Escape HTML for KB and update rspec
wchen-r7
parent
ee63464b8c
commit
58b8c35146
|
|
@ -28,13 +28,13 @@ If you wish to run the post against all sessions from framework, here is how:
|
|||
1 - Create the following resource script:
|
||||
|
||||
```
|
||||
<ruby>
|
||||
<ruby>
|
||||
framework.sessions.each_pair do |sid, session|
|
||||
run_single("use <%= mod.fullname %>")
|
||||
run_single("set SESSION #{sid}")
|
||||
run_single("run")
|
||||
end
|
||||
</ruby>
|
||||
</ruby>
|
||||
```
|
||||
|
||||
2 - At the msf prompt, execute the above resource script:
|
||||
|
|
|
|||
|
|
@ -37,22 +37,22 @@ module Msf
|
|||
# Markdown templates
|
||||
#
|
||||
|
||||
CSS_BASE_PATH = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'markdown.css'))
|
||||
HTML_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'html_template.erb'))
|
||||
TEMPLATE_PATH = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'default_template.erb'))
|
||||
CSS_BASE_PATH = 'markdown.css'
|
||||
HTML_TEMPLATE = 'html_template.erb'
|
||||
TEMPLATE_PATH = 'default_template.erb'
|
||||
|
||||
#
|
||||
# Demo templates
|
||||
#
|
||||
|
||||
REMOTE_EXPLOIT_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'remote_exploit_demo_template.erb'))
|
||||
BES_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'bes_demo_template.erb'))
|
||||
HTTPSERVER_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'httpserver_demo_template.erb'))
|
||||
GENERIC_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'generic_demo_template.erb'))
|
||||
LOCALEXPLOIT_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'localexploit_demo_template.erb'))
|
||||
POST_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'post_demo_template.erb'))
|
||||
AUXILIARY_SCANNER_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'auxiliary_scanner_template.erb'))
|
||||
PAYLOAD_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'payload_demo_template.erb'))
|
||||
REMOTE_EXPLOIT_DEMO_TEMPLATE = 'remote_exploit_demo_template.erb'
|
||||
BES_DEMO_TEMPLATE = 'bes_demo_template.erb'
|
||||
HTTPSERVER_DEMO_TEMPLATE = 'httpserver_demo_template.erb'
|
||||
GENERIC_DEMO_TEMPLATE = 'generic_demo_template.erb'
|
||||
LOCALEXPLOIT_DEMO_TEMPLATE = 'localexploit_demo_template.erb'
|
||||
POST_DEMO_TEMPLATE = 'post_demo_template.erb'
|
||||
AUXILIARY_SCANNER_DEMO_TEMPLATE = 'auxiliary_scanner_template.erb'
|
||||
PAYLOAD_DEMO_TEMPLATE = 'payload_demo_template.erb'
|
||||
|
||||
|
||||
# Returns the module document in HTML form.
|
||||
|
|
@ -63,10 +63,11 @@ module Msf
|
|||
def get_md_content(items, kb)
|
||||
@md_template ||= lambda {
|
||||
template = ''
|
||||
File.open(TEMPLATE_PATH, 'rb') { |f| template = f.read }
|
||||
path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', TEMPLATE_PATH))
|
||||
File.open(path, 'rb') { |f| template = f.read }
|
||||
return template
|
||||
}.call
|
||||
md_to_html(ERB.new(@md_template).result(binding()), kb)
|
||||
md_to_html(ERB.new(@md_template).result(binding()), h(kb))
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -79,7 +80,8 @@ module Msf
|
|||
def load_css
|
||||
@css ||= lambda {
|
||||
data = ''
|
||||
File.open(CSS_BASE_PATH, 'rb') { |f| data = f.read }
|
||||
path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', CSS_BASE_PATH))
|
||||
File.open(path, 'rb') { |f| data = f.read }
|
||||
return data
|
||||
}.call
|
||||
end
|
||||
|
|
@ -94,7 +96,8 @@ module Msf
|
|||
r = Redcarpet::Markdown.new(Redcarpet::Render::MsfMdHTML, fenced_code_blocks: true, no_intra_emphasis: true, escape_html: true)
|
||||
ERB.new(@html_template ||= lambda {
|
||||
html_template = ''
|
||||
File.open(HTML_TEMPLATE, 'rb') { |f| html_template = f.read }
|
||||
path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', HTML_TEMPLATE))
|
||||
File.open(path, 'rb') { |f| html_template = f.read }
|
||||
return html_template
|
||||
}.call).result(binding())
|
||||
end
|
||||
|
|
@ -207,13 +210,14 @@ module Msf
|
|||
end
|
||||
|
||||
|
||||
# Returns a parsed ERB template.
|
||||
# Returns a parsed demo ERB template.
|
||||
#
|
||||
# @param mod [Msf::Module] Metasploit module.
|
||||
# @param path [String] Template path.
|
||||
# @return [String]
|
||||
def load_template(mod, path)
|
||||
def load_demo_template(mod, path)
|
||||
data = ''
|
||||
path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', path))
|
||||
File.open(path, 'rb') { |f| data = f.read }
|
||||
ERB.new(data).result(binding())
|
||||
end
|
||||
|
|
@ -244,21 +248,21 @@ module Msf
|
|||
# @return [String]
|
||||
def normalize_demo_output(mod)
|
||||
if mod.kind_of?(Msf::Exploit::Remote::BrowserExploitServer) && mod.shortname != 'browser_autopwn2'
|
||||
load_template(mod, BES_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, BES_DEMO_TEMPLATE)
|
||||
elsif mod.kind_of?(Msf::Exploit::Remote::HttpServer)
|
||||
load_template(mod, HTTPSERVER_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, HTTPSERVER_DEMO_TEMPLATE)
|
||||
elsif mod.kind_of?(Msf::Exploit::Local)
|
||||
load_template(mod, LOCALEXPLOIT_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, LOCALEXPLOIT_DEMO_TEMPLATE)
|
||||
elsif mod.kind_of?(Msf::Post)
|
||||
load_template(mod, POST_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, POST_DEMO_TEMPLATE)
|
||||
elsif mod.kind_of?(Msf::Payload)
|
||||
load_template(mod, PAYLOAD_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, PAYLOAD_DEMO_TEMPLATE)
|
||||
elsif mod.kind_of?(Msf::Auxiliary::Scanner)
|
||||
load_template(mod, AUXILIARY_SCANNER_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, AUXILIARY_SCANNER_DEMO_TEMPLATE)
|
||||
elsif is_remote_exploit?(mod)
|
||||
load_template(mod, REMOTE_EXPLOIT_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, REMOTE_EXPLOIT_DEMO_TEMPLATE)
|
||||
else
|
||||
load_template(mod, GENERIC_DEMO_TEMPLATE)
|
||||
load_demo_template(mod, GENERIC_DEMO_TEMPLATE)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -195,11 +195,11 @@ RSpec.describe Msf::Util::DocumentGenerator::DocumentNormalizer do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'load_template' do
|
||||
describe 'load_demo_template' do
|
||||
context 'when a BrowserExploitServer demo template path is given' do
|
||||
it 'returns the demo' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::BES_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include('This module is also supported by Browser Autopwn 2')
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include('This module is also supported by Browser Autopwn 2')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -208,42 +208,42 @@ RSpec.describe Msf::Util::DocumentGenerator::DocumentNormalizer do
|
|||
context 'when the module is a kind of Msf::Exploit::Remote::HttpServer' do
|
||||
it 'returns the demo of HTTPSERVER_DEMO_TEMPLATE' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::HTTPSERVER_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include("use #{mod_fullname}")
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include("use #{mod_fullname}")
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the module is a kind of Msf::Exploit::Local' do
|
||||
it 'returns the content of LOCALEXPLOIT_DEMO_TEMPLATE' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::LOCALEXPLOIT_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include('To run a local exploit, make sure you are at the msf prompt.')
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include('To run a local exploit, make sure you are at the msf prompt.')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the module is a kind of Msf::Post' do
|
||||
it 'returns the demo of POST_DEMO_TEMPLATE' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::POST_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include('There are two ways to execute this post module')
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include('There are two ways to execute this post module')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the module is a kind of Msf::Payload' do
|
||||
it 'returns the demo of PAYLOAD_TEMPLATE' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::PAYLOAD_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include('> generate')
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::PAYLOAD_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include('> generate')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the module is a kind of Msf::Auxiliary::Scanner' do
|
||||
it 'returns the demo of AUXILIARY_SCANNER_TEMPLATE' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::AUXILIARY_SCANNER_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include('This module is a scanner module')
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::AUXILIARY_SCANNER_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include('This module is a scanner module')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the module does not have a known kind' do
|
||||
it 'returns the demo of GENERIC_DEMO_TEMPLATE' do
|
||||
template = Msf::Util::DocumentGenerator::DocumentNormalizer::GENERIC_DEMO_TEMPLATE
|
||||
expect(subject.send(:load_template, msf_mod, template)).to include('msf exploit')
|
||||
expect(subject.send(:load_demo_template, msf_mod, template)).to include('msf exploit')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue