metasploit_data_models 2.0.9 → 2.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 68993323d9d315d4b1f73688ffc1692fa5d02bcc
-  data.tar.gz: b49feeb97bc0e3ed89f9f1e3a73d09431d3bb579
+  metadata.gz: 70db351f3274f8e22c99897e9ee4febd348d3d22
+  data.tar.gz: cf7cf03e4a06f8735c7ad27c8e8f370592d435f9
 SHA512:
-  metadata.gz: ac2a5b0f5a99211bfaa52bae1af30e1be14f8f441f64796fe536549d7f1be9d7ec591e2fe4e66ba086ce56b783dc326ffa6451f7fd3145df204bb932fcd96f42
-  data.tar.gz: 260dd10da7bede6d443989501d19545f84faffdfaa734c155827b0d2446fcdef88ba45af800f62ae70777934d6f84324cd7544e13a35ad7ffd9167f91f21b23f
+  metadata.gz: 30dac12c039790293a1dbefb23721d44878e8f86d87b768ddbde27d33904e7ce7563c4a9defdab7383d9fcea62a143b0a06fbacee81d622d278bf34e35a898ee
+  data.tar.gz: 4d14a6744deb4951cfb8405227b44ce3b337e44079ba69556a8cb9617873d0125efffcac286a25b2d83f56cd6d34c4ee2f1371b6d4f43fcb80ee09370639ee44

data/app/models/mdm/module/detail.rb

@@ -2,7 +2,7 @@
 # {Mdm::Module} namespace.
 class Mdm::Module::Detail < ActiveRecord::Base
   self.table_name = 'module_details'
-  
+
   #
   # CONSTANTS
   #
@@ -192,6 +192,74 @@ class Mdm::Module::Detail < ActiveRecord::Base
   #
   #   @return ['active', 'passive', nil]
 
+  #
+  # Scopes
+  #
+
+  scope :module_arch, ->(values) {
+    joins(Mdm::Module::Detail.join_association(:archs,Arel::Nodes::OuterJoin)).
+    where(Mdm::Module::Arch[:name].matches_any(values))
+  }
+
+  scope :module_author, ->(values) {
+    joins(Mdm::Module::Detail.join_association(:authors, Arel::Nodes::OuterJoin)).
+    where(
+      Mdm::Module::Author[:email].matches_any(values).or(
+        Mdm::Module::Author[:name].matches_any(values)
+      )
+    )
+  }
+
+  scope :module_name, ->(values) {
+    where(
+      Mdm::Module::Detail[:fullname].matches_any(values).or(
+        Mdm::Module::Detail[:name].matches_any(values)
+      )
+    )
+  }
+
+  scope :module_os_or_platform, ->(values) {
+    joins(
+      Mdm::Module::Detail.join_association(:platforms, Arel::Nodes::OuterJoin),
+      Mdm::Module::Detail.join_association(:targets, Arel::Nodes::OuterJoin)
+    ).where(
+      Mdm::Module::Platform[:name].matches_any(values).or(
+        Mdm::Module::Target[:name].matches_any(values)
+      )
+    )
+  }
+
+  scope :module_ref, ->(values) {
+    joins(Mdm::Module::Detail.join_association(:refs, Arel::Nodes::OuterJoin)).
+    where(Mdm::Module::Ref[:name].matches_any(values))
+  }
+
+  scope :module_stance, ->(values) { where(Mdm::Module::Detail[:stance].matches_any(values)) }
+
+  scope :module_text, ->(values) {
+    joins(
+      Mdm::Module::Detail.join_association(:actions,    Arel::Nodes::OuterJoin),
+      Mdm::Module::Detail.join_association(:archs,      Arel::Nodes::OuterJoin),
+      Mdm::Module::Detail.join_association(:authors,    Arel::Nodes::OuterJoin),
+      Mdm::Module::Detail.join_association(:platforms,  Arel::Nodes::OuterJoin),
+      Mdm::Module::Detail.join_association(:refs,       Arel::Nodes::OuterJoin),
+      Mdm::Module::Detail.join_association(:targets,    Arel::Nodes::OuterJoin)
+    ).where(
+      Mdm::Module::Detail[:description].matches_any(values).or(
+      Mdm::Module::Detail[:fullname].matches_any(values).or(
+      Mdm::Module::Detail[:name].matches_any(values).or(
+      Mdm::Module::Action[:name].matches_any(values).or(
+      Mdm::Module::Arch[:name].matches_any(values).or(
+      Mdm::Module::Author[:name].matches_any(values).or(
+      Mdm::Module::Platform[:name].matches_any(values).or(
+      Mdm::Module::Ref[:name].matches_any(values).or(
+      Mdm::Module::Target[:name].matches_any(values)
+    )))))))))
+  }
+
+
+  scope :module_type, ->(values) { where(Mdm::Module::Detail[:mtype].matches_any(values)) }
+
   #
   # Validations
   #

data/lib/metasploit_data_models/version.rb

@@ -1,6 +1,6 @@
 module MetasploitDataModels
   # VERSION is managed by GemRelease
-  VERSION = '2.0.9'
+  VERSION = '2.0.10'
 
   # @return [String]
   #

data/spec/app/models/mdm/module/detail_spec.rb

@@ -66,23 +66,23 @@ RSpec.describe Mdm::Module::Detail, type: :model do
       it "maps 'auxiliary' to 'auxiliary'" do
         expect(directory_by_type['auxiliary']).to eq('auxiliary')
       end
-      
+
       it "maps 'encoder' to 'encoders'" do
         expect(directory_by_type['encoder']).to eq('encoders')
       end
-      
+
       it "maps 'exploit' to 'exploits'" do
         expect(directory_by_type['exploit']).to eq('exploits')
       end
-      
+
       it "maps 'nop' to 'nops'" do
         expect(directory_by_type['nop']).to eq('nops')
       end
-      
+
       it "maps 'payload' to 'payloads'" do
         expect(directory_by_type['payload']).to eq('payloads')
       end
-      
+
       it "maps 'post' to 'post'" do
         expect(directory_by_type['post']).to eq('post')
       end
@@ -233,6 +233,206 @@ RSpec.describe Mdm::Module::Detail, type: :model do
     end
   end
 
+  context 'scopes' do
+
+    before(:each) do
+      @ms12_020 = FactoryGirl.create(:mdm_module_detail,
+        name: "MS12-020 Microsoft Remote Desktop Use-After-Free DoS",
+        fullname: 'auxiliary/dos/windows/rdp/ms12_020_maxchannelids',
+        description: "This module exploits the MS12-020 RDP vulnerability originally discovered and\n        reported by Luigi Auriemma.  The flaw can be found in the way the T.125\n        ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result\n        an invalid pointer being used, therefore causing a denial-of-service condition.",
+        mtype: 'auxiliary',
+        stance: 'aggressive')
+      @ms08_067 = FactoryGirl.create(:mdm_module_detail,
+        name: "MS08-067 Microsoft Server Service Relative Path Stack Corruption",
+        fullname: 'exploit/windows/smb/ms08_067_netapi',
+        description: "This module exploits a parsing flaw in the path canonicalization code of\n        NetAPI32.dll through the Server Service. This module is capable of bypassing\n        NX on some operating systems and service packs. The correct target must be\n        used to prevent the Server Service (along with a dozen others in the same\n        process) from crashing. Windows XP targets seem to handle multiple successful\n        exploitation events, but 2003 targets will often crash or hang on subsequent\n        attempts. This is just the first version of this module, full support for\n        NX bypass on 2003, along with other platforms, is still in development.",
+        mtype: 'exploit',
+        stance: 'aggressive')
+      @ms06_040 = FactoryGirl.create(:mdm_module_detail,
+        name: "MS06-040 Microsoft Server Service NetpwPathCanonicalize Overflow",
+        fullname: 'exploit/windows/smb/ms06_040_netapi',
+        description: "This module exploits a stack buffer overflow in the NetApi32 CanonicalizePathName() function\n        using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that\n        other RPC calls could be used to exploit this service. This exploit will result in\n        a denial of service on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt\n        will likely result in a complete reboot on Windows 2000 and the termination of all\n        SMB-related services on Windows XP. The default target for this exploit should succeed\n        on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.",
+        mtype: 'exploit',
+        stance: 'aggressive')
+      @cve_2012_0507 = FactoryGirl.create(:mdm_module_detail,
+        name: "Java AtomicReferenceArray Type Violation Vulnerability",
+        fullname: 'exploit/multi/browser/java_atomicreferencearray',
+        description: "This module exploits a vulnerability due to the fact that\n        AtomicReferenceArray uses the Unsafe class to store a reference in an\n        array directly, which may violate type safety if not used properly.\n        This allows a way to escape the JRE sandbox, and load additional classes\n        in order to perform malicious operations.",
+        mtype: 'exploit',
+        stance: 'passive')
+      @cve_2010_0425 = FactoryGirl.create(:mdm_module_detail,
+        name: "PHP Remote File Include Generic Code Execution",
+        fullname: 'exploit/unix/webapp/php_include',
+        description: "This module can be used to exploit any generic PHP file include vulnerability,\n        where the application includes code like the following:\n\n        <?php include($_GET['path']); ?>",
+        mtype: 'exploit',
+        stance: 'aggressive')
+
+      @author1 = "hdm <x@hdm.io>"
+      @author2 = "jduck <jduck@metasploit.com>"
+      @author3 = "juan vazquez <juan.vazquez@metasploit.com>"
+      @author4 = "egypt <egypt@metasploit.com>"
+
+      FactoryGirl.create(:mdm_module_author, detail: @ms12_020, name: @author2)
+      FactoryGirl.create(:mdm_module_author, detail: @ms08_067, name: @author1)
+      FactoryGirl.create(:mdm_module_author, detail: @ms08_067, name: @author2)
+      FactoryGirl.create(:mdm_module_author, detail: @ms06_040, name: @author1)
+      FactoryGirl.create(:mdm_module_author, detail: @cve_2012_0507, name: @author3)
+      FactoryGirl.create(:mdm_module_author, detail: @cve_2012_0507, name: @author4)
+
+      FactoryGirl.create(:mdm_module_platform, detail: @ms12_020, name: 'windows')
+      FactoryGirl.create(:mdm_module_platform, detail: @ms08_067, name: 'windows')
+      FactoryGirl.create(:mdm_module_platform, detail: @ms06_040, name: 'windows')
+      FactoryGirl.create(:mdm_module_platform, detail: @cve_2012_0507, name: 'linux')
+      FactoryGirl.create(:mdm_module_platform, detail: @cve_2012_0507, name: 'java')
+
+      FactoryGirl.create(:mdm_module_arch, detail: @cve_2012_0507, name: '["ppc"]')
+      FactoryGirl.create(:mdm_module_arch, detail: @cve_2012_0507, name: '["x86"]')
+      FactoryGirl.create(:mdm_module_arch, detail: @cve_2012_0507, name: '["java"]')
+      FactoryGirl.create(:mdm_module_arch, detail: @cve_2010_0425, name: 'php')
+
+      FactoryGirl.create(:mdm_module_ref, detail: @ms12_020, name: 'EDB-18606')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms12_020, name: 'MSB-MS12-020')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms12_020, name: 'CVE-2012-0002')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms08_067, name: 'MSB-MS08-067')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms08_067, name: 'OSVDB-49243')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms08_067, name: 'CVE-2008-4250')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms06_040, name: 'MSB-MS06-040')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms06_040, name: 'BID-19409')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms06_040, name: 'OSVDB-27845')
+      FactoryGirl.create(:mdm_module_ref, detail: @ms06_040, name: 'CVE-2006-3439')
+      FactoryGirl.create(:mdm_module_ref, detail: @cve_2012_0507, name: 'BID-52161')
+      FactoryGirl.create(:mdm_module_ref, detail: @cve_2012_0507, name: 'OSVDB-80724')
+      FactoryGirl.create(:mdm_module_ref, detail: @cve_2012_0507, name: 'CVE-2012-0507')
+
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows 2003 SP2 English (NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows 2003 SP2 English (NO NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows 2003 SP1 English (NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows 2003 SP1 English (NO NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows XP SP3 English (NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows XP SP3 English (AlwaysOn NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows XP SP2 English (NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Windows XP SP2 English (AlwaysOn NX)')
+      FactoryGirl.create(:mdm_module_target, detail: @ms08_067, name: 'Automatic Targeting')
+      FactoryGirl.create(:mdm_module_target, detail: @ms06_040, name: '(wcscpy) Windows 2003 SP0')
+      FactoryGirl.create(:mdm_module_target, detail: @ms06_040, name: '(stack)  Windows XP SP1 English')
+      FactoryGirl.create(:mdm_module_target, detail: @ms06_040, name: '(wcscpy) Windows XP SP0/SP1')
+      FactoryGirl.create(:mdm_module_target, detail: @ms06_040, name: '(wcscpy) Windows NT 4.0 / Windows 2000 SP0-SP4')
+      FactoryGirl.create(:mdm_module_target, detail: @ms06_040, name: '(wcscpy) Automatic (NT 4.0, 2000 SP0-SP4, XP SP0-SP1)')
+      FactoryGirl.create(:mdm_module_target, detail: @cve_2012_0507, name: 'Linux x86 (Native Payload)')
+      FactoryGirl.create(:mdm_module_target, detail: @cve_2012_0507, name: 'Mac OS X x86 (Native Payload)')
+      FactoryGirl.create(:mdm_module_target, detail: @cve_2012_0507, name: 'Mac OS X PPC (Native Payload)')
+      FactoryGirl.create(:mdm_module_target, detail: @cve_2012_0507, name: 'Windows x86 (Native Payload)')
+      FactoryGirl.create(:mdm_module_target, detail: @cve_2012_0507, name: 'Generic (Java Payload)')
+      FactoryGirl.create(:mdm_module_target, detail: @cve_2010_0425, name: 'Automatic')
+    end
+
+    context '#module_arch' do
+      it 'finds all modules with a stance matching "java"' do
+        expect(Mdm::Module::Detail.module_arch(['%java%']).uniq).to contain_exactly(@cve_2012_0507)
+      end
+      it 'finds all modules with a stance matching "pass"' do
+        expect(Mdm::Module::Detail.module_arch(['%java%', '%php%']).uniq).to contain_exactly(@cve_2012_0507, @cve_2010_0425)
+      end
+    end
+
+    context '#module_author' do
+      it 'finds all modules with author matching "Juan"' do
+        expect(Mdm::Module::Detail.module_author(['%juan%'])).to contain_exactly(@cve_2012_0507)
+      end
+
+      it 'finds all modules for author matching "hdm"' do
+        expect(Mdm::Module::Detail.module_author(['%hdm%'])).to contain_exactly(@ms08_067, @ms06_040)
+      end
+      it 'finds all modules with authors matching "juan", "jduck"' do
+        expect(Mdm::Module::Detail.module_author(['%juan%','%jduck%'])).to contain_exactly(@ms12_020,@ms08_067,@cve_2012_0507)
+      end
+    end
+
+    context '#module_name' do
+      it 'finds all modules with name matching "DoS"' do
+        expect(Mdm::Module::Detail.module_name(['%DoS%'])).to contain_exactly(@ms12_020)
+      end
+
+      it 'finds all modules with name matching "netapi"' do
+        expect(Mdm::Module::Detail.module_name(['%netapi%'])).to contain_exactly(@ms08_067, @ms06_040)
+      end
+
+      it 'finds all modules with name matching "browser"' do
+        expect(Mdm::Module::Detail.module_name(['%browser%'])).to contain_exactly(@cve_2012_0507)
+      end
+    end
+
+    context '#module_os_or_platform' do
+      it 'finds all modules with a platform matching "linux"' do
+        expect(Mdm::Module::Detail.module_os_or_platform(['%linux%']).uniq).to contain_exactly(@cve_2012_0507)
+      end
+
+      it 'finds all modules with a platform matching "windows"' do
+        expect(Mdm::Module::Detail.module_os_or_platform(['%windows%']).uniq).to contain_exactly(
+          @ms12_020,@ms08_067,@ms06_040,@cve_2012_0507)
+      end
+    end
+
+    context 'module_ref' do
+      it 'finds all modules with a reff matching "CVE-2012"' do
+        expect(Mdm::Module::Detail.module_ref(['%CVE-2012%']).uniq).to contain_exactly(
+          @ms12_020,@cve_2012_0507)
+      end
+      it 'finds all modules with a reff matching "EDB"' do
+        expect(Mdm::Module::Detail.module_ref(['%EDB%']).uniq).to contain_exactly(@ms12_020)
+      end
+    end
+
+    context '#module_stance' do
+      it 'finds all modules with a stance matching "agg"' do
+        expect(Mdm::Module::Detail.module_stance(['%agg%']).uniq).to contain_exactly(
+          @ms12_020,@ms08_067,@ms06_040,@cve_2010_0425)
+      end
+      it 'finds all modules with a stance matching "pass"' do
+        expect(Mdm::Module::Detail.module_stance(['%pass%']).uniq).to contain_exactly(@cve_2012_0507)
+      end
+    end
+
+    context '#module_text' do
+      it 'finds all modules with a description matching "ConnectMCSPDU"' do
+        expect(Mdm::Module::Detail.module_text(['%ConnectMCSPDU%']).uniq).to contain_exactly(@ms12_020)
+      end
+      it 'finds all modules with a fullname matching "smb/ms0"' do
+        expect(Mdm::Module::Detail.module_text(['%smb/ms0%']).uniq).to contain_exactly(@ms08_067,@ms06_040)
+      end
+      it 'finds all modules with a name matching "Microsoft Server Service"' do
+        expect(Mdm::Module::Detail.module_text(['%Microsoft Server Service%']).uniq).to contain_exactly(@ms08_067,@ms06_040)
+      end
+      it 'finds all modules with a arch matching "php"' do
+        expect(Mdm::Module::Detail.module_text(['%php%']).uniq).to contain_exactly(@cve_2010_0425)
+      end
+      it 'finds all modules with a author matching "jduck"' do
+        expect(Mdm::Module::Detail.module_text(['%jduck%']).uniq).to contain_exactly(@ms12_020,@ms08_067)
+      end
+      it 'finds all modules with a platform matching "linux"' do
+        expect(Mdm::Module::Detail.module_text(['%linux%']).uniq).to contain_exactly(@cve_2012_0507)
+      end
+      it 'finds all modules with a ref matching "MSB-MS"' do
+        expect(Mdm::Module::Detail.module_text(['%MSB-MS%']).uniq).to contain_exactly(@ms12_020,@ms08_067,@ms06_040)
+      end
+      it 'finds all modules with a target matching "Auto"' do
+        expect(Mdm::Module::Detail.module_text(['%Auto%']).uniq).to contain_exactly(@ms08_067,@ms06_040,@cve_2010_0425)
+      end
+    end
+
+    context 'module_type' do
+      it 'finds all modules with a mtype matching "aux"' do
+        expect(Mdm::Module::Detail.module_type(['%aux%']).uniq).to contain_exactly(@ms12_020)
+      end
+      it 'finds all modules with a mtype matching "exp"' do
+        expect(Mdm::Module::Detail.module_type(['%exp%']).uniq).to contain_exactly(
+          @ms08_067,@ms06_040,@cve_2012_0507,@cve_2010_0425)
+      end
+    end
+
+
+  end
+
   context 'validations' do
     it { is_expected.to validate_inclusion_of(:mtype).in_array(types) }
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit_data_models
 version: !ruby/object:Gem::Version
-  version: 2.0.9
+  version: 2.0.10
 platform: ruby
 authors:
 - Samuel Huckins
@@ -91,7 +91,7 @@ cert_chain:
   G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
   8mVuTXnyJOKRJA==
   -----END CERTIFICATE-----
-date: 2016-11-21 00:00:00.000000000 Z
+date: 2016-12-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-yard