Class: Msf::DBManager

Overview

The db module provides persistent storage and events. This class should be instantiated LAST as the active_suppport library overrides Kernel.require, slowing down all future code loads.

Defined Under Namespace

Modules: Adapter, Client, Connection, Cred, DbExport, Event, ExploitAttempt, ExploitedHost, Host, HostDetail, HostTag, IPAddress, Import, Login, Loot, Migration, ModuleCache, Note, Payload, Ref, Report, Route, Service, Session, SessionEvent, Task, User, Vuln, VulnAttempt, VulnDetail, WMAP, Web, Workspace Classes: Export

Constant Summary collapse

DEFAULT_SERVICE_PROTO =

Default proto for making new `Mdm::Service`s. This should probably be a const on `Mdm::Service`

"tcp"

Constants included from Workspace

Workspace::DEFAULT_WORKSPACE_NAME

Constants included from User

User::MIN_TOKEN_LENGTH

Constants included from SessionEvent

SessionEvent::DEFAULT_LIMIT, SessionEvent::DEFAULT_OFFSET, SessionEvent::DEFAULT_ORDER

Constants included from Import::MetasploitFramework::XML

Import::MetasploitFramework::XML::MSF_WEB_PAGE_TEXT_ELEMENT_NAMES, Import::MetasploitFramework::XML::MSF_WEB_TEXT_ELEMENT_NAMES, Import::MetasploitFramework::XML::MSF_WEB_VULN_TEXT_ELEMENT_NAMES

Constants included from Event

Event::DEFAULT_LIMIT, Event::DEFAULT_OFFSET, Event::DEFAULT_ORDER

Constants included from Adapter

Adapter::ADAPTER

Instance Attribute Summary collapse

Attributes included from Framework::Offspring

#framework

Attributes included from ModuleCache

#modules_cached, #modules_caching

Attributes included from Migration

#migrated

Attributes included from Adapter

#driver, #drivers

Instance Method Summary collapse

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Methods included from Workspace

#add_workspace, #default_workspace, #delete_workspaces, #find_workspace, #update_workspace, #workspace, #workspace=, #workspaces

Methods included from Web

#report_web_form, #report_web_page, #report_web_site, #report_web_vuln

Methods included from WMAP

#create_request, #create_target, #delete_all_targets, #each_distinct_target, #each_request, #each_request_target, #each_request_target_with_body, #each_request_target_with_headers, #each_request_target_with_path, #each_request_target_with_query, #each_target, #get_target, #request_distinct_targets, #request_sql, #requests, #selected_host, #selected_id, #selected_port, #selected_ssl, #selected_wmap_target, #sql_query, #target_requests, #targets

Methods included from VulnDetail

#report_vuln_details, #update_vuln_details

Methods included from VulnAttempt

#report_vuln_attempt, #vuln_attempts

Methods included from Vuln

#delete_vuln, #each_vuln, #find_or_create_vuln, #find_vuln_by_details, #find_vuln_by_refs, #get_vuln, #has_vuln?, #report_vuln, #update_vuln, #vulns

Methods included from User

#authenticate_user, #create_new_user_token, #delete_user, #report_user, #update_user, #users

Methods included from Task

#find_or_create_task, #report_task, #tasks

Methods included from SessionEvent

#report_session_event, #session_events

Methods included from Session

#create_mdm_session_from_host, #create_mdm_session_from_session, #get_session, #infer_vuln_from_session, #infer_vuln_from_session_dto, #remove_stale_sessions, #report_session, #report_session_dto, #report_session_host_dto, #sessions, #update_session

Methods included from Service

#delete_service, #each_service, #find_or_create_service, #get_service, #report_service, #services, #update_service

Methods included from Route

#report_session_route, #report_session_route_remove

Methods included from Report

#find_or_create_report, #report_artifact, #report_report, #reports

Methods included from Ref

#find_or_create_ref, #get_ref, #has_ref?

Methods included from Payload

#create_payload, #delete_payload, #get_payload, #payloads, #update_payload

Methods included from Note

#delete_note, #each_note, #find_or_create_note, #notes, #report_note, #update_note

Methods included from ModuleCache

#match_values, #module_to_details_hash, #purge_all_module_details, #remove_module_details, #search_modules, #update_all_module_details, #update_module_details

Methods included from Migration

#add_rails_engine_migration_paths, #migrate

Methods included from Loot

#delete_loot, #find_or_create_loot, #loots, #report_loot, #update_loot

Methods included from Login

#delete_logins, #logins, #update_login

Methods included from IPAddress

#ipv46_validator, #ipv4_validator, #ipv6_validator, #rfc3330_reserved, #validate_ips

Methods included from Import

#dehex, #emit, #import, #import_file, #import_filetype_detect, #msf_import_timestamps, #report_import_note, #rexmlify, #service_name_map, #validate_import_file

Methods included from Import::Wapiti

#import_wapiti_xml, #import_wapiti_xml_file

Methods included from Import::Spiceworks

#import_spiceworks_csv

Methods included from Import::Retina

#import_retina_xml, #import_retina_xml_file

Methods included from Import::Report

#import_report

Methods included from Import::Qualys

#handle_qualys

Methods included from Import::Qualys::Scan

#import_qualys_scan_xml, #import_qualys_scan_xml_file

Methods included from Import::Qualys::Asset

#find_qualys_asset_ports, #find_qualys_asset_vuln_refs, #find_qualys_asset_vulns, #import_qualys_asset_xml

Methods included from Import::Outpost24

#import_outpost24_noko_stream, #import_outpost24_xml

Methods included from Import::OpenVAS

#import_openvas_new_xml, #import_openvas_noko_stream, #import_openvas_xml

Methods included from Import::Nmap

#import_nmap_noko_stream, #import_nmap_xml, #import_nmap_xml_file, #nmap_msf_service_map

Methods included from Import::Nikto

#import_nikto_xml

Methods included from Import::Nexpose::Simple

#import_nexpose_noko_stream, #import_nexpose_simplexml, #import_nexpose_simplexml_file, #process_nexpose_data_sxml_refs

Methods included from Import::Nexpose::Raw

#import_nexpose_raw_noko_stream, #import_nexpose_rawxml, #import_nexpose_rawxml_file, #nexpose_host_from_rawxml, #nexpose_refs_to_struct

Methods included from Import::Netsparker

#import_netsparker_xml, #import_netsparker_xml_file, #netsparker_method_map, #netsparker_params_map, #netsparker_pname_map, #netsparker_vulnerability_map

Methods included from Import::Nessus

#handle_nessus

Methods included from Import::Nessus::XML

#import_nessus_xml_file

Methods included from Import::Nessus::XML::V2

#handle_nessus_v2, #import_nessus_xml_v2

Methods included from Import::Nessus::XML::V1

#import_nessus_xml

Methods included from Import::Nessus::NBE

#import_nessus_nbe, #import_nessus_nbe_file

Methods included from Import::MetasploitFramework

#nils_for_nulls, #unserialize_object

Methods included from Import::MetasploitFramework::Zip

#import_msf_collateral, #import_msf_zip, #is_child_of?, #parse_zip_host, #parse_zip_loot, #parse_zip_report, #parse_zip_task

Methods included from Import::MetasploitFramework::XML

#import_msf_file, #import_msf_note_element, #import_msf_web_form_element, #import_msf_web_page_element, #import_msf_web_vuln_element, #import_msf_xml

Methods included from Import::MetasploitFramework::Credential

#import_msf_cred_dump, #import_msf_cred_dump_zip, #import_msf_pwdump

Methods included from Import::MBSA

#import_mbsa_noko_stream, #import_mbsa_xml

Methods included from Import::Libpcap

#import_libpcap, #import_libpcap_file, #inspect_single_packet, #inspect_single_packet_http

Methods included from Import::IPList

#import_ip_list, #import_ip_list_file

Methods included from Import::IP360::V3

#handle_ip360_v3_svc, #handle_ip360_v3_vuln, #import_ip360_xml_file, #import_ip360_xml_v3

Methods included from Import::IP360::ASPL

#import_ip360_aspl_xml

Methods included from Import::GPP

#import_gpp_xml

Methods included from Import::FusionVM

#import_fusionvm_xml

Methods included from Import::Foundstone

#import_foundstone_noko_stream, #import_foundstone_xml

Methods included from Import::CI

#import_ci_noko_stream, #import_ci_xml

Methods included from Import::BurpSession

#import_burp_session_noko_stream, #import_burp_session_xml

Methods included from Import::BurpIssue

#import_burp_issue_xml

Methods included from Import::Appscan

#import_appscan_noko_stream, #import_appscan_xml

Methods included from Import::Amap

#import_amap_log, #import_amap_log_file, #import_amap_mlog

Methods included from Import::Acunetix

#import_acunetix_noko_stream, #import_acunetix_xml

Methods included from HostTag

#report_host_tag

Methods included from HostDetail

#report_host_details

Methods included from Host

#add_host_tag, #del_host, #delete_host, #delete_host_tag, #each_host, #find_or_create_host, #get_host, #get_host_tags, #has_host?, #host_state_changed, #hosts, #report_host, #split_windows_os_name, #update_host

Methods included from ExploitedHost

#each_exploited_host, #exploited_hosts

Methods included from ExploitAttempt

#report_exploit, #report_exploit_attempt, #report_exploit_failure, #report_exploit_success

Methods included from Event

#events, #report_event

Methods included from DbExport

#run_db_export

Methods included from Cred

#creds, #delete_credentials, #each_cred, #find_or_create_cred, #report_auth_info, #update_credential

Methods included from Connection

#active, #after_establish_connection, #connect, #connection_established?, #create_db, #disconnect

Methods included from Client

#find_or_create_client, #get_client, #report_client

Methods included from Adapter

#initialize_adapter

Methods included from Metasploit::Framework::DataService

#active, #active=

Methods included from MsfDataService

#get_msf_version

Methods included from LootDataService

#find_or_create_loot, #loot, #report_loot, #update_loot

Methods included from ExploitDataService

#report_exploit_attempt, #report_exploit_failure, #report_exploit_success

Methods included from SessionEventDataService

#report_session_event, #session_events

Methods included from SessionDataService

#report_session, #sessions, #update_session

Methods included from ServiceDataService

#delete_service, #find_or_create_service, #report_service, #services, #update_service

Methods included from NoteDataService

#delete_note, #find_or_create_note, #notes, #report_note, #update_note

Methods included from WebDataService

#report_web_form, #report_web_page, #report_web_site, #report_web_vuln

Methods included from WorkspaceDataService

#add_workspace, #default_workspace, #delete_workspaces, #find_workspace, #update_workspace, #workspace, #workspace=, #workspaces

Methods included from VulnDataService

#delete_vuln, #find_or_create_vuln, #report_vuln, #update_vuln, #vulns

Methods included from EventDataService

#events, #report_event

Methods included from HostDataService

#add_host_tag, #delete_host, #delete_host_tag, #find_or_create_host, #get_host, #get_host_tags, #hosts, #report_host, #report_hosts, #update_host

Constructor Details

#initialize(framework, opts = {}) ⇒ DBManager

initialize


130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'lib/msf/core/db_manager.rb', line 130

def initialize(framework, opts = {})

  self.framework = framework
  self.migrated  = false
  self.modules_cached  = false
  self.modules_caching = false

  @usable = false

  # Don't load the database if the user said they didn't need it.
  if (opts['DisableDatabase'])
    self.error = "disabled"
    return
  end

  return initialize_database_support
end

Instance Attribute Details

#errorObject

Stores the error message for why the db was not loaded


121
122
123
# File 'lib/msf/core/db_manager.rb', line 121

def error
  @error
end

#usableObject

Returns true if the prerequisites have been installed


124
125
126
# File 'lib/msf/core/db_manager.rb', line 124

def usable
  @usable
end

Instance Method Details

#checkObject

Determines if the database is functional


155
156
157
158
159
# File 'lib/msf/core/db_manager.rb', line 155

def check
::ApplicationRecord.connection_pool.with_connection {
  res = ::Mdm::Host.first
}
end

#init_db(opts) ⇒ Object


184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
# File 'lib/msf/core/db_manager.rb', line 184

def init_db(opts)

  init_success = false

  # Append any migration paths necessary to bring the database online
  if opts['DatabaseMigrationPaths']
    opts['DatabaseMigrationPaths'].each do |migrations_path|
      ActiveRecord::Migrator.migrations_paths << migrations_path
    end
  end

  if connection_established?
    after_establish_connection
  else
    configuration_pathname = Metasploit::Framework::Database.configurations_pathname(path: opts['DatabaseYAML'])

    if configuration_pathname.nil?
      self.error = "No database YAML file"
    else
      if configuration_pathname.readable?
        # parse specified database YAML file
        dbinfo = YAML.load_file(configuration_pathname) || {}
        dbenv  = opts['DatabaseEnv'] || Rails.env
        db     = dbinfo[dbenv]
      else
        elog("Warning, #{configuration_pathname} is not readable. Try running as root or chmod.")
      end

      if not db
        elog("No database definition for environment #{dbenv}")
      else
        init_success = connect(db)
      end
    end
  end

  # framework.db.active will be true if after_establish_connection ran directly when connection_established? was
  # already true or if framework.db.connect called after_establish_connection.
  if !! error
    if error.to_s =~ /RubyGem version.*pg.*0\.11/i
      err_msg = <<~ERROR
      ***
      *
      * Metasploit now requires version 0.11 or higher of the 'pg' gem for database support
      * There are three ways to accomplish this upgrade:
      * 1. If you run Metasploit with your system ruby, simply upgrade the gem:
      *    $ rvmsudo gem install pg
      * 2. Use the Community Edition web interface to apply a Software Update
      * 3. Uninstall, download the latest version, and reinstall Metasploit
      *
      ***
      

      ERROR
      elog(err_msg)
    end

    # +error+ is not an instance of +Exception+, it is, in fact, a +String+
    elog("Failed to connect to the database: #{error}")
  end

  return init_success
end

#initialize_database_supportObject

Do what is necessary to load our database support


164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# File 'lib/msf/core/db_manager.rb', line 164

def initialize_database_support
  begin
    add_rails_engine_migration_paths

    @usable = true

  rescue ::Exception => e
    self.error = e
    elog('DB is not enabled due to load error', error: e)
    return false
  end

  #
  # Determine what drivers are available
  #
  initialize_adapter

  true
end

#is_local?Boolean

Returns:

  • (Boolean)

112
113
114
# File 'lib/msf/core/db_manager.rb', line 112

def is_local?
  true
end

#nameObject


108
109
110
# File 'lib/msf/core/db_manager.rb', line 108

def name
  'local_db_service'
end