metasploit_data_models 0.24.4 → 0.24.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +3 -3
- data/.travis.yml +3 -6
- data/CONTRIBUTING.md +52 -10
- data/Gemfile +8 -1
- data/Rakefile +0 -23
- data/app/models/mdm/api_key.rb +1 -41
- data/app/models/mdm/client.rb +1 -41
- data/app/models/mdm/cred.rb +19 -107
- data/app/models/mdm/event.rb +1 -48
- data/app/models/mdm/exploit_attempt.rb +16 -65
- data/app/models/mdm/exploited_host.rb +1 -28
- data/app/models/mdm/host_detail.rb +1 -45
- data/app/models/mdm/host_tag.rb +8 -6
- data/app/models/mdm/listener.rb +1 -53
- data/app/models/mdm/macro.rb +0 -42
- data/app/models/mdm/mod_ref.rb +0 -21
- data/app/models/mdm/module/action.rb +0 -15
- data/app/models/mdm/module/arch.rb +0 -10
- data/app/models/mdm/module/author.rb +0 -16
- data/app/models/mdm/module/mixin.rb +0 -13
- data/app/models/mdm/module/platform.rb +0 -11
- data/app/models/mdm/module/target.rb +0 -18
- data/app/models/mdm/nexpose_console.rb +4 -82
- data/app/models/mdm/profile.rb +0 -36
- data/app/models/mdm/route.rb +5 -17
- data/app/models/mdm/session_event.rb +1 -33
- data/app/models/mdm/tag.rb +10 -49
- data/app/models/mdm/task.rb +45 -94
- data/app/models/mdm/task_cred.rb +0 -29
- data/app/models/mdm/task_host.rb +0 -25
- data/app/models/mdm/task_service.rb +0 -25
- data/app/models/mdm/task_session.rb +0 -25
- data/app/models/mdm/user.rb +6 -188
- data/app/models/mdm/vuln_attempt.rb +12 -37
- data/app/models/mdm/vuln_detail.rb +5 -139
- data/app/models/mdm/vuln_ref.rb +1 -4
- data/app/models/mdm/web_form.rb +1 -35
- data/app/models/mdm/web_page.rb +1 -70
- data/app/models/mdm/web_site.rb +1 -51
- data/app/models/mdm/wmap_request.rb +0 -85
- data/app/models/mdm/wmap_target.rb +0 -40
- data/app/models/mdm/workspace.rb +14 -152
- data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
- data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
- data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
- data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
- data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
- data/app/models/metasploit_data_models/module_run.rb +1 -1
- data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
- data/app/validators/ip_format_validator.rb +0 -4
- data/app/validators/parameters_validator.rb +0 -12
- data/app/validators/password_is_strong_validator.rb +1 -10
- data/lib/mdm/host/operating_system_normalization.rb +10 -7
- data/lib/metasploit_data_models.rb +0 -4
- data/lib/metasploit_data_models/engine.rb +0 -2
- data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
- data/lib/metasploit_data_models/version.rb +10 -24
- data/lib/tasks/yard.rake +33 -0
- data/metasploit_data_models.gemspec +2 -9
- data/spec/app/models/mdm/api_key_spec.rb +3 -1
- data/spec/app/models/mdm/client_spec.rb +11 -9
- data/spec/app/models/mdm/cred_spec.rb +54 -42
- data/spec/app/models/mdm/event_spec.rb +23 -21
- data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
- data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
- data/spec/app/models/mdm/host_detail_spec.rb +17 -15
- data/spec/app/models/mdm/host_spec.rb +260 -261
- data/spec/app/models/mdm/host_tag_spec.rb +8 -6
- data/spec/app/models/mdm/listener_spec.rb +32 -30
- data/spec/app/models/mdm/loot_spec.rb +23 -21
- data/spec/app/models/mdm/macro_spec.rb +3 -1
- data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
- data/spec/app/models/mdm/module/action_spec.rb +12 -10
- data/spec/app/models/mdm/module/arch_spec.rb +12 -10
- data/spec/app/models/mdm/module/author_spec.rb +17 -22
- data/spec/app/models/mdm/module/detail_spec.rb +75 -184
- data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
- data/spec/app/models/mdm/module/platform_spec.rb +12 -10
- data/spec/app/models/mdm/module/ref_spec.rb +12 -10
- data/spec/app/models/mdm/module/target_spec.rb +15 -13
- data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
- data/spec/app/models/mdm/note_spec.rb +25 -23
- data/spec/app/models/mdm/profile_spec.rb +3 -1
- data/spec/app/models/mdm/ref_spec.rb +12 -10
- data/spec/app/models/mdm/route_spec.rb +8 -6
- data/spec/app/models/mdm/service_spec.rb +40 -38
- data/spec/app/models/mdm/session_event_spec.rb +12 -10
- data/spec/app/models/mdm/session_spec.rb +15 -13
- data/spec/app/models/mdm/tag_spec.rb +29 -29
- data/spec/app/models/mdm/task_cred_spec.rb +11 -9
- data/spec/app/models/mdm/task_host_spec.rb +11 -9
- data/spec/app/models/mdm/task_service_spec.rb +11 -9
- data/spec/app/models/mdm/task_session_spec.rb +9 -7
- data/spec/app/models/mdm/task_spec.rb +29 -27
- data/spec/app/models/mdm/user_spec.rb +19 -17
- data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
- data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
- data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
- data/spec/app/models/mdm/vuln_spec.rb +26 -24
- data/spec/app/models/mdm/web_form_spec.rb +13 -11
- data/spec/app/models/mdm/web_page_spec.rb +21 -19
- data/spec/app/models/mdm/web_site_spec.rb +23 -21
- data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
- data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
- data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
- data/spec/app/models/mdm/workspace_spec.rb +100 -97
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
- data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
- data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
- data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
- data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
- data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
- data/spec/app/validators/parameters_validator_spec.rb +29 -29
- data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
- data/spec/dummy/db/structure.sql +3403 -0
- data/spec/factories/mdm/module/details.rb +1 -1
- data/spec/lib/base64_serializer_spec.rb +19 -19
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
- data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
- data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
- data/spec/spec_helper.rb +12 -86
- data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
- data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
- data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
- metadata +9 -67
- data/CHANGELOG.md +0 -6
- data/RELEASING.md +0 -88
- data/UPGRADING.md +0 -1
- data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
- data/spec/lib/metasploit_data_models_spec.rb +0 -4
@@ -1,88 +1,3 @@
|
|
1
|
-
# Request sent to a {Mdm::WmapTarget}. WMAP is a plugin to metasploit-framework.
|
2
1
|
class Mdm::WmapRequest < ActiveRecord::Base
|
3
|
-
#
|
4
|
-
#
|
5
|
-
# Attributes
|
6
|
-
#
|
7
|
-
#
|
8
|
-
|
9
|
-
# @!attribute address
|
10
|
-
# IP address of {#host} to which this request was sent.
|
11
|
-
#
|
12
|
-
# @return [String]
|
13
|
-
|
14
|
-
# @!attribute body
|
15
|
-
# Body of this request.
|
16
|
-
#
|
17
|
-
# @return [String]
|
18
|
-
|
19
|
-
# @!attribute created_at
|
20
|
-
# When this request was created.
|
21
|
-
#
|
22
|
-
# @return [DateTime]
|
23
|
-
|
24
|
-
# @!attribute headers
|
25
|
-
# Headers sent as part of this request.
|
26
|
-
#
|
27
|
-
# @return [String]
|
28
|
-
|
29
|
-
# @!attribute host
|
30
|
-
# Name of host to which this request was sent.
|
31
|
-
#
|
32
|
-
# @return [String]
|
33
|
-
|
34
|
-
# @!attribute meth
|
35
|
-
# HTTP Method (or VERB) used for request.
|
36
|
-
#
|
37
|
-
# @return [String]
|
38
|
-
|
39
|
-
# @!attribute path
|
40
|
-
# Path portion of URL for this request.
|
41
|
-
#
|
42
|
-
# @return [String]
|
43
|
-
|
44
|
-
# @!attribute port
|
45
|
-
# Port at {#address} to which this request was sent.
|
46
|
-
#
|
47
|
-
# @return [Integer]
|
48
|
-
|
49
|
-
# @!attribute query
|
50
|
-
# Query portion of URL for this request.
|
51
|
-
#
|
52
|
-
# @return [String]
|
53
|
-
|
54
|
-
# @!attribute ssl
|
55
|
-
# Version of SSL to use.
|
56
|
-
#
|
57
|
-
# @return [Integer]
|
58
|
-
|
59
|
-
# @!attribute updated_at
|
60
|
-
# The last time this request was updated.
|
61
|
-
#
|
62
|
-
# @return [DateTime]
|
63
|
-
|
64
|
-
#
|
65
|
-
# @!group Response
|
66
|
-
#
|
67
|
-
|
68
|
-
# @!attribute respcode
|
69
|
-
# HTTP status code sent in response to this request from server.
|
70
|
-
#
|
71
|
-
# @return [String]
|
72
|
-
|
73
|
-
# @!attribute resphead
|
74
|
-
# Headers sent in response from server.
|
75
|
-
#
|
76
|
-
# @return [String]
|
77
|
-
|
78
|
-
# @!attribute response
|
79
|
-
# Response sent from server.
|
80
|
-
#
|
81
|
-
# @return [String]
|
82
|
-
|
83
|
-
#
|
84
|
-
# @!endgroup
|
85
|
-
#
|
86
|
-
|
87
2
|
Metasploit::Concern.run(self)
|
88
3
|
end
|
@@ -1,43 +1,3 @@
|
|
1
|
-
# WMAP target. WMAP is a plugin to metasploit-framework.
|
2
1
|
class Mdm::WmapTarget < ActiveRecord::Base
|
3
|
-
#
|
4
|
-
# Attributes
|
5
|
-
#
|
6
|
-
|
7
|
-
# @!attribute address
|
8
|
-
# IP address of {#host}.
|
9
|
-
#
|
10
|
-
# @return [String]
|
11
|
-
|
12
|
-
# @!attribute created_at
|
13
|
-
# When this target was created.
|
14
|
-
#
|
15
|
-
# @return [DateTime]
|
16
|
-
|
17
|
-
# @!attribute host
|
18
|
-
# Name of this target.
|
19
|
-
#
|
20
|
-
# @return [String]
|
21
|
-
|
22
|
-
# @!attribute port
|
23
|
-
# Port on this target to send {Mdm::WmapRequest requests}.
|
24
|
-
#
|
25
|
-
# @return [Integer]
|
26
|
-
|
27
|
-
# @!attribute selected
|
28
|
-
# Whether this target should be sent requests.
|
29
|
-
#
|
30
|
-
# @return [Integer]
|
31
|
-
|
32
|
-
# @!attribute ssl
|
33
|
-
# Version of SSL to use when sending requests to this target.
|
34
|
-
#
|
35
|
-
# @return [Integer]
|
36
|
-
|
37
|
-
# @!attribute updated_at
|
38
|
-
# The last time this target was updated.
|
39
|
-
#
|
40
|
-
# @return [DateTime]
|
41
|
-
|
42
2
|
Metasploit::Concern.run(self)
|
43
3
|
end
|
data/app/models/mdm/workspace.rb
CHANGED
@@ -1,6 +1,10 @@
|
|
1
|
-
# Workspace to separate different collections of {#hosts}. Can be used to separate pentests against different networks
|
2
|
-
# or different clients as reports are normally generated against all records in a workspace.
|
3
1
|
class Mdm::Workspace < ActiveRecord::Base
|
2
|
+
#
|
3
|
+
# Callbacks
|
4
|
+
#
|
5
|
+
|
6
|
+
before_save :normalize
|
7
|
+
|
4
8
|
#
|
5
9
|
# CONSTANTS
|
6
10
|
#
|
@@ -8,115 +12,36 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
8
12
|
DEFAULT = 'default'
|
9
13
|
|
10
14
|
#
|
11
|
-
#
|
15
|
+
# Relations
|
12
16
|
#
|
13
17
|
|
14
|
-
# Automatic exploitation runs against this workspace.
|
15
18
|
has_many :automatic_exploitation_runs,
|
16
19
|
class_name: 'MetasploitDataModels::AutomaticExploitation::Run',
|
17
20
|
inverse_of: :workspace
|
18
21
|
|
19
|
-
# Automatic exploitation match sets generated against {#hosts} and {#services} in this workspace.
|
20
22
|
has_many :automatic_exploitation_match_sets,
|
21
23
|
class_name: 'MetasploitDataModels::AutomaticExploitation:MatchSet',
|
22
24
|
inverse_of: :workspace
|
23
25
|
|
24
|
-
# @deprecated Use `Mdm::Workspace#core_credentials` defined by `Metasploit::Credential::Engine` to get
|
25
|
-
# `Metasploit::Credential::Core`s gathered from this workspace's {#hosts} and {#services}.
|
26
|
-
#
|
27
|
-
# Creds gathered from this workspace's {#hosts} and {#services}.
|
28
26
|
has_many :creds, :through => :services, :class_name => 'Mdm::Cred'
|
29
|
-
|
30
|
-
# Events that occurred in this workspace.
|
31
27
|
has_many :events, :class_name => 'Mdm::Event'
|
32
|
-
|
33
|
-
# Hosts in this workspace.
|
34
28
|
has_many :hosts, :dependent => :destroy, :class_name => 'Mdm::Host'
|
35
|
-
|
36
|
-
# Listeners running for this workspace.
|
37
29
|
has_many :listeners, :dependent => :destroy, :class_name => 'Mdm::Listener'
|
38
|
-
|
39
|
-
# Notes about this workspace.
|
40
30
|
has_many :notes, :class_name => 'Mdm::Note'
|
41
|
-
|
42
|
-
# User that owns this workspace and has full permissions within this workspace even if they are not an
|
43
|
-
# {Mdm::User#admin administrator}.
|
44
31
|
belongs_to :owner, :class_name => 'Mdm::User', :foreign_key => 'owner_id'
|
45
|
-
|
46
|
-
# Tasks run inside this workspace.
|
47
32
|
has_many :tasks, :dependent => :destroy, :class_name => 'Mdm::Task', :order => 'created_at DESC'
|
48
|
-
|
49
|
-
# Users that are allowed to use this workspace. Does not necessarily include all users, as an {Mdm::User#admin
|
50
|
-
# administrator} can access any workspace, even ones where they are not a member.
|
51
33
|
has_and_belongs_to_many :users, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::User'
|
52
34
|
|
53
35
|
#
|
54
|
-
#
|
36
|
+
# Through :hosts
|
55
37
|
#
|
56
|
-
|
57
|
-
# Social engineering campaign or browser autopwn clients from {#hosts} in this workspace.
|
58
38
|
has_many :clients, :through => :hosts, :class_name => 'Mdm::Client'
|
59
|
-
|
60
|
-
# Hosts exploited in this workspace.
|
61
39
|
has_many :exploited_hosts, :through => :hosts, :class_name => 'Mdm::ExploitedHost'
|
62
|
-
|
63
|
-
# Loot gathered from {#hosts} in this workspace.
|
64
40
|
has_many :loots, :through => :hosts, :class_name => 'Mdm::Loot'
|
65
|
-
|
66
|
-
# Services running on {#hosts} in this workspace.
|
67
|
-
has_many :services,
|
68
|
-
class_name: 'Mdm::Service',
|
69
|
-
foreign_key: :service_id,
|
70
|
-
through: :hosts
|
71
|
-
|
72
|
-
# Vulnerabilities found on {#hosts} in this workspace.
|
73
41
|
has_many :vulns, :through => :hosts, :class_name => 'Mdm::Vuln'
|
74
|
-
|
75
|
-
# Sessions opened on {#hosts} in this workspace.
|
42
|
+
has_many :services, :through => :hosts, :class_name => 'Mdm::Service', :foreign_key => 'service_id'
|
76
43
|
has_many :sessions, :through => :hosts, :class_name => 'Mdm::Session'
|
77
44
|
|
78
|
-
#
|
79
|
-
# Attributes
|
80
|
-
#
|
81
|
-
|
82
|
-
# @!attribute boundary
|
83
|
-
# Comma separated list of IP ranges (in various formats) and IP addresses that users of this workspace are allowed
|
84
|
-
# to interact with if {#limit_to_network} is `true`.
|
85
|
-
#
|
86
|
-
# @return [String]
|
87
|
-
|
88
|
-
# @!attribute description
|
89
|
-
# Long description (beyond {#name}) that explains the purpose of this workspace.
|
90
|
-
#
|
91
|
-
# @return [String]
|
92
|
-
|
93
|
-
# @!attribute limit_to_network
|
94
|
-
# Whether {#boundary} is respected.
|
95
|
-
#
|
96
|
-
# @return [false] do not limit interactions to {#boundary}.
|
97
|
-
# @return [true] limit interactions to {#boundary}.
|
98
|
-
|
99
|
-
# @!attribute name
|
100
|
-
# Name of this workspace.
|
101
|
-
#
|
102
|
-
# @return [String]
|
103
|
-
|
104
|
-
# @!attribute created_at
|
105
|
-
# When this workspace was created.
|
106
|
-
#
|
107
|
-
# @return [DateTime]
|
108
|
-
|
109
|
-
# @!attribute updated_at
|
110
|
-
# The last time this workspace was updated.
|
111
|
-
#
|
112
|
-
# @return [DateTime]
|
113
|
-
|
114
|
-
#
|
115
|
-
# Callbacks
|
116
|
-
#
|
117
|
-
|
118
|
-
before_save :normalize
|
119
|
-
|
120
45
|
#
|
121
46
|
# Validations
|
122
47
|
#
|
@@ -126,15 +51,10 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
126
51
|
validate :boundary_must_be_ip_range
|
127
52
|
|
128
53
|
#
|
129
|
-
#
|
54
|
+
# If limit_to_network is disabled, this will always return true.
|
55
|
+
# Otherwise, return true only if all of the given IPs are within the project
|
56
|
+
# boundaries.
|
130
57
|
#
|
131
|
-
|
132
|
-
# If {#limit_to_network} is disabled, this will always return `true`. Otherwise, return `true` only if all of the
|
133
|
-
# given IPs are within the project {#boundary boundaries}.
|
134
|
-
#
|
135
|
-
# @param ips [String] IP range(s)
|
136
|
-
# @return [true] if actions on ips are allowed.
|
137
|
-
# @return [false] if actions are not allowed on ips.
|
138
58
|
def allow_actions_on?(ips)
|
139
59
|
return true unless limit_to_network
|
140
60
|
return true unless boundary
|
@@ -151,18 +71,10 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
151
71
|
return allowed
|
152
72
|
end
|
153
73
|
|
154
|
-
# Validates that {#boundary} is {#valid_ip_or_range? a valid IP address or IP address range}.
|
155
|
-
#
|
156
|
-
# @return [void]
|
157
74
|
def boundary_must_be_ip_range
|
158
75
|
errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary)
|
159
76
|
end
|
160
77
|
|
161
|
-
# @deprecated Use `Mdm::Workspace#credential_cores` when `Metasploit::Credential::Engine` is installed to get
|
162
|
-
# `Metasploit::Credential::Core`s. Use `Mdm::Service#logins` when `Metasploit::Credential::Engine` is installed to
|
163
|
-
# get `Metasploit::Credential::Login`s.
|
164
|
-
#
|
165
|
-
# @return [ActiveRecord::Relation<Mdm::Cred>]
|
166
78
|
def creds
|
167
79
|
Mdm::Cred.find(
|
168
80
|
:all,
|
@@ -171,52 +83,30 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
171
83
|
)
|
172
84
|
end
|
173
85
|
|
174
|
-
# Returns default {Mdm::Workspace}.
|
175
|
-
#
|
176
|
-
# @return [Mdm::Workspace]
|
177
86
|
def self.default
|
178
87
|
where(name: DEFAULT).first_or_create
|
179
88
|
end
|
180
89
|
|
181
|
-
# Whether this is the {default} workspace.
|
182
|
-
#
|
183
|
-
# @return [true] if this is the {default} workspace.
|
184
|
-
# @return [false] if this is not the {default} workspace.
|
185
90
|
def default?
|
186
91
|
name == DEFAULT
|
187
92
|
end
|
188
93
|
|
189
|
-
# @deprecated Use `workspace.credential_cores.each` when `Metasploit::Credential::Engine` is installed to enumerate
|
190
|
-
# `Metasploit::Credential::Core`s. Use `service.logins.each` when `Metasploit::Credential::Engine` is installed to
|
191
|
-
# enumerate `Metasploit::Credential::Login`s.
|
192
94
|
#
|
193
|
-
#
|
95
|
+
# This method iterates the creds table calling the supplied block with the
|
96
|
+
# cred instance of each entry.
|
194
97
|
#
|
195
|
-
# @yield [cred]
|
196
|
-
# @yieldparam cred [Mdm::Cred] Cred associated with {#hosts a host} or {#services a service} in this workspace.
|
197
|
-
# @yieldreturn [void]
|
198
|
-
# @return [void]
|
199
98
|
def each_cred(&block)
|
200
99
|
creds.each do |cred|
|
201
100
|
block.call(cred)
|
202
101
|
end
|
203
102
|
end
|
204
103
|
|
205
|
-
# Enumerates each element of {#host_tags}.
|
206
|
-
#
|
207
|
-
# @yield [tag]
|
208
|
-
# @yieldparam tag [Mdm::Tag] a tag on {#hosts}.
|
209
|
-
# @yieldreturn [void]
|
210
|
-
# @return [void]
|
211
104
|
def each_host_tag(&block)
|
212
105
|
host_tags.each do |host_tag|
|
213
106
|
block.call(host_tag)
|
214
107
|
end
|
215
108
|
end
|
216
109
|
|
217
|
-
# Tags on {#hosts}.
|
218
|
-
#
|
219
|
-
# @return [ActiveRecord::Relation<Mdm::Tag>]
|
220
110
|
def host_tags
|
221
111
|
Mdm::Tag.find(
|
222
112
|
:all,
|
@@ -225,9 +115,6 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
225
115
|
)
|
226
116
|
end
|
227
117
|
|
228
|
-
# Web forms found on {#web_sites}.
|
229
|
-
#
|
230
|
-
# @return [ActiveRecord::Relation<Mdm::WebForm>]
|
231
118
|
def web_forms
|
232
119
|
query = <<-EOQ
|
233
120
|
SELECT DISTINCT web_forms.*
|
@@ -240,10 +127,6 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
240
127
|
Mdm::WebForm.find_by_sql(query)
|
241
128
|
end
|
242
129
|
|
243
|
-
|
244
|
-
# Web pages found on {#web_sites}.
|
245
|
-
#
|
246
|
-
# @return [ActiveRecord::Relation<Mdm::WebPage>]
|
247
130
|
def web_pages
|
248
131
|
query = <<-EOQ
|
249
132
|
SELECT DISTINCT web_pages.*
|
@@ -256,9 +139,6 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
256
139
|
Mdm::WebPage.find_by_sql(query)
|
257
140
|
end
|
258
141
|
|
259
|
-
# Web sites running on {#services}.
|
260
|
-
#
|
261
|
-
# @return [ActiveRecord::Relation<Mdm::WebSite>]
|
262
142
|
def web_sites
|
263
143
|
query = <<-EOQ
|
264
144
|
SELECT DISTINCT web_sites.*
|
@@ -270,9 +150,6 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
270
150
|
Mdm::WebSite.find_by_sql(query)
|
271
151
|
end
|
272
152
|
|
273
|
-
# Web vulnerability found on {#web_sites}.
|
274
|
-
#
|
275
|
-
# @return [ActiveRecord::Relation<Mdm::WebVuln>]
|
276
153
|
def web_vulns
|
277
154
|
query = <<-EOQ
|
278
155
|
SELECT DISTINCT web_vulns.*
|
@@ -285,9 +162,6 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
285
162
|
Mdm::WebVuln.find_by_sql(query)
|
286
163
|
end
|
287
164
|
|
288
|
-
# Web forms on {#web_sites}.
|
289
|
-
#
|
290
|
-
# @return [ActiveRecord::Relation<Mdm::WebForm>]
|
291
165
|
def unique_web_forms
|
292
166
|
query = <<-EOQ
|
293
167
|
SELECT DISTINCT web_forms.web_site_id, web_forms.path, web_forms.method, web_forms.query
|
@@ -300,11 +174,6 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
300
174
|
Mdm::WebForm.find_by_sql(query)
|
301
175
|
end
|
302
176
|
|
303
|
-
# {#unique_web_forms} hosted on `addrs`.
|
304
|
-
#
|
305
|
-
# @param addrs [Array<IPAddr, String>] {Mdm::Host#address} for the {Mdm::Service#host} for the {Mdm::WebSite#service}
|
306
|
-
# for the {Mdm::WebForm#web_site}.
|
307
|
-
# @return [Array<Mdm::WebForm>]
|
308
177
|
def web_unique_forms(addrs=nil)
|
309
178
|
forms = unique_web_forms
|
310
179
|
if addrs
|
@@ -315,17 +184,10 @@ class Mdm::Workspace < ActiveRecord::Base
|
|
315
184
|
|
316
185
|
private
|
317
186
|
|
318
|
-
# Strips {#boundary}.
|
319
|
-
#
|
320
|
-
# @return [void]
|
321
187
|
def normalize
|
322
188
|
boundary.strip! if boundary
|
323
189
|
end
|
324
190
|
|
325
|
-
# Returns whether `string` is a valid IP address or IP address range.
|
326
|
-
#
|
327
|
-
# @return [true] if valid IP address or IP address range.
|
328
|
-
# @return [false] otherwise.
|
329
191
|
def valid_ip_or_range?(string)
|
330
192
|
begin
|
331
193
|
Rex::Socket::RangeWalker.new(string)
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module MetasploitDataModels::AutomaticExploitation
|
2
|
+
extend ActiveSupport::Autoload
|
3
|
+
|
4
|
+
autoload :Match
|
5
|
+
autoload :MatchResult
|
6
|
+
autoload :MatchSet
|
7
|
+
autoload :Run
|
8
|
+
|
9
|
+
#
|
10
|
+
# Module Methods
|
11
|
+
#
|
12
|
+
|
13
|
+
def self.table_name_prefix
|
14
|
+
'automatic_exploitation_'
|
15
|
+
end
|
16
|
+
end
|