parent
050061762b
commit
56fd5a745e
|
@ -228,13 +228,11 @@ module Msf::DBManager::Import::MetasploitFramework::XML
|
||||||
# them.
|
# them.
|
||||||
# TODO: loot, tasks, and reports
|
# TODO: loot, tasks, and reports
|
||||||
def import_msf_xml(args={}, &block)
|
def import_msf_xml(args={}, &block)
|
||||||
|
|
||||||
data = args[:data]
|
data = args[:data]
|
||||||
wspace = args[:wspace] || workspace
|
wspace = args[:wspace] || workspace
|
||||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||||
|
|
||||||
doc = Nokogiri::XML::Reader.from_memory(data)
|
doc = Nokogiri::XML::Reader.from_memory(data)
|
||||||
|
|
||||||
metadata = check_msf_xml_version!(doc.first.name)
|
metadata = check_msf_xml_version!(doc.first.name)
|
||||||
allow_yaml = metadata[:allow_yaml]
|
allow_yaml = metadata[:allow_yaml]
|
||||||
btag = metadata[:root_tag]
|
btag = metadata[:root_tag]
|
||||||
|
@ -627,7 +625,6 @@ module Msf::DBManager::Import::MetasploitFramework::XML
|
||||||
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
|
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
|
||||||
|
|
||||||
specialized_info = specialization.call(element, options)
|
specialized_info = specialization.call(element, options)
|
||||||
|
|
||||||
info.merge!(specialized_info)
|
info.merge!(specialized_info)
|
||||||
|
|
||||||
self.send("report_web_#{type}", info)
|
self.send("report_web_#{type}", info)
|
||||||
|
|
|
@ -11,27 +11,26 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
btag = nil
|
btag = nil
|
||||||
|
|
||||||
doc = Nokogiri::XML::Reader.from_memory(data)
|
doc = Nokogiri::XML::Reader.from_memory(data)
|
||||||
|
|
||||||
case doc.first.name
|
case doc.first.name
|
||||||
when "MetasploitExpressV1"
|
when "MetasploitExpressV1"
|
||||||
m_ver = 1
|
m_ver = 1
|
||||||
allow_yaml = true
|
allow_yaml = true
|
||||||
btag = "MetasploitExpressV1"
|
btag = "MetasploitExpressV1"
|
||||||
when "MetasploitExpressV2"
|
when "MetasploitExpressV2"
|
||||||
m_ver = 2
|
m_ver = 2
|
||||||
allow_yaml = true
|
allow_yaml = true
|
||||||
btag = "MetasploitExpressV2"
|
btag = "MetasploitExpressV2"
|
||||||
when "MetasploitExpressV3"
|
when "MetasploitExpressV3"
|
||||||
m_ver = 3
|
m_ver = 3
|
||||||
btag = "MetasploitExpressV3"
|
btag = "MetasploitExpressV3"
|
||||||
when "MetasploitExpressV4"
|
when "MetasploitExpressV4"
|
||||||
m_ver = 4
|
m_ver = 4
|
||||||
btag = "MetasploitExpressV4"
|
btag = "MetasploitExpressV4"
|
||||||
when "MetasploitV4"
|
when "MetasploitV4"
|
||||||
m_ver = 4
|
m_ver = 4
|
||||||
btag = "MetasploitV4"
|
btag = "MetasploitV4"
|
||||||
else
|
else
|
||||||
m_ver = nil
|
m_ver = nil
|
||||||
end
|
end
|
||||||
unless m_ver and btag
|
unless m_ver and btag
|
||||||
raise Msf::DBImportError.new("Unsupported Metasploit XML document format")
|
raise Msf::DBImportError.new("Unsupported Metasploit XML document format")
|
||||||
|
@ -40,23 +39,22 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
host_info = {}
|
host_info = {}
|
||||||
|
|
||||||
doc.each do |node|
|
doc.each do |node|
|
||||||
case node.name
|
if ['host', 'loot', 'task', 'report'].include?(node.name)
|
||||||
when 'host', 'loot', 'task', 'report'
|
unless node.inner_xml.empty?
|
||||||
send("parse_zip_#{node.name}", Nokogiri::XML(node.outer_xml).at("./#{node.name}"), wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
send("parse_zip_#{node.name}", Nokogiri::XML(node.outer_xml).at("./#{node.name}"), wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Parses host Nokogiri::XML::Element
|
# Parses host Nokogiri::XML::Element
|
||||||
def parse_zip_host(host, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
def parse_zip_host(host, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
||||||
if host.at("id")
|
host_info[host.at("id").text.to_s.strip] = nils_for_nulls(host.at("address").text.to_s.strip)
|
||||||
host_info[host.at("id").text.to_s.strip] = nils_for_nulls(host.at("address").text.to_s.strip)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Parses loot Nokogiri::XML::Element
|
# Parses loot Nokogiri::XML::Element
|
||||||
def parse_zip_loot(loot, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
def parse_zip_loot(loot, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
||||||
return 0 if loot.at("host-id").nil? || bl.include?(host_info[loot.at("host-id").text.to_s.strip])
|
return 0 if bl.include? host_info[loot.at("host-id").text.to_s.strip]
|
||||||
loot_info = {}
|
loot_info = {}
|
||||||
loot_info[:host] = host_info[loot.at("host-id").text.to_s.strip]
|
loot_info[:host] = host_info[loot.at("host-id").text.to_s.strip]
|
||||||
loot_info[:workspace] = args[:wspace]
|
loot_info[:workspace] = args[:wspace]
|
||||||
|
@ -79,10 +77,10 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
|
|
||||||
# Only report loot if we actually have it.
|
# Only report loot if we actually have it.
|
||||||
# TODO: Copypasta. Separate this out.
|
# TODO: Copypasta. Separate this out.
|
||||||
if ::File.exists? loot_info[:orig_path]
|
if ::File.exist? loot_info[:orig_path]
|
||||||
loot_dir = ::File.join(basedir,"loot")
|
loot_dir = ::File.join(basedir,"loot")
|
||||||
loot_file = ::File.split(loot_info[:orig_path]).last
|
loot_file = ::File.split(loot_info[:orig_path]).last
|
||||||
if ::File.exists? loot_dir
|
if ::File.exist? loot_dir
|
||||||
unless (::File.directory?(loot_dir) && ::File.writable?(loot_dir))
|
unless (::File.directory?(loot_dir) && ::File.writable?(loot_dir))
|
||||||
raise Msf::DBImportError.new("Could not move files to #{loot_dir}")
|
raise Msf::DBImportError.new("Could not move files to #{loot_dir}")
|
||||||
end
|
end
|
||||||
|
@ -91,7 +89,7 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
end
|
end
|
||||||
new_loot = ::File.join(loot_dir,loot_file)
|
new_loot = ::File.join(loot_dir,loot_file)
|
||||||
loot_info[:path] = new_loot
|
loot_info[:path] = new_loot
|
||||||
if ::File.exists?(new_loot)
|
if ::File.exist?(new_loot)
|
||||||
::File.unlink new_loot # Delete it, and don't report it.
|
::File.unlink new_loot # Delete it, and don't report it.
|
||||||
else
|
else
|
||||||
report_loot(loot_info) # It's new, so report it.
|
report_loot(loot_info) # It's new, so report it.
|
||||||
|
@ -105,7 +103,6 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
|
||||||
task_info = {}
|
task_info = {}
|
||||||
task_info[:workspace] = args[:wspace]
|
task_info[:workspace] = args[:wspace]
|
||||||
return 0 unless task.at("path")
|
|
||||||
# Should user be imported (original) or declared (the importing user)?
|
# Should user be imported (original) or declared (the importing user)?
|
||||||
task_info[:user] = nils_for_nulls(task.at("created-by").text.to_s.strip)
|
task_info[:user] = nils_for_nulls(task.at("created-by").text.to_s.strip)
|
||||||
task_info[:desc] = nils_for_nulls(task.at("description").text.to_s.strip)
|
task_info[:desc] = nils_for_nulls(task.at("description").text.to_s.strip)
|
||||||
|
@ -130,10 +127,10 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
|
|
||||||
# Only report a task if we actually have it.
|
# Only report a task if we actually have it.
|
||||||
# TODO: Copypasta. Separate this out.
|
# TODO: Copypasta. Separate this out.
|
||||||
if ::File.exists? task_info[:orig_path]
|
if ::File.exist? task_info[:orig_path]
|
||||||
tasks_dir = ::File.join(basedir,"tasks")
|
tasks_dir = ::File.join(basedir,"tasks")
|
||||||
task_file = ::File.split(task_info[:orig_path]).last
|
task_file = ::File.split(task_info[:orig_path]).last
|
||||||
if ::File.exists? tasks_dir
|
if ::File.exist? tasks_dir
|
||||||
unless (::File.directory?(tasks_dir) && ::File.writable?(tasks_dir))
|
unless (::File.directory?(tasks_dir) && ::File.writable?(tasks_dir))
|
||||||
raise Msf::DBImportError.new("Could not move files to #{tasks_dir}")
|
raise Msf::DBImportError.new("Could not move files to #{tasks_dir}")
|
||||||
end
|
end
|
||||||
|
@ -142,7 +139,7 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
|
||||||
end
|
end
|
||||||
new_task = ::File.join(tasks_dir,task_file)
|
new_task = ::File.join(tasks_dir,task_file)
|
||||||
task_info[:path] = new_task
|
task_info[:path] = new_task
|
||||||
if ::File.exists?(new_task)
|
if ::File.exist?(new_task)
|
||||||
::File.unlink new_task # Delete it, and don't report it.
|
::File.unlink new_task # Delete it, and don't report it.
|
||||||
else
|
else
|
||||||
report_task(task_info) # It's new, so report it.
|
report_task(task_info) # It's new, so report it.
|
||||||
|
|
Loading…
Reference in New Issue