Class: Mdm::Host

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Mdm::Host

Includes:

OperatingSystemNormalization, Metasploit::Model::Search

Defined in:

app/models/mdm/host.rb

Overview

A system with an IP address on the network that has been discovered in some way.

Defined Under Namespace

Modules: OperatingSystemNormalization

Constant Summary

UNKNOWN_ARCHITECTURE =

Special #arch value to indicate we should look at #detected_arch instead

'Unknown'

ARCHITECTURES =

Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.

[
    'armbe',
    'armle',
    'cbea',
    'cbea64',
    'cmd',
    'java',
    'mips',
    'mipsbe',
    'mipsle',
    'php',
    'ppc',
    'ppc64',
    'ruby',
    'sparc',
    'tty',
    # To be used for compatability with 'X86_64'
    'x64',
    'x86',
    'x86_64',
    '',
    UNKNOWN_ARCHITECTURE
]

SEARCH_FIELDS =

Fields searched for the search scope

[
    'address::text',
    'comments',
    'mac',
    'name',
    'os_flavor',
    'os_name',
    'os_sp',
    'purpose'
]

STATES =

Valid values for #state.

[
    'alive',
    'down',
    'unknown'
]

Constants included from OperatingSystemNormalization

OperatingSystemNormalization::MAX_NMAP_CERTAINTY

Instance Attribute Summary

• #address ⇒ String

  The IP address of this host.

• #arch ⇒ String

  The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

• #clients ⇒ Array<Mdm::Client>

  Users connected to this host.

• #comm ⇒ String
• #comments ⇒ String

  User supplied comments about host.

• #created_at ⇒ DateTime

  When this host was created in the database.

• #cred_count ⇒ Integer

  Counter cache for #creds.

• #creds ⇒ Array<Mdm::Cred> readonly

  Credentials captured from #services.

• #detected_arch ⇒ String

  The architecture of the host's CPU as detected by Recog.

• #events ⇒ ActiveRecord::Relation<Mdm::Event>

  Events that occurred on this host.

• #exploit_attempt_count ⇒ Integer

  Counter cache for #exploit_attempts.

• #exploit_attempts ⇒ Array<Mdm::ExploitAttempt]

  Attempts to run exploits against this host.

• #exploited_hosts ⇒ ActiveRecord::Relation<Mdm::ExploitedHost>
• #host_detail_count ⇒ Integer

  Counter cache for #host_details.

• #host_details ⇒ Array<Mdm::HostDetail>
• #hosts_tags ⇒ ActiveRecord::Relation<Mdm::HostTag>

  A join model between Tag and Host.

• #info ⇒ String

  Information about this host gathered from the host.

• #loots ⇒ ActiveRecord::Relation<Mdm::Loot>

  Loot gathered from the host with newest loot first.

• #mac ⇒ String

  The MAC address of this host.

• #module_details ⇒ Array<Mdm::Module::Detail] readonly

  Details about modules that were used to find vulnerabilities on this host.

• #module_refs ⇒ Array<Mdm::Module::Ref> readonly

  References for modules for references for vulnerabilities.

• #name ⇒ String

  The name of the host.

• #note_count ⇒ Integer

  Counter cache for #notes.

• #notes ⇒ Array<Mdm::Note>

  Notes about the host entered by a user with oldest notes first.

• #os_flavor ⇒ String

  The flavor of #os_name.

• #os_lang ⇒ String

  Free-form language of operating system.

• #os_name ⇒ String

  The name of the operating system.

• #os_sp ⇒ String

  The service pack of the #os_flavor of the #os_name.

• #purpose ⇒ String

  The purpose of the host on the network, such as 'client' or 'firewall'.

• #refs ⇒ Array<Mdm::Ref> readonly

  External references, such as CVE, to vulnerabilities found on this host.

• #scope ⇒ String

  Interface identifier for link-local IPv6.

• #service_count ⇒ Integer

  Counter cache for #services.

• #service_notes ⇒ Array<Mdm::Note> readonly

  Notes about #services running on this host.

• #services ⇒ Array<Mdm::Service>

  The services running on ports on the host with services ordered by port and protocol.

• #sessions ⇒ Array<Mdm::Session]

  Sessions that are open or previously were open on the host ordered by when the session was opened.

• #state ⇒ String

  Whether the host is alive, down, or in an unknown state.

• #tags ⇒ Array<Mdm::Tag> readonly

  The tags on this host.

• #task_hosts ⇒ Array<Mdm::TaskHost>

  Details about what Tasks touched this host.

• #tasks ⇒ ActiveRecord::Relation<Mdm::Task>

  Tasks that touched this service.

• #updated_at ⇒ DateTime

  The last time this host was updated in the database.

• #virtual_host ⇒ String

  The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

• #vuln_count ⇒ Integer

  Counter cache for #vulns.

• #vuln_refs ⇒ Array<Mdm::VulnRef> readonly

  Join model between #vulns and #refs.

• #vulns ⇒ Array<Mdm::Vuln>

  Vulnerabilities found on the host.

• #web_sites ⇒ Array<Mdm::WebSite> readonly

  Web sites running on top of #services on this host.

• #workspace ⇒ Mdm::Workspace

  The workspace in which this host was found.

Instance Method Summary

• #attribute_locked?(attr) ⇒ true, false

  Returns whether 'host.updated.' note is locked.

• #ip_address_invalid? ⇒ void

  This is replicated by the IpAddressValidator class.

• #is_vm? ⇒ true, false

  Returns whether this host is a virtual machine.

Methods included from OperatingSystemNormalization

#apply_match_to_host, #get_arch_from_string, #guess_purpose_from_match, #normalize_fusionvm_fingerprint, #normalize_generic_fingerprint, #normalize_match, #normalize_mbsa_fingerprint, #normalize_nessus_fingerprint, #normalize_nexpose_fingerprint, #normalize_nmap_fingerprint, #normalize_os, #normalize_qualys_fingerprint, #normalize_retina_fingerprint, #normalize_scanner_fp, #normalize_session_fingerprint, #parse_windows_os_str, #recog_matches_for_note, #recog_matches_for_service, #sanitize, #service_banner_recog_filter_ssh, #validate_fingerprint_data

Instance Attribute Details

#address ⇒ String

The IP address of this host.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 290

#arch ⇒ String

The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

Returns:

• (String) —

  an element of ARCHITECTURES

# File 'app/models/mdm/host.rb', line 295

#clients ⇒ Array<Mdm::Client>

Users connected to this host

Returns:

• (Array<Mdm::Client>)

# File 'app/models/mdm/host.rb', line 70

has_many :clients,
class_name: 'Mdm::Client',
dependent: :destroy,
inverse_of: :host

#comm ⇒ String

TODO:

https://www.pivotaltracker.com/story/show/49722411

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 301

#comments ⇒ String

User supplied comments about host.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 306

#created_at ⇒ DateTime

When this host was created in the database.

Returns:

• (DateTime)

# File 'app/models/mdm/host.rb', line 311

#cred_count ⇒ Integer

Counter cache for #creds.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 316

#creds ⇒ Array<Mdm::Cred> (readonly)

Credentials captured from #services.

Returns:

• (Array<Mdm::Cred>)

See Also:

• #services

# File 'app/models/mdm/host.rb', line 207

has_many :creds, :class_name => 'Mdm::Cred', :through => :services

#detected_arch ⇒ String

The architecture of the host's CPU as detected by Recog. If #arch is not UNKNOWN_ARCHITECTURE, this is undefined.

Returns:

• (String) —

  a free-form string most likely from network data

# File 'app/models/mdm/host.rb', line 321

#events ⇒ ActiveRecord::Relation<Mdm::Event>

Events that occurred on this host.

Returns:

• (ActiveRecord::Relation<Mdm::Event>)

# File 'app/models/mdm/host.rb', line 79

has_many :events,
class_name: 'Mdm::Event',
dependent: :destroy,
inverse_of: :host

#exploit_attempt_count ⇒ Integer

Counter cache for #exploit_attempts.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 327

#exploit_attempts ⇒ Array<Mdm::ExploitAttempt]

Attempts to run exploits against this host.

Returns:

• (Array<Mdm::ExploitAttempt]) —

  Array<Mdm::ExploitAttempt]

# File 'app/models/mdm/host.rb', line 97

has_many :exploit_attempts,
class_name: 'Mdm::ExploitAttempt',
dependent: :destroy,
inverse_of: :host

#exploited_hosts ⇒ ActiveRecord::Relation<Mdm::ExploitedHost>

TODO:

MSP-2732

Returns:

• (ActiveRecord::Relation<Mdm::ExploitedHost>)

# File 'app/models/mdm/host.rb', line 105

has_many :exploited_hosts,
class_name: 'Mdm::ExploitedHost',
dependent: :destroy,
inverse_of: :host

#host_detail_count ⇒ Integer

Counter cache for #host_details.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 332

#host_details ⇒ Array<Mdm::HostDetail>

Returns:

• (Array<Mdm::HostDetail>)

# File 'app/models/mdm/host.rb', line 112

has_many :host_details,
class_name: 'Mdm::HostDetail',
dependent: :destroy,
inverse_of: :host

#hosts_tags ⇒ ActiveRecord::Relation<Mdm::HostTag>

TODO:

MSP-2723

A join model between Tag and Mdm::Host. Use #tags to get the actual Mdm::Tags on this host.

Returns:

• (ActiveRecord::Relation<Mdm::HostTag>)

# File 'app/models/mdm/host.rb', line 122

has_many :hosts_tags,
class_name: 'Mdm::HostTag',
dependent: :destroy,
inverse_of: :host

#info ⇒ String

Information about this host gathered from the host.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 337

#loots ⇒ ActiveRecord::Relation<Mdm::Loot>

TODO:

MSP-3065

Loot gathered from the host with newest loot first.

Returns:

• (ActiveRecord::Relation<Mdm::Loot>)

# File 'app/models/mdm/host.rb', line 132

has_many :loots,
class_name: 'Mdm::Loot',
dependent: :destroy,
inverse_of: :host,
order: 'loots.created_at DESC'

#mac ⇒ String

The MAC address of this host.

Returns:

• (String)

See Also:

• http://en.wikipedia.org/wiki/Mac_address

# File 'app/models/mdm/host.rb', line 342

#module_details ⇒ Array<Mdm::Module::Detail] (readonly)

Details about modules that were used to find vulnerabilities on this host.

Returns:

• (Array<Mdm::Module::Detail]) —

  Array<Mdm::Module::Detail]

# File 'app/models/mdm/host.rb', line 280

has_many :module_details,
:class_name => 'Mdm::Module::Detail',
:source =>:detail,
:through => :module_refs,
:uniq => true

#module_refs ⇒ Array<Mdm::Module::Ref> (readonly)

References for modules for references for vulnerabilities.

Returns:

• (Array<Mdm::Module::Ref>)

# File 'app/models/mdm/host.rb', line 270

has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs

#name ⇒ String

The name of the host. If the host name is not available, then it will just be the IP address.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 348

#note_count ⇒ Integer

Counter cache for #notes.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 353

#notes ⇒ Array<Mdm::Note>

Notes about the host entered by a user with oldest notes first.

Returns:

• (Array<Mdm::Note>)

# File 'app/models/mdm/host.rb', line 142

has_many :notes,
class_name: 'Mdm::Note',
inverse_of: :host,
dependent: :delete_all,
order: 'notes.created_at'

#os_flavor ⇒ String

The flavor of #os_name.

Examples:

Windows XP

host.os_name = 'Windows'
host.os_flavor = 'XP'

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 358

#os_lang ⇒ String

Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 367

#os_name ⇒ String

The name of the operating system.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 373

#os_sp ⇒ String

The service pack of the #os_flavor of the #os_name.

Examples:

Windows XP SP2

host.os_name = 'Windows'
host.os_flavor = 'XP'
host.os_sp = 'SP2'

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 378

#purpose ⇒ String

The purpose of the host on the network, such as 'client' or 'firewall'.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 388

#refs ⇒ Array<Mdm::Ref> (readonly)

External references, such as CVE, to vulnerabilities found on this host.

Returns:

• (Array<Mdm::Ref>)

See Also:

• #vuln_refs

# File 'app/models/mdm/host.rb', line 260

has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs

#scope ⇒ String

Interface identifier for link-local IPv6

Returns:

• (String)

See Also:

• http://en.wikipedia.org/wiki/IPv6_address#Link-local_addresses_and_zone_indices

# File 'app/models/mdm/host.rb', line 393

#service_count ⇒ Integer

Counter cache for #services.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 399

#service_notes ⇒ Array<Mdm::Note> (readonly)

Notes about #services running on this host.

Returns:

• (Array<Mdm::Note>)

See Also:

• #services

# File 'app/models/mdm/host.rb', line 214

has_many :service_notes,
class_name: 'Mdm::Note',
source: :notes,
through: :services

#services ⇒ Array<Mdm::Service>

The services running on ports on the host with services ordered by port and protocol.

Returns:

• (Array<Mdm::Service>)

# File 'app/models/mdm/host.rb', line 153

has_many :services,
class_name: 'Mdm::Service',
dependent: :destroy,
inverse_of: :host,
order: 'services.port, services.proto'

#sessions ⇒ Array<Mdm::Session]

Sessions that are open or previously were open on the host ordered by when the session was opened

Returns:

• (Array<Mdm::Session]) —

  Array<Mdm::Session]

# File 'app/models/mdm/host.rb', line 164

has_many :sessions,
class_name: 'Mdm::Session',
dependent: :destroy,
inverse_of: :host,
order: 'sessions.opened_at'

#state ⇒ String

Whether the host is alive, down, or in an unknown state.

Returns:

• (String) —

  element of STATES.

# File 'app/models/mdm/host.rb', line 404

#tags ⇒ Array<Mdm::Tag> (readonly)

The tags on this host. Tags are used to filter hosts.

Returns:

• (Array<Mdm::Tag>)

See Also:

• #hosts_tags

# File 'app/models/mdm/host.rb', line 196

has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags

#task_hosts ⇒ Array<Mdm::TaskHost>

Details about what Tasks touched this host

Returns:

• (Array<Mdm::TaskHost>)

# File 'app/models/mdm/host.rb', line 88

has_many :task_hosts,
class_name: 'Mdm::TaskHost',
dependent: :destroy,
inverse_of: :host

#tasks ⇒ ActiveRecord::Relation<Mdm::Task>

Tasks that touched this service

Returns:

• (ActiveRecord::Relation<Mdm::Task>)

# File 'app/models/mdm/host.rb', line 234

has_many :tasks,
class_name: 'Mdm::Task',
through: :task_hosts

#updated_at ⇒ DateTime

The last time this host was updated in the database.

Returns:

• (DateTime)

# File 'app/models/mdm/host.rb', line 409

#virtual_host ⇒ String

The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 414

#vuln_count ⇒ Integer

Counter cache for #vulns.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 419

#vuln_refs ⇒ Array<Mdm::VulnRef> (readonly)

TODO:

https://www.pivotaltracker.com/story/show/49004623

Join model between #vulns and #refs. Use either of those asssociations instead of this join model.

Returns:

• (Array<Mdm::VulnRef>)

See Also:

• #refs
• #vulns

# File 'app/models/mdm/host.rb', line 249

has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns

#vulns ⇒ Array<Mdm::Vuln>

Vulnerabilities found on the host.

Returns:

• (Array<Mdm::Vuln>)

# File 'app/models/mdm/host.rb', line 174

has_many :vulns,
class_name: 'Mdm::Vuln',
dependent: :delete_all,
inverse_of: :host

#web_sites ⇒ Array<Mdm::WebSite> (readonly)

Web sites running on top of #services on this host.

Returns:

• (Array<Mdm::WebSite>)

See Also:

• #services

# File 'app/models/mdm/host.rb', line 224

has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services

#workspace ⇒ Mdm::Workspace

The workspace in which this host was found.

Returns:

• (Mdm::Workspace)

# File 'app/models/mdm/host.rb', line 183

belongs_to :workspace,
class_name: 'Mdm::Workspace',
inverse_of: :hosts

Instance Method Details

#attribute_locked?(attr) ⇒ true, false

Returns whether 'host.updated.' note is locked.

Returns:

• (true) —

  if Mdm::Note with 'host.updated.' as Note#name exists and data[:locked] is true.

• (false) —

  otherwise.

# File 'app/models/mdm/host.rb', line 535

def attribute_locked?(attr)
  n = notes.find_by_ntype("host.updated.#{attr}")
  n && n.data[:locked]
end

#ip_address_invalid? ⇒ void

This method returns an undefined value.

This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.

# File 'app/models/mdm/host.rb', line 544

def ip_address_invalid?
  begin
    potential_ip = IPAddr.new(address)
    return true unless potential_ip.ipv4? || potential_ip.ipv6?
  rescue ArgumentError
    return true
  end
end

#is_vm? ⇒ true, false

Returns whether this host is a virtual machine.

Returns:

• (true) —

  unless #virtual_host is nil.

• (false) —

  otherwise.

# File 'app/models/mdm/host.rb', line 557

def is_vm?
  !!self.virtual_host
end