metasploit_data_models 0.7.0-java

data/db/migrate/20110928101300_add_mod_ref_table.rb

@@ -0,0 +1,17 @@
+# Probably temporary, a spot to stash module names and their associated refs
+# Don't count on it being populated at any given moment.
+class AddModRefTable < ActiveRecord::Migration
+
+	def self.up
+		create_table :mod_refs do |t|
+			t.string :module, :limit => 1024
+			t.string :mtype, :limit => 128
+			t.text :ref
+		end
+	end
+
+	def self.down
+		drop_table :mod_refs
+	end
+
+end

data/db/migrate/20111011110000_add_display_name_to_reports_table.rb

@@ -0,0 +1,24 @@
+class AddDisplayNameToReportsTable < ActiveRecord::Migration
+
+	class Report < ActiveRecord::Base
+	end
+
+	def self.up
+
+		add_column :reports, :name, :string, :limit => 63
+
+		# Migrate to have a default name.
+		
+		Report.find(:all).each do |report|
+			rtype = report.rtype.to_s =~ /^([A-Z0-9]+)\x2d/i ? $1 : "AUDIT"
+			default_name = rtype[0,57].downcase.capitalize + "-" + report.id.to_s[0,5]
+			report.name = default_name
+			report.save
+		end
+	end
+
+	def self.down
+		remove_column :reports, :name
+	end
+
+end

data/db/migrate/20111203000000_inet_columns.rb

@@ -0,0 +1,13 @@
+class InetColumns < ActiveRecord::Migration
+
+  def self.up
+    change_column :hosts, :address, 'INET using address::INET'
+    remove_column :hosts, :address6
+  end
+
+  def self.down
+    change_column :hosts, :address, :text
+    add_column :hosts, :address6, :text
+  end
+
+end

data/db/migrate/20111204000000_more_inet_columns.rb

@@ -0,0 +1,17 @@
+class MoreInetColumns < ActiveRecord::Migration
+
+	def self.up
+		change_column :wmap_requests, :address, 'INET using address::INET'
+		remove_column :wmap_requests, :address6
+		change_column :wmap_targets, :address, 'INET using address::INET'
+		remove_column :wmap_targets, :address6		
+	end
+
+	def self.down
+		change_column :wmap_requests, :address, :string, :limit => 16
+		add_column :wmap_requests, :address6, :string, :limit => 255
+		change_column :wmap_targets, :address, :string, :limit => 16
+		add_column :wmap_targets, :address6, :string, :limit => 255
+	end
+
+end

data/db/migrate/20111210000000_add_scope_to_hosts.rb

@@ -0,0 +1,9 @@
+class AddScopeToHosts < ActiveRecord::Migration
+  def self.up
+    add_column :hosts, :scope, :text
+  end
+
+  def self.down
+    remove_column :hosts, :scope
+  end
+end

data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb

@@ -0,0 +1,9 @@
+class AddVirtualHostToHosts < ActiveRecord::Migration
+  def self.up
+    add_column :hosts, :virtual_host, :text
+  end
+
+  def self.down
+    remove_column :hosts, :viritual_host
+  end
+end

data/db/migrate/20120411173220_rename_workspace_members.rb

@@ -0,0 +1,9 @@
+class RenameWorkspaceMembers < ActiveRecord::Migration
+  def up
+    rename_table :project_members, :workspace_members
+  end
+
+  def down
+    rename_table :workspace_members, :project_members
+  end
+end

data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb

@@ -0,0 +1,21 @@
+class AddCounterCachesToHosts < ActiveRecord::Migration
+
+  def self.up
+    add_column :hosts, :note_count, :integer, :default => 0
+    add_column :hosts, :vuln_count, :integer, :default => 0
+    add_column :hosts, :service_count, :integer, :default => 0
+  
+    Mdm::Host.reset_column_information
+    Mdm::Host.all.each do |h|
+      Mdm::Host.reset_counters h.id, :notes
+      Mdm::Host.reset_counters h.id, :vulns
+      Mdm::Host.reset_counters h.id, :services
+    end
+  end
+
+  def self.down
+    remove_column :hosts, :note_count
+    remove_column :hosts, :vuln_count
+    remove_column :hosts, :service_count
+  end
+end

data/db/migrate/20120625000000_add_vuln_details.rb

@@ -0,0 +1,34 @@
+class AddVulnDetails < ActiveRecord::Migration
+
+	def self.up
+		create_table :vuln_details do |t|
+			t.integer   :vuln_id     # Vuln table reference
+			t.float		:cvss_score  # 0.0 to 10.0
+			t.string	:cvss_vector # Ex: (AV:N/AC:L/Au:N/C:C/I:C/A:C)(AV:N/AC:L/Au:N/C:C/I:C/A:C)
+
+			t.string	:title       # Short identifier
+			t.text		:description # Plain text or HTML (trusted)
+			t.text		:solution    # Plain text or HTML (trusted)
+			t.binary	:proof       # Should be UTF-8, but may not be, sanitize on output
+						             # Technically this duplicates vuln.info, but that field
+						             # is poorly managed / handled today. Eventually we will
+						             # replace vuln.info
+
+			# Nexpose-specific fields
+			t.integer	:nx_console_id   # NexposeConsole table reference
+			t.integer	:nx_device_id    # Reference from the Nexpose side
+			t.string	:nx_vuln_id      # 'jre-java-update-flaw'
+			t.float		:nx_severity     # 0-10
+			t.float		:nx_pci_severity # 0-10
+			t.timestamp	:nx_published    # Normalized from "20081205T000000000"
+			t.timestamp	:nx_added        # Normalized from "20081205T000000000"
+			t.timestamp	:nx_modified     # Normalized from "20081205T000000000"
+			t.text		:nx_tags         # Comma separated
+	
+		end
+	end
+
+	def self.down
+		drop_table :vuln_details
+	end
+end

data/db/migrate/20120625000001_add_host_details.rb

@@ -0,0 +1,16 @@
+class AddHostDetails < ActiveRecord::Migration
+
+	def self.up
+		create_table :host_details do |t|
+			t.integer   :host_id     # Host table reference
+
+			# Nexpose-specific fields
+			t.integer	:nx_console_id   # NexposeConsole table reference
+			t.integer	:nx_device_id    # Reference from the Nexpose side
+		end
+	end
+
+	def self.down
+		drop_table :host_details
+	end
+end

data/db/migrate/20120625000002_expand_details.rb

@@ -0,0 +1,16 @@
+class ExpandDetails < ActiveRecord::Migration
+
+	def self.up
+		add_column :vuln_details, :nx_vuln_status, :text
+		add_column :vuln_details, :nx_proof_key, :text
+		add_column :vuln_details, :src, :string
+		add_column :host_details, :src, :string
+	end
+
+	def self.down
+		remove_column :vuln_details, :nx_vuln_status
+		remove_column :vuln_details, :nx_proof_key
+		remove_column :vuln_details, :src
+		remove_column :host_details, :src
+	end
+end

data/db/migrate/20120625000003_expand_details2.rb

@@ -0,0 +1,24 @@
+class ExpandDetails2 < ActiveRecord::Migration
+
+	def self.up
+		add_column :host_details, :nx_site_name, :string
+		add_column :host_details, :nx_site_importance, :string
+		add_column :host_details, :nx_scan_template, :string
+		add_column :host_details, :nx_risk_score, :float
+
+		add_column :vuln_details, :nx_scan_id, :integer
+		add_column :vuln_details, :nx_vulnerable_since, :timestamp
+		add_column :vuln_details, :nx_pci_compliance_status, :string
+	end
+
+	def self.down
+		remove_column :host_details, :nx_site_name
+		remove_column :host_details, :nx_site_importance
+		remove_column :host_details, :nx_scan_template
+		remove_column :host_details, :nx_risk_score
+
+		remove_column :vuln_details, :nx_scan_id
+		remove_column :vuln_details, :nx_vulnerable_since
+		remove_column :vuln_details, :nx_pci_compliance_status
+	end
+end

data/db/migrate/20120625000004_add_vuln_attempts.rb

@@ -0,0 +1,19 @@
+class AddVulnAttempts < ActiveRecord::Migration
+
+	def self.up
+		create_table :vuln_attempts do |t|
+			t.integer		:vuln_id       # Vuln table reference
+			t.timestamp		:attempted_at  # Timestamp of when the session was opened or the module exited
+			t.boolean		:exploited     # Whether or not the attempt succeeded
+			t.string		:fail_reason   # Short string corresponding to a Msf::Exploit::Failure constant
+			t.string		:username      # The user that tested this vulnerability
+			t.text			:module        # The specific module name that was used
+			t.integer		:session_id    # Database identifier of any opened session
+			t.integer		:loot_id       # Database identifier of any 'proof' loot (for non-session exploits)
+		end
+	end
+
+	def self.down
+		drop_table :vuln_attempts
+	end
+end

data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb

@@ -0,0 +1,14 @@
+class AddVulnAndHostCounterCaches < ActiveRecord::Migration
+
+  def self.up
+    add_column :hosts, :host_detail_count, :integer, :default => 0
+    add_column :vulns, :vuln_detail_count, :integer, :default => 0
+    add_column :vulns, :vuln_attempt_count, :integer, :default => 0
+  end
+
+  def self.down
+    remove_column :hosts, :host_detail_count
+    remove_column :vulns, :vuln_detail_count
+    remove_column :vulns, :vuln_attempt_count
+  end
+end

data/db/migrate/20120625000006_add_module_details.rb

@@ -0,0 +1,118 @@
+class AddModuleDetails < ActiveRecord::Migration
+
+	def self.up
+	
+		create_table :module_details do |t|
+			t.timestamp :mtime             # disk modified time
+			t.text      :file              # location on disk
+			t.string    :mtype             # exploit, auxiliary, post, etc
+			t.text      :refname           # module path (no type)
+			t.text      :fullname          # module path with type
+			t.text      :name              # module title
+			t.integer   :rank              # exploit rank
+			t.text      :description       #
+			t.string	:license           # MSF_LICENSE
+			t.boolean	:privileged        # true or false
+			t.timestamp :disclosure_date   # Mar 10 2004
+			t.integer	:default_target    # 0
+			t.text		:default_action    # "scan"
+			t.string	:stance            # "passive"
+			t.boolean	:ready             # true/false
+		end
+
+		add_index :module_details, :refname
+		add_index :module_details, :name
+		add_index :module_details, :description
+		add_index :module_details, :mtype
+
+		create_table :module_authors do |t|
+			t.integer :module_detail_id
+			t.text :name
+			t.text :email
+		end
+		add_index :module_authors, :module_detail_id
+
+		create_table :module_mixins do |t|
+			t.integer :module_detail_id
+			t.text :name
+		end
+		add_index :module_mixins, :module_detail_id
+
+		create_table :module_targets do |t|
+			t.integer :module_detail_id
+			t.integer :index
+			t.text :name
+		end
+		add_index :module_targets, :module_detail_id
+
+		create_table :module_actions do |t|
+			t.integer :module_detail_id
+			t.text :name
+		end
+		add_index :module_actions, :module_detail_id
+
+		create_table :module_refs do |t|
+			t.integer :module_detail_id
+			t.text :name
+		end
+		add_index :module_refs, :module_detail_id
+		add_index :module_refs, :name
+
+		create_table :module_archs do |t|
+			t.integer :module_detail_id
+			t.text :name
+		end
+		add_index :module_archs, :module_detail_id
+	
+		create_table :module_platforms do |t|
+			t.integer :module_detail_id
+			t.text :name
+		end
+		add_index :module_platforms, :module_detail_id
+
+	end
+
+	def self.down
+		remove_index :module_details, :refname
+		remove_index :module_details, :name
+		remove_index :module_details, :description
+		remove_index :module_details, :mtype
+
+		remove_index :module_authors, :module_detail_id
+		remove_index :module_mixins, :module_detail_id
+		remove_index :module_targets, :module_detail_id
+		remove_index :module_actions, :module_detail_id
+		remove_index :module_refs, :module_detail_id
+		remove_index :module_refs, :name
+		remove_index :module_archs, :module_detail_id
+		remove_index :module_platform, :module_detail_id
+
+		drop_table	:module_details
+		drop_table	:module_authors
+		drop_table	:module_mixins
+		drop_table	:module_targets
+		drop_table	:module_actions
+		drop_table	:module_refs
+		drop_table	:module_archs
+		drop_table	:module_platforms
+
+	end
+end
+
+=begin
+
+Mdm::Host.find_by_sql("
+SELECT
+	hosts.id, hosts.address, module_details.mtype AS mtype, module_details.refname AS mname, vulns.name AS vname, refs.name AS vref
+FROM
+	hosts,vulns,vulns_refs,refs,module_refs,module_details
+WHERE
+	hosts.id = vulns.host_id AND
+	vulns.id = vulns_refs.vuln_id AND
+	vulns_refs.ref_id = refs.id AND
+	refs.name = module_refs.name AND
+	module_refs.module_detail_id = modules_details.id
+").map{|x| [x.address, x.mname, x.vname, x.vref ] }
+
+
+=end

data/db/migrate/20120625000007_add_exploit_attempts.rb

@@ -0,0 +1,26 @@
+class AddExploitAttempts < ActiveRecord::Migration
+
+	def self.up
+		create_table :exploit_attempts do |t|
+			t.integer		:host_id       # Host table reference (primary)
+			t.integer		:service_id    # Service table reference (optional)
+			t.integer		:vuln_id       # Vuln table reference (optional)
+			t.timestamp		:attempted_at  # Timestamp of when the session was opened or the module exited
+			t.boolean		:exploited     # Whether or not the attempt succeeded
+			t.string		:fail_reason   # Short string corresponding to a Msf::Exploit::Failure constant
+			t.string		:username      # The user that tested this vulnerability
+			t.text			:module        # The specific module name that was used
+			t.integer		:session_id    # Database identifier of any opened session
+			t.integer		:loot_id       # Database identifier of any 'proof' loot (for non-session exploits)
+			t.integer       :port          # Port     -> Services are created/destroyed frequently and failed
+			t.string        :proto         # Protocol |  attempts may be against closed ports.
+		end
+
+		add_column :hosts, :exploit_attempt_count, :integer, :default => 0
+	end
+
+	def self.down
+		drop_table :exploit_attempts
+		remove_column :hosts, :exploit_attempt_count
+	end
+end

data/db/migrate/20120625000008_add_fail_message.rb

@@ -0,0 +1,12 @@
+class AddFailMessage < ActiveRecord::Migration
+
+	def self.up
+		add_column :vuln_attempts, :fail_detail, :text
+		add_column :exploit_attempts, :fail_detail, :text
+	end
+
+	def self.down
+		remove_column :vuln_attempts, :fail_detail
+		remove_column :exploit_attempts, :fail_detail
+	end
+end

data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb

@@ -0,0 +1,13 @@
+class AddOwnerAndPayloadToWebVulns < ActiveRecord::Migration
+
+  def self.up
+    add_column :web_vulns, :owner,   :string
+    add_column :web_vulns, :payload, :text
+  end
+
+  def self.down
+    remove_column :web_vulns, :owner
+    remove_column :web_vulns, :payload
+  end
+
+end

data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb

@@ -0,0 +1,35 @@
+# Changes all the {COLUMNS} in the web_vulns table that are required for {Mdm::WebVuln}, but were previously
+# :null => true
+class ChangeRequiredColumnsToNullFalseInWebVulns < ActiveRecord::Migration
+  # Columns that were previously :null => true, but are actually required to be non-null, so should be
+  # :null => false
+  COLUMNS = [
+      :category,
+      :confidence,
+      :method,
+      :name,
+      :params,
+      :path,
+      :pname,
+      :proof,
+      :risk
+  ]
+  # Table in which {COLUMNS} are.
+  TABLE_NAME = :web_vulns
+
+  # Marks all the {COLUMNS} as :null => true
+  def down
+    COLUMNS.each do |column|
+      change_column_null(TABLE_NAME, column, true)
+    end
+  end
+
+  # Marks all the {COLUMNS} as :null => false
+  def up
+    COLUMNS.each do |column|
+      change_column_null(TABLE_NAME, column, false)
+    end
+  end
+
+
+end