RubyGems - metasploit_data_models - Versions diffs - 1.0.0.pre.rails.pre.4.0b → 1.0.0 - Mend

metasploit_data_models 1.0.0.pre.rails.pre.4.0b → 1.0.0

Files changed (157) hide show

checksums.yaml +4 -4
data/.rspec +2 -2
data/.travis.yml +6 -3
data/CHANGELOG.md +6 -0
data/CONTRIBUTING.md +10 -52
data/Gemfile +4 -6
data/RELEASING.md +88 -0
data/Rakefile +23 -0
data/UPGRADING.md +1 -0
data/app/models/mdm/api_key.rb +41 -1
data/app/models/mdm/client.rb +41 -1
data/app/models/mdm/cred.rb +116 -28
data/app/models/mdm/event.rb +47 -0
data/app/models/mdm/exploit_attempt.rb +65 -16
data/app/models/mdm/exploited_host.rb +27 -0
data/app/models/mdm/host_detail.rb +44 -0
data/app/models/mdm/host_tag.rb +6 -8
data/app/models/mdm/listener.rb +52 -0
data/app/models/mdm/macro.rb +42 -0
data/app/models/mdm/mod_ref.rb +21 -1
data/app/models/mdm/module/action.rb +15 -0
data/app/models/mdm/module/arch.rb +10 -0
data/app/models/mdm/module/author.rb +17 -1
data/app/models/mdm/module/mixin.rb +13 -0
data/app/models/mdm/module/platform.rb +11 -0
data/app/models/mdm/module/target.rb +18 -0
data/app/models/mdm/nexpose_console.rb +82 -4
data/app/models/mdm/profile.rb +36 -0
data/app/models/mdm/route.rb +16 -4
data/app/models/mdm/session_event.rb +32 -0
data/app/models/mdm/tag.rb +48 -9
data/app/models/mdm/task.rb +85 -46
data/app/models/mdm/task_cred.rb +29 -0
data/app/models/mdm/task_host.rb +25 -0
data/app/models/mdm/task_service.rb +25 -0
data/app/models/mdm/task_session.rb +25 -0
data/app/models/mdm/user.rb +192 -6
data/app/models/mdm/vuln_attempt.rb +37 -12
data/app/models/mdm/vuln_detail.rb +138 -5
data/app/models/mdm/vuln_ref.rb +3 -0
data/app/models/mdm/web_form.rb +34 -0
data/app/models/mdm/web_page.rb +69 -0
data/app/models/mdm/web_site.rb +50 -0
data/app/models/mdm/wmap_request.rb +85 -0
data/app/models/mdm/wmap_target.rb +40 -0
data/app/models/mdm/workspace.rb +160 -17
data/app/models/metasploit_data_models/automatic_exploitation/match.rb +13 -23
data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +25 -4
data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +15 -4
data/app/models/metasploit_data_models/automatic_exploitation/run.rb +7 -3
data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
data/app/models/metasploit_data_models/module_run.rb +1 -1
data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
data/app/validators/ip_format_validator.rb +4 -0
data/app/validators/parameters_validator.rb +12 -0
data/app/validators/password_is_strong_validator.rb +10 -1
data/lib/mdm/host/operating_system_normalization.rb +7 -10
data/lib/metasploit_data_models.rb +4 -0
data/lib/metasploit_data_models/automatic_exploitation.rb +25 -0
data/lib/metasploit_data_models/engine.rb +2 -0
data/lib/metasploit_data_models/serialized_prefs.rb +6 -0
data/lib/metasploit_data_models/version.rb +30 -7
data/metasploit_data_models.gemspec +9 -2
data/spec/app/models/mdm/api_key_spec.rb +1 -3
data/spec/app/models/mdm/client_spec.rb +9 -11
data/spec/app/models/mdm/cred_spec.rb +42 -54
data/spec/app/models/mdm/event_spec.rb +22 -24
data/spec/app/models/mdm/exploit_attempt_spec.rb +19 -21
data/spec/app/models/mdm/exploited_host_spec.rb +11 -13
data/spec/app/models/mdm/host_detail_spec.rb +15 -17
data/spec/app/models/mdm/host_spec.rb +262 -260
data/spec/app/models/mdm/host_tag_spec.rb +6 -8
data/spec/app/models/mdm/listener_spec.rb +30 -32
data/spec/app/models/mdm/loot_spec.rb +21 -23
data/spec/app/models/mdm/macro_spec.rb +1 -3
data/spec/app/models/mdm/mod_ref_spec.rb +1 -3
data/spec/app/models/mdm/module/action_spec.rb +8 -10
data/spec/app/models/mdm/module/arch_spec.rb +8 -10
data/spec/app/models/mdm/module/author_spec.rb +19 -14
data/spec/app/models/mdm/module/detail_spec.rb +184 -75
data/spec/app/models/mdm/module/mixin_spec.rb +8 -10
data/spec/app/models/mdm/module/platform_spec.rb +8 -10
data/spec/app/models/mdm/module/ref_spec.rb +8 -10
data/spec/app/models/mdm/module/target_spec.rb +10 -12
data/spec/app/models/mdm/nexpose_console_spec.rb +35 -37
data/spec/app/models/mdm/note_spec.rb +23 -25
data/spec/app/models/mdm/profile_spec.rb +1 -3
data/spec/app/models/mdm/ref_spec.rb +9 -12
data/spec/app/models/mdm/route_spec.rb +6 -8
data/spec/app/models/mdm/service_spec.rb +38 -40
data/spec/app/models/mdm/session_event_spec.rb +10 -12
data/spec/app/models/mdm/session_spec.rb +13 -15
data/spec/app/models/mdm/tag_spec.rb +29 -30
data/spec/app/models/mdm/task_cred_spec.rb +9 -11
data/spec/app/models/mdm/task_host_spec.rb +9 -11
data/spec/app/models/mdm/task_service_spec.rb +9 -11
data/spec/app/models/mdm/task_session_spec.rb +7 -9
data/spec/app/models/mdm/task_spec.rb +27 -29
data/spec/app/models/mdm/user_spec.rb +17 -19
data/spec/app/models/mdm/vuln_attempt_spec.rb +14 -16
data/spec/app/models/mdm/vuln_detail_spec.rb +26 -28
data/spec/app/models/mdm/vuln_ref_spec.rb +8 -10
data/spec/app/models/mdm/vuln_spec.rb +24 -26
data/spec/app/models/mdm/web_form_spec.rb +11 -13
data/spec/app/models/mdm/web_page_spec.rb +19 -21
data/spec/app/models/mdm/web_site_spec.rb +21 -23
data/spec/app/models/mdm/web_vuln_spec.rb +63 -65
data/spec/app/models/mdm/wmap_request_spec.rb +1 -3
data/spec/app/models/mdm/wmap_target_spec.rb +1 -3
data/spec/app/models/mdm/workspace_spec.rb +97 -100
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +3 -5
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +13 -15
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +1 -3
data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +1 -3
data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +10 -12
data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +4 -6
data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +21 -23
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +9 -11
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +21 -23
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +4 -6
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +22 -15
data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +4 -6
data/spec/app/models/metasploit_data_models/module_run_spec.rb +1 -3
data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +18 -20
data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +6 -8
data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +8 -10
data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +8 -10
data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +2 -4
data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +8 -10
data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +6 -8
data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +9 -11
data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +5 -7
data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +17 -19
data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +5 -7
data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +61 -23
data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +8 -10
data/spec/app/validators/parameters_validator_spec.rb +29 -29
data/spec/app/validators/password_is_strong_validator_spec.rb +54 -46
data/spec/lib/base64_serializer_spec.rb +19 -21
data/spec/lib/ipaddr_spec.rb +1 -3
data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +18 -12
data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +4 -6
data/spec/lib/metasploit_data_models/match/child_spec.rb +2 -4
data/spec/lib/metasploit_data_models/match/parent_spec.rb +4 -6
data/spec/lib/metasploit_data_models/version_spec.rb +3 -139
data/spec/lib/metasploit_data_models_spec.rb +4 -0
data/spec/spec_helper.rb +86 -12
data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +7 -6
metadata +74 -14
data/app/models/metasploit_data_models/automatic_exploitation.rb +0 -16
data/lib/tasks/yard.rake +0 -33

data/app/models/mdm/vuln_attempt.rb CHANGED Viewed

@@ -1,31 +1,29 @@
+# An attempt to exploit a {#vuln}.
 class Mdm::VulnAttempt < ActiveRecord::Base
   #
   # Associations
   #
-  # @!attribute loot
-  #   Loot gathered from this attempt.
+  # Loot gathered from this attempt.
   #
-  #   @return [Mdm::Loot] if {#exploited} is `true`.
-  #   @return [nil] if {#exploited} is `false`.
+  # @return [Mdm::Loot] if {#exploited} is `true`.
+  # @return [nil] if {#exploited} is `false`.
   belongs_to :loot,
              class_name: 'Mdm::Loot',
              inverse_of: :vuln_attempt
-  # @!attribute session
-  #   The session opened by this attempt.
+  # The session opened by this attempt.
   #
-  #   @return [Mdm::Session] if {#exploited} is `true`.
-  #   @return [nil] if {#exploited} is `false`.
+  # @return [Mdm::Session] if {#exploited} is `true`.
+  # @return [nil] if {#exploited} is `false`.
   belongs_to :session,
              class_name: 'Mdm::Session',
              inverse_of: :vuln_attempt
-  # @!attribute vuln
-  #   The {Mdm::Vuln vulnerability} that this attempt was exploiting.
+  # The {Mdm::Vuln vulnerability} that this attempt was exploiting.
   #
-  #   @return [Mdm::Vuln]
+  # @return [Mdm::Vuln]
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              counter_cache: :vuln_attempt_count,
@@ -35,12 +33,39 @@ class Mdm::VulnAttempt < ActiveRecord::Base
   # Attributes
   #
-  # @!attribute [rw] exploited
+  # @!attribute attempted_at
+  #   When this attempt was made.
+  #
+  #   @return [DateTime]
+  # @!attribute exploited
   #   Whether this attempt was successful.
   #
   #   @return [true] if {#vuln} was exploited.
   #   @return [false] if {#vuln} was not exploited.
+  # @!attribute fail_detail
+  #   Long details about why this attempt failed.
+  #
+  #   @return [String] if {#exploited} is `false`.
+  #   @return [nil] if {#exploited} is `true`.
+  # @!attribute fail_reason
+  #   Short reason why this attempt failed.
+  #
+  #   @return [String] if {#exploited} is `false`.
+  #   @return [nil] if {#exploited} is `true`
+  # @!attribute module
+  #   {Mdm::Module::Detail#fullname Full name of exploit Metasploit Module} that was used in this attempt.
+  #
+  #   @return [String]
+  # @!attribute username
+  #   The {Mdm::User#username name of the user} that made this attempt.
+  #
+  #   @return [String]
   #
   # Validations
   #

data/app/models/mdm/vuln_detail.rb CHANGED Viewed

@@ -1,17 +1,150 @@
+# {Mdm::Vuln Vulnerability details} supplied from an external source, such as Nexpose.
 class Mdm::VulnDetail < ActiveRecord::Base
   #
   # Associations
   #
+  # The vulnerability this detail is about.
+  belongs_to :vuln, class_name: 'Mdm::Vuln', counter_cache: :vuln_detail_count, inverse_of: :vuln_details
+  #
+  #
+  # Attributes
+  #
+  #
+  # @!attribute description
+  #   Long description of this vulnerability.
+  #
+  #   @return [String]
+  # @!attribute src
+  #   Source of this vulnerability detail.
+  #
+  #   @return [String]
+  # @!attribute title
+  #   Title of this vulnerability.
+  #
+  #   @return [String]
+  # @!attribute proof
+  #   Proof of this vulnerability existing on the target.
+  #
+  #   @return [String]
+  # @!attribute solution
+  #   Solution to fix this vulnerability.
+  #
+  #   @return [String]
+  #
+  # @!group Common Vulnerability Scoring System
+  #
+  # @!attribute cvss_score
+  #   Composite Common Vulnerability Scoring System (CVSS) Score
+  #
+  #   @return [Float]
+  # @!attribute cvss_vector
+  #   {#cvss_score} broken down into its encoded components
+  #
+  #   @return [String]
+  #   @see http://nvd.nist.gov/cvss.cfm?vectorinfo
+  #
+  # @!endgroup
+  #
+  #
+  # @!group Nexpose
+  #
+  # association is declared here so it can be in Nexpose group
+  # The Nexpose console that supplied this information.
   belongs_to :nexpose_console,
              class_name: 'Mdm::NexposeConsole',
+             foreign_key: :nx_console_id,
              inverse_of: :vuln_details
-  belongs_to :vuln,
-             class_name: 'Mdm::Vuln',
-             counter_cache: :vuln_detail_count,
-             inverse_of: :vuln_details
+  # @!attribute nx_added
+  #   When this vulnerability was added in Nexpose.
+  #
+  #   @return [DateTime]
+  # @!attribute nx_device_id
+  #   ID of target device in Nexpose.
+  #
+  #   @return [Integer]
+  # @!attribute nx_modified
+  #   The last time this vulnerability was modified in Nexpose.
+  #
+  #   @return [DateTime]
+  # @!attribute nx_proof_key
+  #   Key to {#proof} in Nexpose.
+  #
+  #   @return [String]
+  # @!attribute nx_published
+  #   When this vulnerability was published according to Nexpose.
+  #
+  #   @return [DateTime]
+  # @!attribute nx_scan_id
+  #   ID of scan that found this vulnerability in Nexpose.
+  #
+  #   @return [Integer]
+  # @!attribute nx_tags
+  #   Tags on this vulnerability in Nexpose.
+  #
+  #   @return [String]
+  # @!attribute nx_vuln_id
+  #   ID of this vulnerability in Nexpose.
+  #
+  #   @return [String]
+  # @!attribute nx_vuln_status
+  #   Status of this vulnerability in Nexpose.
+  #
+  #   @return [String]
+  # @!attribute nx_vulnerable_since
+  #   When this vulnerability was first identified for the target in Nexpose.
+  #
+  #   @return [DateTime]
+  # @!attribute nx_severity
+  #   Severity of this vulnerability according to Nexpose.
+  #
+  #   @return [Float]
+  #
+  # @!endgroup
+  #
+  #
+  # @!group Nexpose PCI
+  #
+  # @!attribute nx_pci_compliance_status
+  #   Status of PCI compliance with regards to this vulnerability according to Nexpose.
+  #
+  #   @return [String]
+  # @!attribute nx_pci_severity
+  #   The severity for the vulnerability under PCI according to Nexpose.
+  #
+  #   @return [Float]
+  #
+  # @!endgroup
+  #
   #
   # Validations

data/app/models/mdm/vuln_ref.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# Join model between {Mdm::Vuln} and {Mdm::Ref}.
 class Mdm::VulnRef < ActiveRecord::Base
   self.table_name = 'vulns_refs'
@@ -5,10 +6,12 @@ class Mdm::VulnRef < ActiveRecord::Base
   # Associations
   #
+  # {Mdm::Ref Reference} to {#vuln}.
   belongs_to :ref,
              class_name: 'Mdm::Ref',
              inverse_of: :vulns_refs
+  # {Mdm::Vuln Vulnerability} imported or discovered by metasploit.
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              inverse_of: :vulns_refs

data/app/models/mdm/web_form.rb CHANGED Viewed

@@ -1,17 +1,51 @@
+# A filled-in form on a {#web_site}.
 class Mdm::WebForm < ActiveRecord::Base
   #
   # Associations
   #
+  # {Mdm::WebSite Web site} on which this form is.
   belongs_to :web_site,
              class_name: 'Mdm::WebSite',
              inverse_of: :web_forms
+  #
+  # Attributes
+  #
+  # @!attribute created_at
+  #   When this web form was created.
+  #
+  #   @return [DateTime]
+  # @!attribute method
+  #   HTTP method (or verb) used to submitted this form, such as GET or POST.
+  #
+  #   @return [String]
+  # @!attribute path
+  #   Path portion of URL to which this form was submitted.
+  #
+  #   @return [String]
+  # @!attribute query
+  #   URL query that submitted for this form.
+  #
+  #   @return [String]
+  # @!attribute updated_at
+  #   The last time this web form was updated.
+  #
+  #   @return [DateTime]
   #
   # Serializations
   #
+  # Parameters submitted in this form.
+  #
+  # @return [Array<Array(String, String)>>]
   serialize :params, MetasploitDataModels::Base64Serializer.new
   Metasploit::Concern.run(self)

data/app/models/mdm/web_page.rb CHANGED Viewed

@@ -1,17 +1,86 @@
+# Web page requested from a {#web_site}.
 class Mdm::WebPage < ActiveRecord::Base
   #
   # Associations
   #
+  # Mdm::WebSite Web site} from which this page was requested.
   belongs_to :web_site,
              class_name: 'Mdm::WebSite',
              inverse_of: :web_pages
+  #
+  # Attributes
+  #
+  # @!attribute auth
+  #   Credentials sent to server to authenticate to web site to allow access to this web page.
+  #
+  #   @return [String]
+  # @!attribute body
+  #   Body of response from server.
+  #
+  #   @return [String]
+  # @!attribute code
+  #   HTTP Status code return from {#web_site} when requesting this web page.
+  #
+  #   @return [Integer]
+  # @!attribute cookie
+  #   Cookies derived from {#headers}.
+  #
+  #   @return [String]
+  # @!attribute created_at
+  #   When this web page was created.
+  #
+  #   @return [DateTime]
+  # @!attribute ctype
+  #   The content type derived from the {#headers} of the returned web page.
+  #
+  #   @return [String]
+  # @!attribute location
+  #   Location derived from {#headers}.
+  #
+  #   @return [String]
+  # @!attribute mtime
+  #   The last modified time of the web page derived from the {#headers}.
+  #
+  #   @return [DateTime]
+  # @!attribute path
+  #   Path portion of URL that was used to access this web page.
+  #
+  #   @return [String]
+  # @!attribute query
+  #   Query portion of URLthat was used to access this web page.
+  #
+  #   @return [String]
+  # @!attribute request
+  #   Request sent to server to cause this web page to be returned.
+  #
+  #   @return [String]
+  # @!attribute updated_at
+  #   The last time this web page was updated.
+  #
+  #   @return [DateTime]
   #
   # Serializations
   #
+  # Headers sent from server.
+  #
+  # @return [Hash{String => String}]
   serialize :headers, MetasploitDataModels::Base64Serializer.new
   Metasploit::Concern.run(self)

data/app/models/mdm/web_site.rb CHANGED Viewed

@@ -1,43 +1,90 @@
+# A Web Site running on a {#service}.
 class Mdm::WebSite < ActiveRecord::Base
   #
   # Associations
   #
+  # The service on which this web site is running.
   belongs_to :service,
              class_name: 'Mdm::Service',
              foreign_key: 'service_id',
              inverse_of: :web_sites
+  # Filled-in forms within this web site.
   has_many :web_forms,
            class_name: 'Mdm::WebForm',
            dependent: :destroy,
            inverse_of: :web_site
+  # Web pages found on this web site.
   has_many :web_pages,
            class_name: 'Mdm::WebPage',
            dependent: :destroy,
            inverse_of: :web_site
+  # Vulnerabilities found on this web site.
   has_many :web_vulns,
            class_name: 'Mdm::WebVuln',
            dependent: :destroy,
            inverse_of: :web_site
+  #
+  # Attributes
+  #
+  # @!attribute [rw] comments
+  #   User entered comments about this web site.
+  #
+  #   @return [String]
+  # @!attribute [rw] created_at
+  #   When this web site was created.
+  #
+  #   @return [DateTime]
+  # @!attribute [rw] updated_at
+  #   The last time this web site was updated.
+  #
+  #   @return [DateTime]
+  # @!attribute [rw] vhost
+  #   The virtual host for the web site in case `service.host.name` or `service.host.address` is no the host for this
+  #   web site.
+  #
+  #   @return [String]
   #
   # Serializations
   #
+  # @!attribute [rw] options
+  #   @todo Determine format and purpose of Mdm::WebSite#options.
   serialize :options, ::MetasploitDataModels::Base64Serializer.new
+  #
+  # Instance Methods
+  #
+  # Number of {#web_forms}.
+  #
+  # @return [Integer]
   def form_count
     web_forms.size
   end
+  # Number of {#web_pages}.
+  #
+  # @return [Integer]
   def page_count
     web_pages.size
   end
+  # Converts this web site to its URL, including scheme, host and port.
+  #
+  # @param ignore_vhost [Boolean] if `false` use {#vhost} for host portion of URL.  If `true` use {Mdm::Host#address} of
+  #   {Mdm::Service#host} of {#service} for host portion of URL.
+  # @return [String] <scheme>://<host>[:<port>]
   def to_url(ignore_vhost=false)
     proto = self.service.name == "https" ? "https" : "http"
     host = ignore_vhost ? self.service.host.address.to_s : self.vhost
@@ -54,6 +101,9 @@ class Mdm::WebSite < ActiveRecord::Base
     url
   end
+  # Number of {#web_vulns}.
+  #
+  # @return [Integer]
   def vuln_count
     web_vulns.size
   end