RubyGems - metasploit_data_models - Versions diffs - 0.7.0-java - Mend

metasploit_data_models 0.7.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

data/.gitignore +24 -0
data/.rspec +3 -0
data/.simplecov +38 -0
data/.travis.yml +6 -0
data/.yardopts +4 -0
data/Gemfile +27 -0
data/LICENSE +27 -0
data/README.md +72 -0
data/Rakefile +53 -0
data/app/models/mdm/api_key.rb +20 -0
data/app/models/mdm/client.rb +9 -0
data/app/models/mdm/cred.rb +93 -0
data/app/models/mdm/event.rb +30 -0
data/app/models/mdm/exploit_attempt.rb +14 -0
data/app/models/mdm/exploited_host.rb +11 -0
data/app/models/mdm/host.rb +134 -0
data/app/models/mdm/host_detail.rb +15 -0
data/app/models/mdm/host_tag.rb +13 -0
data/app/models/mdm/imported_cred.rb +10 -0
data/app/models/mdm/listener.rb +24 -0
data/app/models/mdm/loot.rb +63 -0
data/app/models/mdm/macro.rb +20 -0
data/app/models/mdm/mod_ref.rb +3 -0
data/app/models/mdm/module_action.rb +24 -0
data/app/models/mdm/module_arch.rb +24 -0
data/app/models/mdm/module_author.rb +25 -0
data/app/models/mdm/module_detail.rb +59 -0
data/app/models/mdm/module_mixin.rb +24 -0
data/app/models/mdm/module_platform.rb +24 -0
data/app/models/mdm/module_ref.rb +24 -0
data/app/models/mdm/module_target.rb +26 -0
data/app/models/mdm/nexpose_console.rb +20 -0
data/app/models/mdm/note.rb +49 -0
data/app/models/mdm/profile.rb +9 -0
data/app/models/mdm/ref.rb +14 -0
data/app/models/mdm/report.rb +50 -0
data/app/models/mdm/report_template.rb +27 -0
data/app/models/mdm/route.rb +9 -0
data/app/models/mdm/service.rb +56 -0
data/app/models/mdm/session.rb +48 -0
data/app/models/mdm/session_event.rb +9 -0
data/app/models/mdm/tag.rb +46 -0
data/app/models/mdm/task.rb +41 -0
data/app/models/mdm/user.rb +25 -0
data/app/models/mdm/vuln.rb +60 -0
data/app/models/mdm/vuln_attempt.rb +15 -0
data/app/models/mdm/vuln_detail.rb +14 -0
data/app/models/mdm/vuln_ref.rb +13 -0
data/app/models/mdm/web_form.rb +16 -0
data/app/models/mdm/web_page.rb +16 -0
data/app/models/mdm/web_site.rb +47 -0
data/app/models/mdm/web_vuln.rb +190 -0
data/app/models/mdm/wmap_request.rb +3 -0
data/app/models/mdm/wmap_target.rb +3 -0
data/app/models/mdm/workspace.rb +196 -0
data/bin/mdm_console +68 -0
data/console_db.yml +9 -0
data/db/migrate/000_create_tables.rb +79 -0
data/db/migrate/001_add_wmap_tables.rb +35 -0
data/db/migrate/002_add_workspaces.rb +36 -0
data/db/migrate/003_move_notes.rb +20 -0
data/db/migrate/004_add_events_table.rb +16 -0
data/db/migrate/005_expand_info.rb +58 -0
data/db/migrate/006_add_timestamps.rb +26 -0
data/db/migrate/007_add_loots.rb +20 -0
data/db/migrate/008_create_users.rb +16 -0
data/db/migrate/009_add_loots_ctype.rb +10 -0
data/db/migrate/010_add_alert_fields.rb +16 -0
data/db/migrate/011_add_reports.rb +19 -0
data/db/migrate/012_add_tasks.rb +24 -0
data/db/migrate/013_add_tasks_result.rb +10 -0
data/db/migrate/014_add_loots_fields.rb +12 -0
data/db/migrate/015_rename_user.rb +16 -0
data/db/migrate/016_add_host_purpose.rb +10 -0
data/db/migrate/017_expand_info2.rb +58 -0
data/db/migrate/018_add_workspace_user_info.rb +29 -0
data/db/migrate/019_add_workspace_desc.rb +23 -0
data/db/migrate/020_add_user_preferences.rb +11 -0
data/db/migrate/021_standardize_info_and_data.rb +18 -0
data/db/migrate/022_enlarge_event_info.rb +10 -0
data/db/migrate/023_add_report_downloaded_at.rb +10 -0
data/db/migrate/024_convert_service_info_to_text.rb +12 -0
data/db/migrate/025_add_user_admin.rb +19 -0
data/db/migrate/026_add_creds_table.rb +19 -0
data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
data/db/migrate/20100911122000_add_report_templates.rb +18 -0
data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
data/db/migrate/20101001000000_add_web_tables.rb +57 -0
data/db/migrate/20101002000000_add_query.rb +10 -0
data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
data/db/migrate/20110204112800_add_host_tags.rb +28 -0
data/db/migrate/20110317144932_add_session_table.rb +110 -0
data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
data/db/migrate/20110415175705_add_routes_table.rb +18 -0
data/db/migrate/20110422000000_convert_binary.rb +73 -0
data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
data/db/migrate/20110606000001_add_macros_table.rb +16 -0
data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
data/db/migrate/20110812000001_prune_indexes.rb +23 -0
data/db/migrate/20110922000000_expand_notes.rb +9 -0
data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
data/db/migrate/20111203000000_inet_columns.rb +13 -0
data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
data/db/migrate/20120625000001_add_host_details.rb +16 -0
data/db/migrate/20120625000002_expand_details.rb +16 -0
data/db/migrate/20120625000003_expand_details2.rb +24 -0
data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
data/db/migrate/20120625000006_add_module_details.rb +118 -0
data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
data/db/migrate/20120625000008_add_fail_message.rb +12 -0
data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +35 -0
data/db/migrate/20130423211152_add_creds_counter_cache.rb +24 -0
data/lib/mdm.rb +12 -0
data/lib/mdm/host/operating_system_normalization.rb +984 -0
data/lib/metasploit_data_models.rb +60 -0
data/lib/metasploit_data_models/base64_serializer.rb +103 -0
data/lib/metasploit_data_models/engine.rb +23 -0
data/lib/metasploit_data_models/serialized_prefs.rb +23 -0
data/lib/metasploit_data_models/validators/ip_format_validator.rb +13 -0
data/lib/metasploit_data_models/validators/password_is_strong_validator.rb +70 -0
data/lib/metasploit_data_models/version.rb +8 -0
data/lib/tasks/yard.rake +26 -0
data/metasploit_data_models.gemspec +54 -0
data/script/rails +8 -0
data/spec/app/models/mdm/module_action_spec.rb +38 -0
data/spec/app/models/mdm/module_arch_spec.rb +38 -0
data/spec/app/models/mdm/module_author_spec.rb +50 -0
data/spec/app/models/mdm/module_detail_spec.rb +291 -0
data/spec/app/models/mdm/module_mixin_spec.rb +38 -0
data/spec/app/models/mdm/module_platform_spec.rb +38 -0
data/spec/app/models/mdm/module_ref_spec.rb +38 -0
data/spec/app/models/mdm/module_target_spec.rb +41 -0
data/spec/app/models/mdm/web_vuln_spec.rb +126 -0
data/spec/dummy/Rakefile +7 -0
data/spec/dummy/app/assets/javascripts/application.js +15 -0
data/spec/dummy/app/assets/stylesheets/application.css +13 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/mailers/.gitkeep +0 -0
data/spec/dummy/app/models/.gitkeep +0 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/config/application.rb +61 -0
data/spec/dummy/config/boot.rb +10 -0
data/spec/dummy/config/database.yml.example +22 -0
data/spec/dummy/config/database.yml.travis +22 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +37 -0
data/spec/dummy/config/environments/production.rb +67 -0
data/spec/dummy/config/environments/test.rb +37 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/inflections.rb +15 -0
data/spec/dummy/config/initializers/mime_types.rb +5 -0
data/spec/dummy/config/initializers/secret_token.rb +7 -0
data/spec/dummy/config/initializers/session_store.rb +8 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/routes.rb +2 -0
data/spec/dummy/db/schema.rb +639 -0
data/spec/dummy/lib/assets/.gitkeep +0 -0
data/spec/dummy/log/.gitkeep +0 -0
data/spec/dummy/public/404.html +26 -0
data/spec/dummy/public/422.html +26 -0
data/spec/dummy/public/500.html +25 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/script/rails +6 -0
data/spec/factories/mdm/addresses.rb +7 -0
data/spec/factories/mdm/hosts.rb +18 -0
data/spec/factories/mdm/module_actions.rb +14 -0
data/spec/factories/mdm/module_archs.rb +14 -0
data/spec/factories/mdm/module_authors.rb +22 -0
data/spec/factories/mdm/module_details.rb +9 -0
data/spec/factories/mdm/module_mixins.rb +14 -0
data/spec/factories/mdm/module_platforms.rb +14 -0
data/spec/factories/mdm/module_refs.rb +14 -0
data/spec/factories/mdm/module_targets.rb +19 -0
data/spec/factories/mdm/services.rb +35 -0
data/spec/factories/mdm/users.rb +22 -0
data/spec/factories/mdm/web_sites.rb +8 -0
data/spec/factories/mdm/web_vulns.rb +64 -0
data/spec/factories/mdm/workspaces.rb +23 -0
data/spec/lib/base64_serializer_spec.rb +174 -0
data/spec/spec_helper.rb +36 -0
metadata +472 -0

data/app/models/mdm/user.rb ADDED

@@ -0,0 +1,25 @@
+class Mdm::User < ActiveRecord::Base
+  extend MetasploitDataModels::SerializedPrefs
+  #
+  # Relations
+  #
+  has_many :owned_workspaces, :foreign_key => 'owner_id', :class_name => 'Mdm::Workspace'
+  has_many :tags, :class_name => 'Mdm::Tag'
+  has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace'
+  #
+  # Serialziations
+  #
+  serialize :prefs, MetasploitDataModels::Base64Serializer.new
+  serialized_prefs_attr_accessor :nexpose_host, :nexpose_port, :nexpose_user, :nexpose_pass, :nexpose_creds_type, :nexpose_creds_user, :nexpose_creds_pass
+  serialized_prefs_attr_accessor :http_proxy_host, :http_proxy_port, :http_proxy_user, :http_proxy_pass
+  serialized_prefs_attr_accessor :time_zone, :session_key
+  serialized_prefs_attr_accessor :last_login_address # specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for serialized fields)
+  ActiveSupport.run_load_hooks(:mdm_user, self)
+end

data/app/models/mdm/vuln.rb ADDED

@@ -0,0 +1,60 @@
+class Mdm::Vuln < ActiveRecord::Base
+  #
+  # Callbacks
+  #
+  after_update :save_refs
+  #
+  # Relations
+  #
+  belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :vuln_count
+  belongs_to :service, :class_name => 'Mdm::Service', :foreign_key => :service_id
+  has_many :vuln_attempts,  :dependent => :destroy, :class_name => 'Mdm::VulnAttempt'
+  has_many :vuln_details,  :dependent => :destroy, :class_name => 'Mdm::VulnDetail'
+  has_many :vulns_refs, :class_name => 'Mdm::VulnRef'
+  #
+  # Through :vuln_refs
+  #
+  has_many :refs, :through => :vulns_refs, :class_name => 'Mdm::Ref'
+  #
+  # Scopes
+  #
+  scope :search, lambda { |*args|
+    where(
+        [
+            '(vulns.name ILIKE ? or vulns.info ILIKE ? or refs.name ILIKE ?)',
+            "%#{args[0]}%",
+            "%#{args[0]}%",
+            "%#{args[0]}%"
+        ]
+    ).joins(
+        'LEFT OUTER JOIN vulns_refs ON vulns_refs.vuln_id=vulns.id LEFT OUTER JOIN refs ON refs.id=vulns_refs.ref_id'
+    )
+  }
+  #
+  # Validations
+  #
+  validates :name, :presence => true
+  validates_associated :refs
+  private
+  def before_destroy
+    Mdm::VulnRef.delete_all('vuln_id = ?', self.id)
+    Mdm::VulnDetail.delete_all('vuln_id = ?', self.id)
+    Mdm::VulnAttempt.delete_all('vuln_id = ?', self.id)
+  end
+  def save_refs
+    refs.each { |ref| ref.save(:validate => false) }
+  end
+  ActiveSupport.run_load_hooks(:mdm_vuln, self)
+end

data/app/models/mdm/vuln_attempt.rb ADDED

@@ -0,0 +1,15 @@
+class Mdm::VulnAttempt < ActiveRecord::Base
+  #
+  # Relations
+  #
+  belongs_to :vuln, :class_name => 'Mdm::Vuln', :counter_cache => :vuln_attempt_count
+  #
+  # Validations
+  #
+  validates :vuln_id, :presence => true
+  ActiveSupport.run_load_hooks(:mdm_vuln_attempt, self)
+end

data/app/models/mdm/vuln_detail.rb ADDED

@@ -0,0 +1,14 @@
+class Mdm::VulnDetail < ActiveRecord::Base
+  #
+  # Relations
+  #
+  belongs_to :vuln, :class_name => 'Mdm::Vuln', :counter_cache => :vuln_detail_count
+  #
+  # Validations
+  #
+  validates :vuln_id, :presence => true
+  ActiveSupport.run_load_hooks(:mdm_vuln_detail, self)
+end

data/app/models/mdm/vuln_ref.rb ADDED

@@ -0,0 +1,13 @@
+class Mdm::VulnRef < ActiveRecord::Base
+  self.table_name = 'vulns_refs'
+  #
+  # Relations
+  #
+  belongs_to :ref, :class_name => 'Mdm::Ref'
+  belongs_to :vuln, :class_name => 'Mdm::Vuln'
+  ActiveSupport.run_load_hooks(:mdm_vuln_ref, self)
+end

data/app/models/mdm/web_form.rb ADDED

@@ -0,0 +1,16 @@
+class Mdm::WebForm < ActiveRecord::Base
+  #
+  # Relations
+  #
+  belongs_to :web_site, :class_name => 'Mdm::WebSite'
+  #
+  # Serializations
+  #
+  serialize :params, MetasploitDataModels::Base64Serializer.new
+  ActiveSupport.run_load_hooks(:mdm_web_form, self)
+end

data/app/models/mdm/web_page.rb ADDED

@@ -0,0 +1,16 @@
+class Mdm::WebPage < ActiveRecord::Base
+  #
+  # Relations
+  #
+  belongs_to :web_site, :class_name => 'Mdm::WebSite'
+  #
+  # Serializations
+  #
+  serialize :headers, MetasploitDataModels::Base64Serializer.new
+  ActiveSupport.run_load_hooks(:mdm_web_page, self)
+end

data/app/models/mdm/web_site.rb ADDED

@@ -0,0 +1,47 @@
+class Mdm::WebSite < ActiveRecord::Base
+  #
+  # Relations
+  #
+  belongs_to :service, :class_name => 'Mdm::Service', :foreign_key => 'service_id'
+  has_many :web_forms, :dependent => :destroy, :class_name => 'Mdm::WebForm'
+  has_many :web_pages, :dependent => :destroy, :class_name => 'Mdm::WebPage'
+  has_many :web_vulns, :dependent => :destroy, :class_name => 'Mdm::WebVuln'
+  #
+  # Serializations
+  #
+  serialize :options, ::MetasploitDataModels::Base64Serializer.new
+  def form_count
+    web_forms.size
+  end
+  def page_count
+    web_pages.size
+  end
+  def to_url(ignore_vhost=false)
+    proto = self.service.name == "https" ? "https" : "http"
+    host = ignore_vhost ? self.service.host.address : self.vhost
+    port = self.service.port
+    if Rex::Socket.is_ipv6?(host)
+      host = "[#{host}]"
+    end
+    url = "#{proto}://#{host}"
+    if not ((proto == "http" and port == 80) or (proto == "https" and port == 443))
+      url += ":#{port}"
+    end
+    url
+  end
+  def vuln_count
+    web_vulns.size
+  end
+  ActiveSupport.run_load_hooks(:mdm_web_site, self)
+end

data/app/models/mdm/web_vuln.rb ADDED

@@ -0,0 +1,190 @@
+# A Web Vulnerability found during a web scan or web audit.
+#
+# If you need to modify Mdm::WebVuln you can use ActiveSupport.on_load(:mdm_web_vuln) inside an initializer so that
+# your patches are reloaded on each request in development mode for your Rails application.
+#
+# @example extending Mdm::WebVuln
+#   # config/initializers/mdm_web_vuln.rb
+#   ActiveSupport.on_load(:mdm_web_vuln) do
+#     def confidence_percentage
+#       "#{confidence}%"
+#     end
+#   end
+class Mdm::WebVuln < ActiveRecord::Base
+  #
+  # CONSTANTS
+  #
+  # A percentage {#confidence} that the vulnerability is real and not a false positive.
+  CONFIDENCE_RANGE = 0 .. 100
+  # Default value for {#params}
+  DEFAULT_PARAMS = []
+  # Allowed {#method methods}.
+  METHODS = [
+      'GET',
+      # XXX I don't know why PATH is a valid method when it's not an HTTP Method/Verb
+      'PATH',
+      'POST'
+  ]
+  # {#risk Risk} is rated on a scale from 0 (least risky) to 5 (most risky).
+  RISK_RANGE = 0 .. 5
+  #
+  # Associations
+  #
+  belongs_to :web_site, :class_name => 'Mdm::WebSite'
+  #
+  # Attributes
+  #
+  # @!attribute [rw] blame
+  #   Who to blame for the vulnerability
+  #
+  #   @return [String]
+  # @!attribute [rw] category
+  #   Category of this vulnerability.
+  #
+  #   @return [String]
+  # @!attribute [rw] confidence
+  #   Percentage confidence scanner or auditor has that this vulnerability is not a false positive
+  #
+  #   @return [Integer] 1% to 100%
+  # @!attribute [rw] description
+  #   Description of the vulnerability
+  #
+  #   @return [String, nil]
+  # @!attribute [rw] method
+  #   HTTP Methods for request that found vulnerability.  'PATH' is also allowed even though it is not an HTTP Method.
+  #
+  #   @return [String]
+  #   @see METHODS
+  # @!attribute [rw] name
+  #   Name of the vulnerability
+  #
+  #   @return [String]
+  # @!attribute [rw] path
+  #   Path portion of URL
+  #
+  #   @return [String]
+  # @!attribute [rw] payload
+  #   Web audit payload that gets executed by the remote server.  Used for code injection vulnerabilities.
+  #
+  #   @return [String, nil]
+  # @!attribute [rw] pname
+  #   Name of parameter that demonstrates vulnerability
+  #
+  #   @return [String]
+  # @!attribute [rw] proof
+  #   String that proves vulnerability, such as a code snippet, etc.
+  #
+  #   @return [String]
+  # @!attribute [rw] query
+  #   The GET query.
+  #
+  #   @return [String]
+  # @!attribute [rw] request
+  #
+  #   @return [String]
+  # @!attribute [rw] risk
+  #   {RISK_RANGE Risk} of leaving this vulnerability unpatched.
+  #
+  #   @return [Integer]
+  #
+  # Validations
+  #
+  validates :category, :presence => true
+  validates :confidence,
+            :inclusion => {
+                :in => CONFIDENCE_RANGE
+            }
+  validates :method,
+            :inclusion => {
+                :in => METHODS
+            }
+  validates :name, :presence => true
+  validates :path, :presence => true
+  validates :pname, :presence => true
+  validates :proof, :presence => true
+  validates :risk,
+            :inclusion => {
+                :in => RISK_RANGE
+            }
+  validates :web_site, :presence => true
+  #
+  # Serializations
+  #
+  # @!attribute [rw] params
+  #   Parameters sent as part of request
+  #
+  #   @return [Array<Array<(String, String)>>] Array of parameter key value pairs
+  serialize :params, MetasploitDataModels::Base64Serializer.new(:default => DEFAULT_PARAMS)
+  #
+  # Methods
+  #
+  # Parameters sent as part of request.
+  #
+  # @return [Array<Array<(String, String)>>]
+  def params
+    normalize_params(
+        read_attribute(:params)
+    )
+  end
+  # Set parameters sent as part of request.
+  #
+  # @param params [Array<Array<(String, String)>>, nil] Array of parameter key value pairs
+  # @return [void]
+  def params=(params)
+    write_attribute(
+        :params,
+        normalize_params(params)
+    )
+  end
+  private
+  # Creates a duplicate of {DEFAULT_PARAMS} that is safe to modify.
+  #
+  # @return [Array] an empty array
+  def default_params
+    DEFAULT_PARAMS.dup
+  end
+  # Returns either the given params or {DEFAULT_PARAMS} if params is `nil`
+  #
+  # @param [Array<Array<(String, String)>>, nil] params
+  # @return [Array<<Array<(String, String)>>] params if not `nil`
+  # @return [nil] if params is `nil`
+  def normalize_params(params)
+    params || default_params
+  end
+  # switch back to public for load hooks
+  public
+  ActiveSupport.run_load_hooks(:mdm_web_vuln, self)
+end

data/app/models/mdm/wmap_request.rb ADDED

@@ -0,0 +1,3 @@
+class Mdm::WmapRequest < ActiveRecord::Base
+  ActiveSupport.run_load_hooks(:mdm_wmap_request, self)
+end

data/app/models/mdm/wmap_target.rb ADDED

@@ -0,0 +1,3 @@
+class Mdm::WmapTarget < ActiveRecord::Base
+  ActiveSupport.run_load_hooks(:mdm_wmap_target, self)
+end

data/app/models/mdm/workspace.rb ADDED

@@ -0,0 +1,196 @@
+class Mdm::Workspace < ActiveRecord::Base
+  #
+  # Callbacks
+  #
+  before_save :normalize
+  #
+  # CONSTANTS
+  #
+  DEFAULT = 'default'
+  #
+  # Relations
+  #
+  has_many :creds, :through => :services, :class_name => 'Mdm::Cred'
+  has_many :events, :class_name => 'Mdm::Event'
+  has_many :hosts, :dependent => :destroy, :class_name => 'Mdm::Host'
+  has_many :imported_creds, :dependent => :destroy, :class_name => 'Mdm::ImportedCred'
+  has_many :listeners, :dependent => :destroy, :class_name => 'Mdm::Listener'
+  has_many :notes, :class_name => 'Mdm::Note'
+  belongs_to :owner, :class_name => 'Mdm::User', :foreign_key => 'owner_id'
+  has_many :report_templates, :dependent => :destroy, :class_name => 'Mdm::ReportTemplate'
+  has_many :reports, :dependent => :destroy, :class_name => 'Mdm::Report'
+  has_many :tasks, :dependent => :destroy, :class_name => 'Mdm::Task', :order => 'created_at DESC'
+  has_and_belongs_to_many :users, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::User'
+  #
+  # Through :hosts
+  #
+  has_many :clients, :through => :hosts, :class_name => 'Mdm::Client'
+  has_many :exploited_hosts, :through => :hosts, :class_name => 'Mdm::ExploitedHost'
+  has_many :loots, :through => :hosts, :class_name => 'Mdm::Loot'
+  has_many :vulns, :through => :hosts, :class_name => 'Mdm::Vuln'
+  has_many :services, :through => :hosts, :class_name => 'Mdm::Service', :foreign_key => 'service_id'
+  has_many :sessions, :through => :hosts, :class_name => 'Mdm::Session'
+  #
+  # Validations
+  #
+  validates :name, :presence => true, :uniqueness => true, :length => {:maximum => 255}
+  validates :description, :length => {:maximum => 4096}
+  validate :boundary_must_be_ip_range
+  #
+  # If limit_to_network is disabled, this will always return true.
+  # Otherwise, return true only if all of the given IPs are within the project
+  # boundaries.
+  #
+  def allow_actions_on?(ips)
+    return true unless limit_to_network
+    return true unless boundary
+    return true if boundary.empty?
+    boundaries = Shellwords.split(boundary)
+    return true if boundaries.empty? # It's okay if there is no boundary range after all
+    given_range = Rex::Socket::RangeWalker.new(ips)
+    return false unless given_range # Can't do things to nonexistant IPs
+    allowed = false
+    boundaries.each do |boundary_range|
+      ok_range = Rex::Socket::RangeWalker.new(boundary)
+      allowed = true if ok_range.include_range? given_range
+    end
+    return allowed
+  end
+  def boundary_must_be_ip_range
+    errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary)
+  end
+  def creds
+    Mdm::Cred.find(
+        :all,
+        :include => {:service => :host},
+        :conditions => ["hosts.workspace_id = ?", self.id]
+    )
+  end
+  def self.default
+    find_or_create_by_name(DEFAULT)
+  end
+  def default?
+    name == DEFAULT
+  end
+  #
+  # This method iterates the creds table calling the supplied block with the
+  # cred instance of each entry.
+  #
+  def each_cred(&block)
+    creds.each do |cred|
+      block.call(cred)
+    end
+  end
+  def each_host_tag(&block)
+    host_tags.each do |host_tag|
+      block.call(host_tag)
+    end
+  end
+  def host_tags
+    Mdm::Tag.find(
+        :all,
+        :include => :hosts,
+        :conditions => ["hosts.workspace_id = ?", self.id]
+    )
+  end
+  def web_forms
+    query = <<-EOQ
+          SELECT DISTINCT web_forms.*
+          FROM hosts, services, web_sites, web_forms
+          WHERE hosts.workspace_id = #{id} AND
+            services.host_id = hosts.id AND
+            web_sites.service_id = services.id AND
+            web_forms.web_site_id = web_sites.id
+    EOQ
+    Mdm::WebForm.find_by_sql(query)
+  end
+  def web_pages
+    query = <<-EOQ
+          SELECT DISTINCT web_pages.*
+            FROM hosts, services, web_sites, web_pages
+            WHERE hosts.workspace_id = #{id} AND
+            services.host_id = hosts.id AND
+            web_sites.service_id = services.id AND
+            web_pages.web_site_id = web_sites.id
+    EOQ
+    Mdm::WebPage.find_by_sql(query)
+  end
+  def web_sites
+    query = <<-EOQ
+          SELECT DISTINCT web_sites.*
+            FROM hosts, services, web_sites
+            WHERE hosts.workspace_id = #{id} AND
+            services.host_id = hosts.id AND
+            web_sites.service_id = services.id
+    EOQ
+    Mdm::WebSite.find_by_sql(query)
+  end
+  def web_vulns
+    query = <<-EOQ
+          SELECT DISTINCT web_vulns.*
+          FROM hosts, services, web_sites, web_vulns
+            WHERE hosts.workspace_id = #{id} AND
+            services.host_id = hosts.id AND
+            web_sites.service_id = services.id AND
+            web_vulns.web_site_id = web_sites.id
+    EOQ
+    Mdm::WebVuln.find_by_sql(query)
+  end
+  def unique_web_forms
+    query = <<-EOQ
+          SELECT DISTINCT web_forms.web_site_id, web_forms.path, web_forms.method, web_forms.query
+            FROM hosts, services, web_sites, web_forms
+            WHERE hosts.workspace_id = #{id} AND
+            services.host_id = hosts.id AND
+            web_sites.service_id = services.id AND
+            web_forms.web_site_id = web_sites.id
+    EOQ
+    Mdm::WebForm.find_by_sql(query)
+  end
+  def web_unique_forms(addrs=nil)
+    forms = unique_web_forms
+    if addrs
+      forms.reject!{|f| not addrs.include?( f.web_site.service.host.address ) }
+    end
+    forms
+  end
+  private
+  def normalize
+    boundary.strip! if boundary
+  end
+  def valid_ip_or_range?(string)
+    begin
+      Rex::Socket::RangeWalker.new(string)
+    rescue
+      return false
+    end
+  end
+  ActiveSupport.run_load_hooks(:mdm_workspace, self)
+end