fixed up contextual recon event notifications
git-svn-id: file:///home/svn/incoming/trunk@2981 4d416f70-5f16-0410-b530-b9f4589650daunstable
Matt Miller
parent
a6d6cedd1d
commit
2e7a7dbe8d
|
|
@ -77,6 +77,15 @@ module Container
|
|||
_attr_hash
|
||||
end
|
||||
|
||||
#
|
||||
# Serializes from a hash.
|
||||
#
|
||||
def from_hash(hsh)
|
||||
hsh.each_pair { |k,v|
|
||||
set_attribute(k, v)
|
||||
}
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
attr_accessor :_attr_hash
|
||||
|
|
|
|||
|
|
@ -51,6 +51,17 @@ class Host < Msf::Recon::Discoverer
|
|||
# HostState::Dead should be returned. If its state could not be
|
||||
# determined, HostState::Unknown should be returned.
|
||||
#
|
||||
# This method can also return a hash that contains information that will be
|
||||
# passed as part of the event context to the reporting subsystem of the
|
||||
# recon manager. This EventContext instance will, in turn, be passed to
|
||||
# any subscribers of recon-related events. For instance, if a port scanner
|
||||
# connects to a port on a given host, it can pass the connection around to
|
||||
# other recon modules to give them a chance to work with it. The following
|
||||
# keys are special in a hash returned from probe_host:
|
||||
#
|
||||
# state - Equivalent to one of the three HostState values.
|
||||
# connection - The connection associated with the host (TCP, UDP, etc).
|
||||
#
|
||||
def probe_host(address)
|
||||
HostState::Unknown
|
||||
end
|
||||
|
|
@ -62,10 +73,22 @@ class Host < Msf::Recon::Discoverer
|
|||
# addresses passed in as arguments. This method is only called if
|
||||
# hosts_per_block is not one.
|
||||
#
|
||||
# The array elements can also take the form of a hash as described in the
|
||||
# probe_host method description.
|
||||
#
|
||||
def probe_host_block(addresses)
|
||||
addresses.map { HostState::Unknown }
|
||||
end
|
||||
|
||||
#
|
||||
# Allows a derived class to cleanup anything, like a socket, that may have
|
||||
# been used during the probe operation. The state parameter is equivalent
|
||||
# to the return value from probe_host (or probe_host_block for each entry
|
||||
# in the array).
|
||||
#
|
||||
def probe_host_cleanup(address, state)
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
#
|
||||
|
|
@ -87,9 +110,7 @@ protected
|
|||
# by calling probe_host for each address.
|
||||
if (hosts_per_block == 1)
|
||||
while (ip = next_ip)
|
||||
# Report the host's state to the recon manager.
|
||||
framework.reconmgr.report_host_state(
|
||||
self, ip, probe_host(ip))
|
||||
report_host_state(ip, probe_host(ip))
|
||||
end
|
||||
# Otherwise, get up to the number of hosts per block defined and call
|
||||
# probe_host_block.
|
||||
|
|
@ -116,8 +137,7 @@ protected
|
|||
|
||||
# Report the status associated with each address
|
||||
addresses.each_with_index { |address, idx|
|
||||
framework.reconmgr.report_host_state(
|
||||
self, address, statuses[idx])
|
||||
report_host_state(address, statuses[idx])
|
||||
}
|
||||
|
||||
end while (true)
|
||||
|
|
@ -134,6 +154,37 @@ protected
|
|||
}
|
||||
end
|
||||
|
||||
#
|
||||
# This method reports host state information to the recon manager, possibly
|
||||
# including an event context.
|
||||
#
|
||||
def report_host_state(ip, istate)
|
||||
# Create a nil context
|
||||
context = nil
|
||||
state = istate
|
||||
|
||||
# If a hash was returned, we should create an event context to
|
||||
# pass to the notification.
|
||||
if (state.kind_of?(Hash))
|
||||
context = Msf::Recon::EventContext.new
|
||||
|
||||
# Serialize the context from the hash
|
||||
context.from_hash(state)
|
||||
|
||||
# Grab the real state from the hash
|
||||
state = istate['State']
|
||||
end
|
||||
|
||||
# Report the host's state to the recon manager.
|
||||
framework.reconmgr.report_host_state(
|
||||
self, ip, state, context)
|
||||
|
||||
# Perform cleanup as necessary (only if istate was a Hash)
|
||||
if (context)
|
||||
probe_host_cleanup(ip, state)
|
||||
end
|
||||
end
|
||||
|
||||
##
|
||||
#
|
||||
# Defaults that can be overridden by derived classes
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ class ReconManager
|
|||
# TODO: use the current thread's Comm as part of the hash key to support
|
||||
# conflicting addresses in different networks (established through
|
||||
# different comms).
|
||||
hash_key = address;
|
||||
hash_key = address
|
||||
|
||||
# If a host already exists with this information, then check to see what
|
||||
# status we received.
|
||||
|
|
|
|||
|
|
@ -41,9 +41,10 @@ class Recon::Host::PortScanner::TcpConnSweep < Msf::Recon::Discoverer::Host
|
|||
'PeerPort' => datastore['RPORT'].to_i,
|
||||
'LocalHost' => datastore['CHOST'] || '0.0.0.0',
|
||||
'LocalPort' => datastore['CPORT'] ? datastore['CPORT'].to_i : 0))
|
||||
sock.close
|
||||
|
||||
HostState::Alive
|
||||
[
|
||||
'state' => HostState::Alive,
|
||||
'connection' => sock
|
||||
]
|
||||
end
|
||||
# If we get connection refused, then we are indirectly determining that
|
||||
# the host is alive.
|
||||
|
|
@ -56,6 +57,13 @@ class Recon::Host::PortScanner::TcpConnSweep < Msf::Recon::Discoverer::Host
|
|||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Cleans up
|
||||
#
|
||||
def probe_host_cleanup(ip, state)
|
||||
state['Connection'].close
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue