metasploit_data_models 0.6.13
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +24 -0
- data/.rspec +3 -0
- data/.simplecov +38 -0
- data/.yardopts +4 -0
- data/Gemfile +27 -0
- data/LICENSE +27 -0
- data/README.md +72 -0
- data/Rakefile +53 -0
- data/app/models/mdm/api_key.rb +20 -0
- data/app/models/mdm/client.rb +9 -0
- data/app/models/mdm/cred.rb +80 -0
- data/app/models/mdm/event.rb +30 -0
- data/app/models/mdm/exploit_attempt.rb +14 -0
- data/app/models/mdm/exploited_host.rb +11 -0
- data/app/models/mdm/host.rb +134 -0
- data/app/models/mdm/host_detail.rb +15 -0
- data/app/models/mdm/host_tag.rb +13 -0
- data/app/models/mdm/imported_cred.rb +10 -0
- data/app/models/mdm/listener.rb +24 -0
- data/app/models/mdm/loot.rb +63 -0
- data/app/models/mdm/macro.rb +20 -0
- data/app/models/mdm/mod_ref.rb +3 -0
- data/app/models/mdm/module_action.rb +24 -0
- data/app/models/mdm/module_arch.rb +24 -0
- data/app/models/mdm/module_author.rb +25 -0
- data/app/models/mdm/module_detail.rb +59 -0
- data/app/models/mdm/module_mixin.rb +24 -0
- data/app/models/mdm/module_platform.rb +24 -0
- data/app/models/mdm/module_ref.rb +24 -0
- data/app/models/mdm/module_target.rb +26 -0
- data/app/models/mdm/nexpose_console.rb +20 -0
- data/app/models/mdm/note.rb +49 -0
- data/app/models/mdm/profile.rb +9 -0
- data/app/models/mdm/ref.rb +14 -0
- data/app/models/mdm/report.rb +50 -0
- data/app/models/mdm/report_template.rb +27 -0
- data/app/models/mdm/route.rb +9 -0
- data/app/models/mdm/service.rb +56 -0
- data/app/models/mdm/session.rb +48 -0
- data/app/models/mdm/session_event.rb +9 -0
- data/app/models/mdm/tag.rb +46 -0
- data/app/models/mdm/task.rb +41 -0
- data/app/models/mdm/user.rb +25 -0
- data/app/models/mdm/vuln.rb +60 -0
- data/app/models/mdm/vuln_attempt.rb +15 -0
- data/app/models/mdm/vuln_detail.rb +14 -0
- data/app/models/mdm/vuln_ref.rb +13 -0
- data/app/models/mdm/web_form.rb +16 -0
- data/app/models/mdm/web_page.rb +16 -0
- data/app/models/mdm/web_site.rb +47 -0
- data/app/models/mdm/web_vuln.rb +190 -0
- data/app/models/mdm/wmap_request.rb +3 -0
- data/app/models/mdm/wmap_target.rb +3 -0
- data/app/models/mdm/workspace.rb +196 -0
- data/bin/mdm_console +68 -0
- data/console_db.yml +9 -0
- data/db/migrate/000_create_tables.rb +79 -0
- data/db/migrate/001_add_wmap_tables.rb +35 -0
- data/db/migrate/002_add_workspaces.rb +36 -0
- data/db/migrate/003_move_notes.rb +20 -0
- data/db/migrate/004_add_events_table.rb +16 -0
- data/db/migrate/005_expand_info.rb +58 -0
- data/db/migrate/006_add_timestamps.rb +26 -0
- data/db/migrate/007_add_loots.rb +20 -0
- data/db/migrate/008_create_users.rb +16 -0
- data/db/migrate/009_add_loots_ctype.rb +10 -0
- data/db/migrate/010_add_alert_fields.rb +16 -0
- data/db/migrate/011_add_reports.rb +19 -0
- data/db/migrate/012_add_tasks.rb +24 -0
- data/db/migrate/013_add_tasks_result.rb +10 -0
- data/db/migrate/014_add_loots_fields.rb +12 -0
- data/db/migrate/015_rename_user.rb +16 -0
- data/db/migrate/016_add_host_purpose.rb +10 -0
- data/db/migrate/017_expand_info2.rb +58 -0
- data/db/migrate/018_add_workspace_user_info.rb +29 -0
- data/db/migrate/019_add_workspace_desc.rb +23 -0
- data/db/migrate/020_add_user_preferences.rb +11 -0
- data/db/migrate/021_standardize_info_and_data.rb +18 -0
- data/db/migrate/022_enlarge_event_info.rb +10 -0
- data/db/migrate/023_add_report_downloaded_at.rb +10 -0
- data/db/migrate/024_convert_service_info_to_text.rb +12 -0
- data/db/migrate/025_add_user_admin.rb +19 -0
- data/db/migrate/026_add_creds_table.rb +19 -0
- data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
- data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
- data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
- data/db/migrate/20100911122000_add_report_templates.rb +18 -0
- data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
- data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
- data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
- data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
- data/db/migrate/20101001000000_add_web_tables.rb +57 -0
- data/db/migrate/20101002000000_add_query.rb +10 -0
- data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
- data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
- data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
- data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
- data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
- data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
- data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
- data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
- data/db/migrate/20110204112800_add_host_tags.rb +28 -0
- data/db/migrate/20110317144932_add_session_table.rb +110 -0
- data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
- data/db/migrate/20110415175705_add_routes_table.rb +18 -0
- data/db/migrate/20110422000000_convert_binary.rb +72 -0
- data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
- data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
- data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
- data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
- data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
- data/db/migrate/20110606000001_add_macros_table.rb +16 -0
- data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
- data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
- data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
- data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
- data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
- data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
- data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
- data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
- data/db/migrate/20110812000001_prune_indexes.rb +23 -0
- data/db/migrate/20110922000000_expand_notes.rb +9 -0
- data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
- data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
- data/db/migrate/20111203000000_inet_columns.rb +13 -0
- data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
- data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
- data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
- data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
- data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
- data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
- data/db/migrate/20120625000001_add_host_details.rb +16 -0
- data/db/migrate/20120625000002_expand_details.rb +16 -0
- data/db/migrate/20120625000003_expand_details2.rb +24 -0
- data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
- data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
- data/db/migrate/20120625000006_add_module_details.rb +118 -0
- data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
- data/db/migrate/20120625000008_add_fail_message.rb +12 -0
- data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
- data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +35 -0
- data/lib/mdm.rb +12 -0
- data/lib/mdm/host/operating_system_normalization.rb +984 -0
- data/lib/metasploit_data_models.rb +60 -0
- data/lib/metasploit_data_models/base64_serializer.rb +103 -0
- data/lib/metasploit_data_models/engine.rb +23 -0
- data/lib/metasploit_data_models/serialized_prefs.rb +23 -0
- data/lib/metasploit_data_models/validators/ip_format_validator.rb +13 -0
- data/lib/metasploit_data_models/validators/password_is_strong_validator.rb +70 -0
- data/lib/metasploit_data_models/version.rb +8 -0
- data/lib/tasks/yard.rake +26 -0
- data/metasploit_data_models.gemspec +31 -0
- data/script/rails +8 -0
- data/spec/app/models/mdm/module_action_spec.rb +38 -0
- data/spec/app/models/mdm/module_arch_spec.rb +38 -0
- data/spec/app/models/mdm/module_author_spec.rb +50 -0
- data/spec/app/models/mdm/module_detail_spec.rb +291 -0
- data/spec/app/models/mdm/module_mixin_spec.rb +38 -0
- data/spec/app/models/mdm/module_platform_spec.rb +38 -0
- data/spec/app/models/mdm/module_ref_spec.rb +38 -0
- data/spec/app/models/mdm/module_target_spec.rb +41 -0
- data/spec/app/models/mdm/web_vuln_spec.rb +126 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +15 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +61 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml.example +22 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +67 -0
- data/spec/dummy/config/environments/test.rb +37 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/inflections.rb +15 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/routes.rb +2 -0
- data/spec/dummy/db/schema.rb +638 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/log/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +25 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/mdm/addresses.rb +7 -0
- data/spec/factories/mdm/hosts.rb +18 -0
- data/spec/factories/mdm/module_actions.rb +14 -0
- data/spec/factories/mdm/module_archs.rb +14 -0
- data/spec/factories/mdm/module_authors.rb +22 -0
- data/spec/factories/mdm/module_details.rb +9 -0
- data/spec/factories/mdm/module_mixins.rb +14 -0
- data/spec/factories/mdm/module_platforms.rb +14 -0
- data/spec/factories/mdm/module_refs.rb +14 -0
- data/spec/factories/mdm/module_targets.rb +19 -0
- data/spec/factories/mdm/services.rb +35 -0
- data/spec/factories/mdm/users.rb +22 -0
- data/spec/factories/mdm/web_sites.rb +8 -0
- data/spec/factories/mdm/web_vulns.rb +64 -0
- data/spec/factories/mdm/workspaces.rb +23 -0
- data/spec/lib/base64_serializer_spec.rb +174 -0
- data/spec/spec_helper.rb +36 -0
- metadata +433 -0
@@ -0,0 +1,60 @@
|
|
1
|
+
#
|
2
|
+
# Core
|
3
|
+
#
|
4
|
+
require 'shellwords'
|
5
|
+
|
6
|
+
#
|
7
|
+
# Gems
|
8
|
+
#
|
9
|
+
require 'active_record'
|
10
|
+
require 'active_support'
|
11
|
+
require 'active_support/all'
|
12
|
+
require 'active_support/dependencies'
|
13
|
+
|
14
|
+
#
|
15
|
+
# Project
|
16
|
+
#
|
17
|
+
require 'mdm'
|
18
|
+
require 'metasploit_data_models/version'
|
19
|
+
require 'metasploit_data_models/serialized_prefs'
|
20
|
+
require 'metasploit_data_models/base64_serializer'
|
21
|
+
|
22
|
+
require 'metasploit_data_models/validators/ip_format_validator'
|
23
|
+
require 'metasploit_data_models/validators/password_is_strong_validator'
|
24
|
+
|
25
|
+
# Only include the Rails engine when using Rails. This allows the non-Rails projects, like metasploit-framework to use
|
26
|
+
# the models by calling MetasploitDataModels.require_models.
|
27
|
+
if defined? Rails
|
28
|
+
require 'metasploit_data_models/engine'
|
29
|
+
end
|
30
|
+
|
31
|
+
module MetasploitDataModels
|
32
|
+
def self.models_pathname
|
33
|
+
root.join('app', 'models')
|
34
|
+
end
|
35
|
+
|
36
|
+
def self.require_models
|
37
|
+
models_globs = models_pathname.join('**', '*.rb')
|
38
|
+
|
39
|
+
Dir.glob(models_globs) do |model_path|
|
40
|
+
require model_path
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def self.root
|
45
|
+
unless instance_variable_defined? :@root
|
46
|
+
lib_pathname = Pathname.new(__FILE__).dirname
|
47
|
+
|
48
|
+
@root = lib_pathname.parent
|
49
|
+
end
|
50
|
+
|
51
|
+
@root
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
lib_pathname = MetasploitDataModels.root.join('lib')
|
56
|
+
# has to work under 1.8.7, so can't use to_path
|
57
|
+
lib_path = lib_pathname.to_s
|
58
|
+
# Add path to gem's lib so that concerns for models are loaded correctly if models are reloaded
|
59
|
+
ActiveSupport::Dependencies.autoload_paths << lib_path
|
60
|
+
ActiveSupport::Dependencies.autoload_once_paths << lib_path
|
@@ -0,0 +1,103 @@
|
|
1
|
+
# Provides ActiveRecord 3.1x-friendly serialization for descendants of
|
2
|
+
# ActiveRecord::Base. Backwards compatible with older YAML methods and
|
3
|
+
# will fall back to string decoding in the worst case
|
4
|
+
#
|
5
|
+
# @example Using default default of {}
|
6
|
+
# serialize :foo, MetasploitDataModels::Base64Serializer.new
|
7
|
+
#
|
8
|
+
# @example Overriding default to []
|
9
|
+
# serialize :bar, MetasploitDataModels::Base64Serializer.new(:default => [])
|
10
|
+
#
|
11
|
+
module MetasploitDataModels
|
12
|
+
class Base64Serializer
|
13
|
+
#
|
14
|
+
# CONSTANTS
|
15
|
+
#
|
16
|
+
|
17
|
+
# The default for {#default}
|
18
|
+
DEFAULT = {}
|
19
|
+
# Deserializers for {#load}
|
20
|
+
# 1. Base64 decoding and then unmarshalling the value.
|
21
|
+
# 2. Parsing the value as YAML.
|
22
|
+
# 3. The raw value.
|
23
|
+
LOADERS = [
|
24
|
+
lambda { |serialized|
|
25
|
+
marshaled = serialized.unpack('m').first
|
26
|
+
# Load the unpacked Marshal object first
|
27
|
+
Marshal.load(marshaled)
|
28
|
+
},
|
29
|
+
lambda { |serialized|
|
30
|
+
# Support legacy YAML encoding for existing data
|
31
|
+
YAML.load(serialized)
|
32
|
+
},
|
33
|
+
lambda { |serialized|
|
34
|
+
# Fall back to string decoding
|
35
|
+
serialized
|
36
|
+
}
|
37
|
+
]
|
38
|
+
|
39
|
+
#
|
40
|
+
# Methods
|
41
|
+
#
|
42
|
+
|
43
|
+
# Creates a duplicate of default value
|
44
|
+
#
|
45
|
+
# @return
|
46
|
+
def default
|
47
|
+
@default.dup
|
48
|
+
end
|
49
|
+
|
50
|
+
attr_writer :default
|
51
|
+
|
52
|
+
# Serializes the value by marshalling the value and then base64 encodes the marshaled value.
|
53
|
+
#
|
54
|
+
# @param value [Object] value to serialize
|
55
|
+
# @return [String]
|
56
|
+
def dump(value)
|
57
|
+
# Always store data back in the Marshal format
|
58
|
+
marshalled = Marshal.dump(value)
|
59
|
+
base64_encoded = [ marshalled ].pack('m')
|
60
|
+
|
61
|
+
base64_encoded
|
62
|
+
end
|
63
|
+
|
64
|
+
# @param attributes [Hash] attributes
|
65
|
+
# @option attributes [Object] :default ({}) Value to use for {#default}.
|
66
|
+
def initialize(attributes={})
|
67
|
+
attributes.assert_valid_keys(:default)
|
68
|
+
|
69
|
+
@default = attributes.fetch(:default, DEFAULT)
|
70
|
+
end
|
71
|
+
|
72
|
+
# Deserializes the value by either
|
73
|
+
# 1. Base64 decoding and then unmarshalling the value.
|
74
|
+
# 2. Parsing the value as YAML.
|
75
|
+
# 3. Returns the raw value.
|
76
|
+
#
|
77
|
+
# @param value [String] serialized value
|
78
|
+
# @return [Object]
|
79
|
+
#
|
80
|
+
# @see #default
|
81
|
+
def load(value)
|
82
|
+
loaded = nil
|
83
|
+
|
84
|
+
if value.blank?
|
85
|
+
loaded = default
|
86
|
+
else
|
87
|
+
LOADERS.each do |loader|
|
88
|
+
begin
|
89
|
+
loaded = loader.call(value)
|
90
|
+
rescue
|
91
|
+
next
|
92
|
+
else
|
93
|
+
break
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
loaded
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'rails'
|
2
|
+
|
3
|
+
module MetasploitDataModels
|
4
|
+
class Engine < Rails::Engine
|
5
|
+
# @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl
|
6
|
+
config.generators do |g|
|
7
|
+
g.assets false
|
8
|
+
g.fixture_replacement :factory_girl, :dir => 'spec/factories'
|
9
|
+
g.helper false
|
10
|
+
g.test_framework :rspec, :fixture => false
|
11
|
+
end
|
12
|
+
|
13
|
+
initializer 'metasploit_data_models.prepend_factory_path', :after => 'factory_girl.set_factory_paths' do
|
14
|
+
if defined? FactoryGirl
|
15
|
+
relative_definition_file_path = config.generators.options[:factory_girl][:dir]
|
16
|
+
definition_file_path = root.join(relative_definition_file_path)
|
17
|
+
|
18
|
+
# unshift so that Pro can modify mdm factories
|
19
|
+
FactoryGirl.definition_file_paths.unshift definition_file_path
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module MetasploitDataModels
|
2
|
+
module SerializedPrefs
|
3
|
+
def serialized_prefs_attr_accessor(*args)
|
4
|
+
args.each do |method_name|
|
5
|
+
|
6
|
+
method_declarations = <<-RUBY
|
7
|
+
def #{method_name}
|
8
|
+
return if not self.prefs
|
9
|
+
self.prefs[:#{method_name}]
|
10
|
+
end
|
11
|
+
|
12
|
+
def #{method_name}=(value)
|
13
|
+
temp = self.prefs || {}
|
14
|
+
temp[:#{method_name}] = value
|
15
|
+
self.prefs = temp
|
16
|
+
end
|
17
|
+
RUBY
|
18
|
+
|
19
|
+
class_eval method_declarations, __FILE__, __LINE__
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require "ipaddr"
|
2
|
+
|
3
|
+
class IpFormatValidator < ActiveModel::EachValidator
|
4
|
+
def validate_each(object, attribute, value)
|
5
|
+
error_message_block = lambda{ object.errors[attribute] << " must be a valid IPv4 or IPv6 address" }
|
6
|
+
begin
|
7
|
+
potential_ip = IPAddr.new(value)
|
8
|
+
error_message_block.call unless potential_ip.ipv4? || potential_ip.ipv6?
|
9
|
+
rescue ArgumentError
|
10
|
+
error_message_block.call
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
class PasswordIsStrongValidator < ActiveModel::EachValidator
|
2
|
+
COMMON_PASSWORDS = %w{
|
3
|
+
password pass root admin metasploit
|
4
|
+
msf 123456 qwerty abc123 letmein monkey link182 demo
|
5
|
+
changeme test1234 rapid7
|
6
|
+
}
|
7
|
+
|
8
|
+
def validate_each(record, attribute, value)
|
9
|
+
return if value.blank?
|
10
|
+
|
11
|
+
if is_simple?(value)
|
12
|
+
record.errors[attribute] << "must contain letters, numbers, and at least one special character"
|
13
|
+
end
|
14
|
+
|
15
|
+
if contains_username?(record.username, value)
|
16
|
+
record.errors[attribute] << "must not contain the username"
|
17
|
+
end
|
18
|
+
|
19
|
+
if is_common_password?(value)
|
20
|
+
record.errors[attribute] << "must not be a common password"
|
21
|
+
end
|
22
|
+
|
23
|
+
if contains_repetition?(value)
|
24
|
+
record.errors[attribute] << "must not be a predictable sequence of characters"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def is_simple?(password)
|
31
|
+
not (password =~ /[A-Za-z]/ and password =~ /[0-9]/ and password =~ /[\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x3a\x3b\x3c\x3d\x3e\x3f\x5b\x5c\x5d\x5e\x5f\x60\x7b\x7c\x7d\x7e]/)
|
32
|
+
end
|
33
|
+
|
34
|
+
def contains_username?(username, password)
|
35
|
+
password =~ /#{username}/i
|
36
|
+
end
|
37
|
+
|
38
|
+
def is_common_password?(password)
|
39
|
+
COMMON_PASSWORDS.each do |pw|
|
40
|
+
common_pw = [pw, pw + "!", pw + "1", pw + "12", pw + "123", pw + "1234"]
|
41
|
+
if common_pw.include?(password.downcase)
|
42
|
+
return true
|
43
|
+
end
|
44
|
+
end
|
45
|
+
false
|
46
|
+
end
|
47
|
+
|
48
|
+
def contains_repetition?(password)
|
49
|
+
# Password repetition (quite basic) -- no "aaaaaa" or "ababab" or "abcabc" or
|
50
|
+
# "abcdabcd" (but note that the user can use "aaaaaab" or something).
|
51
|
+
|
52
|
+
if password.scan(/./).uniq.size < 2
|
53
|
+
return true
|
54
|
+
end
|
55
|
+
|
56
|
+
if (password.size % 2 == 0) and (password.scan(/../).uniq.size < 2)
|
57
|
+
return true
|
58
|
+
end
|
59
|
+
|
60
|
+
if (password.size % 3 == 0) and (password.scan(/.../).uniq.size < 2)
|
61
|
+
return true
|
62
|
+
end
|
63
|
+
|
64
|
+
if (password.size % 4 == 0) and (password.scan(/..../).uniq.size < 2)
|
65
|
+
return true
|
66
|
+
end
|
67
|
+
|
68
|
+
false
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
module MetasploitDataModels
|
2
|
+
# MetasploitDataModels follows the {http://semver.org/ Semantic Versioning Specification}. At this time, the API
|
3
|
+
# is considered unstable because although the database migrations have moved from
|
4
|
+
# metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
|
5
|
+
# migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
|
6
|
+
# and pro, so models may be removed in the future. Because of the unstable API the version should remain below 1.0.0
|
7
|
+
VERSION = '0.6.13'
|
8
|
+
end
|
data/lib/tasks/yard.rake
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
# @note All options not specific to any given rake task should go in the .yardopts file so they are available to both
|
2
|
+
# the below rake tasks and when invoking `yard` from the command line
|
3
|
+
|
4
|
+
if defined? YARD
|
5
|
+
namespace :yard do
|
6
|
+
YARD::Rake::YardocTask.new(:doc) do |t|
|
7
|
+
# --no-stats here as 'stats' task called after will print fuller stats
|
8
|
+
t.options = ['--no-stats']
|
9
|
+
|
10
|
+
t.after = Proc.new {
|
11
|
+
Rake::Task['yard:stats'].execute
|
12
|
+
}
|
13
|
+
end
|
14
|
+
|
15
|
+
desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods"
|
16
|
+
task :stats => :environment do
|
17
|
+
stats = YARD::CLI::Stats.new
|
18
|
+
stats.run('--compact', '--list-undoc')
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
# @todo Figure out how to just clone description from yard:doc
|
23
|
+
desc "Generate YARD documentation"
|
24
|
+
# allow calling namespace to as a task that goes to default task for namespace
|
25
|
+
task :yard => ['yard:doc']
|
26
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "metasploit_data_models/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "metasploit_data_models"
|
7
|
+
s.version = MetasploitDataModels::VERSION
|
8
|
+
s.authors = ["Trevor Rosen"]
|
9
|
+
s.email = ["trevor_rosen@rapid7.com"]
|
10
|
+
s.homepage = ""
|
11
|
+
s.summary = %q{Database code for MSF and Metasploit Pro}
|
12
|
+
s.description = %q{Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions.}
|
13
|
+
|
14
|
+
s.files = `git ls-files`.split("\n")
|
15
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
16
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
17
|
+
s.require_paths = ["lib"]
|
18
|
+
|
19
|
+
# ---- Dependencies ----
|
20
|
+
s.add_development_dependency 'rake'
|
21
|
+
# markdown formatting for yard
|
22
|
+
s.add_development_dependency 'redcarpet'
|
23
|
+
# documentation
|
24
|
+
s.add_development_dependency 'yard'
|
25
|
+
# debugging
|
26
|
+
s.add_development_dependency 'pry'
|
27
|
+
|
28
|
+
s.add_runtime_dependency 'activerecord', '>= 3.2.13'
|
29
|
+
s.add_runtime_dependency 'activesupport'
|
30
|
+
s.add_runtime_dependency 'pg'
|
31
|
+
end
|
data/script/rails
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
ENGINE_ROOT = File.expand_path('../..', __FILE__)
|
5
|
+
ENGINE_PATH = File.expand_path('../../lib/metasploit_data_models/engine', __FILE__)
|
6
|
+
|
7
|
+
require 'rails/all'
|
8
|
+
require 'rails/engine/commands'
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Mdm::ModuleAction do
|
4
|
+
context 'associations' do
|
5
|
+
it { should belong_to(:module_detail).class_name('Mdm::ModuleDetail') }
|
6
|
+
end
|
7
|
+
|
8
|
+
context 'database' do
|
9
|
+
context 'columns' do
|
10
|
+
it { should have_db_column(:module_detail_id).of_type(:integer) }
|
11
|
+
it { should have_db_column(:name).of_type(:text) }
|
12
|
+
end
|
13
|
+
|
14
|
+
context 'indices' do
|
15
|
+
it { should have_db_index(:module_detail_id) }
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context 'factories' do
|
20
|
+
context 'mdm_module_action' do
|
21
|
+
subject(:mdm_module_action) do
|
22
|
+
FactoryGirl.build(:mdm_module_action)
|
23
|
+
end
|
24
|
+
|
25
|
+
it { should be_valid }
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
context 'mass assignment security' do
|
30
|
+
it { should_not allow_mass_assignment_of(:module_detail_id) }
|
31
|
+
it { should allow_mass_assignment_of(:name) }
|
32
|
+
end
|
33
|
+
|
34
|
+
context 'validations' do
|
35
|
+
it { should validate_presence_of(:module_detail) }
|
36
|
+
it { should validate_presence_of(:name) }
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Mdm::ModuleArch do
|
4
|
+
context 'associations' do
|
5
|
+
it { should belong_to(:module_detail).class_name('Mdm::ModuleDetail') }
|
6
|
+
end
|
7
|
+
|
8
|
+
context 'database' do
|
9
|
+
context 'columns' do
|
10
|
+
it { should have_db_column(:module_detail_id).of_type(:integer) }
|
11
|
+
it { should have_db_column(:name).of_type(:text) }
|
12
|
+
end
|
13
|
+
|
14
|
+
context 'indices' do
|
15
|
+
it { should have_db_index(:module_detail_id) }
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context 'factories' do
|
20
|
+
context 'mdm_module_arch' do
|
21
|
+
subject(:mdm_module_arch) do
|
22
|
+
FactoryGirl.build(:mdm_module_arch)
|
23
|
+
end
|
24
|
+
|
25
|
+
it { should be_valid }
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
context 'mass assignment security' do
|
30
|
+
it { should_not allow_mass_assignment_of(:module_detail_id) }
|
31
|
+
it { should allow_mass_assignment_of(:name) }
|
32
|
+
end
|
33
|
+
|
34
|
+
context 'validations' do
|
35
|
+
it { should validate_presence_of(:module_detail) }
|
36
|
+
it { should validate_presence_of(:name) }
|
37
|
+
end
|
38
|
+
end
|