Class: Msf::Plugin::Wiki::WikiCommandDispatcher

Inherits:

Object

• Object
• Msf::Plugin::Wiki::WikiCommandDispatcher

Includes:

Ui::Console::CommandDispatcher

Defined in:

plugins/wiki.rb

Overview

This class implements a command dispatcher that provides commands to output database information in a wiki friendly format.

Instance Attribute Summary

Attributes included from Ui::Console::CommandDispatcher

#driver

Attributes included from Rex::Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary

• #cmd_dokuwiki(*args) ⇒ Object

  Outputs database entries as Dokuwiki formatted text by passing the arguments to the wiki method with a wiki_type of ‘dokuwiki’.

• #cmd_mediawiki(*args) ⇒ Object

  Outputs database entries as Mediawiki formatted text by passing the arguments to the wiki method with a wiki_type of ‘mediawiki’.

• #commands ⇒ Object

  Returns the hash of commands supported by the wiki dispatcher.

• #creds_to_table(opts = {}) ⇒ Rex::Text::Table

  Outputs credentials in the database (within the current workspace) as a Rex table object.

• #hosts_to_table(opts = {}) ⇒ Rex::Text::Table

  Outputs host information stored in the database (within the current workspace) as a Rex table object.

• #loot_to_table(opts = {}) ⇒ Rex::Text::Table

  Outputs loot information stored in the database (within the current workspace) as a Rex table object.

• #name ⇒ Object

  The dispatcher’s name.

• #next_opt(args) ⇒ String^?

  Gets the next argument when parsing command options.

• #next_opts(args) ⇒ Array

  Gets the next set of arguments when parsing command options.

• #services_to_table(opts = {}) ⇒ Rex::Text::Table

  Outputs service information stored in the database (within the current workspace) as a Rex table object.

• #to_wikilink(text, namespace = '') ⇒ String

  Converts a value to a wiki link.

• #usage(cmd_name = '<wiki cmd>') ⇒ Object

  Outputs the help message.

• #vulns_to_table(opts = {}) ⇒ Rex::Text::Table

  Outputs vulnerability information stored in the database (within the current workspace) as a Rex table object.

• #wiki(wiki_type, *args) ⇒ Object

  This method parses arguments passed from the wiki output commands and then formats and displays or saves text according to the provided wiki type.

Methods included from Ui::Console::CommandDispatcher

#active_module, #active_module=, #active_session, #active_session=, #build_range_array, #docs_dir, #framework, #initialize, #load_config, #log_error, #remove_lines

Methods included from Rex::Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #docs_dir, #help_to_s, included, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_directory, #tab_complete_filenames, #tab_complete_generic, #tab_complete_source_address, #unknown_command, #update_prompt

Instance Method Details

#cmd_dokuwiki(*args) ⇒ Object

Outputs database entries as Dokuwiki formatted text by passing the arguments to the wiki method with a wiki_type of ‘dokuwiki’

Parameters:

• args (Array<String>) —

  the arguments passed when the command is called

See Also:

• #wiki

# File 'plugins/wiki.rb', line 55

def cmd_dokuwiki(*args)
  wiki('dokuwiki', *args)
end

#cmd_mediawiki(*args) ⇒ Object

Outputs database entries as Mediawiki formatted text by passing the arguments to the wiki method with a wiki_type of ‘mediawiki’

Parameters:

• args (Array<String>) —

  the arguments passed when the command is called

See Also:

• #wiki

# File 'plugins/wiki.rb', line 66

def cmd_mediawiki(*args)
  wiki('mediawiki', *args)
end

#commands ⇒ Object

Returns the hash of commands supported by the wiki dispatcher.

# File 'plugins/wiki.rb', line 41

def commands
  {
    'dokuwiki' => 'Outputs data from the current workspace in dokuwiki markup.',
    'mediawiki' => 'Outputs data from the current workspace in mediawiki markup.'
  }
end

#creds_to_table(opts = {}) ⇒ Rex::Text::Table

Outputs credentials in the database (within the current workspace) as a Rex table object

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :hosts (Array<String>) —

  contains list of hosts used to limit results

• :ports (Array<Integer>) —

  contains list of ports used to limit results

• :search (String) —

  limits results to those containing a provided string

Returns:

• (Rex::Text::Table) —

  table containing credentials

# File 'plugins/wiki.rb', line 222

def creds_to_table(opts = {})
  tbl = Rex::Text::Table.new({ 'Columns' => ['host', 'port', 'user', 'pass', 'type', 'proof', 'active?'] })
  tbl.header = 'Credentials'
  tbl.headeri = opts[:heading_size]
  framework.db.creds.each do |cred|
    if !(opts[:hosts].nil? || opts[:hosts].empty?) && !(opts[:hosts].include? cred.service.host.address)
      next
    end
    if !opts[:ports].nil? && opts[:ports].none? { |p| cred.service.port.eql? p }
      next
    end

    address = cred.service.host.address
    address = to_wikilink(address, opts[:namespace]) if opts[:links]
    row = [
      address,
      cred.service.port,
      cred.user,
      cred.pass,
      cred.ptype,
      cred.proof,
      cred.active
    ]
    if opts[:search]
      tbl << row if row.any? { |r| /#{opts[:search]}/i.match r.to_s }
    else
      tbl << row
    end
  end
  return tbl
end

#hosts_to_table(opts = {}) ⇒ Rex::Text::Table

Outputs host information stored in the database (within the current

workspace) as a Rex table object

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :hosts (Array<String>) —

  contains list of hosts used to limit results

• :ports (Array<String>) —

  contains list of ports used to limit results

• :search (String) —

  limits results to those containing a provided string

Returns:

• (Rex::Text::Table) —

  table containing credentials

# File 'plugins/wiki.rb', line 263

def hosts_to_table(opts = {})
  tbl = Rex::Text::Table.new({ 'Columns' => ['address', 'mac', 'name', 'os_name', 'os_flavor', 'os_sp', 'purpose', 'info', 'comments'] })
  tbl.header = 'Hosts'
  tbl.headeri = opts[:heading_size]
  framework.db.hosts.each do |host|
    if !(opts[:hosts].nil? || opts[:hosts].empty?) && !(opts[:hosts].include? host.address)
      next
    end
    if !opts[:ports].nil? && (host.services.map { |s| s[:port] }).none? { |p| opts[:ports].include? p }
      next
    end

    address = host.address
    address = to_wikilink(address, opts[:namespace]) if opts[:links]
    row = [
      address,
      host.mac,
      host.name,
      host.os_name,
      host.os_flavor,
      host.os_sp,
      host.purpose,
      host.info,
      host.comments
    ]
    if opts[:search]
      tbl << row if row.any? { |r| /#{opts[:search]}/i.match r.to_s }
    else
      tbl << row
    end
  end
  return tbl
end

#loot_to_table(opts = {}) ⇒ Rex::Text::Table

Outputs loot information stored in the database (within the current

workspace) as a Rex table object

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :hosts (Array<String>) —

  contains list of hosts used to limit results

• :ports (Array<String>) —

  contains list of ports used to limit results

• :search (String) —

  limits results to those containing a provided string

Returns:

• (Rex::Text::Table) —

  table containing credentials

# File 'plugins/wiki.rb', line 306

def loot_to_table(opts = {})
  tbl = Rex::Text::Table.new({ 'Columns' => ['host', 'service', 'type', 'name', 'content', 'info', 'path'] })
  tbl.header = 'Loot'
  tbl.headeri = opts[:heading_size]
  framework.db.loots.each do |loot|
    if !(opts[:hosts].nil? || opts[:hosts].empty?) && !(opts[:hosts].include? loot.host.address)
      next
    end
    if !(opts[:ports].nil? || opts[:ports].empty?) && (loot.service.nil? || loot.service.port.nil? || !opts[:ports].include?(loot.service.port))
      next
    end

    if loot.service
      svc = (loot.service.name || "#{loot.service.port}/#{loot.service.proto}")
    end
    address = loot.host.address
    address = to_wikilink(address, opts[:namespace]) if opts[:links]
    row = [
      address,
      svc || '',
      loot.ltype,
      loot.name,
      loot.content_type,
      loot.info,
      loot.path
    ]
    if opts[:search]
      tbl << row if row.any? { |r| /#{opts[:search]}/i.match r.to_s }
    else
      tbl << row
    end
  end
  return tbl
end

#name ⇒ Object

The dispatcher’s name.

# File 'plugins/wiki.rb', line 34

def name
  'Wiki'
end

#next_opt(args) ⇒ String^?

Gets the next argument when parsing command options

Note: This will modify the provided argument list

Parameters:

• args (Array) —

  the list of unparsed arguments

Returns:

• (String, nil) —

  the argument or nil if the argument starts with a ‘-’

# File 'plugins/wiki.rb', line 185

def next_opt(args)
  return nil if args[0] =~ /^-/

  args.shift
end

#next_opts(args) ⇒ Array

Gets the next set of arguments when parsing command options

Note: This will modify the provided argument list

Parameters:

• args (Array) —

  the list of unparsed arguments

Returns:

• (Array) —

  the unique list of items before the next ‘-’ in the provided array

# File 'plugins/wiki.rb', line 165

def next_opts(args)
  opts = []
  while (opt = args.shift)
    if opt =~ /^-/
      args.unshift opt
      break
    end
    opts.concat(opt.split(','))
  end
  return opts.uniq
end

#services_to_table(opts = {}) ⇒ Rex::Text::Table

Outputs service information stored in the database (within the current workspace) as a Rex table object

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :hosts (Array<String>) —

  contains list of hosts used to limit results

• :ports (Array<String>) —

  contains list of ports used to limit results

• :search (String) —

  limits results to those containing a provided string

Returns:

• (Rex::Text::Table) —

  table containing credentials

# File 'plugins/wiki.rb', line 350

def services_to_table(opts = {})
  tbl = Rex::Text::Table.new({ 'Columns' => ['host', 'port', 'proto', 'name', 'state', 'info'] })
  tbl.header = 'Services'
  tbl.headeri = opts[:heading_size]
  framework.db.services.each do |service|
    if !(opts[:hosts].nil? || opts[:hosts].empty?) && !(opts[:hosts].include? service.host.address)
      next
    end
    if !(opts[:ports].nil? || opts[:ports].empty?) && opts[:ports].none? { |p| service[:port].eql? p }
      next
    end

    address = service.host.address
    address = to_wikilink(address, opts[:namespace]) if opts[:links]
    row = [
      address,
      service.port,
      service.proto,
      service.name,
      service.state,
      service.info
    ]
    if opts[:search]
      tbl << row if row.any? { |r| /#{opts[:search]}/i.match r.to_s }
    else
      tbl << row
    end
  end
  return tbl
end

#to_wikilink(text, namespace = '') ⇒ String

Converts a value to a wiki link

Parameters:

• text (String) —

  value to convert to a link

• namespace (String) (defaults to: '') —

  optional namespace to set for the link

Returns:

• (String) —

  the formatted wiki link

# File 'plugins/wiki.rb', line 428

def to_wikilink(text, namespace = '')
  return '[[' + namespace + text + ']]'
end

#usage(cmd_name = '<wiki cmd>') ⇒ Object

Outputs the help message

Parameters:

• cmd_name (String) (defaults to: '<wiki cmd>') —

  the type of the wiki output command to display help for

# File 'plugins/wiki.rb', line 197

def usage(cmd_name = '<wiki cmd>')
  print_line "Usage: #{cmd_name} <table> [options] [IP1 IP2,IPn]"
  print_line
  print_line 'The first argument must be the type of table to retrieve:'
  print_line '  creds, hosts, loot, services, vulns'
  print_line
  print_line 'OPTIONS:'
  print_line '  -l,--link                Enables links for host addresses'
  print_line '  -n,--namespace <ns>      Changes the default namespace for host links'
  print_line '  -o,--output <file>       Write output to a file'
  print_line '  -p,--port <ports>        Only return results that relate to given ports'
  print_line '  -s,--search <search>     Only show results that match the provided text'
  print_line '  -i,--heading-size <1-6>  Changes the heading size'
  print_line '  -h,--help                Displays this menu'
  print_line
end

#vulns_to_table(opts = {}) ⇒ Rex::Text::Table

Outputs vulnerability information stored in the database (within the current workspace) as a Rex table object

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :hosts (Array<String>) —

  contains list of hosts used to limit results

• :ports (Array<String>) —

  contains list of ports used to limit results

• :search (String) —

  limits results to those containing a provided string

Returns:

• (Rex::Text::Table) —

  table containing credentials

# File 'plugins/wiki.rb', line 390

def vulns_to_table(opts = {})
  tbl = Rex::Text::Table.new({ 'Columns' => ['Title', 'Host', 'Port', 'Info', 'Detail Count', 'Attempt Count', 'Exploited At', 'Updated At'] })
  tbl.header = 'Vulns'
  tbl.headeri = opts[:heading_size]
  framework.db.vulns.each do |vuln|
    if !(opts[:hosts].nil? || opts[:hosts].empty?) && !(opts[:hosts].include? vuln.host.address)
      next
    end
    if !(opts[:ports].nil? || opts[:ports].empty?) && opts[:ports].none? { |p| vuln.service.port.eql? p }
      next
    end

    address = vuln.host.address
    address = to_wikilink(address, opts[:namespace]) if opts[:links]
    row = [
      vuln.name,
      address,
      (vuln.service ? vuln.service.port : ''),
      vuln.info,
      vuln.vuln_detail_count,
      vuln.vuln_attempt_count,
      vuln.exploited_at,
      vuln.updated_at,
    ]
    if opts[:search]
      tbl << row if row.any? { |r| /#{opts[:search]}/i.match r.to_s }
    else
      tbl << row
    end
  end
  return tbl
end

#wiki(wiki_type, *args) ⇒ Object

This method parses arguments passed from the wiki output commands and then formats and displays or saves text according to the provided wiki type

Parameters:

• wiki_type (String) —

  selects the wiki markup lanuguage output to use, it can be:

  • dokuwiki

  • mediawiki

• args (Array<String>) —

  the arguments passed when the command is called

# File 'plugins/wiki.rb', line 83

def wiki(wiki_type, *args)
  # Create a table options hash
  tbl_opts = {}
  # Set some default options for the table hash
  tbl_opts[:hosts] = []
  tbl_opts[:links] = false
  tbl_opts[:wiki_type] = wiki_type
  tbl_opts[:heading_size] = 5
  case wiki_type
  when 'dokuwiki'
    tbl_opts[:namespace] = 'notes:targets:hosts:'
  else
    tbl_opts[:namespace] = ''
  end

  # Get the table we should be looking at
  command = args.shift
  if command.nil? || !['creds', 'hosts', 'loot', 'services', 'vulns'].include?(command.downcase)
    usage(wiki_type)
    return
  end

  # Parse the rest of the arguments
  while (arg = args.shift)
    case arg
    when '-o', '--output'
      tbl_opts[:file_name] = next_opt(args)
    when '-h', '--help'
      usage(wiki_type)
      return
    when '-l', '-L', '--link', '--links'
      tbl_opts[:links] = true
    when '-n', '-N', '--namespace'
      tbl_opts[:namespace] = next_opt(args)
    when '-p', '-P', '--port', '--ports'
      tbl_opts[:ports] = next_opts(args)
      tbl_opts[:ports].map!(&:to_i)
    when '-s', '-S', '--search'
      tbl_opts[:search] = next_opt(args)
    when '-i', '-I', '--heading-size'
      heading_size = next_opt(args)
      tbl_opts[:heading_size] = heading_size.to_i unless heading_size.nil?
    else
      # Assume it is a host
      rw = Rex::Socket::RangeWalker.new(arg)
      if rw.valid?
        rw.each do |ip|
          tbl_opts[:hosts] << ip
        end
      else
        print_warning "#{arg} is an invalid hostname"
      end
    end
  end

  # Output the table
  if respond_to? "#{command}_to_table", true
    table = send "#{command}_to_table", tbl_opts
    if table.respond_to? "to_#{wiki_type}", true
      if tbl_opts[:file_name]
        print_status("Wrote the #{command} table to a file as a #{wiki_type} formatted table")
        File.open(tbl_opts[:file_name], 'wb') do |f|
          f.write(table.send("to_#{wiki_type}"))
        end
      else
        print_line table.send "to_#{wiki_type}"
      end
      return
    end
  end
  usage(wiki_type)
end