metasploit_data_models 0.7.0-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (214) hide show
  1. data/.gitignore +24 -0
  2. data/.rspec +3 -0
  3. data/.simplecov +38 -0
  4. data/.travis.yml +6 -0
  5. data/.yardopts +4 -0
  6. data/Gemfile +27 -0
  7. data/LICENSE +27 -0
  8. data/README.md +72 -0
  9. data/Rakefile +53 -0
  10. data/app/models/mdm/api_key.rb +20 -0
  11. data/app/models/mdm/client.rb +9 -0
  12. data/app/models/mdm/cred.rb +93 -0
  13. data/app/models/mdm/event.rb +30 -0
  14. data/app/models/mdm/exploit_attempt.rb +14 -0
  15. data/app/models/mdm/exploited_host.rb +11 -0
  16. data/app/models/mdm/host.rb +134 -0
  17. data/app/models/mdm/host_detail.rb +15 -0
  18. data/app/models/mdm/host_tag.rb +13 -0
  19. data/app/models/mdm/imported_cred.rb +10 -0
  20. data/app/models/mdm/listener.rb +24 -0
  21. data/app/models/mdm/loot.rb +63 -0
  22. data/app/models/mdm/macro.rb +20 -0
  23. data/app/models/mdm/mod_ref.rb +3 -0
  24. data/app/models/mdm/module_action.rb +24 -0
  25. data/app/models/mdm/module_arch.rb +24 -0
  26. data/app/models/mdm/module_author.rb +25 -0
  27. data/app/models/mdm/module_detail.rb +59 -0
  28. data/app/models/mdm/module_mixin.rb +24 -0
  29. data/app/models/mdm/module_platform.rb +24 -0
  30. data/app/models/mdm/module_ref.rb +24 -0
  31. data/app/models/mdm/module_target.rb +26 -0
  32. data/app/models/mdm/nexpose_console.rb +20 -0
  33. data/app/models/mdm/note.rb +49 -0
  34. data/app/models/mdm/profile.rb +9 -0
  35. data/app/models/mdm/ref.rb +14 -0
  36. data/app/models/mdm/report.rb +50 -0
  37. data/app/models/mdm/report_template.rb +27 -0
  38. data/app/models/mdm/route.rb +9 -0
  39. data/app/models/mdm/service.rb +56 -0
  40. data/app/models/mdm/session.rb +48 -0
  41. data/app/models/mdm/session_event.rb +9 -0
  42. data/app/models/mdm/tag.rb +46 -0
  43. data/app/models/mdm/task.rb +41 -0
  44. data/app/models/mdm/user.rb +25 -0
  45. data/app/models/mdm/vuln.rb +60 -0
  46. data/app/models/mdm/vuln_attempt.rb +15 -0
  47. data/app/models/mdm/vuln_detail.rb +14 -0
  48. data/app/models/mdm/vuln_ref.rb +13 -0
  49. data/app/models/mdm/web_form.rb +16 -0
  50. data/app/models/mdm/web_page.rb +16 -0
  51. data/app/models/mdm/web_site.rb +47 -0
  52. data/app/models/mdm/web_vuln.rb +190 -0
  53. data/app/models/mdm/wmap_request.rb +3 -0
  54. data/app/models/mdm/wmap_target.rb +3 -0
  55. data/app/models/mdm/workspace.rb +196 -0
  56. data/bin/mdm_console +68 -0
  57. data/console_db.yml +9 -0
  58. data/db/migrate/000_create_tables.rb +79 -0
  59. data/db/migrate/001_add_wmap_tables.rb +35 -0
  60. data/db/migrate/002_add_workspaces.rb +36 -0
  61. data/db/migrate/003_move_notes.rb +20 -0
  62. data/db/migrate/004_add_events_table.rb +16 -0
  63. data/db/migrate/005_expand_info.rb +58 -0
  64. data/db/migrate/006_add_timestamps.rb +26 -0
  65. data/db/migrate/007_add_loots.rb +20 -0
  66. data/db/migrate/008_create_users.rb +16 -0
  67. data/db/migrate/009_add_loots_ctype.rb +10 -0
  68. data/db/migrate/010_add_alert_fields.rb +16 -0
  69. data/db/migrate/011_add_reports.rb +19 -0
  70. data/db/migrate/012_add_tasks.rb +24 -0
  71. data/db/migrate/013_add_tasks_result.rb +10 -0
  72. data/db/migrate/014_add_loots_fields.rb +12 -0
  73. data/db/migrate/015_rename_user.rb +16 -0
  74. data/db/migrate/016_add_host_purpose.rb +10 -0
  75. data/db/migrate/017_expand_info2.rb +58 -0
  76. data/db/migrate/018_add_workspace_user_info.rb +29 -0
  77. data/db/migrate/019_add_workspace_desc.rb +23 -0
  78. data/db/migrate/020_add_user_preferences.rb +11 -0
  79. data/db/migrate/021_standardize_info_and_data.rb +18 -0
  80. data/db/migrate/022_enlarge_event_info.rb +10 -0
  81. data/db/migrate/023_add_report_downloaded_at.rb +10 -0
  82. data/db/migrate/024_convert_service_info_to_text.rb +12 -0
  83. data/db/migrate/025_add_user_admin.rb +19 -0
  84. data/db/migrate/026_add_creds_table.rb +19 -0
  85. data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
  86. data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
  87. data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
  88. data/db/migrate/20100911122000_add_report_templates.rb +18 -0
  89. data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
  90. data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
  91. data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
  92. data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
  93. data/db/migrate/20101001000000_add_web_tables.rb +57 -0
  94. data/db/migrate/20101002000000_add_query.rb +10 -0
  95. data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
  96. data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
  97. data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
  98. data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
  99. data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
  100. data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
  101. data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
  102. data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
  103. data/db/migrate/20110204112800_add_host_tags.rb +28 -0
  104. data/db/migrate/20110317144932_add_session_table.rb +110 -0
  105. data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
  106. data/db/migrate/20110415175705_add_routes_table.rb +18 -0
  107. data/db/migrate/20110422000000_convert_binary.rb +73 -0
  108. data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
  109. data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
  110. data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
  111. data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
  112. data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
  113. data/db/migrate/20110606000001_add_macros_table.rb +16 -0
  114. data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
  115. data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
  116. data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
  117. data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
  118. data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
  119. data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
  120. data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
  121. data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
  122. data/db/migrate/20110812000001_prune_indexes.rb +23 -0
  123. data/db/migrate/20110922000000_expand_notes.rb +9 -0
  124. data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
  125. data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
  126. data/db/migrate/20111203000000_inet_columns.rb +13 -0
  127. data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
  128. data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
  129. data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
  130. data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
  131. data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
  132. data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
  133. data/db/migrate/20120625000001_add_host_details.rb +16 -0
  134. data/db/migrate/20120625000002_expand_details.rb +16 -0
  135. data/db/migrate/20120625000003_expand_details2.rb +24 -0
  136. data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
  137. data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
  138. data/db/migrate/20120625000006_add_module_details.rb +118 -0
  139. data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
  140. data/db/migrate/20120625000008_add_fail_message.rb +12 -0
  141. data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
  142. data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +35 -0
  143. data/db/migrate/20130423211152_add_creds_counter_cache.rb +24 -0
  144. data/lib/mdm.rb +12 -0
  145. data/lib/mdm/host/operating_system_normalization.rb +984 -0
  146. data/lib/metasploit_data_models.rb +60 -0
  147. data/lib/metasploit_data_models/base64_serializer.rb +103 -0
  148. data/lib/metasploit_data_models/engine.rb +23 -0
  149. data/lib/metasploit_data_models/serialized_prefs.rb +23 -0
  150. data/lib/metasploit_data_models/validators/ip_format_validator.rb +13 -0
  151. data/lib/metasploit_data_models/validators/password_is_strong_validator.rb +70 -0
  152. data/lib/metasploit_data_models/version.rb +8 -0
  153. data/lib/tasks/yard.rake +26 -0
  154. data/metasploit_data_models.gemspec +54 -0
  155. data/script/rails +8 -0
  156. data/spec/app/models/mdm/module_action_spec.rb +38 -0
  157. data/spec/app/models/mdm/module_arch_spec.rb +38 -0
  158. data/spec/app/models/mdm/module_author_spec.rb +50 -0
  159. data/spec/app/models/mdm/module_detail_spec.rb +291 -0
  160. data/spec/app/models/mdm/module_mixin_spec.rb +38 -0
  161. data/spec/app/models/mdm/module_platform_spec.rb +38 -0
  162. data/spec/app/models/mdm/module_ref_spec.rb +38 -0
  163. data/spec/app/models/mdm/module_target_spec.rb +41 -0
  164. data/spec/app/models/mdm/web_vuln_spec.rb +126 -0
  165. data/spec/dummy/Rakefile +7 -0
  166. data/spec/dummy/app/assets/javascripts/application.js +15 -0
  167. data/spec/dummy/app/assets/stylesheets/application.css +13 -0
  168. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  169. data/spec/dummy/app/helpers/application_helper.rb +2 -0
  170. data/spec/dummy/app/mailers/.gitkeep +0 -0
  171. data/spec/dummy/app/models/.gitkeep +0 -0
  172. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  173. data/spec/dummy/config.ru +4 -0
  174. data/spec/dummy/config/application.rb +61 -0
  175. data/spec/dummy/config/boot.rb +10 -0
  176. data/spec/dummy/config/database.yml.example +22 -0
  177. data/spec/dummy/config/database.yml.travis +22 -0
  178. data/spec/dummy/config/environment.rb +5 -0
  179. data/spec/dummy/config/environments/development.rb +37 -0
  180. data/spec/dummy/config/environments/production.rb +67 -0
  181. data/spec/dummy/config/environments/test.rb +37 -0
  182. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  183. data/spec/dummy/config/initializers/inflections.rb +15 -0
  184. data/spec/dummy/config/initializers/mime_types.rb +5 -0
  185. data/spec/dummy/config/initializers/secret_token.rb +7 -0
  186. data/spec/dummy/config/initializers/session_store.rb +8 -0
  187. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  188. data/spec/dummy/config/routes.rb +2 -0
  189. data/spec/dummy/db/schema.rb +639 -0
  190. data/spec/dummy/lib/assets/.gitkeep +0 -0
  191. data/spec/dummy/log/.gitkeep +0 -0
  192. data/spec/dummy/public/404.html +26 -0
  193. data/spec/dummy/public/422.html +26 -0
  194. data/spec/dummy/public/500.html +25 -0
  195. data/spec/dummy/public/favicon.ico +0 -0
  196. data/spec/dummy/script/rails +6 -0
  197. data/spec/factories/mdm/addresses.rb +7 -0
  198. data/spec/factories/mdm/hosts.rb +18 -0
  199. data/spec/factories/mdm/module_actions.rb +14 -0
  200. data/spec/factories/mdm/module_archs.rb +14 -0
  201. data/spec/factories/mdm/module_authors.rb +22 -0
  202. data/spec/factories/mdm/module_details.rb +9 -0
  203. data/spec/factories/mdm/module_mixins.rb +14 -0
  204. data/spec/factories/mdm/module_platforms.rb +14 -0
  205. data/spec/factories/mdm/module_refs.rb +14 -0
  206. data/spec/factories/mdm/module_targets.rb +19 -0
  207. data/spec/factories/mdm/services.rb +35 -0
  208. data/spec/factories/mdm/users.rb +22 -0
  209. data/spec/factories/mdm/web_sites.rb +8 -0
  210. data/spec/factories/mdm/web_vulns.rb +64 -0
  211. data/spec/factories/mdm/workspaces.rb +23 -0
  212. data/spec/lib/base64_serializer_spec.rb +174 -0
  213. data/spec/spec_helper.rb +36 -0
  214. metadata +472 -0
@@ -0,0 +1,60 @@
1
+ #
2
+ # Core
3
+ #
4
+ require 'shellwords'
5
+
6
+ #
7
+ # Gems
8
+ #
9
+ require 'active_record'
10
+ require 'active_support'
11
+ require 'active_support/all'
12
+ require 'active_support/dependencies'
13
+
14
+ #
15
+ # Project
16
+ #
17
+ require 'mdm'
18
+ require 'metasploit_data_models/version'
19
+ require 'metasploit_data_models/serialized_prefs'
20
+ require 'metasploit_data_models/base64_serializer'
21
+
22
+ require 'metasploit_data_models/validators/ip_format_validator'
23
+ require 'metasploit_data_models/validators/password_is_strong_validator'
24
+
25
+ # Only include the Rails engine when using Rails. This allows the non-Rails projects, like metasploit-framework to use
26
+ # the models by calling MetasploitDataModels.require_models.
27
+ if defined? Rails
28
+ require 'metasploit_data_models/engine'
29
+ end
30
+
31
+ module MetasploitDataModels
32
+ def self.models_pathname
33
+ root.join('app', 'models')
34
+ end
35
+
36
+ def self.require_models
37
+ models_globs = models_pathname.join('**', '*.rb')
38
+
39
+ Dir.glob(models_globs) do |model_path|
40
+ require model_path
41
+ end
42
+ end
43
+
44
+ def self.root
45
+ unless instance_variable_defined? :@root
46
+ lib_pathname = Pathname.new(__FILE__).dirname
47
+
48
+ @root = lib_pathname.parent
49
+ end
50
+
51
+ @root
52
+ end
53
+ end
54
+
55
+ lib_pathname = MetasploitDataModels.root.join('lib')
56
+ # has to work under 1.8.7, so can't use to_path
57
+ lib_path = lib_pathname.to_s
58
+ # Add path to gem's lib so that concerns for models are loaded correctly if models are reloaded
59
+ ActiveSupport::Dependencies.autoload_paths << lib_path
60
+ ActiveSupport::Dependencies.autoload_once_paths << lib_path
@@ -0,0 +1,103 @@
1
+ # Provides ActiveRecord 3.1x-friendly serialization for descendants of
2
+ # ActiveRecord::Base. Backwards compatible with older YAML methods and
3
+ # will fall back to string decoding in the worst case
4
+ #
5
+ # @example Using default default of {}
6
+ # serialize :foo, MetasploitDataModels::Base64Serializer.new
7
+ #
8
+ # @example Overriding default to []
9
+ # serialize :bar, MetasploitDataModels::Base64Serializer.new(:default => [])
10
+ #
11
+ module MetasploitDataModels
12
+ class Base64Serializer
13
+ #
14
+ # CONSTANTS
15
+ #
16
+
17
+ # The default for {#default}
18
+ DEFAULT = {}
19
+ # Deserializers for {#load}
20
+ # 1. Base64 decoding and then unmarshalling the value.
21
+ # 2. Parsing the value as YAML.
22
+ # 3. The raw value.
23
+ LOADERS = [
24
+ lambda { |serialized|
25
+ marshaled = serialized.unpack('m').first
26
+ # Load the unpacked Marshal object first
27
+ Marshal.load(marshaled)
28
+ },
29
+ lambda { |serialized|
30
+ # Support legacy YAML encoding for existing data
31
+ YAML.load(serialized)
32
+ },
33
+ lambda { |serialized|
34
+ # Fall back to string decoding
35
+ serialized
36
+ }
37
+ ]
38
+
39
+ #
40
+ # Methods
41
+ #
42
+
43
+ # Creates a duplicate of default value
44
+ #
45
+ # @return
46
+ def default
47
+ @default.dup
48
+ end
49
+
50
+ attr_writer :default
51
+
52
+ # Serializes the value by marshalling the value and then base64 encodes the marshaled value.
53
+ #
54
+ # @param value [Object] value to serialize
55
+ # @return [String]
56
+ def dump(value)
57
+ # Always store data back in the Marshal format
58
+ marshalled = Marshal.dump(value)
59
+ base64_encoded = [ marshalled ].pack('m')
60
+
61
+ base64_encoded
62
+ end
63
+
64
+ # @param attributes [Hash] attributes
65
+ # @option attributes [Object] :default ({}) Value to use for {#default}.
66
+ def initialize(attributes={})
67
+ attributes.assert_valid_keys(:default)
68
+
69
+ @default = attributes.fetch(:default, DEFAULT)
70
+ end
71
+
72
+ # Deserializes the value by either
73
+ # 1. Base64 decoding and then unmarshalling the value.
74
+ # 2. Parsing the value as YAML.
75
+ # 3. Returns the raw value.
76
+ #
77
+ # @param value [String] serialized value
78
+ # @return [Object]
79
+ #
80
+ # @see #default
81
+ def load(value)
82
+ loaded = nil
83
+
84
+ if value.blank?
85
+ loaded = default
86
+ else
87
+ LOADERS.each do |loader|
88
+ begin
89
+ loaded = loader.call(value)
90
+ rescue
91
+ next
92
+ else
93
+ break
94
+ end
95
+ end
96
+ end
97
+
98
+ loaded
99
+ end
100
+ end
101
+ end
102
+
103
+
@@ -0,0 +1,23 @@
1
+ require 'rails'
2
+
3
+ module MetasploitDataModels
4
+ class Engine < Rails::Engine
5
+ # @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl
6
+ config.generators do |g|
7
+ g.assets false
8
+ g.fixture_replacement :factory_girl, :dir => 'spec/factories'
9
+ g.helper false
10
+ g.test_framework :rspec, :fixture => false
11
+ end
12
+
13
+ initializer 'metasploit_data_models.prepend_factory_path', :after => 'factory_girl.set_factory_paths' do
14
+ if defined? FactoryGirl
15
+ relative_definition_file_path = config.generators.options[:factory_girl][:dir]
16
+ definition_file_path = root.join(relative_definition_file_path)
17
+
18
+ # unshift so that Pro can modify mdm factories
19
+ FactoryGirl.definition_file_paths.unshift definition_file_path
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,23 @@
1
+ module MetasploitDataModels
2
+ module SerializedPrefs
3
+ def serialized_prefs_attr_accessor(*args)
4
+ args.each do |method_name|
5
+
6
+ method_declarations = <<-RUBY
7
+ def #{method_name}
8
+ return if not self.prefs
9
+ self.prefs[:#{method_name}]
10
+ end
11
+
12
+ def #{method_name}=(value)
13
+ temp = self.prefs || {}
14
+ temp[:#{method_name}] = value
15
+ self.prefs = temp
16
+ end
17
+ RUBY
18
+
19
+ class_eval method_declarations, __FILE__, __LINE__
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,13 @@
1
+ require "ipaddr"
2
+
3
+ class IpFormatValidator < ActiveModel::EachValidator
4
+ def validate_each(object, attribute, value)
5
+ error_message_block = lambda{ object.errors[attribute] << " must be a valid IPv4 or IPv6 address" }
6
+ begin
7
+ potential_ip = IPAddr.new(value)
8
+ error_message_block.call unless potential_ip.ipv4? || potential_ip.ipv6?
9
+ rescue ArgumentError
10
+ error_message_block.call
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,70 @@
1
+ class PasswordIsStrongValidator < ActiveModel::EachValidator
2
+ COMMON_PASSWORDS = %w{
3
+ password pass root admin metasploit
4
+ msf 123456 qwerty abc123 letmein monkey link182 demo
5
+ changeme test1234 rapid7
6
+ }
7
+
8
+ def validate_each(record, attribute, value)
9
+ return if value.blank?
10
+
11
+ if is_simple?(value)
12
+ record.errors[attribute] << "must contain letters, numbers, and at least one special character"
13
+ end
14
+
15
+ if contains_username?(record.username, value)
16
+ record.errors[attribute] << "must not contain the username"
17
+ end
18
+
19
+ if is_common_password?(value)
20
+ record.errors[attribute] << "must not be a common password"
21
+ end
22
+
23
+ if contains_repetition?(value)
24
+ record.errors[attribute] << "must not be a predictable sequence of characters"
25
+ end
26
+ end
27
+
28
+ private
29
+
30
+ def is_simple?(password)
31
+ not (password =~ /[A-Za-z]/ and password =~ /[0-9]/ and password =~ /[\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x3a\x3b\x3c\x3d\x3e\x3f\x5b\x5c\x5d\x5e\x5f\x60\x7b\x7c\x7d\x7e]/)
32
+ end
33
+
34
+ def contains_username?(username, password)
35
+ password =~ /#{username}/i
36
+ end
37
+
38
+ def is_common_password?(password)
39
+ COMMON_PASSWORDS.each do |pw|
40
+ common_pw = [pw, pw + "!", pw + "1", pw + "12", pw + "123", pw + "1234"]
41
+ if common_pw.include?(password.downcase)
42
+ return true
43
+ end
44
+ end
45
+ false
46
+ end
47
+
48
+ def contains_repetition?(password)
49
+ # Password repetition (quite basic) -- no "aaaaaa" or "ababab" or "abcabc" or
50
+ # "abcdabcd" (but note that the user can use "aaaaaab" or something).
51
+
52
+ if password.scan(/./).uniq.size < 2
53
+ return true
54
+ end
55
+
56
+ if (password.size % 2 == 0) and (password.scan(/../).uniq.size < 2)
57
+ return true
58
+ end
59
+
60
+ if (password.size % 3 == 0) and (password.scan(/.../).uniq.size < 2)
61
+ return true
62
+ end
63
+
64
+ if (password.size % 4 == 0) and (password.scan(/..../).uniq.size < 2)
65
+ return true
66
+ end
67
+
68
+ false
69
+ end
70
+ end
@@ -0,0 +1,8 @@
1
+ module MetasploitDataModels
2
+ # MetasploitDataModels follows the {http://semver.org/ Semantic Versioning Specification}. At this time, the API
3
+ # is considered unstable because although the database migrations have moved from
4
+ # metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
5
+ # migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
6
+ # and pro, so models may be removed in the future. Because of the unstable API the version should remain below 1.0.0
7
+ VERSION = '0.7.0'
8
+ end
@@ -0,0 +1,26 @@
1
+ # @note All options not specific to any given rake task should go in the .yardopts file so they are available to both
2
+ # the below rake tasks and when invoking `yard` from the command line
3
+
4
+ if defined? YARD
5
+ namespace :yard do
6
+ YARD::Rake::YardocTask.new(:doc) do |t|
7
+ # --no-stats here as 'stats' task called after will print fuller stats
8
+ t.options = ['--no-stats']
9
+
10
+ t.after = Proc.new {
11
+ Rake::Task['yard:stats'].execute
12
+ }
13
+ end
14
+
15
+ desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods"
16
+ task :stats => :environment do
17
+ stats = YARD::CLI::Stats.new
18
+ stats.run('--compact', '--list-undoc')
19
+ end
20
+ end
21
+
22
+ # @todo Figure out how to just clone description from yard:doc
23
+ desc "Generate YARD documentation"
24
+ # allow calling namespace to as a task that goes to default task for namespace
25
+ task :yard => ['yard:doc']
26
+ end
@@ -0,0 +1,54 @@
1
+ # -*- encoding: utf-8 -*-
2
+ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
3
+ require 'metasploit_data_models/version'
4
+
5
+ Gem::Specification.new do |s|
6
+ s.name = 'metasploit_data_models'
7
+ s.version = MetasploitDataModels::VERSION
8
+ s.authors = [
9
+ 'Samuel Huckins',
10
+ 'Luke Imhoff',
11
+ 'Trevor Rosen'
12
+ ]
13
+ s.email = [
14
+ 'shuckins@rapid7.com',
15
+ 'luke_imhoff@rapid7.com',
16
+ 'trevor_rosen@rapid7.com'
17
+ ]
18
+ s.homepage = ""
19
+ s.summary = %q{Database code for MSF and Metasploit Pro}
20
+ s.description = %q{Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions.}
21
+
22
+ s.files = `git ls-files`.split("\n")
23
+ s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
24
+ s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
25
+ s.require_paths = ['lib']
26
+
27
+ # ---- Dependencies ----
28
+ s.add_development_dependency 'rake'
29
+
30
+ # documentation
31
+ s.add_development_dependency 'yard'
32
+ # debugging
33
+ s.add_development_dependency 'pry'
34
+
35
+ s.add_runtime_dependency 'activerecord', '>= 3.2.13'
36
+ s.add_runtime_dependency 'activesupport'
37
+
38
+ if RUBY_PLATFORM =~ /java/
39
+ # markdown formatting for yard
40
+ s.add_development_dependency 'kramdown'
41
+
42
+ s.add_runtime_dependency 'jdbc-postgres'
43
+ s.add_runtime_dependency 'activerecord-jdbcpostgresql-adapter'
44
+
45
+ s.platform = Gem::Platform::JAVA
46
+ else
47
+ # markdown formatting for yard
48
+ s.add_development_dependency 'redcarpet'
49
+
50
+ s.add_runtime_dependency 'pg'
51
+
52
+ s.platform = Gem::Platform::RUBY
53
+ end
54
+ end
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env ruby
2
+ # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
3
+
4
+ ENGINE_ROOT = File.expand_path('../..', __FILE__)
5
+ ENGINE_PATH = File.expand_path('../../lib/metasploit_data_models/engine', __FILE__)
6
+
7
+ require 'rails/all'
8
+ require 'rails/engine/commands'
@@ -0,0 +1,38 @@
1
+ require 'spec_helper'
2
+
3
+ describe Mdm::ModuleAction do
4
+ context 'associations' do
5
+ it { should belong_to(:module_detail).class_name('Mdm::ModuleDetail') }
6
+ end
7
+
8
+ context 'database' do
9
+ context 'columns' do
10
+ it { should have_db_column(:module_detail_id).of_type(:integer) }
11
+ it { should have_db_column(:name).of_type(:text) }
12
+ end
13
+
14
+ context 'indices' do
15
+ it { should have_db_index(:module_detail_id) }
16
+ end
17
+ end
18
+
19
+ context 'factories' do
20
+ context 'mdm_module_action' do
21
+ subject(:mdm_module_action) do
22
+ FactoryGirl.build(:mdm_module_action)
23
+ end
24
+
25
+ it { should be_valid }
26
+ end
27
+ end
28
+
29
+ context 'mass assignment security' do
30
+ it { should_not allow_mass_assignment_of(:module_detail_id) }
31
+ it { should allow_mass_assignment_of(:name) }
32
+ end
33
+
34
+ context 'validations' do
35
+ it { should validate_presence_of(:module_detail) }
36
+ it { should validate_presence_of(:name) }
37
+ end
38
+ end
@@ -0,0 +1,38 @@
1
+ require 'spec_helper'
2
+
3
+ describe Mdm::ModuleArch do
4
+ context 'associations' do
5
+ it { should belong_to(:module_detail).class_name('Mdm::ModuleDetail') }
6
+ end
7
+
8
+ context 'database' do
9
+ context 'columns' do
10
+ it { should have_db_column(:module_detail_id).of_type(:integer) }
11
+ it { should have_db_column(:name).of_type(:text) }
12
+ end
13
+
14
+ context 'indices' do
15
+ it { should have_db_index(:module_detail_id) }
16
+ end
17
+ end
18
+
19
+ context 'factories' do
20
+ context 'mdm_module_arch' do
21
+ subject(:mdm_module_arch) do
22
+ FactoryGirl.build(:mdm_module_arch)
23
+ end
24
+
25
+ it { should be_valid }
26
+ end
27
+ end
28
+
29
+ context 'mass assignment security' do
30
+ it { should_not allow_mass_assignment_of(:module_detail_id) }
31
+ it { should allow_mass_assignment_of(:name) }
32
+ end
33
+
34
+ context 'validations' do
35
+ it { should validate_presence_of(:module_detail) }
36
+ it { should validate_presence_of(:name) }
37
+ end
38
+ end