Class: Msf::OptHTTPRhostURL

Inherits:
OptBase
  • Object
show all
Defined in:
lib/msf/core/opt_http_rhost_url.rb

Overview

RHOST URL option.

Instance Attribute Summary

Attributes inherited from OptBase

#advanced, #aliases, #conditions, #default, #desc, #enums, #evasion, #max_length, #name, #owner, #regex, #required

Instance Method Summary collapse

Methods inherited from OptBase

#advanced?, #display_value, #empty_required_value?, #evasion?, #initialize, #invalid_value_length?, #required?, #type?, #validate_on_assignment?

Constructor Details

This class inherits a constructor from Msf::OptBase

Instance Method Details

#calculate_value(datastore) ⇒ Object


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/msf/core/opt_http_rhost_url.rb', line 50

def calculate_value(datastore)
  return unless datastore['RHOSTS']
  begin
    uri_type = datastore['SSL'] ? URI::HTTPS : URI::HTTP
    uri = uri_type.build(host: datastore['RHOSTS'])
    uri.port = datastore['RPORT']
    # The datastore uses both `TARGETURI` and `URI` to denote the path of a URL, we try both here and fall back to `/`
    uri.path = (datastore['TARGETURI'] || datastore['URI'] || '/')
    uri.user = datastore['HttpUsername']
    uri.password = datastore['HttpPassword'] if uri.user
    uri.to_s
  rescue URI::InvalidComponentError
    nil
  end
end

#get_uri(value) ⇒ Object (protected)


68
69
70
71
72
73
74
75
76
# File 'lib/msf/core/opt_http_rhost_url.rb', line 68

def get_uri(value)
  return unless value
  return unless single_rhost?(value)

  value = 'http://' + value unless value.start_with?(%r{https?://})
  URI(value)
rescue URI::InvalidURIError
  nil
end

#normalize(value) ⇒ Object


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/msf/core/opt_http_rhost_url.rb', line 14

def normalize(value)
  return unless value

  uri = get_uri(value)
  return unless uri

  option_hash = {}
  # Blank this out since we don't know if this new value will have a `VHOST` to ensure we remove the old value
  option_hash['VHOST'] = nil

  option_hash['RHOSTS'] = uri.hostname
  option_hash['RPORT'] = uri.port
  option_hash['SSL'] = %w[ssl https].include?(uri.scheme)

  # Both `TARGETURI` and `URI` are used as datastore options to denote the path on a uri
  option_hash['TARGETURI'] = uri.path.present? ? uri.path : '/'
  option_hash['URI'] = option_hash['TARGETURI']

  if uri.scheme && %(http https).include?(uri.scheme)
    option_hash['VHOST'] = uri.hostname unless Rex::Socket.is_ip_addr?(uri.hostname)
    option_hash['HttpUsername'] = uri.user.to_s
    option_hash['HttpPassword'] = uri.password.to_s
  end

  option_hash
end

#single_rhost?(value) ⇒ Boolean (protected)

Returns:

  • (Boolean)

78
79
80
81
82
83
84
# File 'lib/msf/core/opt_http_rhost_url.rb', line 78

def single_rhost?(value)
  return true if value =~ /[^-0-9,.*\/]/
  walker = Rex::Socket::RangeWalker.new(value)
  return false unless walker.valid?
    # if there is only a single ip then it's not a range
  walker.length == 1
end

#typeObject


10
11
12
# File 'lib/msf/core/opt_http_rhost_url.rb', line 10

def type
  'rhost http url'
end

#valid?(value, check_empty: false) ⇒ Boolean

Returns:

  • (Boolean)

41
42
43
44
45
46
47
48
# File 'lib/msf/core/opt_http_rhost_url.rb', line 41

def valid?(value, check_empty: false)
  return true unless value || required

  uri = get_uri(value)
  return false unless uri && !uri.host.nil? && !uri.port.nil?

  super
end