Class: Mdm::Host
- Inherits:
-
ApplicationRecord
- Object
- ApplicationRecord
- Mdm::Host
- Extended by:
- ActiveSupport::Autoload
- Includes:
- OperatingSystemNormalization, Metasploit::Model::Search
- Defined in:
- app/models/mdm/host.rb
Overview
A system with an IP address on the network that has been discovered in some way.
Defined Under Namespace
Modules: OperatingSystemNormalization
Constant Summary collapse
- UNKNOWN_ARCHITECTURE =
Special #arch value to indicate we should look at #detected_arch instead
'Unknown'
- ARCHITECTURES =
Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.
[ 'armbe', 'armle', 'cbea', 'cbea64', 'cmd', 'java', 'mips', 'mipsbe', 'mipsle', 'php', 'ppc', 'ppc64', 'ruby', 'sparc', 'tty', # To be used for compatability with 'X86_64' 'x64', 'x86', 'x86_64', '', UNKNOWN_ARCHITECTURE ]
- SEARCH_FIELDS =
Fields searched for the search scope
[ 'address::text', 'comments', 'mac', 'name', 'os_flavor', 'os_name', 'os_sp', 'purpose' ]
- STATES =
Valid values for #state.
[ 'alive', 'down', 'unknown' ]
- MAC_ADDRESS_HYPHEN_REGEX =
Valid MAC address value hyphen-separated: 1a-2B-3c-4D-5e-6f
/\A(?:[A-F0-9]{2}[-]){5}[A-F0-9]{2}\z/i
- MAC_ADDRESS_COLON_REGEX =
colon-separated: 1a:2B:3c:4D:5e:6f
/\A(?:[A-F0-9]{2}[:]){5}[A-F0-9]{2}\z/i
- MAC_ADDRESS_EMPTY_REGEX =
XXX for now, allow en empty MAC so as not to break things that exist with empty MACs.
/\A\z/
- MAC_ADDRESS_REGEX =
6-tuple of hex (case-insensitive) doublets (or empty)
Regexp.union(MAC_ADDRESS_HYPHEN_REGEX, MAC_ADDRESS_COLON_REGEX, MAC_ADDRESS_EMPTY_REGEX)
Constants included from OperatingSystemNormalization
OperatingSystemNormalization::MAX_NMAP_CERTAINTY
Instance Attribute Summary collapse
-
#address ⇒ String
The IP address of this host.
-
#arch ⇒ String
The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.
-
#clients ⇒ ActiveRecord::Relation<Mdm::Client>
Users connected to this host.
- #comm ⇒ String
-
#comments ⇒ String
User supplied comments about host.
-
#created_at ⇒ DateTime
When this host was created in the database.
-
#cred_count ⇒ Integer
Counter cache for #creds.
-
#creds ⇒ ActiveRecord::Relation<Mdm::Cred>
readonly
Credentials captured from #services.
-
#detected_arch ⇒ String
The architecture of the host's CPU as detected by
Recog
. -
#events ⇒ ActiveRecord::Relation<Mdm::Event>
Events that occurred on this host.
-
#exploit_attempt_count ⇒ Integer
Counter cache for #exploit_attempts.
-
#exploit_attempts ⇒ ActiveRecord::Relation<Mdm::ExploitAttempt]
Attempts to run exploits against this host.
- #exploited_hosts ⇒ ActiveRecord::Relation<Mdm::ExploitedHost>
-
#host_detail_count ⇒ Integer
Counter cache for #host_details.
- #host_details ⇒ ActiveRecord::Relation<Mdm::HostDetail>
- #hosts_tags ⇒ ActiveRecord::Relation<Mdm::HostTag>
-
#info ⇒ String
Information about this host gathered from the host.
-
#loots ⇒ ActiveRecord::Relation<Mdm::Loot>
Loot gathered from the host with newest loot first.
-
#mac ⇒ String
The MAC address of this host.
-
#module_details ⇒ ActiveRecord::Relation<Mdm::Module::Detail]
readonly
Details about modules that were used to find vulnerabilities on this host.
- #module_refs ⇒ ActiveRecord::Relation<Mdm::Module::Ref> readonly
-
#module_runs ⇒ ActiveRecord::Relation<MetasploitDataModels::ModuleRun>
readonly
Records of Metasploit modules being run on/against this Host.
-
#name ⇒ String
The name of the host.
-
#note_count ⇒ Integer
Counter cache for #notes.
-
#notes ⇒ ActiveRecord::Relation<Mdm::Note>
Notes about the host entered by a user with oldest notes first.
-
#os_flavor ⇒ String
The flavor of #os_name.
-
#os_lang ⇒ String
Free-form language of operating system.
-
#os_name ⇒ String
The name of the operating system.
-
#os_sp ⇒ String
The service pack of the #os_flavor of the #os_name.
-
#purpose ⇒ String
The purpose of the host on the network, such as 'client' or 'firewall'.
-
#refs ⇒ ActiveRecord::Relation<Mdm::Ref>
readonly
External references, such as CVE, to vulnerabilities found on this host.
-
#scope ⇒ String
Interface identifier for link-local IPv6.
-
#service_count ⇒ Integer
Counter cache for #services.
- #service_notes ⇒ ActiveRecord::Relation<Mdm::Note> readonly
- #services ⇒ ActiveRecord::Relation<Mdm::Service>
-
#sessions ⇒ ActiveRecord::Relation<Mdm::Session]
Sessions that are open or previously were open on the host ordered by when the session was opened.
-
#state ⇒ String
Whether the host is alive, down, or in an unknown state.
-
#tags ⇒ ActiveRecord::Relation<Mdm::Tag>
readonly
The tags on this host.
-
#task_hosts ⇒ ActiveRecord::Relation<Mdm::TaskHost>
Details about what Tasks touched this host.
-
#tasks ⇒ ActiveRecord::Relation<Mdm::Task>
Tasks that touched this service.
-
#updated_at ⇒ DateTime
The last time this host was updated in the database.
-
#virtual_host ⇒ String
The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.
-
#vuln_count ⇒ Integer
Counter cache for #vulns.
- #vuln_refs ⇒ ActiveRecord::Relation<Mdm::VulnRef> readonly
-
#vulns ⇒ ActiveRecord::Relation<Mdm::Vuln>
Vulnerabilities found on the host.
- #web_sites ⇒ ActiveRecord::Relation<Mdm::WebSite> readonly
-
#workspace ⇒ Mdm::Workspace
The workspace in which this host was found.
Instance Method Summary collapse
- #attribute_locked?(attr) ⇒ true, false
-
#ip_address_invalid? ⇒ void
This is replicated by the IpAddressValidator class.
-
#is_vm? ⇒ true, false
Returns whether this host is a virtual machine.
Methods included from OperatingSystemNormalization
#apply_match_to_host, #get_arch_from_string, #guess_purpose_from_match, #normalize_fusionvm_fingerprint, #normalize_generic_fingerprint, #normalize_match, #normalize_match_family, #normalize_mbsa_fingerprint, #normalize_nessus_fingerprint, #normalize_nexpose_fingerprint, #normalize_nmap_fingerprint, #normalize_os, #normalize_qualys_fingerprint, #normalize_retina_fingerprint, #normalize_scanner_fp, #normalize_session_fingerprint, #parse_windows_os_str, #recog_matches_for_note, #recog_matches_for_service, #sanitize, #service_banner_recog_filter_ssh, #validate_fingerprint_data
Instance Attribute Details
#address ⇒ String
The IP address of this host.
87 88 89 |
# File 'app/models/mdm/host.rb', line 87 def address self[:address].to_s end |
#arch ⇒ String
The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.
|
# File 'app/models/mdm/host.rb', line 334
|
#clients ⇒ ActiveRecord::Relation<Mdm::Client>
Users connected to this host
99 100 101 102 |
# File 'app/models/mdm/host.rb', line 99 has_many :clients, class_name: 'Mdm::Client', dependent: :destroy, inverse_of: :host |
#comm ⇒ String
|
# File 'app/models/mdm/host.rb', line 340
|
#comments ⇒ String
User supplied comments about host.
|
# File 'app/models/mdm/host.rb', line 345
|
#created_at ⇒ DateTime
When this host was created in the database.
|
# File 'app/models/mdm/host.rb', line 350
|
#creds ⇒ ActiveRecord::Relation<Mdm::Cred> (readonly)
Credentials captured from #services.
236 |
# File 'app/models/mdm/host.rb', line 236 has_many :creds, :class_name => 'Mdm::Cred', :through => :services |
#detected_arch ⇒ String
The architecture of the host's CPU as detected by Recog
. If #arch is
not UNKNOWN_ARCHITECTURE, this is undefined.
|
# File 'app/models/mdm/host.rb', line 360
|
#events ⇒ ActiveRecord::Relation<Mdm::Event>
Events that occurred on this host.
108 109 110 111 |
# File 'app/models/mdm/host.rb', line 108 has_many :events, class_name: 'Mdm::Event', dependent: :delete_all, inverse_of: :host |
#exploit_attempt_count ⇒ Integer
Counter cache for #exploit_attempts.
|
# File 'app/models/mdm/host.rb', line 366
|
#exploit_attempts ⇒ ActiveRecord::Relation<Mdm::ExploitAttempt]
Attempts to run exploits against this host.
126 127 128 129 |
# File 'app/models/mdm/host.rb', line 126 has_many :exploit_attempts, class_name: 'Mdm::ExploitAttempt', dependent: :destroy, inverse_of: :host |
#exploited_hosts ⇒ ActiveRecord::Relation<Mdm::ExploitedHost>
MSP-2732
134 135 136 137 |
# File 'app/models/mdm/host.rb', line 134 has_many :exploited_hosts, class_name: 'Mdm::ExploitedHost', dependent: :destroy, inverse_of: :host |
#host_detail_count ⇒ Integer
Counter cache for #host_details.
|
# File 'app/models/mdm/host.rb', line 371
|
#host_details ⇒ ActiveRecord::Relation<Mdm::HostDetail>
141 142 143 144 |
# File 'app/models/mdm/host.rb', line 141 has_many :host_details, class_name: 'Mdm::HostDetail', dependent: :destroy, inverse_of: :host |
#hosts_tags ⇒ ActiveRecord::Relation<Mdm::HostTag>
151 152 153 154 |
# File 'app/models/mdm/host.rb', line 151 has_many :hosts_tags, class_name: 'Mdm::HostTag', dependent: :destroy, inverse_of: :host |
#info ⇒ String
Information about this host gathered from the host.
|
# File 'app/models/mdm/host.rb', line 376
|
#loots ⇒ ActiveRecord::Relation<Mdm::Loot>
MSP-3065
Loot gathered from the host with newest loot first.
161 162 163 164 165 |
# File 'app/models/mdm/host.rb', line 161 has_many :loots, -> { order('loots.created_at DESC')}, class_name: 'Mdm::Loot', dependent: :destroy, inverse_of: :host |
#mac ⇒ String
The MAC address of this host.
|
# File 'app/models/mdm/host.rb', line 381
|
#module_details ⇒ ActiveRecord::Relation<Mdm::Module::Detail] (readonly)
Details about modules that were used to find vulnerabilities on this host.
319 320 321 322 |
# File 'app/models/mdm/host.rb', line 319 has_many :module_details, -> { distinct } , :class_name => 'Mdm::Module::Detail', :source =>:detail, :through => :module_refs |
#module_refs ⇒ ActiveRecord::Relation<Mdm::Module::Ref> (readonly)
309 |
# File 'app/models/mdm/host.rb', line 309 has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs |
#module_runs ⇒ ActiveRecord::Relation<MetasploitDataModels::ModuleRun> (readonly)
Records of Metasploit modules being run on/against this Mdm::Host
260 261 262 |
# File 'app/models/mdm/host.rb', line 260 has_many :module_runs, class_name: 'MetasploitDataModels::ModuleRun', as: :trackable |
#name ⇒ String
The name of the host. If the host name is not available, then it will just be the IP address.
|
# File 'app/models/mdm/host.rb', line 387
|
#notes ⇒ ActiveRecord::Relation<Mdm::Note>
Notes about the host entered by a user with oldest notes first.
171 172 173 174 175 |
# File 'app/models/mdm/host.rb', line 171 has_many :notes, -> { order('notes.created_at') }, class_name: 'Mdm::Note', inverse_of: :host, dependent: :delete_all |
#os_lang ⇒ String
Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.
|
# File 'app/models/mdm/host.rb', line 406
|
#os_name ⇒ String
The name of the operating system.
|
# File 'app/models/mdm/host.rb', line 412
|
#os_sp ⇒ String
The service pack of the #os_flavor of the #os_name.
|
# File 'app/models/mdm/host.rb', line 417
|
#purpose ⇒ String
The purpose of the host on the network, such as 'client' or 'firewall'.
|
# File 'app/models/mdm/host.rb', line 427
|
#refs ⇒ ActiveRecord::Relation<Mdm::Ref> (readonly)
External references, such as CVE, to vulnerabilities found on this host.
299 |
# File 'app/models/mdm/host.rb', line 299 has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs |
#scope ⇒ String
Interface identifier for link-local IPv6
|
# File 'app/models/mdm/host.rb', line 432
|
#service_notes ⇒ ActiveRecord::Relation<Mdm::Note> (readonly)
243 244 245 246 |
# File 'app/models/mdm/host.rb', line 243 has_many :service_notes, class_name: 'Mdm::Note', source: :notes, through: :services |
#services ⇒ ActiveRecord::Relation<Mdm::Service>
182 183 184 185 186 |
# File 'app/models/mdm/host.rb', line 182 has_many :services, -> { order('services.port, services.proto') }, class_name: 'Mdm::Service', dependent: :destroy, inverse_of: :host |
#sessions ⇒ ActiveRecord::Relation<Mdm::Session]
Sessions that are open or previously were open on the host ordered by when the session was opened
193 194 195 196 197 |
# File 'app/models/mdm/host.rb', line 193 has_many :sessions, -> { order('sessions.opened_at') }, class_name: 'Mdm::Session', dependent: :destroy, inverse_of: :host |
#state ⇒ String
Whether the host is alive, down, or in an unknown state.
|
# File 'app/models/mdm/host.rb', line 443
|
#tags ⇒ ActiveRecord::Relation<Mdm::Tag> (readonly)
The tags on this host. Tags are used to filter hosts.
225 |
# File 'app/models/mdm/host.rb', line 225 has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags |
#task_hosts ⇒ ActiveRecord::Relation<Mdm::TaskHost>
Details about what Tasks touched this host
117 118 119 120 |
# File 'app/models/mdm/host.rb', line 117 has_many :task_hosts, class_name: 'Mdm::TaskHost', dependent: :destroy, inverse_of: :host |
#tasks ⇒ ActiveRecord::Relation<Mdm::Task>
Tasks that touched this service
273 274 275 |
# File 'app/models/mdm/host.rb', line 273 has_many :tasks, class_name: 'Mdm::Task', through: :task_hosts |
#updated_at ⇒ DateTime
The last time this host was updated in the database.
|
# File 'app/models/mdm/host.rb', line 448
|
#virtual_host ⇒ String
The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.
|
# File 'app/models/mdm/host.rb', line 453
|
#vuln_refs ⇒ ActiveRecord::Relation<Mdm::VulnRef> (readonly)
288 |
# File 'app/models/mdm/host.rb', line 288 has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns |
#vulns ⇒ ActiveRecord::Relation<Mdm::Vuln>
Vulnerabilities found on the host.
203 204 205 206 |
# File 'app/models/mdm/host.rb', line 203 has_many :vulns, class_name: 'Mdm::Vuln', dependent: :delete_all, inverse_of: :host |
#web_sites ⇒ ActiveRecord::Relation<Mdm::WebSite> (readonly)
253 |
# File 'app/models/mdm/host.rb', line 253 has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services |
#workspace ⇒ Mdm::Workspace
The workspace in which this host was found.
212 213 214 |
# File 'app/models/mdm/host.rb', line 212 belongs_to :workspace, class_name: 'Mdm::Workspace', inverse_of: :hosts |
Instance Method Details
#attribute_locked?(attr) ⇒ true, false
576 577 578 579 |
# File 'app/models/mdm/host.rb', line 576 def attribute_locked?(attr) n = notes.find_by_ntype("host.updated.#{attr}") n && n.data[:locked] end |
#ip_address_invalid? ⇒ void
This method returns an undefined value.
This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.
585 586 587 588 589 590 591 592 593 594 595 596 597 |
# File 'app/models/mdm/host.rb', line 585 def ip_address_invalid? begin if address.is_a? IPAddr potential_ip = address.dup else potential_ip = IPAddr.new(address) end return true unless potential_ip.ipv4? || potential_ip.ipv6? rescue ArgumentError return true end end |
#is_vm? ⇒ true, false
Returns whether this host is a virtual machine.
603 604 605 |
# File 'app/models/mdm/host.rb', line 603 def is_vm? !!self.virtual_host end |