Class: Mdm::Host
- Inherits:
-
ActiveRecord::Base
- Object
- ActiveRecord::Base
- Mdm::Host
- Includes:
- OperatingSystemNormalization, Metasploit::Model::Search
- Defined in:
- app/models/mdm/host.rb
Overview
A system with an IP address on the network that has been discovered in some way.
Defined Under Namespace
Modules: OperatingSystemNormalization
Constant Summary collapse
- UNKNOWN_ARCHITECTURE =
Special #arch value to indicate we should look at #detected_arch instead
'Unknown'
- ARCHITECTURES =
Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.
[ 'armbe', 'armle', 'cbea', 'cbea64', 'cmd', 'java', 'mips', 'mipsbe', 'mipsle', 'php', 'ppc', 'ppc64', 'ruby', 'sparc', 'tty', # To be used for compatability with 'X86_64' 'x64', 'x86', 'x86_64', '', UNKNOWN_ARCHITECTURE ]
- SEARCH_FIELDS =
Fields searched for the search scope
[ 'address::text', 'comments', 'mac', 'name', 'os_flavor', 'os_name', 'os_sp', 'purpose' ]
- STATES =
Valid values for #state.
[ 'alive', 'down', 'unknown' ]
Constants included from OperatingSystemNormalization
OperatingSystemNormalization::MAX_NMAP_CERTAINTY
Instance Attribute Summary collapse
-
#address ⇒ String
The IP address of this host.
-
#arch ⇒ String
The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.
-
#clients ⇒ Array<Mdm::Client>
Users connected to this host.
- #comm ⇒ String
-
#comments ⇒ String
User supplied comments about host.
-
#created_at ⇒ DateTime
When this host was created in the database.
-
#cred_count ⇒ Integer
Counter cache for #creds.
-
#creds ⇒ Array<Mdm::Cred>
readonly
Credentials captured from #services.
-
#detected_arch ⇒ String
The architecture of the host's CPU as detected by
Recog
. -
#events ⇒ ActiveRecord::Relation<Mdm::Event>
Events that occurred on this host.
-
#exploit_attempt_count ⇒ Integer
Counter cache for #exploit_attempts.
-
#exploit_attempts ⇒ Array<Mdm::ExploitAttempt]
Attempts to run exploits against this host.
- #exploited_hosts ⇒ ActiveRecord::Relation<Mdm::ExploitedHost>
-
#host_detail_count ⇒ Integer
Counter cache for #host_details.
- #host_details ⇒ Array<Mdm::HostDetail>
- #hosts_tags ⇒ ActiveRecord::Relation<Mdm::HostTag>
-
#info ⇒ String
Information about this host gathered from the host.
-
#loots ⇒ ActiveRecord::Relation<Mdm::Loot>
Loot gathered from the host with newest loot first.
-
#mac ⇒ String
The MAC address of this host.
-
#module_details ⇒ Array<Mdm::Module::Detail]
readonly
Details about modules that were used to find vulnerabilities on this host.
- #module_refs ⇒ Array<Mdm::Module::Ref> readonly
-
#name ⇒ String
The name of the host.
-
#note_count ⇒ Integer
Counter cache for #notes.
-
#notes ⇒ Array<Mdm::Note>
Notes about the host entered by a user with oldest notes first.
-
#os_flavor ⇒ String
The flavor of #os_name.
-
#os_lang ⇒ String
Free-form language of operating system.
-
#os_name ⇒ String
The name of the operating system.
-
#os_sp ⇒ String
The service pack of the #os_flavor of the #os_name.
-
#purpose ⇒ String
The purpose of the host on the network, such as 'client' or 'firewall'.
-
#refs ⇒ Array<Mdm::Ref>
readonly
External references, such as CVE, to vulnerabilities found on this host.
-
#scope ⇒ String
Interface identifier for link-local IPv6.
-
#service_count ⇒ Integer
Counter cache for #services.
- #service_notes ⇒ Array<Mdm::Note> readonly
- #services ⇒ Array<Mdm::Service>
-
#sessions ⇒ Array<Mdm::Session]
Sessions that are open or previously were open on the host ordered by when the session was opened.
-
#state ⇒ String
Whether the host is alive, down, or in an unknown state.
-
#tags ⇒ Array<Mdm::Tag>
readonly
The tags on this host.
-
#task_hosts ⇒ Array<Mdm::TaskHost>
Details about what Tasks touched this host.
-
#tasks ⇒ ActiveRecord::Relation<Mdm::Task>
Tasks that touched this service.
-
#updated_at ⇒ DateTime
The last time this host was updated in the database.
-
#virtual_host ⇒ String
The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.
-
#vuln_count ⇒ Integer
Counter cache for #vulns.
- #vuln_refs ⇒ Array<Mdm::VulnRef> readonly
-
#vulns ⇒ Array<Mdm::Vuln>
Vulnerabilities found on the host.
- #web_sites ⇒ Array<Mdm::WebSite> readonly
-
#workspace ⇒ Mdm::Workspace
The workspace in which this host was found.
Instance Method Summary collapse
- #attribute_locked?(attr) ⇒ true, false
-
#ip_address_invalid? ⇒ void
This is replicated by the IpAddressValidator class.
-
#is_vm? ⇒ true, false
Returns whether this host is a virtual machine.
Methods included from OperatingSystemNormalization
#apply_match_to_host, #get_arch_from_string, #guess_purpose_from_match, #normalize_fusionvm_fingerprint, #normalize_generic_fingerprint, #normalize_match, #normalize_mbsa_fingerprint, #normalize_nessus_fingerprint, #normalize_nexpose_fingerprint, #normalize_nmap_fingerprint, #normalize_os, #normalize_qualys_fingerprint, #normalize_retina_fingerprint, #normalize_scanner_fp, #normalize_session_fingerprint, #parse_windows_os_str, #recog_matches_for_note, #recog_matches_for_service, #sanitize, #service_banner_recog_filter_ssh, #validate_fingerprint_data
Instance Attribute Details
#address ⇒ String
The IP address of this host.
|
# File 'app/models/mdm/host.rb', line 290
|
#arch ⇒ String
The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.
|
# File 'app/models/mdm/host.rb', line 295
|
#clients ⇒ Array<Mdm::Client>
Users connected to this host
70 71 72 73 |
# File 'app/models/mdm/host.rb', line 70 has_many :clients, class_name: 'Mdm::Client', dependent: :destroy, inverse_of: :host |
#comm ⇒ String
|
# File 'app/models/mdm/host.rb', line 301
|
#comments ⇒ String
User supplied comments about host.
|
# File 'app/models/mdm/host.rb', line 306
|
#created_at ⇒ DateTime
When this host was created in the database.
|
# File 'app/models/mdm/host.rb', line 311
|
#creds ⇒ Array<Mdm::Cred> (readonly)
Credentials captured from #services.
207 |
# File 'app/models/mdm/host.rb', line 207 has_many :creds, :class_name => 'Mdm::Cred', :through => :services |
#detected_arch ⇒ String
The architecture of the host's CPU as detected by Recog
. If #arch is
not UNKNOWN_ARCHITECTURE, this is undefined.
|
# File 'app/models/mdm/host.rb', line 321
|
#events ⇒ ActiveRecord::Relation<Mdm::Event>
Events that occurred on this host.
79 80 81 82 |
# File 'app/models/mdm/host.rb', line 79 has_many :events, class_name: 'Mdm::Event', dependent: :destroy, inverse_of: :host |
#exploit_attempt_count ⇒ Integer
Counter cache for #exploit_attempts.
|
# File 'app/models/mdm/host.rb', line 327
|
#exploit_attempts ⇒ Array<Mdm::ExploitAttempt]
Attempts to run exploits against this host.
97 98 99 100 |
# File 'app/models/mdm/host.rb', line 97 has_many :exploit_attempts, class_name: 'Mdm::ExploitAttempt', dependent: :destroy, inverse_of: :host |
#exploited_hosts ⇒ ActiveRecord::Relation<Mdm::ExploitedHost>
MSP-2732
105 106 107 108 |
# File 'app/models/mdm/host.rb', line 105 has_many :exploited_hosts, class_name: 'Mdm::ExploitedHost', dependent: :destroy, inverse_of: :host |
#host_detail_count ⇒ Integer
Counter cache for #host_details.
|
# File 'app/models/mdm/host.rb', line 332
|
#host_details ⇒ Array<Mdm::HostDetail>
112 113 114 115 |
# File 'app/models/mdm/host.rb', line 112 has_many :host_details, class_name: 'Mdm::HostDetail', dependent: :destroy, inverse_of: :host |
#hosts_tags ⇒ ActiveRecord::Relation<Mdm::HostTag>
122 123 124 125 |
# File 'app/models/mdm/host.rb', line 122 has_many :hosts_tags, class_name: 'Mdm::HostTag', dependent: :destroy, inverse_of: :host |
#info ⇒ String
Information about this host gathered from the host.
|
# File 'app/models/mdm/host.rb', line 337
|
#loots ⇒ ActiveRecord::Relation<Mdm::Loot>
MSP-3065
Loot gathered from the host with newest loot first.
132 133 134 135 136 |
# File 'app/models/mdm/host.rb', line 132 has_many :loots, class_name: 'Mdm::Loot', dependent: :destroy, inverse_of: :host, order: 'loots.created_at DESC' |
#mac ⇒ String
The MAC address of this host.
|
# File 'app/models/mdm/host.rb', line 342
|
#module_details ⇒ Array<Mdm::Module::Detail] (readonly)
Details about modules that were used to find vulnerabilities on this host.
280 281 282 283 284 |
# File 'app/models/mdm/host.rb', line 280 has_many :module_details, :class_name => 'Mdm::Module::Detail', :source =>:detail, :through => :module_refs, :uniq => true |
#module_refs ⇒ Array<Mdm::Module::Ref> (readonly)
270 |
# File 'app/models/mdm/host.rb', line 270 has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs |
#name ⇒ String
The name of the host. If the host name is not available, then it will just be the IP address.
|
# File 'app/models/mdm/host.rb', line 348
|
#notes ⇒ Array<Mdm::Note>
Notes about the host entered by a user with oldest notes first.
142 143 144 145 146 |
# File 'app/models/mdm/host.rb', line 142 has_many :notes, class_name: 'Mdm::Note', inverse_of: :host, dependent: :delete_all, order: 'notes.created_at' |
#os_lang ⇒ String
Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.
|
# File 'app/models/mdm/host.rb', line 367
|
#os_name ⇒ String
The name of the operating system.
|
# File 'app/models/mdm/host.rb', line 373
|
#os_sp ⇒ String
The service pack of the #os_flavor of the #os_name.
|
# File 'app/models/mdm/host.rb', line 378
|
#purpose ⇒ String
The purpose of the host on the network, such as 'client' or 'firewall'.
|
# File 'app/models/mdm/host.rb', line 388
|
#refs ⇒ Array<Mdm::Ref> (readonly)
External references, such as CVE, to vulnerabilities found on this host.
260 |
# File 'app/models/mdm/host.rb', line 260 has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs |
#scope ⇒ String
Interface identifier for link-local IPv6
|
# File 'app/models/mdm/host.rb', line 393
|
#service_notes ⇒ Array<Mdm::Note> (readonly)
214 215 216 217 |
# File 'app/models/mdm/host.rb', line 214 has_many :service_notes, class_name: 'Mdm::Note', source: :notes, through: :services |
#services ⇒ Array<Mdm::Service>
153 154 155 156 157 |
# File 'app/models/mdm/host.rb', line 153 has_many :services, class_name: 'Mdm::Service', dependent: :destroy, inverse_of: :host, order: 'services.port, services.proto' |
#sessions ⇒ Array<Mdm::Session]
Sessions that are open or previously were open on the host ordered by when the session was opened
164 165 166 167 168 |
# File 'app/models/mdm/host.rb', line 164 has_many :sessions, class_name: 'Mdm::Session', dependent: :destroy, inverse_of: :host, order: 'sessions.opened_at' |
#state ⇒ String
Whether the host is alive, down, or in an unknown state.
|
# File 'app/models/mdm/host.rb', line 404
|
#tags ⇒ Array<Mdm::Tag> (readonly)
The tags on this host. Tags are used to filter hosts.
196 |
# File 'app/models/mdm/host.rb', line 196 has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags |
#task_hosts ⇒ Array<Mdm::TaskHost>
Details about what Tasks touched this host
88 89 90 91 |
# File 'app/models/mdm/host.rb', line 88 has_many :task_hosts, class_name: 'Mdm::TaskHost', dependent: :destroy, inverse_of: :host |
#tasks ⇒ ActiveRecord::Relation<Mdm::Task>
Tasks that touched this service
234 235 236 |
# File 'app/models/mdm/host.rb', line 234 has_many :tasks, class_name: 'Mdm::Task', through: :task_hosts |
#updated_at ⇒ DateTime
The last time this host was updated in the database.
|
# File 'app/models/mdm/host.rb', line 409
|
#virtual_host ⇒ String
The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.
|
# File 'app/models/mdm/host.rb', line 414
|
#vuln_refs ⇒ Array<Mdm::VulnRef> (readonly)
249 |
# File 'app/models/mdm/host.rb', line 249 has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns |
#vulns ⇒ Array<Mdm::Vuln>
Vulnerabilities found on the host.
174 175 176 177 |
# File 'app/models/mdm/host.rb', line 174 has_many :vulns, class_name: 'Mdm::Vuln', dependent: :delete_all, inverse_of: :host |
#web_sites ⇒ Array<Mdm::WebSite> (readonly)
224 |
# File 'app/models/mdm/host.rb', line 224 has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services |
#workspace ⇒ Mdm::Workspace
The workspace in which this host was found.
183 184 185 |
# File 'app/models/mdm/host.rb', line 183 belongs_to :workspace, class_name: 'Mdm::Workspace', inverse_of: :hosts |
Instance Method Details
#attribute_locked?(attr) ⇒ true, false
535 536 537 538 |
# File 'app/models/mdm/host.rb', line 535 def attribute_locked?(attr) n = notes.find_by_ntype("host.updated.#{attr}") n && n.data[:locked] end |
#ip_address_invalid? ⇒ void
This method returns an undefined value.
This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.
544 545 546 547 548 549 550 551 |
# File 'app/models/mdm/host.rb', line 544 def ip_address_invalid? begin potential_ip = IPAddr.new(address) return true unless potential_ip.ipv4? || potential_ip.ipv6? rescue ArgumentError return true end end |
#is_vm? ⇒ true, false
Returns whether this host is a virtual machine.
557 558 559 |
# File 'app/models/mdm/host.rb', line 557 def is_vm? !!self.virtual_host end |