Land #4539, @Meatballs1's creds cmd now supports type filters, -R for search

lib/msf/ui/console/command_dispatcher/db.rb

@@ -68,6 +68,10 @@ class Db
     ]
   end
 
+  def allowed_cred_types
+    %w(password ntlm hash)
+  end
+
   #
   # Returns true if the db is connected, prints an error and returns
   # false if not.
@@ -676,6 +680,8 @@ class Db
     print_line "  -p,--port <portspec>  List creds with logins on services matching this port spec"
     print_line "  -s <svc names>        List creds matching comma-separated service names"
     print_line "  -u,--user <regex>     List users that match this regex"
+    print_line "  -t,--type <type>      List creds that match the following types: #{allowed_cred_types.join(',')}"
+    print_line "  -R,--rhosts           Set RHOSTS from the results of the search"
 
     print_line
     print_line "Examples, listing:"
@@ -683,6 +689,7 @@ class Db
     print_line "  creds 1.2.3.4/24    # nmap host specification"
     print_line "  creds -p 22-25,445  # nmap port specification"
     print_line "  creds -s ssh,smb    # All creds associated with a login on SSH or SMB services"
+    print_line "  creds -t ntlm       # All NTLM creds"
     print_line
 
     print_line
@@ -760,6 +767,9 @@ class Db
     host_ranges = []
     port_ranges = []
     svcs        = []
+    rhosts      = []
+
+    set_rhosts = false
 
     #cred_table_columns = [ 'host', 'port', 'user', 'pass', 'type', 'proof', 'active?' ]
     cred_table_columns = [ 'host', 'service', 'public', 'private', 'realm', 'private_type' ]
@@ -806,6 +816,8 @@ class Db
         end
       when "-d"
         mode = :delete
+      when '-R', '--rhosts'
+        set_rhosts = true
       else
         # Anything that wasn't an option is a host to search for
         unless (arg_host_range(arg, host_ranges))
@@ -822,6 +834,20 @@ class Db
       pass_regex = Regexp.compile(pass)
     end
 
+    if ptype
+      type = case ptype
+             when 'password'
+               Metasploit::Credential::Password
+             when 'hash'
+               Metasploit::Credential::PasswordHash
+             when 'ntlm'
+               Metasploit::Credential::NTLMHash
+             else
+               print_error("Unrecognized credential type #{ptype} -- must be one of #{allowed_cred_types.join(',')}")
+               return
+             end
+    end
+
     # normalize
     ports = port_ranges.flatten.uniq
     svcs.flatten!
@@ -839,6 +865,9 @@ class Db
 
       query.each do |core|
 
+        # Exclude creds that don't match the given type
+        next if type.present? && !core.private.kind_of?(type)
+
         # Exclude creds that don't match the given user
         if user_regex.present? && !core.public.username.match(user_regex)
           next
@@ -880,6 +909,7 @@ class Db
               next
             end
             row = [ login.service.host.address ]
+            rhosts << login.service.host.address
             if login.service.name.present?
               row << "#{login.service.port}/#{login.service.proto} (#{login.service.name})"
             else
@@ -909,6 +939,7 @@ class Db
         print_status("Wrote creds to #{output_file}")
       end
 
+      set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
       print_status("Deleted #{delete_count} creds") if delete_count > 0
     }
   end