metasploit_data_models 0.24.4 → 0.24.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +3 -3
- data/.travis.yml +3 -6
- data/CONTRIBUTING.md +52 -10
- data/Gemfile +8 -1
- data/Rakefile +0 -23
- data/app/models/mdm/api_key.rb +1 -41
- data/app/models/mdm/client.rb +1 -41
- data/app/models/mdm/cred.rb +19 -107
- data/app/models/mdm/event.rb +1 -48
- data/app/models/mdm/exploit_attempt.rb +16 -65
- data/app/models/mdm/exploited_host.rb +1 -28
- data/app/models/mdm/host_detail.rb +1 -45
- data/app/models/mdm/host_tag.rb +8 -6
- data/app/models/mdm/listener.rb +1 -53
- data/app/models/mdm/macro.rb +0 -42
- data/app/models/mdm/mod_ref.rb +0 -21
- data/app/models/mdm/module/action.rb +0 -15
- data/app/models/mdm/module/arch.rb +0 -10
- data/app/models/mdm/module/author.rb +0 -16
- data/app/models/mdm/module/mixin.rb +0 -13
- data/app/models/mdm/module/platform.rb +0 -11
- data/app/models/mdm/module/target.rb +0 -18
- data/app/models/mdm/nexpose_console.rb +4 -82
- data/app/models/mdm/profile.rb +0 -36
- data/app/models/mdm/route.rb +5 -17
- data/app/models/mdm/session_event.rb +1 -33
- data/app/models/mdm/tag.rb +10 -49
- data/app/models/mdm/task.rb +45 -94
- data/app/models/mdm/task_cred.rb +0 -29
- data/app/models/mdm/task_host.rb +0 -25
- data/app/models/mdm/task_service.rb +0 -25
- data/app/models/mdm/task_session.rb +0 -25
- data/app/models/mdm/user.rb +6 -188
- data/app/models/mdm/vuln_attempt.rb +12 -37
- data/app/models/mdm/vuln_detail.rb +5 -139
- data/app/models/mdm/vuln_ref.rb +1 -4
- data/app/models/mdm/web_form.rb +1 -35
- data/app/models/mdm/web_page.rb +1 -70
- data/app/models/mdm/web_site.rb +1 -51
- data/app/models/mdm/wmap_request.rb +0 -85
- data/app/models/mdm/wmap_target.rb +0 -40
- data/app/models/mdm/workspace.rb +14 -152
- data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
- data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
- data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
- data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
- data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
- data/app/models/metasploit_data_models/module_run.rb +1 -1
- data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
- data/app/validators/ip_format_validator.rb +0 -4
- data/app/validators/parameters_validator.rb +0 -12
- data/app/validators/password_is_strong_validator.rb +1 -10
- data/lib/mdm/host/operating_system_normalization.rb +10 -7
- data/lib/metasploit_data_models.rb +0 -4
- data/lib/metasploit_data_models/engine.rb +0 -2
- data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
- data/lib/metasploit_data_models/version.rb +10 -24
- data/lib/tasks/yard.rake +33 -0
- data/metasploit_data_models.gemspec +2 -9
- data/spec/app/models/mdm/api_key_spec.rb +3 -1
- data/spec/app/models/mdm/client_spec.rb +11 -9
- data/spec/app/models/mdm/cred_spec.rb +54 -42
- data/spec/app/models/mdm/event_spec.rb +23 -21
- data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
- data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
- data/spec/app/models/mdm/host_detail_spec.rb +17 -15
- data/spec/app/models/mdm/host_spec.rb +260 -261
- data/spec/app/models/mdm/host_tag_spec.rb +8 -6
- data/spec/app/models/mdm/listener_spec.rb +32 -30
- data/spec/app/models/mdm/loot_spec.rb +23 -21
- data/spec/app/models/mdm/macro_spec.rb +3 -1
- data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
- data/spec/app/models/mdm/module/action_spec.rb +12 -10
- data/spec/app/models/mdm/module/arch_spec.rb +12 -10
- data/spec/app/models/mdm/module/author_spec.rb +17 -22
- data/spec/app/models/mdm/module/detail_spec.rb +75 -184
- data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
- data/spec/app/models/mdm/module/platform_spec.rb +12 -10
- data/spec/app/models/mdm/module/ref_spec.rb +12 -10
- data/spec/app/models/mdm/module/target_spec.rb +15 -13
- data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
- data/spec/app/models/mdm/note_spec.rb +25 -23
- data/spec/app/models/mdm/profile_spec.rb +3 -1
- data/spec/app/models/mdm/ref_spec.rb +12 -10
- data/spec/app/models/mdm/route_spec.rb +8 -6
- data/spec/app/models/mdm/service_spec.rb +40 -38
- data/spec/app/models/mdm/session_event_spec.rb +12 -10
- data/spec/app/models/mdm/session_spec.rb +15 -13
- data/spec/app/models/mdm/tag_spec.rb +29 -29
- data/spec/app/models/mdm/task_cred_spec.rb +11 -9
- data/spec/app/models/mdm/task_host_spec.rb +11 -9
- data/spec/app/models/mdm/task_service_spec.rb +11 -9
- data/spec/app/models/mdm/task_session_spec.rb +9 -7
- data/spec/app/models/mdm/task_spec.rb +29 -27
- data/spec/app/models/mdm/user_spec.rb +19 -17
- data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
- data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
- data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
- data/spec/app/models/mdm/vuln_spec.rb +26 -24
- data/spec/app/models/mdm/web_form_spec.rb +13 -11
- data/spec/app/models/mdm/web_page_spec.rb +21 -19
- data/spec/app/models/mdm/web_site_spec.rb +23 -21
- data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
- data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
- data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
- data/spec/app/models/mdm/workspace_spec.rb +100 -97
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
- data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
- data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
- data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
- data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
- data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
- data/spec/app/validators/parameters_validator_spec.rb +29 -29
- data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
- data/spec/dummy/db/structure.sql +3403 -0
- data/spec/factories/mdm/module/details.rb +1 -1
- data/spec/lib/base64_serializer_spec.rb +19 -19
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
- data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
- data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
- data/spec/spec_helper.rb +12 -86
- data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
- data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
- data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
- metadata +9 -67
- data/CHANGELOG.md +0 -6
- data/RELEASING.md +0 -88
- data/UPGRADING.md +0 -1
- data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
- data/spec/lib/metasploit_data_models_spec.rb +0 -4
@@ -1,28 +1,30 @@
|
|
1
|
-
# An attempt to exploit a {#vuln}.
|
2
1
|
class Mdm::VulnAttempt < ActiveRecord::Base
|
3
2
|
#
|
4
3
|
# Associations
|
5
4
|
#
|
6
5
|
|
7
|
-
#
|
6
|
+
# @!attribute loot
|
7
|
+
# Loot gathered from this attempt.
|
8
8
|
#
|
9
|
-
#
|
10
|
-
#
|
9
|
+
# @return [Mdm::Loot] if {#exploited} is `true`.
|
10
|
+
# @return [nil] if {#exploited} is `false`.
|
11
11
|
belongs_to :loot,
|
12
12
|
class_name: 'Mdm::Loot',
|
13
13
|
inverse_of: :vuln_attempt
|
14
14
|
|
15
|
-
#
|
15
|
+
# @!attribute session
|
16
|
+
# The session opened by this attempt.
|
16
17
|
#
|
17
|
-
#
|
18
|
-
#
|
18
|
+
# @return [Mdm::Session] if {#exploited} is `true`.
|
19
|
+
# @return [nil] if {#exploited} is `false`.
|
19
20
|
belongs_to :session,
|
20
21
|
class_name: 'Mdm::Session',
|
21
22
|
inverse_of: :vuln_attempt
|
22
23
|
|
23
|
-
#
|
24
|
+
# @!attribute vuln
|
25
|
+
# The {Mdm::Vuln vulnerability} that this attempt was exploiting.
|
24
26
|
#
|
25
|
-
#
|
27
|
+
# @return [Mdm::Vuln]
|
26
28
|
belongs_to :vuln,
|
27
29
|
class_name: 'Mdm::Vuln',
|
28
30
|
counter_cache: :vuln_attempt_count,
|
@@ -32,39 +34,12 @@ class Mdm::VulnAttempt < ActiveRecord::Base
|
|
32
34
|
# Attributes
|
33
35
|
#
|
34
36
|
|
35
|
-
# @!attribute
|
36
|
-
# When this attempt was made.
|
37
|
-
#
|
38
|
-
# @return [DateTime]
|
39
|
-
|
40
|
-
# @!attribute exploited
|
37
|
+
# @!attribute [rw] exploited
|
41
38
|
# Whether this attempt was successful.
|
42
39
|
#
|
43
40
|
# @return [true] if {#vuln} was exploited.
|
44
41
|
# @return [false] if {#vuln} was not exploited.
|
45
42
|
|
46
|
-
# @!attribute fail_detail
|
47
|
-
# Long details about why this attempt failed.
|
48
|
-
#
|
49
|
-
# @return [String] if {#exploited} is `false`.
|
50
|
-
# @return [nil] if {#exploited} is `true`.
|
51
|
-
|
52
|
-
# @!attribute fail_reason
|
53
|
-
# Short reason why this attempt failed.
|
54
|
-
#
|
55
|
-
# @return [String] if {#exploited} is `false`.
|
56
|
-
# @return [nil] if {#exploited} is `true`
|
57
|
-
|
58
|
-
# @!attribute module
|
59
|
-
# {Mdm::Module::Detail#fullname Full name of exploit Metasploit Module} that was used in this attempt.
|
60
|
-
#
|
61
|
-
# @return [String]
|
62
|
-
|
63
|
-
# @!attribute username
|
64
|
-
# The {Mdm::User#username name of the user} that made this attempt.
|
65
|
-
#
|
66
|
-
# @return [String]
|
67
|
-
|
68
43
|
#
|
69
44
|
# Validations
|
70
45
|
#
|
@@ -1,151 +1,17 @@
|
|
1
|
-
# {Mdm::Vuln Vulnerability details} supplied from an external source, such as Nexpose.
|
2
1
|
class Mdm::VulnDetail < ActiveRecord::Base
|
3
2
|
#
|
4
|
-
#
|
3
|
+
# Relations
|
5
4
|
#
|
6
5
|
|
7
|
-
# The vulnerability this detail is about.
|
8
|
-
belongs_to :vuln, class_name: 'Mdm::Vuln', counter_cache: :vuln_detail_count, inverse_of: :vuln_details
|
9
|
-
|
10
|
-
#
|
11
|
-
#
|
12
|
-
# Attributes
|
13
|
-
#
|
14
|
-
#
|
15
|
-
|
16
|
-
# @!attribute description
|
17
|
-
# Long description of this vulnerability.
|
18
|
-
#
|
19
|
-
# @return [String]
|
20
|
-
|
21
|
-
# @!attribute src
|
22
|
-
# Source of this vulnerability detail.
|
23
|
-
#
|
24
|
-
# @return [String]
|
25
|
-
|
26
|
-
# @!attribute title
|
27
|
-
# Title of this vulnerability.
|
28
|
-
#
|
29
|
-
# @return [String]
|
30
|
-
|
31
|
-
# @!attribute proof
|
32
|
-
# Proof of this vulnerability existing on the target.
|
33
|
-
#
|
34
|
-
# @return [String]
|
35
|
-
|
36
|
-
# @!attribute solution
|
37
|
-
# Solution to fix this vulnerability.
|
38
|
-
#
|
39
|
-
# @return [String]
|
40
|
-
|
41
|
-
#
|
42
|
-
# @!group Common Vulnerability Scoring System
|
43
|
-
#
|
44
|
-
|
45
|
-
# @!attribute cvss_score
|
46
|
-
# Composite Common Vulnerability Scoring System (CVSS) Score
|
47
|
-
#
|
48
|
-
# @return [Float]
|
49
|
-
|
50
|
-
# @!attribute cvss_vector
|
51
|
-
# {#cvss_score} broken down into its encoded components
|
52
|
-
#
|
53
|
-
# @return [String]
|
54
|
-
# @see http://nvd.nist.gov/cvss.cfm?vectorinfo
|
55
|
-
|
56
|
-
#
|
57
|
-
# @!endgroup
|
58
|
-
#
|
59
|
-
|
60
|
-
#
|
61
|
-
# @!group Nexpose
|
62
|
-
#
|
63
|
-
|
64
|
-
# association is declared here so it can be in Nexpose group
|
65
|
-
|
66
|
-
# The Nexpose console that supplied this information.
|
67
6
|
belongs_to :nexpose_console,
|
68
7
|
class_name: 'Mdm::NexposeConsole',
|
69
|
-
foreign_key: :nx_console_id,
|
70
8
|
inverse_of: :vuln_details
|
71
9
|
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
# @!attribute nx_device_id
|
78
|
-
# ID of target device in Nexpose.
|
79
|
-
#
|
80
|
-
# @return [Integer]
|
81
|
-
|
82
|
-
# @!attribute nx_modified
|
83
|
-
# The last time this vulnerability was modified in Nexpose.
|
84
|
-
#
|
85
|
-
# @return [DateTime]
|
86
|
-
|
87
|
-
# @!attribute nx_proof_key
|
88
|
-
# Key to {#proof} in Nexpose.
|
89
|
-
#
|
90
|
-
# @return [String]
|
91
|
-
|
92
|
-
# @!attribute nx_published
|
93
|
-
# When this vulnerability was published according to Nexpose.
|
94
|
-
#
|
95
|
-
# @return [DateTime]
|
96
|
-
|
97
|
-
# @!attribute nx_scan_id
|
98
|
-
# ID of scan that found this vulnerability in Nexpose.
|
99
|
-
#
|
100
|
-
# @return [Integer]
|
101
|
-
|
102
|
-
# @!attribute nx_tags
|
103
|
-
# Tags on this vulnerability in Nexpose.
|
104
|
-
#
|
105
|
-
# @return [String]
|
106
|
-
|
107
|
-
# @!attribute nx_vuln_id
|
108
|
-
# ID of this vulnerability in Nexpose.
|
109
|
-
#
|
110
|
-
# @return [String]
|
111
|
-
|
112
|
-
# @!attribute nx_vuln_status
|
113
|
-
# Status of this vulnerability in Nexpose.
|
114
|
-
#
|
115
|
-
# @return [String]
|
116
|
-
|
117
|
-
# @!attribute nx_vulnerable_since
|
118
|
-
# When this vulnerability was first identified for the target in Nexpose.
|
119
|
-
#
|
120
|
-
# @return [DateTime]
|
121
|
-
|
122
|
-
# @!attribute nx_severity
|
123
|
-
# Severity of this vulnerability according to Nexpose.
|
124
|
-
#
|
125
|
-
# @return [Float]
|
126
|
-
|
127
|
-
#
|
128
|
-
# @!endgroup
|
129
|
-
#
|
130
|
-
|
131
|
-
#
|
132
|
-
# @!group Nexpose PCI
|
133
|
-
#
|
134
|
-
|
135
|
-
# @!attribute nx_pci_compliance_status
|
136
|
-
# Status of PCI compliance with regards to this vulnerability according to Nexpose.
|
137
|
-
#
|
138
|
-
# @return [String]
|
139
|
-
|
140
|
-
# @!attribute nx_pci_severity
|
141
|
-
# The severity for the vulnerability under PCI according to Nexpose.
|
142
|
-
#
|
143
|
-
# @return [Float]
|
10
|
+
belongs_to :vuln,
|
11
|
+
class_name: 'Mdm::Vuln',
|
12
|
+
counter_cache: :vuln_detail_count,
|
13
|
+
inverse_of: :vuln_details
|
144
14
|
|
145
|
-
#
|
146
|
-
# @!endgroup
|
147
|
-
#
|
148
|
-
|
149
15
|
#
|
150
16
|
# Validations
|
151
17
|
#
|
data/app/models/mdm/vuln_ref.rb
CHANGED
@@ -1,17 +1,14 @@
|
|
1
|
-
# Join model between {Mdm::Vuln} and {Mdm::Ref}.
|
2
1
|
class Mdm::VulnRef < ActiveRecord::Base
|
3
2
|
self.table_name = 'vulns_refs'
|
4
3
|
|
5
4
|
#
|
6
|
-
#
|
5
|
+
# Relations
|
7
6
|
#
|
8
7
|
|
9
|
-
# {Mdm::Ref Reference} to {#vuln}.
|
10
8
|
belongs_to :ref,
|
11
9
|
class_name: 'Mdm::Ref',
|
12
10
|
inverse_of: :vulns_refs
|
13
11
|
|
14
|
-
# {Mdm::Vuln Vulnerability} imported or discovered by metasploit.
|
15
12
|
belongs_to :vuln,
|
16
13
|
class_name: 'Mdm::Vuln',
|
17
14
|
inverse_of: :vulns_refs
|
data/app/models/mdm/web_form.rb
CHANGED
@@ -1,50 +1,16 @@
|
|
1
|
-
# A filled-in form on a {#web_site}.
|
2
1
|
class Mdm::WebForm < ActiveRecord::Base
|
3
2
|
#
|
4
|
-
#
|
3
|
+
# Relations
|
5
4
|
#
|
6
5
|
|
7
|
-
# {Mdm::WebSite Web site} on which this form is.
|
8
6
|
belongs_to :web_site,
|
9
7
|
class_name: 'Mdm::WebSite',
|
10
8
|
inverse_of: :web_forms
|
11
9
|
|
12
|
-
#
|
13
|
-
# Attributes
|
14
|
-
#
|
15
|
-
|
16
|
-
# @!attribute created_at
|
17
|
-
# When this web form was created.
|
18
|
-
#
|
19
|
-
# @return [DateTime]
|
20
|
-
|
21
|
-
# @!attribute method
|
22
|
-
# HTTP method (or verb) used to submitted this form, such as GET or POST.
|
23
|
-
#
|
24
|
-
# @return [String]
|
25
|
-
|
26
|
-
# @!attribute path
|
27
|
-
# Path portion of URL to which this form was submitted.
|
28
|
-
#
|
29
|
-
# @return [String]
|
30
|
-
|
31
|
-
# @!attribute query
|
32
|
-
# URL query that submitted for this form.
|
33
|
-
#
|
34
|
-
# @return [String]
|
35
|
-
|
36
|
-
# @!attribute updated_at
|
37
|
-
# The last time this web form was updated.
|
38
|
-
#
|
39
|
-
# @return [DateTime]
|
40
|
-
|
41
10
|
#
|
42
11
|
# Serializations
|
43
12
|
#
|
44
13
|
|
45
|
-
# Parameters submitted in this form.
|
46
|
-
#
|
47
|
-
# @return [Array<Array(String, String)>>]
|
48
14
|
serialize :params, MetasploitDataModels::Base64Serializer.new
|
49
15
|
|
50
16
|
Metasploit::Concern.run(self)
|
data/app/models/mdm/web_page.rb
CHANGED
@@ -1,85 +1,16 @@
|
|
1
|
-
# Web page requested from a {#web_site}.
|
2
1
|
class Mdm::WebPage < ActiveRecord::Base
|
3
2
|
#
|
4
|
-
#
|
3
|
+
# Relations
|
5
4
|
#
|
6
5
|
|
7
|
-
# Mdm::WebSite Web site} from which this page was requested.
|
8
6
|
belongs_to :web_site,
|
9
7
|
class_name: 'Mdm::WebSite',
|
10
8
|
inverse_of: :web_pages
|
11
9
|
|
12
|
-
#
|
13
|
-
# Attributes
|
14
|
-
#
|
15
|
-
|
16
|
-
# @!attribute auth
|
17
|
-
# Credentials sent to server to authenticate to web site to allow access to this web page.
|
18
|
-
#
|
19
|
-
# @return [String]
|
20
|
-
|
21
|
-
# @!attribute body
|
22
|
-
# Body of response from server.
|
23
|
-
#
|
24
|
-
# @return [String]
|
25
|
-
|
26
|
-
# @!attribute code
|
27
|
-
# HTTP Status code return from {#web_site} when requesting this web page.
|
28
|
-
#
|
29
|
-
# @return [Integer]
|
30
|
-
|
31
|
-
# @!attribute cookie
|
32
|
-
# Cookies derived from {#headers}.
|
33
|
-
#
|
34
|
-
# @return [String]
|
35
|
-
|
36
|
-
# @!attribute created_at
|
37
|
-
# When this web page was created.
|
38
|
-
#
|
39
|
-
# @return [DateTime]
|
40
|
-
|
41
|
-
# @!attribute ctype
|
42
|
-
# The content type derived from the {#headers} of the returned web page.
|
43
|
-
#
|
44
|
-
# @return [String]
|
45
|
-
|
46
|
-
# @!attribute location
|
47
|
-
# Location derived from {#headers}.
|
48
|
-
#
|
49
|
-
# @return [String]
|
50
|
-
|
51
|
-
# @!attribute mtime
|
52
|
-
# The last modified time of the web page derived from the {#headers}.
|
53
|
-
#
|
54
|
-
# @return [DateTime]
|
55
|
-
|
56
|
-
# @!attribute path
|
57
|
-
# Path portion of URL that was used to access this web page.
|
58
|
-
#
|
59
|
-
# @return [String]
|
60
|
-
|
61
|
-
# @!attribute query
|
62
|
-
# Query portion of URLthat was used to access this web page.
|
63
|
-
#
|
64
|
-
# @return [String]
|
65
|
-
|
66
|
-
# @!attribute request
|
67
|
-
# Request sent to server to cause this web page to be returned.
|
68
|
-
#
|
69
|
-
# @return [String]
|
70
|
-
|
71
|
-
# @!attribute updated_at
|
72
|
-
# The last time this web page was updated.
|
73
|
-
#
|
74
|
-
# @return [DateTime]
|
75
|
-
|
76
10
|
#
|
77
11
|
# Serializations
|
78
12
|
#
|
79
13
|
|
80
|
-
# Headers sent from server.
|
81
|
-
#
|
82
|
-
# @return [Hash{String => String}]
|
83
14
|
serialize :headers, MetasploitDataModels::Base64Serializer.new
|
84
15
|
|
85
16
|
Metasploit::Concern.run(self)
|
data/app/models/mdm/web_site.rb
CHANGED
@@ -1,89 +1,42 @@
|
|
1
|
-
# A Web Site running on a {#service}.
|
2
1
|
class Mdm::WebSite < ActiveRecord::Base
|
3
2
|
#
|
4
|
-
#
|
3
|
+
# Relations
|
5
4
|
#
|
6
5
|
|
7
|
-
# The service on which this web site is running.
|
8
6
|
belongs_to :service,
|
9
7
|
class_name: 'Mdm::Service',
|
10
8
|
foreign_key: 'service_id',
|
11
9
|
inverse_of: :web_sites
|
12
10
|
|
13
|
-
# Filled-in forms within this web site.
|
14
11
|
has_many :web_forms,
|
15
12
|
class_name: 'Mdm::WebForm',
|
16
13
|
dependent: :destroy,
|
17
14
|
inverse_of: :web_site
|
18
15
|
|
19
|
-
# Web pages found on this web site.
|
20
16
|
has_many :web_pages,
|
21
17
|
class_name: 'Mdm::WebPage',
|
22
18
|
dependent: :destroy,
|
23
19
|
inverse_of: :web_site
|
24
20
|
|
25
|
-
# Vulnerabilities found on this web site.
|
26
21
|
has_many :web_vulns,
|
27
22
|
class_name: 'Mdm::WebVuln',
|
28
23
|
dependent: :destroy,
|
29
24
|
inverse_of: :web_site
|
30
25
|
|
31
|
-
#
|
32
|
-
# Attributes
|
33
|
-
#
|
34
|
-
|
35
|
-
# @!attribute [rw] comments
|
36
|
-
# User entered comments about this web site.
|
37
|
-
#
|
38
|
-
# @return [String]
|
39
|
-
|
40
|
-
# @!attribute [rw] created_at
|
41
|
-
# When this web site was created.
|
42
|
-
#
|
43
|
-
# @return [DateTime]
|
44
|
-
|
45
|
-
# @!attribute [rw] updated_at
|
46
|
-
# The last time this web site was updated.
|
47
|
-
#
|
48
|
-
# @return [DateTime]
|
49
|
-
|
50
|
-
# @!attribute [rw] vhost
|
51
|
-
# The virtual host for the web site in case `service.host.name` or `service.host.address` is no the host for this
|
52
|
-
# web site.
|
53
|
-
#
|
54
|
-
# @return [String]
|
55
|
-
|
56
26
|
#
|
57
27
|
# Serializations
|
58
28
|
#
|
59
29
|
|
60
|
-
# @!attribute [rw] options
|
61
|
-
# @todo Determine format and purpose of Mdm::WebSite#options.
|
62
30
|
serialize :options, ::MetasploitDataModels::Base64Serializer.new
|
63
31
|
|
64
|
-
#
|
65
|
-
# Instance Methods
|
66
|
-
#
|
67
|
-
|
68
|
-
# Number of {#web_forms}.
|
69
|
-
#
|
70
|
-
# @return [Integer]
|
71
32
|
def form_count
|
72
33
|
web_forms.size
|
73
34
|
end
|
74
35
|
|
75
|
-
# Number of {#web_pages}.
|
76
|
-
#
|
77
|
-
# @return [Integer]
|
78
36
|
def page_count
|
79
37
|
web_pages.size
|
80
38
|
end
|
81
39
|
|
82
|
-
# Converts this web site to its URL, including scheme, host and port.
|
83
|
-
#
|
84
|
-
# @param ignore_vhost [Boolean] if `false` use {#vhost} for host portion of URL. If `true` use {Mdm::Host#address} of
|
85
|
-
# {Mdm::Service#host} of {#service} for host portion of URL.
|
86
|
-
# @return [String] <scheme>://<host>[:<port>]
|
87
40
|
def to_url(ignore_vhost=false)
|
88
41
|
proto = self.service.name == "https" ? "https" : "http"
|
89
42
|
host = ignore_vhost ? self.service.host.address : self.vhost
|
@@ -100,9 +53,6 @@ class Mdm::WebSite < ActiveRecord::Base
|
|
100
53
|
url
|
101
54
|
end
|
102
55
|
|
103
|
-
# Number of {#web_vulns}.
|
104
|
-
#
|
105
|
-
# @return [Integer]
|
106
56
|
def vuln_count
|
107
57
|
web_vulns.size
|
108
58
|
end
|