Class: Metasploit::Framework::DataService::RemoteHTTPDataService

Inherits:
Object
  • Object
show all
Includes:
DataServiceAutoLoader, Metasploit::Framework::DataService
Defined in:
lib/metasploit/framework/data_service/remote/http/core.rb

Defined Under Namespace

Classes: ErrorResponse, FailedResponse, ResponseWrapper, SuccessResponse

Constant Summary collapse

DEFAULT_USER_AGENT =
"metasploit v#{Metasploit::Framework::VERSION}"
EXEC_ASYNC =
{ :exec_async => true }
GET_REQUEST =
'GET'
POST_REQUEST =
'POST'
DELETE_REQUEST =
'DELETE'
PUT_REQUEST =
'PUT'

Constants included from RemotePayloadDataService

RemotePayloadDataService::PAYLOAD_API_PATH, RemotePayloadDataService::PAYLOAD_MDM_CLASS

Constants included from RemoteDbImportDataService

RemoteDbImportDataService::DB_IMPORT_API_PATH

Constants included from RemoteMsfDataService

RemoteMsfDataService::MSF_API_PATH, RemoteMsfDataService::MSF_VERSION_API_PATH

Constants included from RemoteVulnAttemptDataService

RemoteVulnAttemptDataService::VULN_ATTEMPT_API_PATH, RemoteVulnAttemptDataService::VULN_ATTEMPT_MDM_CLASS

Constants included from RemoteDbExportDataService

RemoteDbExportDataService::DB_EXPORT_API_PATH

Constants included from RemoteNmapDataService

RemoteNmapDataService::NMAP_PATH

Constants included from RemoteLoginDataService

RemoteLoginDataService::LOGIN_API_PATH, RemoteLoginDataService::LOGIN_MDM_CLASS

Constants included from RemoteCredentialDataService

RemoteCredentialDataService::CREDENTIAL_API_PATH, RemoteCredentialDataService::CREDENTIAL_MDM_CLASS

Constants included from RemoteSessionEventDataService

RemoteSessionEventDataService::SESSION_EVENT_API_PATH, RemoteSessionEventDataService::SESSION_EVENT_MDM_CLASS

Constants included from RemoteLootDataService

RemoteLootDataService::LOOT_API_PATH, RemoteLootDataService::LOOT_MDM_CLASS

Constants included from RemoteExploitDataService

RemoteExploitDataService::EXPLOIT_API_PATH

Constants included from RemoteSessionDataService

RemoteSessionDataService::SESSION_API_PATH, RemoteSessionDataService::SESSION_MDM_CLASS

Constants included from RemoteServiceDataService

RemoteServiceDataService::SERVICE_API_PATH, RemoteServiceDataService::SERVICE_MDM_CLASS

Constants included from RemoteWebDataService

RemoteWebDataService::WEB_API_PATH

Constants included from RemoteVulnDataService

RemoteVulnDataService::VULN_API_PATH, RemoteVulnDataService::VULN_MDM_CLASS

Constants included from RemoteWorkspaceDataService

RemoteWorkspaceDataService::WORKSPACE_API_PATH, RemoteWorkspaceDataService::WORKSPACE_MDM_CLASS

Constants included from RemoteNoteDataService

RemoteNoteDataService::NOTE_API_PATH, RemoteNoteDataService::NOTE_MDM_CLASS

Constants included from RemoteEventDataService

RemoteEventDataService::EVENT_API_PATH, RemoteEventDataService::EVENT_MDM_CLASS

Constants included from RemoteHostDataService

RemoteHostDataService::HOST_API_PATH, RemoteHostDataService::HOST_MDM_CLASS, RemoteHostDataService::HOST_SEARCH_PATH, RemoteHostDataService::TAG_MDM_CLASS

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from RemotePayloadDataService

#create_payload, #delete_payload, #payloads, #update_payload

Methods included from ResponseDataHelper

#json_to_hash, #json_to_mdm_object, #process_file, #to_ar

Methods included from RemoteDbImportDataService

#import_file

Methods included from RemoteMsfDataService

#get_msf_version

Methods included from RemoteVulnAttemptDataService

#report_vuln_attempt, #vuln_attempts

Methods included from RemoteDbExportDataService

#run_db_export

Methods included from RemoteNmapDataService

#import_nmap_xml_file

Methods included from RemoteLoginDataService

#create_credential_login, #logins, #update_login

Methods included from RemoteCredentialDataService

#create_credential, #creds, #delete_credentials, #update_credential

Methods included from RemoteSessionEventDataService

#report_session_event, #session_events

Methods included from RemoteLootDataService

#delete_loot, #loot, #report_loot, #update_loot

Methods included from RemoteExploitDataService

#report_exploit_attempt, #report_exploit_failure, #report_exploit_success

Methods included from RemoteSessionDataService

#report_session, #sessions, #update_session

Methods included from RemoteServiceDataService

#delete_service, #report_service, #services, #update_service

Methods included from RemoteWebDataService

#report_web_form, #report_web_page, #report_web_site, #report_web_vuln

Methods included from RemoteVulnDataService

#delete_vuln, #report_vuln, #update_vuln, #vulns

Methods included from RemoteWorkspaceDataService

#add_workspace, #default_workspace, #delete_workspaces, #update_workspace, #workspace, #workspace=, #workspaces

Methods included from RemoteNoteDataService

#delete_note, #notes, #report_note, #update_note

Methods included from RemoteEventDataService

#events, #report_event

Methods included from RemoteHostDataService

#add_host_tag, #delete_host, #delete_host_tag, #get_host, #get_host_tags, #hosts, #report_host, #update_host

Methods included from MsfDataService

#get_msf_version

Methods included from LootDataService

#find_or_create_loot, #loot, #report_loot, #update_loot

Methods included from ExploitDataService

#report_exploit_attempt, #report_exploit_failure, #report_exploit_success

Methods included from SessionEventDataService

#report_session_event, #session_events

Methods included from SessionDataService

#report_session, #sessions, #update_session

Methods included from ServiceDataService

#delete_service, #find_or_create_service, #report_service, #services, #update_service

Methods included from NoteDataService

#delete_note, #find_or_create_note, #notes, #report_note, #update_note

Methods included from WebDataService

#report_web_form, #report_web_page, #report_web_site, #report_web_vuln

Methods included from WorkspaceDataService

#add_workspace, #default_workspace, #delete_workspaces, #find_workspace, #update_workspace, #workspace, #workspace=, #workspaces

Methods included from VulnDataService

#delete_vuln, #find_or_create_vuln, #report_vuln, #update_vuln, #vulns

Methods included from EventDataService

#events, #report_event

Methods included from HostDataService

#add_host_tag, #delete_host, #delete_host_tag, #find_or_create_host, #get_host, #get_host_tags, #hosts, #report_host, #report_hosts, #update_host

Constructor Details

#initialize(endpoint, opts = {}) ⇒ RemoteHTTPDataService

Returns a new instance of RemoteHTTPDataService.

Parameters:

  • endpoint (String)

    A valid http or https URL. Cannot be nil


30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 30

def initialize(endpoint, opts = {})
  validate_endpoint(endpoint)
  @endpoint = URI.parse(endpoint)
  @https_opts = opts[:https_opts]
  @api_token = opts[:api_token]

  @headers = {}
  user_agent = !opts[:user_agent].nil? ? opts[:user_agent] : DEFAULT_USER_AGENT
  set_header('User-Agent', user_agent)
  set_header('Authorization', "Bearer #{@api_token}") unless @api_token.nil?

  build_client_pool(5)
end

Instance Attribute Details

#api_tokenObject (readonly)

Returns the value of attribute api_token


25
26
27
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 25

def api_token
  @api_token
end

#endpointObject (readonly)

Returns the value of attribute endpoint


25
26
27
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 25

def endpoint
  @endpoint
end

#https_optsObject (readonly)

Returns the value of attribute https_opts


25
26
27
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 25

def https_opts
  @https_opts
end

Instance Method Details

#activeObject


56
57
58
59
60
61
62
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 56

def active
  # checks if data service is online when @active is falsey and makes the assignment
  # this is to prevent repetitive calls to check if data service is online
  # logic should be enhanced to considering data service connectivity
  # and future data service implementations
  @active ||= is_online?
end

#active=(value) ⇒ Object


64
65
66
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 64

def active=(value)
  @active = value
end

#after_establish_connectionObject


48
49
50
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 48

def after_establish_connection

end

#connection_established?Boolean

Returns:

  • (Boolean)

44
45
46
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 44

def connection_established?
  true
end

#delete_data(path, data_hash, query = nil) ⇒ Object

Send DELETE request to delete the specified resource from the HTTP endpoint

Parameters:

  • path
    • The URI path to send the request

  • data_hash
    • A hash representation of the object to be deleted. Cannot be nil or empty.

  • query (defaults to: nil)
    • A hash representation of the URI query data. Key-value pairs will be URL-encoded.

Returns:

  • A wrapped response (ResponseWrapper), see below.


128
129
130
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 128

def delete_data(path, data_hash, query = nil)
  make_request(DELETE_REQUEST, path, data_hash, query)
end

#driverObject


76
77
78
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 76

def driver
  'http'
end

#errorObject


72
73
74
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 72

def error
  'none'
end

#get_data(path, data_hash = nil, query = nil) ⇒ Object

GET data from the HTTP endpoint

Parameters:

  • path
    • The URI path to send the request

  • data_hash (defaults to: nil)
    • A hash representation of the object to be included. Can be nil or empty.

  • query (defaults to: nil)
    • A hash representation of the URI query data. Key-value pairs will be URL-encoded.

Returns:

  • A wrapped response (ResponseWrapper), see below.


115
116
117
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 115

def get_data(path, data_hash = nil, query = nil)
  make_request(GET_REQUEST, path, data_hash, query)
end

#get_path_select(opts, path) ⇒ String

Select the correct path for GET request based on the options parameters provided. If 'id' is present, the user is requesting a single record and should use api/<version>/<resource>/ID path.

Parameters:

  • opts (Hash)

    The parameters for the request

  • path (String)

    The base resource path for the endpoint

Returns:

  • (String)

    The correct path for the request.


229
230
231
232
233
234
235
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 229

def get_path_select(opts, path)
  if opts.key?(:id)
    path = "#{path}/#{opts[:id]}"
    opts.delete(:id)
  end
  path
end

#is_local?Boolean

Returns:

  • (Boolean)

68
69
70
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 68

def is_local?
  false
end

#is_online?Boolean

Checks if the data service is online by making a request for the Metasploit version number from the remote endpoint

Returns:

  • (Boolean)

207
208
209
210
211
212
213
214
215
216
217
218
219
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 207

def is_online?
  begin
    response = self.get_msf_version
    if response && !response[:metasploit_version].empty?
      return true
    end
  rescue
    # Ignore exceptions that are raised when checking the version,
    # and assume the server is not online.
  end

  return false
end

#make_request(request_type, path, data_hash = nil, query = nil) ⇒ Object

Make the specified request_type

Parameters:

  • request_type
    • A string representation of the HTTP method

  • path
    • The URI path to send the request

  • data_hash (defaults to: nil)
    • A hash representation of the object to be included in the request. Cannot be nil or empty.

  • query (defaults to: nil)
    • A hash representation of the URI query data. Key-value pairs will be URL-encoded.

Returns:

  • A wrapped response (ResponseWrapper)


155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 155

def make_request(request_type, path, data_hash = nil, query = nil)
  begin
    # simplify query by removing nil values
    query_str = (!query.nil? && !query.empty?) ? query.compact.to_query : nil
    uri = URI::HTTP::build({path: path, query: query_str})
    # TODO: Re-enable this logging when framework handles true log levels.
    #dlog("HTTP #{request_type} request to #{uri.request_uri} with #{data_hash ? data_hash : "nil"}")

    client = @client_pool.pop
    case request_type
      when GET_REQUEST
        request = Net::HTTP::Get.new(uri.request_uri, initheader=@headers)
      when POST_REQUEST
        request = Net::HTTP::Post.new(uri.request_uri, initheader=@headers)
      when DELETE_REQUEST
        request = Net::HTTP::Delete.new(uri.request_uri, initheader=@headers)
      when PUT_REQUEST
        request = Net::HTTP::Put.new(uri.request_uri, initheader=@headers)
      else
        raise Exception, 'A request_type must be specified'
    end
    built_request = build_request(request, data_hash)
    response = client.request(built_request)

    case response
      when Net::HTTPOK
        return SuccessResponse.new(response)
      else
        ilog "HTTP #{request_type} request: #{uri.request_uri} failed with code: #{response.code} message: #{response.body}"
        return ErrorResponse.new(response)
    end
  rescue EOFError => e
    error_msg = "No data was returned from the data service for request type/path : #{request_type}/#{path}, message: #{e.message}"
    ilog error_msg
    return FailedResponse.new(error_msg)
  rescue => e
    error_msg = "Problem with HTTP request for type/path: #{request_type} #{path} message: #{e.message}"
    ilog error_msg
    return FailedResponse.new(error_msg)
  ensure
    @client_pool << client
  end
end

#nameObject


52
53
54
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 52

def name
  "remote_data_service: (#{@endpoint})"
end

#post_data(path, data_hash, query = nil) ⇒ Object

POST data to the HTTP endpoint

Parameters:

  • path
    • The URI path to send the request

  • data_hash
    • A hash representation of the object to be posted. Cannot be nil or empty.

  • query (defaults to: nil)
    • A hash representation of the URI query data. Key-value pairs will be URL-encoded.

Returns:

  • A wrapped response (ResponseWrapper), see below.


102
103
104
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 102

def post_data(path, data_hash, query = nil)
  make_request(POST_REQUEST, path, data_hash, query)
end

#post_data_async(path, data_hash, query = nil) ⇒ Object

POST data to the HTTP endpoint and don't wait for the endpoint to process the data before getting a response

Parameters:

  • path
    • The URI path to send the request

  • data_hash
    • A hash representation of the object to be posted. Cannot be nil or empty.

  • query (defaults to: nil)
    • A hash representation of the URI query data. Key-value pairs will be URL-encoded.

Returns:

  • A wrapped response (ResponseWrapper), see below.


89
90
91
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 89

def post_data_async(path, data_hash, query = nil)
  make_request(POST_REQUEST, path, data_hash.merge(EXEC_ASYNC), query)
end

#put_data(path, data_hash, query = nil) ⇒ Object

Send PUT request to store data for the specified resource at the HTTP endpoint

Parameters:

  • path
    • The URI path to send the request

  • data_hash
    • A hash representation of the object to be stored. Cannot be nil or empty.

  • query (defaults to: nil)
    • A hash representation of the URI query data. Key-value pairs will be URL-encoded.

Returns:

  • A wrapped response (ResponseWrapper), see below.


141
142
143
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 141

def put_data(path, data_hash, query = nil)
  make_request(PUT_REQUEST, path, data_hash, query)
end

#set_header(key, value) ⇒ Object


199
200
201
# File 'lib/metasploit/framework/data_service/remote/http/core.rb', line 199

def set_header(key, value)
  @headers[key] = value
end