Class: Mdm::Host

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
OperatingSystemNormalization, Metasploit::Model::Search
Defined in:
app/models/mdm/host.rb

Overview

A system with an IP address on the network that has been discovered in some way.

Defined Under Namespace

Modules: OperatingSystemNormalization

Constant Summary collapse

ARCHITECTURES =

Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.

[
    'armbe',
    'armle',
    'cbea',
    'cbea64',
    'cmd',
    'java',
    'mips',
    'mipsbe',
    'mipsle',
    'php',
    'ppc',
    'ppc64',
    'ruby',
    'sparc',
    'tty',
    # To be used for compatability with 'X86_64'
    'x64',
    'x86',
    'x86_64'
]
SEARCH_FIELDS =

Fields searched for the search scope

[
    'address::text',
    'comments',
    'mac',
    'name',
    'os_flavor',
    'os_name',
    'os_sp',
    'purpose'
]
STATES =

Valid values for #state.

[
    'alive',
    'down',
    'unknown'
]

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from OperatingSystemNormalization

#get_arch_from_string, #normalize_os, #normalize_scanner_fp, #parse_windows_os_str, #validate_fingerprint_data

Instance Attribute Details

#addressString

The IP address of this host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 281

#archString

The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

Returns:




# File 'app/models/mdm/host.rb', line 286

#clientsArray<Mdm::Client>

Users connected to this host

Returns:



61
62
63
64
 
# File 'app/models/mdm/host.rb', line 61

has_many :clients,
class_name: 'Mdm::Client',
dependent: :destroy,
inverse_of: :host

#commString

TODO:

https://www.pivotaltracker.com/story/show/49722411

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 292

#commentsString

User supplied comments about host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 297

#created_atDateTime

When this host was created in the database.

Returns:

  • (DateTime) 



# File 'app/models/mdm/host.rb', line 302

#cred_countInteger

Counter cache for #creds.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 307

#credsArray<Mdm::Cred> (readonly)

Credentials captured from #services.

Returns:

See Also:



198
 
# File 'app/models/mdm/host.rb', line 198

has_many :creds, :class_name => 'Mdm::Cred', :through => :services

#eventsActiveRecord::Relation<Mdm::Event>

Events that occurred on this host.

Returns:



70
71
72
73
 
# File 'app/models/mdm/host.rb', line 70

has_many :events,
class_name: 'Mdm::Event',
dependent: :destroy,
inverse_of: :host

#exploit_attempt_countInteger

Counter cache for #exploit_attempts.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 312

#exploit_attemptsArray<Mdm::ExploitAttempt]

Attempts to run exploits against this host.

Returns:



88
89
90
91
 
# File 'app/models/mdm/host.rb', line 88

has_many :exploit_attempts,
class_name: 'Mdm::ExploitAttempt',
dependent: :destroy,
inverse_of: :host

#exploited_hostsActiveRecord::Relation<Mdm::ExploitedHost>

TODO:

MSP-2732

Returns:



96
97
98
99
 
# File 'app/models/mdm/host.rb', line 96

has_many :exploited_hosts,
class_name: 'Mdm::ExploitedHost',
dependent: :destroy,
inverse_of: :host

#host_detail_countInteger

Counter cache for #host_details.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 317

#host_detailsArray<Mdm::HostDetail>

Returns:



103
104
105
106
 
# File 'app/models/mdm/host.rb', line 103

has_many :host_details,
class_name: 'Mdm::HostDetail',
dependent: :destroy,
inverse_of: :host

#hosts_tagsActiveRecord::Relation<Mdm::HostTag>

TODO:

MSP-2723

A join model between Tag and Mdm::Host. Use #tags to get the actual Mdm::Tags on this host.

Returns:



113
114
115
116
 
# File 'app/models/mdm/host.rb', line 113

has_many :hosts_tags,
class_name: 'Mdm::HostTag',
dependent: :destroy,
inverse_of: :host

#infoString

Information about this host gathered from the host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 322

#lootsActiveRecord::Relation<Mdm::Loot>

TODO:

MSP-3065

Loot gathered from the host with newest loot first.

Returns:



123
124
125
126
127
 
# File 'app/models/mdm/host.rb', line 123

has_many :loots,
class_name: 'Mdm::Loot',
dependent: :destroy,
inverse_of: :host,
order: 'loots.created_at DESC'

#macString

The MAC address of this host.

Returns:

  • (String)

See Also:




# File 'app/models/mdm/host.rb', line 327

#module_detailsArray<Mdm::Module::Detail] (readonly)

Details about modules that were used to find vulnerabilities on this host.

Returns:



271
272
273
274
275
 
# File 'app/models/mdm/host.rb', line 271

has_many :module_details,
:class_name => 'Mdm::Module::Detail',
:source =>:detail,
:through => :module_refs,
:uniq => true

#module_refsArray<Mdm::Module::Ref> (readonly)

References for modules for references for vulnerabilities.

Returns:



261
 
# File 'app/models/mdm/host.rb', line 261

has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs

#nameString

The name of the host. If the host name is not available, then it will just be the IP address.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 333

#note_countInteger

Counter cache for #notes.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 338

#notesArray<Mdm::Note>

Notes about the host entered by a user with oldest notes first.

Returns:



133
134
135
136
137
 
# File 'app/models/mdm/host.rb', line 133

has_many :notes,
class_name: 'Mdm::Note',
inverse_of: :host,
dependent: :delete_all,
order: 'notes.created_at'

#os_flavorString

The flavor of #os_name.

Examples:

Windows XP

host.os_name = 'Microsoft Windows'
host.os_flavor = 'XP'

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 343

#os_langString

Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 352

#os_nameString

The name of the operating system.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 358

#os_spString

The service pack of the #os_flavor of the #os_name.

Examples:

Windows XP SP2

host.os_name = 'Microsoft Windows'
host.os_flavor = 'XP'
host.os_sp = 'SP2'

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 363

#purposeString

The purpose of the host on the network, such as 'client' or 'firewall'.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 373

#refsArray<Mdm::Ref> (readonly)

External references, such as CVE, to vulnerabilities found on this host.

Returns:

See Also:



251
 
# File 'app/models/mdm/host.rb', line 251

has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs

#scopeString

Interface identifier for link-local IPv6

Returns:

  • (String)

See Also:




# File 'app/models/mdm/host.rb', line 378

#service_countInteger

Counter cache for #services.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 384

#service_notesArray<Mdm::Note> (readonly)

Notes about #services running on this host.

Returns:

See Also:



205
206
207
208
 
# File 'app/models/mdm/host.rb', line 205

has_many :service_notes,
class_name: 'Mdm::Note',
source: :notes,
through: :services

#servicesArray<Mdm::Service>

The services running on ports on the host with services ordered by port and protocol.

Returns:



144
145
146
147
148
 
# File 'app/models/mdm/host.rb', line 144

has_many :services,
class_name: 'Mdm::Service',
dependent: :destroy,
inverse_of: :host,
order: 'services.port, services.proto'

#sessionsArray<Mdm::Session]

Sessions that are open or previously were open on the host ordered by when the session was opened

Returns:



155
156
157
158
159
 
# File 'app/models/mdm/host.rb', line 155

has_many :sessions,
class_name: 'Mdm::Session',
dependent: :destroy,
inverse_of: :host,
order: 'sessions.opened_at'

#stateString

Whether the host is alive, down, or in an unknown state.

Returns:

  • (String)

    element of STATES.




# File 'app/models/mdm/host.rb', line 389

#tagsArray<Mdm::Tag> (readonly)

The tags on this host. Tags are used to filter hosts.

Returns:

See Also:



187
 
# File 'app/models/mdm/host.rb', line 187

has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags

#task_hostsArray<Mdm::TaskHost>

Details about what Tasks touched this host

Returns:



79
80
81
82
 
# File 'app/models/mdm/host.rb', line 79

has_many :task_hosts,
class_name: 'Mdm::TaskHost',
dependent: :destroy,
inverse_of: :host

#tasksActiveRecord::Relation<Mdm::Task>

Tasks that touched this service

Returns:



225
226
227
 
# File 'app/models/mdm/host.rb', line 225

has_many :tasks,
class_name: 'Mdm::Task',
through: :task_hosts

#updated_atDateTime

The last time this host was updated in the database.

Returns:

  • (DateTime) 



# File 'app/models/mdm/host.rb', line 394

#virtual_hostString

The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 399

#vuln_countInteger

Counter cache for #vulns.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 404

#vuln_refsArray<Mdm::VulnRef> (readonly)

TODO:

https://www.pivotaltracker.com/story/show/49004623

Join model between #vulns and #refs. Use either of those asssociations instead of this join model.

Returns:

See Also:



240
 
# File 'app/models/mdm/host.rb', line 240

has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns

#vulnsArray<Mdm::Vuln>

Vulnerabilities found on the host.

Returns:



165
166
167
168
 
# File 'app/models/mdm/host.rb', line 165

has_many :vulns,
class_name: 'Mdm::Vuln',
dependent: :delete_all,
inverse_of: :host

#web_sitesArray<Mdm::WebSite> (readonly)

Web sites running on top of #services on this host.

Returns:

See Also:



215
 
# File 'app/models/mdm/host.rb', line 215

has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services

#workspaceMdm::Workspace

The workspace in which this host was found.

Returns:



174
175
176
 
# File 'app/models/mdm/host.rb', line 174

belongs_to :workspace,
class_name: 'Mdm::Workspace',
inverse_of: :hosts

Instance Method Details

#attribute_locked?(attr) ⇒ true, false

Returns whether 'host.updated.' note is locked.

Returns:

  • (true)

    if Mdm::Note with 'host.updated.' as Note#name exists and data[:locked] is true.

  • (false)

    otherwise.



518
519
520
521
 
# File 'app/models/mdm/host.rb', line 518

def attribute_locked?(attr)
  n = notes.find_by_ntype("host.updated.#{attr}")
  n && n.data[:locked]
end

#ip_address_invalid?void

This method returns an undefined value.

This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.



527
528
529
530
531
532
533
534
 
# File 'app/models/mdm/host.rb', line 527

def ip_address_invalid?
  begin
    potential_ip = IPAddr.new(address)
    return true unless potential_ip.ipv4? || potential_ip.ipv6?
  rescue ArgumentError
    return true
  end
end

#is_vm?true, false

Returns whether this host is a virtual machine.

Returns:



540
541
542
 
# File 'app/models/mdm/host.rb', line 540

def is_vm?
  !!self.virtual_host
end