more msfweb foo

git-svn-id: file:///home/svn/incoming/trunk@3077 4d416f70-5f16-0410-b530-b9f4589650da
2005-11-24 05:13:40 +00:00 · 2005-11-24 05:13:40 +00:00 · 68e661065d
parent a19e98757d
commit 68e661065d
6 changed files with 118 additions and 17 deletions
--- a/data/msfweb/exploits.rhtml
+++ b/data/msfweb/exploits.rhtml
@ -1,6 +1,14 @@
 <%= Msf::Ui::Web::Common.header(framework.version, 'exploits') %>
 <tr><td colspan='5'>

+<%
+	name = query_string['name']
+	step = query_string['step'] || 0
+
+	if (name == nil)
+ %>
+
+<%# Display the exploit list if one hasn't been selected %>
 <br/>
 <div align='center' class='navHead'>
 	<table class='moduleList' width='100%' cellspacing='0' border='0'>
@ -21,5 +29,75 @@
 	</table>
 </div>

+<%# Wizard step 3 %>
+<%
+	elsif (step == 0)
+		modinst = framework.exploits.create(name)
+ %>
+<br/>
+<table width='100%' cellspacing='0' cellpadding='0' border='0'>
+	<tr>
+		<td class='moduleName'>
+			<div class='textBold'><%= html_escape(modinst.name) %></div>
+		</td>
+	</tr>
+</table>
+<br/>
+
+<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
+	<tr>
+		<td align='right' width='80' class='textBold'>Name:</td>
+		<td class='textNormal'><%= html_escape(modinst.name) %></td>
+	</tr>
+	<tr>
+		<td align='right' width='80' class='textBold'>Authors:</td>
+		<td class='textNormal'><%= html_escape(modinst.author.join("<br/>")) %></td>
+	</tr>
+	<tr>
+		<td align='right' width='80' class='textBold' valign='top'>Description:</td>
+		<td colspan='2' class='textNormal' valign='top'>
+			<%= html_escape(modinst.description) %>
+		</td>
+	</tr>
+	<tr>
+		<td align='right' width='80' class='textBold' valign='top'>References:</td>
+		<td colspan='2' class='textNormal' valign='top'>
+			<% modinst.references.each { |ref| %>
+					<% if (ref.kind_of?(Msf::Module::SiteReference)) %>
+					- <a href='<%= ref.site %>' target='_blank'><%= ref.to_s %></a><br/>
+			<% 	else %>
+					- <%= ref.to_s %><br/>
+			<% 	end %>
+			<% } %>
+		</td>
+	</tr>
+	<tr>
+		<td align='right' width='80' class='textBold'>Targets:</td>
+		<td class='textNormal'>&nbsp;</td>
+	<tr>
+		<td>&nbsp;</td>
+		<td>
+			<table align='align' cellpadding='2' cellspacing='0' border='0'>
+				<tr>
+					<td class='textBold'>Target Name</td>
+					<td class='textBold'>Platform</td>
+				</tr>
+				<% modinst.targets.each_with_index { |tgt, idx| %>
+				<tr>
+					<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
+						<%= idx %> - <a href='exploits.rhtml?name=<%= name %>&step=1&target=<%= idx %>'><%= tgt.name %></a>
+					</td>
+					<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
+						<%= Msf::Ui::Web::Common.target_icons(tgt) %>	
+					</td>
+				</tr>
+				<% } %>
+			</table>
+		</td>
+	</tr>
+</table>
+
+<% end %>
+
 </td></tr>
 <%= Msf::Ui::Web::Common.footer %>
--- a/data/msfweb/msfweb_common.rb
+++ b/data/msfweb/msfweb_common.rb
@ -61,8 +61,16 @@ module Common
 	# module instance supports.
 	#
 	def self.module_icons(modinst)
+		platform_icons(modinst.platform)
+	end
+
+	def self.target_icons(target)
+		platform_icons(target.platform)
+	end
+
+	def self.platform_icons(platform)
 		# If this module has no platforms, then we don't show any icons...
-		return "" if (modinst.platform.empty?)
+		return "" if (platform.empty?)

 		# Otherwise, get the platform specific information...
 		html = ""
@ -74,7 +82,7 @@ module Common
 			[ Msf::Module::Platform::OSX,     "osx.gif",   "osx"     ],
 			[ Msf::Module::Platform::BSD,     "bsd.gif",   "bsd"     ],
 		].each { |plat|
-			if (modinst.platform.supports?(Msf::Module::PlatformList.new(plat[0])) == true)
+			if (platform.supports?(Msf::Module::PlatformList.new(plat[0])) == true)
 				html += "<img src='images/#{plat[1]}' class='iconset' border='0' alt='#{plat[2]}'/>"
 			end
 		}
--- a/lib/msf/core/module/author.rb
+++ b/lib/msf/core/module/author.rb
@ -7,6 +7,18 @@ require 'msf/core'
 #
 ###
 class Msf::Module::Author
+
+	# A hash of known author names
+	Known =
+		{
+				'hdm'       => 'hdm@metasploit.com',
+				'H D Moore' => 'hdm@metasploit.com',
+				'spoonm'    => 'spoonm@gmail.com',
+				'skape'     => 'mmiller@hick.org',
+				'vlad902'   => 'vlad902@gmail.com',
+				'optyx'     => 'optyx@hatesemail.com',
+		}
+
 	#
 	# Class method that translates a string to an instance of the Author class,
 	# if it's of the right format, and returns the Author class instance
@ -31,7 +43,7 @@ class Msf::Module::Author

 	def initialize(name = nil, email = nil)
 		self.name  = name
-		self.email = email
+		self.email = email || Known[name]
 	end

 	#
@ -62,17 +74,6 @@ class Msf::Module::Author
 	#
 	def from_s(str)

-		# List of known framework authors that can be referred by just name
-		known_authors =
-			{
-				'hdm'       => 'hdm@metasploit.com',
-				'H D Moore' => 'hdm@metasploit.com',
-				'spoonm'    => 'spoonm@gmail.com',
-				'skape'     => 'mmiller@hick.org',
-				'vlad902'   => 'vlad902@gmail.com',
-				'optyx'     => 'optyx@hatesemail.com',
-			}
-
 		# Make fix up this regex to be a bit better...I suck at regex
 		m = /^([A-Za-z0-9 _]*?) <(.*?)>/.match(str)

@ -80,7 +81,7 @@ class Msf::Module::Author
 			self.name  = m[1]
 			self.email = m[2]
 		else
-			self.email = known_authors[str]
+			self.email = Known[str]

 			if (self.email != nil)
 				self.name = str
@ -92,5 +93,14 @@ class Msf::Module::Author
 		return true
 	end

-	attr_accessor :name, :email
+	#
+	# Sets the name of the author and updates the email if it's a known author.
+	#
+	def name=(name)
+		self.email = Known[name] if (Known[name])
+		@name = name
+	end
+
+	attr_accessor :email
+	attr_reader   :name
 end
--- a/lib/msf/core/module/reference.rb
+++ b/lib/msf/core/module/reference.rb
@ -98,6 +98,10 @@ class Msf::Module::SiteReference < Msf::Module::Reference
 			self.site = 'http://www.securityfocus.com/bid/' + in_ctx_id.to_s
 		elsif (in_site == 'MSB')
 			self.site = 'http://www.microsoft.com/technet/security/bulletin/' + in_ctx_id.to_s + '.mspx'
+		elsif (in_site == 'MIL')
+			self.site = 'http://milw0rm.com/metasploit.php?id=' + in_ctx_id.to_s
+		elsif (in_site == 'URL')
+			self.site = in_ctx_id.to_s
 		else
 			self.site  = in_site
 			self.site += " (#{in_ctx_id.to_s})" if (in_ctx_id)
--- a/lib/rex/proto/http/handler/erb.rb
+++ b/lib/rex/proto/http/handler/erb.rb
@ -1,4 +1,5 @@
 require 'erb'
+include ERB::Util

 module Rex
 module Proto
--- a/lib/rex/proto/http/request.rb
+++ b/lib/rex/proto/http/request.rb
@ -86,7 +86,7 @@ class Request < Packet
 		# Otherwise, just assume that the URI is equal to the resource being
 		# requested.
 		else
-			self.uri_parts['QueryString'] = nil
+			self.uri_parts['QueryString'] = {}
 			self.uri_parts['Resource']    = self.uri
 		end