Class: Mdm::Host

Inherits:
ActiveRecord::Base
  • Object
show all
Extended by:
ActiveSupport::Autoload
Includes:
OperatingSystemNormalization, Metasploit::Model::Search
Defined in:
app/models/mdm/host.rb

Overview

A system with an IP address on the network that has been discovered in some way.

Defined Under Namespace

Modules: OperatingSystemNormalization

Constant Summary collapse

UNKNOWN_ARCHITECTURE =

Special #arch value to indicate we should look at #detected_arch instead

'Unknown'
ARCHITECTURES =

Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.

[
    'armbe',
    'armle',
    'cbea',
    'cbea64',
    'cmd',
    'java',
    'mips',
    'mipsbe',
    'mipsle',
    'php',
    'ppc',
    'ppc64',
    'ruby',
    'sparc',
    'tty',
    # To be used for compatability with 'X86_64'
    'x64',
    'x86',
    'x86_64',
    '',
    UNKNOWN_ARCHITECTURE
]
SEARCH_FIELDS =

Fields searched for the search scope

[
    'address::text',
    'comments',
    'mac',
    'name',
    'os_flavor',
    'os_name',
    'os_sp',
    'purpose'
]
STATES =

Valid values for #state.

[
    'alive',
    'down',
    'unknown'
]

Constants included from OperatingSystemNormalization

OperatingSystemNormalization::MAX_NMAP_CERTAINTY

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from OperatingSystemNormalization

#apply_match_to_host, #get_arch_from_string, #guess_purpose_from_match, #normalize_fusionvm_fingerprint, #normalize_generic_fingerprint, #normalize_match, #normalize_mbsa_fingerprint, #normalize_nessus_fingerprint, #normalize_nexpose_fingerprint, #normalize_nmap_fingerprint, #normalize_os, #normalize_qualys_fingerprint, #normalize_retina_fingerprint, #normalize_scanner_fp, #normalize_session_fingerprint, #parse_windows_os_str, #recog_matches_for_note, #recog_matches_for_service, #sanitize, #service_banner_recog_filter_ssh, #validate_fingerprint_data

Instance Attribute Details

#addressString

The IP address of this host.

Returns:

  • (String) 


72
73
74
 
# File 'app/models/mdm/host.rb', line 72

def address
  self[:address].to_s
end

#archString

The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

Returns:




# File 'app/models/mdm/host.rb', line 319

#clientsActiveRecord::Relation<Mdm::Client>

Users connected to this host

Returns:



84
85
86
87
 
# File 'app/models/mdm/host.rb', line 84

has_many :clients,
class_name: 'Mdm::Client',
dependent: :destroy,
inverse_of: :host

#commString

TODO:

https://www.pivotaltracker.com/story/show/49722411

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 325

#commentsString

User supplied comments about host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 330

#created_atDateTime

When this host was created in the database.

Returns:

  • (DateTime) 



# File 'app/models/mdm/host.rb', line 335

#cred_countInteger

Counter cache for #creds.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 340

#credsActiveRecord::Relation<Mdm::Cred> (readonly)

Credentials captured from #services.

Returns:

See Also:



221
 
# File 'app/models/mdm/host.rb', line 221

has_many :creds, :class_name => 'Mdm::Cred', :through => :services

#detected_archString

The architecture of the host's CPU as detected by Recog. If #arch is not UNKNOWN_ARCHITECTURE, this is undefined.

Returns:

  • (String)

    a free-form string most likely from network data




# File 'app/models/mdm/host.rb', line 345

#eventsActiveRecord::Relation<Mdm::Event>

Events that occurred on this host.

Returns:



93
94
95
96
 
# File 'app/models/mdm/host.rb', line 93

has_many :events,
class_name: 'Mdm::Event',
dependent: :destroy,
inverse_of: :host

#exploit_attempt_countInteger

Counter cache for #exploit_attempts.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 351

#exploit_attemptsActiveRecord::Relation<Mdm::ExploitAttempt]

Attempts to run exploits against this host.

Returns:

  • (ActiveRecord::Relation<Mdm::ExploitAttempt])

    ActiveRecord::Relation<Mdm::ExploitAttempt]



111
112
113
114
 
# File 'app/models/mdm/host.rb', line 111

has_many :exploit_attempts,
class_name: 'Mdm::ExploitAttempt',
dependent: :destroy,
inverse_of: :host

#exploited_hostsActiveRecord::Relation<Mdm::ExploitedHost>

TODO:

MSP-2732

Returns:



119
120
121
122
 
# File 'app/models/mdm/host.rb', line 119

has_many :exploited_hosts,
class_name: 'Mdm::ExploitedHost',
dependent: :destroy,
inverse_of: :host

#host_detail_countInteger

Counter cache for #host_details.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 356

#host_detailsActiveRecord::Relation<Mdm::HostDetail>

Returns:



126
127
128
129
 
# File 'app/models/mdm/host.rb', line 126

has_many :host_details,
class_name: 'Mdm::HostDetail',
dependent: :destroy,
inverse_of: :host

#hosts_tagsActiveRecord::Relation<Mdm::HostTag>

TODO:

MSP-2723

A join model between Tag and Mdm::Host. Use #tags to get the actual Mdm::Tags on this host.

Returns:



136
137
138
139
 
# File 'app/models/mdm/host.rb', line 136

has_many :hosts_tags,
class_name: 'Mdm::HostTag',
dependent: :destroy,
inverse_of: :host

#infoString

Information about this host gathered from the host.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 361

#lootsActiveRecord::Relation<Mdm::Loot>

TODO:

MSP-3065

Loot gathered from the host with newest loot first.

Returns:



146
147
148
149
150
 
# File 'app/models/mdm/host.rb', line 146

has_many :loots,
-> { order('loots.created_at DESC')},
class_name: 'Mdm::Loot',
dependent: :destroy,
inverse_of: :host

#macString

The MAC address of this host.

Returns:

  • (String)

See Also:




# File 'app/models/mdm/host.rb', line 366

#module_detailsActiveRecord::Relation<Mdm::Module::Detail] (readonly)

Details about modules that were used to find vulnerabilities on this host.

Returns:

  • (ActiveRecord::Relation<Mdm::Module::Detail])

    ActiveRecord::Relation<Mdm::Module::Detail]



304
305
306
307
308
 
# File 'app/models/mdm/host.rb', line 304

has_many :module_details,
:class_name => 'Mdm::Module::Detail',
:source =>:detail,
:through => :module_refs,
:uniq => true

#module_refsActiveRecord::Relation<Mdm::Module::Ref> (readonly)

References for modules for references for vulnerabilities.

Returns:



294
 
# File 'app/models/mdm/host.rb', line 294

has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs

#module_runsActiveRecord::Relation<MetasploitDataModels::ModuleRun> (readonly)

Records of Metasploit modules being run on/against this Mdm::Host

Returns:

See Also:



245
246
247
 
# File 'app/models/mdm/host.rb', line 245

has_many :module_runs,
class_name: 'MetasploitDataModels::ModuleRun',
as: :trackable

#nameString

The name of the host. If the host name is not available, then it will just be the IP address.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 372

#note_countInteger

Counter cache for #notes.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 377

#notesActiveRecord::Relation<Mdm::Note>

Notes about the host entered by a user with oldest notes first.

Returns:



156
157
158
159
160
 
# File 'app/models/mdm/host.rb', line 156

has_many :notes,
-> { order('notes.created_at') },
class_name: 'Mdm::Note',
inverse_of: :host,
dependent: :delete_all

#os_flavorString

The flavor of #os_name.

Examples:

Windows XP

host.os_name = 'Windows'
host.os_flavor = 'XP'

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 382

#os_langString

Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 391

#os_nameString

The name of the operating system.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 397

#os_spString

The service pack of the #os_flavor of the #os_name.

Examples:

Windows XP SP2

host.os_name = 'Windows'
host.os_flavor = 'XP'
host.os_sp = 'SP2'

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 402

#purposeString

The purpose of the host on the network, such as 'client' or 'firewall'.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 412

#refsActiveRecord::Relation<Mdm::Ref> (readonly)

External references, such as CVE, to vulnerabilities found on this host.

Returns:

See Also:



284
 
# File 'app/models/mdm/host.rb', line 284

has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs

#scopeString

Interface identifier for link-local IPv6

Returns:

  • (String)

See Also:




# File 'app/models/mdm/host.rb', line 417

#service_countInteger

Counter cache for #services.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 423

#service_notesActiveRecord::Relation<Mdm::Note> (readonly)

Notes about #services running on this host.

Returns:

See Also:



228
229
230
231
 
# File 'app/models/mdm/host.rb', line 228

has_many :service_notes,
class_name: 'Mdm::Note',
source: :notes,
through: :services

#servicesActiveRecord::Relation<Mdm::Service>

The services running on ports on the host with services ordered by port and protocol.

Returns:



167
168
169
170
171
 
# File 'app/models/mdm/host.rb', line 167

has_many :services,
-> { order('services.port, services.proto') },
class_name: 'Mdm::Service',
dependent: :destroy,
inverse_of: :host

#sessionsActiveRecord::Relation<Mdm::Session]

Sessions that are open or previously were open on the host ordered by when the session was opened

Returns:

  • (ActiveRecord::Relation<Mdm::Session])

    ActiveRecord::Relation<Mdm::Session]



178
179
180
181
182
 
# File 'app/models/mdm/host.rb', line 178

has_many :sessions,
-> { order('sessions.opened_at') },
class_name: 'Mdm::Session',
dependent: :destroy,
inverse_of: :host

#stateString

Whether the host is alive, down, or in an unknown state.

Returns:

  • (String)

    element of STATES.




# File 'app/models/mdm/host.rb', line 428

#tagsActiveRecord::Relation<Mdm::Tag> (readonly)

The tags on this host. Tags are used to filter hosts.

Returns:

See Also:



210
 
# File 'app/models/mdm/host.rb', line 210

has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags

#task_hostsActiveRecord::Relation<Mdm::TaskHost>

Details about what Tasks touched this host

Returns:



102
103
104
105
 
# File 'app/models/mdm/host.rb', line 102

has_many :task_hosts,
class_name: 'Mdm::TaskHost',
dependent: :destroy,
inverse_of: :host

#tasksActiveRecord::Relation<Mdm::Task>

Tasks that touched this service

Returns:



258
259
260
 
# File 'app/models/mdm/host.rb', line 258

has_many :tasks,
class_name: 'Mdm::Task',
through: :task_hosts

#updated_atDateTime

The last time this host was updated in the database.

Returns:

  • (DateTime) 



# File 'app/models/mdm/host.rb', line 433

#virtual_hostString

The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

Returns:

  • (String) 



# File 'app/models/mdm/host.rb', line 438

#vuln_countInteger

Counter cache for #vulns.

Returns:

  • (Integer) 



# File 'app/models/mdm/host.rb', line 443

#vuln_refsActiveRecord::Relation<Mdm::VulnRef> (readonly)

TODO:

https://www.pivotaltracker.com/story/show/49004623

Join model between #vulns and #refs. Use either of those asssociations instead of this join model.

Returns:

See Also:



273
 
# File 'app/models/mdm/host.rb', line 273

has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns

#vulnsActiveRecord::Relation<Mdm::Vuln>

Vulnerabilities found on the host.

Returns:



188
189
190
191
 
# File 'app/models/mdm/host.rb', line 188

has_many :vulns,
class_name: 'Mdm::Vuln',
dependent: :delete_all,
inverse_of: :host

#web_sitesActiveRecord::Relation<Mdm::WebSite> (readonly)

Web sites running on top of #services on this host.

Returns:

See Also:



238
 
# File 'app/models/mdm/host.rb', line 238

has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services

#workspaceMdm::Workspace

The workspace in which this host was found.

Returns:



197
198
199
 
# File 'app/models/mdm/host.rb', line 197

belongs_to :workspace,
class_name: 'Mdm::Workspace',
inverse_of: :hosts

Instance Method Details

#attribute_locked?(attr) ⇒ true, false

Returns whether 'host.updated.' note is locked.

Returns:

  • (true)

    if Mdm::Note with 'host.updated.' as Note#name exists and data[:locked] is true.

  • (false)

    otherwise.



559
560
561
562
 
# File 'app/models/mdm/host.rb', line 559

def attribute_locked?(attr)
  n = notes.find_by_ntype("host.updated.#{attr}")
  n && n.data[:locked]
end

#ip_address_invalid?void

This method returns an undefined value.

This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.



568
569
570
571
572
573
574
575
576
577
578
579
580
 
# File 'app/models/mdm/host.rb', line 568

def ip_address_invalid?
  begin
    if address.is_a? IPAddr
      potential_ip = address.dup
    else
      potential_ip = IPAddr.new(address)
    end

    return true unless potential_ip.ipv4? || potential_ip.ipv6?
  rescue ArgumentError
    return true
  end
end

#is_vm?true, false

Returns whether this host is a virtual machine.

Returns:



586
587
588
 
# File 'app/models/mdm/host.rb', line 586

def is_vm?
  !!self.virtual_host
end