Module: Msf::DBManager::Import::MetasploitFramework::XML

Included in:
Msf::DBManager::Import::MetasploitFramework
Defined in:
lib/msf/core/db_manager/import/metasploit_framework/xml.rb

Overview

Handles importing of the xml format exported by Pro. The methods are in a module because (1) it's just good code layout and (2) it allows the methods to be overridden in Pro without using alias_method_chain as methods defined in a class cannot be overridden by including a module (unless you're running Ruby 2.0 and can use prepend)

Constant Summary collapse

MSF_WEB_PAGE_TEXT_ELEMENT_NAMES =

Elements that can be treated as text (i.e. do not need to be deserialized) in #import_msf_web_page_element

[
    'auth',
    'body',
    'code',
    'cookie',
    'ctype',
    'location',
    'mtime'
]
MSF_WEB_TEXT_ELEMENT_NAMES =

Elements that can be treated as text (i.e. do not need to be deserialized) in #import_msf_web_element.

[
    'created-at',
    'host',
    'path',
    'port',
    'query',
    'ssl',
    'updated-at',
    'vhost'
]
MSF_WEB_VULN_TEXT_ELEMENT_NAMES =

Elements that can be treated as text (i.e. do not need to be deserialized) in #import_msf_web_vuln_element.

[
    'blame',
    'category',
    'confidence',
    'description',
    'method',
    'name',
    'pname',
    'proof',
    'risk'
]

Instance Method Summary collapse

Instance Method Details

#import_msf_file(args = {}) ⇒ Object

Import a Metasploit XML file.


56
57
58
59
60
61
62
63
64
# File 'lib/msf/core/db_manager/import/metasploit_framework/xml.rb', line 56

def import_msf_file(args={})
  filename = args[:filename]

  data = ""
  ::File.open(filename, 'rb') do |f|
    data = f.read(f.stat.size)
  end
  import_msf_xml(args.merge(:data => data))
end

#import_msf_note_element(note, allow_yaml, note_data = {}) ⇒ void

This method returns an undefined value.

Imports `Mdm::Note` objects from the XML element.

Parameters:

  • note (Nokogiri::XML::Element)

    The Note element

  • allow_yaml (Boolean)

    whether to allow yaml

  • note_data (Hash) (defaults to: {})

    hash containing note attributes to be passed along


72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/msf/core/db_manager/import/metasploit_framework/xml.rb', line 72

def import_msf_note_element(note, allow_yaml, note_data={})
  note_data[:type] = nils_for_nulls(note.at("ntype").text.to_s.strip)
  note_data[:data] = nils_for_nulls(unserialize_object(note.at("data"), allow_yaml))

  if note.at("critical").text
    note_data[:critical] = true unless note.at("critical").text.to_s.strip == "NULL"
  end
  if note.at("seen").text
    note_data[:seen] = true unless note.at("critical").text.to_s.strip == "NULL"
  end
  %W{created-at updated-at}.each { |datum|
    if note.at(datum).text
      note_data[datum.gsub("-","_")] = nils_for_nulls(note.at(datum).text.to_s.strip)
    end
  }
  report_note(note_data)
end

#import_msf_web_form_element(element, options = {}) {|event, data| ... } ⇒ void

This method returns an undefined value.

Imports web_form element using Msf::DBManager#report_web_form.

Parameters:

  • element (Nokogiri::XML::Element)

    web_form element.

  • options (Hash{Symbol => Object}) (defaults to: {})

    options

Options Hash (options):

  • :allow_yaml (Boolean) — default: false

    Whether to allow YAML when deserializing params.

  • :workspace (Mdm::Workspace, nil) — default: Msf::DBManager#workspace

    workspace under which to report the Mdm::WebForm

Yields:

  • (event, data)

Yield Parameters:

  • event (:web_page)

    The event name

  • data (String)

    path

Yield Returns:

  • (void)

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'lib/msf/core/db_manager/import/metasploit_framework/xml.rb', line 104

def import_msf_web_form_element(element, options={}, &notifier)
  options.assert_valid_keys(:allow_yaml, :workspace)

  import_msf_web_element(element,
                         :allow_yaml => options[:allow_yaml],
                         :notifier => notifier,
                         :type => :form,
                         :workspace => options[:workspace]) do |element, options|
    info = import_msf_text_element(element, 'method')

    # FIXME https://www.pivotaltracker.com/story/show/46578647
    # FIXME https://www.pivotaltracker.com/story/show/47128407
    unserialized_params = unserialize_object(
        element.at('params'),
        options[:allow_yaml]
    )
    info[:params] = nils_for_nulls(unserialized_params)

    info
  end
end

#import_msf_web_page_element(element, options = {}) {|event, data| ... } ⇒ void

This method returns an undefined value.

Imports web_page element using Msf::DBManager#report_web_page.

Parameters:

  • element (Nokogiri::XML::Element)

    web_page element.

  • options (Hash{Symbol => Object}) (defaults to: {})

    options

Options Hash (options):

  • :allow_yaml (Boolean) — default: false

    Whether to allow YAML when deserializing headers.

  • :workspace (Mdm::Workspace, nil) — default: Msf::DBManager#workspace

    workspace under which to report the Mdm::WebPage.

Yields:

  • (event, data)

Yield Parameters:

  • event (:web_page)

    The event name

  • data (String)

    path

Yield Returns:

  • (void)

140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# File 'lib/msf/core/db_manager/import/metasploit_framework/xml.rb', line 140

def import_msf_web_page_element(element, options={}, &notifier)
  options.assert_valid_keys(:allow_yaml, :workspace)

  import_msf_web_element(element,
                         :allow_yaml => options[:allow_yaml],
                         :notifier => notifier,
                         :type => :page,
                         :workspace => options[:workspace]) do |element, options|
    info = {}

    MSF_WEB_PAGE_TEXT_ELEMENT_NAMES.each do |name|
      element_info = import_msf_text_element(element, name)
      info.merge!(element_info)
    end

    code = info[:code]

    if code
      info[:code] = code.to_i
    end

    # FIXME https://www.pivotaltracker.com/story/show/46578647
    # FIXME https://www.pivotaltracker.com/story/show/47128407
    unserialized_headers = unserialize_object(
        element.at('headers'),
        options[:allow_yaml]
    )
    info[:headers] = nils_for_nulls(unserialized_headers)

    info
  end
end

#import_msf_web_vuln_element(element, options = {}) {|event, data| ... } ⇒ void

This method returns an undefined value.

Imports web_vuln element using Msf::DBManager#report_web_vuln.

Parameters:

  • element (Nokogiri::XML::Element)

    web_vuln element.

  • options (Hash{Symbol => Object}) (defaults to: {})

    options

Options Hash (options):

  • :allow_yaml (Boolean) — default: false

    Whether to allow YAML when deserializing headers.

  • :workspace (Mdm::Workspace, nil) — default: Msf::DBManager#workspace

    workspace under which to report the Mdm::WebPage.

Yields:

  • (event, data)

Yield Parameters:

  • event (:web_page)

    The event name

  • data (String)

    path

Yield Returns:

  • (void)

187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
# File 'lib/msf/core/db_manager/import/metasploit_framework/xml.rb', line 187

def import_msf_web_vuln_element(element, options={}, &notifier)
  options.assert_valid_keys(:allow_yaml, :workspace)

  import_msf_web_element(element,
                         :allow_yaml => options[:allow_yaml],
                         :notifier => notifier,
                         :workspace => options[:workspace],
                         :type => :vuln) do |element, options|
    info = {}

    MSF_WEB_VULN_TEXT_ELEMENT_NAMES.each do |name|
      element_info = import_msf_text_element(element, name)
      info.merge!(element_info)
    end

    confidence = info[:confidence]

    if confidence
      info[:confidence] = confidence.to_i
    end

    # FIXME https://www.pivotaltracker.com/story/show/46578647
    # FIXME https://www.pivotaltracker.com/story/show/47128407
    unserialized_params = unserialize_object(
        element.at('params'),
        options[:allow_yaml]
    )
    info[:params] = nils_for_nulls(unserialized_params)

    risk = info[:risk]

    if risk
      info[:risk] = risk.to_i
    end

    info
  end
end

#import_msf_xml(args = {}, &block) ⇒ Object

For each host, step through services, notes, and vulns, and import them. TODO: loot, tasks, and reports


229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
# File 'lib/msf/core/db_manager/import/metasploit_framework/xml.rb', line 229

def import_msf_xml(args={}, &block)
  data = args[:data]
  wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
  args = args.clone()
  args.delete(:workspace)
  bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []

  doc = Nokogiri::XML::Reader.from_memory(data)
   = check_msf_xml_version!(doc.first.name)
  allow_yaml = [:allow_yaml]
  btag = [:root_tag]

  doc.each do |node|
    unless node.inner_xml.empty?
      case node.name
      when 'host'
        parse_host(Nokogiri::XML(node.outer_xml).at("./#{node.name}"), wspace, bl, allow_yaml, btag, args, &block)
      when 'web_site'
        parse_web_site(Nokogiri::XML(node.outer_xml).at("./#{node.name}"), wspace, allow_yaml, &block)
      when 'web_page', 'web_form', 'web_vuln'
        send(
            "import_msf_#{node.name}_element",
            Nokogiri::XML(node.outer_xml).at("./#{node.name}"),
            :allow_yaml => allow_yaml,
            :workspace => wspace,
            &block
        )
      end
    end
  end
end