metasploit_data_models 0.23.1 → 0.23.2

data/app/models/mdm/workspace.rb

@@ -15,6 +15,14 @@ class Mdm::Workspace < ActiveRecord::Base
   # Relations
   #
 
+  has_many :automatic_exploitation_runs,
+           class_name: 'MetasploitDataModels::AutomaticExploitation::Run',
+           inverse_of: :workspace
+
+  has_many :automatic_exploitation_match_sets,
+           class_name: 'MetasploitDataModels::AutomaticExploitation:MatchSet',
+           inverse_of: :workspace
+
   has_many :creds, :through => :services, :class_name => 'Mdm::Cred'
   has_many :events, :class_name => 'Mdm::Event'
   has_many :hosts, :dependent => :destroy, :class_name => 'Mdm::Host'
@@ -58,7 +66,7 @@ class Mdm::Workspace < ActiveRecord::Base
     allowed = false
     boundaries.each do |boundary_range|
       ok_range = Rex::Socket::RangeWalker.new(boundary)
-      allowed = true if ok_range.include_range? given_range
+      allowed  = true if ok_range.include_range? given_range
     end
     return allowed
   end
@@ -69,9 +77,9 @@ class Mdm::Workspace < ActiveRecord::Base
 
   def creds
     Mdm::Cred.find(
-        :all,
-        :include => {:service => :host},
-        :conditions => ["hosts.workspace_id = ?", self.id]
+      :all,
+      :include    => {:service => :host},
+      :conditions => ["hosts.workspace_id = ?", self.id]
     )
   end
 
@@ -101,9 +109,9 @@ class Mdm::Workspace < ActiveRecord::Base
 
   def host_tags
     Mdm::Tag.find(
-        :all,
-        :include => :hosts,
-        :conditions => ["hosts.workspace_id = ?", self.id]
+      :all,
+      :include    => :hosts,
+      :conditions => ["hosts.workspace_id = ?", self.id]
     )
   end
 
@@ -169,7 +177,7 @@ class Mdm::Workspace < ActiveRecord::Base
   def web_unique_forms(addrs=nil)
     forms = unique_web_forms
     if addrs
-      forms.reject!{|f| not addrs.include?( f.web_site.service.host.address ) }
+      forms.reject! { |f| not addrs.include?(f.web_site.service.host.address) }
     end
     forms
   end

data/app/models/metasploit_data_models/automatic_exploitation.rb

@@ -0,0 +1,5 @@
+module MetasploitDataModels::AutomaticExploitation
+  def self.table_name_prefix
+    'automatic_exploitation_'
+  end
+end

data/app/models/metasploit_data_models/automatic_exploitation/match.rb

@@ -0,0 +1,42 @@
+class MetasploitDataModels::AutomaticExploitation::Match < ActiveRecord::Base
+  attr_accessible :match_set_id, :module_fullname
+
+
+  #
+  # Associations
+  #
+
+  # @!attribute matchable
+  #   A (polymorphic) "matchable" entity like a {Mdm::Vuln} or {Mdm::Service}
+  #
+  #   @return [Mdm::Vuln, Mdm::Service]
+  belongs_to :matchable, polymorphic: true
+  attr_accessible :matchable
+
+  # @!attribute module_detail
+  #   The MSF module that this match connects to
+  #
+  #   @return [Mdm::Module::Detail]
+  belongs_to :module_detail,
+             class_name: 'Mdm::Module::Detail',
+             foreign_key: :module_fullname,
+             primary_key: :fullname
+
+  # @!attribute match_set
+  #   The {MatchSet} this match is part of
+  #
+  #   @return [MetasploitDataModels::AutomaticExploitation::MatchResult]
+  has_many :match_results,
+             class_name: 'MetasploitDataModels::AutomaticExploitation::MatchResult',
+             inverse_of: :match
+
+  # @!attribute match_set
+  #   The {MatchSet} this match is part of
+  #
+  #   @return [MetasploitDataModels::AutomaticExploitation::MatchSet]
+  belongs_to :match_set,
+             class_name: 'MetasploitDataModels::AutomaticExploitation::MatchSet',
+             inverse_of: :matches
+
+  Metasploit::Concern.run(self)
+end

data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb

@@ -0,0 +1,40 @@
+class MetasploitDataModels::AutomaticExploitation::MatchResult < ActiveRecord::Base
+  attr_accessible :match_id, :run_id, :state
+
+  # Running associated exploit did NOT create a session
+  FAILED = "failed"
+  # Running associated exploit created a session
+  SUCCEEDED = "succeeded"
+
+  VALID_STATES = [FAILED, SUCCEEDED]
+
+  #
+  # ASSOCIATIONS
+  #
+
+  belongs_to :match,
+             class_name: 'MetasploitDataModels::AutomaticExploitation::Match',
+             inverse_of: :match_results,
+             dependent: :destroy
+
+  belongs_to :run,
+             inverse_of: :match_results,
+             class_name: 'MetasploitDataModels::AutomaticExploitation::Run'
+
+  #
+  # VALIDATIONS
+  #
+
+  # must be present and one of allowable values
+  validates :state,
+            presence: true,
+            inclusion: VALID_STATES
+
+  #
+  # SCOPES
+  #
+  scope :succeeded, lambda { where(state:"succeeded") }
+  scope :failed, lambda { where(state:"failed") }
+
+  Metasploit::Concern.run(self)
+end

data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb

@@ -0,0 +1,30 @@
+class MetasploitDataModels::AutomaticExploitation::MatchSet < ActiveRecord::Base
+  attr_accessible :user_id, :workspace_id, :minimum_rank
+
+  has_many :runs,
+           class_name: "MetasploitDataModels::AutomaticExploitation::Run",
+           inverse_of: :match_set
+
+  has_many :matches,
+           class_name: "MetasploitDataModels::AutomaticExploitation::Match",
+           inverse_of: :match_set,
+           dependent: :destroy
+
+  belongs_to :workspace,
+             inverse_of: :automatic_exploitation_match_sets,
+             class_name: "Mdm::Workspace"
+
+  belongs_to :user,
+             inverse_of: :automatic_exploitation_match_sets,
+             class_name: "Mdm::User"
+
+
+  validates :user,
+            presence: true
+
+  validates :workspace,
+            presence: true
+
+
+  Metasploit::Concern.run(self)
+end

data/app/models/metasploit_data_models/automatic_exploitation/run.rb

@@ -0,0 +1,27 @@
+class MetasploitDataModels::AutomaticExploitation::Run < ActiveRecord::Base
+  attr_accessible :user_id, :workspace_id, :match_set_id
+
+  #
+  # ASSOCIATIONS
+  #
+  has_many :match_results,
+           class_name:'MetasploitDataModels::AutomaticExploitation::MatchResult',
+           inverse_of: :run,
+           dependent: :destroy
+
+  belongs_to :match_set,
+             class_name: 'MetasploitDataModels::AutomaticExploitation::MatchSet',
+             inverse_of: :runs
+
+  belongs_to :user,
+             class_name: "Mdm::User",
+             inverse_of: :automatic_exploitation_runs
+
+  belongs_to :workspace,
+             class_name: "Mdm::Workspace",
+             inverse_of: :automatic_exploitation_runs
+
+
+
+  Metasploit::Concern.run(self)
+end

data/app/models/metasploit_data_models/module_run.rb

@@ -0,0 +1,213 @@
+# {MetasploitDataModels::ModuleRun} holds the record of having launched a piece of Metasploit content.
+# It has associations to {Mdm::User} for audit purposes, and makes polymorphic associations to things like
+# {Mdm::Vuln} and {Mdm::Host} for flexible record keeping about activity attacking either specific vulns or just
+# making mischief on specific remote targets w/out the context of a vuln or even a remote IP service.
+#
+# There are also associations to {Mdm::Session} for two use cases: a `spawned_session` is a
+# session created by the ModuleRun. A `target_session` is a session that the ModuleRun
+# is acting upon (e.g.) for running a post module.
+class MetasploitDataModels::ModuleRun < ActiveRecord::Base
+  #
+  # Constants
+  #
+
+  # Marks the module as having successfully run
+  SUCCEED     = 'succeeded'
+  # Marks the run as having not run successfully
+  FAIL        = 'failed'
+  # Marks the module as having had a runtime error
+  ERROR       = 'error'
+  # {ModuleRun} objects will be validated against these statuses
+  VALID_STATUSES = [SUCCEED, FAIL, ERROR]
+
+
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] attempted_at
+  #   The date/time when this module was run
+  #   @return [Datetime]
+
+  # @!attribute [rw] fail_detail
+  #   Arbitrary information captured by the module to give in-depth reason for failure
+  #   @return [String]
+
+  # @!attribute [rw] fail_reason
+  #   One of the values of the constants in {Msf::Module::Failure}
+  #   @return [String]
+
+  # @!attribute [rw] module_name
+  #   The Msf::Module#fullname of the module being run
+  #   @return [String]
+
+  # @!attribute [rw] port
+  #   The port that the remote host was attacked on, if any
+  #   @return [Fixnum]
+
+  # @!attribute [rw] proto
+  #   The name of the protocol that the host was attacked on, if any
+  #   @return [String]
+
+  # @!attribute [rw] session_id
+  #   The {Mdm::Session} that this was run with, in the case of a post module. In exploit modules, this field will
+  #   remain null.
+  #   @return [Datetime]
+
+  # @!attribute [rw] status
+  #   The result of running the module
+  #   @return [String]
+
+  # @!attribute [rw] username
+  #   The name of the user running this module
+  #   @return [String]
+
+
+
+  #
+  # Associations
+  #
+
+
+
+  # @!attribute [rw] loots
+  #  The sweet, sweet loot taken by this module_run
+  #
+  #  @return [ActiveRecord::Relation<Mdm::Loot>]
+  has_many :loots,
+           class_name: 'Mdm::Loot',
+           inverse_of: :module_run
+
+  # @!attribute [rw] module_detail
+  #  The cached module information
+  #
+  #  @return [ActiveRecord::Relation<Mdm::Module::Detail>]
+  belongs_to :module_detail,
+             class_name: 'Mdm::Module::Detail',
+             inverse_of: :module_runs,
+             foreign_key: :module_fullname,
+             primary_key: :fullname
+
+  # @!attribute [rw] spawned_session
+  #
+  #  The session created by running this module.
+  #  Note that this is NOT the session that modules are run on.
+  #
+  #  @return [Mdm::Session]
+  has_one :spawned_session,
+             class_name: 'Mdm::Session',
+             inverse_of: :originating_module_run
+
+
+  # @!attribute [rw] target_session
+  #
+  #  The session this module was run on, if any.
+  #  Note that this is NOT a session created by this module run
+  #  of exploit modules.
+  #
+  #  @return [Mdm::Session]
+  belongs_to :target_session,
+             class_name: 'Mdm::Session',
+             foreign_key: :session_id,
+             inverse_of: :target_module_runs
+
+
+
+  # @!attribute [rw] trackable
+  #
+  #  A polymorphic association that is tracked as being related to this module run.
+  #  {Mdm::Host} and {Mdm::Vuln} can each have {ModuleRun} objects.
+  #
+  #  @return [Mdm::Host, Mdm::Vuln]
+  belongs_to :trackable, polymorphic: true
+
+
+  # @!attribute [rw] user
+  #
+  #  The user that launched this module
+  #
+  #  @return [Mdm::User]
+  belongs_to :user,
+             class_name:  'Mdm::User',
+             foreign_key: 'user_id',
+             inverse_of: :module_runs
+
+
+
+  #
+  #
+  # Validations
+  #
+  #
+
+  #
+  # Method Validations
+  #
+
+
+  # spawned_session is only valid for *exploit modules*
+  validate :no_spawned_session_for_non_exploits_except_logins
+
+  # target_session is only valid for *non-exploit modules*
+  validate :no_target_session_for_exploits
+
+  # Can't save without information on what module has run
+  validate :module_information_is_present
+
+  #
+  # Attribute Validations
+  #
+
+  # When the module was run
+  validates :attempted_at,
+            presence: true
+  # Result of running the module
+  validates :status,
+            inclusion: VALID_STATUSES
+
+  # Splits strings formatted like Msf::Module#fullname into components
+  #
+  # @example
+  #   module_name = "exploit/windows/multi/mah-rad-exploit"
+  #   module_name_components  # => ["exploit","windows","multi","mah-rad-exploit"]
+  # @return [Array]
+  def module_name_components
+    module_fullname.split('/')
+  end
+
+  private
+
+  # Mark the object as invalid if there is no associated #module_name or {Mdm::ModuleDetail}
+  # @return [void]
+  def module_information_is_present
+    if module_fullname.blank?
+      errors.add(:base, "module_fullname cannot be blank")
+    end
+  end
+
+  # Mark the object as invalid if there is a spawned_session but the module is *not* an exploit
+  # and not an aux module with the word "login" in the final portion of `module_fullname`
+  #
+  # @return [void]
+  def no_spawned_session_for_non_exploits_except_logins
+    return true unless spawned_session.present?
+    return true if module_name_components.last.include?("login")
+
+    if module_name_components.first != 'exploit'
+      errors.add(:base, 'spawned_session cannot be set for non-exploit modules. Use target_session.')
+    end
+  end
+
+  # Mark the object as invalid if there is a target_session but the module is an exploit
+  # @return [void]
+  def no_target_session_for_exploits
+    return true unless target_session.present? # nothing to do unless target_session is set
+
+    if module_name_components.first == 'exploit'
+      return true if module_name_components[2] == 'local'
+      errors.add(:base, 'target_session cannot be set for exploit modules. Use spawned_session.')
+    end
+  end
+
+
+end

data/app/validators/password_is_strong_validator.rb

@@ -1,9 +1,9 @@
 class PasswordIsStrongValidator < ActiveModel::EachValidator
   COMMON_PASSWORDS = %w{
-			password pass root admin metasploit
-			msf 123456 qwerty abc123 letmein monkey link182 demo
-			changeme test1234 rapid7
-		}
+      password pass root admin metasploit
+      msf 123456 qwerty abc123 letmein monkey link182 demo
+      changeme test1234 rapid7
+    }
 
   SPECIAL_CHARS = %q{!@"#$%&'()*+,-./:;<=>?[\\]^_`{|}~ }
 
@@ -105,4 +105,4 @@ class PasswordIsStrongValidator < ActiveModel::EachValidator
 
     false
   end
-end
+end

data/db/migrate/20131002004641_create_automatic_exploitation_matches.rb

@@ -0,0 +1,13 @@
+class CreateAutomaticExploitationMatches < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_matches do |t|
+      t.integer :ref_id
+      t.string :state
+      t.integer :nexpose_data_vulnerability_definition_id
+
+      t.timestamps
+    end
+
+    add_index :automatic_exploitation_matches, :ref_id
+  end
+end