infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10937, remove server/client from module cache

4.x
Brent Cook 2019-02-12 21:28:14 -06:00 committed by Jeffrey Martin
parent c51d68dbb7
commit b56b28a43f
No known key found for this signature in database
GPG Key ID: 0CD9BBC2AF15F171
7 changed files with 5 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/msf/core/db_manager/module_cache.rb
View File

@ -147,7 +147,6 @@ module Msf::DBManager::ModuleCache
# This provides a standard set of search filters for every module. # This provides a standard set of search filters for every module.
# #
# Supported keywords with the format <keyword>:<search_value>: # Supported keywords with the format <keyword>:<search_value>:
# +app+:: If +client+ then matches +'passive'+ stance modules, otherwise matches +'active' stance modules.
# +author+:: Matches modules with the given author email or name. # +author+:: Matches modules with the given author email or name.
# +bid+:: Matches modules with the given Bugtraq ID. # +bid+:: Matches modules with the given Bugtraq ID.
# +cve+:: Matches modules with the given CVE ID. # +cve+:: Matches modules with the given CVE ID.
@ -204,7 +203,6 @@ module Msf::DBManager::ModuleCache
@names = Set.new @names = Set.new
@os = Set.new @os = Set.new
@refs = Set.new @refs = Set.new
@stances = Set.new
@text = Set.new @text = Set.new
@types = Set.new @types = Set.new
@ -212,15 +210,6 @@ module Msf::DBManager::ModuleCache
formatted_values = match_values(value_set) formatted_values = match_values(value_set)
case keyword case keyword
when 'app'
formatted_values = value_set.collect { |value|
formatted_value = 'aggressive'
if value == 'client'
formatted_value = 'passive'
end
formatted_value
}
@stances << formatted_values
when 'arch' when 'arch'
@archs << formatted_values @archs << formatted_values
when 'author' when 'author'
@ -251,7 +240,6 @@ module Msf::DBManager::ModuleCache
@query = @query.module_os_or_platform( @os.to_a.flatten ) if @os.any? @query = @query.module_os_or_platform( @os.to_a.flatten ) if @os.any?
@query = @query.module_text( @text.to_a.flatten ) if @text.any? @query = @query.module_text( @text.to_a.flatten ) if @text.any?
@query = @query.module_type( @types.to_a.flatten ) if @types.any? @query = @query.module_type( @types.to_a.flatten ) if @types.any?
@query = @query.module_stance( @stances.to_a.flatten ) if @stances.any?
@query = @query.module_ref( @refs.to_a.flatten ) if @refs.any? @query = @query.module_ref( @refs.to_a.flatten ) if @refs.any?
@query.uniq @query.uniq

5
lib/msf/core/module/search.rb
View File

@ -42,8 +42,6 @@ module Msf::Module::Search
k = res k = res
refs = self.references.map{|x| [x.ctx_id, x.ctx_val].join("-") } refs = self.references.map{|x| [x.ctx_id, x.ctx_val].join("-") }
is_server = (self.respond_to?(:stance) and self.stance == "aggressive")
is_client = (self.respond_to?(:stance) and self.stance == "passive")
[0,1].each do |mode| [0,1].each do |mode|
match = false match = false
@ -79,9 +77,6 @@ module Msf::Module::Search
match = [t,w] if self.datastore['RPORT'].to_s =~ r match = [t,w] if self.datastore['RPORT'].to_s =~ r
when 'type' when 'type'
match = [t,w] if Msf::MODULE_TYPES.any? { |modt| w == modt and self.type == modt } match = [t,w] if Msf::MODULE_TYPES.any? { |modt| w == modt and self.type == modt }
when 'app'
match = [t,w] if (w == "server" and is_server)
match = [t,w] if (w == "client" and is_client)
when 'cve' when 'cve'
match = [t,w] if refs.any? { |ref| ref =~ /^cve\-/i and ref =~ r } match = [t,w] if refs.any? { |ref| ref =~ /^cve\-/i and ref =~ r }
when 'bid' when 'bid'

3
lib/msf/core/modules/metadata/maps.rb
View File

@ -18,7 +18,8 @@ module Msf::Modules::Metadata::Maps
mservs = {} mservs = {}
get_metadata.each do |exploit| get_metadata.each do |exploit|
next unless exploit.type == "exploit" && exploit.is_server # expand this in future to be more specific about remote exploits.
next unless exploit.type == "exploit"
fullname = exploit.full_name fullname = exploit.full_name
exploit.references.each do |reference| exploit.references.each do |reference|
next if reference =~ /^URL/ next if reference =~ /^URL/

10
lib/msf/core/modules/metadata/obj.rb
View File

@ -26,10 +26,6 @@ class Obj
# @return [Array<String>] # @return [Array<String>]
attr_reader :references attr_reader :references
# @return [Boolean] # @return [Boolean]
attr_reader :is_server
# @return [Boolean]
attr_reader :is_client
# @return [String]
attr_reader :platform attr_reader :platform
# @return [String] # @return [String]
attr_reader :arch attr_reader :arch
@ -70,8 +66,6 @@ class Obj
@description = module_instance.description.to_s.strip @description = module_instance.description.to_s.strip
@author = module_instance.author.map{|x| x.to_s} @author = module_instance.author.map{|x| x.to_s}
@references = module_instance.references.map{|x| [x.ctx_id, x.ctx_val].join("-") } @references = module_instance.references.map{|x| [x.ctx_id, x.ctx_val].join("-") }
@is_server = (module_instance.respond_to?(:stance) and module_instance.stance == "aggressive")
@is_client = (module_instance.respond_to?(:stance) and module_instance.stance == "passive")
@post_auth = module_instance.post_auth? @post_auth = module_instance.post_auth?
@default_credential = module_instance.default_cred? @default_credential = module_instance.default_cred?
@ -123,8 +117,6 @@ class Obj
'author' => @author, 'author' => @author,
'description' => @description, 'description' => @description,
'references' => @references, 'references' => @references,
'is_server' => @is_server,
'is_client' => @is_client,
'platform' => @platform, 'platform' => @platform,
'arch' => @arch, 'arch' => @arch,
'rport' => @rport, 'rport' => @rport,
@ -174,8 +166,6 @@ class Obj
@description = obj_hash['description'] @description = obj_hash['description']
@author = obj_hash['author'].nil? ? [] : obj_hash['author'] @author = obj_hash['author'].nil? ? [] : obj_hash['author']
@references = obj_hash['references'] @references = obj_hash['references']
@is_server = obj_hash['is_server']
@is_client = obj_hash['is_client']
@platform = obj_hash['platform'] @platform = obj_hash['platform']
@arch = obj_hash['arch'] @arch = obj_hash['arch']
@rport = obj_hash['rport'] @rport = obj_hash['rport']

5
lib/msf/core/modules/metadata/search.rb
View File

@ -6,7 +6,7 @@ require 'msf/core/modules/metadata'
module Msf::Modules::Metadata::Search module Msf::Modules::Metadata::Search
VALID_PARAMS = VALID_PARAMS =
%w[aka app author authors arch cve bid edb check date disclosure_date description full_name fullname mod_time %w[aka author authors arch cve bid edb check date disclosure_date description full_name fullname mod_time
name os platform path port rport rank ref ref_name reference references target targets text type] name os platform path port rport rank ref ref_name reference references target targets text type]
# #
@ -49,9 +49,6 @@ module Msf::Modules::Metadata::Search
case keyword case keyword
when 'aka' when 'aka'
match = [keyword, search_term] if (module_metadata.notes['AKA'] || []).any? { |aka| aka =~ regex } match = [keyword, search_term] if (module_metadata.notes['AKA'] || []).any? { |aka| aka =~ regex }
when 'app'
match = [keyword, search_term] if (search_term == "server" and module_metadata.is_server)
match = [keyword, search_term] if (search_term == "client" and module_metadata.is_client)
when 'author', 'authors' when 'author', 'authors'
match = [keyword, search_term] if module_metadata.author.any? { |author| author =~ regex } match = [keyword, search_term] if module_metadata.author.any? { |author| author =~ regex }
when 'arch' when 'arch'

3
lib/msf/ui/console/command_dispatcher/modules.rb
View File

@ -327,7 +327,6 @@ module Msf
print_line "Keywords:" print_line "Keywords:"
{ {
'aka' => 'Modules with a matching AKA (also-known-as) name', 'aka' => 'Modules with a matching AKA (also-known-as) name',
'app' => 'Modules that are client or server attacks',
'author' => 'Modules written by this author', 'author' => 'Modules written by this author',
'arch' => 'Modules affecting this architecture', 'arch' => 'Modules affecting this architecture',
'bid' => 'Modules with a matching Bugtraq ID', 'bid' => 'Modules with a matching Bugtraq ID',
@ -352,7 +351,7 @@ module Msf
end end
print_line print_line
print_line "Examples:" print_line "Examples:"
print_line " search cve:2009 type:exploit app:client" print_line " search cve:2009 type:exploit"
print_line print_line
end end

44
spec/support/shared/examples/msf/db_manager/module_cache.rb
View File

@ -152,50 +152,6 @@ RSpec.shared_examples_for 'Msf::DBManager::ModuleCache' do
search_modules.to_a search_modules.to_a
end end
context 'with app keyword' do
let(:search_string) do
"app:#{app}"
end
before(:example) do
Mdm::Module::Detail::STANCES.each do |stance|
FactoryGirl.create(:mdm_module_detail, :stance => stance)
end
end
context 'with client' do
let(:app) do
'client'
end
it "should match Mdm::Module::Detail#stance 'passive'" do
expect(module_details.count).to be > 0
expect(
module_details.all? { |module_detail|
module_detail.stance == 'passive'
}
).to eq true
end
end
context 'with server' do
let(:app) do
'server'
end
it "should match Mdm::Module::Detail#stance 'aggressive'" do
expect(module_details.count).to be > 0
expect(
module_details.all? { |module_detail|
module_detail.stance == 'aggressive'
}
).to eq true
end
end
end
context 'with author keyword' do context 'with author keyword' do
let(:search_string) do let(:search_string) do
# us inspect so strings with spaces are quoted correctly # us inspect so strings with spaces are quoted correctly