metasploit-runner 0.0.1 → 0.0.2

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    Yjk2ODJjODk3YmE1YTU3OWJjMDE0MDg1NTQ0ZjAyNTkyNTBiYzVlNQ==
-  data.tar.gz: !binary |-
-    YWViNThkOGU2MThjYjk4OGM4NTI2NDJjM2MxODBiY2QzODU0ZDFlYg==
+SHA1:
+  metadata.gz: 993f0fd305f9c4237449fd4da5d305e13ed4f7eb
+  data.tar.gz: 17d5ad62828b67045402d81f779de24addd65d45
 SHA512:
-  metadata.gz: !binary |-
-    NjYxZTFjNzNjODE3MmZiYzkxNmJlNTFmMDlhYjhmMzAzM2ZhZmYwYzIzNzRj
-    ZjIzOTJmMGYwZGIwNGNhZTM5OTkwYzBhNjg1NzZiODNjYTA2NTk1MDA2YTJl
-    NDY2NjJiODlhYTExOGQyNWUyMGZmMTY3NzhiZWUzZGE5NGM2ZGI=
-  data.tar.gz: !binary |-
-    YTViYjk1ODJiMzExOGNhOThiMjc0ZTBhNjJmMTJkYWQyNjg0ZDEyNzdiMGVk
-    NzEzMzQ4M2Q4MTI0ZTViNGFhYzdmNjI4NzJmYWRkOWY0ZjI3OGI1MWRjNDYw
-    YjExZDUyYjc3OTRhNGVjYjc1Yjg0NjAxMjBmZjJkY2FmOTJmNTU=
+  metadata.gz: 594805a578c9a446f1afe68f39ca830cdbecfa6ee88e195f80a5175efcd4fe747a2d2c94b25862357607609b581b94ab7c71c653dd293fc73e7447b78a398a57
+  data.tar.gz: 59735fe882b949673c733f84a8890e46618b947b2257d05acc10b7994e90c6cbe6ba0f4df3dfa9907112c2d53222ade2ecd7c29a2f28523eab98e3ff63fb0af4

data/lib/MetasploitPenTestScript/version.rb

@@ -1,3 +1,3 @@
 module MetasploitPenTestScript
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/lib/metasploit/exploit.rb

@@ -1,56 +1,32 @@
 require 'msfrpc-client'
 require 'metasploit/constants'
+require 'metasploit/exploit_run_description'
 
 module Metasploit
   module Exploit
     def Exploit.start(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan)
-      are_parameters_valid(connection_url, token, workspace_name, device_ip_to_scan)
+      run_details = ExploitRunDescription.new connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan
+      run_details.verify
 
-      rpc_client = get_new_metasploit_rpc_connection(connection_url, port, uri, use_ssl, token)
+      rpc_client = get_new_metasploit_rpc_connection(run_details)
 
-      create_workspace(rpc_client, workspace_name)
+      create_workspace(rpc_client, run_details.workspace_name)
 
-      do_nexpose_import(nexpose_console_name, rpc_client, workspace_name)
+      do_nexpose_import(rpc_client, run_details)
 
-      do_metasploit_scan(device_ip_to_scan, rpc_client, workspace_name)
+      do_metasploit_scan(rpc_client, run_details)
     end
 
     private
-    def self.are_parameters_valid(connection_url, token, workspace_name, device_ip_to_scan)
-      raise StandardError, CONSTANTS::REQUIRED_WORKSPACE_MESSAGE if workspace_name.nil? || workspace_name.empty?
-      raise StandardError, CONSTANTS::REQUIRED_TOKEN_MESSAGE if token.nil? || token.empty?
-      raise StandardError, CONSTANTS::REQUIRED_CONNECTION_URL_MESSAGE if connection_url.nil? || connection_url.empty?
-      raise StandardError, CONSTANTS::REQUIRED_DEVICE_IP_TO_SCAN_MESSAGE if device_ip_to_scan.nil? || device_ip_to_scan.empty?
-    end
-
-    def self.get_metasploit_options(connection_url, port, uri, use_ssl, token)
-      if port.nil? || port.empty?
-        puts CONSTANTS::USING_DEFAULT_PORT_MESSAGE
-        port = CONSTANTS::DEFAULT_PORT
-      end
-
-      if uri.nil? || uri.empty?
-        puts CONSTANTS::USING_DEFAULT_URI_MESSAGE
-        uri = CONSTANTS::DEFAULT_URI
-      end
-
-      if use_ssl != false
-        puts CONSTANTS::USING_DEFAULT_SSL_MESSAGE
-        use_ssl = CONSTANTS::DEFAULT_SSL
-      end
-
-      {:host => connection_url, :port => port, :token => token, :uri => uri, :ssl => use_ssl}
-    end
-
-    def self.get_new_metasploit_rpc_connection(connection_url, port, uri, use_ssl, token)
-      client = Msf::RPC::Client.new(get_metasploit_options(connection_url, port, uri, use_ssl, token))
+    def self.get_new_metasploit_rpc_connection(run_details)
+      client = Msf::RPC::Client.new(run_details.get_options)
       puts CONSTANTS::SUCCESSFUL_CONNECTION_MESSAGE
 
       client
     end
 
-    def self.do_nexpose_import(nexpose_console_name, rpc_client, workspace_name)
-      import = rpc_client.call('pro.start_import', {'workspace' => workspace_name, 'DS_NEXPOSE_CONSOLE' => nexpose_console_name, 'DS_NEXPOSE_SITE' => workspace_name})
+    def self.do_nexpose_import(rpc_client, run_details)
+      import = rpc_client.call('pro.start_import', {'workspace' => run_details.workspace_name, 'DS_NEXPOSE_CONSOLE' => run_details.nexpose_console_name, 'DS_NEXPOSE_SITE' => run_details.workspace_name})
 
       wait_for_task_to_stop_running(rpc_client, CONSTANTS::IMPORTING_DATA_MESSAGE, import['task_id'])
     end
@@ -59,18 +35,8 @@ module Metasploit
       rpc_client.call('pro.workspace_add', {'name' => workspace_name})
     end
 
-    def self.do_metasploit_scan(device_ip_to_scan, rpc_client, workspace_name)
-      scan = rpc_client.call('pro.start_webscan', {'workspace' => workspace_name, 'DS_URLS' => "http://#{device_ip_to_scan}"})
-
-      wait_for_task_to_stop_running(rpc_client, CONSTANTS::SCANNING_MESSAGE, scan['task_id'])
-    end
-
-    def self.create_workspace(rpc_client, workspace_name)
-      rpc_client.call('pro.workspace_add', {'name' => workspace_name})
-    end
-
-    def self.do_metasploit_scan(device_ip_to_scan, rpc_client, workspace_name)
-      scan = rpc_client.call('pro.start_webscan', {'workspace' => workspace_name, 'DS_URLS' => "http://#{device_ip_to_scan}"})
+    def self.do_metasploit_scan(rpc_client, run_details)
+      scan = rpc_client.call('pro.start_webscan', {'workspace' => run_details.workspace_name, 'DS_URLS' => run_details.device_ip_to_scan})
 
       wait_for_task_to_stop_running(rpc_client, CONSTANTS::SCANNING_MESSAGE, scan['task_id'])
     end

data/lib/metasploit/exploit_run_description.rb

@@ -0,0 +1,70 @@
+class ExploitRunDescription
+  attr_accessor :connection_url, :port, :uri, :use_ssl, :token, :workspace_name, :nexpose_console_name, :device_ip_to_scan
+  @@port_value = ''
+  @@uri_value = ''
+  @@use_ssl_value = ''
+  @@device_ip_to_scan_value = ''
+
+  def initialize(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan)
+    self.connection_url = connection_url
+    @@port_value = port
+    @@uri_value = uri
+    @@use_ssl_value = use_ssl
+    self.token = token
+    self.workspace_name = workspace_name
+    self.nexpose_console_name = nexpose_console_name
+    @@device_ip_to_scan_value = device_ip_to_scan
+  end
+
+  def verify
+    raise StandardError, CONSTANTS::REQUIRED_TOKEN_MESSAGE if token.nil? || token.empty?
+    raise StandardError, CONSTANTS::REQUIRED_CONNECTION_URL_MESSAGE if connection_url.nil? || connection_url.empty?
+    raise StandardError, CONSTANTS::REQUIRED_DEVICE_IP_TO_SCAN_MESSAGE if @@device_ip_to_scan_value.nil? || @@device_ip_to_scan_value.empty?
+    raise StandardError, CONSTANTS::REQUIRED_WORKSPACE_MESSAGE if workspace_name.nil? || workspace_name.empty?
+  end
+
+  def get_options
+    {:host => self.connection_url,
+     :port => self.port,
+     :token => self.token,
+     :uri => self.uri,
+     :ssl => self.use_ssl}
+  end
+
+  def device_ip_to_scan=(value)
+    @@device_ip_to_scan_value = value
+  end
+
+  def device_ip_to_scan
+    "http://#{@@device_ip_to_scan_value}"
+  end
+
+  def port=(value)
+    @@port_value = value
+  end
+
+  def port
+    get_value(@@port_value, CONSTANTS::DEFAULT_PORT)
+  end
+
+  def uri=(value)
+    @@uri_value = value
+  end
+
+  def uri
+    get_value(@@uri_value, CONSTANTS::DEFAULT_URI)
+  end
+
+  def use_ssl=(value)
+    @@use_ssl_value = value
+  end
+
+  def use_ssl
+    (@@use_ssl_value != false) ? true : false
+  end
+
+  def get_value(value_to_check, default)
+    (value_to_check.nil? || value_to_check.empty?) ? default : value_to_check
+  end
+
+end

data/spec/exploit_run_description_spec.rb

@@ -0,0 +1,135 @@
+require 'metasploit/exploit_run_description'
+
+describe 'exploit_run_description' do
+  describe 'start' do
+    before(:each) do
+      @expected_connection = 'http://test.connection'
+      @expected_token = 'testtoken'
+      @expected_port = '3791'
+      @expected_uri = '/api/1.1'
+      @expected_ssl = false
+      @expected_workspace_name = 'workspacename'
+      @expected_nexpose_console_name = 'nexpose_console_name'
+      @expected_webscan_task_id = '12'
+      @expected_import_task_id = '1'
+      @mock_rpc_client = get_mock_rpc_client
+      @mock_device_ip_to_scan = '127.0.0.1'
+      @mock_device_url_to_scan = "http://#{@mock_device_ip_to_scan}"
+
+      @exploit_run_description = ExploitRunDescription.new @expected_connection,
+                                                          @expected_port,
+                                                          @expected_uri,
+                                                          @expected_ssl,
+                                                          @expected_token,
+                                                          @expected_workspace_name,
+                                                          @expected_nexpose_console_name,
+                                                          @mock_device_ip_to_scan
+    end
+
+    it 'should accept all of the needed parameters and persist them' do
+      expect(@exploit_run_description.connection_url).to eq(@expected_connection)
+      expect(@exploit_run_description.port).to eq(@expected_port)
+      expect(@exploit_run_description.uri).to eq(@expected_uri)
+      expect(@exploit_run_description.use_ssl).to eq(@expected_ssl)
+      expect(@exploit_run_description.token).to eq(@expected_token)
+      expect(@exploit_run_description.workspace_name).to eq(@expected_workspace_name)
+      expect(@exploit_run_description.nexpose_console_name).to eq(@expected_nexpose_console_name)
+      expect(@exploit_run_description.device_ip_to_scan).to eq(@mock_device_url_to_scan)
+    end
+
+    it 'should use 3790 as default if port is empty string' do
+      @exploit_run_description.port = ''
+      expect(@exploit_run_description.port).to eq(CONSTANTS::DEFAULT_PORT)
+    end
+
+    it 'should use 3790 as default if port is nil' do
+      @exploit_run_description.port = nil
+      expect(@exploit_run_description.port).to eq(CONSTANTS::DEFAULT_PORT)
+    end
+
+    it 'should use /api/1.0 as default if empty string' do
+      @exploit_run_description.uri = ''
+      expect(@exploit_run_description.uri).to eq(CONSTANTS::DEFAULT_URI)
+    end
+
+    it 'should use /api/1.0 as default if nil' do
+      @exploit_run_description.uri = nil
+      expect(@exploit_run_description.uri).to eq(CONSTANTS::DEFAULT_URI)
+    end
+
+    it 'should use ssl true as default if empty string is passed' do
+      @exploit_run_description.use_ssl = ''
+      expect(@exploit_run_description.use_ssl).to eq(CONSTANTS::DEFAULT_SSL)
+    end
+
+    it 'should use ssl true as default if random string is passed' do
+      @exploit_run_description.use_ssl = 'nathan is god'
+      expect(@exploit_run_description.use_ssl).to eq(CONSTANTS::DEFAULT_SSL)
+    end
+
+    it 'should use ssl true as default if nil is passed' do
+      @exploit_run_description.use_ssl = nil
+      expect(@exploit_run_description.use_ssl).to eq(CONSTANTS::DEFAULT_SSL)
+    end
+
+    it 'should use ssl true as default if true is passed' do
+      @exploit_run_description.use_ssl = true
+      expect(@exploit_run_description.use_ssl).to eq(CONSTANTS::DEFAULT_SSL)
+    end
+
+    it 'should return false if false is passed' do
+      @exploit_run_description.use_ssl = false
+      expect(@exploit_run_description.use_ssl).to eq(false)
+    end
+
+    describe 'get metasploit options' do
+      it 'should return the correct options' do
+        expect(@exploit_run_description.get_options).to eq({:host => @expected_connection,
+                               :port => @expected_port,
+                               :token => @expected_token,
+                               :uri => @expected_uri,
+                               :ssl => @expected_ssl})
+      end
+
+      it 'should be using the correct methods to fill the options' do
+        @exploit_run_description.port = ''
+        expect(@exploit_run_description.get_options).to eq({:host => @expected_connection,
+                                                            :port => CONSTANTS::DEFAULT_PORT,
+                                                            :token => @expected_token,
+                                                            :uri => @expected_uri,
+                                                            :ssl => @expected_ssl})
+      end
+    end
+
+    describe 'verify' do
+      it 'should throw an error if no token' do
+        @exploit_run_description.token = ''
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_TOKEN_MESSAGE)
+        @exploit_run_description.token = nil
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_TOKEN_MESSAGE)
+      end
+
+      it 'should throw an error if no connection url' do
+        @exploit_run_description.connection_url = ''
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_CONNECTION_URL_MESSAGE)
+        @exploit_run_description.connection_url = nil
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_CONNECTION_URL_MESSAGE)
+      end
+
+
+      it 'should throw an error if no device ip' do
+        @exploit_run_description.device_ip_to_scan = ''
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_DEVICE_IP_TO_SCAN_MESSAGE)
+        @exploit_run_description.device_ip_to_scan = nil
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_DEVICE_IP_TO_SCAN_MESSAGE)
+      end
+
+      it 'should throw an error if workspace' do
+        @exploit_run_description.workspace_name = ''
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_WORKSPACE_MESSAGE)
+        @exploit_run_description.workspace_name = nil
+        expect { @exploit_run_description.verify }.to raise_error(StandardError, CONSTANTS::REQUIRED_WORKSPACE_MESSAGE)
+      end
+    end
+  end
+end

data/spec/exploit_spec.rb

@@ -56,76 +56,6 @@ describe 'exploit' do
 
         Metasploit::Exploit.start(@expected_connection, '', @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
       end
-
-      it 'should use 3790 as default if port is nil' do
-        expected_options = get_default_options_and_override({:port => '3790'})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, nil, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
-
-      it 'should use /api/1.0 as default if no uri is passed' do
-        expected_options = get_default_options_and_override({:uri => '/api/1.0'})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, @expected_port, '', @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
-
-      it 'should use /api/1.0 as default if no uri is passed' do
-        expected_options = get_default_options_and_override({:uri => '/api/1.0'})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, @expected_port, nil, @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
-
-      it 'should use ssl true as default if empty string is passed' do
-        expected_options = get_default_options_and_override({:ssl => true})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, '',  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
-
-      it 'should use ssl true as default if random string is passed' do
-        expected_options = get_default_options_and_override({:ssl => true})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, 'sadf',  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
-
-      it 'should use ssl true as default if nil is passed' do
-        expected_options = get_default_options_and_override({:ssl => true})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, nil,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
-
-      it 'should use ssl true as default if true is passed' do
-        expected_options = get_default_options_and_override({:ssl => true})
-
-        expect(Msf::RPC::Client).to receive(:new)
-                                    .with(expected_options)
-                                    .and_return(@mock_rpc_client)
-
-        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, true,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
-      end
     end
 
     describe 'create workspace' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-runner
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Nathan Gibson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-22 00:00:00.000000000 Z
+date: 2014-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
@@ -28,28 +28,28 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -74,8 +74,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
+- ".gitignore"
+- ".rspec"
 - Gemfile
 - LICENSE.txt
 - MetasploitPenTestScript.gemspec
@@ -86,6 +86,8 @@ files:
 - lib/MetasploitPenTestScript/version.rb
 - lib/metasploit/constants.rb
 - lib/metasploit/exploit.rb
+- lib/metasploit/exploit_run_description.rb
+- spec/exploit_run_description_spec.rb
 - spec/exploit_spec.rb
 - spec/spec_helper.rb
 homepage: ''
@@ -98,12 +100,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -113,5 +115,6 @@ signing_key:
 specification_version: 4
 summary: Script to run automated Metaspolit Penetration Tests.
 test_files:
+- spec/exploit_run_description_spec.rb
 - spec/exploit_spec.rb
 - spec/spec_helper.rb