Class: Msf::DBManager
- Inherits:
-
Object
- Object
- Msf::DBManager
- Extended by:
- Metasploit::Framework::Require
- Includes:
- Metasploit::Framework::DataService, Adapter, Client, Connection, Cred, DBExport, Event, ExploitAttempt, ExploitedHost, Host, HostDetail, HostTag, IPAddress, Import, Login, Loot, Migration, ModuleCache, Note, Payload, Ref, Report, Route, Service, Session, SessionEvent, Task, User, Vuln, VulnAttempt, VulnDetail, WMAP, Web, Workspace, Framework::Offspring
- Defined in:
- lib/msf/core/db_manager.rb
Overview
The db module provides persistent storage and events. This class should be instantiated LAST as the active_suppport library overrides Kernel.require, slowing down all future code loads.
Defined Under Namespace
Modules: Adapter, Client, Connection, Cred, DBExport, Event, ExploitAttempt, ExploitedHost, Host, HostDetail, HostTag, IPAddress, Import, Login, Loot, Migration, ModuleCache, Note, Payload, Ref, Report, Route, Service, Session, SessionEvent, Task, User, Vuln, VulnAttempt, VulnDetail, WMAP, Web, Workspace
Constant Summary collapse
- DEFAULT_SERVICE_PROTO =
Default proto for making new ‘Mdm::Service`s. This should probably be a const on `Mdm::Service`
"tcp"
Constants included from Workspace
Workspace::DEFAULT_WORKSPACE_NAME
Constants included from User
Constants included from SessionEvent
SessionEvent::DEFAULT_LIMIT, SessionEvent::DEFAULT_OFFSET, SessionEvent::DEFAULT_ORDER
Constants included from Import::Qualys
Import::Qualys::TCP_QID, Import::Qualys::UDP_QID
Constants included from Import::MetasploitFramework::XML
Import::MetasploitFramework::XML::MSF_WEB_PAGE_TEXT_ELEMENT_NAMES, Import::MetasploitFramework::XML::MSF_WEB_TEXT_ELEMENT_NAMES, Import::MetasploitFramework::XML::MSF_WEB_VULN_TEXT_ELEMENT_NAMES
Constants included from Event
Event::DEFAULT_LIMIT, Event::DEFAULT_OFFSET, Event::DEFAULT_ORDER
Constants included from Adapter
Instance Attribute Summary collapse
-
#error ⇒ Object
Stores the error message for why the db was not loaded.
-
#usable ⇒ Object
Returns true if the prerequisites have been installed.
Attributes included from Framework::Offspring
Attributes included from ModuleCache
#modules_cached, #modules_caching
Attributes included from Migration
Attributes included from Adapter
Instance Method Summary collapse
-
#check ⇒ Object
Determines if the database is functional.
- #init_db(opts) ⇒ Object
-
#initialize(framework, opts = {}) ⇒ DBManager
constructor
initialize.
-
#initialize_database_support ⇒ Object
Do what is necessary to load our database support.
- #is_local? ⇒ Boolean
- #name ⇒ Object
Methods included from Metasploit::Framework::Require
optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines
Methods included from Workspace
#add_workspace, #default_workspace, #delete_workspaces, #find_workspace, #update_workspace, #workspace, #workspace=, #workspaces
Methods included from Web
#report_web_form, #report_web_page, #report_web_site, #report_web_vuln
Methods included from WMAP
#create_request, #create_target, #delete_all_targets, #each_distinct_target, #each_request, #each_request_target, #each_request_target_with_body, #each_request_target_with_headers, #each_request_target_with_path, #each_request_target_with_query, #each_target, #get_target, #request_distinct_targets, #request_sql, #requests, #selected_host, #selected_id, #selected_port, #selected_ssl, #selected_wmap_target, #sql_query, #target_requests, #targets
Methods included from VulnDetail
#report_vuln_details, #update_vuln_details
Methods included from VulnAttempt
#report_vuln_attempt, #vuln_attempts
Methods included from Vuln
#delete_vuln, #each_vuln, #find_or_create_vuln, #find_vuln_by_details, #find_vuln_by_refs, #get_vuln, #has_vuln?, #report_vuln, #update_vuln, #vulns
Methods included from User
#authenticate_user, #create_new_user_token, #delete_user, #report_user, #update_user, #users
Methods included from Task
#find_or_create_task, #report_task, #tasks
Methods included from SessionEvent
#report_session_event, #session_events
Methods included from Session
#create_mdm_session_from_host, #create_mdm_session_from_session, #get_session, #infer_vuln_from_session, #infer_vuln_from_session_dto, #remove_stale_sessions, #report_session, #report_session_dto, #report_session_host_dto, #sessions, #update_session
Methods included from Service
#delete_service, #each_service, #find_or_create_service, #report_service, #services, #update_service
Methods included from Route
#report_session_route, #report_session_route_remove
Methods included from Report
#find_or_create_report, #report_artifact, #report_report, #reports
Methods included from Ref
#find_or_create_ref, #get_ref, #has_ref?
Methods included from Payload
#create_payload, #delete_payload, #get_payload, #payloads, #update_payload
Methods included from Note
#delete_note, #each_note, #find_or_create_note, #notes, #report_note, #update_note
Methods included from ModuleCache
#match_values, #module_to_details_hash, #purge_all_module_details, #remove_module_details, #search_modules, #update_all_module_details, #update_module_details
Methods included from Migration
#add_rails_engine_migration_paths, #migrate, #needs_migration?
Methods included from Loot
#delete_loot, #find_or_create_loot, #loots, #report_loot, #update_loot
Methods included from Login
#delete_logins, #logins, #update_login
Methods included from IPAddress
#ipv46_validator, #ipv4_validator, #ipv6_validator, #rfc3330_reserved, #validate_ips
Methods included from Import
#dehex, #emit, #import, #import_file, #import_filetype_detect, #msf_import_timestamps, #report_import_note, #rexmlify, #service_name_map, #validate_import_file
Methods included from Import::Wapiti
#import_wapiti_xml, #import_wapiti_xml_file
Methods included from Import::Spiceworks
Methods included from Import::Retina
#import_retina_xml, #import_retina_xml_file
Methods included from Import::Report
Methods included from Import::Qualys
Methods included from Import::Qualys::Scan
#import_qualys_scan_xml, #import_qualys_scan_xml_file
Methods included from Import::Qualys::Asset
#find_qualys_asset_ports, #find_qualys_asset_vuln_refs, #find_qualys_asset_vulns, #import_qualys_asset_xml
Methods included from Import::Outpost24
#import_outpost24_noko_stream, #import_outpost24_xml
Methods included from Import::OpenVAS
#import_openvas_new_xml, #import_openvas_noko_stream, #import_openvas_xml
Methods included from Import::Nuclei
#import_nuclei_json, #import_nuclei_jsonl
Methods included from Import::Nmap
#import_nmap_noko_stream, #import_nmap_xml, #import_nmap_xml_file, #nmap_msf_service_map
Methods included from Import::Nikto
Methods included from Import::Nexpose::Simple
#import_nexpose_noko_stream, #import_nexpose_simplexml, #import_nexpose_simplexml_file, #process_nexpose_data_sxml_refs
Methods included from Import::Nexpose::Raw
#import_nexpose_raw_noko_stream, #import_nexpose_rawxml, #import_nexpose_rawxml_file, #nexpose_host_from_rawxml, #nexpose_refs_to_struct
Methods included from Import::Netsparker
#import_netsparker_xml, #import_netsparker_xml_file, #netsparker_method_map, #netsparker_params_map, #netsparker_pname_map, #netsparker_vulnerability_map
Methods included from Import::Nessus
Methods included from Import::Nessus::XML
Methods included from Import::Nessus::XML::V2
#handle_nessus_v2, #import_nessus_xml_v2
Methods included from Import::Nessus::XML::V1
Methods included from Import::Nessus::NBE
#import_nessus_nbe, #import_nessus_nbe_file
Methods included from Import::MetasploitFramework
#nils_for_nulls, #unserialize_object
Methods included from Import::MetasploitFramework::Zip
#import_msf_collateral, #import_msf_zip, #is_child_of?, #parse_zip_host, #parse_zip_loot, #parse_zip_report, #parse_zip_task
Methods included from Import::MetasploitFramework::XML
#import_msf_file, #import_msf_note_element, #import_msf_web_form_element, #import_msf_web_page_element, #import_msf_web_vuln_element, #import_msf_xml
Methods included from Import::MetasploitFramework::Credential
#import_msf_cred_dump, #import_msf_cred_dump_zip, #import_msf_pwdump
Methods included from Import::MBSA
#import_mbsa_noko_stream, #import_mbsa_xml
Methods included from Import::Libpcap
#import_libpcap, #import_libpcap_file, #inspect_single_packet, #inspect_single_packet_http
Methods included from Import::IPList
#import_ip_list, #import_ip_list_file
Methods included from Import::IP360::V3
#handle_ip360_v3_svc, #handle_ip360_v3_vuln, #import_ip360_xml_file, #import_ip360_xml_v3
Methods included from Import::IP360::ASPL
Methods included from Import::GPP
Methods included from Import::FusionVM
Methods included from Import::Foundstone
#import_foundstone_noko_stream, #import_foundstone_xml
Methods included from Import::CI
#import_ci_noko_stream, #import_ci_xml
Methods included from Import::BurpSession
#import_burp_session_noko_stream, #import_burp_session_xml
Methods included from Import::BurpIssue
Methods included from Import::Appscan
#import_appscan_noko_stream, #import_appscan_xml
Methods included from Import::Amap
#import_amap_log, #import_amap_log_file, #import_amap_mlog
Methods included from Import::Acunetix
#import_acunetix_noko_stream, #import_acunetix_xml
Methods included from HostTag
Methods included from HostDetail
Methods included from Host
#add_host_tag, #del_host, #delete_host, #delete_host_tag, #each_host, #find_host_by_address_or_id, #find_or_create_host, #get_host, #get_host_tags, #host_state_changed, #hosts, #report_host, #update_host
Methods included from ExploitedHost
#each_exploited_host, #exploited_hosts
Methods included from ExploitAttempt
#report_exploit, #report_exploit_attempt, #report_exploit_failure, #report_exploit_success
Methods included from Event
Methods included from DBExport
Methods included from Cred
#creds, #delete_credentials, #each_cred, #find_or_create_cred, #report_auth_info, #update_credential
Methods included from Connection
#active, #after_establish_connection, #connect, #connection_established?, #create_db, #disconnect
Methods included from Client
#find_or_create_client, #get_client, #report_client
Methods included from Adapter
Methods included from Metasploit::Framework::DataService
Methods included from MsfDataService
Methods included from LootDataService
#find_or_create_loot, #loot, #report_loot, #update_loot
Methods included from ExploitDataService
#report_exploit_attempt, #report_exploit_failure, #report_exploit_success
Methods included from SessionEventDataService
#report_session_event, #session_events
Methods included from SessionDataService
#report_session, #sessions, #update_session
Methods included from ServiceDataService
#delete_service, #find_or_create_service, #report_service, #services, #update_service
Methods included from NoteDataService
#delete_note, #find_or_create_note, #notes, #report_note, #update_note
Methods included from WebDataService
#report_web_form, #report_web_page, #report_web_site, #report_web_vuln
Methods included from WorkspaceDataService
#add_workspace, #default_workspace, #delete_workspaces, #find_workspace, #update_workspace, #workspace, #workspace=, #workspaces
Methods included from VulnDataService
#delete_vuln, #find_or_create_vuln, #report_vuln, #update_vuln, #vulns
Methods included from EventDataService
Methods included from HostDataService
#add_host_tag, #delete_host, #delete_host_tag, #find_or_create_host, #get_host, #get_host_tags, #hosts, #report_host, #report_hosts, #update_host
Constructor Details
#initialize(framework, opts = {}) ⇒ DBManager
initialize
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/msf/core/db_manager.rb', line 124 def initialize(framework, opts = {}) self.framework = framework self.migrated = nil self.modules_cached = false self.modules_caching = false @usable = false # Don't load the database if the user said they didn't need it. if (opts['DisableDatabase']) self.error = "disabled" return end return initialize_database_support end |
Instance Attribute Details
#error ⇒ Object
Stores the error message for why the db was not loaded
115 116 117 |
# File 'lib/msf/core/db_manager.rb', line 115 def error @error end |
#usable ⇒ Object
Returns true if the prerequisites have been installed
118 119 120 |
# File 'lib/msf/core/db_manager.rb', line 118 def usable @usable end |
Instance Method Details
#check ⇒ Object
Determines if the database is functional
148 149 150 151 152 |
# File 'lib/msf/core/db_manager.rb', line 148 def check ::ApplicationRecord.connection_pool.with_connection { res = ::Mdm::Host.first } end |
#init_db(opts) ⇒ Object
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 |
# File 'lib/msf/core/db_manager.rb', line 177 def init_db(opts) init_success = false # Append any migration paths necessary to bring the database online if opts['DatabaseMigrationPaths'] opts['DatabaseMigrationPaths'].each do |migrations_path| ActiveRecord::Migrator.migrations_paths << migrations_path end end configuration_pathname = Metasploit::Framework::Database.configurations_pathname(path: opts['DatabaseYAML']) if configuration_pathname.nil? self.error = "No database YAML file" else if configuration_pathname.readable? # parse specified database YAML file, using the same pattern as Rails https://github.com/rails/rails/pull/42249 dbinfo = begin YAML.load_file(configuration_pathname, aliases: true) || {} rescue ArgumentError YAML.load_file(configuration_pathname) || {} end dbenv = opts['DatabaseEnv'] || Rails.env db_opts = dbinfo[dbenv] else elog("Warning, #{configuration_pathname} is not readable. Try running as root or chmod.") end if db_opts init_success = connect(db_opts) else elog("No database definition for environment #{dbenv}") end end # framework.db.active will be true if after_establish_connection ran directly when connection_established? was # already true or if framework.db.connect called after_establish_connection. if !! error if error.to_s =~ /RubyGem version.*pg.*0\.11/i err_msg = <<~ERROR *** * * Metasploit now requires version 0.11 or higher of the 'pg' gem for database support * There are three ways to accomplish this upgrade: * 1. If you run Metasploit with your system ruby, simply upgrade the gem: * $ rvmsudo gem install pg * 2. Use the Community Edition web interface to apply a Software Update * 3. Uninstall, download the latest version, and reinstall Metasploit * *** ERROR elog(err_msg) end # +error+ is not an instance of +Exception+, it is, in fact, a +String+ elog("Failed to connect to the database: #{error}") end return init_success end |
#initialize_database_support ⇒ Object
Do what is necessary to load our database support
157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 |
# File 'lib/msf/core/db_manager.rb', line 157 def initialize_database_support begin add_rails_engine_migration_paths @usable = true rescue ::Exception => e self.error = e elog('DB is not enabled due to load error', error: e) return false end # # Determine what drivers are available # initialize_adapter true end |
#is_local? ⇒ Boolean
106 107 108 |
# File 'lib/msf/core/db_manager.rb', line 106 def is_local? true end |
#name ⇒ Object
102 103 104 |
# File 'lib/msf/core/db_manager.rb', line 102 def name 'local_db_service' end |