Class: Mdm::Workspace

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
app/models/mdm/workspace.rb

Overview

Workspace to separate different collections of #hosts. Can be used to separate pentests against different networks or different clients as reports are normally generated against all records in a workspace.

Constant Summary collapse

DEFAULT =

CONSTANTS

'default'

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#boundaryString

Comma separated list of IP ranges (in various formats) and IP addresses that users of this workspace are allowed to interact with if #limit_to_network is true.

Returns:

  • (String) 



# File 'app/models/mdm/workspace.rb', line 88

#created_atDateTime

When this workspace was created.

Returns:

  • (DateTime) 



# File 'app/models/mdm/workspace.rb', line 110

#descriptionString

Long description (beyond #name) that explains the purpose of this workspace.

Returns:

  • (String) 



# File 'app/models/mdm/workspace.rb', line 94

#limit_to_networkfalse, true

Whether #boundary is respected.

Returns:

  • (false)

    do not limit interactions to #boundary.

  • (true)

    limit interactions to #boundary.




# File 'app/models/mdm/workspace.rb', line 99

#nameString

Name of this workspace.

Returns:

  • (String) 



# File 'app/models/mdm/workspace.rb', line 105

#updated_atDateTime

The last time this workspace was updated.

Returns:

  • (DateTime) 



# File 'app/models/mdm/workspace.rb', line 115

Class Method Details

.defaultMdm::Workspace

Returns default Mdm::Workspace.

Returns:



183
184
185
 
# File 'app/models/mdm/workspace.rb', line 183

def self.default
  where(name: DEFAULT).first_or_create
end

Instance Method Details

#allow_actions_on?(ips) ⇒ true, false

If #limit_to_network is disabled, this will always return true. Otherwise, return true only if all of the given IPs are within the project boundaries.

Parameters:

  • ips (String)

    IP range(s)

Returns:

  • (true)

    if actions on ips are allowed.

  • (false)

    if actions are not allowed on ips.



144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'app/models/mdm/workspace.rb', line 144

def allow_actions_on?(ips)
  return true unless limit_to_network
  return true unless boundary
  return true if boundary.empty?
  boundaries = Shellwords.split(boundary)
  return true if boundaries.empty? # It's okay if there is no boundary range after all
  given_range = Rex::Socket::RangeWalker.new(ips)
  return false unless given_range # Can't do things to nonexistant IPs
  allowed = false
  boundaries.each do |boundary_range|
    ok_range = Rex::Socket::RangeWalker.new(boundary)
    allowed  = true if ok_range.include_range? given_range
  end
  return allowed
end

#boundary_must_be_ip_rangevoid

This method returns an undefined value.

Validates that #boundary is a valid IP address or IP address range.



163
164
165
 
# File 'app/models/mdm/workspace.rb', line 163

def boundary_must_be_ip_range
  errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary)
end

#credsActiveRecord::Relation<Mdm::Cred>

Deprecated.

Use Mdm::Workspace#credential_cores when Metasploit::Credential::Engine is installed to get Metasploit::Credential::Cores. Use Mdm::Service#logins when Metasploit::Credential::Engine is installed to get Metasploit::Credential::Logins.

Returns:



172
173
174
175
176
177
178
 
# File 'app/models/mdm/workspace.rb', line 172

def creds
  Mdm::Cred.find(
    :all,
    :include    => {:service => :host},
    :conditions => ["hosts.workspace_id = ?", self.id]
  )
end

#default?true, false

Whether this is the default workspace.

Returns:

  • (true)

    if this is the default workspace.

  • (false)

    if this is not the default workspace.



191
192
193
 
# File 'app/models/mdm/workspace.rb', line 191

def default?
  name == DEFAULT
end

#each_cred {|cred| ... } ⇒ void

Deprecated.

Use workspace.credential_cores.each when Metasploit::Credential::Engine is installed to enumerate Metasploit::Credential::Cores. Use service.logins.each when Metasploit::Credential::Engine is installed to enumerate Metasploit::Credential::Logins.

This method returns an undefined value.

Enumerates each element of #creds.

Yields:

  • (cred)

Yield Parameters:

  • cred (Mdm::Cred)

    Cred associated with a host or a service in this workspace.

Yield Returns:

  • (void) 


205
206
207
208
209
 
# File 'app/models/mdm/workspace.rb', line 205

def each_cred(&block)
  creds.each do |cred|
    block.call(cred)
  end
end

#each_host_tag {|tag| ... } ⇒ void

This method returns an undefined value.

Enumerates each element of #host_tags.

Yields:

  • (tag)

Yield Parameters:

Yield Returns:

  • (void) 


217
218
219
220
221
 
# File 'app/models/mdm/workspace.rb', line 217

def each_host_tag(&block)
  host_tags.each do |host_tag|
    block.call(host_tag)
  end
end

#host_tagsActiveRecord::Relation<Mdm::Tag>

Tags on #hosts.

Returns:



226
227
228
229
230
231
232
 
# File 'app/models/mdm/workspace.rb', line 226

def host_tags
  Mdm::Tag.find(
    :all,
    :include    => :hosts,
    :conditions => ["hosts.workspace_id = ?", self.id]
  )
end

#unique_web_formsActiveRecord::Relation<Mdm::WebForm>

Web forms on #web_sites.

Returns:



286
287
288
 
# File 'app/models/mdm/workspace.rb', line 286

def unique_web_forms
  web_forms.select('web_forms.id, web_forms.web_site_id, web_forms.path, web_forms.method, web_forms.query')
end

#web_formsActiveRecord::Relation<Mdm::WebForm>

Web forms found on #web_sites.

Returns:



237
238
239
240
241
242
243
244
 
# File 'app/models/mdm/workspace.rb', line 237

def web_forms
  Mdm::WebForm.joins(
    Mdm::WebForm.join_association(:web_site),
    Mdm::WebSite.join_association(:service),
    Mdm::Service.join_association(:host),
    Mdm::Host.join_association(:workspace)
  ).where(Mdm::Workspace[:id].eq(id)).uniq
end

#web_pagesActiveRecord::Relation<Mdm::WebPage>

Web pages found on #web_sites.

Returns:



250
251
252
253
254
255
256
257
 
# File 'app/models/mdm/workspace.rb', line 250

def web_pages
  Mdm::WebPage.joins(
    Mdm::WebPage.join_association(:web_site),
    Mdm::WebSite.join_association(:service),
    Mdm::Service.join_association(:host),
    Mdm::Host.join_association(:workspace)
  ).where(Mdm::Workspace[:id].eq(id)).uniq
end

#web_sitesActiveRecord::Relation<Mdm::WebSite>

Web sites running on #services.

Returns:



262
263
264
265
266
267
268
269
 
# File 'app/models/mdm/workspace.rb', line 262

def web_sites
  Mdm::WebSite.joins(
    Mdm::WebSite.join_association(:service),
    Mdm::Service.join_association(:host),
    Mdm::Host.join_association(:workspace)
  ).where(Mdm::Workspace[:id].eq(id)).uniq
  
end

#web_unique_forms(addrs = nil) ⇒ Array<Mdm::WebForm>

#unique_web_forms hosted on addrs.

Parameters:

  • addrs (Array<IPAddr, String>) (defaults to: nil)

    Host#address for the Service#host for the Mdm::WebSite#service for the Mdm::WebForm#web_site.

Returns:



295
296
297
298
299
300
301
 
# File 'app/models/mdm/workspace.rb', line 295

def web_unique_forms(addrs=nil)
  forms = unique_web_forms
  if addrs
    forms.reject!{|f| not addrs.include?( f.web_site.service.host.address.to_s ) }
  end
  forms
end

#web_vulnsActiveRecord::Relation<Mdm::WebVuln>

Web vulnerability found on #web_sites.

Returns:



274
275
276
277
278
279
280
281
 
# File 'app/models/mdm/workspace.rb', line 274

def web_vulns
  Mdm::WebVuln.joins(
    Mdm::WebVuln.join_association(:web_site),
    Mdm::WebSite.join_association(:service),
    Mdm::Service.join_association(:host),
    Mdm::Host.join_association(:workspace)
  ).where(Mdm::Workspace[:id].eq(id)).uniq
end