metasploit_data_models 4.0.1 → 4.1.3

Sign up to get free protection for your applications and to get access to all the features.
data/bin/mdm_console DELETED
@@ -1,68 +0,0 @@
1
- #! /usr/bin/env ruby
2
-
3
- def mdm_banner
4
- banner = {}
5
- banner[:color] = "\e[34m"
6
- banner[:text] = <<-BANNER
7
- _______ _______________________ _______ _______ _ _______ __________________
8
- ( ) ____ \\__ __/ ___ ) ____ \\ ____ ) \\ ( ___ )\\__ __/\\__ __/
9
- | () () | ( \\/ ) ( | ( ) | ( \\/ ( )| ( | ( ) | ) ( ) (
10
- | || || | (__ | | | (___) | (_____| (____)| | | | | | | | | |
11
- | |(_)| | __) | | | ___ |_____ ) _____) | | | | | | | | |
12
- | | | | ( | | | ( ) | ) | ( | | | | | | | | | |
13
- | ) ( | (____/\\ | | | ) ( |\\____) | ) | (____/\\ (___) |___) (___ | |
14
- |/ \\|_______/ )_( |/ \\|_______)/ (_______/_______)\\_______/ )_(
15
-
16
-
17
- ______ _______________________ _______ _______ ______ _______ _ _______
18
- ( __ \\( ___ )__ __/ ___ ) ) ___ ) __ \\( ____ \\ \\ ( ____ \\
19
- | ( \\ ) ( ) | ) ( | ( ) | () () | ( ) | ( \\ ) ( \\/ ( | ( \\/
20
- | | ) | (___) | | | | (___) | || || | | | | | ) | (__ | | | (_____
21
- | | | | ___ | | | | ___ | |(_)| | | | | | | | __) | | (_____ )
22
- | | ) | ( ) | | | | ( ) | | | | | | | | ) | ( | | ) |
23
- | (__/ ) ) ( | | | | ) ( | ) ( | (___) | (__/ ) (____/\\ (____/Y\\____) |
24
- (______/|/ \\| )_( |/ \\|/ \\|_______)______/(_______/_______|_______)
25
- BANNER
26
- banner
27
- end
28
-
29
- def db_info_file
30
- hidden_file = "#{Dir.home}/.mdm.yml"
31
- if File.readable?(hidden_file)
32
- pro_path = YAML.load_file(hidden_file)['pro_path']
33
- return "#{pro_path}/ui/config/database.yml"
34
- elsif !ARGV[0].blank?
35
- return ARGV[0]
36
- else
37
- warn "No YAML file of DB info available"
38
- exit
39
- end
40
- end
41
-
42
- begin
43
- require 'pry'
44
- require "metasploit_data_models"
45
-
46
- # Set up a DB connection, preferring one from Pro if it's in the normal place
47
- # Otherwise get from ARGV[0]
48
-
49
- if File.readable?(db_info_file)
50
- connection_info = YAML.load_file(db_info_file)
51
- ActiveRecord::Base.establish_connection(connection_info['development'])
52
- else
53
- warn "Can't access DB -- check file path."
54
- exit
55
- end
56
-
57
- MetasploitDataModels.require_models
58
-
59
- puts "\n\n\n#{mdm_banner[:color]}#{mdm_banner[:text]}\e[0m\n\n\n"
60
-
61
- Pry.config.prompt = proc { |obj, nest_level, _| "mdm:#{nest_level}> " }
62
-
63
- Pry.start
64
- exit
65
- rescue LoadError
66
- warn "Unable to load Pry"
67
- end
68
-
data/bin/rails DELETED
@@ -1,14 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # This command will automatically be run when you run "rails" with Rails gems
3
- # installed from the root of your application.
4
-
5
- ENGINE_ROOT = File.expand_path('..', __dir__)
6
- ENGINE_PATH = File.expand_path('../lib/metasploit_data_models/engine', __dir__)
7
- APP_PATH = File.expand_path('../test/dummy/config/application', __dir__)
8
-
9
- # Set up gems listed in the Gemfile.
10
- ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
11
- require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
12
-
13
- require 'rails/all'
14
- require 'rails/engine/commands'
@@ -1,342 +0,0 @@
1
- RSpec.describe ParametersValidator do
2
- subject(:parameters_validator) do
3
- described_class.new(
4
- :attributes => attributes
5
- )
6
- end
7
-
8
- let(:attribute) do
9
- :params
10
- end
11
-
12
- let(:attributes) do
13
- attribute
14
- end
15
-
16
- let(:element) do
17
- []
18
- end
19
-
20
- let(:index) do
21
- rand(100)
22
- end
23
-
24
- let(:type_signature_sentence) do
25
- 'Valid parameters are an Array<Array(String, String)>.'
26
- end
27
-
28
- context 'CONSTANTS' do
29
- it 'should define TYPE_SIGNATURE_SENTENCE' do
30
- expect(described_class::TYPE_SIGNATURE_SENTENCE).to eq(type_signature_sentence)
31
- end
32
- end
33
-
34
- context '#error_at' do
35
- subject(:error_at) do
36
- parameters_validator.send(
37
- :error_at,
38
- :element => element,
39
- :index => index,
40
- :prefix => prefix
41
- )
42
- end
43
-
44
- let(:prefix) do
45
- 'has a prefix'
46
- end
47
-
48
- it 'should include prefix' do
49
- expect(error_at).to include(prefix)
50
- end
51
-
52
- it 'should include location_clause in same sentence as prefix' do
53
- location_clause = parameters_validator.send(
54
- :location_clause,
55
- :element => element,
56
- :index => index
57
- )
58
-
59
- expect(error_at).to include("#{prefix} #{location_clause}.")
60
- end
61
-
62
- it 'should include TYPE_SIGNATURE_SENTENCE' do
63
- expect(error_at).to include(type_signature_sentence)
64
- end
65
- end
66
-
67
- context '#length_error_at' do
68
- subject(:length_error_at) do
69
- parameters_validator.send(
70
- :length_error_at,
71
- :element => element,
72
- :extreme => extreme,
73
- :index => index
74
- )
75
- end
76
-
77
- let(:extreme) do
78
- [:few, :many].sample
79
- end
80
-
81
- it 'should include extreme in prefix' do
82
- expect(parameters_validator).to receive(:error_at) do |*args|
83
- options = args.first
84
- expect(options[:prefix]).to include(extreme.to_s)
85
- end
86
-
87
- length_error_at
88
- end
89
- end
90
-
91
- context '#location_clause' do
92
- subject(:location_clause) do
93
- parameters_validator.send(
94
- :location_clause,
95
- :element => element,
96
- :index => index
97
- )
98
- end
99
-
100
- it 'should include numerical index' do
101
- expect(location_clause).to include("at index #{index}")
102
- end
103
-
104
- it 'should include inspect of element' do
105
- expect(location_clause).to include(element.inspect)
106
- end
107
- end
108
-
109
- context '#validate_each' do
110
- subject(:errors) do
111
- record.errors[attribute]
112
- end
113
-
114
- def validate_each
115
- parameters_validator.validate_each(record, attribute, value)
116
- end
117
-
118
- let(:record) do
119
- Object.new.tap { |object|
120
- object.extend ActiveModel::Validations
121
- }
122
- end
123
-
124
- context 'with Array' do
125
- let(:value) do
126
- []
127
- end
128
-
129
- context 'element' do
130
- let(:value) do
131
- [element]
132
- end
133
-
134
- context 'with Array' do
135
- let(:element) do
136
- []
137
- end
138
-
139
- context 'with length < 2' do
140
- let(:element) do
141
- []
142
- end
143
-
144
- it 'should call #length_error_at with :extreme => :few' do
145
- expect(parameters_validator).to receive(:length_error_at).with(
146
- hash_including(
147
- :extreme => :few
148
- )
149
- )
150
-
151
- validate_each
152
- end
153
-
154
- it 'should record error' do
155
- validate_each
156
-
157
- expect(errors).not_to be_empty
158
- end
159
- end
160
-
161
- context 'with length > 2' do
162
- let(:element) do
163
- ['', '', '']
164
- end
165
-
166
- it 'should call #length_error_at with :extreme => :many' do
167
- expect(parameters_validator).to receive(:length_error_at).with(
168
- hash_including(
169
- :extreme => :many
170
- )
171
- )
172
-
173
- validate_each
174
- end
175
-
176
- it 'should record error' do
177
- validate_each
178
-
179
- expect(errors).not_to be_empty
180
- end
181
- end
182
-
183
- context 'with length == 2' do
184
- let(:element) do
185
- [parameter_name, parameter_value]
186
- end
187
-
188
- let(:parameter_name) do
189
- 'parameter_name'
190
- end
191
-
192
- let(:parameter_value) do
193
- 'parameter_value'
194
- end
195
-
196
- context 'parameter name' do
197
- context 'with String' do
198
- context 'with blank' do
199
- let(:parameter_name) do
200
- ''
201
- end
202
-
203
- it 'should call error_at with blank parameter name prefix' do
204
- expect(parameters_validator).to receive(:error_at).with(
205
- hash_including(
206
- :prefix => 'has blank parameter name'
207
- )
208
- )
209
-
210
- validate_each
211
- end
212
-
213
- it 'should record error' do
214
- validate_each
215
-
216
- expect(errors).not_to be_empty
217
- end
218
- end
219
-
220
- context 'without blank' do
221
- let(:parameter_name) do
222
- 'parameter_name'
223
- end
224
-
225
- it 'should not record error' do
226
- validate_each
227
-
228
- expect(errors).to be_blank
229
- end
230
- end
231
- end
232
-
233
- context 'without String' do
234
- let(:parameter_name) do
235
- :parameter_name
236
- end
237
-
238
- it 'should call error_at with non-String prefix' do
239
- expect(parameters_validator).to receive(:error_at).with(
240
- hash_including(
241
- :prefix => "has non-String parameter name (#{parameter_name.inspect})"
242
- )
243
- )
244
-
245
- validate_each
246
- end
247
-
248
- it 'should record error' do
249
- validate_each
250
-
251
- expect(errors).not_to be_empty
252
- end
253
- end
254
- end
255
-
256
- context 'parameter value' do
257
- context 'with String' do
258
- let(:parameter_value) do
259
- 'parameter_value'
260
- end
261
-
262
- it 'should not record error' do
263
- validate_each
264
-
265
- expect(errors).to be_blank
266
- end
267
- end
268
-
269
- context 'without String' do
270
- let(:parameter_value) do
271
- 0
272
- end
273
-
274
- it 'should call error_at with non-String prefix' do
275
- expect(parameters_validator).to receive(:error_at).with(
276
- hash_including(
277
- :prefix => "has non-String parameter value (#{parameter_value.inspect})"
278
- )
279
- )
280
-
281
- validate_each
282
- end
283
-
284
- it 'should record error' do
285
- validate_each
286
-
287
- expect(errors).not_to be_empty
288
- end
289
- end
290
- end
291
- end
292
- end
293
-
294
- context 'without Array' do
295
- let(:element) do
296
- {}
297
- end
298
-
299
- it 'should use #error_at with has non-Array for prefix' do
300
- expect(parameters_validator).to receive(:error_at).with(
301
- hash_including(
302
- :prefix => 'has non-Array'
303
- )
304
- )
305
-
306
- validate_each
307
- end
308
-
309
- it 'should record error' do
310
- validate_each
311
-
312
- expect(errors).not_to be_empty
313
- end
314
- end
315
- end
316
- end
317
-
318
- context 'without Array' do
319
- let(:value) do
320
- ''
321
- end
322
-
323
- before(:example) do
324
- validate_each
325
- end
326
-
327
- it 'should error that attribute is not an array' do
328
- expect(
329
- errors.any? { |error|
330
- error.include? 'is not an Array.'
331
- }
332
- ).to eq(true)
333
- end
334
-
335
- it 'should include TYPE_SIGNATURE_SENTENCE' do
336
- errors.each do |error|
337
- expect(error).to include(type_signature_sentence)
338
- end
339
- end
340
- end
341
- end
342
- end
@@ -1,332 +0,0 @@
1
- RSpec.describe PasswordIsStrongValidator do
2
-
3
- subject(:password_validator) do
4
- described_class.new(
5
- :attributes => attributes
6
- )
7
- end
8
-
9
- let(:attribute) do
10
- :params
11
- end
12
-
13
- let(:attributes) do
14
- attribute
15
- end
16
-
17
-
18
- context '#contains_repetition?' do
19
-
20
- it 'should return true for aaaa' do
21
- expect(password_validator.send(:contains_repetition?, 'aaaa')).to eq(true)
22
- end
23
-
24
- it 'should return true for ababab' do
25
- expect(password_validator.send(:contains_repetition?, 'ababab')).to eq(true)
26
- end
27
-
28
- it 'should return true for abcabcabc' do
29
- expect(password_validator.send(:contains_repetition?, 'abcabcabc')).to eq(true)
30
- end
31
-
32
- it 'should return true for abcdabcd' do
33
- expect(password_validator.send(:contains_repetition?, 'abcdabcd')).to eq(true)
34
- end
35
-
36
- it 'should return false for abcd1234abcd' do
37
- expect(password_validator.send(:contains_repetition?, 'abcd1234abcd')).to eq(false)
38
- end
39
-
40
- end
41
-
42
-
43
-
44
- context '#mutate_pass' do
45
-
46
- variants = [
47
- "metasp1oit",
48
- "me7asploi7",
49
- "me7asp1oi7",
50
- "meta$ploit",
51
- "meta$p1oit",
52
- "me7a$ploi7",
53
- "me7a$p1oi7",
54
- "m3tasploit",
55
- "m3tasp1oit",
56
- "m37asploi7",
57
- "m37asp1oi7",
58
- "m3ta$ploit",
59
- "m3ta$p1oit",
60
- "m37a$ploi7",
61
- "m37a$p1oi7",
62
- "metaspl0it",
63
- "metasp10it",
64
- "me7aspl0i7",
65
- "me7asp10i7",
66
- "meta$pl0it",
67
- "meta$p10it",
68
- "me7a$pl0i7",
69
- "me7a$p10i7",
70
- "m3taspl0it",
71
- "m3tasp10it",
72
- "m37aspl0i7",
73
- "m37asp10i7",
74
- "m3ta$pl0it",
75
- "m3ta$p10it",
76
- "m37a$pl0i7",
77
- "m37a$p10i7",
78
- "met@sploit",
79
- "met@sp1oit",
80
- "me7@sploi7",
81
- "me7@sp1oi7",
82
- "met@$ploit",
83
- "met@$p1oit",
84
- "me7@$ploi7",
85
- "me7@$p1oi7",
86
- "m3t@sploit",
87
- "m3t@sp1oit",
88
- "m37@sploi7",
89
- "m37@sp1oi7",
90
- "m3t@$ploit",
91
- "m3t@$p1oit",
92
- "m37@$ploi7",
93
- "m37@$p1oi7",
94
- "met@spl0it",
95
- "met@sp10it",
96
- "me7@spl0i7",
97
- "me7@sp10i7",
98
- "met@$pl0it",
99
- "met@$p10it",
100
- "me7@$pl0i7",
101
- "me7@$p10i7",
102
- "m3t@spl0it",
103
- "m3t@sp10it",
104
- "m37@spl0i7",
105
- "m37@sp10i7",
106
- "m3t@$pl0it",
107
- "m3t@$p10it",
108
- "m37@$pl0i7",
109
- "m37@$p10i7"
110
- ]
111
-
112
- it 'should return all the expected mutations of a password' do
113
- expect(password_validator.send(:mutate_pass, 'metasploit')).to eq(variants)
114
- end
115
-
116
- end
117
-
118
-
119
- context '#is_common_password?' do
120
-
121
- PasswordIsStrongValidator::COMMON_PASSWORDS.each do |password|
122
-
123
- it "should return true for #{password}" do
124
- expect(password_validator.send(:is_common_password?, password)).to eq(true)
125
- end
126
-
127
- it "should return true for #{password}!" do
128
- expect(password_validator.send(:is_common_password?, "#{password}!")).to eq(true)
129
- end
130
-
131
- it "should return true for #{password}1" do
132
- expect(password_validator.send(:is_common_password?, "#{password}1")).to eq(true)
133
- end
134
-
135
- it "should return true for #{password}9" do
136
- expect(password_validator.send(:is_common_password?, "#{password}1")).to eq(true)
137
- end
138
-
139
- it "should return true for #{password}99" do
140
- expect(password_validator.send(:is_common_password?, "#{password}12")).to eq(true)
141
- end
142
-
143
- it "should return true for #{password}123" do
144
- expect(password_validator.send(:is_common_password?, "#{password}123")).to eq(true)
145
- end
146
-
147
- it "should return true for #{password}123!" do
148
- expect(password_validator.send(:is_common_password?, "#{password}123!")).to eq(true)
149
- end
150
-
151
- end
152
-
153
- it "should return true for r00t" do
154
- expect(password_validator.send(:is_common_password?, "r00t")).to eq(true)
155
- end
156
-
157
- it "should return true for m3t@spl0it" do
158
- expect(password_validator.send(:is_common_password?, "m3t@spl0it")).to eq(true)
159
- end
160
-
161
- it "should return true for m3t@spl0it123!" do
162
- expect(password_validator.send(:is_common_password?, "m3t@spl0it123!")).to eq(true)
163
- end
164
- end
165
-
166
- context '#contains_username' do
167
-
168
- it 'should return true if username and password are the same' do
169
- expect(password_validator.send(:contains_username?, 'admin', 'admin')).to eq(true)
170
- end
171
-
172
- it 'should return true if the password contains the username as part of it' do
173
- expect(password_validator.send(:contains_username?, 'admin', '123admin123')).to eq(true)
174
- end
175
-
176
- it 'should return false otherwise' do
177
- expect(password_validator.send(:contains_username?, 'admin', 'foobar')).to eq(false)
178
- end
179
- end
180
-
181
- context '#is_simple?' do
182
-
183
- it "should return true if no number" do
184
- expect(password_validator.send(:is_simple?, "b@carat")).to eq(true)
185
- end
186
-
187
- it "should return true if no special char" do
188
- expect(password_validator.send(:is_simple?, "bacarat4")).to eq(true)
189
- end
190
-
191
- it "should return true if no letters" do
192
- expect(password_validator.send(:is_simple?, "1337")).to eq(true)
193
- end
194
-
195
- PasswordIsStrongValidator::SPECIAL_CHARS.each_char do |char|
196
-
197
- it "should return false with a #{char}" do
198
- expect(password_validator.send(:is_simple?, "bacarat4#{char}")).to eq(false)
199
- end
200
- end
201
- end
202
-
203
- context '#validate_each' do
204
-
205
- subject(:errors) do
206
- record.errors[attribute]
207
- end
208
-
209
- def validate_each
210
- password_validator.validate_each(record, attribute, value)
211
- end
212
-
213
- let(:record) {
214
- record_class.new.tap { |instance|
215
- instance.username = 'admin'
216
- }
217
- }
218
-
219
- let(:record_class) {
220
- Class.new do
221
- include ActiveModel::Validations
222
-
223
- #
224
- # Attributes
225
- #
226
-
227
- attr_accessor :username
228
- end
229
- }
230
-
231
-
232
- context 'with a password with no special char' do
233
- let(:value) { "bacarat4" }
234
-
235
- it 'should record an error' do
236
- validate_each
237
- expect(errors).not_to be_empty
238
- end
239
-
240
- it 'should have an error of "must contain letters, numbers, and at least one special character"' do
241
- validate_each
242
- expect(errors.include?("must contain letters, numbers, and at least one special character")).to eq(true)
243
- end
244
- end
245
-
246
- context 'with a password with no numbers' do
247
- let(:value) { "b@carat" }
248
-
249
- it 'should record an error' do
250
- validate_each
251
- expect(errors).not_to be_empty
252
- end
253
-
254
- it 'should have an error of "must contain letters, numbers, and at least one special character"' do
255
- validate_each
256
- expect(errors.include?("must contain letters, numbers, and at least one special character")).to eq(true)
257
- end
258
- end
259
-
260
- context 'with a password with no letters' do
261
- let(:value) { "1337@" }
262
-
263
- it 'should record an error' do
264
- validate_each
265
- expect(errors).not_to be_empty
266
- end
267
-
268
- it 'should have an error of "must contain letters, numbers, and at least one special character"' do
269
- validate_each
270
- expect(errors.include?("must contain letters, numbers, and at least one special character")).to eq(true)
271
- end
272
- end
273
-
274
- context 'with a password containing the username' do
275
- let(:value) { "admin1" }
276
-
277
- it 'should record an error' do
278
- validate_each
279
- expect(errors).not_to be_empty
280
- end
281
-
282
- it 'should have an error of "must not contain the username"' do
283
- validate_each
284
- expect(errors.include?("must not contain the username")).to eq(true)
285
- end
286
- end
287
-
288
- context 'with a common password' do
289
- let(:value) { "password" }
290
-
291
- it 'should record an error' do
292
- validate_each
293
- expect(errors).not_to be_empty
294
- end
295
-
296
- it 'should have an error of "must not be a common password"' do
297
- validate_each
298
- expect(errors.include?("must not be a common password")).to eq(true)
299
- end
300
- end
301
-
302
- context 'with a mutated common password' do
303
- let(:value) { "P@ssw0rd1!" }
304
-
305
- it 'should record an error' do
306
- validate_each
307
- expect(errors).not_to be_empty
308
- end
309
-
310
- it 'should have an error of "must not be a common password"' do
311
- validate_each
312
- expect(errors.include?("must not be a common password")).to eq(true)
313
- end
314
- end
315
-
316
- context 'with a repeated pattern' do
317
- let(:value) { "abcdabcd" }
318
-
319
- it 'should record an error' do
320
- validate_each
321
- expect(errors).not_to be_empty
322
- end
323
-
324
- it 'should have an error of "must not be a predictable sequence of characters"' do
325
- validate_each
326
- expect(errors.include?("must not be a predictable sequence of characters")).to eq(true)
327
- end
328
- end
329
-
330
- end
331
-
332
- end