Class: Mdm::Host

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
OperatingSystemNormalization, Metasploit::Model::Search
Defined in:
app/models/mdm/host.rb

Overview

A system with an IP address on the network that has been discovered in some way.

Defined Under Namespace

Modules: OperatingSystemNormalization

Constant Summary collapse

UNKNOWN_ARCHITECTURE =

Special #arch value to indicate we should look at #detected_arch instead

'Unknown'
ARCHITECTURES =

Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.

[
    'armbe',
    'armle',
    'cbea',
    'cbea64',
    'cmd',
    'java',
    'mips',
    'mipsbe',
    'mipsle',
    'php',
    'ppc',
    'ppc64',
    'ruby',
    'sparc',
    'tty',
    # To be used for compatability with 'X86_64'
    'x64',
    'x86',
    'x86_64',
    '',
    UNKNOWN_ARCHITECTURE
]
SEARCH_FIELDS =

Fields searched for the search scope

[
    'address::text',
    'comments',
    'mac',
    'name',
    'os_flavor',
    'os_name',
    'os_sp',
    'purpose'
]
STATES =

Valid values for #state.

[
    'alive',
    'down',
    'unknown'
]

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from OperatingSystemNormalization

#get_arch_from_string, #normalize_os, #normalize_scanner_fp, #parse_windows_os_str, #validate_fingerprint_data

Instance Attribute Details

#addressString

The IP address of this host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 288

#archString

The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

Returns:




# File 'app/models/mdm/host.rb', line 293

#clientsArray<Mdm::Client>

Users connected to this host

Returns:



68
69
70
71
 
# File 'app/models/mdm/host.rb', line 68

has_many :clients,
class_name: 'Mdm::Client',
dependent: :destroy,
inverse_of: :host

#commString

TODO:

https://www.pivotaltracker.com/story/show/49722411

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 299

#commentsString

User supplied comments about host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 304

#created_atDateTime

When this host was created in the database.

Returns:

  • (DateTime) 



# File 'app/models/mdm/host.rb', line 309

#cred_countInteger

Counter cache for #creds.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 314

#credsArray<Mdm::Cred> (readonly)

Credentials captured from #services.

Returns:

See Also:



205
 
# File 'app/models/mdm/host.rb', line 205

has_many :creds, :class_name => 'Mdm::Cred', :through => :services

#detected_archString

The architecture of the host's CPU as detected by Recog. If #arch is not UNKNOWN_ARCHITECTURE, this is undefined.

Returns:

  • (String)

    a free-form string most likely from network data




# File 'app/models/mdm/host.rb', line 319

#eventsActiveRecord::Relation<Mdm::Event>

Events that occurred on this host.

Returns:



77
78
79
80
 
# File 'app/models/mdm/host.rb', line 77

has_many :events,
class_name: 'Mdm::Event',
dependent: :destroy,
inverse_of: :host

#exploit_attempt_countInteger

Counter cache for #exploit_attempts.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 325

#exploit_attemptsArray<Mdm::ExploitAttempt]

Attempts to run exploits against this host.

Returns:



95
96
97
98
 
# File 'app/models/mdm/host.rb', line 95

has_many :exploit_attempts,
class_name: 'Mdm::ExploitAttempt',
dependent: :destroy,
inverse_of: :host

#exploited_hostsActiveRecord::Relation<Mdm::ExploitedHost>

TODO:

MSP-2732

Returns:



103
104
105
106
 
# File 'app/models/mdm/host.rb', line 103

has_many :exploited_hosts,
class_name: 'Mdm::ExploitedHost',
dependent: :destroy,
inverse_of: :host

#host_detail_countInteger

Counter cache for #host_details.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 330

#host_detailsArray<Mdm::HostDetail>

Returns:



110
111
112
113
 
# File 'app/models/mdm/host.rb', line 110

has_many :host_details,
class_name: 'Mdm::HostDetail',
dependent: :destroy,
inverse_of: :host

#hosts_tagsActiveRecord::Relation<Mdm::HostTag>

TODO:

MSP-2723

A join model between Tag and Mdm::Host. Use #tags to get the actual Mdm::Tags on this host.

Returns:



120
121
122
123
 
# File 'app/models/mdm/host.rb', line 120

has_many :hosts_tags,
class_name: 'Mdm::HostTag',
dependent: :destroy,
inverse_of: :host

#infoString

Information about this host gathered from the host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 335

#lootsActiveRecord::Relation<Mdm::Loot>

TODO:

MSP-3065

Loot gathered from the host with newest loot first.

Returns:



130
131
132
133
134
 
# File 'app/models/mdm/host.rb', line 130

has_many :loots,
class_name: 'Mdm::Loot',
dependent: :destroy,
inverse_of: :host,
order: 'loots.created_at DESC'

#macString

The MAC address of this host.

Returns:

  • (String)

See Also:




# File 'app/models/mdm/host.rb', line 340

#module_detailsArray<Mdm::Module::Detail] (readonly)

Details about modules that were used to find vulnerabilities on this host.

Returns:



278
279
280
281
282
 
# File 'app/models/mdm/host.rb', line 278

has_many :module_details,
:class_name => 'Mdm::Module::Detail',
:source =>:detail,
:through => :module_refs,
:uniq => true

#module_refsArray<Mdm::Module::Ref> (readonly)

References for modules for references for vulnerabilities.

Returns:



268
 
# File 'app/models/mdm/host.rb', line 268

has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs

#nameString

The name of the host. If the host name is not available, then it will just be the IP address.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 346

#note_countInteger

Counter cache for #notes.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 351

#notesArray<Mdm::Note>

Notes about the host entered by a user with oldest notes first.

Returns:



140
141
142
143
144
 
# File 'app/models/mdm/host.rb', line 140

has_many :notes,
class_name: 'Mdm::Note',
inverse_of: :host,
dependent: :delete_all,
order: 'notes.created_at'

#os_flavorString

The flavor of #os_name.

Examples:

Windows XP

host.os_name = 'Microsoft Windows'
host.os_flavor = 'XP'

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 356

#os_langString

Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 365

#os_nameString

The name of the operating system.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 371

#os_spString

The service pack of the #os_flavor of the #os_name.

Examples:

Windows XP SP2

host.os_name = 'Microsoft Windows'
host.os_flavor = 'XP'
host.os_sp = 'SP2'

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 376

#purposeString

The purpose of the host on the network, such as 'client' or 'firewall'.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 386

#refsArray<Mdm::Ref> (readonly)

External references, such as CVE, to vulnerabilities found on this host.

Returns:

See Also:



258
 
# File 'app/models/mdm/host.rb', line 258

has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs

#scopeString

Interface identifier for link-local IPv6

Returns:

  • (String)

See Also:




# File 'app/models/mdm/host.rb', line 391

#service_countInteger

Counter cache for #services.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 397

#service_notesArray<Mdm::Note> (readonly)

Notes about #services running on this host.

Returns:

See Also:



212
213
214
215
 
# File 'app/models/mdm/host.rb', line 212

has_many :service_notes,
class_name: 'Mdm::Note',
source: :notes,
through: :services

#servicesArray<Mdm::Service>

The services running on ports on the host with services ordered by port and protocol.

Returns:



151
152
153
154
155
 
# File 'app/models/mdm/host.rb', line 151

has_many :services,
class_name: 'Mdm::Service',
dependent: :destroy,
inverse_of: :host,
order: 'services.port, services.proto'

#sessionsArray<Mdm::Session]

Sessions that are open or previously were open on the host ordered by when the session was opened

Returns:



162
163
164
165
166
 
# File 'app/models/mdm/host.rb', line 162

has_many :sessions,
class_name: 'Mdm::Session',
dependent: :destroy,
inverse_of: :host,
order: 'sessions.opened_at'

#stateString

Whether the host is alive, down, or in an unknown state.

Returns:

  • (String)

    element of STATES.




# File 'app/models/mdm/host.rb', line 402

#tagsArray<Mdm::Tag> (readonly)

The tags on this host. Tags are used to filter hosts.

Returns:

See Also:



194
 
# File 'app/models/mdm/host.rb', line 194

has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags

#task_hostsArray<Mdm::TaskHost>

Details about what Tasks touched this host

Returns:



86
87
88
89
 
# File 'app/models/mdm/host.rb', line 86

has_many :task_hosts,
class_name: 'Mdm::TaskHost',
dependent: :destroy,
inverse_of: :host

#tasksActiveRecord::Relation<Mdm::Task>

Tasks that touched this service

Returns:



232
233
234
 
# File 'app/models/mdm/host.rb', line 232

has_many :tasks,
class_name: 'Mdm::Task',
through: :task_hosts

#updated_atDateTime

The last time this host was updated in the database.

Returns:

  • (DateTime) 



# File 'app/models/mdm/host.rb', line 407

#virtual_hostString

The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 412

#vuln_countInteger

Counter cache for #vulns.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 417

#vuln_refsArray<Mdm::VulnRef> (readonly)

TODO:

https://www.pivotaltracker.com/story/show/49004623

Join model between #vulns and #refs. Use either of those asssociations instead of this join model.

Returns:

See Also:



247
 
# File 'app/models/mdm/host.rb', line 247

has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns

#vulnsArray<Mdm::Vuln>

Vulnerabilities found on the host.

Returns:



172
173
174
175
 
# File 'app/models/mdm/host.rb', line 172

has_many :vulns,
class_name: 'Mdm::Vuln',
dependent: :delete_all,
inverse_of: :host

#web_sitesArray<Mdm::WebSite> (readonly)

Web sites running on top of #services on this host.

Returns:

See Also:



222
 
# File 'app/models/mdm/host.rb', line 222

has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services

#workspaceMdm::Workspace

The workspace in which this host was found.

Returns:



181
182
183
 
# File 'app/models/mdm/host.rb', line 181

belongs_to :workspace,
class_name: 'Mdm::Workspace',
inverse_of: :hosts

Instance Method Details

#attribute_locked?(attr) ⇒ true, false

Returns whether 'host.updated.' note is locked.

Returns:

  • (true)

    if Mdm::Note with 'host.updated.' as Note#name exists and data[:locked] is true.

  • (false)

    otherwise.



533
534
535
536
 
# File 'app/models/mdm/host.rb', line 533

def attribute_locked?(attr)
  n = notes.find_by_ntype("host.updated.#{attr}")
  n && n.data[:locked]
end

#ip_address_invalid?void

This method returns an undefined value.

This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.



542
543
544
545
546
547
548
549
 
# File 'app/models/mdm/host.rb', line 542

def ip_address_invalid?
  begin
    potential_ip = IPAddr.new(address)
    return true unless potential_ip.ipv4? || potential_ip.ipv6?
  rescue ArgumentError
    return true
  end
end

#is_vm?true, false

Returns whether this host is a virtual machine.

Returns:



555
556
557
 
# File 'app/models/mdm/host.rb', line 555

def is_vm?
  !!self.virtual_host
end