metasploit_data_models 0.6.13
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +24 -0
- data/.rspec +3 -0
- data/.simplecov +38 -0
- data/.yardopts +4 -0
- data/Gemfile +27 -0
- data/LICENSE +27 -0
- data/README.md +72 -0
- data/Rakefile +53 -0
- data/app/models/mdm/api_key.rb +20 -0
- data/app/models/mdm/client.rb +9 -0
- data/app/models/mdm/cred.rb +80 -0
- data/app/models/mdm/event.rb +30 -0
- data/app/models/mdm/exploit_attempt.rb +14 -0
- data/app/models/mdm/exploited_host.rb +11 -0
- data/app/models/mdm/host.rb +134 -0
- data/app/models/mdm/host_detail.rb +15 -0
- data/app/models/mdm/host_tag.rb +13 -0
- data/app/models/mdm/imported_cred.rb +10 -0
- data/app/models/mdm/listener.rb +24 -0
- data/app/models/mdm/loot.rb +63 -0
- data/app/models/mdm/macro.rb +20 -0
- data/app/models/mdm/mod_ref.rb +3 -0
- data/app/models/mdm/module_action.rb +24 -0
- data/app/models/mdm/module_arch.rb +24 -0
- data/app/models/mdm/module_author.rb +25 -0
- data/app/models/mdm/module_detail.rb +59 -0
- data/app/models/mdm/module_mixin.rb +24 -0
- data/app/models/mdm/module_platform.rb +24 -0
- data/app/models/mdm/module_ref.rb +24 -0
- data/app/models/mdm/module_target.rb +26 -0
- data/app/models/mdm/nexpose_console.rb +20 -0
- data/app/models/mdm/note.rb +49 -0
- data/app/models/mdm/profile.rb +9 -0
- data/app/models/mdm/ref.rb +14 -0
- data/app/models/mdm/report.rb +50 -0
- data/app/models/mdm/report_template.rb +27 -0
- data/app/models/mdm/route.rb +9 -0
- data/app/models/mdm/service.rb +56 -0
- data/app/models/mdm/session.rb +48 -0
- data/app/models/mdm/session_event.rb +9 -0
- data/app/models/mdm/tag.rb +46 -0
- data/app/models/mdm/task.rb +41 -0
- data/app/models/mdm/user.rb +25 -0
- data/app/models/mdm/vuln.rb +60 -0
- data/app/models/mdm/vuln_attempt.rb +15 -0
- data/app/models/mdm/vuln_detail.rb +14 -0
- data/app/models/mdm/vuln_ref.rb +13 -0
- data/app/models/mdm/web_form.rb +16 -0
- data/app/models/mdm/web_page.rb +16 -0
- data/app/models/mdm/web_site.rb +47 -0
- data/app/models/mdm/web_vuln.rb +190 -0
- data/app/models/mdm/wmap_request.rb +3 -0
- data/app/models/mdm/wmap_target.rb +3 -0
- data/app/models/mdm/workspace.rb +196 -0
- data/bin/mdm_console +68 -0
- data/console_db.yml +9 -0
- data/db/migrate/000_create_tables.rb +79 -0
- data/db/migrate/001_add_wmap_tables.rb +35 -0
- data/db/migrate/002_add_workspaces.rb +36 -0
- data/db/migrate/003_move_notes.rb +20 -0
- data/db/migrate/004_add_events_table.rb +16 -0
- data/db/migrate/005_expand_info.rb +58 -0
- data/db/migrate/006_add_timestamps.rb +26 -0
- data/db/migrate/007_add_loots.rb +20 -0
- data/db/migrate/008_create_users.rb +16 -0
- data/db/migrate/009_add_loots_ctype.rb +10 -0
- data/db/migrate/010_add_alert_fields.rb +16 -0
- data/db/migrate/011_add_reports.rb +19 -0
- data/db/migrate/012_add_tasks.rb +24 -0
- data/db/migrate/013_add_tasks_result.rb +10 -0
- data/db/migrate/014_add_loots_fields.rb +12 -0
- data/db/migrate/015_rename_user.rb +16 -0
- data/db/migrate/016_add_host_purpose.rb +10 -0
- data/db/migrate/017_expand_info2.rb +58 -0
- data/db/migrate/018_add_workspace_user_info.rb +29 -0
- data/db/migrate/019_add_workspace_desc.rb +23 -0
- data/db/migrate/020_add_user_preferences.rb +11 -0
- data/db/migrate/021_standardize_info_and_data.rb +18 -0
- data/db/migrate/022_enlarge_event_info.rb +10 -0
- data/db/migrate/023_add_report_downloaded_at.rb +10 -0
- data/db/migrate/024_convert_service_info_to_text.rb +12 -0
- data/db/migrate/025_add_user_admin.rb +19 -0
- data/db/migrate/026_add_creds_table.rb +19 -0
- data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
- data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
- data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
- data/db/migrate/20100911122000_add_report_templates.rb +18 -0
- data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
- data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
- data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
- data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
- data/db/migrate/20101001000000_add_web_tables.rb +57 -0
- data/db/migrate/20101002000000_add_query.rb +10 -0
- data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
- data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
- data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
- data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
- data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
- data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
- data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
- data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
- data/db/migrate/20110204112800_add_host_tags.rb +28 -0
- data/db/migrate/20110317144932_add_session_table.rb +110 -0
- data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
- data/db/migrate/20110415175705_add_routes_table.rb +18 -0
- data/db/migrate/20110422000000_convert_binary.rb +72 -0
- data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
- data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
- data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
- data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
- data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
- data/db/migrate/20110606000001_add_macros_table.rb +16 -0
- data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
- data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
- data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
- data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
- data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
- data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
- data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
- data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
- data/db/migrate/20110812000001_prune_indexes.rb +23 -0
- data/db/migrate/20110922000000_expand_notes.rb +9 -0
- data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
- data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
- data/db/migrate/20111203000000_inet_columns.rb +13 -0
- data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
- data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
- data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
- data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
- data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
- data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
- data/db/migrate/20120625000001_add_host_details.rb +16 -0
- data/db/migrate/20120625000002_expand_details.rb +16 -0
- data/db/migrate/20120625000003_expand_details2.rb +24 -0
- data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
- data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
- data/db/migrate/20120625000006_add_module_details.rb +118 -0
- data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
- data/db/migrate/20120625000008_add_fail_message.rb +12 -0
- data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
- data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +35 -0
- data/lib/mdm.rb +12 -0
- data/lib/mdm/host/operating_system_normalization.rb +984 -0
- data/lib/metasploit_data_models.rb +60 -0
- data/lib/metasploit_data_models/base64_serializer.rb +103 -0
- data/lib/metasploit_data_models/engine.rb +23 -0
- data/lib/metasploit_data_models/serialized_prefs.rb +23 -0
- data/lib/metasploit_data_models/validators/ip_format_validator.rb +13 -0
- data/lib/metasploit_data_models/validators/password_is_strong_validator.rb +70 -0
- data/lib/metasploit_data_models/version.rb +8 -0
- data/lib/tasks/yard.rake +26 -0
- data/metasploit_data_models.gemspec +31 -0
- data/script/rails +8 -0
- data/spec/app/models/mdm/module_action_spec.rb +38 -0
- data/spec/app/models/mdm/module_arch_spec.rb +38 -0
- data/spec/app/models/mdm/module_author_spec.rb +50 -0
- data/spec/app/models/mdm/module_detail_spec.rb +291 -0
- data/spec/app/models/mdm/module_mixin_spec.rb +38 -0
- data/spec/app/models/mdm/module_platform_spec.rb +38 -0
- data/spec/app/models/mdm/module_ref_spec.rb +38 -0
- data/spec/app/models/mdm/module_target_spec.rb +41 -0
- data/spec/app/models/mdm/web_vuln_spec.rb +126 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +15 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +61 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml.example +22 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +67 -0
- data/spec/dummy/config/environments/test.rb +37 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/inflections.rb +15 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/routes.rb +2 -0
- data/spec/dummy/db/schema.rb +638 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/log/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +25 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/mdm/addresses.rb +7 -0
- data/spec/factories/mdm/hosts.rb +18 -0
- data/spec/factories/mdm/module_actions.rb +14 -0
- data/spec/factories/mdm/module_archs.rb +14 -0
- data/spec/factories/mdm/module_authors.rb +22 -0
- data/spec/factories/mdm/module_details.rb +9 -0
- data/spec/factories/mdm/module_mixins.rb +14 -0
- data/spec/factories/mdm/module_platforms.rb +14 -0
- data/spec/factories/mdm/module_refs.rb +14 -0
- data/spec/factories/mdm/module_targets.rb +19 -0
- data/spec/factories/mdm/services.rb +35 -0
- data/spec/factories/mdm/users.rb +22 -0
- data/spec/factories/mdm/web_sites.rb +8 -0
- data/spec/factories/mdm/web_vulns.rb +64 -0
- data/spec/factories/mdm/workspaces.rb +23 -0
- data/spec/lib/base64_serializer_spec.rb +174 -0
- data/spec/spec_helper.rb +36 -0
- metadata +433 -0
@@ -0,0 +1,17 @@
|
|
1
|
+
# Probably temporary, a spot to stash module names and their associated refs
|
2
|
+
# Don't count on it being populated at any given moment.
|
3
|
+
class AddModRefTable < ActiveRecord::Migration
|
4
|
+
|
5
|
+
def self.up
|
6
|
+
create_table :mod_refs do |t|
|
7
|
+
t.string :module, :limit => 1024
|
8
|
+
t.string :mtype, :limit => 128
|
9
|
+
t.text :ref
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.down
|
14
|
+
drop_table :mod_refs
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
class AddDisplayNameToReportsTable < ActiveRecord::Migration
|
2
|
+
|
3
|
+
class Report < ActiveRecord::Base
|
4
|
+
end
|
5
|
+
|
6
|
+
def self.up
|
7
|
+
|
8
|
+
add_column :reports, :name, :string, :limit => 63
|
9
|
+
|
10
|
+
# Migrate to have a default name.
|
11
|
+
|
12
|
+
Report.find(:all).each do |report|
|
13
|
+
rtype = report.rtype.to_s =~ /^([A-Z0-9]+)\x2d/i ? $1 : "AUDIT"
|
14
|
+
default_name = rtype[0,57].downcase.capitalize + "-" + report.id.to_s[0,5]
|
15
|
+
report.name = default_name
|
16
|
+
report.save
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.down
|
21
|
+
remove_column :reports, :name
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
class InetColumns < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
change_column :hosts, :address, 'INET using address::INET'
|
5
|
+
remove_column :hosts, :address6
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.down
|
9
|
+
change_column :hosts, :address, :text
|
10
|
+
add_column :hosts, :address6, :text
|
11
|
+
end
|
12
|
+
|
13
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class MoreInetColumns < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
change_column :wmap_requests, :address, 'INET using address::INET'
|
5
|
+
remove_column :wmap_requests, :address6
|
6
|
+
change_column :wmap_targets, :address, 'INET using address::INET'
|
7
|
+
remove_column :wmap_targets, :address6
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.down
|
11
|
+
change_column :wmap_requests, :address, :string, :limit => 16
|
12
|
+
add_column :wmap_requests, :address6, :string, :limit => 255
|
13
|
+
change_column :wmap_targets, :address, :string, :limit => 16
|
14
|
+
add_column :wmap_targets, :address6, :string, :limit => 255
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
class AddCounterCachesToHosts < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
add_column :hosts, :note_count, :integer, :default => 0
|
5
|
+
add_column :hosts, :vuln_count, :integer, :default => 0
|
6
|
+
add_column :hosts, :service_count, :integer, :default => 0
|
7
|
+
|
8
|
+
Mdm::Host.reset_column_information
|
9
|
+
Mdm::Host.all.each do |h|
|
10
|
+
Mdm::Host.reset_counters h.id, :notes
|
11
|
+
Mdm::Host.reset_counters h.id, :vulns
|
12
|
+
Mdm::Host.reset_counters h.id, :services
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.down
|
17
|
+
remove_column :hosts, :note_count
|
18
|
+
remove_column :hosts, :vuln_count
|
19
|
+
remove_column :hosts, :service_count
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
class AddVulnDetails < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
create_table :vuln_details do |t|
|
5
|
+
t.integer :vuln_id # Vuln table reference
|
6
|
+
t.float :cvss_score # 0.0 to 10.0
|
7
|
+
t.string :cvss_vector # Ex: (AV:N/AC:L/Au:N/C:C/I:C/A:C)(AV:N/AC:L/Au:N/C:C/I:C/A:C)
|
8
|
+
|
9
|
+
t.string :title # Short identifier
|
10
|
+
t.text :description # Plain text or HTML (trusted)
|
11
|
+
t.text :solution # Plain text or HTML (trusted)
|
12
|
+
t.binary :proof # Should be UTF-8, but may not be, sanitize on output
|
13
|
+
# Technically this duplicates vuln.info, but that field
|
14
|
+
# is poorly managed / handled today. Eventually we will
|
15
|
+
# replace vuln.info
|
16
|
+
|
17
|
+
# Nexpose-specific fields
|
18
|
+
t.integer :nx_console_id # NexposeConsole table reference
|
19
|
+
t.integer :nx_device_id # Reference from the Nexpose side
|
20
|
+
t.string :nx_vuln_id # 'jre-java-update-flaw'
|
21
|
+
t.float :nx_severity # 0-10
|
22
|
+
t.float :nx_pci_severity # 0-10
|
23
|
+
t.timestamp :nx_published # Normalized from "20081205T000000000"
|
24
|
+
t.timestamp :nx_added # Normalized from "20081205T000000000"
|
25
|
+
t.timestamp :nx_modified # Normalized from "20081205T000000000"
|
26
|
+
t.text :nx_tags # Comma separated
|
27
|
+
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.down
|
32
|
+
drop_table :vuln_details
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class AddHostDetails < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
create_table :host_details do |t|
|
5
|
+
t.integer :host_id # Host table reference
|
6
|
+
|
7
|
+
# Nexpose-specific fields
|
8
|
+
t.integer :nx_console_id # NexposeConsole table reference
|
9
|
+
t.integer :nx_device_id # Reference from the Nexpose side
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.down
|
14
|
+
drop_table :host_details
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class ExpandDetails < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
add_column :vuln_details, :nx_vuln_status, :text
|
5
|
+
add_column :vuln_details, :nx_proof_key, :text
|
6
|
+
add_column :vuln_details, :src, :string
|
7
|
+
add_column :host_details, :src, :string
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.down
|
11
|
+
remove_column :vuln_details, :nx_vuln_status
|
12
|
+
remove_column :vuln_details, :nx_proof_key
|
13
|
+
remove_column :vuln_details, :src
|
14
|
+
remove_column :host_details, :src
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
class ExpandDetails2 < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
add_column :host_details, :nx_site_name, :string
|
5
|
+
add_column :host_details, :nx_site_importance, :string
|
6
|
+
add_column :host_details, :nx_scan_template, :string
|
7
|
+
add_column :host_details, :nx_risk_score, :float
|
8
|
+
|
9
|
+
add_column :vuln_details, :nx_scan_id, :integer
|
10
|
+
add_column :vuln_details, :nx_vulnerable_since, :timestamp
|
11
|
+
add_column :vuln_details, :nx_pci_compliance_status, :string
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.down
|
15
|
+
remove_column :host_details, :nx_site_name
|
16
|
+
remove_column :host_details, :nx_site_importance
|
17
|
+
remove_column :host_details, :nx_scan_template
|
18
|
+
remove_column :host_details, :nx_risk_score
|
19
|
+
|
20
|
+
remove_column :vuln_details, :nx_scan_id
|
21
|
+
remove_column :vuln_details, :nx_vulnerable_since
|
22
|
+
remove_column :vuln_details, :nx_pci_compliance_status
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class AddVulnAttempts < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
create_table :vuln_attempts do |t|
|
5
|
+
t.integer :vuln_id # Vuln table reference
|
6
|
+
t.timestamp :attempted_at # Timestamp of when the session was opened or the module exited
|
7
|
+
t.boolean :exploited # Whether or not the attempt succeeded
|
8
|
+
t.string :fail_reason # Short string corresponding to a Msf::Exploit::Failure constant
|
9
|
+
t.string :username # The user that tested this vulnerability
|
10
|
+
t.text :module # The specific module name that was used
|
11
|
+
t.integer :session_id # Database identifier of any opened session
|
12
|
+
t.integer :loot_id # Database identifier of any 'proof' loot (for non-session exploits)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.down
|
17
|
+
drop_table :vuln_attempts
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
class AddVulnAndHostCounterCaches < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
add_column :hosts, :host_detail_count, :integer, :default => 0
|
5
|
+
add_column :vulns, :vuln_detail_count, :integer, :default => 0
|
6
|
+
add_column :vulns, :vuln_attempt_count, :integer, :default => 0
|
7
|
+
end
|
8
|
+
|
9
|
+
def self.down
|
10
|
+
remove_column :hosts, :host_detail_count
|
11
|
+
remove_column :vulns, :vuln_detail_count
|
12
|
+
remove_column :vulns, :vuln_attempt_count
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,118 @@
|
|
1
|
+
class AddModuleDetails < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
|
5
|
+
create_table :module_details do |t|
|
6
|
+
t.timestamp :mtime # disk modified time
|
7
|
+
t.text :file # location on disk
|
8
|
+
t.string :mtype # exploit, auxiliary, post, etc
|
9
|
+
t.text :refname # module path (no type)
|
10
|
+
t.text :fullname # module path with type
|
11
|
+
t.text :name # module title
|
12
|
+
t.integer :rank # exploit rank
|
13
|
+
t.text :description #
|
14
|
+
t.string :license # MSF_LICENSE
|
15
|
+
t.boolean :privileged # true or false
|
16
|
+
t.timestamp :disclosure_date # Mar 10 2004
|
17
|
+
t.integer :default_target # 0
|
18
|
+
t.text :default_action # "scan"
|
19
|
+
t.string :stance # "passive"
|
20
|
+
t.boolean :ready # true/false
|
21
|
+
end
|
22
|
+
|
23
|
+
add_index :module_details, :refname
|
24
|
+
add_index :module_details, :name
|
25
|
+
add_index :module_details, :description
|
26
|
+
add_index :module_details, :mtype
|
27
|
+
|
28
|
+
create_table :module_authors do |t|
|
29
|
+
t.integer :module_detail_id
|
30
|
+
t.text :name
|
31
|
+
t.text :email
|
32
|
+
end
|
33
|
+
add_index :module_authors, :module_detail_id
|
34
|
+
|
35
|
+
create_table :module_mixins do |t|
|
36
|
+
t.integer :module_detail_id
|
37
|
+
t.text :name
|
38
|
+
end
|
39
|
+
add_index :module_mixins, :module_detail_id
|
40
|
+
|
41
|
+
create_table :module_targets do |t|
|
42
|
+
t.integer :module_detail_id
|
43
|
+
t.integer :index
|
44
|
+
t.text :name
|
45
|
+
end
|
46
|
+
add_index :module_targets, :module_detail_id
|
47
|
+
|
48
|
+
create_table :module_actions do |t|
|
49
|
+
t.integer :module_detail_id
|
50
|
+
t.text :name
|
51
|
+
end
|
52
|
+
add_index :module_actions, :module_detail_id
|
53
|
+
|
54
|
+
create_table :module_refs do |t|
|
55
|
+
t.integer :module_detail_id
|
56
|
+
t.text :name
|
57
|
+
end
|
58
|
+
add_index :module_refs, :module_detail_id
|
59
|
+
add_index :module_refs, :name
|
60
|
+
|
61
|
+
create_table :module_archs do |t|
|
62
|
+
t.integer :module_detail_id
|
63
|
+
t.text :name
|
64
|
+
end
|
65
|
+
add_index :module_archs, :module_detail_id
|
66
|
+
|
67
|
+
create_table :module_platforms do |t|
|
68
|
+
t.integer :module_detail_id
|
69
|
+
t.text :name
|
70
|
+
end
|
71
|
+
add_index :module_platforms, :module_detail_id
|
72
|
+
|
73
|
+
end
|
74
|
+
|
75
|
+
def self.down
|
76
|
+
remove_index :module_details, :refname
|
77
|
+
remove_index :module_details, :name
|
78
|
+
remove_index :module_details, :description
|
79
|
+
remove_index :module_details, :mtype
|
80
|
+
|
81
|
+
remove_index :module_authors, :module_detail_id
|
82
|
+
remove_index :module_mixins, :module_detail_id
|
83
|
+
remove_index :module_targets, :module_detail_id
|
84
|
+
remove_index :module_actions, :module_detail_id
|
85
|
+
remove_index :module_refs, :module_detail_id
|
86
|
+
remove_index :module_refs, :name
|
87
|
+
remove_index :module_archs, :module_detail_id
|
88
|
+
remove_index :module_platform, :module_detail_id
|
89
|
+
|
90
|
+
drop_table :module_details
|
91
|
+
drop_table :module_authors
|
92
|
+
drop_table :module_mixins
|
93
|
+
drop_table :module_targets
|
94
|
+
drop_table :module_actions
|
95
|
+
drop_table :module_refs
|
96
|
+
drop_table :module_archs
|
97
|
+
drop_table :module_platforms
|
98
|
+
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
=begin
|
103
|
+
|
104
|
+
Mdm::Host.find_by_sql("
|
105
|
+
SELECT
|
106
|
+
hosts.id, hosts.address, module_details.mtype AS mtype, module_details.refname AS mname, vulns.name AS vname, refs.name AS vref
|
107
|
+
FROM
|
108
|
+
hosts,vulns,vulns_refs,refs,module_refs,module_details
|
109
|
+
WHERE
|
110
|
+
hosts.id = vulns.host_id AND
|
111
|
+
vulns.id = vulns_refs.vuln_id AND
|
112
|
+
vulns_refs.ref_id = refs.id AND
|
113
|
+
refs.name = module_refs.name AND
|
114
|
+
module_refs.module_detail_id = modules_details.id
|
115
|
+
").map{|x| [x.address, x.mname, x.vname, x.vref ] }
|
116
|
+
|
117
|
+
|
118
|
+
=end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
class AddExploitAttempts < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
create_table :exploit_attempts do |t|
|
5
|
+
t.integer :host_id # Host table reference (primary)
|
6
|
+
t.integer :service_id # Service table reference (optional)
|
7
|
+
t.integer :vuln_id # Vuln table reference (optional)
|
8
|
+
t.timestamp :attempted_at # Timestamp of when the session was opened or the module exited
|
9
|
+
t.boolean :exploited # Whether or not the attempt succeeded
|
10
|
+
t.string :fail_reason # Short string corresponding to a Msf::Exploit::Failure constant
|
11
|
+
t.string :username # The user that tested this vulnerability
|
12
|
+
t.text :module # The specific module name that was used
|
13
|
+
t.integer :session_id # Database identifier of any opened session
|
14
|
+
t.integer :loot_id # Database identifier of any 'proof' loot (for non-session exploits)
|
15
|
+
t.integer :port # Port -> Services are created/destroyed frequently and failed
|
16
|
+
t.string :proto # Protocol | attempts may be against closed ports.
|
17
|
+
end
|
18
|
+
|
19
|
+
add_column :hosts, :exploit_attempt_count, :integer, :default => 0
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.down
|
23
|
+
drop_table :exploit_attempts
|
24
|
+
remove_column :hosts, :exploit_attempt_count
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class AddFailMessage < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
add_column :vuln_attempts, :fail_detail, :text
|
5
|
+
add_column :exploit_attempts, :fail_detail, :text
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.down
|
9
|
+
remove_column :vuln_attempts, :fail_detail
|
10
|
+
remove_column :exploit_attempts, :fail_detail
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
class AddOwnerAndPayloadToWebVulns < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def self.up
|
4
|
+
add_column :web_vulns, :owner, :string
|
5
|
+
add_column :web_vulns, :payload, :text
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.down
|
9
|
+
remove_column :web_vulns, :owner
|
10
|
+
remove_column :web_vulns, :payload
|
11
|
+
end
|
12
|
+
|
13
|
+
end
|