Module: Metasploit::Model::Module::Instance

Extended by:

ActiveModel::Naming, ActiveSupport::Concern, ClassMethods

Includes:

Translation

Defined in:

lib/metasploit/model/module/instance.rb

Overview

Code shared between Mdm::Module::Instance and Metasploit::Framework::Module::Instance.

Defined Under Namespace

Modules: ClassMethods

Constant Summary

DYNAMIC_LENGTH_VALIDATION_OPTIONS_BY_MODULE_TYPE_BY_ATTRIBUTE =

#dynamic_length_validation_options by #module_type by attribute.

{
    actions: {
        Metasploit::Model::Module::Type::AUX => {
            minimum: 0
        },
        Metasploit::Model::Module::Type::ENCODER => {
            is: 0
        },
        Metasploit::Model::Module::Type::EXPLOIT => {
            is: 0
        },
        Metasploit::Model::Module::Type::NOP => {
            is: 0
        },
        Metasploit::Model::Module::Type::PAYLOAD => {
            is: 0
        },
        Metasploit::Model::Module::Type::POST => {
            minimum: 0
        }
    },
    module_architectures: {
        Metasploit::Model::Module::Type::AUX => {
            is: 0
        },
        Metasploit::Model::Module::Type::ENCODER => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::EXPLOIT => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::NOP => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::PAYLOAD => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::POST => {
            minimum: 1
        }
    },
    module_platforms: {
        Metasploit::Model::Module::Type::AUX => {
            is: 0
        },
        Metasploit::Model::Module::Type::ENCODER => {
            is: 0
        },
        Metasploit::Model::Module::Type::EXPLOIT => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::NOP => {
            is: 0
        },
        Metasploit::Model::Module::Type::PAYLOAD => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::POST => {
            minimum: 1
        }
    },
    module_references: {
        Metasploit::Model::Module::Type::AUX => {
            minimum: 0
        },
        Metasploit::Model::Module::Type::ENCODER => {
            is: 0
        },
        Metasploit::Model::Module::Type::EXPLOIT => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::NOP => {
            is: 0
        },
        Metasploit::Model::Module::Type::PAYLOAD => {
            is: 0
        },
        Metasploit::Model::Module::Type::POST => {
            minimum: 0
        }
    },
    targets: {
        Metasploit::Model::Module::Type::AUX => {
            is: 0
        },
        Metasploit::Model::Module::Type::ENCODER => {
            is: 0
        },
        Metasploit::Model::Module::Type::EXPLOIT => {
            minimum: 1
        },
        Metasploit::Model::Module::Type::NOP => {
            is: 0
        },
        Metasploit::Model::Module::Type::PAYLOAD => {
            is: 0
        },
        Metasploit::Model::Module::Type::POST => {
            is: 0
        }
    }
}

MINIMUM_MODULE_AUTHORS_LENGTH =

Minimum length of #module_authors.

1

PRIVILEGES =

#privileged is Boolean so, valid values are just true and false, but since both the validation and factory need an array of valid values, this constant exists.

[
    false,
    true
]

STANCED_MODULE_TYPES =

Member of Type::ALL that require #stance to be non-nil.

[
    Metasploit::Model::Module::Type::AUX,
    Metasploit::Model::Module::Type::EXPLOIT
]

Instance Attribute Summary

• #actions ⇒ Array<Metasploit::Model::Module::Action>

  Auxiliary actions to perform when this running this module.

• #architectures ⇒ Array<Metasploit::Model::Architecture> readonly

  The architectures supported by this module.

• #authors ⇒ Array<Metasploit::Model::Author> readonly

  The names of the authors of this module.

• #default_action ⇒ Metasploit::Model::Module::Action

  The default action in #actions.

• #default_target ⇒ Metasploit::Model::Module::Target

  The default target in #targets.

• #description ⇒ String

  A long, paragraph description of what the module does.

• #disclosed_on ⇒ Date^?

  The date the vulnerability exploited by this module was disclosed to the public.

• #email_addresses ⇒ Array<Metasploit::Model::EmailAddress> readonly

  The email addresses of the authors of this module.

• #license ⇒ String

  The name of the software license for the module's code.

• #module_architectures ⇒ Array<Metasploit::Model::Module::Architecture>

  Joins this with #architectures.

• #module_authors ⇒ Array<Metasploit::Model::Module::Author>

  Joins this with #authors and #email_addresses to model the name and email address used for an author entry in the module metadata.

• #module_class ⇒ Metasploit::Model::Module::Class

  Class-derived metadata to go along with the instance-derived metadata in this model.

• #module_platforms ⇒ Array<Metasploit::Model::Module::Platform>

  Joins this with #platforms.

• #name ⇒ String

  The human readable name of the module.

• #platforms ⇒ Array<Metasploit::Model::Module::Platform> readonly

  Platforms supported by this module.

• #privileged ⇒ Boolean

  Whether this module requires privileged access to run.

• #references ⇒ Array<Metasploit::Model::Reference> readonly

  External references to the exploit or proof-of-concept (PoC) code in this module.

• #stance ⇒ 'active', ...

  Whether the module is active or passive.

• #targets ⇒ Array<Metasploit::Model::Module::Target>

  Names of targets with different configurations that can be exploited by this module.

• #vulnerable_hosts ⇒ Array<Metasploit::Model::Host> readonly

  Hosts vulnerable to this module.

• #vulnerable_services ⇒ Array<Metasploit::Model::Service> readonly

  Services vulnerable to this module.

• #vulns ⇒ Array<Metasploit::Model::Vuln> readonly

  Vulnerabilities with same reference as this module.

Class Method Summary

• .module_types_that_allow(attribute) ⇒ Array<String>

  Values of #module_type (members of Type::ALL), which have an exact length (:is) or maximum length (:maximum) greater than 0 for the given attribute.

Instance Method Summary

• #allows?(attribute) ⇒ false, true

  Whether the given attribute is allowed to have elements.

• #architectures_from_targets ⇒ void private

  Validates that the #module_architectures architectures match the #targets target_architectures architectures.

• #dynamic_length_validation_options(attribute) ⇒ {}, Hash{Symbol => Integer}

  The dynamic length valdiations, such as :is and :minimum for the given attribute for the current #module_type.

• #human_architecture_set(architecture_set) ⇒ String private

  Converts a SetMetasploit::Model::Architecture to a human readable representation including the Architecture#abbreviation.

• #human_platform_set(platform_set) ⇒ String private

  Converts a SetMetasploit::Model::Platform to a human-readable representation including the Platform#fully_qualified_name.

• #human_set(strings) ⇒ String private

  Converts strings to a human-readable set notation.

• #module_type ⇒ Object

  The Class#module_type of the #module_class.

• #platforms_from_targets ⇒ void private

  Validates that #module_platforms platforms match the #targets target_platforms platforms.

• #stanced? ⇒ false, true

  Whether #module_type requires #stance to be set or to be nil.

Instance Attribute Details

#actions ⇒ Array<Metasploit::Model::Module::Action>

Auxiliary actions to perform when this running this module.

Returns:

• (Array<Metasploit::Model::Module::Action>)

# File 'lib/metasploit/model/module/instance.rb', line 253

#architectures ⇒ Array<Metasploit::Model::Architecture> (readonly)

The architectures supported by this module.

Returns:

• (Array<Metasploit::Model::Architecture>)

# File 'lib/metasploit/model/module/instance.rb', line 294

#authors ⇒ Array<Metasploit::Model::Author> (readonly)

The names of the authors of this module.

Returns:

• (Array<Metasploit::Model::Author>)

# File 'lib/metasploit/model/module/instance.rb', line 299

#default_action ⇒ Metasploit::Model::Module::Action

The default action in #actions.

Returns:

• (Metasploit::Model::Module::Action)

# File 'lib/metasploit/model/module/instance.rb', line 258

#default_target ⇒ Metasploit::Model::Module::Target

The default target in #targets.

Returns:

• (Metasploit::Model::Module::Target)

# File 'lib/metasploit/model/module/instance.rb', line 263

#description ⇒ String

A long, paragraph description of what the module does.

Returns:

• (String)

# File 'lib/metasploit/model/module/instance.rb', line 338

#disclosed_on ⇒ Date^?

The date the vulnerability exploited by this module was disclosed to the public.

Returns:

• (Date, nil)

# File 'lib/metasploit/model/module/instance.rb', line 343

#email_addresses ⇒ Array<Metasploit::Model::EmailAddress> (readonly)

The email addresses of the authors of this module.

Returns:

• (Array<Metasploit::Model::EmailAddress>)

# File 'lib/metasploit/model/module/instance.rb', line 304

#license ⇒ String

The name of the software license for the module's code.

Returns:

• (String)

# File 'lib/metasploit/model/module/instance.rb', line 348

#module_architectures ⇒ Array<Metasploit::Model::Module::Architecture>

Joins this with #architectures.

Returns:

• (Array<Metasploit::Model::Module::Architecture>)

# File 'lib/metasploit/model/module/instance.rb', line 268

#module_authors ⇒ Array<Metasploit::Model::Module::Author>

Joins this with #authors and #email_addresses to model the name and email address used for an author entry in the module metadata.

Returns:

• (Array<Metasploit::Model::Module::Author>)

# File 'lib/metasploit/model/module/instance.rb', line 273

#module_class ⇒ Metasploit::Model::Module::Class

Class-derived metadata to go along with the instance-derived metadata in this model.

Returns:

• (Metasploit::Model::Module::Class)

# File 'lib/metasploit/model/module/instance.rb', line 279

#module_platforms ⇒ Array<Metasploit::Model::Module::Platform>

Joins this with #platforms.

Returns:

• (Array<Metasploit::Model::Module::Platform>)

# File 'lib/metasploit/model/module/instance.rb', line 284

#name ⇒ String

The human readable name of the module. It is unrelated to Class#full_name or Class#reference_name and is better thought of as a short summary of the #description.

Returns:

• (String)

# File 'lib/metasploit/model/module/instance.rb', line 353

#platforms ⇒ Array<Metasploit::Model::Module::Platform> (readonly)

Platforms supported by this module.

Returns:

• (Array<Metasploit::Model::Module::Platform>)

# File 'lib/metasploit/model/module/instance.rb', line 309

#privileged ⇒ Boolean

Whether this module requires privileged access to run.

Returns:

• (Boolean)

# File 'lib/metasploit/model/module/instance.rb', line 360

#references ⇒ Array<Metasploit::Model::Reference> (readonly)

External references to the exploit or proof-of-concept (PoC) code in this module.

Returns:

• (Array<Metasploit::Model::Reference>)

# File 'lib/metasploit/model/module/instance.rb', line 314

#stance ⇒ 'active', ...

Whether the module is active or passive. nil if the #module_type is not #stanced?.

Returns:

• ('active', 'passive', nil)

# File 'lib/metasploit/model/module/instance.rb', line 365

#targets ⇒ Array<Metasploit::Model::Module::Target>

Names of targets with different configurations that can be exploited by this module.

Returns:

• (Array<Metasploit::Model::Module::Target>)

# File 'lib/metasploit/model/module/instance.rb', line 289

#vulnerable_hosts ⇒ Array<Metasploit::Model::Host> (readonly)

Hosts vulnerable to this module.

Returns:

• (Array<Metasploit::Model::Host>)

# File 'lib/metasploit/model/module/instance.rb', line 324

#vulnerable_services ⇒ Array<Metasploit::Model::Service> (readonly)

Services vulnerable to this module.

Returns:

• (Array<Metasploit::Model::Service>)

# File 'lib/metasploit/model/module/instance.rb', line 329

#vulns ⇒ Array<Metasploit::Model::Vuln> (readonly)

Vulnerabilities with same reference as this module.

Returns:

• (Array<Metasploit::Model::Vuln>)

# File 'lib/metasploit/model/module/instance.rb', line 319

Class Method Details

.module_types_that_allow(attribute) ⇒ Array<String>

Values of #module_type (members of Type::ALL), which have an exact length (:is) or maximum length (:maximum) greater than 0 for the given attribute.

Returns:

• (Array<String>) —

  Array with members of Type::ALL.

See Also:

• DYNAMIC_LENGTH_VALIDATION_OPTIONS_BY_MODULE_TYPE_BY_ATTRIBUTE

# File 'lib/metasploit/model/module/instance.rb', line 447

def self.module_types_that_allow(attribute)
  dynamic_length_validation_options_by_module_type = DYNAMIC_LENGTH_VALIDATION_OPTIONS_BY_MODULE_TYPE_BY_ATTRIBUTE.fetch(attribute)

  dynamic_length_validation_options_by_module_type.each_with_object([]) { |(module_type, dynamic_length_validation_options), module_types|
    is = dynamic_length_validation_options[:is]

    if is
      if is > 0
        module_types << module_type
      end
    else
      maximum = dynamic_length_validation_options[:maximum]

      if maximum
        if maximum > 0
          module_types << module_type
        end
      else
        module_types << module_type
      end
    end

  }
end

Instance Method Details

#allows?(attribute) ⇒ false, true

Whether the given attribute is allowed to have elements.

Parameters:

• attribute (Symbol) —

  name of attribute to check if #module_type allows it to have one or more elements.

Returns:

• (false) —

  if #module_type is not valid

• (true) —

  if maximum elements is greater than 0 or value can be non-nil

# File 'lib/metasploit/model/module/instance.rb', line 482

def allows?(attribute)
  if Metasploit::Model::Module::Type::ALL.include? module_type
    self.class.allows?(
        attribute: attribute,
        module_type: module_type
    )
  else
    false
  end
end

#architectures_from_targets ⇒ void (private)

This method returns an undefined value.

Validates that the #module_architectures architectures match the #targets target_architectures architectures.

# File 'lib/metasploit/model/module/instance.rb', line 534

def architectures_from_targets
  actual_architecture_set = Set.new module_architectures.map(&:architecture)
  expected_architecture_set = Set.new

  targets.each do |module_target|
    module_target.target_architectures.each do |target_architecture|
      expected_architecture_set.add target_architecture.architecture
    end
  end

  extra_architecture_set = actual_architecture_set - expected_architecture_set

  unless extra_architecture_set.empty?
    human_extra_architectures = human_architecture_set(extra_architecture_set)

    errors.add(:architectures, :extra, extra: human_extra_architectures)
  end

  missing_architecture_set = expected_architecture_set - actual_architecture_set

  unless missing_architecture_set.empty?
    human_missing_architectures = human_architecture_set(missing_architecture_set)

    errors.add(:architectures, :missing, missing: human_missing_architectures)
  end
end

#dynamic_length_validation_options(attribute) ⇒ {}, Hash{Symbol => Integer}

The dynamic length valdiations, such as :is and :minimum for the given attribute for the current #module_type.

Parameters:

• attribute (Symbol) —

  name of attribute whose dynamic length validation options to be

Returns:

• ({}) —

  an empty Hash if #module_type is not a member of Type::ALL

• (Hash{Symbol => Integer}) —

  Hash containing either :is (meaning :maximum and :minimum are the same) or :minimum (no attribute has an explicit :maximum currently).

# File 'lib/metasploit/model/module/instance.rb', line 499

def dynamic_length_validation_options(attribute)
  if Metasploit::Model::Module::Type::ALL.include? module_type
    self.class.dynamic_length_validation_options(
        module_type: module_type,
        attribute: attribute
    )
  else
    {}
  end
end

#human_architecture_set(architecture_set) ⇒ String (private)

Converts a SetMetasploit::Model::Architecture to a human readable representation including the Architecture#abbreviation.

Returns:

• (String)

# File 'lib/metasploit/model/module/instance.rb', line 565

def human_architecture_set(architecture_set)
  abbreviations = architecture_set.map(&:abbreviation)

  human_set(abbreviations)
end

#human_platform_set(platform_set) ⇒ String (private)

Converts a SetMetasploit::Model::Platform to a human-readable representation including the Platform#fully_qualified_name.

Returns:

• (String)

# File 'lib/metasploit/model/module/instance.rb', line 575

def human_platform_set(platform_set)
  fully_qualified_names = platform_set.map(&:fully_qualified_name)

  human_set(fully_qualified_names)
end

#human_set(strings) ⇒ String (private)

Converts strings to a human-readable set notation.

Returns:

• (String)

# File 'lib/metasploit/model/module/instance.rb', line 584

def human_set(strings)
  sorted = strings.sort
  comma_separated = sorted.join(', ')

  "{#{comma_separated}}"
end

#module_type ⇒ Object

The Class#module_type of the #module_class.

# File 'lib/metasploit/model/module/instance.rb', line 514

delegate :module_type,
allow_nil: true,
to: :module_class

#platforms_from_targets ⇒ void (private)

This method returns an undefined value.

Validates that #module_platforms platforms match the #targets target_platforms platforms.

# File 'lib/metasploit/model/module/instance.rb', line 596

def platforms_from_targets
  actual_platform_set = Set.new module_platforms.map(&:platform)
  expected_platform_set = Set.new

  targets.each do |module_target|
    module_target.target_platforms.each do |target_platform|
      expected_platform_set.add target_platform.platform
    end
  end

  extra_platform_set = actual_platform_set - expected_platform_set

  unless extra_platform_set.empty?
    human_extra_platforms = human_platform_set(extra_platform_set)

    errors.add(:platforms, :extra, extra: human_extra_platforms)
  end

  missing_platform_set = expected_platform_set - actual_platform_set

  unless missing_platform_set.empty?
    human_missing_platforms = human_platform_set(missing_platform_set)

    errors.add(:platforms, :missing, missing: human_missing_platforms)
  end
end

#stanced? ⇒ false, true

Whether #module_type requires #stance to be set or to be nil.

Returns:

• (false) —

  if #module_type is not valid

• (true) —

  if module_type is in STANCED_MODULE_TYPES.

• (false) —

  otherwise.

# File 'lib/metasploit/model/module/instance.rb', line 522

def stanced?
  self.class.stanced?(module_type)
end