first attempt of reporting implementation.

git-svn-id: file:///home/svn/framework3/trunk@5771 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 20:32:14 +00:00 · 2008-10-19 20:32:14 +00:00 · 7e73ed8c15
parent c34bbae344
commit 7e73ed8c15
8 changed files with 110 additions and 10 deletions
--- a/data/sql/sqlite.sql
+++ b/data/sql/sqlite.sql
@ -87,8 +87,9 @@ drop table reports;
 create table reports (
 'id' INTEGER PRIMARY KEY NOT NULL,
 'target_id' INTEGER,
+'parent_id' INTEGER,
 'entity' VARCHAR(50),
-'type' VARCHAR(50),
+'etype' VARCHAR(50),
 'value' BLOB,
 'notes' VARCHAR,
 'source' VARCHAR,
--- a/lib/msf/core/auxiliary/wmapmodule.rb
+++ b/lib/msf/core/auxiliary/wmapmodule.rb
@ -6,6 +6,8 @@ module Msf
 ###

 module Auxiliary::WMAPModule
+
+
 	#
 	# Initializes an instance of a WMAP module
 	#
@ -23,7 +25,32 @@ module Auxiliary::WMAPModule
 		nil
 	end

-	#modified from CGI.rb as we dont use arrays, this function may need to be included in proto/http
+	def wmap_base_report_id(host,port,ssl)
+		if not ssl
+			num_ssl = 0
+		else
+			num_ssl = 1
+		end
+		
+		framework.db.last_report_id(host,port,num_ssl)
+	end
+	
+	#
+	# This method is used to add a new entry to the report table
+	# It return the id to be used to add context to additional data
+	#
+	def wmap_report(parent_id,entity,etype,value,notes)
+		framework.db.create_report(parent_id,entity,etype,value,notes,self.name)
+	end
+
+	#
+	# Report if report exists
+	#
+	def wmap_report_exists?
+		framework.db.report_exists?
+	end
+	
+	#modified from CGI.rb as we dont use arrays
 	def headersparse(qheaders)
 		params = Hash.new()

@ -38,7 +65,7 @@ module Auxiliary::WMAPModule
 		params
 	end

-	#modified from CGI.rb as we dont use arrays, this function may need to be included in proto/http
+	#modified from CGI.rb as we dont use arrays
 	def queryparse(query)
 		params = Hash.new()

--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@ -95,7 +95,6 @@ end
 ###
 class DBManager

-
 	#
 	# Determines if the database is functional
 	#
@ -407,6 +406,14 @@ class DBManager
 		Target.find(:first, :conditions => ["selected > 0"] ).ssl
 	end	
 	
+	#
+	# WMAP
+	# Selected id
+	#
+	def selected_id
+		Target.find(:first, :conditions => ["selected > 0"] ).id
+	end
+	
 	#
 	# WMAP
 	# This method iterates the requests table identifiying possible targets
@ -545,7 +552,56 @@ class DBManager
 		#framework.events.on_db_target(context, rec)
 	end
 	
+	#
+	# WMAP
+	# Store data in report table
+	# First attempt for reporting. parent_id to point to other report entries
+	# to define context.
+	#
+	#
+	def create_report(parent_id,entity,etype,value,notes,source)
+		rep = Report.create(
+				:target_id => self.selected_id,
+				:parent_id => parent_id, 
+				:entity => entity, 
+				:etype => etype, 
+				:value => value,
+				:notes => notes,
+				:source => source,
+				:created => Time.now
+			)
+		rep.save

+		return rep.id	
+		#framework.events.on_db_target(context, rec)
+	end
+
+	#
+	# WMAP
+	# Last report available for the target to store new report entries.
+	#
+	def last_report_id(host,port,ssl)
+		rep = Report.find(:first, :order => 'id desc', :conditions => [ "parent_id = ? and value = ?",0,"#{host},#{port},#{ssl}"])		
+		
+		if (not rep)
+			rep_id = framework.db.create_report(0,'WMAP','REPORT',"#{host},#{port},#{ssl}","Metasploit WMAP Report",'WMAP Scanner')
+		else
+			rep_id = rep.id
+		end	
+
+		return rep_id
+	end
+	
+	#
+	# Quick way to identify if the report database is available
+	#
+	def report_exists?
+		begin
+			Report.table_exists?
+		rescue
+			false
+		end
+	end	

 end

--- a/lib/msf/core/db_objects.rb
+++ b/lib/msf/core/db_objects.rb
@ -108,6 +108,10 @@ class Target < ::ActiveRecord::Base
 	# Magic.
 end

+# WMAP Report object definition
+class Report < ::ActiveRecord::Base
+	include DBSave
+end		

 end
 end
--- a/lib/msf/ui/console/command_dispatcher/wmap.rb
+++ b/lib/msf/ui/console/command_dispatcher/wmap.rb
@ -128,6 +128,9 @@ module Wmap
 					mode |= WMAP_SHOW
 				when '-e'
 					mode |= WMAP_EXPL
+					
+					# Create report entry
+					framework.db.create_report(0,'WMAP','REPORT',"#{selected_host},#{selected_port},#{selected_ssl}","Metasploit WMAP Report",'WMAP Scanner')
 				when '-h'
 					print_status("Usage: wmap_run [options]")
 					print_line("\t-h 		Display this help text")
--- a/modules/auxiliary/scanner/http/version.rb
+++ b/modules/auxiliary/scanner/http/version.rb
@ -46,11 +46,21 @@ class Metasploit3 < Msf::Auxiliary
 			if (res and res.headers['Server'])
 				extra = http_fingerprint(res)
 				print_status("#{ip} is running #{res.headers['Server']}#{extra}")
+
+				if wmap_report_exists?
+					rep_id = wmap_base_report_id(
+							self.target_host,
+							self.target_port,
+							self.ssl
+					)
+					wmap_report(rep_id,'WEB_SERVER','TYPE',"#{res.headers['Server']}#{extra}",nil)
+				end
 			end
 			
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 		rescue ::Timeout::Error, ::Errno::EPIPE
 		end
+
 	end
 	
 	#
--- a/modules/auxiliary/scanner/http/wmap_dir_listing.rb
+++ b/modules/auxiliary/scanner/http/wmap_dir_listing.rb
@ -49,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary

 			if (res and res.code >= 200 and res.code < 300)
 				if res.to_s.include? "<title>Index of /" and res.to_s.include? "<h1>Index of /"
-	 				print_status("Found Directoty Listing http://#{target_host}:#{datastore['RPORT']}#{tpath}")
+	 				print_status("Found Directory Listing http://#{target_host}:#{datastore['RPORT']}#{tpath}")
 				end
 			else
 				print_status("NOT Vulnerable to directoy listing http://#{target_host}:#{datastore['RPORT']}#{tpath}") 
@ -58,7 +58,6 @@ class Metasploit3 < Msf::Auxiliary
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 		rescue ::Timeout::Error, ::Errno::EPIPE			
 		end
-	
 	end
 end