metasploit-runner 0.0.6 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c1f3e540898c891a4d9473fde87b342eb1b31c1
-  data.tar.gz: 3c540a76097bab3eeea6a50a6ad05831df2f9035
+  metadata.gz: 3aa74a612b220bdf4518066c980c75bc676a768a
+  data.tar.gz: aa3574a74021210c57a9510cb082ae07924e8133
 SHA512:
-  metadata.gz: 6f8c38817ad0c37fb49f29359b667bb14a73cd51d4c5117ce5ac4a9c093f0b7b755d3345a4563ec9b895433d63b5e9ea7c2a58f66e00315976add00fc2965041
-  data.tar.gz: a1fec8df21779de8811c181cf4b78d8e78e1b3cffec5687f46cf24722bfadce85621d4f518981dec1f58ce4fc8965cbbbb449085f2277edd0d1d4b0aad6bb28f
+  metadata.gz: c242eb34af6da8d8dd0e773230eb4d660567286f65f5435748ac025124fa0951b7dc3e47d427c2a124800aa61eeb2afd56a346a065536b1bbc5829fa7be4815f
+  data.tar.gz: 61f2ae1bc235e8eacd839a1b11a4f7c6614a6776e777bf827487d7ffd2cb2cc34a5d7ed81c5dced766202930a67cfbbeae0bdf65f98fa707e16469ddf5cbcf9c

data/lib/MetasploitPenTestScript/version.rb

@@ -1,3 +1,3 @@
 module MetasploitPenTestScript
-  VERSION = "0.0.6"
+  VERSION = "0.0.8"
 end

data/lib/metasploit/constants.rb

@@ -13,6 +13,7 @@ module CONSTANTS
   USING_DEFAULT_SSL_MESSAGE = '[*] Using SSL=TRUE'
   IMPORTING_DATA_MESSAGE = '[*] Importing scan data from Nexpose...'
   SCANNING_MESSAGE = '[*] Scanning all your things with WebScan...'
+  AUDIT_MESSAGE = '[*] Performing web audit...'
   EXPLOIT_MESSAGE = '[*] Exploiting all your things...'
   REQUIRED_WORKSPACE_MESSAGE = 'PWNED! Workspace Name is required'
   SKIPPING_IMPORT_MESSAGE = '[*] Nexpose Console option was not passed, skipping Nexpose Import'

data/lib/metasploit/exploit.rb

@@ -16,6 +16,8 @@ module Metasploit
 
       do_metasploit_scan(rpc_client, run_details)
 
+      do_metasploit_audit(rpc_client, run_details)
+
       do_metasploit_exploit(rpc_client, run_details)
     end
 
@@ -47,6 +49,18 @@ module Metasploit
       wait_for_task_to_stop_running(rpc_client, CONSTANTS::SCANNING_MESSAGE, scan['task_id'])
     end
 
+    def self.do_metasploit_audit(rpc_client, run_details)
+      audit = rpc_client.call('pro.start_webaudit', {
+          'workspace' => run_details.workspace_name,
+          'DS_URLS' => run_details.device_ip_to_scan,
+          'DS_MAX_REQUESTS' => run_details.audit_max_requests,
+          'DS_MAX_MINUTES' => run_details.audit_max_minutes,
+          'DS_MAX_THREADS' => run_details.audit_max_threads,
+          'DS_MAX_INSTANCES' => run_details.audit_max_instances
+      })
+      wait_for_task_to_stop_running(rpc_client, CONSTANTS::AUDIT_MESSAGE, audit['task_id'])
+    end
+
     def self.do_metasploit_exploit(rpc_client, run_details)
       sploit = rpc_client.call('pro.start_exploit', {'workspace' => run_details.workspace_name})
       wait_for_task_to_stop_running(rpc_client, CONSTANTS::EXPLOIT_MESSAGE, sploit['task_id'])
@@ -65,4 +79,4 @@ module Metasploit
       wait_for_task_to_stop_running(rpc_client, status_message, task_id) if status == CONSTANTS::RUNNING_IMPORT_STATUS
     end
   end
-end
+end

data/lib/metasploit/exploit_run_description.rb

@@ -35,6 +35,22 @@ class ExploitRunDescription
     @@device_ip_to_scan_value = value
   end
 
+  def audit_max_requests
+    1000
+  end
+
+  def audit_max_minutes
+    3
+  end
+
+  def audit_max_threads
+    5
+  end
+
+  def audit_max_instances
+    3
+  end
+
   def device_ip_to_scan
     "http://#{@@device_ip_to_scan_value}"
   end
@@ -67,4 +83,4 @@ class ExploitRunDescription
     (value_to_check.nil? || value_to_check.empty?) ? default : value_to_check
   end
 
-end
+end

data/spec/exploit_spec.rb

@@ -17,6 +17,11 @@ describe 'exploit' do
       @expected_webscan_task_id = '12'
       @expected_import_task_id = '1'
       @expected_exploit_task_id = '13'
+      @expected_audit_task_id = '14'
+      @expected_audit_max_requests = 1000
+      @expected_audit_max_minutes = 3
+      @expected_audit_max_threads = 5
+      @expected_audit_max_instances = 3
       @mock_rpc_client = get_mock_rpc_client
       @mock_device_ip_to_scan = '127.0.0.1'
       @mock_device_url_to_scan = "http://#{@mock_device_ip_to_scan}"
@@ -137,8 +142,8 @@ describe 'exploit' do
                                       .once
                                       .ordered
 
-          #Expecting 5 because we are mocking 4 above and the global :call mock in get_mock_rpc_client
-          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(6).times
+          #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
+          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
 
           Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
         end
@@ -197,8 +202,82 @@ describe 'exploit' do
                                       .once
                                       .ordered
 
-          #Expecting 6 because we are mocking 4 above and the global :call mock in get_mock_rpc_client
-          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(6).times
+          #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
+          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+      end
+    end
+
+    describe 'start an audit' do
+
+      it 'should kick off an audit' do
+        expect(@mock_rpc_client).to receive(:call)
+                                    .with('pro.start_webaudit', {
+                                                                  'workspace' => @expected_workspace_name,
+                                                                  'DS_URLS' => @mock_device_url_to_scan,
+                                                                  'DS_MAX_REQUESTS' => @expected_audit_max_requests,
+                                                                  'DS_MAX_MINUTES' => @expected_audit_max_minutes,
+                                                                  'DS_MAX_THREADS' => @expected_audit_max_threads,
+                                                                  'DS_MAX_INSTANCES' => @expected_audit_max_instances
+                                                                })
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+      end
+
+      describe 'wait for audit to be over' do
+        before(:each) do
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.start_webaudit', {
+                                                                    'workspace' => @expected_workspace_name,
+                                                                    'DS_URLS' => @mock_device_url_to_scan,
+                                                                    'DS_MAX_REQUESTS' => @expected_audit_max_requests,
+                                                                    'DS_MAX_MINUTES' => @expected_audit_max_minutes,
+                                                                    'DS_MAX_THREADS' => @expected_audit_max_threads,
+                                                                    'DS_MAX_INSTANCES' => @expected_audit_max_instances
+                                                                  })
+                                      .and_return({'task_id' => @expected_audit_task_id})
+        end
+
+        it 'should call to check the status of the audit' do
+          expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_audit_task_id)
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+
+        it 'should call to check the status until it is not running' do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_audit_task_id)
+                                      .and_return({'14'=>{'status' => 'running', 'progress' => 3, 'info' => 'Auditing your website'}})
+                                      .exactly(3).times
+                                      .ordered
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_audit_task_id)
+                                      .and_return({'14'=>{'status' => 'not running', 'progress' => 100, 'info' => 'Complete'}})
+                                      .once
+                                      .ordered
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+
+        it 'should sleep for 3 seconds if the status is still running' do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_audit_task_id)
+                                      .and_return({'14'=>{'status' => 'running', 'progress' => 3, 'info' => 'Auditing your website'}})
+                                      .exactly(3).times
+                                      .ordered
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_audit_task_id)
+                                      .and_return({'14'=>{'status' => 'not running', 'progress' => 100, 'info' => 'Complete'}})
+                                      .once
+                                      .ordered
+
+          #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
+          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
 
           Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
         end
@@ -257,14 +336,15 @@ describe 'exploit' do
                                       .once
                                       .ordered
 
-          #Expecting 6 because we are mocking 4 above and the global :call mock in get_mock_rpc_client
-          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(6).times
+          #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
+          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
 
           Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
         end
       end
     end
 
+    
   end
 end
 
@@ -281,4 +361,4 @@ def get_mock_rpc_client
                              .and_return(mock_rpc_client)
 
   mock_rpc_client
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-runner
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.8
 platform: ruby
 authors:
 - Nathan Gibson