Class: Msf::DBExport

Inherits:

Object

• Object
• Msf::DBExport

Defined in:

lib/msf/core/db_export.rb

Overview

This class provides export capabilities

Constant Summary

STATUS_START =

"start"

STATUS_COMPLETE =

"complete"

Instance Attribute Summary

• #workspace ⇒ Object

  Returns the value of attribute workspace.

Instance Method Summary

• #create_xml_element(key, value, skip_encoding = false) ⇒ Object
• #extract_credential_entries ⇒ Object

  Extracts all credentials from a project, storing them in @creds.

• #extract_event_entries ⇒ Object

  Extracts all events from a project, storing them in @events.

• #extract_event_info(report_file) ⇒ Object

  Extract event data from @events.

• #extract_host_entries ⇒ Object

  Extracts all the hosts from a project, storing them in @hosts and @owned_hosts.

• #extract_host_info(report_file) ⇒ Object

  ActiveRecord’s to_xml is easy and wrong.

• #extract_module_detail_info(report_file) ⇒ void

  Writes a module_detail element to the report_file for each Mdm::Module::Detail.

• #extract_note_entries ⇒ Object

  Extracts all notes from a project, storing them in @notes.

• #extract_service_entries ⇒ Object

  Extracts all services from a project, storing them in @services.

• #extract_service_info(report_file) ⇒ Object

  Extract service data from @services.

• #extract_target_entries ⇒ Object

  A convenience function that bundles together host, event, and service extraction.

• #extract_vuln_entries ⇒ Object

  Extracts all vulns from a project, storing them in @vulns.

• #extract_web_entries ⇒ Object

  Extract all web entries, storing them in instance variables.

• #extract_web_form_info(report_file) ⇒ Object

  Extract web forms.

• #extract_web_info(report_file, tag, entries) ⇒ Object

  Extract web pages, forms, and vulns.

• #extract_web_page_info(report_file) ⇒ Object

  Extract web pages.

• #extract_web_site_info(report_file) ⇒ Object

  Extract web site data from @web_sites.

• #extract_web_vuln_info(report_file) ⇒ Object

  Extract web vulns.

• #host_allowed?(arg) ⇒ Boolean

  Hosts are always allowed.

• #initialize(workspace) ⇒ DBExport constructor

  A new instance of DBExport.

• #marshalize(obj) ⇒ Object

  Simple marshalling, for now.

• #myusername ⇒ Object
• #myworkspace ⇒ Object
• #to_pwdump_file(path, &block) ⇒ String

  Performs an export of the workspace’s ‘Metasploit::Credential::Login` objects in pwdump format.

• #to_xml_file(path) {|:status, STATUS_START, "report"| ... } ⇒ String

  Performs an export of the workspace’s ‘Metasploit::Credential::Login` objects in XML format.

Constructor Details

#initialize(workspace) ⇒ DBExport

Returns a new instance of DBExport.

# File 'lib/msf/core/db_export.rb', line 16

def initialize(workspace)
  self.workspace = workspace
end

Instance Attribute Details

#workspace ⇒ Object

Returns the value of attribute workspace.

# File 'lib/msf/core/db_export.rb', line 11

def workspace
  @workspace
end

Instance Method Details

#create_xml_element(key, value, skip_encoding = false) ⇒ Object

# File 'lib/msf/core/db_export.rb', line 189

def create_xml_element(key,value,skip_encoding=false)
  tag = key.tr("_","-")
  el = REXML::Element.new(tag)
  if value
    unless skip_encoding
      data = marshalize(value)
      data.force_encoding(::Encoding::BINARY) if data.respond_to?('force_encoding')
      data.gsub!(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] }
      el << REXML::Text.new(data)
    else
      el << value
    end
  end
  return el
end

#extract_credential_entries ⇒ Object

Extracts all credentials from a project, storing them in @creds

# File 'lib/msf/core/db_export.rb', line 149

def extract_credential_entries
  @creds = Metasploit::Credential::Core.with_logins.with_public.with_private.workspace_id(myworkspace.id)
end

#extract_event_entries ⇒ Object

Extracts all events from a project, storing them in @events

# File 'lib/msf/core/db_export.rb', line 139

def extract_event_entries
  @events = myworkspace.events.order('created_at ASC')
end

#extract_event_info(report_file) ⇒ Object

Extract event data from @events

# File 'lib/msf/core/db_export.rb', line 439

def extract_event_info(report_file)
  @events.each do |e|
    report_file.write("  <event>\n")
    e.attributes.each_pair do |k,v|
      el = create_xml_element(k,v)
      report_file.write("      #{el}\n")
    end
    report_file.write("  </event>\n")
    report_file.write("\n")
  end
  report_file.flush
end

#extract_host_entries ⇒ Object

Extracts all the hosts from a project, storing them in @hosts and @owned_hosts

# File 'lib/msf/core/db_export.rb', line 128

def extract_host_entries
  @owned_hosts = []
  @hosts = myworkspace.hosts
  @hosts.each do |host|
    if host.notes.where(ntype: 'pro.system.compromise').first
      @owned_hosts << host
    end
  end
end

#extract_host_info(report_file) ⇒ Object

ActiveRecord’s to_xml is easy and wrong. This isn’t, on both counts.

# File 'lib/msf/core/db_export.rb', line 313

def extract_host_info(report_file)
  @hosts.each do |h|
    report_file.write("  <host>\n")
    host_id = h.attributes["id"]

    # Host attributes
    h.attributes.each_pair do |k,v|
      # Convert IPAddr -> String
      v = v.to_s if k == 'address'
      el = create_xml_element(k,v)
      report_file.write("    #{el}\n") # Not checking types
    end

    # Host details sub-elements
    report_file.write("    <host_details>\n")
    h.host_details.each do |d|
      report_file.write("        <host_detail>\n")
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("            #{el}\n")
      end
      report_file.write("        </host_detail>\n")
    end
    report_file.write("    </host_details>\n")

    # Host exploit attempts sub-elements
    report_file.write("    <exploit_attempts>\n")
    h.exploit_attempts.each do |d|
      report_file.write("        <exploit_attempt>\n")
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("            #{el}\n")
      end
      report_file.write("        </exploit_attempt>\n")
    end
    report_file.write("    </exploit_attempts>\n")

    # Service sub-elements
    report_file.write("    <services>\n")
    @services.where(host_id: host_id).each do |e|
      report_file.write("      <service>\n")
      e.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("      #{el}\n")
      end
      report_file.write("      </service>\n")
    end
    report_file.write("    </services>\n")

    # Notes sub-elements
    report_file.write("    <notes>\n")
    @notes.where(host_id: host_id).each do |e|
      report_file.write("      <note>\n")
      e.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("      #{el}\n")
      end
      report_file.write("      </note>\n")
    end
    report_file.write("    </notes>\n")

    # Vulns sub-elements
    report_file.write("    <vulns>\n")
    @vulns.where(host_id: host_id).each do |e|
      report_file.write("      <vuln>\n")
      e.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("      #{el}\n")
      end

      # Notes attached to vulns instead of the host
      report_file.write("        <notes>\n")
      @notes.where(vuln_id: e.id).each do |note|
        report_file.write("      <note>\n")
        note.attributes.each_pair do |k,v|
          el = create_xml_element(k,v)
          report_file.write("      #{el}\n")
        end
        report_file.write("      </note>\n")
      end
      report_file.write("        </notes>\n")

      # References
      report_file.write("        <refs>\n")
      e.refs.each do |ref|
        el = create_xml_element("ref",ref.name)
        report_file.write("          #{el}\n")
      end
      report_file.write("        </refs>\n")


      # Vuln details sub-elements
      report_file.write("            <vuln_details>\n")
      e.vuln_details.each do |d|
        report_file.write("                <vuln_detail>\n")
        d.attributes.each_pair do |k,v|
          el = create_xml_element(k,v)
          report_file.write("                    #{el}\n")
        end
        report_file.write("                </vuln_detail>\n")
      end
      report_file.write("            </vuln_details>\n")


      # Vuln attempts sub-elements
      report_file.write("            <vuln_attempts>\n")
      e.vuln_attempts.each do |d|
        report_file.write("                <vuln_attempt>\n")
        d.attributes.each_pair do |k,v|
          el = create_xml_element(k,v)
          report_file.write("                    #{el}\n")
        end
        report_file.write("                </vuln_attempt>\n")
      end
      report_file.write("            </vuln_attempts>\n")

      report_file.write("      </vuln>\n")
    end
    report_file.write("    </vulns>\n")

    report_file.write("  </host>\n")
  end
  report_file.flush
end

#extract_module_detail_info(report_file) ⇒ void

Note:

there is no single root element output by #extract_module_detail_info, so if calling #extract_module_detail_info directly, it is the caller's responsibility to add an opening and closing tag to report_file around the call to #extract_module_detail_info.

This method returns an undefined value.

Writes a module_detail element to the report_file for each Mdm::Module::Detail.

Parameters:

• report_file (#write, #flush) —

  IO stream to which to write the module_detail elements.

# File 'lib/msf/core/db_export.rb', line 216

def extract_module_detail_info(report_file)
    Mdm::Module::Detail.all.each do |m|
    report_file.write("<module_detail>\n")
    #m_id = m.attributes["id"]

    # Module attributes
    m.attributes.each_pair do |k,v|
      el = create_xml_element(k,v)
      report_file.write("    #{el}\n") # Not checking types
    end

    # Authors sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_authors>\n")
    m.authors.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_authors>\n")

    # Refs sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_refs>\n")
    m.refs.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_refs>\n")


    # Archs sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_archs>\n")
    m.archs.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_archs>\n")


    # Platforms sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_platforms>\n")
    m.platforms.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_platforms>\n")


    # Targets sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_targets>\n")
    m.targets.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_targets>\n")

    # Actions sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_actions>\n")
    m.actions.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_actions>\n")

    # Mixins sub-elements
    # @todo https://www.pivotaltracker.com/story/show/48451001
    report_file.write("    <module_mixins>\n")
    m.mixins.each do |d|
      d.attributes.each_pair do |k,v|
        el = create_xml_element(k,v)
        report_file.write("        #{el}\n")
      end
    end
    report_file.write("    </module_mixins>\n")

    report_file.write("</module_detail>\n")
  end
  report_file.flush
end

#extract_note_entries ⇒ Object

Extracts all notes from a project, storing them in @notes

# File 'lib/msf/core/db_export.rb', line 154

def extract_note_entries
  @notes = myworkspace.notes
end

#extract_service_entries ⇒ Object

Extracts all services from a project, storing them in @services

# File 'lib/msf/core/db_export.rb', line 144

def extract_service_entries
  @services = myworkspace.services
end

#extract_service_info(report_file) ⇒ Object

Extract service data from @services

# File 'lib/msf/core/db_export.rb', line 453

def extract_service_info(report_file)
  @services.each do |e|
    report_file.write("  <service>\n")
    e.attributes.each_pair do |k,v|
      el = create_xml_element(k,v)
      report_file.write("      #{el}\n")
    end
    report_file.write("  </service>\n")
    report_file.write("\n")
  end
  report_file.flush
end

#extract_target_entries ⇒ Object

A convenience function that bundles together host, event, and service extraction.

# File 'lib/msf/core/db_export.rb', line 118

def extract_target_entries
  extract_host_entries
  extract_event_entries
  extract_service_entries
  extract_note_entries
  extract_vuln_entries
  extract_web_entries
end

#extract_vuln_entries ⇒ Object

Extracts all vulns from a project, storing them in @vulns

# File 'lib/msf/core/db_export.rb', line 159

def extract_vuln_entries
  @vulns = myworkspace.vulns
end

#extract_web_entries ⇒ Object

Extract all web entries, storing them in instance variables

# File 'lib/msf/core/db_export.rb', line 164

def extract_web_entries
  @web_sites = myworkspace.web_sites
  @web_pages = myworkspace.web_pages
  @web_forms = myworkspace.web_forms
  @web_vulns = myworkspace.web_vulns
end

#extract_web_form_info(report_file) ⇒ Object

Extract web forms

# File 'lib/msf/core/db_export.rb', line 538

def extract_web_form_info(report_file)
  extract_web_info(report_file, "web_form", @web_forms)
end

#extract_web_info(report_file, tag, entries) ⇒ Object

Extract web pages, forms, and vulns

# File 'lib/msf/core/db_export.rb', line 506

def extract_web_info(report_file, tag, entries)
  entries.each do |e|
    report_file.write("  <#{tag}>\n")
    e.attributes.each_pair do |k,v|
      el = create_xml_element(k,v)
      report_file.write("      #{el}\n")
    end

    site = e.web_site
    el = create_xml_element("vhost", site.vhost)
    report_file.write("      #{el}\n")

    el = create_xml_element("host", site.service.host.address)
    report_file.write("      #{el}\n")

    el = create_xml_element("port", site.service.port)
    report_file.write("      #{el}\n")

    el = create_xml_element("ssl", site.service.name == "https")
    report_file.write("      #{el}\n")

    report_file.write("  </#{tag}>\n")
  end
  report_file.flush
end

#extract_web_page_info(report_file) ⇒ Object

Extract web pages

# File 'lib/msf/core/db_export.rb', line 533

def extract_web_page_info(report_file)
  extract_web_info(report_file, "web_page", @web_pages)
end

#extract_web_site_info(report_file) ⇒ Object

Extract web site data from @web_sites

# File 'lib/msf/core/db_export.rb', line 482

def extract_web_site_info(report_file)
  @web_sites.each do |e|
    report_file.write("  <web_site>\n")
    e.attributes.each_pair do |k,v|
      el = create_xml_element(k,v)
      report_file.write("      #{el}\n")
    end

    site = e
    el = create_xml_element("host", site.service.host.address)
    report_file.write("      #{el}\n")

    el = create_xml_element("port", site.service.port)
    report_file.write("      #{el}\n")

    el = create_xml_element("ssl", site.service.name == "https")
    report_file.write("      #{el}\n")

    report_file.write("  </web_site>\n")
  end
  report_file.flush
end

#extract_web_vuln_info(report_file) ⇒ Object

Extract web vulns

# File 'lib/msf/core/db_export.rb', line 543

def extract_web_vuln_info(report_file)
  extract_web_info(report_file, "web_vuln", @web_vulns)
end

#host_allowed?(arg) ⇒ Boolean

Hosts are always allowed. This is really just a stub.

Returns:

• (Boolean)

# File 'lib/msf/core/db_export.rb', line 29

def host_allowed?(arg)
  true
end

#marshalize(obj) ⇒ Object

Simple marshalling, for now. Can I use ActiveRecord::ConnectionAdapters::Quoting#quote directly? Is it better to just marshal everything and destroy readability? Howabout XML safety?

# File 'lib/msf/core/db_export.rb', line 174

def marshalize(obj)
  case obj
  when String
    obj.strip
  when TrueClass, FalseClass, Float, Integer, Time
    obj.to_s.strip
  when BigDecimal
    obj.to_s("F")
  when NilClass
    "NULL"
  else
    [Marshal.dump(obj)].pack("m").gsub(/\s+/,"")
  end
end

#myusername ⇒ Object

# File 'lib/msf/core/db_export.rb', line 24

def myusername
  @username ||= (ENV['LOGNAME'] || ENV['USERNAME'] || ENV['USER'] || "unknown").to_s.strip.gsub(/[^A-Za-z0-9\x20]/n,"_")
end

#myworkspace ⇒ Object

# File 'lib/msf/core/db_export.rb', line 20

def myworkspace
  self.workspace
end

#to_pwdump_file(path, &block) ⇒ String

Performs an export of the workspace’s ‘Metasploit::Credential::Login` objects in pwdump format

Parameters:

• path (String) —

  the path on the local filesystem where the exported data will be written

Returns:

• (String) —

  The path to the location of the written file.

# File 'lib/msf/core/db_export.rb', line 37

def to_pwdump_file(path, &block)
  exporter = Metasploit::Credential::Exporter::Pwdump.new(workspace: workspace)

  output_file = File.open(path, 'w') do |file|
    file << exporter.rendered_output
  end
  output_file.path
end

#to_xml_file(path) {|:status, STATUS_START, "report"| ... } ⇒ String

Performs an export of the workspace’s ‘Metasploit::Credential::Login` objects in XML format

Parameters:

• path (String) —

  the path on the local filesystem where the exported data will be written

Yields:

• (:status, STATUS_START, "report")

Returns:

• (String) —

  The path to the location of the written file.

# File 'lib/msf/core/db_export.rb', line 49

def to_xml_file(path, &block)

  yield(:status, STATUS_START, "report") if block_given?
  extract_target_entries
  report_file = ::File.open(path, "wb")

  report_file.write %Q|<?xml version="1.0" encoding="UTF-8"?>\n|
  report_file.write %Q|<MetasploitV5>\n|
  report_file.write %Q|<generated time="#{Time.now.utc}" user="#{myusername}" project="#{myworkspace.name.gsub(/[^A-Za-z0-9\x20]/n,"_")}" product="framework"/>\n|

  yield(:status, STATUS_START, "hosts") if block_given?
  report_file.write %Q|<hosts>\n|
  report_file.flush
  extract_host_info(report_file)
  report_file.write %Q|</hosts>\n|

  yield(:status, STATUS_START, "events") if block_given?
  report_file.write %Q|<events>\n|
  report_file.flush
  extract_event_info(report_file)
  report_file.write %Q|</events>\n|

  yield(:status, STATUS_START, "services") if block_given?
  report_file.write %Q|<services>\n|
  report_file.flush
  extract_service_info(report_file)
  report_file.write %Q|</services>\n|

  yield(:status, STATUS_START, "web sites") if block_given?
  report_file.write %Q|<web_sites>\n|
  report_file.flush
  extract_web_site_info(report_file)
  report_file.write %Q|</web_sites>\n|

  yield(:status, STATUS_START, "web pages") if block_given?
  report_file.write %Q|<web_pages>\n|
  report_file.flush
  extract_web_page_info(report_file)
  report_file.write %Q|</web_pages>\n|

  yield(:status, STATUS_START, "web forms") if block_given?
  report_file.write %Q|<web_forms>\n|
  report_file.flush
  extract_web_form_info(report_file)
  report_file.write %Q|</web_forms>\n|

  yield(:status, STATUS_START, "web vulns") if block_given?
  report_file.write %Q|<web_vulns>\n|
  report_file.flush
  extract_web_vuln_info(report_file)
  report_file.write %Q|</web_vulns>\n|

  yield(:status, STATUS_START, "module details") if block_given?
  report_file.write %Q|<module_details>\n|
  report_file.flush
  extract_module_detail_info(report_file)
  report_file.write %Q|</module_details>\n|


  report_file.write %Q|</MetasploitV5>\n|
  report_file.flush
  report_file.close

  yield(:status, STATUS_COMPLETE, "report") if block_given?

  report_file.path
end