Class: Mdm::Host

Inherits:
ActiveRecord::Base
  • Object
show all
Extended by:
ActiveSupport::Autoload
Includes:
OperatingSystemNormalization, Metasploit::Model::Search
Defined in:
app/models/mdm/host.rb

Overview

A system with an IP address on the network that has been discovered in some way.

Defined Under Namespace

Modules: OperatingSystemNormalization

Constant Summary collapse

UNKNOWN_ARCHITECTURE =

Special #arch value to indicate we should look at #detected_arch instead

'Unknown'
ARCHITECTURES =

Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.

[
    'armbe',
    'armle',
    'cbea',
    'cbea64',
    'cmd',
    'java',
    'mips',
    'mipsbe',
    'mipsle',
    'php',
    'ppc',
    'ppc64',
    'ruby',
    'sparc',
    'tty',
    # To be used for compatability with 'X86_64'
    'x64',
    'x86',
    'x86_64',
    '',
    UNKNOWN_ARCHITECTURE
]
SEARCH_FIELDS =

Fields searched for the search scope

[
    'address::text',
    'comments',
    'mac',
    'name',
    'os_flavor',
    'os_name',
    'os_sp',
    'purpose'
]
STATES =

Valid values for #state.

[
    'alive',
    'down',
    'unknown'
]

Constants included from OperatingSystemNormalization

OperatingSystemNormalization::MAX_NMAP_CERTAINTY

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from OperatingSystemNormalization

#apply_match_to_host, #get_arch_from_string, #guess_purpose_from_match, #normalize_fusionvm_fingerprint, #normalize_generic_fingerprint, #normalize_match, #normalize_mbsa_fingerprint, #normalize_nessus_fingerprint, #normalize_nexpose_fingerprint, #normalize_nmap_fingerprint, #normalize_os, #normalize_qualys_fingerprint, #normalize_retina_fingerprint, #normalize_scanner_fp, #normalize_session_fingerprint, #parse_windows_os_str, #recog_matches_for_note, #recog_matches_for_service, #sanitize, #service_banner_recog_filter_ssh, #validate_fingerprint_data

Instance Attribute Details

#addressString

The IP address of this host.




# File 'app/models/mdm/host.rb', line 302

#archString

The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.




# File 'app/models/mdm/host.rb', line 307

#clientsActiveRecord::Relation<Mdm::Client>

Users connected to this host



72
73
74
75
 
# File 'app/models/mdm/host.rb', line 72

has_many :clients,
class_name: 'Mdm::Client',
dependent: :destroy,
inverse_of: :host

#commString 




# File 'app/models/mdm/host.rb', line 313

#commentsString

User supplied comments about host.




# File 'app/models/mdm/host.rb', line 318

#created_atDateTime

When this host was created in the database.




# File 'app/models/mdm/host.rb', line 323

#cred_countInteger

Counter cache for #creds.




# File 'app/models/mdm/host.rb', line 328

#credsActiveRecord::Relation<Mdm::Cred> (readonly)

Credentials captured from #services.

See Also:



209
 
# File 'app/models/mdm/host.rb', line 209

has_many :creds, :class_name => 'Mdm::Cred', :through => :services

#detected_archString

The architecture of the host's CPU as detected by Recog. If #arch is not UNKNOWN_ARCHITECTURE, this is undefined.




# File 'app/models/mdm/host.rb', line 333

#eventsActiveRecord::Relation<Mdm::Event>

Events that occurred on this host.



81
82
83
84
 
# File 'app/models/mdm/host.rb', line 81

has_many :events,
class_name: 'Mdm::Event',
dependent: :destroy,
inverse_of: :host

#exploit_attempt_countInteger

Counter cache for #exploit_attempts.




# File 'app/models/mdm/host.rb', line 339

#exploit_attemptsActiveRecord::Relation<Mdm::ExploitAttempt]

Attempts to run exploits against this host.



99
100
101
102
 
# File 'app/models/mdm/host.rb', line 99

has_many :exploit_attempts,
class_name: 'Mdm::ExploitAttempt',
dependent: :destroy,
inverse_of: :host

#exploited_hostsActiveRecord::Relation<Mdm::ExploitedHost> 



107
108
109
110
 
# File 'app/models/mdm/host.rb', line 107

has_many :exploited_hosts,
class_name: 'Mdm::ExploitedHost',
dependent: :destroy,
inverse_of: :host

#host_detail_countInteger

Counter cache for #host_details.




# File 'app/models/mdm/host.rb', line 344

#host_detailsActiveRecord::Relation<Mdm::HostDetail> 



114
115
116
117
 
# File 'app/models/mdm/host.rb', line 114

has_many :host_details,
class_name: 'Mdm::HostDetail',
dependent: :destroy,
inverse_of: :host

#hosts_tagsActiveRecord::Relation<Mdm::HostTag>

TODO:

MSP-2723

A join model between Tag and Mdm::Host. Use #tags to get the actual Mdm::Tags on this host.



124
125
126
127
 
# File 'app/models/mdm/host.rb', line 124

has_many :hosts_tags,
class_name: 'Mdm::HostTag',
dependent: :destroy,
inverse_of: :host

#infoString

Information about this host gathered from the host.




# File 'app/models/mdm/host.rb', line 349

#lootsActiveRecord::Relation<Mdm::Loot>

TODO:

MSP-3065

Loot gathered from the host with newest loot first.



134
135
136
137
138
 
# File 'app/models/mdm/host.rb', line 134

has_many :loots,
class_name: 'Mdm::Loot',
dependent: :destroy,
inverse_of: :host,
order: 'loots.created_at DESC'

#macString

The MAC address of this host.

See Also:




# File 'app/models/mdm/host.rb', line 354

#module_detailsActiveRecord::Relation<Mdm::Module::Detail] (readonly)

Details about modules that were used to find vulnerabilities on this host.



292
293
294
295
296
 
# File 'app/models/mdm/host.rb', line 292

has_many :module_details,
:class_name => 'Mdm::Module::Detail',
:source =>:detail,
:through => :module_refs,
:uniq => true

#module_refsActiveRecord::Relation<Mdm::Module::Ref> (readonly)

References for modules for references for vulnerabilities.



282
 
# File 'app/models/mdm/host.rb', line 282

has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs

#module_runsActiveRecord::Relation<MetasploitDataModels::ModuleRun> (readonly)

Records of Metasploit modules being run on/against this Mdm::Host

See Also:



233
234
235
 
# File 'app/models/mdm/host.rb', line 233

has_many :module_runs,
class_name: 'MetasploitDataModels::ModuleRun',
as: :trackable

#nameString

The name of the host. If the host name is not available, then it will just be the IP address.




# File 'app/models/mdm/host.rb', line 360

#note_countInteger

Counter cache for #notes.




# File 'app/models/mdm/host.rb', line 365

#notesActiveRecord::Relation<Mdm::Note>

Notes about the host entered by a user with oldest notes first.



144
145
146
147
148
 
# File 'app/models/mdm/host.rb', line 144

has_many :notes,
class_name: 'Mdm::Note',
inverse_of: :host,
dependent: :delete_all,
order: 'notes.created_at'

#os_flavorString

The flavor of #os_name.

Examples:

Windows XP

host.os_name = 'Windows'
host.os_flavor = 'XP'




# File 'app/models/mdm/host.rb', line 370

#os_langString

Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.




# File 'app/models/mdm/host.rb', line 379

#os_nameString

The name of the operating system.




# File 'app/models/mdm/host.rb', line 385

#os_spString

The service pack of the #os_flavor of the #os_name.

Examples:

Windows XP SP2

host.os_name = 'Windows'
host.os_flavor = 'XP'
host.os_sp = 'SP2'




# File 'app/models/mdm/host.rb', line 390

#purposeString

The purpose of the host on the network, such as 'client' or 'firewall'.




# File 'app/models/mdm/host.rb', line 400

#refsActiveRecord::Relation<Mdm::Ref> (readonly)

External references, such as CVE, to vulnerabilities found on this host.

See Also:



272
 
# File 'app/models/mdm/host.rb', line 272

has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs

#scopeString

Interface identifier for link-local IPv6

See Also:




# File 'app/models/mdm/host.rb', line 405

#service_countInteger

Counter cache for #services.




# File 'app/models/mdm/host.rb', line 411

#service_notesActiveRecord::Relation<Mdm::Note> (readonly)

Notes about #services running on this host.

See Also:



216
217
218
219
 
# File 'app/models/mdm/host.rb', line 216

has_many :service_notes,
class_name: 'Mdm::Note',
source: :notes,
through: :services

#servicesActiveRecord::Relation<Mdm::Service>

The services running on ports on the host with services ordered by port and protocol.



155
156
157
158
159
 
# File 'app/models/mdm/host.rb', line 155

has_many :services,
class_name: 'Mdm::Service',
dependent: :destroy,
inverse_of: :host,
order: 'services.port, services.proto'

#sessionsActiveRecord::Relation<Mdm::Session]

Sessions that are open or previously were open on the host ordered by when the session was opened



166
167
168
169
170
 
# File 'app/models/mdm/host.rb', line 166

has_many :sessions,
class_name: 'Mdm::Session',
dependent: :destroy,
inverse_of: :host,
order: 'sessions.opened_at'

#stateString

Whether the host is alive, down, or in an unknown state.




# File 'app/models/mdm/host.rb', line 416

#tagsActiveRecord::Relation<Mdm::Tag> (readonly)

The tags on this host. Tags are used to filter hosts.

See Also:



198
 
# File 'app/models/mdm/host.rb', line 198

has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags

#task_hostsActiveRecord::Relation<Mdm::TaskHost>

Details about what Tasks touched this host



90
91
92
93
 
# File 'app/models/mdm/host.rb', line 90

has_many :task_hosts,
class_name: 'Mdm::TaskHost',
dependent: :destroy,
inverse_of: :host

#tasksActiveRecord::Relation<Mdm::Task>

Tasks that touched this service



246
247
248
 
# File 'app/models/mdm/host.rb', line 246

has_many :tasks,
class_name: 'Mdm::Task',
through: :task_hosts

#updated_atDateTime

The last time this host was updated in the database.




# File 'app/models/mdm/host.rb', line 421

#virtual_hostString

The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.




# File 'app/models/mdm/host.rb', line 426

#vuln_countInteger

Counter cache for #vulns.




# File 'app/models/mdm/host.rb', line 431

#vuln_refsActiveRecord::Relation<Mdm::VulnRef> (readonly)

TODO:

https://www.pivotaltracker.com/story/show/49004623

Join model between #vulns and #refs. Use either of those asssociations instead of this join model.

See Also:



261
 
# File 'app/models/mdm/host.rb', line 261

has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns

#vulnsActiveRecord::Relation<Mdm::Vuln>

Vulnerabilities found on the host.



176
177
178
179
 
# File 'app/models/mdm/host.rb', line 176

has_many :vulns,
class_name: 'Mdm::Vuln',
dependent: :delete_all,
inverse_of: :host

#web_sitesActiveRecord::Relation<Mdm::WebSite> (readonly)

Web sites running on top of #services on this host.

See Also:



226
 
# File 'app/models/mdm/host.rb', line 226

has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services

#workspaceMdm::Workspace

The workspace in which this host was found.



185
186
187
 
# File 'app/models/mdm/host.rb', line 185

belongs_to :workspace,
class_name: 'Mdm::Workspace',
inverse_of: :hosts

Instance Method Details

#attribute_locked?(attr) ⇒ true, false

Returns whether 'host.updated.' note is locked.



547
548
549
550
 
# File 'app/models/mdm/host.rb', line 547

def attribute_locked?(attr)
  n = notes.find_by_ntype("host.updated.#{attr}")
  n && n.data[:locked]
end

#ip_address_invalid?void

This method returns an undefined value.

This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.



556
557
558
559
560
561
562
563
 
# File 'app/models/mdm/host.rb', line 556

def ip_address_invalid?
  begin
    potential_ip = IPAddr.new(address)
    return true unless potential_ip.ipv4? || potential_ip.ipv6?
  rescue ArgumentError
    return true
  end
end

#is_vm?true, false

Returns whether this host is a virtual machine.



569
570
571
 
# File 'app/models/mdm/host.rb', line 569

def is_vm?
  !!self.virtual_host
end