librex 0.0.34 → 0.0.35

data/README.markdown

@@ -3,7 +3,7 @@
 A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
 
 Currently based on:
-SVN Revision: 12756
+SVN Revision: 12804
 
 # Credits
 The Metasploit development team <http://www.metasploit.com>

data/lib/rex/parser/foundstone_nokogiri.rb

@@ -0,0 +1,340 @@
+require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+
+module Rex
+	module Parser
+
+		# If Nokogiri is available, define Template document class. 
+		load_nokogiri && class FoundstoneDocument < Nokogiri::XML::SAX::Document
+
+		include NokogiriDocMixin
+
+		def start_document
+			@report_type_ok = true # Optimistic
+		end
+
+		# Triggered every time a new element is encountered. We keep state
+		# ourselves with the @state variable, turning things on when we
+		# get here (and turning things off when we exit in end_element()).
+		def start_element(name=nil,attrs=[])
+			attrs = normalize_attrs(attrs)
+			block = @block
+			return unless @report_type_ok
+			@state[:current_tag][name] = true
+			case name
+			when "ReportInfo"
+				check_for_correct_report_type(attrs,&block)
+			when "Host"
+				record_host(attrs)
+			when "Service" 
+				record_service(attrs)
+			when "Port", "Protocol", "Banner"
+				@state[:has_text] = true
+			when "Vuln" # under VulnsFound, ignore risk 0 things
+				record_vuln(attrs)
+			when "Risk" # for Vuln
+				@state[:has_text] = true
+			when "CVE" # Under Vuln
+				@state[:has_text] = true
+			end
+		end
+
+		# When we exit a tag, this is triggered.
+		def end_element(name=nil)
+			block = @block
+			return unless @report_type_ok
+			case name
+			when "Host" # Wrap it up
+				collect_host_data
+				host_object = report_host &block
+				if host_object
+					db.report_import_note(@args[:wspace],host_object)
+					report_fingerprint(host_object)
+					report_services(host_object)
+					report_vulns(host_object)
+				end
+				# Reset the state once we close a host
+				@state.delete_if {|k| k != :current_tag}
+			when "Port" 
+				@state[:has_text] = false
+				collect_port
+			when "Protocol"
+				@state[:has_text] = false
+				collect_protocol
+			when "Banner"
+				collect_banner
+				@state[:has_text] = false
+			when "Service"
+				collect_service
+			when "Vuln"
+				collect_vuln
+			when "Risk"
+				@state[:has_text] = false
+				collect_risk
+			when "CVE"
+				@state[:has_text] = false
+				collect_cve
+			end
+			@state[:current_tag].delete name
+		end
+
+		# Nothing technically stopping us from parsing this as well, 
+		# but saving this for later
+		def check_for_correct_report_type(attrs,&block)
+			report_type = attr_hash(attrs)["ReportType"] 
+			if report_type == "Network Inventory"
+				@report_type_ok = true
+			else
+				if report_type == "Risk Data"
+					msg = "The Foundstone/Mcafee report type '#{report_type}' is not currently supported"
+					msg << ",\nso no data will be imported. Please use the 'Network Inventory' report instead."
+				else
+					msg = ".\nThe Foundstone/Macafee report type '#{report_type}' is unsupported."
+				end
+				db.emit(:warning,msg,&block) if block
+				@report_type_ok = false
+			end
+		end
+
+		def collect_risk
+			return unless in_tag("VulnsFound")
+			return unless in_tag("HostData")
+			return unless in_tag("Host")
+			risk = @text.to_s.to_i
+			@state[:vuln][:risk] = risk
+			@text = nil
+		end
+
+		def collect_cve
+			return unless in_tag("VulnsFound")
+			return unless in_tag("HostData")
+			return unless in_tag("Host")
+			cve = @text.to_s
+			@state[:vuln][:cves] ||= []
+			@state[:vuln][:cves] << cve unless cve == "CVE-MAP-NOMATCH"
+			@text = nil
+		end
+
+		# Determines if we should keep the vuln or not. Note that
+		# we cannot tie them to a service.
+		def collect_vuln
+			return unless in_tag("VulnsFound")
+			return unless in_tag("HostData")
+			return unless in_tag("Host")
+			return if @state[:vuln][:risk] == 0
+			@report_data[:vulns] ||= []
+			vuln_hash = {}
+			vuln_hash[:name] = @state[:vuln]["VulnName"]
+			refs = []
+			refs << "FID-#{@state[:vuln]["id"]}"
+			if @state[:vuln][:cves]
+				@state[:vuln][:cves].each {|cve| refs << cve}
+			end
+			vuln_hash[:refs] = refs
+			@report_data[:vulns] << vuln_hash
+		end
+
+		# These are per host.
+		def record_vuln(attrs)
+			return unless in_tag("VulnsFound")
+			return unless in_tag("HostData")
+			return unless in_tag("Host")
+			@state[:vulns] ||= []
+			
+			@state[:vuln] = attr_hash(attrs) # id and VulnName
+		end
+
+		def record_service(attrs)
+			return unless in_tag("ServicesFound")
+			return unless in_tag("Host")
+			@state[:service] = attr_hash(attrs)
+		end
+
+		def collect_port
+			return unless in_tag("Service")
+			return unless in_tag("ServicesFound")
+			return unless in_tag("Host")
+			return if @text.nil? || @text.empty?
+			@state[:service][:port] = @text.strip
+			@text = nil
+		end
+
+		def collect_protocol
+			return unless in_tag("Service")
+			return unless in_tag("ServicesFound")
+			return unless in_tag("Host")
+			return if @text.nil? || @text.empty?
+			@state[:service][:proto] = @text.strip
+			@text = nil
+		end
+
+		def collect_banner
+			return unless in_tag("Service")
+			return unless in_tag("ServicesFound")
+			return unless in_tag("Host")
+			return if @text.nil? || @text.empty?
+			banner = normalize_foundstone_banner(@state[:service]["ServiceName"],@text)
+			unless banner.nil? || banner.empty?
+				@state[:service][:banner] = banner
+			end
+			@text = nil
+		end
+
+		def collect_service
+			return unless in_tag("ServicesFound")
+			return unless in_tag("Host")
+			return unless @state[:service][:port]
+			@report_data[:ports] ||= [] 
+			port_hash = {}
+		 	port_hash[:port] = @state[:service][:port]
+		 	port_hash[:proto] = @state[:service][:proto]
+		 	port_hash[:info] = @state[:service][:banner]
+		 	port_hash[:name] = db.nmap_msf_service_map(@state[:service]["ServiceName"])
+			@report_data[:ports] << port_hash
+		end
+
+		def record_host(attrs)
+			return unless in_tag("HostData")
+			@state[:host] = attr_hash(attrs)
+		end
+
+		def collect_host_data
+			@report_data[:host] = @state[:host]["IPAddress"]
+			if @state[:host]["NBName"] && !@state[:host]["NBName"].empty?
+				@report_data[:name] = @state[:host]["NBName"]
+			elsif @state[:host]["DNSName"] && !@state[:host]["DNSName"].empty?
+				@report_data[:name] = @state[:host]["DNSName"]
+			end
+			if @state[:host]["OSName"] && !@state[:host]["OSName"].empty?
+				@report_data[:os_fingerprint] = @state[:host]["OSName"]
+			end
+			@report_data[:state] = Msf::HostState::Alive
+			@report_data[:mac] = @state[:mac] if @state[:mac]
+		end
+
+		def report_host(&block)
+			return unless in_tag("HostData")
+			if host_is_okay
+				db.emit(:address,@report_data[:host],&block) if block
+				host_info = @report_data.merge(:workspace => @args[:wspace])
+				db_report(:host,host_info)
+			end
+		end
+
+		def report_fingerprint(host_object)
+			fp_note = {
+				:workspace => host_object.workspace,
+				:host => host_object,
+				:type => 'host.os.foundstone_fingerprint',
+				:data => {:os => @report_data[:os_fingerprint] }
+			}
+			db_report(:note, fp_note)
+		end
+
+		def report_services(host_object)
+			return unless in_tag("HostData")
+			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless @report_data[:ports]
+			return if @report_data[:ports].empty?
+			@report_data[:ports].each do |svc|
+				db_report(:service, svc.merge(:host => host_object))
+			end
+		end
+
+		def report_vulns(host_object)
+			return unless in_tag("HostData")
+			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless @report_data[:vulns]
+			return if @report_data[:vulns].empty?
+			@report_data[:vulns].each do |vuln|
+				db_report(:vuln, vuln.merge(:host => host_object))
+			end
+		end
+
+		# Foundstone's banners are pretty free-form
+		# and often not just banners. Clean them up
+		# for the :info field, delegate off for other
+		# protocol data we can use.
+		def normalize_foundstone_banner(service,banner)
+			return "" if(banner.nil? || banner.strip.empty?)
+			if first_line_only? service
+				return (first_line banner)
+			elsif needs_more_processing? service
+				return process_service(service,banner)
+			else
+				return (first_line banner)
+			end
+		end
+
+		# Services where we only care about the first
+		# line of the banner tag.
+		def first_line_only?(service)
+			svcs = %w{ 
+				vnc ftp ftps smtp oracle-tns nntp ssh ntp
+			}
+			9.times {|i| svcs << "vnc-#{i}"}
+			svcs.include? service
+		end
+
+		# Services where we need to do more processing
+		# before handing the banner back. 
+		def needs_more_processing?(service)
+			svcs = %w{ 
+				microsoft-ds loc-srv http https sunrpc netbios-ns
+		 	}
+			svcs.include? service
+		end
+
+		def first_line(str)
+			str.split("\n").first.to_s.strip
+		end
+
+		# XXX: Actually implement more of these 
+		def process_service(service,banner)
+			meth = "process_service_#{service.gsub("-","_")}"
+			if self.respond_to? meth
+				self.send meth, banner
+			else
+				return (first_line banner)
+			end
+		end
+
+		# XXX: Register a proper netbios note as the regular
+		# scanner does.
+		def process_service_netbios_ns(banner)
+			mac_regex = /[0-9A-Fa-f:]{17}/
+			@state[:mac] = banner[mac_regex]
+			first_line banner
+		end
+
+		# XXX: Make this behave more like the smb scanner
+		def process_service_microsoft_ds(banner)
+			lm_regex = /Native LAN Manager/
+			lm_banner = nil
+			banner.each_line { |line| 
+				if line[lm_regex]
+					lm_banner = line 
+					break
+				end
+			}
+			lm_banner || first_line(banner)
+		end
+
+		def process_service_http(banner)
+			server = nil
+			banner.each_line do |line|
+				if line =~ /^Server:\s+(.*)/
+					server = $1
+					break
+				end
+			end
+			server || first_line(banner)
+		end
+
+		alias :process_service_https :process_service_http
+		alias :process_service_rtsp :process_service_http
+
+	end
+
+end
+end
+

data/lib/rex/parser/mbsa_nokogiri.rb

@@ -0,0 +1,255 @@
+require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+
+module Rex
+	module Parser
+
+		# If Nokogiri is available, define Template document class. 
+		load_nokogiri && class MbsaDocument < Nokogiri::XML::SAX::Document
+
+		include NokogiriDocMixin
+
+		# Triggered every time a new element is encountered. We keep state
+		# ourselves with the @state variable, turning things on when we
+		# get here (and turning things off when we exit in end_element()).
+		def start_element(name=nil,attrs=[])
+			attrs = normalize_attrs(attrs)
+			block = @block
+			@state[:current_tag][name] = true
+			case name
+			when "SecScan"
+				record_host(attrs)
+			when "IP" # TODO: Check to see if IPList/IP is useful to import
+			when "Check" # A list of MBSA checks. They have an ID and a Name.
+				record_check(attrs)
+			when "Advice" # Check advice. Free form text about the check
+				@state[:has_text] = true
+			when "Detail" # Check/Detail is where missing fixes are.
+				record_detail(attrs)
+			when "UpdateData" # Info about installed/missing hotfixes
+				record_updatedata(attrs)
+			when "Title" # MSB Title
+				@state[:has_text] = true
+			when "InformationURL" # Only use this if we don't have a Bulletin ID
+				@state[:has_text] = true
+			end
+		end
+
+		# This breaks xml-encoded characters, so need to append
+		def characters(text)
+			return unless @state[:has_text]
+			@text ||= ""
+			@text << text
+		end
+
+		# When we exit a tag, this is triggered.
+		def end_element(name=nil)
+			block = @block
+			case name
+			when "SecScan" # Wrap it up
+				collect_host_data
+				host_object = report_host &block
+				if host_object
+					db.report_import_note(@args[:wspace],host_object)
+					report_fingerprint(host_object)
+					report_vulns(host_object,&block)
+				end
+				# Reset the state once we close a host
+				@state.delete_if {|k| k != :current_tag}
+			when "Check"
+				collect_check_data
+			when "Advice" 
+				@state[:has_text] = false
+				collect_advice_data
+			when "Detail"
+				collect_detail_data
+			when "UpdateData"
+				collect_updatedata
+			when "Title"
+				@state[:has_text] = false
+				collect_title
+			when "InformationURL"
+				collect_url
+				@state[:has_text] = false
+			end
+			@state[:current_tag].delete name
+		end
+		
+		def report_fingerprint(host_object)
+			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless @report_data[:os_fingerprint]
+			fp_note = @report_data[:os_fingerprint].merge(
+				{
+					:workspace => host_object.workspace,
+					:host => host_object
+			})
+			db_report(:note, fp_note)
+		end
+
+		def collect_url
+			return unless in_tag("References")
+			return unless in_tag("UpdateData")
+			return unless in_tag("Detail")
+			return unless in_tag("Check")
+			@state[:update][:url] = @text.to_s.strip
+			@text = nil
+		end
+
+		def report_vulns(host_object, &block)
+			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless @report_data[:vulns]
+			return if @report_data[:vulns].empty?
+			@report_data[:vulns].each do |vuln|
+				next unless vuln[:refs]
+				if vuln[:refs].empty?
+					next
+				end
+				if block
+					db.emit(:vuln, ["Missing #{vuln[:name]}",1], &block) if block
+				end
+				db_report(:vuln, vuln.merge(:host => host_object))
+			end
+		end
+
+		def collect_title
+			return unless in_tag("SecScan")
+			return unless in_tag("Check")
+			collect_bulletin_title
+			@text = nil
+		end
+
+		def collect_bulletin_title
+			return unless @state[:check_state]["ID"] == 500.to_s
+			return unless in_tag("UpdateData")
+			return unless @state[:update]
+			return if @text.to_s.strip.empty?
+			@state[:update]["Title"] = @text.to_s.strip
+		end
+
+		def collect_updatedata
+			return unless in_tag("SecScan")
+			return unless in_tag("Check")
+			return unless in_tag("Detail")
+			collect_missing_update
+			@state[:updates] = {}
+		end
+
+		def collect_missing_update
+			return unless @state[:check_state]["ID"] == 500.to_s
+			return if @state[:update]["IsInstalled"] == "true"
+			@report_data[:missing_updates] ||= []
+			this_update = {}
+			this_update[:name] = @state[:update]["Title"].to_s.strip
+			this_update[:refs] = []
+			if @state[:update]["BulletinID"].empty?
+				this_update[:refs] << "URL-#{@state[:update][:url]}"
+			else
+				this_update[:refs] << "MSB-#{@state[:update]["BulletinID"]}"
+			end
+			@report_data[:missing_updates] << this_update
+		end
+
+		# So far, just care about Host OS
+		# There is assuredly more interesting things going on in here.
+		def collect_advice_data
+			return unless in_tag("SecScan")
+			return unless in_tag("Check")
+			collect_os_name
+			@text = nil
+		end
+
+		def collect_os_name
+			return unless @state[:check_state]["ID"] == 10101.to_s
+			return unless @text
+			return if @text.strip.empty?
+			os_match = @text.match(/Computer is running (.*)/)
+			return unless os_match
+			os_info = os_match[1] 
+			os_vendor = os_info[/Microsoft/]
+			os_family = os_info[/Windows/]
+			os_version = os_info[/(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/]
+			if os_info
+				@report_data[:os_fingerprint] = {}
+				@report_data[:os_fingerprint][:type] = "host.os.mbsa_fingerprint"
+				@report_data[:os_fingerprint][:data] = {
+					:os_vendor => os_vendor,
+					:os_family => os_family,
+					:os_version => os_version,
+					:os_accuracy => 100,
+					:os_match => os_info.gsub(/\x2e$/,"")
+				}
+			end
+		end
+
+		def collect_detail_data
+			return unless in_tag("SecScan")
+			return unless in_tag("Check")
+			if @report_data[:missing_updates]
+				@report_data[:vulns] = @report_data[:missing_updates]
+			end
+		end
+
+		def collect_check_data
+			return unless in_tag("SecScan")
+			@state[:check_state] = {}
+		end
+
+		def collect_host_data
+			return unless @state[:address]
+			return if @state[:address].strip.empty?
+			@report_data[:host] = @state[:address].strip
+			if @state[:hostname] && !@state[:hostname].empty?
+				@report_data[:name] = @state[:hostname]
+			end
+			@report_data[:state] = Msf::HostState::Alive
+		end
+
+		def report_host(&block)
+			if host_is_okay
+				db.emit(:address,@report_data[:host],&block) if block
+				host_info = @report_data.merge(:workspace => @args[:wspace])
+				db_report(:host, host_info)
+			end
+		end
+
+		def record_updatedata(attrs)
+			return unless in_tag("SecScan")
+			return unless in_tag("Check")
+			return unless in_tag("Detail")
+			update_attrs = attr_hash(attrs)
+			@state[:update] = attr_hash(attrs)
+		end
+
+		def record_host(attrs)
+			host_attrs = attr_hash(attrs)
+			@state[:address] = host_attrs["IP"]
+			@state[:hostname] = host_attrs["Machine"]
+		end
+
+		def record_check(attrs)
+			return unless in_tag("SecScan")
+			@state[:check_state] = attr_hash(attrs)
+		end
+
+		def record_detail(attrs)
+			return unless in_tag("SecScan")
+			return unless in_tag("Check")
+			@state[:detail_state] = attr_hash(attrs)
+		end
+
+		# We need to override the usual host_is_okay because MBSA apparently
+		# doesn't report on open ports at all.
+		def host_is_okay
+			return false unless @report_data[:host]
+			return false unless valid_ip(@report_data[:host])
+			return false unless @report_data[:state] == Msf::HostState::Alive
+			if @args[:blacklist]
+				return false if @args[:blacklist].include?(@report_data[:host])
+			end
+			return true
+		end
+
+	end
+
+end
+end
+

data/lib/rex/parser/nexpose_raw_nokogiri.rb

@@ -43,13 +43,6 @@ module Rex
 			end
 		end
 
-		# This breaks on xml-encoded characters, so need to append
-		def characters(text)
-			return unless @state[:has_text]
-			@text ||= ""
-			@text << text
-		end
-
 		# When we exit a tag, this is triggered.
 		def end_element(name=nil)
 			block = @block
@@ -109,7 +102,8 @@ module Rex
 			return unless @report_data[:vuln][:matches].kind_of? Array
 			refs = normalize_references(@report_data[:vuln][:refs])
 			refs << "NEXPOSE-#{report_data[:vuln]["id"]}"
-			db.emit(:vuln, [refs.last,@report_data[:vuln][:matches].size], &block)
+			vuln_instances = @report_data[:vuln][:matches].size
+			db.emit(:vuln, [refs.last,vuln_instances], &block) if block
 			data = {
 				:workspace => @args[:wspace],
 				:name => refs.last,
@@ -122,7 +116,7 @@ module Rex
 				host_data[:host] = match[:host]
 				host_data[:port] = match[:port] if match[:port]
 				host_data[:proto] = match[:protocol] if match[:protocol]
-				db.report_vuln(host_data)
+				db_report(:vuln, host_data)
 				if match[:key]
 					hosts_keys[host_data[:host]] ||= []
 					hosts_keys[host_data[:host]] << match[:key]
@@ -147,7 +141,7 @@ module Rex
 					next if key_note[:data][data[:name]].include? key_value
 					key_note[:data][data[:name]] << key_value
 				end
-				db.report_note(key_note)
+				db_report(:note, key_note)
 			end
 		end
 
@@ -240,7 +234,7 @@ module Rex
 			note[:data][:product] = @report_data[:os]["os_product"] if @report_data[:os]["os_prduct"]
 			note[:data][:version] = @report_data[:os]["os_version"] if @report_data[:os]["os_version"]
 			note[:data][:arch] = @report_data[:os]["os_arch"] if @report_data[:os]["os_arch"]
-			db.report_note(note)
+			db_report(:note, note)
 		end
 
 		def report_services(host_object)
@@ -249,7 +243,7 @@ module Rex
 			return if @report_data[:ports].empty?
 			reported = []
 			@report_data[:ports].each do |svc|
-				reported << db.report_service(svc.merge(:host => host_object))
+				reported << db_report(:service, svc.merge(:host => host_object))
 			end
 			reported
 		end
@@ -277,7 +271,12 @@ module Rex
 				end
 			end
 			if @state[:service]
-				port_hash[:name] = @state[:service]["name"] if @state[:service]["name"] != "<unknown>"
+				if state[:service]["name"] == "<unknown>"
+					sname = nil
+				else
+					sname = db.nmap_msf_service_map(@state[:service]["name"])
+				end
+				port_hash[:name] = sname
 			end
 			if @state[:service_fingerprint]
 				info = []
@@ -347,7 +346,7 @@ module Rex
 		def report_host(&block)
 			if host_is_okay
 				db.emit(:address,@report_data[:host],&block) if block
-				host_object = db.report_host( @report_data.merge(
+				host_object = db_report(:host, @report_data.merge(
 					:workspace => @args[:wspace] ) )
 					if host_object
 						db.report_import_note(host_object.workspace, host_object)

data/lib/rex/parser/nexpose_simple_nokogiri.rb

@@ -41,13 +41,6 @@ module Rex
 			end
 		end
 
-		# This breaks xml-encoded characters, so need to append
-		def characters(text)
-			return unless @state[:has_text]
-			@text ||= ""
-			@text << text
-		end
-
 		# When we exit a tag, this is triggered.
 		def end_element(name=nil)
 			block = @block
@@ -108,7 +101,7 @@ module Rex
 					data[:port] = vuln[:port] 
 					data[:proto] = vuln[:proto]
 				end
-				db.report_vuln(data)
+				db_report(:vuln,data)
 			end
 			
 		end
@@ -240,7 +233,7 @@ module Rex
 		def report_host(&block)
 			if host_is_okay
 				db.emit(:address,@report_data[:host],&block) if block
-				host_object = db.report_host( @report_data.merge(
+				host_object = db_report(:host, @report_data.merge(
 					:workspace => @args[:wspace] ) )
 				if host_object
 					db.report_import_note(host_object.workspace, host_object)
@@ -267,7 +260,7 @@ module Rex
 				:version => @report_data[:host_fingerprint]["version"],
 				:arch => @report_data[:host_fingerprint]["architecture"]
 			}
-			db.report_note(note.merge(:data => data))
+			db_report(:note, note.merge(:data => data))
 		end
 
 		def record_service(attrs)
@@ -292,8 +285,12 @@ module Rex
 				when "port"
 					port_hash[:port] = v
 				when "name"
-					port_hash[:name] = v.to_s.downcase.split("(")[0].strip
-					port_hash.delete(:name) if port_hash[:name] == "<unknown>"
+					sname = v.to_s.downcase.split("(")[0].strip
+					if sname == "<unknown>"
+						port_hash[:name] = nil
+					else
+						port_hash[:name] = db.nmap_msf_service_map(sname)
+					end
 				end
 			end
 			if @state[:service_fingerprint]
@@ -317,7 +314,7 @@ module Rex
 			return if @report_data[:ports].empty?
 			reported = []
 			@report_data[:ports].each do |svc|
-				reported << db.report_service(svc.merge(:host => host_object))
+				reported << db_report(:service, svc.merge(:host => host_object))
 			end
 			reported
 		end

data/lib/rex/parser/nmap_nokogiri.rb

@@ -303,43 +303,43 @@ module Rex
 		def report_traceroute(host_object)
 			return unless host_object.kind_of? ::Msf::DBManager::Host
 			return unless @report_data[:traceroute]
-			db.report_note(
+			tr_note = {
 				:workspace => host_object.workspace,
 				:host => host_object,
 				:type => "host.nmap.traceroute",
-				:data => {
-					'port' => @report_data[:traceroute]["port"].to_i,
+				:data => { 'port' => @report_data[:traceroute]["port"].to_i,
 					'proto' => @report_data[:traceroute]["proto"].to_s,
-					'hops' => @report_data[:traceroute][:hops]
-				}
-			)
+					'hops' => @report_data[:traceroute][:hops] } 
+			}
+			db_report(:note, tr_note)
 		end
 
 		def report_uptime(host_object)
 			return unless host_object.kind_of? ::Msf::DBManager::Host
 			return unless @report_data[:last_boot]
-			db.report_note(
+			up_note = {
 				:workspace => host_object.workspace,
 				:host => host_object,
 				:type => "host.last_boot",
-				:data => { :time => @report_data[:last_boot] }
-			)
+				:data => { :time => @report_data[:last_boot] } 
+			}
+			db_report(:note, up_note)
 		end
 
 		def report_fingerprint(host_object)
 			return unless host_object.kind_of? ::Msf::DBManager::Host
 			return unless @report_data[:os_fingerprint]
-			db.report_note(
-				@report_data[:os_fingerprint].merge(
-					:workspace => host_object.workspace,
-					:host => host_object
-				)
-			)
+			fp_note = @report_data[:os_fingerprint].merge(
+				{
+				:workspace => host_object.workspace,
+				:host => host_object
+			})
+			db_report(:note, fp_note)
 		end
 
 		def report_host(&block)
 			if host_is_okay
-				host_object = db.report_host( @report_data.merge(
+				host_object = db_report(:host, @report_data.merge(
 					:workspace => @args[:wspace] ) )
 				db.emit(:address,@report_data[:host],&block) if block
 				host_object
@@ -352,7 +352,7 @@ module Rex
 			return if @report_data[:ports].empty?
 			reported = []
 			@report_data[:ports].each do |svc|
-				reported << db.report_service(svc.merge(:host => host_object))
+				reported << db_report(:service, svc.merge(:host => host_object))
 			end
 			reported
 		end

data/lib/rex/parser/nokogiri_doc_mixin.rb

@@ -114,11 +114,48 @@ module Parser
 			return true
 		end
 
-		# XXX: Define this
+		# XXX: Document classes ought to define this
 		def determine_port_state(v)
 			return v
 		end
 
+		# Circumvent the unknown attribute logging by the various reporters. They
+		# seem to be there just for debugging anyway. 
+		def db_report(table, data)
+			raise "Data should be a hash" unless data.kind_of? Hash
+			nonempty_data = data.reject {|k,v| v.nil?}
+			valid_attrs = db_valid_attributes(table)
+			raise "Unknown table `#{table}'" if valid_attrs.empty?
+			if table == :note # Notes don't whine about extra stuff
+				just_the_facts = nonempty_data
+			else
+				just_the_facts = nonempty_data.select {|k,v| valid_attrs.include? k.to_s.to_sym}
+			end
+			just_the_facts.empty? ? return : db.send("report_#{table}", just_the_facts)
+		end
+
+		# XXX: It would be better to either have a single registry of acceptable 
+		# keys if we're going to alert on bad ones, or to be more forgiving if 
+		# the caller is this thing. There is basically no way to tell if 
+		# report_host()'s tastes are going to change with this scheme.
+		def db_valid_attributes(table)
+			case table.to_s.to_sym
+			when :host
+				Msf::DBManager::Host.new.attribute_names.map {|x| x.to_sym} |
+					[:host, :workspace]
+			when :service
+				Msf::DBManager::Service.new.attribute_names.map {|x| x.to_sym} |
+					[:host, :host_name, :mac, :workspace]
+			when :vuln
+				Msf::DBManager::Vuln.new.attribute_names.map {|x| x.to_sym} |
+					[:host, :refs, :workspace, :port, :proto]
+			when :note
+					[:anything]
+			else
+				[]
+			end
+		end
+
 		# Nokogiri 1.4.4 (and presumably beyond) generates attrs as pairs,
 		# like [["value1","foo"],["value2","bar"]] (but not hashes for some 
 		# reason). 1.4.3.1 (and presumably 1.4.3.x and prior) generates attrs
@@ -139,13 +176,30 @@ module Parser
 			return attr_pairs
 		end
 
+		# This breaks xml-encoded characters, so need to append.
+		# It's on the end_element tag name to turn the appending
+		# off and clear out the data.
+		def characters(text)
+			return unless @state[:has_text]
+			@text ||= ""
+			@text << text
+		end
+
+		# Effectively the same as characters()
+		def cdata_block(text)
+			return unless @state[:has_text]
+			@text ||= ""
+			@text << text
+		end
+
 		def end_document
 			block = @block
+			return unless @report_type_ok
 			unless @state[:current_tag].empty?
 				missing_ends = @state[:current_tag].keys.map {|x| "'#{x}'"}.join(", ")
 				msg = "Warning, the provided file is incomplete, and there may be missing\n"
 				msg << "data. The following tags were not closed: #{missing_ends}."
-				db.emit(:warning,msg,&block)
+				db.emit(:warning,msg,&block) if block
 			end
 		end
 

data/lib/rex/pescan/scanner.rb

@@ -29,8 +29,18 @@ module Scanner
 					msg  = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
 					$stdout.puts pe.ptr_s(vma) + " " + msg
 					if(param['disasm'])
+						#puts [msg].pack('H*').inspect
 						insns = []
-						d2 = Metasm::Shellcode.decode(msg, Metasm::Ia32.new).disassembler
+						msg.gsub!("; ", "\n")
+						if msg.include?("retn")
+							msg.gsub!("retn", "ret")
+						end
+						#puts msg
+						begin
+							d2 = Metasm::Shellcode.assemble(Metasm::Ia32.new, msg).disassemble
+						rescue Metasm::ParseError
+							d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, [msg].pack('H*')[0])
+						end
 						addr = 0
 						while ((di = d2.disassemble_instruction(addr)))
 							insns << di.instruction
@@ -39,6 +49,9 @@ module Scanner
 							$stdout.puts disasm
 							addr = di.next_addr
 						end
+#						::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
+#							$stdout.puts "\tnasm: #{line.strip}"
+						#end
 					end
 				end
 			end

data/lib/rex/pescan/search.rb

@@ -3,40 +3,44 @@ module PeScan
 module Search
 
 	require "rex/assembly/nasm"
-
+	
 	class DumpRVA
 		attr_accessor :pe
-
+		
 		def initialize(pe)
 			self.pe = pe
 		end
-
+		
 		def config(param)
 			@address = pe.vma_to_rva(param['args'])
 		end
-
+		
 		def scan(param)
 			config(param)
-
+			
 			$stdout.puts "[#{param['file']}]"
-
+			
 			# Adjust based on -A and -B flags
 			pre = param['before'] || 0
 			suf = param['after']  || 16
-
+			
 			@address -= pre
 			@address = 0 if (@address < 0 || ! @address)
-
+			
 			begin
 				buf = pe.read_rva(@address, suf)
 			rescue ::Rex::PeParsey::WtfError
 				return
 			end
-
+			
 			$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
 			if(param['disasm'])
 				insns = []
-				d2 = Metasm::Shellcode.decode(buf, Metasm::Ia32.new).disassembler
+				buf.gsub!("; ", "\n")
+				if buf.include?("retn")
+					buf.gsub!("retn", "ret")
+				end
+				d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, buf)
 				addr = 0
 				while ((di = d2.disassemble_instruction(addr)))
 					insns << di.instruction
@@ -46,7 +50,8 @@ module Search
 					addr = di.next_addr
 				end
 			end
-		end
+			
+		end	
 	end
 
 	class DumpOffset < DumpRVA
@@ -56,7 +61,7 @@ module Search
 			rescue Rex::PeParsey::BoundsError
 			end
 		end
-	end
+	end	
 end
 end
 end

data/lib/rex/post/meterpreter/packet.rb

@@ -224,7 +224,8 @@ class Tlv
 	# Converts the TLV to raw.
 	#
 	def to_r
-		raw = value.to_s;
+		# Forcibly convert to ASCII-8BIT encoding
+		raw = value.to_s.unpack("C*").pack("C*")
 
 		if (self.type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
 			raw += "\x00"

metadata

@@ -2,7 +2,7 @@
 name: librex
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.34
+  version: 0.0.35
 platform: ruby
 authors: 
 - Metasploit Development Team
@@ -11,11 +11,11 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-27 00:00:00 -05:00
+date: 2011-06-01 00:00:00 -05:00
 default_executable: 
 dependencies: []
 
-description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12756
+description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12804
 email: 
 - hdm@metasploit.com
 - jacob.hammack@hammackj.com
@@ -153,10 +153,12 @@ files:
 - lib/rex/parser/apple_backup_manifestdb.rb
 - lib/rex/parser/arguments.rb
 - lib/rex/parser/arguments.rb.ut.rb
+- lib/rex/parser/foundstone_nokogiri.rb
 - lib/rex/parser/ini.rb
 - lib/rex/parser/ini.rb.ut.rb
 - lib/rex/parser/ip360_aspl_xml.rb
 - lib/rex/parser/ip360_xml.rb
+- lib/rex/parser/mbsa_nokogiri.rb
 - lib/rex/parser/nessus_xml.rb
 - lib/rex/parser/netsparker_xml.rb
 - lib/rex/parser/nexpose_raw_nokogiri.rb