rex-socket 0.1.26 → 0.1.30

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0bf99960d66db7491db5490f75d4c87a8bfde429dcc76a4e4e1d07306cf61b8
-  data.tar.gz: 7e665ba1dba7574c1fa7adb9523b9e8781daff17185daef8300cc0d1f5cd8d0b
+  metadata.gz: 647d60dcc0fb176246243a7eaed1ca68a35c596c7034cf4de863ca233d08d9f0
+  data.tar.gz: 80fcd4c8fe671a6da97a5e262700331dfa5fe0292c679952b510abdc7af13cfa
 SHA512:
-  metadata.gz: a15da2ba7b185bf822db6f467fde6ae641008861f2758c865b9c66b524904dffd02add948e18cb544105747aaf8ce5f90f3083c8eaa18ac84284917ff29fe9cf
-  data.tar.gz: c6585bddb9cc7b52f29f3d9f193200132801fbb141162550f9d6a9553af51a853a3946c3c42fca55dbaed217a88cd68372066db5d76a8bcbc356a780c6bde61a
+  metadata.gz: a5c001e83da2f988ff40eefcd5175bdf0684b22c5529820be68c9eda4b6d862a6f88bbd39a950941a30bcccc5b9a21479a44982e56a4e351b353c0ce480bc9a9
+  data.tar.gz: bdc211d907a45d1a0701fbc34721712fec81dea7e9417d1b3e94259916e13779a1e91e1742fd2b9526aaf4c8839c62373e58183c3ac7ad7dea64c3b8fd5d093d

data/lib/rex/socket.rb

@@ -14,6 +14,8 @@ module Rex
 ###
 module Socket
 
+  LogSource = 'rex-socket'
+
   module Comm
   end
 
@@ -745,7 +747,7 @@ module Socket
       peer_name = Socket.from_sockaddr(self.getpeername)
     rescue ::Errno::EINVAL => e
       # Ruby's getpeername method may call rb_sys_fail("getpeername(2)")
-      elog("#{e.message} (#{e.class})#{e.backtrace * "\n"}\n", 'core', LEV_3)
+      elog("#{e.message} (#{e.class})#{e.backtrace * "\n"}\n", LogSource, LEV_3)
     end
 
     return peer_name

data/lib/rex/socket/parameters.rb

@@ -110,10 +110,7 @@ class Rex::Socket::Parameters
       self.sslctx = hash['SSLContext']
     end
 
-    supported_ssl_versions = ['Auto', 'SSL2', 'SSL23', 'TLS1', 'SSL3', :Auto, :SSLv2, :SSLv3, :SSLv23, :TLSv1]
-    if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
-      self.ssl_version = hash['SSLVersion']
-    end
+    self.ssl_version = hash.fetch('SSLVersion', nil)
 
     supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
     if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
@@ -383,7 +380,27 @@ class Rex::Socket::Parameters
 
   # What version of SSL to use (Auto, SSL2, SSL3, SSL23, TLS1)
   # @return [String,Symbol]
-  attr_accessor :ssl_version
+  attr_reader :ssl_version
+  def ssl_version=(version)
+    # Let the caller specify a particular SSL/TLS version
+    case version
+    when 'SSL2'
+      version = :SSLv2
+    # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
+    when 'SSL23', 'TLS', 'Auto'
+      version = :SSLv23
+    when 'SSL3'
+      version = :SSLv3
+    when 'TLS1','TLS1.0'
+      version = :TLSv1
+    when 'TLS1.1'
+      version = :TLSv1_1
+    when 'TLS1.2'
+      version = :TLSv1_2
+    end
+
+    @ssl_version = version
+  end
 
   # What specific SSL Cipher(s) to use, may be a string containing the cipher
   # name or an array of strings containing cipher names e.g.

data/lib/rex/socket/range_walker.rb

@@ -23,6 +23,9 @@ module Socket
 ###
 class RangeWalker
 
+  MATCH_IPV4_RANGE = /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
+  private_constant :MATCH_IPV4_RANGE
+
   # The total number of IPs within the range
   #
   # @return [Fixnum]
@@ -74,108 +77,37 @@ class RangeWalker
   # @return [self]
   # @return [false] if +parseme+ cannot be parsed
   def parse(parseme)
-    return nil if not parseme
+    return nil unless parseme
+
     ranges = []
     parseme.split(', ').map{ |a| a.split(' ') }.flatten.each do |arg|
-      opts = {}
 
       # Handle IPv6 CIDR first
       if arg.include?(':') && arg.include?('/')
-        return false if !valid_cidr_chars?(arg)
-
-        ip_part, mask_part = arg.split("/")
-        return false unless (0..128).include? mask_part.to_i
+        next if (new_ranges = parse_ipv6_cidr(arg)).nil?
 
-        addr, scope_id = ip_part.split('%')
-        return false unless Rex::Socket.is_ipv6?(addr)
-
-        range = expand_cidr(addr + '/' + mask_part)
-        range.options[:scope_id] = scope_id if scope_id
-        ranges.push(range)
       # Handle plain IPv6 next (support ranges, but not CIDR)
       elsif arg.include?(':')
-        addrs = arg.split('-', 2)
-
-        # Handle a single address
-        if addrs.length == 1
-          addr, scope_id = addrs[0].split('%')
-          opts[:scope_id] = scope_id if scope_id
-          opts[:ipv6] = true
-
-          return false unless Rex::Socket.is_ipv6?(addr)
-          addr = Rex::Socket.addr_atoi(addr)
-          ranges.push(Range.new(addr, addr, opts))
-          next
-        end
-
-        addr1, scope_id = addrs[0].split('%')
-        opts[:scope_id] = scope_id if scope_id
-        opts[:ipv6] = true
-
-        addr2, scope_id = addrs[1].split('%')
-        ( opts[:scope_id] ||= scope_id ) if scope_id
-
-        # Both have to be IPv6 for this to work
-        return false unless (Rex::Socket.is_ipv6?(addr1) && Rex::Socket.is_ipv6?(addr2))
-
-        # Handle IPv6 ranges in the form of 2001::1-2001::10
-        addr1 = Rex::Socket.addr_atoi(addr1)
-        addr2 = Rex::Socket.addr_atoi(addr2)
-
-        ranges.push(Range.new(addr1, addr2, opts))
-        next
+        next if (new_ranges = parse_ipv6(arg)).nil?
 
       # Handle IPv4 CIDR
       elsif arg.include?("/")
-        # Then it's CIDR notation and needs special case
-        return false if !valid_cidr_chars?(arg)
-        ip_part, mask_part = arg.split("/")
-        return false unless (0..32).include? mask_part.to_i
-        if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
-          return false unless ip_part =~ Rex::Socket::MATCH_IPV4
-        end
-        begin
-          Rex::Socket.getaddress(ip_part) # This allows for "www.metasploit.com/24" which is fun.
-        rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
-          return false # Can't resolve the ip_part, so bail.
-        end
-
-        expanded = expand_cidr(arg)
-        if expanded
-          ranges.push(expanded)
-        else
-          return false
-        end
+        next if (new_ranges = parse_ipv4_cidr(arg)).nil?
 
       # Handle hostnames
       elsif arg =~ /[^-0-9,.*]/
-        # Then it's a domain name and we should send it on to addr_atoi
-        # unmolested to force a DNS lookup.
-        begin
-          ranges += Rex::Socket.addr_atoi_list(arg).map { |a| Range.new(a, a, opts) }
-        rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
-          return false
-        end
+        next if (new_ranges = parse_hostname(arg)).nil?
 
       # Handle IPv4 ranges
-      elsif arg =~ /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
-
+      elsif arg =~ MATCH_IPV4_RANGE
         # Then it's in the format of 1.2.3.4-5.6.7.8
-        # Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
-        begin
-          start, stop = Rex::Socket.addr_atoi($1), Rex::Socket.addr_atoi($2)
-          return false if start > stop # The end is greater than the beginning.
-          ranges.push(Range.new(start, stop, opts))
-        rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
-          return false
-        end
+        next if (new_ranges = parse_ipv4_ranges(arg)).nil?
+
       else
-        # Returns an array of ranges
-        expanded = expand_nmap(arg)
-        if expanded
-          expanded.each { |r| ranges.push(r) }
-        end
+        next if (new_ranges = expand_nmap(arg)).nil?
       end
+
+      ranges += new_ranges
     end
 
     # Remove any duplicate ranges
@@ -198,11 +130,12 @@ class RangeWalker
     self
   end
 
-  # Returns the next IP address.
+  # Returns the next host in the range.
   #
-  # @return [String] The next address in the range
-  def next_ip
-    return false if not valid?
+  # @return [Hash<Symbol, String>] The next host in the range
+  def next_host
+    return unless valid?
+
     if (@curr_addr > @ranges[@curr_range_index].stop)
       # Then we are at the end of this range. Grab the next one.
 
@@ -213,14 +146,26 @@ class RangeWalker
 
       @curr_addr = @ranges[@curr_range_index].start
     end
-    addr = Rex::Socket.addr_itoa(@curr_addr, @ranges[@curr_range_index].ipv6?)
 
-    if @ranges[@curr_range_index].options[:scope_id]
-      addr = addr + '%' + @ranges[@curr_range_index].options[:scope_id]
+    range = @ranges[@curr_range_index]
+    addr = Rex::Socket.addr_itoa(@curr_addr, range.ipv6?)
+
+    if range.options[:scope_id]
+      addr = addr + '%' + range.options[:scope_id]
     end
 
+    hostname = range.is_a?(Host) ? range.hostname : nil
+
     @curr_addr += 1
-    return addr
+    return { address: addr, hostname: hostname }
+  end
+
+  # Returns the next IP address.
+  #
+  # @return [String] The next address in the range
+  def next_ip
+    return nil if (host = next_host).nil?
+    host[:address]
   end
 
   alias :next :next_ip
@@ -271,7 +216,7 @@ class RangeWalker
   # {#next_ip}
   #
   # @return [self]
-  def each(&block)
+  def each_ip(&block)
     while (ip = next_ip)
       block.call(ip)
     end
@@ -280,6 +225,17 @@ class RangeWalker
     self
   end
 
+  alias each each_ip
+
+  def each_host(&block)
+    while (host_hash = next_host)
+      block.call(host_hash)
+    end
+    reset
+
+    self
+  end
+
   #
   # Returns an Array with one element, a {Range} defined by the given CIDR
   # block.
@@ -291,7 +247,7 @@ class RangeWalker
   def expand_cidr(arg)
     start,stop = Rex::Socket.cidr_crack(arg)
     if !start or !stop
-      return false
+      return
     end
     range = Range.new
     range.start = Rex::Socket.addr_atoi(start)
@@ -319,18 +275,16 @@ class RangeWalker
   #
   def expand_nmap(arg)
     # Can't really do anything with IPv6
-    return false if arg.include?(":")
+    return if arg.include?(":")
 
     # nmap calls these errors, but it's hard to catch them with our
     # splitting below, so short-cut them here
-    return false if arg.include?(",-") or arg.include?("-,")
+    return if arg.include?(",-") or arg.include?("-,")
 
     bytes = []
     sections = arg.split('.')
-    if sections.length != 4
-      # Too many or not enough dots
-      return false
-    end
+    return unless sections.length == 4  # Too many or not enough dots
+
     sections.each { |section|
       if section.empty?
         # pretty sure this is an unintentional artifact of the C
@@ -344,7 +298,7 @@ class RangeWalker
         # I think this ought to be 1-254, but this is how nmap does it.
         section = "0-255"
       elsif section.include?("*")
-        return false
+        return
       end
 
       # Break down the sections into ranges like so
@@ -361,18 +315,18 @@ class RangeWalker
           # if the upper bound is empty, stop at 255
           #
           bounds = r.split('-', -1)
-          return false if (bounds.length > 2)
+          return if (bounds.length > 2)
 
           bounds[0] = 0   if bounds[0].nil? or bounds[0].empty?
           bounds[1] = 255 if bounds[1].nil? or bounds[1].empty?
           bounds.map!{|b| b.to_i}
-          return false if bounds[0] > bounds[1]
+          return if bounds[0] > bounds[1]
         else
           # Then it's a single value
           bounds[0] = r.to_i
         end
-        return false if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
-        return false if bounds[1] and bounds[0] > bounds[1]
+        return if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
+        return if bounds[1] and bounds[0] > bounds[1]
         if bounds[1]
           bounds[0].upto(bounds[1]) do |i|
             sets.push(i)
@@ -430,6 +384,98 @@ class RangeWalker
 
   protected
 
+  def parse_hostname(arg)
+    begin
+      ranges = Rex::Socket.getaddresses(arg).map { |addr| Host.new(addr, arg) }
+    rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
+      return
+    end
+
+    ranges
+  end
+
+  def parse_ipv4_cidr(arg)
+    # Then it's CIDR notation and needs special case
+    return if !valid_cidr_chars?(arg)
+
+    ip_part, mask_part = arg.split("/")
+    return unless (0..32).include? mask_part.to_i
+    if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
+      return unless Rex::Socket.is_ipv4?(ip_part)
+    end
+
+    begin
+      hosts = Rex::Socket.getaddresses(ip_part).select { |addr| Rex::Socket.is_ipv4?(addr) } # drop non-IPv4 addresses
+    rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
+      return # Can't resolve the ip_part, so bail.
+    end
+
+    hosts.map { |addr| expand_cidr("#{addr}/#{mask_part}") }
+  end
+
+  def parse_ipv4_ranges(arg)
+    # Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
+    return unless arg =~ MATCH_IPV4_RANGE
+
+    begin
+      start, stop = Rex::Socket.addr_atoi($1), Rex::Socket.addr_atoi($2)
+      return if start > stop # The end is greater than the beginning.
+      range = Range.new(start, stop)
+    rescue Resolv::ResolvError, ::SocketError, Errno::ENOENT
+      return
+    end
+
+    [range]
+  end
+
+  def parse_ipv6(arg)
+    opts = {}
+    addrs = arg.split('-', 2)
+
+    # Handle a single address
+    if addrs.length == 1
+      addr, scope_id = addrs[0].split('%')
+      opts[:scope_id] = scope_id if scope_id
+      opts[:ipv6] = true
+
+      return unless Rex::Socket.is_ipv6?(addr)
+      addr = Rex::Socket.addr_atoi(addr)
+      range = Range.new(addr, addr, opts)
+    else
+      addr1, scope_id = addrs[0].split('%')
+      opts[:scope_id] = scope_id if scope_id
+      opts[:ipv6] = true
+
+      addr2, scope_id = addrs[1].split('%')
+      ( opts[:scope_id] ||= scope_id ) if scope_id
+
+      # Both have to be IPv6 for this to work
+      return unless (Rex::Socket.is_ipv6?(addr1) && Rex::Socket.is_ipv6?(addr2))
+
+      # Handle IPv6 ranges in the form of 2001::1-2001::10
+      addr1 = Rex::Socket.addr_atoi(addr1)
+      addr2 = Rex::Socket.addr_atoi(addr2)
+
+       range = Range.new(addr1, addr2, opts)
+    end
+
+    [range]
+  end
+
+  def parse_ipv6_cidr(arg)
+    return if !valid_cidr_chars?(arg)
+
+    ip_part, mask_part = arg.split("/")
+    return unless (0..128).include? mask_part.to_i
+
+    addr, scope_id = ip_part.split('%')
+    return unless Rex::Socket.is_ipv6?(addr)
+
+    range = expand_cidr(addr + '/' + mask_part)
+    range.options[:scope_id] = scope_id if scope_id
+    [range]
+  end
+
   def valid_cidr_chars?(arg)
     return false if arg.include? ',-' # Improper CIDR notation (can't mix with 1,3 or 1-3 style IP ranges)
     return false if arg.scan("/").size > 1 # ..but there are too many slashes
@@ -464,7 +510,7 @@ class Range
   def initialize(start=nil, stop=nil, options=nil)
     @start = start
     @stop = stop
-    @options = options
+    @options = options || {}
   end
 
   # Compare attributes with +other+
@@ -488,5 +534,21 @@ class Range
   end
 end
 
+# A single host
+class Host < Range
+  attr_accessor :hostname
+
+  def initialize(address, hostname=nil, options=nil)
+    address = Rex::Socket.addr_atoi(address) if address.is_a? String
+
+    super(address, address, options)
+    @hostname = hostname
+  end
+
+  def address
+    Rex::Socket.addr_itoa(@start)
+  end
+
+end
 end
 end

data/lib/rex/socket/ssl.rb

@@ -11,6 +11,9 @@ require 'openssl'
 ###
 module Rex::Socket::Ssl
 
+  # Default to SSLv23 (automatically negotiate)
+  DEFAULT_SSL_VERSION = :SSLv23
+
   module CertProvider
 
     def self.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil)
@@ -122,7 +125,14 @@ module Rex::Socket::Ssl
       key, cert, chain = ssl_generate_certificate(cert_vars: {cn: params.ssl_cn})
     end
 
-    ctx = OpenSSL::SSL::SSLContext.new()
+    version = params&.ssl_version || DEFAULT_SSL_VERSION
+    # Raise an error if no selected versions are supported
+    unless Rex::Socket::SslTcp.system_ssl_methods.include? version
+      raise ArgumentError,
+        "This version of Ruby does not support the requested SSL/TLS version #{version}"
+    end
+
+    ctx = OpenSSL::SSL::SSLContext.new(version)
     ctx.key = key
     ctx.cert = cert
     ctx.extra_chain_cert = chain

data/lib/rex/socket/ssl_tcp.rb

@@ -65,35 +65,14 @@ begin
   def initsock(params = nil)
     super
 
-    # Default to SSLv23 (automatically negotiate)
-    version = :SSLv23
-
-    # Let the caller specify a particular SSL/TLS version
-    if params
-      case params.ssl_version
-      when 'SSL2', :SSLv2
-        version = :SSLv2
-      # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
-      when 'SSL23', :SSLv23, 'TLS', 'Auto'
-        version = :SSLv23
-      when 'SSL3', :SSLv3
-        version = :SSLv3
-      when 'TLS1','TLS1.0', :TLSv1
-        version = :TLSv1
-      when 'TLS1.1', :TLSv1_1
-        version = :TLSv1_1
-      when 'TLS1.2', :TLSv1_2
-        version = :TLSv1_2
-      end
-    end
-
+    version = params&.ssl_version || Rex::Socket::Ssl::DEFAULT_SSL_VERSION
     # Raise an error if no selected versions are supported
     unless Rex::Socket::SslTcp.system_ssl_methods.include? version
       raise ArgumentError,
-        "This version of Ruby does not support the requested SSL/TLS version #{params.ssl_version}"
+        "This version of Ruby does not support the requested SSL/TLS version #{version}"
     end
 
-    # Try intializing the socket with this SSL/TLS version
+    # Try initializing the socket with this SSL/TLS version
     # This will throw an exception if it fails
     initsock_with_ssl_version(params, version)
 

data/lib/rex/socket/switch_board.rb

@@ -276,7 +276,7 @@ protected
   # Initializes the underlying stuff.
   #
   def _init
-    if (@_initialized != true)
+    unless @_initialized
       @_initialized = true
       self.routes   = Array.new
       self.mutex    = Mutex.new

data/lib/rex/socket/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Socket
-    VERSION = "0.1.26"
+    VERSION = "0.1.30"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-socket
 version: !ruby/object:Gem::Version
-  version: 0.1.26
+  version: 0.1.30
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake