wg-metasploit_data_models 4.1.4.01 → 4.1.4.02
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.coveralls.yml +1 -0
- data/.github/workflows/verify.yml +68 -0
- data/.gitignore +29 -0
- data/.rspec +3 -0
- data/.simplecov +38 -0
- data/.yardopts +4 -0
- data/CHANGELOG.md +6 -0
- data/CONTRIBUTING.md +133 -0
- data/Gemfile +46 -0
- data/LICENSE +27 -0
- data/README.md +65 -0
- data/RELEASING.md +82 -0
- data/Rakefile +72 -0
- data/UPGRADING.md +1 -0
- data/app/models/mdm/api_key.rb +61 -0
- data/app/models/mdm/async_callback.rb +64 -0
- data/app/models/mdm/client.rb +50 -0
- data/app/models/mdm/cred.rb +205 -0
- data/app/models/mdm/event.rb +83 -0
- data/app/models/mdm/exploit_attempt.rb +105 -0
- data/app/models/mdm/exploited_host.rb +42 -0
- data/app/models/mdm/host.rb +619 -0
- data/app/models/mdm/host_detail.rb +62 -0
- data/app/models/mdm/host_tag.rb +49 -0
- data/app/models/mdm/listener.rb +82 -0
- data/app/models/mdm/loot.rb +161 -0
- data/app/models/mdm/macro.rb +62 -0
- data/app/models/mdm/mod_ref.rb +24 -0
- data/app/models/mdm/module/action.rb +33 -0
- data/app/models/mdm/module/arch.rb +28 -0
- data/app/models/mdm/module/author.rb +34 -0
- data/app/models/mdm/module/detail.rb +388 -0
- data/app/models/mdm/module/mixin.rb +31 -0
- data/app/models/mdm/module/platform.rb +29 -0
- data/app/models/mdm/module/ref.rb +42 -0
- data/app/models/mdm/module/target.rb +37 -0
- data/app/models/mdm/nexpose_console.rb +121 -0
- data/app/models/mdm/note.rb +125 -0
- data/app/models/mdm/payload.rb +103 -0
- data/app/models/mdm/profile.rb +45 -0
- data/app/models/mdm/ref.rb +48 -0
- data/app/models/mdm/route.rb +28 -0
- data/app/models/mdm/service.rb +267 -0
- data/app/models/mdm/session.rb +203 -0
- data/app/models/mdm/session_event.rb +44 -0
- data/app/models/mdm/tag.rb +114 -0
- data/app/models/mdm/task.rb +168 -0
- data/app/models/mdm/task_cred.rb +45 -0
- data/app/models/mdm/task_host.rb +41 -0
- data/app/models/mdm/task_service.rb +41 -0
- data/app/models/mdm/task_session.rb +41 -0
- data/app/models/mdm/user.rb +230 -0
- data/app/models/mdm/vuln.rb +204 -0
- data/app/models/mdm/vuln_attempt.rb +76 -0
- data/app/models/mdm/vuln_detail.rb +156 -0
- data/app/models/mdm/vuln_ref.rb +21 -0
- data/app/models/mdm/web_form.rb +53 -0
- data/app/models/mdm/web_page.rb +92 -0
- data/app/models/mdm/web_site.rb +113 -0
- data/app/models/mdm/web_vuln.rb +193 -0
- data/app/models/mdm/wmap_request.rb +101 -0
- data/app/models/mdm/wmap_target.rb +56 -0
- data/app/models/mdm/workspace.rb +286 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match.rb +43 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +71 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +40 -0
- data/app/models/metasploit_data_models/automatic_exploitation/run.rb +29 -0
- data/app/models/metasploit_data_models/ip_address/v4/cidr.rb +14 -0
- data/app/models/metasploit_data_models/ip_address/v4/nmap.rb +14 -0
- data/app/models/metasploit_data_models/ip_address/v4/range.rb +12 -0
- data/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list.rb +125 -0
- data/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range.rb +12 -0
- data/app/models/metasploit_data_models/ip_address/v4/segment/single.rb +123 -0
- data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +200 -0
- data/app/models/metasploit_data_models/ip_address/v4/single.rb +53 -0
- data/app/models/metasploit_data_models/module_run.rb +213 -0
- data/app/models/metasploit_data_models/search/operation/ip_address.rb +60 -0
- data/app/models/metasploit_data_models/search/operation/port/number.rb +25 -0
- data/app/models/metasploit_data_models/search/operation/port/range.rb +79 -0
- data/app/models/metasploit_data_models/search/operation/range.rb +56 -0
- data/app/models/metasploit_data_models/search/operator/ip_address.rb +33 -0
- data/app/models/metasploit_data_models/search/operator/multitext.rb +73 -0
- data/app/models/metasploit_data_models/search/operator/port/list.rb +67 -0
- data/app/models/metasploit_data_models/search/visitor/attribute.rb +17 -0
- data/app/models/metasploit_data_models/search/visitor/includes.rb +47 -0
- data/app/models/metasploit_data_models/search/visitor/joins.rb +67 -0
- data/app/models/metasploit_data_models/search/visitor/method.rb +16 -0
- data/app/models/metasploit_data_models/search/visitor/relation.rb +91 -0
- data/app/models/metasploit_data_models/search/visitor/where.rb +128 -0
- data/config/initializers/arel_helper.rb +5 -0
- data/config/initializers/ipaddr.rb +29 -0
- data/config/locales/en.yml +94 -0
- data/console_db.yml +9 -0
- data/db/migrate/000_create_tables.rb +79 -0
- data/db/migrate/001_add_wmap_tables.rb +35 -0
- data/db/migrate/002_add_workspaces.rb +36 -0
- data/db/migrate/003_move_notes.rb +20 -0
- data/db/migrate/004_add_events_table.rb +16 -0
- data/db/migrate/005_expand_info.rb +58 -0
- data/db/migrate/006_add_timestamps.rb +26 -0
- data/db/migrate/007_add_loots.rb +20 -0
- data/db/migrate/008_create_users.rb +16 -0
- data/db/migrate/009_add_loots_ctype.rb +10 -0
- data/db/migrate/010_add_alert_fields.rb +16 -0
- data/db/migrate/011_add_reports.rb +19 -0
- data/db/migrate/012_add_tasks.rb +24 -0
- data/db/migrate/013_add_tasks_result.rb +10 -0
- data/db/migrate/014_add_loots_fields.rb +12 -0
- data/db/migrate/015_rename_user.rb +16 -0
- data/db/migrate/016_add_host_purpose.rb +10 -0
- data/db/migrate/017_expand_info2.rb +58 -0
- data/db/migrate/018_add_workspace_user_info.rb +29 -0
- data/db/migrate/019_add_workspace_desc.rb +23 -0
- data/db/migrate/020_add_user_preferences.rb +11 -0
- data/db/migrate/021_standardize_info_and_data.rb +18 -0
- data/db/migrate/022_enlarge_event_info.rb +10 -0
- data/db/migrate/023_add_report_downloaded_at.rb +10 -0
- data/db/migrate/024_convert_service_info_to_text.rb +12 -0
- data/db/migrate/025_add_user_admin.rb +19 -0
- data/db/migrate/026_add_creds_table.rb +19 -0
- data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
- data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
- data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
- data/db/migrate/20100911122000_add_report_templates.rb +18 -0
- data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
- data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
- data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
- data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
- data/db/migrate/20101001000000_add_web_tables.rb +57 -0
- data/db/migrate/20101002000000_add_query.rb +10 -0
- data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
- data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
- data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
- data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
- data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
- data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
- data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
- data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
- data/db/migrate/20110204112800_add_host_tags.rb +28 -0
- data/db/migrate/20110317144932_add_session_table.rb +110 -0
- data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
- data/db/migrate/20110415175705_add_routes_table.rb +18 -0
- data/db/migrate/20110422000000_convert_binary.rb +73 -0
- data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
- data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
- data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
- data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
- data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
- data/db/migrate/20110606000001_add_macros_table.rb +16 -0
- data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
- data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
- data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
- data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
- data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
- data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
- data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
- data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
- data/db/migrate/20110812000001_prune_indexes.rb +23 -0
- data/db/migrate/20110922000000_expand_notes.rb +9 -0
- data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
- data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
- data/db/migrate/20111203000000_inet_columns.rb +13 -0
- data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
- data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
- data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
- data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
- data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
- data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
- data/db/migrate/20120625000001_add_host_details.rb +16 -0
- data/db/migrate/20120625000002_expand_details.rb +16 -0
- data/db/migrate/20120625000003_expand_details2.rb +24 -0
- data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
- data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
- data/db/migrate/20120625000006_add_module_details.rb +118 -0
- data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
- data/db/migrate/20120625000008_add_fail_message.rb +12 -0
- data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
- data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +19 -0
- data/db/migrate/20130412154159_change_foreign_key_in_module_actions.rb +25 -0
- data/db/migrate/20130412171844_change_foreign_key_in_module_archs.rb +25 -0
- data/db/migrate/20130412173121_change_foreign_key_in_module_authors.rb +25 -0
- data/db/migrate/20130412173640_change_foreign_key_in_module_mixins.rb +25 -0
- data/db/migrate/20130412174254_change_foreign_key_in_module_platforms.rb +25 -0
- data/db/migrate/20130412174719_change_foreign_key_in_module_refs.rb +25 -0
- data/db/migrate/20130412175040_change_foreign_key_in_module_targets.rb +25 -0
- data/db/migrate/20130423211152_add_creds_counter_cache.rb +24 -0
- data/db/migrate/20130430151353_change_required_columns_to_null_false_in_hosts.rb +11 -0
- data/db/migrate/20130430162145_enforce_address_uniqueness_in_workspace_in_hosts.rb +101 -0
- data/db/migrate/20130510021637_remove_campaigns.rb +11 -0
- data/db/migrate/20130515164311_change_web_vulns_confidence_to_integer.rb +48 -0
- data/db/migrate/20130515172727_valid_mdm_web_vuln_params.rb +30 -0
- data/db/migrate/20130516204810_making_vulns_refs_a_real_ar_model.rb +5 -0
- data/db/migrate/20130522001343_create_task_creds.rb +9 -0
- data/db/migrate/20130522032517_create_task_hosts.rb +9 -0
- data/db/migrate/20130522041110_create_task_services.rb +9 -0
- data/db/migrate/20130525015035_remove_campaign_id_from_clients.rb +9 -0
- data/db/migrate/20130525212420_drop_table_imported_creds.rb +14 -0
- data/db/migrate/20130531144949_making_host_tags_a_real_ar_model.rb +6 -0
- data/db/migrate/20130604145732_create_task_sessions.rb +9 -0
- data/db/migrate/20130717150737_remove_pname_validation.rb +7 -0
- data/db/migrate/20131002004641_create_automatic_exploitation_matches.rb +13 -0
- data/db/migrate/20131002164449_create_automatic_exploitation_match_sets.rb +12 -0
- data/db/migrate/20131008213344_create_automatic_exploitation_runs.rb +11 -0
- data/db/migrate/20131011184338_module_detail_on_automatic_exploitation_match.rb +10 -0
- data/db/migrate/20131017150735_create_automatic_exploitation_match_results.rb +11 -0
- data/db/migrate/20131021185657_make_match_polymorphic.rb +11 -0
- data/db/migrate/20140905031549_add_detected_arch_to_host.rb +5 -0
- data/db/migrate/20150112203945_remove_duplicate_services.rb +17 -0
- data/db/migrate/20150205192745_drop_service_uniqueness_index.rb +5 -0
- data/db/migrate/20150209195939_add_vuln_id_to_note.rb +6 -0
- data/db/migrate/20150212214222_remove_duplicate_services2.rb +17 -0
- data/db/migrate/20150219173821_create_module_runs.rb +23 -0
- data/db/migrate/20150219215039_add_module_run_to_session.rb +8 -0
- data/db/migrate/20150226151459_add_module_run_fk_to_loot.rb +8 -0
- data/db/migrate/20150312155312_add_module_full_name_to_match.rb +6 -0
- data/db/migrate/20150317145455_rename_module_indices.rb +29 -0
- data/db/migrate/20150326183742_add_missing_ae_indices.rb +13 -0
- data/db/migrate/20150421211719_rename_automatic_exploitation_index.rb +16 -0
- data/db/migrate/20150514182921_add_origin_to_mdm_vuln.rb +13 -0
- data/db/migrate/20160415153312_remove_not_null_from_web_vuln_p_arams.rb +5 -0
- data/db/migrate/20161004165612_add_fingerprinted_to_workspace.rb +5 -0
- data/db/migrate/20161227212223_add_os_family_to_hosts.rb +5 -0
- data/db/migrate/20180904120211_create_payloads.rb +21 -0
- data/db/migrate/20190308134512_create_async_callbacks.rb +13 -0
- data/db/migrate/20190507120211_remove_payload_workspaces.rb +5 -0
- data/lib/mdm/host/operating_system_normalization.rb +942 -0
- data/lib/mdm/module.rb +13 -0
- data/lib/mdm.rb +57 -0
- data/lib/metasploit_data_models/automatic_exploitation.rb +25 -0
- data/lib/metasploit_data_models/base64_serializer.rb +99 -0
- data/lib/metasploit_data_models/change_required_columns_to_null_false.rb +21 -0
- data/lib/metasploit_data_models/engine.rb +32 -0
- data/lib/metasploit_data_models/ip_address/cidr.rb +174 -0
- data/lib/metasploit_data_models/ip_address/range.rb +181 -0
- data/lib/metasploit_data_models/ip_address/v4/segment/nmap.rb +7 -0
- data/lib/metasploit_data_models/ip_address/v4/segment.rb +7 -0
- data/lib/metasploit_data_models/ip_address/v4.rb +11 -0
- data/lib/metasploit_data_models/ip_address.rb +9 -0
- data/lib/metasploit_data_models/match/child.rb +48 -0
- data/lib/metasploit_data_models/match/parent.rb +103 -0
- data/lib/metasploit_data_models/match.rb +8 -0
- data/lib/metasploit_data_models/search/operation/port.rb +9 -0
- data/lib/metasploit_data_models/search/operation.rb +9 -0
- data/lib/metasploit_data_models/search/operator/port.rb +6 -0
- data/lib/metasploit_data_models/search/operator.rb +8 -0
- data/lib/metasploit_data_models/search/visitor.rb +11 -0
- data/lib/metasploit_data_models/search.rb +8 -0
- data/lib/metasploit_data_models/serialized_prefs.rb +27 -0
- data/lib/metasploit_data_models/version.rb +13 -0
- data/lib/metasploit_data_models.rb +56 -0
- data/metasploit_data_models.gemspec +65 -0
- data/script/rails +8 -0
- data/spec/app/models/mdm/api_key_spec.rb +3 -0
- data/spec/app/models/mdm/client_spec.rb +43 -0
- data/spec/app/models/mdm/cred_spec.rb +346 -0
- data/spec/app/models/mdm/event_spec.rb +90 -0
- data/spec/app/models/mdm/exploit_attempt_spec.rb +59 -0
- data/spec/app/models/mdm/exploited_host_spec.rb +44 -0
- data/spec/app/models/mdm/host_detail_spec.rb +48 -0
- data/spec/app/models/mdm/host_spec.rb +1139 -0
- data/spec/app/models/mdm/host_tag_spec.rb +69 -0
- data/spec/app/models/mdm/listener_spec.rb +107 -0
- data/spec/app/models/mdm/loot_spec.rb +84 -0
- data/spec/app/models/mdm/macro_spec.rb +3 -0
- data/spec/app/models/mdm/mod_ref_spec.rb +3 -0
- data/spec/app/models/mdm/module/action_spec.rb +34 -0
- data/spec/app/models/mdm/module/arch_spec.rb +34 -0
- data/spec/app/models/mdm/module/author_spec.rb +52 -0
- data/spec/app/models/mdm/module/detail_spec.rb +746 -0
- data/spec/app/models/mdm/module/mixin_spec.rb +34 -0
- data/spec/app/models/mdm/module/platform_spec.rb +34 -0
- data/spec/app/models/mdm/module/ref_spec.rb +58 -0
- data/spec/app/models/mdm/module/target_spec.rb +36 -0
- data/spec/app/models/mdm/nexpose_console_spec.rb +146 -0
- data/spec/app/models/mdm/note_spec.rb +91 -0
- data/spec/app/models/mdm/profile_spec.rb +3 -0
- data/spec/app/models/mdm/ref_spec.rb +71 -0
- data/spec/app/models/mdm/route_spec.rb +35 -0
- data/spec/app/models/mdm/service_spec.rb +232 -0
- data/spec/app/models/mdm/session_event_spec.rb +42 -0
- data/spec/app/models/mdm/session_spec.rb +118 -0
- data/spec/app/models/mdm/tag_spec.rb +116 -0
- data/spec/app/models/mdm/task_cred_spec.rb +51 -0
- data/spec/app/models/mdm/task_host_spec.rb +50 -0
- data/spec/app/models/mdm/task_service_spec.rb +50 -0
- data/spec/app/models/mdm/task_session_spec.rb +46 -0
- data/spec/app/models/mdm/task_spec.rb +71 -0
- data/spec/app/models/mdm/user_spec.rb +50 -0
- data/spec/app/models/mdm/vuln_attempt_spec.rb +53 -0
- data/spec/app/models/mdm/vuln_detail_spec.rb +65 -0
- data/spec/app/models/mdm/vuln_ref_spec.rb +46 -0
- data/spec/app/models/mdm/vuln_spec.rb +299 -0
- data/spec/app/models/mdm/web_form_spec.rb +46 -0
- data/spec/app/models/mdm/web_page_spec.rb +101 -0
- data/spec/app/models/mdm/web_site_spec.rb +85 -0
- data/spec/app/models/mdm/web_vuln_spec.rb +312 -0
- data/spec/app/models/mdm/wmap_request_spec.rb +5 -0
- data/spec/app/models/mdm/wmap_target_spec.rb +5 -0
- data/spec/app/models/mdm/workspace_spec.rb +500 -0
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +86 -0
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +46 -0
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +37 -0
- data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +38 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +119 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +149 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +298 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +276 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +302 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +27 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +324 -0
- data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +181 -0
- data/spec/app/models/metasploit_data_models/module_run_spec.rb +134 -0
- data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +180 -0
- data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +39 -0
- data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +138 -0
- data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +233 -0
- data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +17 -0
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +160 -0
- data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +162 -0
- data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +96 -0
- data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +175 -0
- data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +396 -0
- data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +49 -0
- data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +925 -0
- data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +187 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/config/manifest.js +1 -0
- data/spec/dummy/app/assets/javascripts/application.js +15 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/models/application_record.rb +3 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/config/application.rb +61 -0
- data/spec/dummy/config/boot.rb +4 -0
- data/spec/dummy/config/database.yml.example +22 -0
- data/spec/dummy/config/database.yml.github_actions +21 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +78 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/active_record_migrations.rb +4 -0
- data/spec/dummy/config/initializers/assets.rb +8 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +2 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/structure.sql +3430 -0
- data/spec/dummy/db/structure.sql.from_rails_3 +3403 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/log/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +25 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/mdm/addresses.rb +12 -0
- data/spec/factories/mdm/clients.rb +8 -0
- data/spec/factories/mdm/creds.rb +17 -0
- data/spec/factories/mdm/events.rb +15 -0
- data/spec/factories/mdm/exploit_attempts.rb +8 -0
- data/spec/factories/mdm/exploited_hosts.rb +7 -0
- data/spec/factories/mdm/fingerprints/nessus_fingerprints.rb +6 -0
- data/spec/factories/mdm/fingerprints/nexpose_fingerprints.rb +6 -0
- data/spec/factories/mdm/fingerprints/nmap_fingerprints.rb +6 -0
- data/spec/factories/mdm/fingerprints/retina_fingerprints.rb +6 -0
- data/spec/factories/mdm/fingerprints/session_fingerprints.rb +6 -0
- data/spec/factories/mdm/host_details.rb +8 -0
- data/spec/factories/mdm/host_tags.rb +9 -0
- data/spec/factories/mdm/hosts.rb +85 -0
- data/spec/factories/mdm/listeners.rb +12 -0
- data/spec/factories/mdm/loots.rb +11 -0
- data/spec/factories/mdm/module/actions.rb +14 -0
- data/spec/factories/mdm/module/archs.rb +14 -0
- data/spec/factories/mdm/module/authors.rb +22 -0
- data/spec/factories/mdm/module/details.rb +73 -0
- data/spec/factories/mdm/module/mixins.rb +14 -0
- data/spec/factories/mdm/module/platforms.rb +14 -0
- data/spec/factories/mdm/module/refs.rb +14 -0
- data/spec/factories/mdm/module/targets.rb +19 -0
- data/spec/factories/mdm/nexpose_consoles.rb +15 -0
- data/spec/factories/mdm/notes.rb +12 -0
- data/spec/factories/mdm/refs.rb +9 -0
- data/spec/factories/mdm/routes.rb +36 -0
- data/spec/factories/mdm/services.rb +41 -0
- data/spec/factories/mdm/session_events.rb +8 -0
- data/spec/factories/mdm/sessions.rb +13 -0
- data/spec/factories/mdm/tags.rb +14 -0
- data/spec/factories/mdm/task.rb +16 -0
- data/spec/factories/mdm/task_creds.rb +9 -0
- data/spec/factories/mdm/task_hosts.rb +9 -0
- data/spec/factories/mdm/task_services.rb +8 -0
- data/spec/factories/mdm/task_sessions.rb +8 -0
- data/spec/factories/mdm/users.rb +22 -0
- data/spec/factories/mdm/vuln_attempts.rb +8 -0
- data/spec/factories/mdm/vuln_details.rb +8 -0
- data/spec/factories/mdm/vuln_refs.rb +4 -0
- data/spec/factories/mdm/vulns.rb +20 -0
- data/spec/factories/mdm/web_forms.rb +33 -0
- data/spec/factories/mdm/web_pages.rb +64 -0
- data/spec/factories/mdm/web_sites.rb +8 -0
- data/spec/factories/mdm/web_vulns.rb +64 -0
- data/spec/factories/mdm/workspaces.rb +23 -0
- data/spec/factories/metasploit_data_models/automatic_exploitation/match_results.rb +7 -0
- data/spec/factories/metasploit_data_models/automatic_exploitation/match_sets.rb +8 -0
- data/spec/factories/metasploit_data_models/automatic_exploitation/matches.rb +7 -0
- data/spec/factories/metasploit_data_models/automatic_exploitation/runs.rb +6 -0
- data/spec/factories/module_runs.rb +40 -0
- data/spec/lib/base64_serializer_spec.rb +172 -0
- data/spec/lib/ipaddr_spec.rb +29 -0
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +356 -0
- data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +75 -0
- data/spec/lib/metasploit_data_models/match/child_spec.rb +59 -0
- data/spec/lib/metasploit_data_models/match/parent_spec.rb +153 -0
- data/spec/lib/metasploit_data_models_spec.rb +13 -0
- data/spec/spec_helper.rb +148 -0
- data/spec/support/matchers/match_regex_exactly.rb +28 -0
- data/spec/support/shared/contexts/rex/text.rb +15 -0
- data/spec/support/shared/examples/coerces_inet_column_type_to_string.rb +15 -0
- data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +20 -0
- data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +36 -0
- data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +109 -0
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +38 -0
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +26 -0
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/relation/visit/matching_record.rb +50 -0
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +34 -0
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +51 -0
- metadata +444 -6
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
class AddVulnDetails < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
create_table :vuln_details do |t|
|
|
5
|
+
t.integer :vuln_id # Vuln table reference
|
|
6
|
+
t.float :cvss_score # 0.0 to 10.0
|
|
7
|
+
t.string :cvss_vector # Ex: (AV:N/AC:L/Au:N/C:C/I:C/A:C)(AV:N/AC:L/Au:N/C:C/I:C/A:C)
|
|
8
|
+
|
|
9
|
+
t.string :title # Short identifier
|
|
10
|
+
t.text :description # Plain text or HTML (trusted)
|
|
11
|
+
t.text :solution # Plain text or HTML (trusted)
|
|
12
|
+
t.binary :proof # Should be UTF-8, but may not be, sanitize on output
|
|
13
|
+
# Technically this duplicates vuln.info, but that field
|
|
14
|
+
# is poorly managed / handled today. Eventually we will
|
|
15
|
+
# replace vuln.info
|
|
16
|
+
|
|
17
|
+
# Nexpose-specific fields
|
|
18
|
+
t.integer :nx_console_id # NexposeConsole table reference
|
|
19
|
+
t.integer :nx_device_id # Reference from the Nexpose side
|
|
20
|
+
t.string :nx_vuln_id # 'jre-java-update-flaw'
|
|
21
|
+
t.float :nx_severity # 0-10
|
|
22
|
+
t.float :nx_pci_severity # 0-10
|
|
23
|
+
t.timestamp :nx_published # Normalized from "20081205T000000000"
|
|
24
|
+
t.timestamp :nx_added # Normalized from "20081205T000000000"
|
|
25
|
+
t.timestamp :nx_modified # Normalized from "20081205T000000000"
|
|
26
|
+
t.text :nx_tags # Comma separated
|
|
27
|
+
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def self.down
|
|
32
|
+
drop_table :vuln_details
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
class AddHostDetails < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
create_table :host_details do |t|
|
|
5
|
+
t.integer :host_id # Host table reference
|
|
6
|
+
|
|
7
|
+
# Nexpose-specific fields
|
|
8
|
+
t.integer :nx_console_id # NexposeConsole table reference
|
|
9
|
+
t.integer :nx_device_id # Reference from the Nexpose side
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.down
|
|
14
|
+
drop_table :host_details
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
class ExpandDetails < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
add_column :vuln_details, :nx_vuln_status, :text
|
|
5
|
+
add_column :vuln_details, :nx_proof_key, :text
|
|
6
|
+
add_column :vuln_details, :src, :string
|
|
7
|
+
add_column :host_details, :src, :string
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.down
|
|
11
|
+
remove_column :vuln_details, :nx_vuln_status
|
|
12
|
+
remove_column :vuln_details, :nx_proof_key
|
|
13
|
+
remove_column :vuln_details, :src
|
|
14
|
+
remove_column :host_details, :src
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
class ExpandDetails2 < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
add_column :host_details, :nx_site_name, :string
|
|
5
|
+
add_column :host_details, :nx_site_importance, :string
|
|
6
|
+
add_column :host_details, :nx_scan_template, :string
|
|
7
|
+
add_column :host_details, :nx_risk_score, :float
|
|
8
|
+
|
|
9
|
+
add_column :vuln_details, :nx_scan_id, :integer
|
|
10
|
+
add_column :vuln_details, :nx_vulnerable_since, :timestamp
|
|
11
|
+
add_column :vuln_details, :nx_pci_compliance_status, :string
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.down
|
|
15
|
+
remove_column :host_details, :nx_site_name
|
|
16
|
+
remove_column :host_details, :nx_site_importance
|
|
17
|
+
remove_column :host_details, :nx_scan_template
|
|
18
|
+
remove_column :host_details, :nx_risk_score
|
|
19
|
+
|
|
20
|
+
remove_column :vuln_details, :nx_scan_id
|
|
21
|
+
remove_column :vuln_details, :nx_vulnerable_since
|
|
22
|
+
remove_column :vuln_details, :nx_pci_compliance_status
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
class AddVulnAttempts < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
create_table :vuln_attempts do |t|
|
|
5
|
+
t.integer :vuln_id # Vuln table reference
|
|
6
|
+
t.timestamp :attempted_at # Timestamp of when the session was opened or the module exited
|
|
7
|
+
t.boolean :exploited # Whether or not the attempt succeeded
|
|
8
|
+
t.string :fail_reason # Short string corresponding to a Msf::Exploit::Failure constant
|
|
9
|
+
t.string :username # The user that tested this vulnerability
|
|
10
|
+
t.text :module # The specific module name that was used
|
|
11
|
+
t.integer :session_id # Database identifier of any opened session
|
|
12
|
+
t.integer :loot_id # Database identifier of any 'proof' loot (for non-session exploits)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def self.down
|
|
17
|
+
drop_table :vuln_attempts
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
class AddVulnAndHostCounterCaches < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
add_column :hosts, :host_detail_count, :integer, :default => 0
|
|
5
|
+
add_column :vulns, :vuln_detail_count, :integer, :default => 0
|
|
6
|
+
add_column :vulns, :vuln_attempt_count, :integer, :default => 0
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def self.down
|
|
10
|
+
remove_column :hosts, :host_detail_count
|
|
11
|
+
remove_column :vulns, :vuln_detail_count
|
|
12
|
+
remove_column :vulns, :vuln_attempt_count
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
class AddModuleDetails < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
|
|
5
|
+
create_table :module_details do |t|
|
|
6
|
+
t.timestamp :mtime # disk modified time
|
|
7
|
+
t.text :file # location on disk
|
|
8
|
+
t.string :mtype # exploit, auxiliary, post, etc
|
|
9
|
+
t.text :refname # module path (no type)
|
|
10
|
+
t.text :fullname # module path with type
|
|
11
|
+
t.text :name # module title
|
|
12
|
+
t.integer :rank # exploit rank
|
|
13
|
+
t.text :description #
|
|
14
|
+
t.string :license # MSF_LICENSE
|
|
15
|
+
t.boolean :privileged # true or false
|
|
16
|
+
t.timestamp :disclosure_date # Mar 10 2004
|
|
17
|
+
t.integer :default_target # 0
|
|
18
|
+
t.text :default_action # "scan"
|
|
19
|
+
t.string :stance # "passive"
|
|
20
|
+
t.boolean :ready # true/false
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
add_index :module_details, :refname
|
|
24
|
+
add_index :module_details, :name
|
|
25
|
+
add_index :module_details, :description
|
|
26
|
+
add_index :module_details, :mtype
|
|
27
|
+
|
|
28
|
+
create_table :module_authors do |t|
|
|
29
|
+
t.integer :module_detail_id
|
|
30
|
+
t.text :name
|
|
31
|
+
t.text :email
|
|
32
|
+
end
|
|
33
|
+
add_index :module_authors, :module_detail_id
|
|
34
|
+
|
|
35
|
+
create_table :module_mixins do |t|
|
|
36
|
+
t.integer :module_detail_id
|
|
37
|
+
t.text :name
|
|
38
|
+
end
|
|
39
|
+
add_index :module_mixins, :module_detail_id
|
|
40
|
+
|
|
41
|
+
create_table :module_targets do |t|
|
|
42
|
+
t.integer :module_detail_id
|
|
43
|
+
t.integer :index
|
|
44
|
+
t.text :name
|
|
45
|
+
end
|
|
46
|
+
add_index :module_targets, :module_detail_id
|
|
47
|
+
|
|
48
|
+
create_table :module_actions do |t|
|
|
49
|
+
t.integer :module_detail_id
|
|
50
|
+
t.text :name
|
|
51
|
+
end
|
|
52
|
+
add_index :module_actions, :module_detail_id
|
|
53
|
+
|
|
54
|
+
create_table :module_refs do |t|
|
|
55
|
+
t.integer :module_detail_id
|
|
56
|
+
t.text :name
|
|
57
|
+
end
|
|
58
|
+
add_index :module_refs, :module_detail_id
|
|
59
|
+
add_index :module_refs, :name
|
|
60
|
+
|
|
61
|
+
create_table :module_archs do |t|
|
|
62
|
+
t.integer :module_detail_id
|
|
63
|
+
t.text :name
|
|
64
|
+
end
|
|
65
|
+
add_index :module_archs, :module_detail_id
|
|
66
|
+
|
|
67
|
+
create_table :module_platforms do |t|
|
|
68
|
+
t.integer :module_detail_id
|
|
69
|
+
t.text :name
|
|
70
|
+
end
|
|
71
|
+
add_index :module_platforms, :module_detail_id
|
|
72
|
+
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def self.down
|
|
76
|
+
remove_index :module_details, :refname
|
|
77
|
+
remove_index :module_details, :name
|
|
78
|
+
remove_index :module_details, :description
|
|
79
|
+
remove_index :module_details, :mtype
|
|
80
|
+
|
|
81
|
+
remove_index :module_authors, :module_detail_id
|
|
82
|
+
remove_index :module_mixins, :module_detail_id
|
|
83
|
+
remove_index :module_targets, :module_detail_id
|
|
84
|
+
remove_index :module_actions, :module_detail_id
|
|
85
|
+
remove_index :module_refs, :module_detail_id
|
|
86
|
+
remove_index :module_refs, :name
|
|
87
|
+
remove_index :module_archs, :module_detail_id
|
|
88
|
+
remove_index :module_platform, :module_detail_id
|
|
89
|
+
|
|
90
|
+
drop_table :module_details
|
|
91
|
+
drop_table :module_authors
|
|
92
|
+
drop_table :module_mixins
|
|
93
|
+
drop_table :module_targets
|
|
94
|
+
drop_table :module_actions
|
|
95
|
+
drop_table :module_refs
|
|
96
|
+
drop_table :module_archs
|
|
97
|
+
drop_table :module_platforms
|
|
98
|
+
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
=begin
|
|
103
|
+
|
|
104
|
+
Mdm::Host.find_by_sql("
|
|
105
|
+
SELECT
|
|
106
|
+
hosts.id, hosts.address, module_details.mtype AS mtype, module_details.refname AS mname, vulns.name AS vname, refs.name AS vref
|
|
107
|
+
FROM
|
|
108
|
+
hosts,vulns,vulns_refs,refs,module_refs,module_details
|
|
109
|
+
WHERE
|
|
110
|
+
hosts.id = vulns.host_id AND
|
|
111
|
+
vulns.id = vulns_refs.vuln_id AND
|
|
112
|
+
vulns_refs.ref_id = refs.id AND
|
|
113
|
+
refs.name = module_refs.name AND
|
|
114
|
+
module_refs.module_detail_id = modules_details.id
|
|
115
|
+
").map{|x| [x.address, x.mname, x.vname, x.vref ] }
|
|
116
|
+
|
|
117
|
+
|
|
118
|
+
=end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
class AddExploitAttempts < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
create_table :exploit_attempts do |t|
|
|
5
|
+
t.integer :host_id # Host table reference (primary)
|
|
6
|
+
t.integer :service_id # Service table reference (optional)
|
|
7
|
+
t.integer :vuln_id # Vuln table reference (optional)
|
|
8
|
+
t.timestamp :attempted_at # Timestamp of when the session was opened or the module exited
|
|
9
|
+
t.boolean :exploited # Whether or not the attempt succeeded
|
|
10
|
+
t.string :fail_reason # Short string corresponding to a Msf::Exploit::Failure constant
|
|
11
|
+
t.string :username # The user that tested this vulnerability
|
|
12
|
+
t.text :module # The specific module name that was used
|
|
13
|
+
t.integer :session_id # Database identifier of any opened session
|
|
14
|
+
t.integer :loot_id # Database identifier of any 'proof' loot (for non-session exploits)
|
|
15
|
+
t.integer :port # Port -> Services are created/destroyed frequently and failed
|
|
16
|
+
t.string :proto # Protocol | attempts may be against closed ports.
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
add_column :hosts, :exploit_attempt_count, :integer, :default => 0
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def self.down
|
|
23
|
+
drop_table :exploit_attempts
|
|
24
|
+
remove_column :hosts, :exploit_attempt_count
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
class AddFailMessage < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
add_column :vuln_attempts, :fail_detail, :text
|
|
5
|
+
add_column :exploit_attempts, :fail_detail, :text
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.down
|
|
9
|
+
remove_column :vuln_attempts, :fail_detail
|
|
10
|
+
remove_column :exploit_attempts, :fail_detail
|
|
11
|
+
end
|
|
12
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
class AddOwnerAndPayloadToWebVulns < ActiveRecord::Migration[4.2]
|
|
2
|
+
|
|
3
|
+
def self.up
|
|
4
|
+
add_column :web_vulns, :owner, :string
|
|
5
|
+
add_column :web_vulns, :payload, :text
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.down
|
|
9
|
+
remove_column :web_vulns, :owner
|
|
10
|
+
remove_column :web_vulns, :payload
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Changes all the {COLUMNS} in the web_vulns table that are required for {Mdm::WebVuln}, but were previously
|
|
2
|
+
# :null => true
|
|
3
|
+
class ChangeRequiredColumnsToNullFalseInWebVulns < MetasploitDataModels::ChangeRequiredColumnsToNullFalse
|
|
4
|
+
# Columns that were previously :null => true, but are actually required to be non-null, so should be
|
|
5
|
+
# :null => false
|
|
6
|
+
COLUMNS = [
|
|
7
|
+
:category,
|
|
8
|
+
:confidence,
|
|
9
|
+
:method,
|
|
10
|
+
:name,
|
|
11
|
+
:params,
|
|
12
|
+
:path,
|
|
13
|
+
:pname,
|
|
14
|
+
:proof,
|
|
15
|
+
:risk
|
|
16
|
+
]
|
|
17
|
+
# Table in which {COLUMNS} are.
|
|
18
|
+
TABLE_NAME = :web_vulns
|
|
19
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_actions.module_detail_id` to `module_actions.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModuleActions < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_actions
|
|
11
|
+
|
|
12
|
+
# Renames `module_actions.detail_id` to `module_actions.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_actions.module_detail_id` to `module_actions.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_archs.module_detail_id` to `module_archs.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModuleArchs < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_archs
|
|
11
|
+
|
|
12
|
+
# Renames `module_archs.detail_id` to `module_archs.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_archs.module_detail_id` to `module_archs.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_authors.module_detail_id` to `module_authors.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModuleAuthors < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_authors
|
|
11
|
+
|
|
12
|
+
# Renames `module_authors.detail_id` to `module_authors.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_authors.module_detail_id` to `module_authors.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_mixins.module_detail_id` to `module_mixins.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModuleMixins < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_mixins
|
|
11
|
+
|
|
12
|
+
# Renames `module_mixins.detail_id` to `module_mixins.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_mixins.module_detail_id` to `module_mixins.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_platforms.module_detail_id` to `module_platforms.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModulePlatforms < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_platforms
|
|
11
|
+
|
|
12
|
+
# Renames `module_platforms.detail_id` to `module_platforms.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_platforms.module_detail_id` to `module_platforms.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_refs.module_detail_id` to `module_refs.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModuleRefs < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_refs
|
|
11
|
+
|
|
12
|
+
# Renames `module_refs.detail_id` to `module_refs.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_refs.module_detail_id` to `module_refs.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Changes `module_targets.module_detail_id` to `module_targets.detail_id` so that foreign key matches the conventional
|
|
2
|
+
# name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
|
|
3
|
+
class ChangeForeignKeyInModuleTargets < ActiveRecord::Migration[4.2]
|
|
4
|
+
#
|
|
5
|
+
# CONSTANTS
|
|
6
|
+
#
|
|
7
|
+
|
|
8
|
+
NEW_COLUMN_NAME= :detail_id
|
|
9
|
+
OLD_COLUMN_NAME = :module_detail_id
|
|
10
|
+
TABLE_NAME = :module_targets
|
|
11
|
+
|
|
12
|
+
# Renames `module_targets.detail_id` to `module_targets.module_detail_id`.
|
|
13
|
+
#
|
|
14
|
+
# @return [void]
|
|
15
|
+
def down
|
|
16
|
+
rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# Rename `module_targets.module_detail_id` to `module_targets.detail_id`
|
|
20
|
+
#
|
|
21
|
+
# @return [void]
|
|
22
|
+
def up
|
|
23
|
+
rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
class AddCredsCounterCache < ActiveRecord::Migration[4.2]
|
|
2
|
+
def up
|
|
3
|
+
add_column :hosts, :cred_count, :integer, :default => 0
|
|
4
|
+
Mdm::Host.reset_column_information
|
|
5
|
+
# Set initial counts
|
|
6
|
+
cred_service_ids = Set.new
|
|
7
|
+
Mdm::Cred.all.each {|c| cred_service_ids << c.service_id}
|
|
8
|
+
cred_service_ids.each do |service_id|
|
|
9
|
+
#Mdm::Host.reset_counters(Mdm::Service.find(service_id).host.id, :creds)
|
|
10
|
+
begin
|
|
11
|
+
host = Mdm::Service.find(service_id).host
|
|
12
|
+
rescue
|
|
13
|
+
next
|
|
14
|
+
end
|
|
15
|
+
next if host.nil? # This can happen with orphan creds/services
|
|
16
|
+
host.cred_count = host.creds.count
|
|
17
|
+
host.save
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def down
|
|
22
|
+
remove_column :hosts, :cred_count
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Changes all the {COLUMNS} in the hosts table that are required for {Mdm::Host}, but were previously `:null => true`.
|
|
2
|
+
class ChangeRequiredColumnsToNullFalseInHosts < MetasploitDataModels::ChangeRequiredColumnsToNullFalse
|
|
3
|
+
# Columns that were previously `:null => true`, but are actually required to be non-null, so should be
|
|
4
|
+
# `:null => false`
|
|
5
|
+
COLUMNS = [
|
|
6
|
+
:address,
|
|
7
|
+
:workspace_id
|
|
8
|
+
]
|
|
9
|
+
# Table in which {COLUMNS} are.
|
|
10
|
+
TABLE_NAME = :hosts
|
|
11
|
+
end
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
# Changes index on address so it scoped to workspace_id and is unique to match the validation in {Mdm::Host} on
|
|
2
|
+
# {Mdm::Host#address}.
|
|
3
|
+
class EnforceAddressUniquenessInWorkspaceInHosts < ActiveRecord::Migration[4.2]
|
|
4
|
+
TABLE_NAME = :hosts
|
|
5
|
+
|
|
6
|
+
# maps Table -> Association Column for models that "belong to" a Host
|
|
7
|
+
HOST_ASSOCIATION_MAP = {
|
|
8
|
+
'clients' => 'host_id',
|
|
9
|
+
'events' => 'host_id',
|
|
10
|
+
'exploit_attempts' => 'host_id',
|
|
11
|
+
'exploited_hosts' => 'host_id',
|
|
12
|
+
'host_details' => 'host_id',
|
|
13
|
+
'hosts_tags' => 'host_id',
|
|
14
|
+
'loots' => 'host_id',
|
|
15
|
+
'notes' => 'host_id',
|
|
16
|
+
'sessions' => 'host_id',
|
|
17
|
+
'services' => 'host_id',
|
|
18
|
+
'vulns' => 'host_id'
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
# Historically there a few scenarios where a user could end up with Hosts
|
|
22
|
+
# in the same workspace with the same IP. Primarily, if you run a Nexpose Scan
|
|
23
|
+
# and a Discover scan simultaneously, AR does not know about these separate
|
|
24
|
+
# transactions, so the Hosts will be valid when added and the user will end up
|
|
25
|
+
# (when transaction completes) with two hosts with the same IP in the same workspace.
|
|
26
|
+
#
|
|
27
|
+
# Since we are adding a DB uniq constraint here, this migration could fail if the user
|
|
28
|
+
# has hit aforementioned scenarios. So we try to "merge" any hosts with the same
|
|
29
|
+
# address in the same workspace before adding the DB constraint, to prevent the
|
|
30
|
+
# migration from simply failing.
|
|
31
|
+
#
|
|
32
|
+
# Note: We can't rely on AR directly here (or in any migration), since we have no
|
|
33
|
+
# idea what version of the code the user has checked out. So we fall back to SQL :(
|
|
34
|
+
def find_and_merge_duplicate_hosts!
|
|
35
|
+
# find all duplicate addresses within the same workspace currently in the db
|
|
36
|
+
dupe_addresses_and_workspaces = ApplicationRecord.connection.execute(%Q{
|
|
37
|
+
SELECT workspace_id, address, count_addr
|
|
38
|
+
FROM (
|
|
39
|
+
SELECT workspace_id, address, COUNT(address) AS count_addr
|
|
40
|
+
FROM hosts
|
|
41
|
+
GROUP BY address, workspace_id
|
|
42
|
+
) X
|
|
43
|
+
WHERE count_addr > 1
|
|
44
|
+
})
|
|
45
|
+
|
|
46
|
+
if dupe_addresses_and_workspaces.present? and
|
|
47
|
+
not dupe_addresses_and_workspaces.num_tuples.zero?
|
|
48
|
+
puts "Duplicate hosts in workspace found. Merging host references."
|
|
49
|
+
# iterate through the duped IPs
|
|
50
|
+
dupe_addresses_and_workspaces.each do |result|
|
|
51
|
+
# so its come to this
|
|
52
|
+
address = ApplicationRecord.connection.quote(result['address'])
|
|
53
|
+
workspace_id = result['workspace_id'].to_i
|
|
54
|
+
# look up the duplicate Host table entries to find all IDs of the duped Hosts
|
|
55
|
+
hosts = ApplicationRecord.connection.execute(%Q|
|
|
56
|
+
SELECT id
|
|
57
|
+
FROM hosts
|
|
58
|
+
WHERE address=#{address} AND workspace_id=#{workspace_id}
|
|
59
|
+
ORDER BY id DESC
|
|
60
|
+
|)
|
|
61
|
+
# grab and quote the ID for each result row
|
|
62
|
+
hosts = hosts.map { |h| h["id"].to_i }
|
|
63
|
+
# grab every Host entry besides the first one
|
|
64
|
+
first_host_id = hosts.first
|
|
65
|
+
dupe_host_ids = hosts[1..-1]
|
|
66
|
+
# update associations to these duplicate Hosts
|
|
67
|
+
HOST_ASSOCIATION_MAP.each do |table, column|
|
|
68
|
+
ApplicationRecord.connection.execute(%Q|
|
|
69
|
+
UPDATE #{table} SET #{column}=#{first_host_id}
|
|
70
|
+
WHERE #{column} IN (#{dupe_host_ids.join(',')})
|
|
71
|
+
|)
|
|
72
|
+
end
|
|
73
|
+
# destroy the duplicate host rows
|
|
74
|
+
ApplicationRecord.connection.execute(%Q|
|
|
75
|
+
DELETE FROM hosts WHERE id IN (#{dupe_host_ids.join(',')})
|
|
76
|
+
|)
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
# At this point all duped hosts in the same workspace should be merged.
|
|
80
|
+
# You could end up with duplicate services, but hey its better than just
|
|
81
|
+
# dropping all data about the old Host.
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# Restores old index on address
|
|
86
|
+
def down
|
|
87
|
+
change_table TABLE_NAME do |t|
|
|
88
|
+
t.remove_index [:workspace_id, :address]
|
|
89
|
+
t.index :address
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
# Make index on address scope to workspace_id and be unique
|
|
94
|
+
def up
|
|
95
|
+
find_and_merge_duplicate_hosts!
|
|
96
|
+
change_table TABLE_NAME do |t|
|
|
97
|
+
t.remove_index :address
|
|
98
|
+
t.index [:workspace_id, :address], :unique => true
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|