RubyGems - wg-metasploit_data_models - Versions diffs - 4.1.4.01 → 4.1.4.02 - Mend

wg-metasploit_data_models 4.1.4.01 → 4.1.4.02

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (440) hide show

checksums.yaml +4 -4
data/.coveralls.yml +1 -0
data/.github/workflows/verify.yml +68 -0
data/.gitignore +29 -0
data/.rspec +3 -0
data/.simplecov +38 -0
data/.yardopts +4 -0
data/CHANGELOG.md +6 -0
data/CONTRIBUTING.md +133 -0
data/Gemfile +46 -0
data/LICENSE +27 -0
data/README.md +65 -0
data/RELEASING.md +82 -0
data/Rakefile +72 -0
data/UPGRADING.md +1 -0
data/app/models/mdm/api_key.rb +61 -0
data/app/models/mdm/async_callback.rb +64 -0
data/app/models/mdm/client.rb +50 -0
data/app/models/mdm/cred.rb +205 -0
data/app/models/mdm/event.rb +83 -0
data/app/models/mdm/exploit_attempt.rb +105 -0
data/app/models/mdm/exploited_host.rb +42 -0
data/app/models/mdm/host.rb +619 -0
data/app/models/mdm/host_detail.rb +62 -0
data/app/models/mdm/host_tag.rb +49 -0
data/app/models/mdm/listener.rb +82 -0
data/app/models/mdm/loot.rb +161 -0
data/app/models/mdm/macro.rb +62 -0
data/app/models/mdm/mod_ref.rb +24 -0
data/app/models/mdm/module/action.rb +33 -0
data/app/models/mdm/module/arch.rb +28 -0
data/app/models/mdm/module/author.rb +34 -0
data/app/models/mdm/module/detail.rb +388 -0
data/app/models/mdm/module/mixin.rb +31 -0
data/app/models/mdm/module/platform.rb +29 -0
data/app/models/mdm/module/ref.rb +42 -0
data/app/models/mdm/module/target.rb +37 -0
data/app/models/mdm/nexpose_console.rb +121 -0
data/app/models/mdm/note.rb +125 -0
data/app/models/mdm/payload.rb +103 -0
data/app/models/mdm/profile.rb +45 -0
data/app/models/mdm/ref.rb +48 -0
data/app/models/mdm/route.rb +28 -0
data/app/models/mdm/service.rb +267 -0
data/app/models/mdm/session.rb +203 -0
data/app/models/mdm/session_event.rb +44 -0
data/app/models/mdm/tag.rb +114 -0
data/app/models/mdm/task.rb +168 -0
data/app/models/mdm/task_cred.rb +45 -0
data/app/models/mdm/task_host.rb +41 -0
data/app/models/mdm/task_service.rb +41 -0
data/app/models/mdm/task_session.rb +41 -0
data/app/models/mdm/user.rb +230 -0
data/app/models/mdm/vuln.rb +204 -0
data/app/models/mdm/vuln_attempt.rb +76 -0
data/app/models/mdm/vuln_detail.rb +156 -0
data/app/models/mdm/vuln_ref.rb +21 -0
data/app/models/mdm/web_form.rb +53 -0
data/app/models/mdm/web_page.rb +92 -0
data/app/models/mdm/web_site.rb +113 -0
data/app/models/mdm/web_vuln.rb +193 -0
data/app/models/mdm/wmap_request.rb +101 -0
data/app/models/mdm/wmap_target.rb +56 -0
data/app/models/mdm/workspace.rb +286 -0
data/app/models/metasploit_data_models/automatic_exploitation/match.rb +43 -0
data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +71 -0
data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +40 -0
data/app/models/metasploit_data_models/automatic_exploitation/run.rb +29 -0
data/app/models/metasploit_data_models/ip_address/v4/cidr.rb +14 -0
data/app/models/metasploit_data_models/ip_address/v4/nmap.rb +14 -0
data/app/models/metasploit_data_models/ip_address/v4/range.rb +12 -0
data/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list.rb +125 -0
data/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range.rb +12 -0
data/app/models/metasploit_data_models/ip_address/v4/segment/single.rb +123 -0
data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +200 -0
data/app/models/metasploit_data_models/ip_address/v4/single.rb +53 -0
data/app/models/metasploit_data_models/module_run.rb +213 -0
data/app/models/metasploit_data_models/search/operation/ip_address.rb +60 -0
data/app/models/metasploit_data_models/search/operation/port/number.rb +25 -0
data/app/models/metasploit_data_models/search/operation/port/range.rb +79 -0
data/app/models/metasploit_data_models/search/operation/range.rb +56 -0
data/app/models/metasploit_data_models/search/operator/ip_address.rb +33 -0
data/app/models/metasploit_data_models/search/operator/multitext.rb +73 -0
data/app/models/metasploit_data_models/search/operator/port/list.rb +67 -0
data/app/models/metasploit_data_models/search/visitor/attribute.rb +17 -0
data/app/models/metasploit_data_models/search/visitor/includes.rb +47 -0
data/app/models/metasploit_data_models/search/visitor/joins.rb +67 -0
data/app/models/metasploit_data_models/search/visitor/method.rb +16 -0
data/app/models/metasploit_data_models/search/visitor/relation.rb +91 -0
data/app/models/metasploit_data_models/search/visitor/where.rb +128 -0
data/config/initializers/arel_helper.rb +5 -0
data/config/initializers/ipaddr.rb +29 -0
data/config/locales/en.yml +94 -0
data/console_db.yml +9 -0
data/db/migrate/000_create_tables.rb +79 -0
data/db/migrate/001_add_wmap_tables.rb +35 -0
data/db/migrate/002_add_workspaces.rb +36 -0
data/db/migrate/003_move_notes.rb +20 -0
data/db/migrate/004_add_events_table.rb +16 -0
data/db/migrate/005_expand_info.rb +58 -0
data/db/migrate/006_add_timestamps.rb +26 -0
data/db/migrate/007_add_loots.rb +20 -0
data/db/migrate/008_create_users.rb +16 -0
data/db/migrate/009_add_loots_ctype.rb +10 -0
data/db/migrate/010_add_alert_fields.rb +16 -0
data/db/migrate/011_add_reports.rb +19 -0
data/db/migrate/012_add_tasks.rb +24 -0
data/db/migrate/013_add_tasks_result.rb +10 -0
data/db/migrate/014_add_loots_fields.rb +12 -0
data/db/migrate/015_rename_user.rb +16 -0
data/db/migrate/016_add_host_purpose.rb +10 -0
data/db/migrate/017_expand_info2.rb +58 -0
data/db/migrate/018_add_workspace_user_info.rb +29 -0
data/db/migrate/019_add_workspace_desc.rb +23 -0
data/db/migrate/020_add_user_preferences.rb +11 -0
data/db/migrate/021_standardize_info_and_data.rb +18 -0
data/db/migrate/022_enlarge_event_info.rb +10 -0
data/db/migrate/023_add_report_downloaded_at.rb +10 -0
data/db/migrate/024_convert_service_info_to_text.rb +12 -0
data/db/migrate/025_add_user_admin.rb +19 -0
data/db/migrate/026_add_creds_table.rb +19 -0
data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
data/db/migrate/20100911122000_add_report_templates.rb +18 -0
data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
data/db/migrate/20101001000000_add_web_tables.rb +57 -0
data/db/migrate/20101002000000_add_query.rb +10 -0
data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
data/db/migrate/20110204112800_add_host_tags.rb +28 -0
data/db/migrate/20110317144932_add_session_table.rb +110 -0
data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
data/db/migrate/20110415175705_add_routes_table.rb +18 -0
data/db/migrate/20110422000000_convert_binary.rb +73 -0
data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
data/db/migrate/20110606000001_add_macros_table.rb +16 -0
data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
data/db/migrate/20110812000001_prune_indexes.rb +23 -0
data/db/migrate/20110922000000_expand_notes.rb +9 -0
data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
data/db/migrate/20111203000000_inet_columns.rb +13 -0
data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
data/db/migrate/20120625000001_add_host_details.rb +16 -0
data/db/migrate/20120625000002_expand_details.rb +16 -0
data/db/migrate/20120625000003_expand_details2.rb +24 -0
data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
data/db/migrate/20120625000006_add_module_details.rb +118 -0
data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
data/db/migrate/20120625000008_add_fail_message.rb +12 -0
data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +19 -0
data/db/migrate/20130412154159_change_foreign_key_in_module_actions.rb +25 -0
data/db/migrate/20130412171844_change_foreign_key_in_module_archs.rb +25 -0
data/db/migrate/20130412173121_change_foreign_key_in_module_authors.rb +25 -0
data/db/migrate/20130412173640_change_foreign_key_in_module_mixins.rb +25 -0
data/db/migrate/20130412174254_change_foreign_key_in_module_platforms.rb +25 -0
data/db/migrate/20130412174719_change_foreign_key_in_module_refs.rb +25 -0
data/db/migrate/20130412175040_change_foreign_key_in_module_targets.rb +25 -0
data/db/migrate/20130423211152_add_creds_counter_cache.rb +24 -0
data/db/migrate/20130430151353_change_required_columns_to_null_false_in_hosts.rb +11 -0
data/db/migrate/20130430162145_enforce_address_uniqueness_in_workspace_in_hosts.rb +101 -0
data/db/migrate/20130510021637_remove_campaigns.rb +11 -0
data/db/migrate/20130515164311_change_web_vulns_confidence_to_integer.rb +48 -0
data/db/migrate/20130515172727_valid_mdm_web_vuln_params.rb +30 -0
data/db/migrate/20130516204810_making_vulns_refs_a_real_ar_model.rb +5 -0
data/db/migrate/20130522001343_create_task_creds.rb +9 -0
data/db/migrate/20130522032517_create_task_hosts.rb +9 -0
data/db/migrate/20130522041110_create_task_services.rb +9 -0
data/db/migrate/20130525015035_remove_campaign_id_from_clients.rb +9 -0
data/db/migrate/20130525212420_drop_table_imported_creds.rb +14 -0
data/db/migrate/20130531144949_making_host_tags_a_real_ar_model.rb +6 -0
data/db/migrate/20130604145732_create_task_sessions.rb +9 -0
data/db/migrate/20130717150737_remove_pname_validation.rb +7 -0
data/db/migrate/20131002004641_create_automatic_exploitation_matches.rb +13 -0
data/db/migrate/20131002164449_create_automatic_exploitation_match_sets.rb +12 -0
data/db/migrate/20131008213344_create_automatic_exploitation_runs.rb +11 -0
data/db/migrate/20131011184338_module_detail_on_automatic_exploitation_match.rb +10 -0
data/db/migrate/20131017150735_create_automatic_exploitation_match_results.rb +11 -0
data/db/migrate/20131021185657_make_match_polymorphic.rb +11 -0
data/db/migrate/20140905031549_add_detected_arch_to_host.rb +5 -0
data/db/migrate/20150112203945_remove_duplicate_services.rb +17 -0
data/db/migrate/20150205192745_drop_service_uniqueness_index.rb +5 -0
data/db/migrate/20150209195939_add_vuln_id_to_note.rb +6 -0
data/db/migrate/20150212214222_remove_duplicate_services2.rb +17 -0
data/db/migrate/20150219173821_create_module_runs.rb +23 -0
data/db/migrate/20150219215039_add_module_run_to_session.rb +8 -0
data/db/migrate/20150226151459_add_module_run_fk_to_loot.rb +8 -0
data/db/migrate/20150312155312_add_module_full_name_to_match.rb +6 -0
data/db/migrate/20150317145455_rename_module_indices.rb +29 -0
data/db/migrate/20150326183742_add_missing_ae_indices.rb +13 -0
data/db/migrate/20150421211719_rename_automatic_exploitation_index.rb +16 -0
data/db/migrate/20150514182921_add_origin_to_mdm_vuln.rb +13 -0
data/db/migrate/20160415153312_remove_not_null_from_web_vuln_p_arams.rb +5 -0
data/db/migrate/20161004165612_add_fingerprinted_to_workspace.rb +5 -0
data/db/migrate/20161227212223_add_os_family_to_hosts.rb +5 -0
data/db/migrate/20180904120211_create_payloads.rb +21 -0
data/db/migrate/20190308134512_create_async_callbacks.rb +13 -0
data/db/migrate/20190507120211_remove_payload_workspaces.rb +5 -0
data/lib/mdm/host/operating_system_normalization.rb +942 -0
data/lib/mdm/module.rb +13 -0
data/lib/mdm.rb +57 -0
data/lib/metasploit_data_models/automatic_exploitation.rb +25 -0
data/lib/metasploit_data_models/base64_serializer.rb +99 -0
data/lib/metasploit_data_models/change_required_columns_to_null_false.rb +21 -0
data/lib/metasploit_data_models/engine.rb +32 -0
data/lib/metasploit_data_models/ip_address/cidr.rb +174 -0
data/lib/metasploit_data_models/ip_address/range.rb +181 -0
data/lib/metasploit_data_models/ip_address/v4/segment/nmap.rb +7 -0
data/lib/metasploit_data_models/ip_address/v4/segment.rb +7 -0
data/lib/metasploit_data_models/ip_address/v4.rb +11 -0
data/lib/metasploit_data_models/ip_address.rb +9 -0
data/lib/metasploit_data_models/match/child.rb +48 -0
data/lib/metasploit_data_models/match/parent.rb +103 -0
data/lib/metasploit_data_models/match.rb +8 -0
data/lib/metasploit_data_models/search/operation/port.rb +9 -0
data/lib/metasploit_data_models/search/operation.rb +9 -0
data/lib/metasploit_data_models/search/operator/port.rb +6 -0
data/lib/metasploit_data_models/search/operator.rb +8 -0
data/lib/metasploit_data_models/search/visitor.rb +11 -0
data/lib/metasploit_data_models/search.rb +8 -0
data/lib/metasploit_data_models/serialized_prefs.rb +27 -0
data/lib/metasploit_data_models/version.rb +13 -0
data/lib/metasploit_data_models.rb +56 -0
data/metasploit_data_models.gemspec +65 -0
data/script/rails +8 -0
data/spec/app/models/mdm/api_key_spec.rb +3 -0
data/spec/app/models/mdm/client_spec.rb +43 -0
data/spec/app/models/mdm/cred_spec.rb +346 -0
data/spec/app/models/mdm/event_spec.rb +90 -0
data/spec/app/models/mdm/exploit_attempt_spec.rb +59 -0
data/spec/app/models/mdm/exploited_host_spec.rb +44 -0
data/spec/app/models/mdm/host_detail_spec.rb +48 -0
data/spec/app/models/mdm/host_spec.rb +1139 -0
data/spec/app/models/mdm/host_tag_spec.rb +69 -0
data/spec/app/models/mdm/listener_spec.rb +107 -0
data/spec/app/models/mdm/loot_spec.rb +84 -0
data/spec/app/models/mdm/macro_spec.rb +3 -0
data/spec/app/models/mdm/mod_ref_spec.rb +3 -0
data/spec/app/models/mdm/module/action_spec.rb +34 -0
data/spec/app/models/mdm/module/arch_spec.rb +34 -0
data/spec/app/models/mdm/module/author_spec.rb +52 -0
data/spec/app/models/mdm/module/detail_spec.rb +746 -0
data/spec/app/models/mdm/module/mixin_spec.rb +34 -0
data/spec/app/models/mdm/module/platform_spec.rb +34 -0
data/spec/app/models/mdm/module/ref_spec.rb +58 -0
data/spec/app/models/mdm/module/target_spec.rb +36 -0
data/spec/app/models/mdm/nexpose_console_spec.rb +146 -0
data/spec/app/models/mdm/note_spec.rb +91 -0
data/spec/app/models/mdm/profile_spec.rb +3 -0
data/spec/app/models/mdm/ref_spec.rb +71 -0
data/spec/app/models/mdm/route_spec.rb +35 -0
data/spec/app/models/mdm/service_spec.rb +232 -0
data/spec/app/models/mdm/session_event_spec.rb +42 -0
data/spec/app/models/mdm/session_spec.rb +118 -0
data/spec/app/models/mdm/tag_spec.rb +116 -0
data/spec/app/models/mdm/task_cred_spec.rb +51 -0
data/spec/app/models/mdm/task_host_spec.rb +50 -0
data/spec/app/models/mdm/task_service_spec.rb +50 -0
data/spec/app/models/mdm/task_session_spec.rb +46 -0
data/spec/app/models/mdm/task_spec.rb +71 -0
data/spec/app/models/mdm/user_spec.rb +50 -0
data/spec/app/models/mdm/vuln_attempt_spec.rb +53 -0
data/spec/app/models/mdm/vuln_detail_spec.rb +65 -0
data/spec/app/models/mdm/vuln_ref_spec.rb +46 -0
data/spec/app/models/mdm/vuln_spec.rb +299 -0
data/spec/app/models/mdm/web_form_spec.rb +46 -0
data/spec/app/models/mdm/web_page_spec.rb +101 -0
data/spec/app/models/mdm/web_site_spec.rb +85 -0
data/spec/app/models/mdm/web_vuln_spec.rb +312 -0
data/spec/app/models/mdm/wmap_request_spec.rb +5 -0
data/spec/app/models/mdm/wmap_target_spec.rb +5 -0
data/spec/app/models/mdm/workspace_spec.rb +500 -0
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +86 -0
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +46 -0
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +37 -0
data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +38 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +119 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +149 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +298 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +276 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +302 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +27 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +324 -0
data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +181 -0
data/spec/app/models/metasploit_data_models/module_run_spec.rb +134 -0
data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +180 -0
data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +39 -0
data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +138 -0
data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +233 -0
data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +17 -0
data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +160 -0
data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +162 -0
data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +96 -0
data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +175 -0
data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +396 -0
data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +49 -0
data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +925 -0
data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +187 -0
data/spec/dummy/Rakefile +7 -0
data/spec/dummy/app/assets/config/manifest.js +1 -0
data/spec/dummy/app/assets/javascripts/application.js +15 -0
data/spec/dummy/app/assets/stylesheets/application.css +13 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/mailers/.gitkeep +0 -0
data/spec/dummy/app/models/.gitkeep +0 -0
data/spec/dummy/app/models/application_record.rb +3 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/bin/bundle +3 -0
data/spec/dummy/bin/rails +4 -0
data/spec/dummy/bin/rake +4 -0
data/spec/dummy/config/application.rb +61 -0
data/spec/dummy/config/boot.rb +4 -0
data/spec/dummy/config/database.yml.example +22 -0
data/spec/dummy/config/database.yml.github_actions +21 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +37 -0
data/spec/dummy/config/environments/production.rb +78 -0
data/spec/dummy/config/environments/test.rb +39 -0
data/spec/dummy/config/initializers/active_record_migrations.rb +4 -0
data/spec/dummy/config/initializers/assets.rb +8 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/dummy/config/initializers/inflections.rb +16 -0
data/spec/dummy/config/initializers/mime_types.rb +4 -0
data/spec/dummy/config/initializers/session_store.rb +3 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/locales/en.yml +23 -0
data/spec/dummy/config/routes.rb +2 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/db/structure.sql +3430 -0
data/spec/dummy/db/structure.sql.from_rails_3 +3403 -0
data/spec/dummy/lib/assets/.gitkeep +0 -0
data/spec/dummy/log/.gitkeep +0 -0
data/spec/dummy/public/404.html +26 -0
data/spec/dummy/public/422.html +26 -0
data/spec/dummy/public/500.html +25 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/script/rails +6 -0
data/spec/factories/mdm/addresses.rb +12 -0
data/spec/factories/mdm/clients.rb +8 -0
data/spec/factories/mdm/creds.rb +17 -0
data/spec/factories/mdm/events.rb +15 -0
data/spec/factories/mdm/exploit_attempts.rb +8 -0
data/spec/factories/mdm/exploited_hosts.rb +7 -0
data/spec/factories/mdm/fingerprints/nessus_fingerprints.rb +6 -0
data/spec/factories/mdm/fingerprints/nexpose_fingerprints.rb +6 -0
data/spec/factories/mdm/fingerprints/nmap_fingerprints.rb +6 -0
data/spec/factories/mdm/fingerprints/retina_fingerprints.rb +6 -0
data/spec/factories/mdm/fingerprints/session_fingerprints.rb +6 -0
data/spec/factories/mdm/host_details.rb +8 -0
data/spec/factories/mdm/host_tags.rb +9 -0
data/spec/factories/mdm/hosts.rb +85 -0
data/spec/factories/mdm/listeners.rb +12 -0
data/spec/factories/mdm/loots.rb +11 -0
data/spec/factories/mdm/module/actions.rb +14 -0
data/spec/factories/mdm/module/archs.rb +14 -0
data/spec/factories/mdm/module/authors.rb +22 -0
data/spec/factories/mdm/module/details.rb +73 -0
data/spec/factories/mdm/module/mixins.rb +14 -0
data/spec/factories/mdm/module/platforms.rb +14 -0
data/spec/factories/mdm/module/refs.rb +14 -0
data/spec/factories/mdm/module/targets.rb +19 -0
data/spec/factories/mdm/nexpose_consoles.rb +15 -0
data/spec/factories/mdm/notes.rb +12 -0
data/spec/factories/mdm/refs.rb +9 -0
data/spec/factories/mdm/routes.rb +36 -0
data/spec/factories/mdm/services.rb +41 -0
data/spec/factories/mdm/session_events.rb +8 -0
data/spec/factories/mdm/sessions.rb +13 -0
data/spec/factories/mdm/tags.rb +14 -0
data/spec/factories/mdm/task.rb +16 -0
data/spec/factories/mdm/task_creds.rb +9 -0
data/spec/factories/mdm/task_hosts.rb +9 -0
data/spec/factories/mdm/task_services.rb +8 -0
data/spec/factories/mdm/task_sessions.rb +8 -0
data/spec/factories/mdm/users.rb +22 -0
data/spec/factories/mdm/vuln_attempts.rb +8 -0
data/spec/factories/mdm/vuln_details.rb +8 -0
data/spec/factories/mdm/vuln_refs.rb +4 -0
data/spec/factories/mdm/vulns.rb +20 -0
data/spec/factories/mdm/web_forms.rb +33 -0
data/spec/factories/mdm/web_pages.rb +64 -0
data/spec/factories/mdm/web_sites.rb +8 -0
data/spec/factories/mdm/web_vulns.rb +64 -0
data/spec/factories/mdm/workspaces.rb +23 -0
data/spec/factories/metasploit_data_models/automatic_exploitation/match_results.rb +7 -0
data/spec/factories/metasploit_data_models/automatic_exploitation/match_sets.rb +8 -0
data/spec/factories/metasploit_data_models/automatic_exploitation/matches.rb +7 -0
data/spec/factories/metasploit_data_models/automatic_exploitation/runs.rb +6 -0
data/spec/factories/module_runs.rb +40 -0
data/spec/lib/base64_serializer_spec.rb +172 -0
data/spec/lib/ipaddr_spec.rb +29 -0
data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +356 -0
data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +75 -0
data/spec/lib/metasploit_data_models/match/child_spec.rb +59 -0
data/spec/lib/metasploit_data_models/match/parent_spec.rb +153 -0
data/spec/lib/metasploit_data_models_spec.rb +13 -0
data/spec/spec_helper.rb +148 -0
data/spec/support/matchers/match_regex_exactly.rb +28 -0
data/spec/support/shared/contexts/rex/text.rb +15 -0
data/spec/support/shared/examples/coerces_inet_column_type_to_string.rb +15 -0
data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +20 -0
data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +36 -0
data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +109 -0
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +38 -0
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +26 -0
data/spec/support/shared/examples/metasploit_data_models/search/visitor/relation/visit/matching_record.rb +50 -0
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +34 -0
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +51 -0
metadata +444 -6

data/app/models/mdm/web_form.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# A filled-in form on a {#web_site}.
+class Mdm::WebForm < ApplicationRecord
+  #
+  # Associations
+  #
+  # {Mdm::WebSite Web site} on which this form is.
+  belongs_to :web_site,
+             class_name: 'Mdm::WebSite',
+             inverse_of: :web_forms
+  #
+  # Attributes
+  #
+  # @!attribute created_at
+  #   When this web form was created.
+  #
+  #   @return [DateTime]
+  # @!attribute method
+  #   HTTP method (or verb) used to submitted this form, such as GET or POST.
+  #
+  #   @return [String]
+  # @!attribute path
+  #   Path portion of URL to which this form was submitted.
+  #
+  #   @return [String]
+  # @!attribute query
+  #   URL query that submitted for this form.
+  #
+  #   @return [String]
+  # @!attribute updated_at
+  #   The last time this web form was updated.
+  #
+  #   @return [DateTime]
+  #
+  # Serializations
+  #
+  # Parameters submitted in this form.
+  #
+  # @return [Array<Array(String, String)>>]
+  serialize :params, MetasploitDataModels::Base64Serializer.new
+  Metasploit::Concern.run(self)
+end

data/app/models/mdm/web_page.rb ADDED Viewed

@@ -0,0 +1,92 @@
+# Web page requested from a {#web_site}.
+class Mdm::WebPage < ApplicationRecord
+  #
+  # Associations
+  #
+  # Mdm::WebSite Web site} from which this page was requested.
+  belongs_to :web_site,
+             class_name: 'Mdm::WebSite',
+             inverse_of: :web_pages
+  #
+  # Attributes
+  #
+  # @!attribute auth
+  #   Credentials sent to server to authenticate to web site to allow access to this web page.
+  #
+  #   @return [String]
+  # @!attribute body
+  #   Body of response from server.
+  #
+  #   @return [String]
+  # @!attribute code
+  #   HTTP Status code return from {#web_site} when requesting this web page.
+  #
+  #   @return [Integer]
+  # @!attribute cookie
+  #   Cookies derived from {#headers}.
+  #
+  #   @return [String]
+  # @!attribute created_at
+  #   When this web page was created.
+  #
+  #   @return [DateTime]
+  # @!attribute ctype
+  #   The content type derived from the {#headers} of the returned web page.
+  #
+  #   @return [String]
+  # @!attribute location
+  #   Location derived from {#headers}.
+  #   @return [String]
+  # @!attribute mtime
+  #   The last modified time of the web page derived from the {#headers}.
+  #
+  #   @return [DateTime]
+  # @!attribute path
+  #   Path portion of URL that was used to access this web page.
+  #
+  #   @return [String]
+  # @!attribute query
+  #   Query portion of URLthat was used to access this web page.
+  #
+  #   @return [String]
+  # @!attribute request
+  #   Request sent to server to cause this web page to be returned.
+  #
+  #   @return [String]
+  # @!attribute updated_at
+  #   The last time this web page was updated.
+  #
+  #   @return [DateTime]
+  #
+  # Serializations
+  #
+  # Headers sent from server.
+  #
+  # @return [Hash{String => String}]
+  serialize :headers, MetasploitDataModels::Base64Serializer.new
+  # Cookies sent from server.
+  #
+  # @return [Hash{String => String}]
+  serialize :cookie
+  Metasploit::Concern.run(self)
+end

data/app/models/mdm/web_site.rb ADDED Viewed

@@ -0,0 +1,113 @@
+# A Web Site running on a {#service}.
+class Mdm::WebSite < ApplicationRecord
+  #
+  # Associations
+  #
+  # The service on which this web site is running.
+  belongs_to :service,
+             class_name: 'Mdm::Service',
+             foreign_key: 'service_id',
+             inverse_of: :web_sites
+  # Filled-in forms within this web site.
+  has_many :web_forms,
+           class_name: 'Mdm::WebForm',
+           dependent: :destroy,
+           inverse_of: :web_site
+  # Web pages found on this web site.
+  has_many :web_pages,
+           class_name: 'Mdm::WebPage',
+           dependent: :destroy,
+           inverse_of: :web_site
+  # Vulnerabilities found on this web site.
+  has_many :web_vulns,
+           class_name: 'Mdm::WebVuln',
+           dependent: :destroy,
+           inverse_of: :web_site
+  #
+  # Attributes
+  #
+  # @!attribute [rw] comments
+  #   User entered comments about this web site.
+  #
+  #   @return [String]
+  # @!attribute [rw] created_at
+  #   When this web site was created.
+  #
+  #   @return [DateTime]
+  # @!attribute [rw] updated_at
+  #   The last time this web site was updated.
+  #
+  #   @return [DateTime]
+  # @!attribute [rw] vhost
+  #   The virtual host for the web site in case `service.host.name` or `service.host.address` is no the host for this
+  #   web site.
+  #
+  #   @return [String]
+  #
+  # Serializations
+  #
+  # @!attribute [rw] options
+  #   @todo Determine format and purpose of Mdm::WebSite#options.
+  serialize :options, ::MetasploitDataModels::Base64Serializer.new
+  #
+  # Instance Methods
+  #
+  # Number of {#web_forms}.
+  #
+  # @return [Integer]
+  def form_count
+    web_forms.size
+  end
+  # Number of {#web_pages}.
+  #
+  # @return [Integer]
+  def page_count
+    web_pages.size
+  end
+  # Converts this web site to its URL, including scheme, host and port.
+  #
+  # @param ignore_vhost [Boolean] if `false` use {#vhost} for host portion of URL.  If `true` use {Mdm::Host#address} of
+  #   {Mdm::Service#host} of {#service} for host portion of URL.
+  # @return [String] <scheme>://<host>[:<port>]
+  def to_url(ignore_vhost=false)
+    proto = self.service.name == "https" ? "https" : "http"
+    host = ignore_vhost ? self.service.host.address.to_s : self.vhost
+    port = self.service.port
+    if Rex::Socket.is_ipv6?(host)
+      host = "[#{host}]"
+    end
+    url = "#{proto}://#{host}"
+    if not ((proto == "http" and port == 80) or (proto == "https" and port == 443))
+      url += ":#{port}"
+    end
+    url
+  end
+  # Number of {#web_vulns}.
+  #
+  # @return [Integer]
+  def vuln_count
+    web_vulns.size
+  end
+  Metasploit::Concern.run(self)
+end

data/app/models/mdm/web_vuln.rb ADDED Viewed

@@ -0,0 +1,193 @@
+# A Web Vulnerability found during a web scan or web audit.
+#
+# If you need to modify Mdm::WebVuln you can use ActiveSupport.on_load(:mdm_web_vuln) inside an initializer so that
+# your patches are reloaded on each request in development mode for your Rails application.
+#
+# @example extending Mdm::WebVuln
+#   # config/initializers/mdm_web_vuln.rb
+#   ActiveSupport.on_load(:mdm_web_vuln) do
+#     def confidence_percentage
+#       "#{confidence}%"
+#     end
+#   end
+class Mdm::WebVuln < ApplicationRecord
+  #
+  # CONSTANTS
+  #
+  # A percentage {#confidence} that the vulnerability is real and not a false positive.
+  CONFIDENCE_RANGE = 0 .. 100
+  # Default value for {#params}
+  DEFAULT_PARAMS = []
+  # Allowed {#method methods}.
+  METHODS = [
+      'GET',
+      # XXX I don't know why PATH is a valid method when it's not an HTTP Method/Verb
+      'PATH',
+      'POST'
+  ]
+  # {#risk Risk} is rated on a scale from 0 (least risky) to 5 (most risky).
+  RISK_RANGE = 0 .. 5
+  #
+  # Associations
+  #
+  belongs_to :web_site,
+             class_name: 'Mdm::WebSite',
+             inverse_of: :web_vulns
+  #
+  # Attributes
+  #
+  # @!attribute [rw] blame
+  #   Who to blame for the vulnerability
+  #
+  #   @return [String]
+  # @!attribute [rw] category
+  #   Category of this vulnerability.
+  #
+  #   @return [String]
+  # @!attribute [rw] confidence
+  #   Percentage confidence scanner or auditor has that this vulnerability is not a false positive
+  #
+  #   @return [Integer] 1% to 100%
+  # @!attribute [rw] description
+  #   Description of the vulnerability
+  #
+  #   @return [String, nil]
+  # @!attribute [rw] method
+  #   HTTP Methods for request that found vulnerability.  'PATH' is also allowed even though it is not an HTTP Method.
+  #
+  #   @return [String]
+  #   @see METHODS
+  # @!attribute [rw] name
+  #   Name of the vulnerability
+  #
+  #   @return [String]
+  # @!attribute [rw] path
+  #   Path portion of URL
+  #
+  #   @return [String]
+  # @!attribute [rw] payload
+  #   Web audit payload that gets executed by the remote server.  Used for code injection vulnerabilities.
+  #
+  #   @return [String, nil]
+  # @!attribute [rw] pname
+  #   Name of parameter that demonstrates vulnerability
+  #
+  #   @return [String]
+  # @!attribute [rw] proof
+  #   String that proves vulnerability, such as a code snippet, etc.
+  #
+  #   @return [String]
+  # @!attribute [rw] query
+  #   The GET query.
+  #
+  #   @return [String]
+  # @!attribute [rw] request
+  #
+  #   @return [String]
+  # @!attribute [rw] risk
+  #   {RISK_RANGE Risk} of leaving this vulnerability unpatched.
+  #
+  #   @return [Integer]
+  #
+  # Validations
+  #
+  validates :category, :presence => true
+  validates :confidence,
+            :inclusion => {
+                :in => CONFIDENCE_RANGE
+            }
+  validates :method,
+            :inclusion => {
+                :in => METHODS
+            }
+  validates :name, :presence => true
+  validates :params, :parameters => true
+  validates :path, :presence => true
+  validates :proof, :presence => true
+  validates :risk,
+            :inclusion => {
+                :in => RISK_RANGE
+            }
+  validates :web_site, :presence => true
+  #
+  # Serializations
+  #
+  # @!attribute [rw] params
+  #   Parameters sent as part of request
+  #
+  #   @return [Array<Array(String, String)>] Array of parameter key value pairs
+  serialize :params, MetasploitDataModels::Base64Serializer.new(:default => DEFAULT_PARAMS)
+  #
+  # Methods
+  #
+  # Parameters sent as part of request.
+  #
+  # @return [Array<Array<(String, String)>>]
+  def params
+    normalize_params(
+        read_attribute(:params)
+    )
+  end
+  # Set parameters sent as part of request.
+  #
+  # @param params [Array<Array<(String, String)>>, nil] Array of parameter key value pairs
+  # @return [void]
+  def params=(params)
+    write_attribute(
+        :params,
+        normalize_params(params)
+    )
+  end
+  private
+  # Creates a duplicate of {DEFAULT_PARAMS} that is safe to modify.
+  #
+  # @return [Array] an empty array
+  def default_params
+    DEFAULT_PARAMS.dup
+  end
+  # Returns either the given params or {DEFAULT_PARAMS} if params is `nil`
+  #
+  # @param [Array<Array<(String, String)>>, nil] params
+  # @return [Array<<Array<(String, String)>>] params if not `nil`
+  # @return [nil] if params is `nil`
+  def normalize_params(params)
+    params || default_params
+  end
+  # switch back to public for load hooks
+  public
+  Metasploit::Concern.run(self)
+end

data/app/models/mdm/wmap_request.rb ADDED Viewed

@@ -0,0 +1,101 @@
+# Request sent to a {Mdm::WmapTarget}.  WMAP is a plugin to metasploit-framework.
+class Mdm::WmapRequest < ApplicationRecord
+  #
+  #
+  # Attributes
+  #
+  #
+  # @!attribute address
+  #   IP address of {#host} to which this request was sent.
+  #
+  #   @return [String]
+  # @!attribute body
+  #   Body of this request.
+  #
+  #   @return [String]
+  # @!attribute created_at
+  #   When this request was created.
+  #
+  #   @return [DateTime]
+  # @!attribute headers
+  #   Headers sent as part of this request.
+  #
+  #   @return [String]
+  # @!attribute host
+  #   Name of host to which this request was sent.
+  #
+  #   @return [String]
+  # @!attribute meth
+  #   HTTP Method (or VERB) used for request.
+  #
+  #   @return [String]
+  # @!attribute path
+  #   Path portion of URL for this request.
+  #
+  #   @return [String]
+  # @!attribute port
+  #   Port at {#address} to which this request was sent.
+  #
+  #   @return [Integer]
+  # @!attribute query
+  #   Query portion of URL for this request.
+  #
+  #   @return [String]
+  # @!attribute ssl
+  #   Version of SSL to use.
+  #
+  #   @return [Integer]
+  # @!attribute updated_at
+  #   The last time this request was updated.
+  #
+  #   @return [DateTime]
+  #
+  # @!group Response
+  #
+  # @!attribute respcode
+  #   HTTP status code sent in response to this request from server.
+  #
+  #   @return [String]
+  # @!attribute resphead
+  #   Headers sent in response from server.
+  #
+  #   @return [String]
+  # @!attribute response
+  #   Response sent from server.
+  #
+  #   @return [String]
+  #
+  # @!endgroup
+  #
+  #
+  # Instance Methods
+  #
+  # @note Necessary to avoid coercion to an `IPAddr` object.
+  #
+  # The IP address for this request.
+  #
+  # @return [String]
+  def address
+    self[:address].to_s
+  end
+  Metasploit::Concern.run(self)
+end

data/app/models/mdm/wmap_target.rb ADDED Viewed

@@ -0,0 +1,56 @@
+# WMAP target. WMAP is a plugin to metasploit-framework.
+class Mdm::WmapTarget < ApplicationRecord
+  #
+  # Attributes
+  #
+  # @!attribute address
+  #   IP address of {#host}.
+  #
+  #   @return [String]
+  # @!attribute created_at
+  #   When this target was created.
+  #
+  #   @return [DateTime]
+  # @!attribute host
+  #   Name of this target.
+  #
+  #   @return [String]
+  # @!attribute port
+  #   Port on this target to send {Mdm::WmapRequest requests}.
+  #
+  #   @return [Integer]
+  # @!attribute selected
+  #   Whether this target should be sent requests.
+  #
+  #   @return [Integer]
+  # @!attribute ssl
+  #   Version of SSL to use when sending requests to this target.
+  #
+  #   @return [Integer]
+  # @!attribute updated_at
+  #   The last time this target was updated.
+  #
+  #   @return [DateTime]
+  #
+  # Instance Methods
+  #
+  # @note Necessary to avoid coercion to an `IPAddr` object.
+  #
+  # The IP address for this target.
+  #
+  # @return [String]
+  def address
+    self[:address].to_s
+  end
+  Metasploit::Concern.run(self)
+end