Module: Msf::WebServices::FrameworkExtension

Defined in:
lib/msf/core/web_services/framework_extension.rb

Overview

Extension provides a Metasploit Framework instance to a Sinatra application. The framework instance is stored with the setting name framework and is also accessible via the framework helper method. If the data service URL environment variable is set, then the framework instance will be configured to use the data service rather than the local database.

Environment Variables: MSF_WS_DATA_SERVICE_URL - The data service URL. MSF_WS_DATA_SERVICE_API_TOKEN - API token used to authenticate to the remote data service. MSF_WS_DATA_SERVICE_CERT - Certificate file matching the remote data server's certificate.

Needed when using self-signed SSL certificates.

MSF_WS_DATA_SERVICE_SKIP_VERIFY - (Boolean) Skip validating authenticity of server's certificate. MSF_WS_DATA_SERVICE_LOGGER - (String) The logger that framework will use. By default logs will be

placed in ``~/.msf4/logs`

Defined Under Namespace

Modules: Helpers

Constant Summary collapse

FALSE_VALUES =
[nil, false, 0, '0', 'f', 'false', 'off', 'no'].to_set

Class Method Summary collapse

Class Method Details

.db_connect(framework, app) ⇒ Object


62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/msf/core/web_services/framework_extension.rb', line 62

def self.db_connect(framework, app)
  if !app.settings.data_service_url.nil? && !app.settings.data_service_url.empty?
    options = {
      url: app.settings.data_service_url,
      api_token: app.settings.data_service_api_token,
      cert: app.settings.data_service_cert,
      skip_verify: app.settings.data_service_skip_verify
    }
    db_result = Msf::DbConnector.db_connect(framework, options)
  else
    db_result = Msf::DbConnector.db_connect_from_config(framework)
  end

  if db_result[:error]
    raise db_result[:error]
  end
end

.registered(app) ⇒ Object


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/web_services/framework_extension.rb', line 35

def self.registered(app)
  app.helpers FrameworkExtension::Helpers

  app.set :data_service_url, ENV.fetch('MSF_WS_DATA_SERVICE_URL', nil)
  app.set :data_service_api_token, ENV.fetch('MSF_WS_DATA_SERVICE_API_TOKEN', nil)
  app.set :data_service_cert, ENV.fetch('MSF_WS_DATA_SERVICE_CERT', nil)
  app.set :data_service_skip_verify, to_bool(ENV.fetch('MSF_WS_DATA_SERVICE_SKIP_VERIFY', false))

  @@framework = nil
  # Create simplified instance of the framework
  app.set :framework, (proc {
    @@framework ||= begin
      init_framework_opts = {
        'Logger' => ENV.fetch('MSF_WS_DATA_SERVICE_LOGGER', nil),
        # SkipDatabaseInit false is the default behavior, however for explicitness - note that framework first
        # connects to a local database as a pre-requisite to connecting to a remote service to correctly
        # configure active record
        'SkipDatabaseInit' => false
      }
      framework = Msf::Simple::Framework.create(init_framework_opts)
      Msf::WebServices::FrameworkExtension.db_connect(framework, app)

      framework
    end
  })
end