_object] || @state[:address]
+			}
+			if in_tag("endpoint") and @state[:test][:port]
+				# Verify this port actually has some relation to our tracked state
+				# since it may not due to greedy vulnerability matching
+				if @state[:cached_service_object] and @state[:cached_service_object].port.to_i == @state[:test][:port].to_i
+					vuln_info[:service] = @state[:cached_service_object]
+				else
+					vuln_info[:port]  = @state[:test][:port]
+					vuln_info[:proto] = @state[:test][:protocol] if @state[:test][:protocol]
+				end
+			end
+			# This hash feeds a vuln_details row for this vulnerability
+			vdet = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
+			# This hash defines the matching criteria to overwrite an existing entry
+			vkey = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] }
+			if @state[:nx_device_id]
+				vdet[:nx_device_id] = @state[:nx_device_id]
+				vkey[:nx_device_id] = @state[:nx_device_id]
+			end
+			if @state[:test][:key]
+				vdet[:nx_proof_key] = @state[:test][:key]
+				vkey[:nx_proof_key] = @state[:test][:key]
+			end
+			vdet[:nx_console_id]  = @nx_console_id if @nx_console_id
+			vdet[:nx_vuln_status] = @state[:test][:status] if @state[:test][:status]
+			vdet[:nx_scan_id] = @state[:test][:nx_scan_id] if @state[:test][:nx_scan_id]
+			vdet[:nx_pci_compliance_status] = @state[:test][:nx_pci_compliance_status] if @state[:test][:nx_pci_compliance_status]
+			if @state[:test][:nx_vulnerable_since]
+				ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil
+				vdet[:nx_vulnerable_since] = ts if ts
+			end
+			proof = clean_formatted_text(@report_data[:vuln_proof_stack].join.strip)
+			@report_data[:vuln_proof_stack] = []
+			vuln_info[:info] = proof
+			vdet[:proof]     = proof
+			# Configure the find key for vuln_details
+			vdet[:key] = vkey
+			# Pass this key to the vuln hash to find existing entries
+			# that may have been renamed (re-import nexpose vulns)
+			vuln_info[:details_match] = vkey
+			::ActiveRecord::Base.connection_pool.with_connection {
+			# Report the vulnerability
+			vuln = db.report_vuln(vuln_info)
+			if vuln
+				# Report the vulnerability details
+				detail = db.report_vuln_details(vuln, vdet)
+				# Cache returned host and service objects if necessary
+				@state[:cached_host_object] ||= vuln.host
+				# The vuln.service may be found via greedy matching
+				if in_tag("endpoint") and vuln.service
+					@state[:cached_service_object] ||= vuln.service
+				end
+				# Record the ID of this vuln for a future mass update that
+				# brings in title, risk, description, solution, etc
+				@tests[ @state[:test][:id].downcase ] ||= []
+				@tests[ @state[:test][:id].downcase ] << [ vuln.id, detail.id ]
+			end
+			}
 			@state[:test] = nil
 		end
@@ -220,7 +492,7 @@ module Rex
 		end
 		def report_fingerprint(host_object)
-			return unless host_object.kind_of? ::Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:os].kind_of? Hash
 			note = {
 				:workspace => host_object.workspace,
@@ -239,7 +511,7 @@ module Rex
 		end
 		def report_services(host_object)
-			return unless host_object.kind_of? ::Msf::DBManager::Host
+			return unless host_object.kind_of? ::Mdm::Host
 			return unless @report_data[:ports]
 			return if @report_data[:ports].empty?
 			reported = []
@@ -275,7 +547,7 @@ module Rex
 				if state[:service]["name"] == "<unknown>"
 					sname = nil
 				else
-					sname = db.nmap_msf_service_map(@state[:service]["name"])
+					sname = db.service_name_map(@state[:service]["name"])
 				end
 				port_hash[:name] = sname
 			end
@@ -302,10 +574,16 @@ module Rex
 			return unless in_tag("node")
 			return if in_tag("service")
 			return unless in_tag("tests")
 			test = attr_hash(attrs)
 			return unless actually_vulnerable(test)
 			@state[:test] = {:id => test["id"].downcase}
 			@state[:test][:key] = test["key"] if test["key"]
+			@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
+			@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
+			@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
+			@report_data[:vuln_proof_stack] = []
 		end
 		def record_service_test(attrs)
@@ -321,6 +599,11 @@ module Rex
 				:protocol => @state[:service]["protocol"],
 			}
 			@state[:test][:key] = test["key"] if test["key"]
+			@state[:test][:status] = test["status"] if test["status"]
+			@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
+			@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
+			@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
+			@report_data[:vuln_proof_stack] = []
 		end
 		def record_host(attrs)
@@ -330,6 +613,14 @@ module Rex
 				@state[:host_is_alive] = true
 				@state[:address] = host_attrs["address"]
 				@state[:mac] = host_attrs["hardware-address"] if host_attrs["hardware-address"]
+				NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+					fs = f.to_sym
+					fk = f.sub(/^nx_/, '').gsub('_', '-')
+					if host_attrs[fk]
+						@state[fs] = host_attrs[fk]
+					end
+				end
 			end
 		end
@@ -345,20 +636,49 @@ module Rex
 					@report_data[:mac] = @state[:mac]
 				end
 			end
+			NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+				v = @state[f.to_sym]
+				@report_data[f.to_sym] = v if v
+			end
 		end
 		def report_host(&block)
 			if host_is_okay
 				db.emit(:address,@report_data[:host],&block) if block
-				host_object = db_report(:host, @report_data.merge(
-					:workspace => @args[:wspace] ) )
+				device_id   = @report_data[:nx_device_id]
+				host_object = db_report(:host, @report_data.merge(:workspace => @args[:wspace] ) )
 				if host_object
 					db.report_import_note(host_object.workspace, host_object)
+					if device_id
+						detail = {
+							:key => { :src => 'nexpose' },
+							:src => 'nexpose',
+							:nx_device_id => device_id
+						}
+						detail[:nx_console_id] = @nx_console_id if @nx_console_id
+						NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
+							v = @report_data.delete(f.to_sym)
+							detail[f.to_sym] = v if v
+						end
+						db.report_host_details(host_object, detail)
+					end
 				end
 				host_object
 			end
 		end
+		def clean_formatted_text(txt)
+			txt.split(/\n/).map{ |t|
+				t.sub(/^\s+$/, '').
+				  sub(/^(\s{6,20})/, '      ')
+			}.join("\n").gsub(/\n{4,10}/, "\n\n\n")
+		end
 	end
 end