metasploit_data_models 0.24.4 → 0.24.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +3 -3
- data/.travis.yml +3 -6
- data/CONTRIBUTING.md +52 -10
- data/Gemfile +8 -1
- data/Rakefile +0 -23
- data/app/models/mdm/api_key.rb +1 -41
- data/app/models/mdm/client.rb +1 -41
- data/app/models/mdm/cred.rb +19 -107
- data/app/models/mdm/event.rb +1 -48
- data/app/models/mdm/exploit_attempt.rb +16 -65
- data/app/models/mdm/exploited_host.rb +1 -28
- data/app/models/mdm/host_detail.rb +1 -45
- data/app/models/mdm/host_tag.rb +8 -6
- data/app/models/mdm/listener.rb +1 -53
- data/app/models/mdm/macro.rb +0 -42
- data/app/models/mdm/mod_ref.rb +0 -21
- data/app/models/mdm/module/action.rb +0 -15
- data/app/models/mdm/module/arch.rb +0 -10
- data/app/models/mdm/module/author.rb +0 -16
- data/app/models/mdm/module/mixin.rb +0 -13
- data/app/models/mdm/module/platform.rb +0 -11
- data/app/models/mdm/module/target.rb +0 -18
- data/app/models/mdm/nexpose_console.rb +4 -82
- data/app/models/mdm/profile.rb +0 -36
- data/app/models/mdm/route.rb +5 -17
- data/app/models/mdm/session_event.rb +1 -33
- data/app/models/mdm/tag.rb +10 -49
- data/app/models/mdm/task.rb +45 -94
- data/app/models/mdm/task_cred.rb +0 -29
- data/app/models/mdm/task_host.rb +0 -25
- data/app/models/mdm/task_service.rb +0 -25
- data/app/models/mdm/task_session.rb +0 -25
- data/app/models/mdm/user.rb +6 -188
- data/app/models/mdm/vuln_attempt.rb +12 -37
- data/app/models/mdm/vuln_detail.rb +5 -139
- data/app/models/mdm/vuln_ref.rb +1 -4
- data/app/models/mdm/web_form.rb +1 -35
- data/app/models/mdm/web_page.rb +1 -70
- data/app/models/mdm/web_site.rb +1 -51
- data/app/models/mdm/wmap_request.rb +0 -85
- data/app/models/mdm/wmap_target.rb +0 -40
- data/app/models/mdm/workspace.rb +14 -152
- data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
- data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
- data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
- data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
- data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
- data/app/models/metasploit_data_models/module_run.rb +1 -1
- data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
- data/app/validators/ip_format_validator.rb +0 -4
- data/app/validators/parameters_validator.rb +0 -12
- data/app/validators/password_is_strong_validator.rb +1 -10
- data/lib/mdm/host/operating_system_normalization.rb +10 -7
- data/lib/metasploit_data_models.rb +0 -4
- data/lib/metasploit_data_models/engine.rb +0 -2
- data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
- data/lib/metasploit_data_models/version.rb +10 -24
- data/lib/tasks/yard.rake +33 -0
- data/metasploit_data_models.gemspec +2 -9
- data/spec/app/models/mdm/api_key_spec.rb +3 -1
- data/spec/app/models/mdm/client_spec.rb +11 -9
- data/spec/app/models/mdm/cred_spec.rb +54 -42
- data/spec/app/models/mdm/event_spec.rb +23 -21
- data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
- data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
- data/spec/app/models/mdm/host_detail_spec.rb +17 -15
- data/spec/app/models/mdm/host_spec.rb +260 -261
- data/spec/app/models/mdm/host_tag_spec.rb +8 -6
- data/spec/app/models/mdm/listener_spec.rb +32 -30
- data/spec/app/models/mdm/loot_spec.rb +23 -21
- data/spec/app/models/mdm/macro_spec.rb +3 -1
- data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
- data/spec/app/models/mdm/module/action_spec.rb +12 -10
- data/spec/app/models/mdm/module/arch_spec.rb +12 -10
- data/spec/app/models/mdm/module/author_spec.rb +17 -22
- data/spec/app/models/mdm/module/detail_spec.rb +75 -184
- data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
- data/spec/app/models/mdm/module/platform_spec.rb +12 -10
- data/spec/app/models/mdm/module/ref_spec.rb +12 -10
- data/spec/app/models/mdm/module/target_spec.rb +15 -13
- data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
- data/spec/app/models/mdm/note_spec.rb +25 -23
- data/spec/app/models/mdm/profile_spec.rb +3 -1
- data/spec/app/models/mdm/ref_spec.rb +12 -10
- data/spec/app/models/mdm/route_spec.rb +8 -6
- data/spec/app/models/mdm/service_spec.rb +40 -38
- data/spec/app/models/mdm/session_event_spec.rb +12 -10
- data/spec/app/models/mdm/session_spec.rb +15 -13
- data/spec/app/models/mdm/tag_spec.rb +29 -29
- data/spec/app/models/mdm/task_cred_spec.rb +11 -9
- data/spec/app/models/mdm/task_host_spec.rb +11 -9
- data/spec/app/models/mdm/task_service_spec.rb +11 -9
- data/spec/app/models/mdm/task_session_spec.rb +9 -7
- data/spec/app/models/mdm/task_spec.rb +29 -27
- data/spec/app/models/mdm/user_spec.rb +19 -17
- data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
- data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
- data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
- data/spec/app/models/mdm/vuln_spec.rb +26 -24
- data/spec/app/models/mdm/web_form_spec.rb +13 -11
- data/spec/app/models/mdm/web_page_spec.rb +21 -19
- data/spec/app/models/mdm/web_site_spec.rb +23 -21
- data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
- data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
- data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
- data/spec/app/models/mdm/workspace_spec.rb +100 -97
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
- data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
- data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
- data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
- data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
- data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
- data/spec/app/validators/parameters_validator_spec.rb +29 -29
- data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
- data/spec/dummy/db/structure.sql +3403 -0
- data/spec/factories/mdm/module/details.rb +1 -1
- data/spec/lib/base64_serializer_spec.rb +19 -19
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
- data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
- data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
- data/spec/spec_helper.rb +12 -86
- data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
- data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
- data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
- metadata +9 -67
- data/CHANGELOG.md +0 -6
- data/RELEASING.md +0 -88
- data/UPGRADING.md +0 -1
- data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
- data/spec/lib/metasploit_data_models_spec.rb +0 -4
data/app/models/mdm/task.rb
CHANGED
@@ -1,42 +1,63 @@
|
|
1
|
-
# A task run by Metasploit Pro.
|
2
1
|
class Mdm::Task < ActiveRecord::Base
|
3
2
|
#
|
3
|
+
# Callbacks
|
4
4
|
#
|
5
|
-
|
5
|
+
|
6
|
+
before_destroy :delete_file
|
7
|
+
|
6
8
|
#
|
9
|
+
# Relations
|
7
10
|
#
|
8
11
|
|
9
|
-
#
|
12
|
+
# @!attribute listeners
|
13
|
+
# Listeners spawned by this task
|
14
|
+
#
|
15
|
+
# @return [ActiveRecord::Relation<Mdm::Listener>]
|
10
16
|
has_many :listeners,
|
11
17
|
class_name: 'Mdm::Listener',
|
12
18
|
dependent: :destroy,
|
13
19
|
inverse_of: :task
|
14
20
|
|
15
|
-
#
|
21
|
+
# @!attribute [rw] task_creds
|
22
|
+
# Joins this to {#creds}.
|
23
|
+
#
|
24
|
+
# @return [ActiveRecord::Relation<Mdm::TaskCred>]
|
16
25
|
has_many :task_creds,
|
17
26
|
class_name: 'Mdm::TaskCred',
|
18
27
|
dependent: :destroy,
|
19
28
|
inverse_of: :task
|
20
29
|
|
21
|
-
#
|
30
|
+
# @!attribute task_hosts
|
31
|
+
# Joins this to {#hosts}.
|
32
|
+
#
|
33
|
+
# @return [ActiveRecord::Relation<Mdm::TaskHost>]
|
22
34
|
has_many :task_hosts,
|
23
35
|
class_name: 'Mdm::TaskHost',
|
24
36
|
dependent: :destroy,
|
25
37
|
inverse_of: :task
|
26
38
|
|
27
|
-
#
|
39
|
+
# @!attribute task_services
|
40
|
+
# Joins this to {#services}.
|
41
|
+
#
|
42
|
+
# @return [ActiveRecord::Relation<Mdm::TaskService>]
|
28
43
|
has_many :task_services,
|
29
44
|
class_name: 'Mdm::TaskService',
|
30
45
|
dependent: :destroy,
|
31
46
|
inverse_of: :task
|
32
47
|
|
33
|
-
#
|
48
|
+
# @!attribute task_sessions
|
49
|
+
# Joins this to {#sessions}.
|
50
|
+
#
|
51
|
+
# @return [ActiveRecord::Relation<Mdm::TaskSession>]
|
34
52
|
has_many :task_sessions,
|
35
53
|
class_name: 'Mdm::TaskSession',
|
36
54
|
dependent: :destroy,
|
37
55
|
inverse_of: :task
|
38
56
|
|
39
|
-
#
|
57
|
+
# @!attribute [rw] workspace
|
58
|
+
# The Workspace the Task belongs to
|
59
|
+
#
|
60
|
+
# @return [Mdm::Workspace]
|
40
61
|
belongs_to :workspace,
|
41
62
|
class_name: 'Mdm::Workspace',
|
42
63
|
inverse_of: :tasks
|
@@ -45,124 +66,55 @@ class Mdm::Task < ActiveRecord::Base
|
|
45
66
|
# through: :task_creds
|
46
67
|
#
|
47
68
|
|
48
|
-
#
|
69
|
+
# @!attribute [rw] creds
|
70
|
+
# Creds this task touched
|
71
|
+
#
|
72
|
+
# @return [Array<Mdm::Cred>]
|
49
73
|
has_many :creds, :through => :task_creds, :class_name => 'Mdm::Cred'
|
50
74
|
|
51
75
|
#
|
52
76
|
# through: :task_hosts
|
53
77
|
#
|
54
78
|
|
55
|
-
#
|
79
|
+
# @!attribute [rw] hosts
|
80
|
+
# Hosts this task touched
|
81
|
+
#
|
82
|
+
# @return [Array<Mdm::Host>
|
56
83
|
has_many :hosts, :through => :task_hosts, :class_name => 'Mdm::Host'
|
57
84
|
|
58
85
|
#
|
59
86
|
# through: :task_services
|
60
87
|
#
|
61
88
|
|
62
|
-
#
|
89
|
+
# @!attribute [rw] services
|
90
|
+
# Services this task touched
|
91
|
+
#
|
92
|
+
# @return [Array<Mdm::Service>
|
63
93
|
has_many :services, :through => :task_services, :class_name => 'Mdm::Service'
|
64
94
|
|
65
95
|
#
|
66
96
|
# through: :task_sessions
|
67
97
|
#
|
68
98
|
|
69
|
-
#
|
70
|
-
|
71
|
-
|
72
|
-
#
|
73
|
-
# Attributes
|
74
|
-
#
|
75
|
-
|
76
|
-
# @!attribute completed_at
|
77
|
-
# When this task completed.
|
78
|
-
#
|
79
|
-
# @return [DateTime] when this task completed
|
80
|
-
# @return [nil] this task is still running.
|
81
|
-
|
82
|
-
# @!attribute created_at
|
83
|
-
# When this task was created.
|
84
|
-
#
|
85
|
-
# @return [DateTime]
|
86
|
-
|
87
|
-
# @!attribute created_by
|
88
|
-
# {Mdm::User#username Name of user} that created this task.
|
89
|
-
#
|
90
|
-
# @return [String]
|
91
|
-
|
92
|
-
# @!attribute description
|
93
|
-
# Description of what the this task does.
|
94
|
-
#
|
95
|
-
# @return [String]
|
96
|
-
|
97
|
-
# @!attribute error
|
98
|
-
# Error raised while task was running that caused this task to fail.
|
99
|
+
# @!attribute [rw] sessions
|
100
|
+
# Session this task touched
|
99
101
|
#
|
100
|
-
# @return [
|
102
|
+
# @return [Array<Mdm::Session>
|
103
|
+
has_many :sessions, :through => :task_sessions, :class_name => 'Mdm::Session'
|
101
104
|
|
102
|
-
# @!attribute info
|
103
|
-
# Information about the task's current status. What the task is currently doing.
|
104
|
-
#
|
105
|
-
# @return [String]
|
106
105
|
|
107
|
-
# @!attribute module
|
108
|
-
# {Mdm::Module::Class#full_name Module full name} that was run for this task.
|
109
|
-
#
|
110
|
-
# @return [String]
|
111
106
|
|
112
|
-
# @!attribute module_uuid
|
113
|
-
# UUID of `#module` that was run by this task.
|
114
|
-
#
|
115
|
-
# @return [String]
|
116
|
-
|
117
|
-
# @!attribute path
|
118
|
-
# Path to the log for this task.
|
119
|
-
#
|
120
|
-
# @return [String]
|
121
|
-
|
122
|
-
# @!attribute progress
|
123
|
-
# Percentage complete.
|
124
|
-
#
|
125
|
-
# @return [Integer]
|
126
|
-
|
127
|
-
# @!attribute updated_at
|
128
|
-
# When this task was last updated.
|
129
|
-
#
|
130
|
-
# @return [DateTime]
|
131
|
-
|
132
|
-
#
|
133
|
-
# Callbacks
|
134
|
-
#
|
135
|
-
|
136
|
-
before_destroy :delete_file
|
137
107
|
|
138
108
|
#
|
139
109
|
# Serializations
|
140
110
|
#
|
141
111
|
|
142
|
-
# Options passed to `#module`.
|
143
|
-
#
|
144
|
-
# @return [Hash]
|
145
112
|
serialize :options, MetasploitDataModels::Base64Serializer.new
|
146
|
-
|
147
|
-
# Result of task running.
|
148
|
-
#
|
149
|
-
# @return [Hash]
|
150
113
|
serialize :result, MetasploitDataModels::Base64Serializer.new
|
151
|
-
|
152
|
-
# Settings used to configure this task outside of the {#options module options}.
|
153
|
-
#
|
154
|
-
# @return [Hash]
|
155
114
|
serialize :settings, MetasploitDataModels::Base64Serializer.new
|
156
115
|
|
157
|
-
#
|
158
|
-
# Instance Methods
|
159
|
-
#
|
160
|
-
|
161
116
|
private
|
162
117
|
|
163
|
-
# Deletes {#path log} on-disk, so that disk is cleaned up when this task is deleted from the database.
|
164
|
-
#
|
165
|
-
# @return [void]
|
166
118
|
def delete_file
|
167
119
|
c = Pro::Client.get rescue nil
|
168
120
|
if c
|
@@ -172,7 +124,6 @@ class Mdm::Task < ActiveRecord::Base
|
|
172
124
|
end
|
173
125
|
end
|
174
126
|
|
175
|
-
# Restore public for load hooks
|
176
127
|
public
|
177
128
|
|
178
129
|
Metasploit::Concern.run(self)
|
data/app/models/mdm/task_cred.rb
CHANGED
@@ -1,41 +1,12 @@
|
|
1
|
-
# @deprecated {Mdm::Task} has and belongs to many `Metasploit::Credential::Cores` in `Mdm::Task#credential_cores` and
|
2
|
-
# has and belongs to many `Metasploit::Credential::Logins` in `Mdm::Task#credential_logins` when the
|
3
|
-
# `Metasploit::Credential::Engine` is installed.
|
4
|
-
#
|
5
|
-
# Join model between {Mdm::Cred} and {Mdm::Task} that signifies that the {#task} found the {#cred}.
|
6
1
|
class Mdm::TaskCred < ActiveRecord::Base
|
7
|
-
#
|
8
|
-
# Associations
|
9
|
-
#
|
10
|
-
|
11
|
-
# The {Mdm::Cred} found by {#task}.
|
12
2
|
belongs_to :cred,
|
13
3
|
class_name: 'Mdm::Cred',
|
14
4
|
inverse_of: :task_creds
|
15
5
|
|
16
|
-
# An {Mdm::Task} that found {#cred}.
|
17
6
|
belongs_to :task,
|
18
7
|
class_name: 'Mdm::Task',
|
19
8
|
inverse_of: :task_creds
|
20
9
|
|
21
|
-
#
|
22
|
-
# Attributes
|
23
|
-
#
|
24
|
-
|
25
|
-
# @!attribute [rw] created_at
|
26
|
-
# When this task cred was created.
|
27
|
-
#
|
28
|
-
# @return [DateTime]
|
29
|
-
|
30
|
-
# @!attribute [rw] updated_at
|
31
|
-
# The last time this task cred was updated.
|
32
|
-
#
|
33
|
-
# @return [DateTime]
|
34
|
-
|
35
|
-
#
|
36
|
-
# Validations
|
37
|
-
#
|
38
|
-
|
39
10
|
validates :cred_id,
|
40
11
|
:uniqueness => {
|
41
12
|
:scope => :task_id
|
data/app/models/mdm/task_host.rb
CHANGED
@@ -1,37 +1,12 @@
|
|
1
|
-
# Join model between {Mdm::Host} and {Mdm::Task} that signifies that the {#task} found the {#host}.
|
2
1
|
class Mdm::TaskHost < ActiveRecord::Base
|
3
|
-
#
|
4
|
-
# Associations
|
5
|
-
#
|
6
|
-
|
7
|
-
# The {Mdm::Host} found by {#task}.
|
8
2
|
belongs_to :host,
|
9
3
|
class_name: 'Mdm::Host',
|
10
4
|
inverse_of: :task_hosts
|
11
5
|
|
12
|
-
# An {Mdm::Task} that found {#host}.
|
13
6
|
belongs_to :task,
|
14
7
|
class_name: 'Mdm::Task',
|
15
8
|
inverse_of: :task_hosts
|
16
9
|
|
17
|
-
#
|
18
|
-
# Attributes
|
19
|
-
#
|
20
|
-
|
21
|
-
# @!attribute created_at
|
22
|
-
# When this task host was created.
|
23
|
-
#
|
24
|
-
# @return [DateTime]
|
25
|
-
|
26
|
-
# @!attribute updated_at
|
27
|
-
# The last time this task host was updated.
|
28
|
-
#
|
29
|
-
# @return [DateTime]
|
30
|
-
|
31
|
-
#
|
32
|
-
# Validations
|
33
|
-
#
|
34
|
-
|
35
10
|
validates :host_id,
|
36
11
|
:uniqueness => {
|
37
12
|
:scope => :task_id
|
@@ -1,37 +1,12 @@
|
|
1
|
-
# Join model between {Mdm::Service} and {Mdm::Task} that signifies that the {#task} found the {#service}.
|
2
1
|
class Mdm::TaskService < ActiveRecord::Base
|
3
|
-
#
|
4
|
-
# Associations
|
5
|
-
#
|
6
|
-
|
7
|
-
# The {Mdm::Service} found by {#task}.
|
8
2
|
belongs_to :service,
|
9
3
|
class_name: 'Mdm::Service',
|
10
4
|
inverse_of: :task_services
|
11
5
|
|
12
|
-
# An {Mdm::Task} that found {#service}.
|
13
6
|
belongs_to :task,
|
14
7
|
class_name: 'Mdm::Task',
|
15
8
|
inverse_of: :task_services
|
16
9
|
|
17
|
-
#
|
18
|
-
# Attributes
|
19
|
-
#
|
20
|
-
|
21
|
-
# @!attribute created_at
|
22
|
-
# When this task service was created.
|
23
|
-
#
|
24
|
-
# @return [DateTime]
|
25
|
-
|
26
|
-
# @!attribute updated_at
|
27
|
-
# The last time this task service was updated.
|
28
|
-
#
|
29
|
-
# @return [DateTime]
|
30
|
-
|
31
|
-
#
|
32
|
-
# Validations
|
33
|
-
#
|
34
|
-
|
35
10
|
validates :service_id,
|
36
11
|
:uniqueness => {
|
37
12
|
:scope => :task_id
|
@@ -1,37 +1,12 @@
|
|
1
|
-
# Join model between {Mdm::Session} and {Mdm::Task} that signifies that the {#task} spawned the {#session}.
|
2
1
|
class Mdm::TaskSession < ActiveRecord::Base
|
3
|
-
#
|
4
|
-
# Associations
|
5
|
-
#
|
6
|
-
|
7
|
-
# The {Mdm::Session} found by {#task}.
|
8
2
|
belongs_to :session,
|
9
3
|
class_name: 'Mdm::Session',
|
10
4
|
inverse_of: :task_sessions
|
11
5
|
|
12
|
-
# An {Mdm::Task} that found {#session}
|
13
6
|
belongs_to :task,
|
14
7
|
class_name: 'Mdm::Task',
|
15
8
|
inverse_of: :task_sessions
|
16
9
|
|
17
|
-
#
|
18
|
-
# Attributes
|
19
|
-
#
|
20
|
-
|
21
|
-
# @!attribute created_at
|
22
|
-
# When this task session was created.
|
23
|
-
#
|
24
|
-
# @return [DateTime]
|
25
|
-
|
26
|
-
# @!attribute updated_at
|
27
|
-
# The last time this task session was updated.
|
28
|
-
#
|
29
|
-
# @return [DateTime]
|
30
|
-
|
31
|
-
#
|
32
|
-
# Validations
|
33
|
-
#
|
34
|
-
|
35
10
|
validates :session_id,
|
36
11
|
:uniqueness => {
|
37
12
|
:scope => :task_id
|
data/app/models/mdm/user.rb
CHANGED
@@ -1,226 +1,44 @@
|
|
1
|
-
# A user of metasploit-framework or metasploit-pro.
|
2
1
|
class Mdm::User < ActiveRecord::Base
|
3
2
|
extend MetasploitDataModels::SerializedPrefs
|
4
3
|
|
5
4
|
#
|
6
|
-
#
|
5
|
+
# Relations
|
7
6
|
#
|
8
7
|
|
9
|
-
# Automatic exploitation runs started by this user.
|
10
8
|
has_many :automatic_exploitation_runs,
|
11
9
|
class_name: 'MetasploitDataModels::AutomaticExploitation::Run',
|
12
10
|
inverse_of: :user
|
13
11
|
|
14
|
-
# Automatic exploitation match sets created by this user for {#automatic_exploitation_runs}.
|
15
12
|
has_many :automatic_exploitation_match_sets,
|
16
13
|
class_name: 'MetasploitDataModels::AutomaticExploitation::MatchSet',
|
17
14
|
inverse_of: :user
|
18
15
|
|
19
|
-
# {Mdm::Workspace Workspaces} owned by this user. Owned workspaces allow user complete permissions without the need
|
20
|
-
# or the user to be an {#admin administrator}.
|
21
16
|
has_many :owned_workspaces,
|
22
17
|
class_name: 'Mdm::Workspace',
|
23
18
|
foreign_key: 'owner_id',
|
24
19
|
inverse_of: :owner
|
25
20
|
|
26
|
-
# Runs of Metasploit Modules by this user.
|
27
21
|
has_many :module_runs,
|
28
22
|
class_name: 'MetasploitDataModels::ModuleRun',
|
29
23
|
inverse_of: :user
|
30
24
|
|
31
|
-
# Tags created by the user.
|
32
25
|
has_many :tags,
|
33
26
|
class_name: 'Mdm::Tag',
|
34
27
|
inverse_of: :user
|
35
28
|
|
36
|
-
# {Mdm::Workspace Workspace} where this user has access. If a user is an {#admin administrator} they have access
|
37
|
-
# to all workspaces even if they are not a member of that workspace.
|
38
|
-
has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace'
|
39
|
-
|
40
|
-
#
|
41
|
-
# Attributes
|
42
|
-
#
|
43
|
-
|
44
|
-
# @!attribute admin
|
45
|
-
# Whether this user is an administrator. Administrator permissions are only enforced in metasploit-pro through the
|
46
|
-
# controllers.
|
47
|
-
#
|
48
|
-
# @return [false] if this is a normal user that must be added to each workspace.
|
49
|
-
# @return [true] if this user is an administrator and have access to all workspaces without being added to the
|
50
|
-
# workspace explicitly. User is also allowed to add other users to workspaces or make other users admins.
|
51
|
-
|
52
|
-
# @!attribute company
|
53
|
-
# Company at which user works.
|
54
|
-
#
|
55
|
-
# @return [String, nil]
|
56
|
-
|
57
|
-
# @!attribute created_at
|
58
|
-
# When the user was created.
|
59
|
-
#
|
60
|
-
# @return [DateTime]
|
61
|
-
|
62
|
-
# @!attribute crypted_password
|
63
|
-
# Hashed password (salted with {#password_salt}) by Authlogic in metasploit-pro.
|
64
|
-
#
|
65
|
-
# @return [String]
|
66
|
-
|
67
|
-
# @!attribute email
|
68
|
-
# The user's email address.
|
69
|
-
#
|
70
|
-
# @return [String, nil]
|
71
|
-
|
72
|
-
# @!attribute fullname
|
73
|
-
# The user's normal human name.
|
74
|
-
#
|
75
|
-
# @return [String, nil]
|
76
|
-
|
77
|
-
# @!attribute password_salt
|
78
|
-
# Salt used when hashing password into {#crypted_password} by Authlogic in metasploit-pro.
|
79
|
-
#
|
80
|
-
# @return [String]
|
81
|
-
|
82
|
-
# @!attribute persistence_token
|
83
|
-
# Token used for session and cookie when user is logged using Authlogic in metasploit-pro.
|
84
|
-
#
|
85
|
-
# @return [String]
|
86
|
-
|
87
|
-
# @!attribute phone
|
88
|
-
# Phone number for user.
|
89
|
-
#
|
90
|
-
# @return [String, nil]
|
91
|
-
|
92
|
-
# @!attribute updated_at
|
93
|
-
# When the user was last updated.
|
94
|
-
#
|
95
|
-
# @return [DateTime]
|
96
29
|
|
97
|
-
|
98
|
-
# Username for this user. Used to log into metasploit-pro.
|
99
|
-
#
|
100
|
-
# @return [String]
|
30
|
+
has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace'
|
101
31
|
|
102
32
|
#
|
103
33
|
# Serialziations
|
104
34
|
#
|
105
35
|
|
106
|
-
# Hash of user preferences
|
107
|
-
#
|
108
|
-
# @return [Hash]
|
109
36
|
serialize :prefs, MetasploitDataModels::Base64Serializer.new
|
110
37
|
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
#
|
115
|
-
serialized_prefs_attr_accessor :time_zone
|
116
|
-
|
117
|
-
#
|
118
|
-
# @!group Duplicate Login Monitoring
|
119
|
-
#
|
120
|
-
|
121
|
-
# @!attribute last_login_address
|
122
|
-
# @note specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for
|
123
|
-
# serialized fields)
|
124
|
-
#
|
125
|
-
# Last IP address from which this user logged in. Used to report currently active user session's IP when the user
|
126
|
-
# is logged off because theire `session[:session_id]` does not match {#session_key}.
|
127
|
-
#
|
128
|
-
# @return [String, nil]
|
129
|
-
serialized_prefs_attr_accessor :last_login_address
|
130
|
-
|
131
|
-
# @!attribute session_key
|
132
|
-
# Holds `session[:session_id]` so user can only be logged in once. Only enforced in metasploit-pro.
|
133
|
-
#
|
134
|
-
# @return [String, nil]
|
135
|
-
serialized_prefs_attr_accessor :session_key
|
136
|
-
|
137
|
-
#
|
138
|
-
# @!endgroup
|
139
|
-
#
|
140
|
-
|
141
|
-
#
|
142
|
-
# @!group HTTP Proxy
|
143
|
-
#
|
144
|
-
|
145
|
-
# @!attribute http_proxy_host
|
146
|
-
# Proxy host.
|
147
|
-
#
|
148
|
-
# @return [String, nil]
|
149
|
-
serialized_prefs_attr_accessor :http_proxy_host
|
150
|
-
|
151
|
-
# @!attribute http_proxy_pass
|
152
|
-
# Password used to login as {#http_proxy_user} to proxy.
|
153
|
-
#
|
154
|
-
# @return [String, nil]
|
155
|
-
serialized_prefs_attr_accessor :http_proxy_pass
|
156
|
-
|
157
|
-
# @!attribute http_proxy_port
|
158
|
-
# Port on which proxy run on {#http_proxy_host}.
|
159
|
-
#
|
160
|
-
# @return [String, Integer, nil]
|
161
|
-
serialized_prefs_attr_accessor :http_proxy_port
|
162
|
-
|
163
|
-
# @!attribute http_proxy_user
|
164
|
-
# User used to log into proxy.
|
165
|
-
#
|
166
|
-
# @return [String, nil]
|
167
|
-
serialized_prefs_attr_accessor :http_proxy_user
|
168
|
-
|
169
|
-
#
|
170
|
-
# @!endgroup
|
171
|
-
#
|
172
|
-
|
173
|
-
#
|
174
|
-
# @!group Nexpose
|
175
|
-
#
|
176
|
-
|
177
|
-
# @!attribute nexpose_host
|
178
|
-
# Host name for server running Nexpose.
|
179
|
-
#
|
180
|
-
# @return [String, nil]
|
181
|
-
serialized_prefs_attr_accessor :nexpose_host
|
182
|
-
|
183
|
-
# @!attribute nexpose_pass
|
184
|
-
# Password to log into Nexpose.
|
185
|
-
#
|
186
|
-
# @return [String, nil]
|
187
|
-
serialized_prefs_attr_accessor :nexpose_pass
|
188
|
-
|
189
|
-
# @!attribute nexpose_port
|
190
|
-
# Port on {#nexpose_host} on which Nexpose is running.
|
191
|
-
#
|
192
|
-
# @return [String, Integer. nil]
|
193
|
-
serialized_prefs_attr_accessor :nexpose_port
|
194
|
-
|
195
|
-
# @!attribute nexpose_user
|
196
|
-
# User used to log into Nexpose.
|
197
|
-
#
|
198
|
-
# @return [String, nil]
|
199
|
-
serialized_prefs_attr_accessor :nexpose_user
|
200
|
-
|
201
|
-
#
|
202
|
-
# @!endgroup
|
203
|
-
#
|
204
|
-
|
205
|
-
#
|
206
|
-
# @!group Nexpose Authenticated Scan Credentials
|
207
|
-
#
|
208
|
-
|
209
|
-
# @!attribute nexpose_creds_pass
|
210
|
-
# @return [String, nil]
|
211
|
-
serialized_prefs_attr_accessor :nexpose_creds_pass
|
212
|
-
|
213
|
-
# @!attribute nexpose_creds_type
|
214
|
-
# @return [String, nil]
|
215
|
-
serialized_prefs_attr_accessor :nexpose_creds_type
|
216
|
-
|
217
|
-
# @!attribute nexpose_creds_user
|
218
|
-
# @return [String, nil]
|
219
|
-
serialized_prefs_attr_accessor :nexpose_creds_user
|
220
|
-
|
221
|
-
#
|
222
|
-
# @!endgroup
|
223
|
-
#
|
38
|
+
serialized_prefs_attr_accessor :nexpose_host, :nexpose_port, :nexpose_user, :nexpose_pass, :nexpose_creds_type, :nexpose_creds_user, :nexpose_creds_pass
|
39
|
+
serialized_prefs_attr_accessor :http_proxy_host, :http_proxy_port, :http_proxy_user, :http_proxy_pass
|
40
|
+
serialized_prefs_attr_accessor :time_zone, :session_key
|
41
|
+
serialized_prefs_attr_accessor :last_login_address # specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for serialized fields)
|
224
42
|
|
225
43
|
Metasploit::Concern.run(self)
|
226
44
|
end
|