2006-03-21 04:37:48 +00:00
|
|
|
module Msf
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# The states that a host can be in.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
module HostState
|
|
|
|
|
#
|
|
|
|
|
# The host is alive.
|
|
|
|
|
#
|
|
|
|
|
Alive = "alive"
|
|
|
|
|
#
|
|
|
|
|
# The host is dead.
|
|
|
|
|
#
|
|
|
|
|
Dead = "down"
|
|
|
|
|
#
|
|
|
|
|
# The host state is unknown.
|
|
|
|
|
#
|
|
|
|
|
Unknown = "unknown"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# The states that a service can be in.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
module ServiceState
|
|
|
|
|
#
|
|
|
|
|
# The service is alive.
|
|
|
|
|
#
|
|
|
|
|
Up = "up"
|
|
|
|
|
#
|
|
|
|
|
# The service is dead.
|
|
|
|
|
#
|
|
|
|
|
Dead = "down"
|
|
|
|
|
#
|
|
|
|
|
# The service state is unknown.
|
|
|
|
|
#
|
|
|
|
|
Unknown = "unknown"
|
|
|
|
|
end
|
|
|
|
|
|
2007-02-25 21:25:41 +00:00
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# Events that can occur in the host/service database.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
module DatabaseEvent
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Called when an existing host's state changes
|
|
|
|
|
#
|
|
|
|
|
def on_db_host_state(context, host, ostate)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Called when an existing service's state changes
|
|
|
|
|
#
|
|
|
|
|
def on_db_service_state(context, host, port, ostate)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Called when a new host is added to the database. The host parameter is
|
|
|
|
|
# of type Host.
|
|
|
|
|
#
|
|
|
|
|
def on_db_host(context, host)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Called when a new service is added to the database. The service
|
|
|
|
|
# parameter is of type Service.
|
|
|
|
|
#
|
|
|
|
|
def on_db_service(context, service)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Called when an applicable vulnerability is found for a service. The vuln
|
|
|
|
|
# parameter is of type Vuln.
|
|
|
|
|
#
|
|
|
|
|
def on_db_vuln(context, vuln)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Called when a new reference is created.
|
|
|
|
|
#
|
|
|
|
|
def on_db_ref(context, ref)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
2006-03-21 04:37:48 +00:00
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# The DB module ActiveRecord definitions for the DBManager
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
class DBManager
|
|
|
|
|
|
2006-09-16 06:45:06 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Determines if the database is functional
|
|
|
|
|
#
|
|
|
|
|
def check
|
|
|
|
|
res = Host.find(:all)
|
|
|
|
|
end
|
|
|
|
|
|
2006-03-21 04:37:48 +00:00
|
|
|
#
|
|
|
|
|
# Reports a host as being in a given state by address.
|
|
|
|
|
#
|
|
|
|
|
def report_host_state(mod, addr, state, context = nil)
|
|
|
|
|
|
|
|
|
|
# TODO: use the current thread's Comm to find the host
|
|
|
|
|
comm = ''
|
|
|
|
|
host = get_host(context, addr, comm)
|
|
|
|
|
|
|
|
|
|
ostate = host.state
|
2006-04-03 04:33:30 +00:00
|
|
|
host.state
|
2006-04-02 23:26:33 +00:00
|
|
|
host.save
|
|
|
|
|
|
2006-03-21 04:37:48 +00:00
|
|
|
framework.events.on_db_host_state(context, host, ostate)
|
2006-04-02 23:26:33 +00:00
|
|
|
return host
|
2006-03-21 04:37:48 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# This method reports a host's service state.
|
|
|
|
|
#
|
|
|
|
|
def report_service_state(mod, addr, proto, port, state, context = nil)
|
|
|
|
|
|
|
|
|
|
# TODO: use the current thread's Comm to find the host
|
|
|
|
|
comm = ''
|
|
|
|
|
host = get_host(context, addr, comm)
|
2006-04-03 04:33:30 +00:00
|
|
|
port = get_service(context, host, proto, port, state)
|
2006-03-21 04:37:48 +00:00
|
|
|
|
|
|
|
|
ostate = port.state
|
|
|
|
|
port.state = state
|
2006-04-02 23:26:33 +00:00
|
|
|
port.save
|
|
|
|
|
|
2006-04-03 04:33:30 +00:00
|
|
|
if (ostate != state)
|
|
|
|
|
framework.events.on_db_service_state(context, host, port, ostate)
|
|
|
|
|
end
|
|
|
|
|
|
2006-04-02 23:26:33 +00:00
|
|
|
return port
|
2006-03-21 04:37:48 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# This method iterates the hosts table calling the supplied block with the
|
|
|
|
|
# host instance of each entry.
|
|
|
|
|
# TODO: use the find() block syntax instead
|
|
|
|
|
#
|
|
|
|
|
def each_host(&block)
|
|
|
|
|
hosts.each do |host|
|
|
|
|
|
block.call(host)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# This methods returns a list of all hosts in the database
|
|
|
|
|
#
|
|
|
|
|
def hosts
|
|
|
|
|
Host.find(:all)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# This method iterates the services table calling the supplied block with the
|
2006-04-02 22:33:34 +00:00
|
|
|
# service instance of each entry.
|
2006-03-21 04:37:48 +00:00
|
|
|
#
|
|
|
|
|
def each_service(&block)
|
|
|
|
|
services.each do |service|
|
|
|
|
|
block.call(service)
|
|
|
|
|
end
|
|
|
|
|
end
|
2006-04-02 22:33:34 +00:00
|
|
|
|
2006-03-21 04:37:48 +00:00
|
|
|
#
|
|
|
|
|
# This methods returns a list of all services in the database
|
|
|
|
|
#
|
|
|
|
|
def services
|
|
|
|
|
Service.find(:all)
|
|
|
|
|
end
|
2006-04-02 22:33:34 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# This method iterates the vulns table calling the supplied block with the
|
|
|
|
|
# vuln instance of each entry.
|
|
|
|
|
#
|
|
|
|
|
def each_vuln(&block)
|
|
|
|
|
vulns.each do |vulns|
|
|
|
|
|
block.call(vulns)
|
|
|
|
|
end
|
|
|
|
|
end
|
2006-03-21 04:37:48 +00:00
|
|
|
|
2006-04-02 22:33:34 +00:00
|
|
|
#
|
|
|
|
|
# This methods returns a list of all vulnerabilities in the database
|
|
|
|
|
#
|
|
|
|
|
def vulns
|
|
|
|
|
Vuln.find(:all)
|
|
|
|
|
end
|
2006-09-16 20:08:13 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Find or create a host matching this address/comm
|
|
|
|
|
#
|
2006-03-21 04:37:48 +00:00
|
|
|
def get_host(context, address, comm='')
|
|
|
|
|
host = Host.find(:first, :conditions => [ "address = ? and comm = ?", address, comm])
|
|
|
|
|
if (not host)
|
|
|
|
|
host = Host.create(:address => address, :comm => comm, :state => HostState::Unknown)
|
2006-04-03 04:33:30 +00:00
|
|
|
host.save
|
2006-03-21 04:37:48 +00:00
|
|
|
framework.events.on_db_host(context, host)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return host
|
|
|
|
|
end
|
2006-09-16 20:08:13 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Find or create a service matching this host/proto/port/state
|
|
|
|
|
#
|
2006-04-03 04:33:30 +00:00
|
|
|
def get_service(context, host, proto, port, state=ServiceState::Up)
|
2006-04-02 22:33:34 +00:00
|
|
|
rec = Service.find(:first, :conditions => [ "host_id = ? and proto = ? and port = ?", host.id, proto, port])
|
|
|
|
|
if (not rec)
|
|
|
|
|
rec = Service.create(
|
|
|
|
|
:host_id => host.id,
|
2006-03-21 04:37:48 +00:00
|
|
|
:proto => proto,
|
|
|
|
|
:port => port,
|
2006-04-03 04:33:30 +00:00
|
|
|
:state => state
|
2006-03-21 04:37:48 +00:00
|
|
|
)
|
2006-04-03 04:33:30 +00:00
|
|
|
rec.save
|
2006-04-02 22:33:34 +00:00
|
|
|
framework.events.on_db_service(context, rec)
|
2006-03-21 04:37:48 +00:00
|
|
|
end
|
2006-04-02 22:33:34 +00:00
|
|
|
return rec
|
2006-03-21 04:37:48 +00:00
|
|
|
end
|
|
|
|
|
|
2006-09-16 20:08:13 +00:00
|
|
|
#
|
|
|
|
|
# Find or create a vuln matching this service/name
|
|
|
|
|
#
|
2006-04-02 22:33:34 +00:00
|
|
|
def get_vuln(context, service, name, data='')
|
|
|
|
|
vuln = Vuln.find(:first, :conditions => [ "name = ? and service_id = ?", name, service.id])
|
|
|
|
|
if (not vuln)
|
2006-09-16 20:08:13 +00:00
|
|
|
vuln = Vuln.create(
|
2006-04-02 22:33:34 +00:00
|
|
|
:service_id => service.id,
|
|
|
|
|
:name => name,
|
|
|
|
|
:data => data
|
|
|
|
|
)
|
2006-04-03 04:33:30 +00:00
|
|
|
vuln.save
|
2006-04-02 22:33:34 +00:00
|
|
|
framework.events.on_db_vuln(context, vuln)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return vuln
|
|
|
|
|
end
|
2006-09-16 20:08:13 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Find or create a reference matching this name
|
|
|
|
|
#
|
|
|
|
|
def get_ref(context, name)
|
|
|
|
|
ref = Ref.find(:first, :conditions => [ "name = ?", name])
|
|
|
|
|
if (not ref)
|
|
|
|
|
ref = Ref.create(
|
|
|
|
|
:name => name
|
|
|
|
|
)
|
|
|
|
|
ref.save
|
|
|
|
|
framework.events.on_db_ref(context, ref)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return ref
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Find a reference matching this name
|
|
|
|
|
#
|
|
|
|
|
def has_ref?(name)
|
|
|
|
|
Ref.find(:first, :conditions => [ "name = ?", name])
|
|
|
|
|
end
|
2006-09-17 00:39:23 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Find a vulnerability matching this name
|
|
|
|
|
#
|
|
|
|
|
def has_vuln?(name)
|
|
|
|
|
Vuln.find(:first, :conditions => [ "name = ?", name])
|
|
|
|
|
end
|
|
|
|
|
|
2006-09-16 20:08:13 +00:00
|
|
|
#
|
|
|
|
|
# Look for an address across all comms
|
|
|
|
|
#
|
2006-04-02 22:33:34 +00:00
|
|
|
def has_host?(addr)
|
|
|
|
|
Host.find(:first, :conditions => [ "address = ?", addr])
|
|
|
|
|
end
|
2006-09-17 00:39:23 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Find all references matching a vuln
|
|
|
|
|
#
|
|
|
|
|
def refs_by_vuln(vuln)
|
|
|
|
|
Ref.find_by_sql(
|
|
|
|
|
"SELECT refs.* FROM refs, vulns_refs WHERE " +
|
|
|
|
|
"vulns_refs.vuln_id = #{vuln.id} AND " +
|
|
|
|
|
"vulns_refs.ref_id = refs.id"
|
|
|
|
|
)
|
|
|
|
|
end
|
2006-04-02 22:33:34 +00:00
|
|
|
|
2006-09-17 00:39:23 +00:00
|
|
|
#
|
|
|
|
|
# Find all vulns matching a reference
|
|
|
|
|
#
|
|
|
|
|
def vulns_by_ref(ref)
|
|
|
|
|
Vuln.find_by_sql(
|
|
|
|
|
"SELECT vulns.* FROM vulns, vulns_refs WHERE " +
|
|
|
|
|
"vulns_refs.ref_id = #{ref.id} AND " +
|
|
|
|
|
"vulns_refs.vuln_id = vulns.id"
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
2006-03-21 04:37:48 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
