Module: FIDIUS::EvasionDB::MsfRecorder

Defined in:

lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb

Overview

This recorder provides an interface for the metasploit console it is used to have callbacks when modules are executed.

See Also:

• {file:msf-plugins/evasiondb{file:msf-plugins/evasiondb.rb}

Instance Method Summary

• #log_packet(module_instance, data, socket) ⇒ Object
• #module_completed(module_instance) ⇒ Object
• #module_error(module_instance, exception) ⇒ Object
• #module_started(module_instance) ⇒ Object

Instance Method Details

#log_packet(module_instance, data, socket) ⇒ Object

# File 'lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb', line 50

def log_packet(module_instance,data,socket)
  begin
    $logger.debug "logged module_instance: #{module_instance} with #{data.size} bytes payload"
    # TODO: what shall we do with meterpreter?
    # it has not options and no fullname, logger assigns only the string "meterpreter"
    if module_instance.respond_to?("fullname")
      unless @@current_exploit.finished
        @@current_exploit.packets << FIDIUS::EvasionDB::Knowledge::Packet.create(:payload=>data,:src_addr=>socket.localhost,:src_port=>socket.localport,:dest_addr=>socket.peerhost,:dest_port=>socket.peerport)
        @@current_exploit.save
      end
    # meterpreter is not a module and does not respond to fullname
    # we handle this seperatly
    elsif module_instance == "Meterpreter"
      $logger.debug "module_instance is meterpreter"
      $logger.debug "putting package to attack_payload"
      @@current_exploit.attack_payload.packets << FIDIUS::EvasionDB::Knowledge::Packet.create(:payload=>data,:src_addr=>socket.localhost,:src_port=>socket.localport,:dest_addr=>socket.peerhost,:dest_port=>socket.peerport)
      @@current_exploit.save
    end
    $logger.debug "LOG: #{module_instance} #{data.size} Bytes on #{socket}"
  rescue ActiveRecord::StatementInvalid
    $logger.error "StatementInvalid"
  rescue
    $logger.error "error:"
  end
end

#module_completed(module_instance) ⇒ Object

# File 'lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb', line 14

def module_completed(module_instance)
  begin
  # TODO: refactor this
  if module_instance.datastore["RHOST"]
    FIDIUS::EvasionDB.current_fetcher.local_ip = FIDIUS::Common.get_my_ip(module_instance.datastore["RHOST"])
  end
  if module_instance.datastore["RHOSTS"]
    FIDIUS::EvasionDB.current_fetcher.local_ip = FIDIUS::Common.get_my_ip(module_instance.datastore["RHOSTS"])
  end
  unless @@current_exploit.finished
    $logger.debug("module #{module_instance} finished")
    idmef_events = FIDIUS::EvasionDB.current_fetcher.fetch_events(module_instance)
    $logger.debug("found #{idmef_events.size} events")
    idmef_events.each do |idmef_event|
      if module_instance && module_instance.respond_to?("fullname")
        $logger.debug "idmef_events << #{idmef_event}"
        @@current_exploit.idmef_events << idmef_event
        # meterpreter is not a module and does not respond to fullname
        # we handle this seperatly
      elsif module_instance == "Meterpreter"
        $logger.debug "attack_payload.idmef_events << #{idmef_event}"
        @@current_exploit.attack_payload.idmef_events << idmef_event
      end
    end
    @@current_exploit.finished = true
    @@current_exploit.save
  end
  rescue
    $logger.error $!.message+":"+$!.backtrace.to_s
  end
end

#module_error(module_instance, exception) ⇒ Object

# File 'lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb', line 46

def module_error(module_instance,exception)
  module_completed(module_instance)
end

#module_started(module_instance) ⇒ Object

# File 'lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb', line 8

def module_started(module_instance)
  # use rule_fetcher if the module starts
  @@current_exploit = FIDIUS::EvasionDB::Knowledge::AttackModule.find_or_create_by_name_and_options(module_instance.fullname,module_instance.datastore)
  FIDIUS::EvasionDB.current_fetcher.begin_record
end