first attempt of reporting implementation.

git-svn-id: file:///home/svn/framework3/trunk@5771 4d416f70-5f16-0410-b530-b9f4589650da

data/sql/sqlite.sql

@@ -87,8 +87,9 @@ drop table reports;
 create table reports (
 'id' INTEGER PRIMARY KEY NOT NULL,
 'target_id' INTEGER,
+'parent_id' INTEGER,
 'entity' VARCHAR(50),
-'type' VARCHAR(50),
+'etype' VARCHAR(50),
 'value' BLOB,
 'notes' VARCHAR,
 'source' VARCHAR,

documentation/wmap.txt

@@ -69,8 +69,8 @@ WMAPScanBody        - Runs for every Body found in each request to the target
 WMAPScanHeaders     - Runs for every Header found in each request to the target
 WMAPScanGeneric     - Modules to be run after all tests complete. Good place to
                       perform passive analysis of responses, analysis of test
-                      results to launch other modules (i.e. exploits). 
-	
+                      results to launch other modules (i.e. exploits). 
+
 =[ Simple example.
 
 The following are the basic steps for testing a web server/app using WMAP: 

lib/msf/core/auxiliary/wmapmodule.rb

@@ -6,6 +6,8 @@ module Msf
 ###
 
 module Auxiliary::WMAPModule
+
+
 	#
 	# Initializes an instance of a WMAP module
 	#
@@ -22,8 +24,33 @@ module Auxiliary::WMAPModule
 		#default type
 		nil
 	end
+
+	def wmap_base_report_id(host,port,ssl)
+		if not ssl
+			num_ssl = 0
+		else
+			num_ssl = 1
+		end
+		
+		framework.db.last_report_id(host,port,num_ssl)
+	end
 	
-	#modified from CGI.rb as we dont use arrays, this function may need to be included in proto/http
+	#
+	# This method is used to add a new entry to the report table
+	# It return the id to be used to add context to additional data
+	#
+	def wmap_report(parent_id,entity,etype,value,notes)
+		framework.db.create_report(parent_id,entity,etype,value,notes,self.name)
+	end
+
+	#
+	# Report if report exists
+	#
+	def wmap_report_exists?
+		framework.db.report_exists?
+	end
+	
+	#modified from CGI.rb as we dont use arrays
 	def headersparse(qheaders)
 		params = Hash.new()
 
@@ -38,7 +65,7 @@ module Auxiliary::WMAPModule
 		params
 	end
 
-	#modified from CGI.rb as we dont use arrays, this function may need to be included in proto/http
+	#modified from CGI.rb as we dont use arrays
 	def queryparse(query)
 		params = Hash.new()
 

lib/msf/core/db.rb

@@ -95,7 +95,6 @@ end
 ###
 class DBManager
 
-
 	#
 	# Determines if the database is functional
 	#
@@ -407,6 +406,14 @@ class DBManager
 		Target.find(:first, :conditions => ["selected > 0"] ).ssl
 	end	
 	
+	#
+	# WMAP
+	# Selected id
+	#
+	def selected_id
+		Target.find(:first, :conditions => ["selected > 0"] ).id
+	end
+	
 	#
 	# WMAP
 	# This method iterates the requests table identifiying possible targets
@@ -545,8 +552,57 @@ class DBManager
 		#framework.events.on_db_target(context, rec)
 	end
 	
+	#
+	# WMAP
+	# Store data in report table
+	# First attempt for reporting. parent_id to point to other report entries
+	# to define context.
+	#
+	#
+	def create_report(parent_id,entity,etype,value,notes,source)
+		rep = Report.create(
+				:target_id => self.selected_id,
+				:parent_id => parent_id, 
+				:entity => entity, 
+				:etype => etype, 
+				:value => value,
+				:notes => notes,
+				:source => source,
+				:created => Time.now
+			)
+		rep.save
+
+		return rep.id	
+		#framework.events.on_db_target(context, rec)
+	end
+
+	#
+	# WMAP
+	# Last report available for the target to store new report entries.
+	#
+	def last_report_id(host,port,ssl)
+		rep = Report.find(:first, :order => 'id desc', :conditions => [ "parent_id = ? and value = ?",0,"#{host},#{port},#{ssl}"])		
+		
+		if (not rep)
+			rep_id = framework.db.create_report(0,'WMAP','REPORT',"#{host},#{port},#{ssl}","Metasploit WMAP Report",'WMAP Scanner')
+		else
+			rep_id = rep.id
+		end	
+
+		return rep_id
+	end
 	
-									
+	#
+	# Quick way to identify if the report database is available
+	#
+	def report_exists?
+		begin
+			Report.table_exists?
+		rescue
+			false
+		end
+	end	
+
 end
 
 end

lib/msf/core/db_objects.rb

@@ -107,7 +107,11 @@ class Target < ::ActiveRecord::Base
 	include DBSave
 	# Magic.
 end
-		
+
+# WMAP Report object definition
+class Report < ::ActiveRecord::Base
+	include DBSave
+end		
 
 end
 end

lib/msf/ui/console/command_dispatcher/wmap.rb

@@ -128,6 +128,9 @@ module Wmap
 					mode |= WMAP_SHOW
 				when '-e'
 					mode |= WMAP_EXPL
+					
+					# Create report entry
+					framework.db.create_report(0,'WMAP','REPORT',"#{selected_host},#{selected_port},#{selected_ssl}","Metasploit WMAP Report",'WMAP Scanner')
 				when '-h'
 					print_status("Usage: wmap_run [options]")
 					print_line("\t-h 		Display this help text")

modules/auxiliary/scanner/http/version.rb

@@ -46,11 +46,21 @@ class Metasploit3 < Msf::Auxiliary
 			if (res and res.headers['Server'])
 				extra = http_fingerprint(res)
 				print_status("#{ip} is running #{res.headers['Server']}#{extra}")
+
+				if wmap_report_exists?
+					rep_id = wmap_base_report_id(
+							self.target_host,
+							self.target_port,
+							self.ssl
+					)
+					wmap_report(rep_id,'WEB_SERVER','TYPE',"#{res.headers['Server']}#{extra}",nil)
+				end
 			end
 			
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 		rescue ::Timeout::Error, ::Errno::EPIPE
 		end
+
 	end
 	
 	#

modules/auxiliary/scanner/http/wmap_dir_listing.rb

@@ -49,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary
 
 			if (res and res.code >= 200 and res.code < 300)
 				if res.to_s.include? "<title>Index of /" and res.to_s.include? "<h1>Index of /"
-	 				print_status("Found Directoty Listing http://#{target_host}:#{datastore['RPORT']}#{tpath}")
+	 				print_status("Found Directory Listing http://#{target_host}:#{datastore['RPORT']}#{tpath}")
 				end
 			else
 				print_status("NOT Vulnerable to directoy listing http://#{target_host}:#{datastore['RPORT']}#{tpath}") 
@@ -58,7 +58,6 @@ class Metasploit3 < Msf::Auxiliary
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 		rescue ::Timeout::Error, ::Errno::EPIPE			
 		end
-	
 	end
 end