Class: Mdm::Workspace

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Mdm::Workspace

Defined in:

app/models/mdm/workspace.rb

Overview

Workspace to separate different collections of #hosts. Can be used to separate pentests against different networks or different clients as reports are normally generated against all records in a workspace.

Constant Summary

DEFAULT =

CONSTANTS

'default'

Instance Attribute Summary

• #boundary ⇒ String

  Comma separated list of IP ranges (in various formats) and IP addresses that users of this workspace are allowed to interact with if #limit_to_network is true.

• #created_at ⇒ DateTime

  When this workspace was created.

• #description ⇒ String

  Long description (beyond #name) that explains the purpose of this workspace.

• #limit_to_network ⇒ false, true

  Whether #boundary is respected.

• #name ⇒ String

  Name of this workspace.

• #updated_at ⇒ DateTime

  The last time this workspace was updated.

Class Method Summary

• .default ⇒ Mdm::Workspace

  Returns default Workspace.

Instance Method Summary

• #allow_actions_on?(ips) ⇒ true, false

  If #limit_to_network is disabled, this will always return true.

• #boundary_must_be_ip_range ⇒ void

  Validates that #boundary is a valid IP address or IP address range.

• #creds ⇒ ActiveRecord::Relation<Mdm::Cred> deprecated Deprecated.

  Use Mdm::Workspace#credential_cores when Metasploit::Credential::Engine is installed to get Metasploit::Credential::Cores. Use Mdm::Service#logins when Metasploit::Credential::Engine is installed to get Metasploit::Credential::Logins.

• #default? ⇒ true, false

  Whether this is the Workspace.default workspace.

• #each_cred {|cred| ... } ⇒ void deprecated Deprecated.

  Use workspace.credential_cores.each when Metasploit::Credential::Engine is installed to enumerate Metasploit::Credential::Cores. Use service.logins.each when Metasploit::Credential::Engine is installed to enumerate Metasploit::Credential::Logins.

• #each_host_tag {|tag| ... } ⇒ void

  Enumerates each element of #host_tags.

• #host_tags ⇒ ActiveRecord::Relation<Mdm::Tag>

  Tags on #hosts.

• #unique_web_forms ⇒ ActiveRecord::Relation<Mdm::WebForm>

  Web forms on #web_sites.

• #web_forms ⇒ ActiveRecord::Relation<Mdm::WebForm>

  Web forms found on #web_sites.

• #web_pages ⇒ ActiveRecord::Relation<Mdm::WebPage>

  Web pages found on #web_sites.

• #web_sites ⇒ ActiveRecord::Relation<Mdm::WebSite>

  Web sites running on #services.

• #web_unique_forms(addrs = nil) ⇒ Array<Mdm::WebForm>

  #unique_web_forms hosted on addrs.

• #web_vulns ⇒ ActiveRecord::Relation<Mdm::WebVuln>

  Web vulnerability found on #web_sites.

Instance Attribute Details

#boundary ⇒ String

Comma separated list of IP ranges (in various formats) and IP addresses that users of this workspace are allowed to interact with if #limit_to_network is true.

Returns:

• (String)

# File 'app/models/mdm/workspace.rb', line 88

#created_at ⇒ DateTime

When this workspace was created.

Returns:

• (DateTime)

# File 'app/models/mdm/workspace.rb', line 110

#description ⇒ String

Long description (beyond #name) that explains the purpose of this workspace.

Returns:

• (String)

# File 'app/models/mdm/workspace.rb', line 94

#limit_to_network ⇒ false, true

Whether #boundary is respected.

Returns:

• (false) —

  do not limit interactions to #boundary.

• (true) —

  limit interactions to #boundary.

# File 'app/models/mdm/workspace.rb', line 99

#name ⇒ String

Name of this workspace.

Returns:

• (String)

# File 'app/models/mdm/workspace.rb', line 105

#updated_at ⇒ DateTime

The last time this workspace was updated.

Returns:

• (DateTime)

# File 'app/models/mdm/workspace.rb', line 115

Class Method Details

.default ⇒ Mdm::Workspace

Returns default Mdm::Workspace.

Returns:

• (Mdm::Workspace)

# File 'app/models/mdm/workspace.rb', line 183

def self.default
  where(name: DEFAULT).first_or_create
end

Instance Method Details

#allow_actions_on?(ips) ⇒ true, false

If #limit_to_network is disabled, this will always return true. Otherwise, return true only if all of the given IPs are within the project boundaries.

Parameters:

• ips (String) —

  IP range(s)

Returns:

• (true) —

  if actions on ips are allowed.

• (false) —

  if actions are not allowed on ips.

# File 'app/models/mdm/workspace.rb', line 144

def allow_actions_on?(ips)
  return true unless limit_to_network
  return true unless boundary
  return true if boundary.empty?
  boundaries = Shellwords.split(boundary)
  return true if boundaries.empty? # It's okay if there is no boundary range after all
  given_range = Rex::Socket::RangeWalker.new(ips)
  return false unless given_range # Can't do things to nonexistant IPs
  allowed = false
  boundaries.each do |boundary_range|
    ok_range = Rex::Socket::RangeWalker.new(boundary)
    allowed  = true if ok_range.include_range? given_range
  end
  return allowed
end

#boundary_must_be_ip_range ⇒ void

This method returns an undefined value.

Validates that #boundary is a valid IP address or IP address range.

# File 'app/models/mdm/workspace.rb', line 163

def boundary_must_be_ip_range
  errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary)
end

#creds ⇒ ActiveRecord::Relation<Mdm::Cred>

Deprecated.

Use Mdm::Workspace#credential_cores when Metasploit::Credential::Engine is installed to get Metasploit::Credential::Cores. Use Mdm::Service#logins when Metasploit::Credential::Engine is installed to get Metasploit::Credential::Logins.

Returns:

• (ActiveRecord::Relation<Mdm::Cred>)

# File 'app/models/mdm/workspace.rb', line 172

def creds
  Mdm::Cred.find(
    :all,
    :include    => {:service => :host},
    :conditions => ["hosts.workspace_id = ?", self.id]
  )
end

#default? ⇒ true, false

Whether this is the default workspace.

Returns:

• (true) —

  if this is the default workspace.

• (false) —

  if this is not the default workspace.

# File 'app/models/mdm/workspace.rb', line 191

def default?
  name == DEFAULT
end

#each_cred {|cred| ... } ⇒ void

Deprecated.

Use workspace.credential_cores.each when Metasploit::Credential::Engine is installed to enumerate Metasploit::Credential::Cores. Use service.logins.each when Metasploit::Credential::Engine is installed to enumerate Metasploit::Credential::Logins.

This method returns an undefined value.

Enumerates each element of #creds.

Yields:

• (cred)

Yield Parameters:

• cred (Mdm::Cred) —

  Cred associated with a host or a service in this workspace.

Yield Returns:

• (void)

# File 'app/models/mdm/workspace.rb', line 205

def each_cred(&block)
  creds.each do |cred|
    block.call(cred)
  end
end

#each_host_tag {|tag| ... } ⇒ void

This method returns an undefined value.

Enumerates each element of #host_tags.

Yields:

• (tag)

Yield Parameters:

• tag (Mdm::Tag) —

  a tag on #hosts.

Yield Returns:

• (void)

# File 'app/models/mdm/workspace.rb', line 217

def each_host_tag(&block)
  host_tags.each do |host_tag|
    block.call(host_tag)
  end
end

#host_tags ⇒ ActiveRecord::Relation<Mdm::Tag>

Tags on #hosts.

Returns:

• (ActiveRecord::Relation<Mdm::Tag>)

# File 'app/models/mdm/workspace.rb', line 226

def host_tags
  Mdm::Tag.find(
    :all,
    :include    => :hosts,
    :conditions => ["hosts.workspace_id = ?", self.id]
  )
end

#unique_web_forms ⇒ ActiveRecord::Relation<Mdm::WebForm>

Web forms on #web_sites.

Returns:

• (ActiveRecord::Relation<Mdm::WebForm>)

# File 'app/models/mdm/workspace.rb', line 297

def unique_web_forms
  query = "        SELECT DISTINCT web_forms.web_site_id, web_forms.path, web_forms.method, web_forms.query\n          FROM hosts, services, web_sites, web_forms\n          WHERE hosts.workspace_id = \#{id} AND\n          services.host_id = hosts.id AND\n          web_sites.service_id = services.id AND\n          web_forms.web_site_id = web_sites.id\n  EOQ\n  Mdm::WebForm.find_by_sql(query)\nend\n"

#web_forms ⇒ ActiveRecord::Relation<Mdm::WebForm>

Web forms found on #web_sites.

Returns:

• (ActiveRecord::Relation<Mdm::WebForm>)

# File 'app/models/mdm/workspace.rb', line 237

def web_forms
  query = "        SELECT DISTINCT web_forms.*\n        FROM hosts, services, web_sites, web_forms\n        WHERE hosts.workspace_id = \#{id} AND\n          services.host_id = hosts.id AND\n          web_sites.service_id = services.id AND\n          web_forms.web_site_id = web_sites.id\n  EOQ\n  Mdm::WebForm.find_by_sql(query)\nend\n"

#web_pages ⇒ ActiveRecord::Relation<Mdm::WebPage>

Web pages found on #web_sites.

Returns:

• (ActiveRecord::Relation<Mdm::WebPage>)

# File 'app/models/mdm/workspace.rb', line 253

def web_pages
  query = "        SELECT DISTINCT web_pages.*\n          FROM hosts, services, web_sites, web_pages\n          WHERE hosts.workspace_id = \#{id} AND\n          services.host_id = hosts.id AND\n          web_sites.service_id = services.id AND\n          web_pages.web_site_id = web_sites.id\n  EOQ\n  Mdm::WebPage.find_by_sql(query)\nend\n"

#web_sites ⇒ ActiveRecord::Relation<Mdm::WebSite>

Web sites running on #services.

Returns:

• (ActiveRecord::Relation<Mdm::WebSite>)

# File 'app/models/mdm/workspace.rb', line 268

def web_sites
  query = "        SELECT DISTINCT web_sites.*\n          FROM hosts, services, web_sites\n          WHERE hosts.workspace_id = \#{id} AND\n          services.host_id = hosts.id AND\n          web_sites.service_id = services.id\n  EOQ\n  Mdm::WebSite.find_by_sql(query)\nend\n"

#web_unique_forms(addrs = nil) ⇒ Array<Mdm::WebForm>

#unique_web_forms hosted on addrs.

Parameters:

• addrs (Array<IPAddr, String>) (defaults to: nil) —

  Host#address for the Service#host for the Mdm::WebSite#service for the Mdm::WebForm#web_site.

Returns:

• (Array<Mdm::WebForm>)

# File 'app/models/mdm/workspace.rb', line 314

def web_unique_forms(addrs=nil)
  forms = unique_web_forms
  if addrs
    forms.reject!{|f| not addrs.include?( f.web_site.service.host.address.to_s ) }
  end
  forms
end

#web_vulns ⇒ ActiveRecord::Relation<Mdm::WebVuln>

Web vulnerability found on #web_sites.

Returns:

• (ActiveRecord::Relation<Mdm::WebVuln>)

# File 'app/models/mdm/workspace.rb', line 282

def web_vulns
  query = "        SELECT DISTINCT web_vulns.*\n        FROM hosts, services, web_sites, web_vulns\n          WHERE hosts.workspace_id = \#{id} AND\n          services.host_id = hosts.id AND\n          web_sites.service_id = services.id AND\n          web_vulns.web_site_id = web_sites.id\n  EOQ\n  Mdm::WebVuln.find_by_sql(query)\nend\n"