2005-10-29 13:47:07 +00:00
|
|
|
require 'msf/core/module'
|
|
|
|
|
2005-05-21 17:57:00 +00:00
|
|
|
module Msf
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This interface is called by recon modules to notify the framework when
|
|
|
|
# network elements, services, or other types of things recon modules
|
|
|
|
# might discovery.
|
|
|
|
#
|
|
|
|
###
|
2005-10-29 13:47:07 +00:00
|
|
|
module ReconEvent
|
2005-05-21 17:57:00 +00:00
|
|
|
|
2005-11-15 15:11:43 +00:00
|
|
|
###
|
|
|
|
#
|
|
|
|
# The types of changes an entity can undergo.
|
|
|
|
#
|
|
|
|
###
|
2005-10-27 02:54:39 +00:00
|
|
|
module EntityChangeType
|
|
|
|
Add = 1
|
|
|
|
Update = 2
|
|
|
|
Remove = 3
|
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
###
|
2005-10-27 02:54:39 +00:00
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
# This module provides methods for handling host entity notifications.
|
2005-10-27 02:54:39 +00:00
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
###
|
|
|
|
module HostSubscriber
|
|
|
|
|
|
|
|
#
|
|
|
|
# This routine is called when a change is made to a host, such as it being
|
|
|
|
# added, modified, or removed.
|
|
|
|
#
|
2005-10-31 15:56:59 +00:00
|
|
|
def on_host_changed(context, host, change_type)
|
2005-10-29 13:47:07 +00:00
|
|
|
case change_type
|
|
|
|
when EntityChangeType::Add
|
|
|
|
on_new_host(context, host)
|
|
|
|
when EntityChangeType::Update
|
|
|
|
on_updated_host(context, host)
|
|
|
|
when EntityChangeType::Remove
|
|
|
|
on_dead_host(context, host)
|
|
|
|
end
|
2005-10-27 02:54:39 +00:00
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# This routine is called whenever a new host is found.
|
|
|
|
#
|
|
|
|
def on_new_host(context, host)
|
|
|
|
end
|
2005-10-27 02:54:39 +00:00
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# This routine is called whenever a change is made to an existing
|
|
|
|
# host.
|
|
|
|
#
|
|
|
|
def on_updated_host(context, host)
|
|
|
|
end
|
2005-10-27 02:54:39 +00:00
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# Called when a host is considered to be dead after having
|
|
|
|
# previously been valid.
|
|
|
|
#
|
|
|
|
def on_dead_host(context, host)
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# This routine is called whenever a host attribute is found.
|
|
|
|
#
|
|
|
|
def on_new_host_attribute(context, host, attribute)
|
|
|
|
end
|
2005-10-27 02:54:39 +00:00
|
|
|
|
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
###
|
2005-10-27 02:54:39 +00:00
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
# This module provides methods for handling notifications that deal with
|
|
|
|
# service entities.
|
2005-10-27 02:54:39 +00:00
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
###
|
|
|
|
module ServiceSubscriber
|
|
|
|
|
|
|
|
#
|
|
|
|
# This routine is called when a change is made to a service, such as it being
|
|
|
|
# added, modified, or removed.
|
|
|
|
#
|
2005-10-31 15:56:59 +00:00
|
|
|
def on_service_changed(context, host, service, change_type)
|
2005-10-29 13:47:07 +00:00
|
|
|
case change_type
|
|
|
|
when EntityChangeType::Add
|
|
|
|
on_new_service(context, host, service)
|
|
|
|
when EntityChangeType::Update
|
|
|
|
on_updated_service(context, host, service)
|
|
|
|
when EntityChangeType::Remove
|
|
|
|
on_dead_service(context, host, service)
|
|
|
|
end
|
2005-10-27 02:54:39 +00:00
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# This routine is called whenever a new service is found.
|
|
|
|
#
|
|
|
|
def on_new_service(context, host, service)
|
|
|
|
end
|
2005-10-27 02:54:39 +00:00
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# This routine is called whenever a change is made to an existing
|
|
|
|
# service.
|
|
|
|
#
|
|
|
|
def on_updated_service(context, host, service)
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Called when a service is considered to be dead after having
|
|
|
|
# previously been valid.
|
|
|
|
#
|
|
|
|
def on_dead_service(context, host, service)
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# This routine is called whenever a service attribute is found.
|
|
|
|
#
|
2005-10-31 15:56:59 +00:00
|
|
|
def on_new_service_attribute(context, host, service, attribute)
|
2005-10-30 22:20:29 +00:00
|
|
|
end
|
|
|
|
|
2005-10-27 02:54:39 +00:00
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
|
2005-10-27 02:54:39 +00:00
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
# The ReconEvents base mixin includes all methods from the Host and Service
|
|
|
|
# subscriber interfaces.
|
2005-10-27 02:54:39 +00:00
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
include HostSubscriber
|
|
|
|
include ServiceSubscriber
|
2005-05-21 17:57:00 +00:00
|
|
|
|
|
|
|
end
|
|
|
|
|
2005-10-27 03:23:38 +00:00
|
|
|
###
|
|
|
|
#
|
|
|
|
# The recon class acts as a base class for all recon modules. It provides a
|
|
|
|
# common interface for detecting the presence of hosts, services, and the
|
|
|
|
# attributes of everything in between. The type of information that can be
|
|
|
|
# discovered is designed to be generic.
|
|
|
|
#
|
|
|
|
###
|
|
|
|
class Recon < Msf::Module
|
|
|
|
|
|
|
|
#
|
|
|
|
# The various basic sub-types of recon modules.
|
|
|
|
#
|
|
|
|
module Type
|
|
|
|
|
|
|
|
#
|
2005-10-29 13:47:07 +00:00
|
|
|
# Indicates that this is an unknown recon module. This recon module
|
|
|
|
# does something other than discover and analyze.
|
|
|
|
#
|
|
|
|
Unknown = "unknown"
|
|
|
|
|
|
|
|
#
|
|
|
|
# Indicates that the recon module discovers things. Discoverer recon
|
|
|
|
# modules are responsible for collecting information about the presence
|
|
|
|
# of entities and the attributes of those entities. For instance,
|
|
|
|
# a discoverer module finds hosts and the services running on those
|
|
|
|
# hosts and could also determine more granular information about
|
|
|
|
# the host and service by determining some of their attributes, such
|
|
|
|
# as a host's platform.
|
2005-10-27 03:23:38 +00:00
|
|
|
#
|
|
|
|
Discoverer = "discoverer"
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# Indicates that the recon module analyzes things. Analyzer recon
|
|
|
|
# modules take information collected by discoverer recon modules and
|
|
|
|
# determine or derived more detailed information about an entity or a
|
|
|
|
# group of entities. For instance, an analyzer module may determine
|
|
|
|
# that five distinct hosts detected by a discoverer module may actually
|
|
|
|
# be on the same machine but just virtual hosted. Also, analyzer
|
|
|
|
# modules might try to do more advanced stuff like crack passwords
|
|
|
|
# collected by recon modules and other such fun things.
|
|
|
|
#
|
|
|
|
Analyzer = "analyzer"
|
2005-10-27 03:23:38 +00:00
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
require 'msf/core/recon/discoverer'
|
|
|
|
require 'msf/core/recon/entity'
|
2005-10-30 22:45:29 +00:00
|
|
|
require 'msf/core/recon/event_context'
|
2005-10-29 13:47:07 +00:00
|
|
|
|
2005-10-27 03:23:38 +00:00
|
|
|
#
|
|
|
|
# Returns MODULE_RECON to indicate that this is a recon module.
|
|
|
|
#
|
|
|
|
def self.type
|
|
|
|
MODULE_RECON
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns MODULE_RECON to indicate that this is a recon module.
|
|
|
|
#
|
|
|
|
def type
|
|
|
|
MODULE_RECON
|
|
|
|
end
|
|
|
|
|
2005-10-29 13:47:07 +00:00
|
|
|
#
|
|
|
|
# This method returns the general type of recon module.
|
|
|
|
#
|
|
|
|
def recon_type
|
|
|
|
Type::Unknown
|
|
|
|
end
|
|
|
|
|
2005-10-27 03:23:38 +00:00
|
|
|
end
|
|
|
|
|
2005-05-21 17:57:00 +00:00
|
|
|
end
|