283 lines
11 KiB
Ruby
283 lines
11 KiB
Ruby
require 'swagger/blocks'
|
|
|
|
# TODO: Complete this documentation when the credential model is fully implemented in the API.
|
|
module CredentialApiDoc
|
|
include Swagger::Blocks
|
|
|
|
ORIGIN_ID_DESC = 'The ID of the origin record associated with this credential.'
|
|
ORIGIN_TYPE_DESC = 'The class name within Metasploit::Credential that indicates where this credential came from.'
|
|
PRIVATE_ID_DESC = 'The ID of the Metasploit::Credential::Private record associated with this credential.'
|
|
PUBLIC_ID_DESC = 'The ID of the Metasploit::Credential::Public record associated with this credential.'
|
|
REALM_ID_DESC = 'The ID of the Metasploit::Credential::Realm from where the credential was gathered.'
|
|
LOGINS_COUNT_DESC = 'The number of successful login attempts that were completed using this credential.'
|
|
ADDRESS_DESC = 'The IP address of the host this credential was collected from.'
|
|
ADDRESS_EXAMPLE = '127.0.0.1'
|
|
SERVICE_NAME_DESC = 'The name of the service from which this credential was collected from.'
|
|
SERVICE_NAME_EXAMPLE = 'ssh'
|
|
PORT_DESC = 'The port on which the service was listening where this credential was collected from.'
|
|
PORT_EXAMPLE = '22'
|
|
PROTOCOL_DESC = 'The protocol the service was using.'
|
|
PROTOCOL_ENUM = [ 'tcp', 'udp' ]
|
|
MODULE_FULLNAME_DESC = 'The full name of the Metasploit module that was used to collect this credential.'
|
|
MODULE_FULLNAME_EXAMPLE = 'auxiliary/scanner/smb/smb_login'
|
|
FILENAME_DESC = 'The filename of the file that was imported. This is necessary when the origin_type is import.'
|
|
FILENAME_EXAMPLE = '/etc/shadow'
|
|
POST_REFERENCE_NAME_DESC = 'The reference name of the Metasploit Post module used to collect this credential.'
|
|
POST_REFERENCE_NAME_EXAMPLE = 'post/linux/gather/hashdump'
|
|
SESSION_ID_DESC = 'The ID of the session where this credential was collected from.'
|
|
USERNAME_DESC = 'The username for this credential.'
|
|
USERNAME_EXAMPLE = 'administrator'
|
|
PUBLIC_TYPE_DESC = 'The type of username that this falls into. This is used for searching for similar credentials.'
|
|
PRIVATE_TYPE_DESC = 'The type of password data for this credential.'
|
|
DATA_DESC = 'The private data for this credential. The semantic meaning of this data varies based on the type.'
|
|
DATA_EXAMPLE = "'password123', '$1$5nfRD/bA$y7ZZD0NimJTbX9FtvhHJX1', or '$NT$7f8fe03093cc84b267b109625f6bbf4b'"
|
|
JTR_FORMAT_DESC = 'Comma-separated list of the formats for John the ripper to use to try and crack this.'
|
|
JTR_FORMAT_EXAMPLE = 'md5,des,bsdi,crypt'
|
|
PUBLIC_TYPE_ENUM = [ 'Metasploit::Credential::BlankUsername', 'Metasploit::Credential::Username' ]
|
|
PRIVATE_TYPE_CLASS_ENUM = [
|
|
'Metasploit::Credential::ReplayableHash',
|
|
'Metasploit::Credential::NonreplayableHash',
|
|
'Metasploit::Credential::NTLMHash',
|
|
'Metasploit::Credential::Password',
|
|
'Metasploit::Credential::PasswordHash',
|
|
'Metasploit::Credential::SSHKey',
|
|
'Metasploit::Credential::PostgresMD5',
|
|
'Metasploit::Credential::BlankPassword'
|
|
]
|
|
PRIVATE_TYPE_ENUM = [
|
|
'password',
|
|
'ssh_key',
|
|
'ntlm_hash',
|
|
'postgres_md5',
|
|
'nonreplayable_hash',
|
|
'<blank>'
|
|
]
|
|
ORIGIN_TYPE_CLASS_ENUM = [
|
|
'Metasploit::Credential::Origin::Import',
|
|
'Metasploit::Credential::Origin::Manual',
|
|
'Metasploit::Credential::Origin::Service',
|
|
'Metasploit::Credential::Origin::Session'
|
|
]
|
|
ORIGIN_TYPE_ENUM = [
|
|
'import',
|
|
'manual',
|
|
'service',
|
|
'session'
|
|
]
|
|
|
|
|
|
# Swagger documentation for Credential model
|
|
swagger_schema :Credential do
|
|
key :required, [:origin_id]
|
|
property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
|
|
property :origin_id, type: :integer, format: :int32, description: ORIGIN_ID_DESC
|
|
property :origin_type, type: :string, description: ORIGIN_TYPE_DESC, enum: ORIGIN_TYPE_CLASS_ENUM
|
|
property :private_id, type: :integer, format: :int32, description: PRIVATE_ID_DESC
|
|
property :public_id, type: :integer, format: :int32, description: PUBLIC_ID_DESC
|
|
property :realm_id, type: :integer, format: :int32, description: REALM_ID_DESC
|
|
property :workspace_id, type: :integer, format: :int32, required: true, description: RootApiDoc::WORKSPACE_ID_DESC
|
|
property :logins_count, type: :integer, format: :int32, description: LOGINS_COUNT_DESC
|
|
property :logins do
|
|
key :type, :array
|
|
items do
|
|
key :'$ref', :Login
|
|
end
|
|
end
|
|
property :public, '$ref': :Public
|
|
property :private, '$ref': :Private
|
|
property :created_at, type: :string, format: :date_time, description: RootApiDoc::CREATED_AT_DESC
|
|
property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
|
|
end
|
|
|
|
swagger_schema :Public do
|
|
key :required, [:username, :type]
|
|
property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
|
|
property :username, type: :string, description: USERNAME_DESC, example: USERNAME_EXAMPLE
|
|
property :type, type: :string, description: PUBLIC_TYPE_DESC, enum: PUBLIC_TYPE_ENUM
|
|
property :created_at, type: :string, format: :date_time, description: RootApiDoc::CREATED_AT_DESC
|
|
property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
|
|
end
|
|
|
|
swagger_schema :Private do
|
|
key :required, [:data, :type]
|
|
property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
|
|
property :data, type: :string, description: DATA_DESC, example: DATA_EXAMPLE
|
|
property :type, type: :string, description: PRIVATE_TYPE_DESC, enum: PRIVATE_TYPE_CLASS_ENUM
|
|
property :jtr_format, type: :string, description: JTR_FORMAT_DESC, example: JTR_FORMAT_EXAMPLE
|
|
property :created_at, type: :string, format: :date_time, description: RootApiDoc::CREATED_AT_DESC
|
|
property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
|
|
end
|
|
|
|
swagger_path '/api/v1/credentials' do
|
|
# Swagger documentation for /api/v1/credentials GET
|
|
operation :get do
|
|
key :description, 'Return credentials that are stored in the database.'
|
|
key :tags, [ 'credential' ]
|
|
|
|
parameter :workspace
|
|
|
|
parameter do
|
|
key :in, :query
|
|
key :name, :svcs
|
|
key :description, 'Only return credentials of the specified service.'
|
|
key :example, ['ssh', 'owa', 'smb']
|
|
key :type, :array
|
|
key :required, false
|
|
items do
|
|
key :type, :string
|
|
end
|
|
end
|
|
|
|
parameter do
|
|
key :in, :query
|
|
key :name, :type
|
|
key :description, 'The type of credential to return.'
|
|
key :type, :string
|
|
key :required, false
|
|
key :enum, PRIVATE_TYPE_CLASS_ENUM
|
|
end
|
|
|
|
parameter do
|
|
key :in, :query
|
|
key :name, :user
|
|
key :description, 'Only return credentials where the user matches this regex.'
|
|
key :example, 'administrator'
|
|
key :type, :string
|
|
key :required, false
|
|
end
|
|
|
|
parameter do
|
|
key :in, :query
|
|
key :name, :pass
|
|
key :description, 'Only return credentials where the password matches this regex.'
|
|
key :example, 'password123'
|
|
key :type, :string
|
|
key :required, false
|
|
end
|
|
|
|
response 200 do
|
|
key :description, 'Returns credential data.'
|
|
schema do
|
|
key :type, :array
|
|
items do
|
|
key :'$ref', :Credential
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
# Swagger documentation for /api/v1/credentials POST
|
|
operation :post do
|
|
key :description, 'Create a credential.'
|
|
key :tags, [ 'credential' ]
|
|
|
|
parameter do
|
|
key :in, :body
|
|
key :name, :body
|
|
key :description, 'The attributes to assign to the credential.'
|
|
key :required, true
|
|
schema do
|
|
property :workspace_id, type: :integer, format: :int32, required: true, description: RootApiDoc::WORKSPACE_ID_DESC
|
|
property :username, type: :string, description: USERNAME_DESC, example: USERNAME_EXAMPLE
|
|
property :private_data, type: :string, description: DATA_DESC, example: DATA_EXAMPLE
|
|
property :private_type, type: :string, description: PRIVATE_TYPE_DESC, enum: PRIVATE_TYPE_ENUM
|
|
property :jtr_format, type: :string, description: JTR_FORMAT_DESC, example: JTR_FORMAT_EXAMPLE
|
|
property :address, type: :string, format: :ipv4, required: true, description: ADDRESS_DESC, example: ADDRESS_EXAMPLE
|
|
property :port, type: :int32, format: :int32, description: PORT_DESC, example: PORT_EXAMPLE
|
|
property :service_name, type: :string, description: SERVICE_NAME_DESC, example: SERVICE_NAME_EXAMPLE
|
|
property :protocol, type: :string, description: PROTOCOL_DESC, enum: PROTOCOL_ENUM
|
|
property :origin_type, type: :string, description: ORIGIN_TYPE_DESC, enum: ORIGIN_TYPE_ENUM
|
|
property :module_fullname, type: :string, description: MODULE_FULLNAME_DESC, example: MODULE_FULLNAME_EXAMPLE
|
|
property :filename, type: :string, description: FILENAME_DESC, example: FILENAME_EXAMPLE
|
|
property :session_id, type: :integer, format: :int32, description: SESSION_ID_DESC
|
|
property :post_reference_name, type: :string, description: POST_REFERENCE_NAME_DESC, example: POST_REFERENCE_NAME_EXAMPLE
|
|
end
|
|
end
|
|
|
|
response 200 do
|
|
key :description, 'Successful operation.'
|
|
schema do
|
|
key :type, :object
|
|
key :'$ref', :Credential
|
|
end
|
|
end
|
|
end
|
|
|
|
# Swagger documentation for /api/v1/credentials/ DELETE
|
|
operation :delete do
|
|
key :description, 'Delete the specified credentials.'
|
|
key :tags, [ 'credential' ]
|
|
|
|
parameter :delete_opts
|
|
|
|
response 200 do
|
|
key :description, 'Successful operation.'
|
|
schema do
|
|
key :type, :array
|
|
items do
|
|
key :'$ref', :Credential
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
swagger_path '/api/v1/credentials/{id}' do
|
|
# Swagger documentation for api/v1/credentials/:id GET
|
|
# TODO: Uncomment below when this endpoint is implemented.
|
|
# operation :get do
|
|
# key :description, 'Return credentials that are stored in the database.'
|
|
# key :tags, [ 'credential' ]
|
|
#
|
|
# parameter :workspace
|
|
# parameter :non_dead
|
|
# parameter :address
|
|
#
|
|
# parameter do
|
|
# key :name, :id
|
|
# key :in, :path
|
|
# key :description, 'ID of credential to retrieve.'
|
|
# key :required, true
|
|
# key :type, :integer
|
|
# key :format, :int32
|
|
# end
|
|
#
|
|
# response 200 do
|
|
# key :description, 'Returns credential data.'
|
|
# schema do
|
|
# key :type, :array
|
|
# items do
|
|
# key :'$ref', :Credential
|
|
# end
|
|
# end
|
|
# end
|
|
# end
|
|
|
|
#Swagger documentation for /api/v1/credentials/:id PUT
|
|
operation :put do
|
|
key :description, 'Update the attributes an existing credential.'
|
|
key :tags, [ 'credential' ]
|
|
|
|
parameter :update_id
|
|
|
|
parameter do
|
|
key :in, :body
|
|
key :name, :body
|
|
key :description, 'The updated attributes to overwrite to the credential.'
|
|
key :required, true
|
|
schema do
|
|
key :'$ref', :Credential
|
|
end
|
|
end
|
|
|
|
response 200 do
|
|
key :description, 'Successful operation.'
|
|
schema do
|
|
key :type, :object
|
|
key :'$ref', :Credential
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|