I just shaved off 8 seconds, oh yeah

2015-04-30 00:32:33 -05:00 · 2015-04-30 00:32:33 -05:00 · 35f564d03e
parent 62e3f5e56a
commit 35f564d03e
2 changed files with 19 additions and 36 deletions
--- a/lib/msf/core/exploit/browserautopwnv2.rb
+++ b/lib/msf/core/exploit/browserautopwnv2.rb
@ -35,47 +35,21 @@ module Msf
    # Returns all the found exploit modules that support BrowserExploitServer by going through all
    # the exploits from the framework object.
    #
-    # @note This method is using framework.exploits and it's one of the reasons why it's so slow,
-    #       and will only get slower.
-    # @todo Maybe look for a different way to get a list of exploits.
-    # @return [Array] A collection of BES modules in this format: [module_fullname, Class].
-    def init_exploit_paths
-      framework.exploits.find_all do |m|
-        next if !m.first.include?('browser') || m.last == "__SYMBOLIC__" || m.last.fullname == self.fullname
-        m.last.ancestors.include? Msf::Exploit::Remote::BrowserExploitServer
-      end
-    end
-
-
-    # Initializes the @bap_exploits instance variable with all the found BAP exploits.
-    #
-    # @note The more BES exploits, the slower this gets.
-    # @see #bap_exploits The read-only attribute.
    # @return [void]
    def init_exploits
-      # Initialized BES modules are held here
-      @bap_exploits = []
-
-      init_exploit_paths.each do |m|
-        module_name = m.first
-        xploit = framework.exploits.create(module_name)
-        unless xploit
-          print_status("Failed to load: #{name}")
+      # First we're going to avoid using #find_all because that gets very slow.
+      framework.exploits.each_pair do |fullname, plader_holder|
+        next if !fullname.include?('browser') || self.fullname == "exploit/#{fullname}"
+        mod = framework.exploits.create(fullname)
+        unless mod
+          print_status("Failed to load: #{fullname}")
          next
        end
-        set_exploit_options(xploit)
-        @bap_exploits << xploit
+        if mod.methods.include?(:is_browser_exploit_server?)
+          set_exploit_options(mod)
+          @bap_exploits << mod
        end
      end
-
-
-    # Prints BAP module names
-    #
-    # @return [void]
-    def list_bap_names
-      bap_exploits.each do |m|
-        print_status(m.fullname)
-      end
    end


@ -298,6 +272,7 @@ module Msf
      t1 = Time.now
      self.datastore['MODULEOWNER'] = 'BAP'
      super
+      @bap_exploits = []

      print_status("Searching BES exploits, please wait...")
      init_exploits
--- a/lib/msf/core/exploit/remote/browser_exploit_server.rb
+++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@ -111,6 +111,14 @@ module Msf
    end


+    # This allows BrowserAutoPwn's loader to identify which browser exploits are using BES, and
+    # which ones aren't. This is a way to get around the expensive #find_all in order to retrieve
+    # the #ancestors information.
+    def is_browser_exploit_server?
+      true
+    end
+
+
    # Returns the custom 404 URL set by the user
    #
    # @return [String]