From f7b69e2fe797afefb5f6e8a4789c352976b52ffe Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Wed, 29 May 2024 11:25:31 +0100 Subject: [PATCH 1/2] Fix service 'updated at' time not being updated correctly --- lib/msf/core/db_manager/cred.rb | 2 +- lib/msf/core/db_manager/host.rb | 2 +- lib/msf/core/db_manager/import.rb | 83 ++++++++++++++++--- lib/msf/core/db_manager/import/gpp.rb | 2 +- lib/msf/core/db_manager/import/ip360/v3.rb | 12 +-- lib/msf/core/db_manager/import/libpcap.rb | 14 ++-- .../import/metasploit_framework/xml.rb | 10 +-- .../import/metasploit_framework/zip.rb | 2 +- lib/msf/core/db_manager/import/nessus.rb | 4 +- lib/msf/core/db_manager/import/nessus/nbe.rb | 4 +- .../core/db_manager/import/nessus/xml/v1.rb | 4 +- .../core/db_manager/import/nessus/xml/v2.rb | 8 +- lib/msf/core/db_manager/import/netsparker.rb | 4 +- lib/msf/core/db_manager/import/nexpose/raw.rb | 10 +-- .../core/db_manager/import/nexpose/simple.rb | 10 +-- lib/msf/core/db_manager/import/nikto.rb | 4 +- lib/msf/core/db_manager/import/nmap.rb | 16 ++-- lib/msf/core/db_manager/import/nuclei.rb | 8 +- lib/msf/core/db_manager/import/qualys.rb | 4 +- .../core/db_manager/import/qualys/asset.rb | 4 +- lib/msf/core/db_manager/import/qualys/scan.rb | 4 +- lib/msf/core/db_manager/import/report.rb | 2 +- lib/msf/core/db_manager/import/retina.rb | 6 +- lib/msf/core/db_manager/import/spiceworks.rb | 4 +- lib/msf/core/db_manager/loot.rb | 2 +- lib/msf/core/db_manager/note.rb | 2 +- lib/msf/core/db_manager/service.rb | 9 -- lib/msf/core/db_manager/task.rb | 2 +- lib/msf/core/db_manager/user.rb | 2 +- lib/msf/core/db_manager/vuln.rb | 2 +- lib/msf/core/db_manager/web.rb | 8 +- .../shared/examples/msf/db_manager/import.rb | 3 +- 32 files changed, 153 insertions(+), 100 deletions(-) diff --git a/lib/msf/core/db_manager/cred.rb b/lib/msf/core/db_manager/cred.rb index a9d1b2ff0a49..8796c8df2ddb 100644 --- a/lib/msf/core/db_manager/cred.rb +++ b/lib/msf/core/db_manager/cred.rb @@ -211,7 +211,7 @@ def report_auth_info(opts={}) # Update the timestamp if cred.changed? - msf_import_timestamps(opts,cred) + msf_assign_timestamps(opts, cred) cred.save! end diff --git a/lib/msf/core/db_manager/host.rb b/lib/msf/core/db_manager/host.rb index c83bd6d5c20b..3a3a5a30f8d0 100644 --- a/lib/msf/core/db_manager/host.rb +++ b/lib/msf/core/db_manager/host.rb @@ -274,7 +274,7 @@ def report_host(opts) host_state_changed(host, ostate) if host.state != ostate if host.changed? - msf_import_timestamps(opts, host) + msf_assign_timestamps(opts, host) host.save! end rescue ActiveRecord::RecordNotUnique, ActiveRecord::RecordInvalid diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb index ee34667d4fbd..9c5ee84f00c3 100644 --- a/lib/msf/core/db_manager/import.rb +++ b/lib/msf/core/db_manager/import.rb @@ -480,23 +480,84 @@ def import_filetype_detect(data) raise Msf::DBImportError.new("Could not automatically determine file type") end - # Handles timestamps from Metasploit Express/Pro imports. - def msf_import_timestamps(opts,obj) + def msf_import_service(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_service(normalised_import_timestamp_opts) + end + + def msf_import_vuln(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_vuln(normalised_import_timestamp_opts) + end + + def msf_import_note(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_note(normalised_import_timestamp_opts) + end + + def msf_import_host(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_host(normalised_import_timestamp_opts) + end + + def msf_import_task(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_task(normalised_import_timestamp_opts) + end + + def msf_import_user(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_user(normalised_import_timestamp_opts) + end + + def msf_import_loot(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_loot(normalised_import_timestamp_opts) + end + + def msf_import_web_site(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_web_site(normalised_import_timestamp_opts) + end + + def msf_import_web_page(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_web_page(normalised_import_timestamp_opts) + end + + def msf_import_web_vuln(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_web_vuln(normalised_import_timestamp_opts) + end + + def msf_import_artifact(opts) + normalised_import_timestamp_opts = normalise_import_timestamps(opts) + report_artifact(normalised_import_timestamp_opts) + end + + # Assigns created_at and updated_at time stamps to an object. + def msf_assign_timestamps(opts,obj) obj.created_at = opts["created_at"] if opts["created_at"] obj.created_at = opts[:created_at] if opts[:created_at] - obj.updated_at = opts["updated_at"] ? opts["updated_at"] : obj.created_at - obj.updated_at = opts[:updated_at] ? opts[:updated_at] : obj.created_at - return obj + obj.updated_at = opts["updated_at"] if opts["updated_at"] + obj.updated_at = opts[:updated_at] if opts[:updated_at] + end + + # Handles timestamps from Metasploit Express/Pro imports. + def normalise_import_timestamps(opts) + opts[:created_at] ||= (opts["created_at"] || ::Time.now.utc) + opts[:updated_at] ||= (opts["updated_at"] || opts[:created_at]) + opts end def report_import_note(wspace,addr) if @import_filedata.kind_of?(Hash) && @import_filedata[:filename] && @import_filedata[:filename] !~ /msfe-nmap[0-9]{8}/ - report_note( - :workspace => wspace, - :host => addr, - :type => 'host.imported', - :data => @import_filedata.merge(:time=> Time.now.utc) - ) + msf_import_note( + :workspace => wspace, + :host => addr, + :type => 'host.imported', + :data => @import_filedata.merge(:time=> Time.now.utc) + ) end end diff --git a/lib/msf/core/db_manager/import/gpp.rb b/lib/msf/core/db_manager/import/gpp.rb index a7cbdfe9fb4b..9be23b6ac135 100644 --- a/lib/msf/core/db_manager/import/gpp.rb +++ b/lib/msf/core/db_manager/import/gpp.rb @@ -27,7 +27,7 @@ def import_gpp_xml(args = {}, &block) end # Store entire file as loot, including metadata - report_loot( + msf_import_loot( workspace: wspace, path: args[:filename], name: File.basename(args[:filename]), diff --git a/lib/msf/core/db_manager/import/ip360/v3.rb b/lib/msf/core/db_manager/import/ip360/v3.rb index 51a0124f8c56..57317d5dd307 100644 --- a/lib/msf/core/db_manager/import/ip360/v3.rb +++ b/lib/msf/core/db_manager/import/ip360/v3.rb @@ -83,11 +83,11 @@ def import_ip360_xml_v3(args={}, &block) host_hash[:name] = hname.to_s.strip if hname host_hash[:mac] = mac.to_s.strip.upcase if mac - hobj = report_host(host_hash) + hobj = msf_import_host(host_hash) yield(:os, os) if block if os - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => hobj, @@ -131,7 +131,7 @@ def import_ip360_xml_v3(args={}, &block) # IP360 v3 svc def handle_ip360_v3_svc(wspace,hobj,port,proto,hname,task=nil) addr = hobj.address - report_host(:workspace => wspace, :host => hobj, :state => Msf::HostState::Alive, :task => task) + msf_import_host(:workspace => wspace, :host => hobj, :state => Msf::HostState::Alive, :task => task) info = { :workspace => wspace, :host => hobj, :port => port, :proto => proto, :task => task } if hname != "unknown" and hname[-1,1] != "?" @@ -139,7 +139,7 @@ def handle_ip360_v3_svc(wspace,hobj,port,proto,hname,task=nil) end if port.to_i != 0 - report_service(info) + msf_import_service(info) end end @@ -153,7 +153,7 @@ def handle_ip360_v3_vuln(wspace,hobj,port,proto,hname,vulnid,vulnname,cves,bids, end if port.to_i != 0 - report_service(info) + msf_import_service(info) end refs = [] @@ -181,6 +181,6 @@ def handle_ip360_v3_vuln(wspace,hobj,port,proto,hname,vulnid,vulnname,cves,bids, vuln[:proto] = proto end - report_vuln(vuln) + msf_import_vuln(vuln) end end diff --git a/lib/msf/core/db_manager/import/libpcap.rb b/lib/msf/core/db_manager/import/libpcap.rb index a4d91c7806a2..99bc63028ce7 100644 --- a/lib/msf/core/db_manager/import/libpcap.rb +++ b/lib/msf/core/db_manager/import/libpcap.rb @@ -35,7 +35,7 @@ def import_libpcap(args={}, &block) unless( bl.include?(saddr) || rfc3330_reserved(saddr)) yield(:address,saddr) if block and !seen_hosts.keys.include?(saddr) unless seen_hosts[saddr] - report_host( + msf_import_host( :workspace => wspace, :host => saddr, :state => Msf::HostState::Alive, @@ -48,7 +48,7 @@ def import_libpcap(args={}, &block) unless( bl.include?(daddr) || rfc3330_reserved(daddr)) yield(:address,daddr) if block and !seen_hosts.keys.include?(daddr) unless seen_hosts[daddr] - report_host( + msf_import_host( :workspace => wspace, :host => daddr, :state => Msf::HostState::Alive, @@ -63,7 +63,7 @@ def import_libpcap(args={}, &block) pkt.tcp_src < 1024 # If it's a low port, assume it's a proper service. if seen_hosts[saddr] unless seen_hosts[saddr].include? [pkt.tcp_src,"tcp"] - report_service( + msf_import_service( :workspace => wspace, :host => saddr, :proto => "tcp", :port => pkt.tcp_src, :state => Msf::ServiceState::Open, @@ -79,7 +79,7 @@ def import_libpcap(args={}, &block) [saddr,daddr].each do |xaddr| if seen_hosts[xaddr] unless seen_hosts[xaddr].include? [pkt.udp_src,"udp"] - report_service( + msf_import_service( :workspace => wspace, :host => xaddr, :proto => "udp", :port => pkt.udp_src, :state => Msf::ServiceState::Open, @@ -93,7 +93,7 @@ def import_libpcap(args={}, &block) elsif pkt.udp_src < 1024 # Probably a service if seen_hosts[saddr] unless seen_hosts[saddr].include? [pkt.udp_src,"udp"] - report_service( + msf_import_service( :workspace => wspace, :host => saddr, :proto => "udp", :port => pkt.udp_src, :state => Msf::ServiceState::Open, @@ -142,7 +142,7 @@ def inspect_single_packet_http(pkt,wspace,args) if pkt.payload =~ /^HTTP\x2f1\x2e[01]/n http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/n) if http_server_match.kind_of?(MatchData) and http_server_match[1] - report_service( + msf_import_service( :workspace => wspace, :host => pkt.ip_saddr, :port => pkt.tcp_src, @@ -172,7 +172,7 @@ def inspect_single_packet_http(pkt,wspace,args) # this point, we'll just believe everything the packet says -- validation ought # to come later. user,pass = b64_cred.unpack("m*").first.split(/:/,2) - report_service( + msf_import_service( :workspace => wspace, :host => pkt.ip_daddr, :port => pkt.tcp_dst, diff --git a/lib/msf/core/db_manager/import/metasploit_framework/xml.rb b/lib/msf/core/db_manager/import/metasploit_framework/xml.rb index 862f46791ada..53c2a497697b 100644 --- a/lib/msf/core/db_manager/import/metasploit_framework/xml.rb +++ b/lib/msf/core/db_manager/import/metasploit_framework/xml.rb @@ -85,7 +85,7 @@ def import_msf_note_element(note, allow_yaml, note_data={}) note_data[datum.gsub("-","_")] = nils_for_nulls(note.at(datum).text.to_s.strip) end } - report_note(note_data) + msf_import_note(note_data) end # Imports web_form element using Msf::DBManager#report_web_form. @@ -294,7 +294,7 @@ def parse_web_site(web, wspace, allow_yaml, &block) end } - report_web_site(info) + msf_import_web_site(info) yield(:web_site, "#{info[:host]}:#{info[:port]} (#{info[:vhost]})") if block end @@ -331,7 +331,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block) end } host_address = host_data[:host].dup # Preserve after report_host() deletes - hobj = report_host(host_data) + hobj = msf_import_host(host_data) host.xpath("host_details/host_detail").each do |hdet| hdet_data = {} @@ -371,7 +371,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block) end end } - report_service(service_data) + msf_import_service(service_data) end host.xpath('notes/note').each do |note| @@ -417,7 +417,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block) end end - vobj = report_vuln(vuln_data) + vobj = msf_import_vuln(vuln_data) vuln.xpath("notes/note").each do |note| note_data = {} diff --git a/lib/msf/core/db_manager/import/metasploit_framework/zip.rb b/lib/msf/core/db_manager/import/metasploit_framework/zip.rb index 9ba2ddcc6eb4..6d374f77e985 100644 --- a/lib/msf/core/db_manager/import/metasploit_framework/zip.rb +++ b/lib/msf/core/db_manager/import/metasploit_framework/zip.rb @@ -144,7 +144,7 @@ def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info, if ::File.exist?(new_task) ::File.unlink new_task # Delete it, and don't report it. else - report_task(task_info) # It's new, so report it. + msf_import_task(task_info) # It's new, so report it. end ::FileUtils.copy(task_info[:orig_path], new_task) yield(:msf_task, new_task) if block diff --git a/lib/msf/core/db_manager/import/nessus.rb b/lib/msf/core/db_manager/import/nessus.rb index cbfeeb7e4a7d..6d1044b1faa5 100644 --- a/lib/msf/core/db_manager/import/nessus.rb +++ b/lib/msf/core/db_manager/import/nessus.rb @@ -30,7 +30,7 @@ def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil if name and name != "unknown" and name[-1,1] != "?" info[:name] = name end - report_service(info) + msf_import_service(info) if nasl.nil? || nasl.empty? || nasl == 0 || nasl == "0" return @@ -78,6 +78,6 @@ def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil :refs => refs, :task => task, } - report_vuln(vuln_info) + msf_import_vuln(vuln_info) end end \ No newline at end of file diff --git a/lib/msf/core/db_manager/import/nessus/nbe.rb b/lib/msf/core/db_manager/import/nessus/nbe.rb index d9b6ad6d0afc..5744137ffde1 100644 --- a/lib/msf/core/db_manager/import/nessus/nbe.rb +++ b/lib/msf/core/db_manager/import/nessus/nbe.rb @@ -45,7 +45,7 @@ def import_nessus_nbe(args={}, &block) yield(:address,addr) if block end - hobj_map[ addr ] ||= report_host(:host => addr, :workspace => wspace, :task => args[:task]) + hobj_map[ addr ] ||= msf_import_host(:host => addr, :workspace => wspace, :task => args[:task]) # Match the NBE types with the XML severity ratings case type @@ -61,7 +61,7 @@ def import_nessus_nbe(args={}, &block) end if nasl == "11936" os = data.match(/The remote host is running (.*)\\n/)[1] - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => hobj_map[ addr ], diff --git a/lib/msf/core/db_manager/import/nessus/xml/v1.rb b/lib/msf/core/db_manager/import/nessus/xml/v1.rb index aef2ace94868..c1e90a1a69e5 100644 --- a/lib/msf/core/db_manager/import/nessus/xml/v1.rb +++ b/lib/msf/core/db_manager/import/nessus/xml/v1.rb @@ -34,13 +34,13 @@ def import_nessus_xml(args={}, &block) # Record the hostname hinfo.merge!(:name => hname.to_s.strip) if hname - hobj = report_host(hinfo) + hobj = msf_import_host(hinfo) report_import_note(wspace,hobj) # Record the OS os ||= host.elements["os_name"] if os - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => hobj, diff --git a/lib/msf/core/db_manager/import/nessus/xml/v2.rb b/lib/msf/core/db_manager/import/nessus/xml/v2.rb index f3f7812ad1cd..8c33939c6b13 100644 --- a/lib/msf/core/db_manager/import/nessus/xml/v2.rb +++ b/lib/msf/core/db_manager/import/nessus/xml/v2.rb @@ -50,13 +50,13 @@ def import_nessus_xml_v2(args={}, &block) # We can't use them anyway, so take just the first. host_info[:mac] = mac.to_s.strip.upcase.split(/\s+/).first if mac - hobj = report_host(host_info) + hobj = msf_import_host(host_info) report_import_note(wspace,hobj) os = host['os'] yield(:os,os) if block if os - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => hobj, @@ -110,7 +110,7 @@ def handle_nessus_v2(wspace,hobj,port,proto,name,nasl,nasl_name,severity,descrip end if port.to_i != 0 - report_service(info) + msf_import_service(info) end if nasl.nil? || nasl.empty? || nasl == 0 || nasl == "0" @@ -159,6 +159,6 @@ def handle_nessus_v2(wspace,hobj,port,proto,name,nasl,nasl_name,severity,descrip vuln[:proto] = proto end - report_vuln(vuln) + msf_import_vuln(vuln) end end diff --git a/lib/msf/core/db_manager/import/netsparker.rb b/lib/msf/core/db_manager/import/netsparker.rb index 8f8860c62fbe..9c21361c6e35 100644 --- a/lib/msf/core/db_manager/import/netsparker.rb +++ b/lib/msf/core/db_manager/import/netsparker.rb @@ -92,7 +92,7 @@ def import_netsparker_xml(args={}, &block) end # Report the web page to the database - report_web_page(info) + msf_import_web_page(info) yield(:web_page, url) if block end @@ -145,7 +145,7 @@ def import_netsparker_xml(args={}, &block) next if vuln['type'].to_s.empty? - report_web_vuln(info) + msf_import_web_vuln(info) yield(:web_vuln, url) if block end diff --git a/lib/msf/core/db_manager/import/nexpose/raw.rb b/lib/msf/core/db_manager/import/nexpose/raw.rb index 2567189b7a29..49a6ce957c77 100644 --- a/lib/msf/core/db_manager/import/nexpose/raw.rb +++ b/lib/msf/core/db_manager/import/nexpose/raw.rb @@ -106,7 +106,7 @@ def nexpose_host_from_rawxml(h, vstructs, wspace,task=nil) end if (data[:state] != Msf::HostState::Dead) - hobj = report_host(data) + hobj = msf_import_host(data) report_import_note(wspace, hobj) end @@ -124,7 +124,7 @@ def nexpose_host_from_rawxml(h, vstructs, wspace,task=nil) next if note[:data][v].include? k note[:data][v] << k end - report_note(note) + msf_import_note(note) end if h["os_family"] @@ -143,7 +143,7 @@ def nexpose_host_from_rawxml(h, vstructs, wspace,task=nil) note[:data][:version] = h["os_version"] if h["os_version"] note[:data][:arch] = h["arch"] if h["arch"] - report_note(note) + msf_import_note(note) end h["endpoints"].each { |p| @@ -168,7 +168,7 @@ def nexpose_host_from_rawxml(h, vstructs, wspace,task=nil) if p["name"] != "" data[:name] = p["name"] end - report_service(data) + msf_import_service(data) } h["vulns"].each_pair { |k,v| @@ -185,7 +185,7 @@ def nexpose_host_from_rawxml(h, vstructs, wspace,task=nil) data[:info] = vstruct.title data[:refs] = vstruct.refs data[:task] = task - report_vuln(data) + msf_import_vuln(data) } end diff --git a/lib/msf/core/db_manager/import/nexpose/simple.rb b/lib/msf/core/db_manager/import/nexpose/simple.rb index b76fc6891570..64163d0777da 100644 --- a/lib/msf/core/db_manager/import/nexpose/simple.rb +++ b/lib/msf/core/db_manager/import/nexpose/simple.rb @@ -65,10 +65,10 @@ def import_nexpose_simplexml(args={}, &block) :task => args[:task] } - host = report_host(conf) + host = msf_import_host(conf) report_import_note(wspace, host) - report_note( + msf_import_note( :workspace => wspace, :host => host, :type => 'host.os.nexpose_fingerprint', @@ -106,7 +106,7 @@ def import_nexpose_simplexml(args={}, &block) end if(sname.downcase != '') - report_service( + msf_import_service( :workspace => wspace, :host => host, :proto => sprot, @@ -116,7 +116,7 @@ def import_nexpose_simplexml(args={}, &block) :task => args[:task] ) else - report_service( + msf_import_service( :workspace => wspace, :host => host, :proto => sprot, @@ -131,7 +131,7 @@ def import_nexpose_simplexml(args={}, &block) vid = vuln.attributes['id'].to_s.downcase refs = process_nexpose_data_sxml_refs(vuln) next if not refs - report_vuln( + msf_import_vuln( :workspace => wspace, :host => host, :port => sport, diff --git a/lib/msf/core/db_manager/import/nikto.rb b/lib/msf/core/db_manager/import/nikto.rb index 5a2d18920882..af383ecf577b 100644 --- a/lib/msf/core/db_manager/import/nikto.rb +++ b/lib/msf/core/db_manager/import/nikto.rb @@ -39,7 +39,7 @@ def import_nikto_xml(args={}, &block) :task => args[:task] } # Always report it as a note. - report_note(desc_data) + msf_import_note(desc_data) # Sometimes report it as a vuln, too. # XXX: There's a Vuln.info field but nothing reads from it? See Bug #5837 if item.attributes['osvdbid'].to_i != 0 @@ -48,7 +48,7 @@ def import_nikto_xml(args={}, &block) desc_data.delete(:data) desc_data.delete(:type) desc_data.delete(:update) - report_vuln(desc_data) + msf_import_vuln(desc_data) end end end diff --git a/lib/msf/core/db_manager/import/nmap.rb b/lib/msf/core/db_manager/import/nmap.rb index 4ff9655a06dc..4c5c77563aa3 100644 --- a/lib/msf/core/db_manager/import/nmap.rb +++ b/lib/msf/core/db_manager/import/nmap.rb @@ -74,7 +74,7 @@ def import_nmap_xml(args={}, &block) next if port_states.compact.empty? end yield(:address,data[:host]) if block - hobj = report_host(data) + hobj = msf_import_host(data) report_import_note(wspace,hobj) end end @@ -97,11 +97,11 @@ def import_nmap_xml(args={}, &block) note[:data][:os_match] = h['os_match'] end - report_note(note) + msf_import_note(note) end if (h["last_boot"]) - report_note( + msf_import_note( :workspace => wspace, :host => hobj || addr, :type => 'host.last_boot', @@ -122,7 +122,7 @@ def import_nmap_xml(args={}, &block) "name" => hop["host"].to_s } end - report_note( + msf_import_note( :workspace => wspace, :host => hobj || addr, :type => 'host.nmap.traceroute', @@ -164,7 +164,7 @@ def import_nmap_xml(args={}, &block) data[:info] = extra if not extra.empty? data[:task] = args[:task] data[:name] = p['tunnel'] ? "#{p['tunnel']}/#{p['name'] || 'unknown'}" : p['name'] - report_service(data) + msf_import_service(data) } #Parse the scripts output if h["scripts"] @@ -186,7 +186,7 @@ def import_nmap_xml(args={}, &block) 'MSF-Microsoft Server Service Relative Path Stack Corruption', 'NSS-34476'] } - report_vuln(vuln_info) + msf_import_vuln(vuln_info) end if val =~ /MS06-025: VULNERABLE/ vuln_info = { @@ -206,7 +206,7 @@ def import_nmap_xml(args={}, &block) 'MSF-Microsoft RRAS Service RASMAN Registry Overflow', 'NSS-21689'] } - report_vuln(vuln_info) + msf_import_vuln(vuln_info) end # This one has NOT been Tested , remove this comment if confirmed working if val =~ /MS07-029: VULNERABLE/ @@ -223,7 +223,7 @@ def import_nmap_xml(args={}, &block) 'MSF-Microsoft DNS RPC Service extractQuotedChar()', 'NSS-25168'] } - report_vuln(vuln_info) + msf_import_vuln(vuln_info) end end end diff --git a/lib/msf/core/db_manager/import/nuclei.rb b/lib/msf/core/db_manager/import/nuclei.rb index 6485cdf52a6d..b08c65a0f5ef 100644 --- a/lib/msf/core/db_manager/import/nuclei.rb +++ b/lib/msf/core/db_manager/import/nuclei.rb @@ -45,7 +45,7 @@ def import_nuclei_json(args = {}, &block) task: args[:task] } - report_note(note) + msf_import_note(note) next unless %w[low medium high critical].include?(severity) @@ -68,7 +68,7 @@ def import_nuclei_json(args = {}, &block) task: args[:task] } - report_vuln(vuln) + msf_import_vuln(vuln) end end @@ -122,7 +122,7 @@ def import_nuclei_jsonl(args = {}, &block) task: args[:task] } - report_note(note) + msf_import_note(note) next unless %w[low medium high critical].include?(severity) @@ -145,7 +145,7 @@ def import_nuclei_jsonl(args = {}, &block) task: args[:task] } - report_vuln(vuln) + msf_import_vuln(vuln) end end end diff --git a/lib/msf/core/db_manager/import/qualys.rb b/lib/msf/core/db_manager/import/qualys.rb index 5616a1d78f19..64c797cf7e9a 100644 --- a/lib/msf/core/db_manager/import/qualys.rb +++ b/lib/msf/core/db_manager/import/qualys.rb @@ -21,7 +21,7 @@ def handle_qualys(wspace, hobj, port, protocol, qid, severity, refs, name=nil, t end if info[:host] && info[:port] && info[:proto] - report_service(info) + msf_import_service(info) end fixed_refs = [] @@ -39,7 +39,7 @@ def handle_qualys(wspace, hobj, port, protocol, qid, severity, refs, name=nil, t return if qid == 0 title = 'QUALYS-' + qid if title.nil? or title.empty? if addr - report_vuln( + msf_import_vuln( :workspace => wspace, :task => task, :host => hobj, diff --git a/lib/msf/core/db_manager/import/qualys/asset.rb b/lib/msf/core/db_manager/import/qualys/asset.rb index 15308e17f130..fc5ddd7c07bd 100644 --- a/lib/msf/core/db_manager/import/qualys/asset.rb +++ b/lib/msf/core/db_manager/import/qualys/asset.rb @@ -77,13 +77,13 @@ def import_qualys_asset_xml(args={}, &block) (netbios_el.text if netbios_el) || (dns_el.text if dns_el) || "" ) - hobj = report_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task]) + hobj = msf_import_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task]) report_import_note(wspace,hobj) os_el = host.xpath("OPERATING_SYSTEM").first if os_el hos = os_el.text - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => hobj, diff --git a/lib/msf/core/db_manager/import/qualys/scan.rb b/lib/msf/core/db_manager/import/qualys/scan.rb index 26fdceed7283..193008ae9ccc 100644 --- a/lib/msf/core/db_manager/import/qualys/scan.rb +++ b/lib/msf/core/db_manager/import/qualys/scan.rb @@ -16,13 +16,13 @@ def import_qualys_scan_xml(args={}, &block) end hname = host.attr('name') || '' - hobj = report_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task]) + hobj = msf_import_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task]) report_import_note(wspace,hobj) os_el = host.xpath("OS").first if os_el hos = os_el.text - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => hobj, diff --git a/lib/msf/core/db_manager/import/report.rb b/lib/msf/core/db_manager/import/report.rb index 547874297d4b..75c65fe9e4b3 100644 --- a/lib/msf/core/db_manager/import/report.rb +++ b/lib/msf/core/db_manager/import/report.rb @@ -42,7 +42,7 @@ def import_report(report, args, base_dir) # Update to full path artifact_opts[:file_path].gsub!(/^\./, tmp) - report_artifact(artifact_opts) + msf_import_artifact(artifact_opts) end end end diff --git a/lib/msf/core/db_manager/import/retina.rb b/lib/msf/core/db_manager/import/retina.rb index 823b66af329b..3a23a8f75d6e 100644 --- a/lib/msf/core/db_manager/import/retina.rb +++ b/lib/msf/core/db_manager/import/retina.rb @@ -38,7 +38,7 @@ def import_retina_xml(args={}, &block) yield(:address, data[:host]) if block # Import Host - hobj = report_host(data) + hobj = msf_import_host(data) report_import_note(wspace, hobj) # Import OS fingerprint @@ -52,7 +52,7 @@ def import_retina_xml(args={}, &block) :os => host["os"] } } - report_note(note) + msf_import_note(note) end # Import vulnerabilities @@ -76,7 +76,7 @@ def import_retina_xml(args={}, &block) ) end - report_vuln(vuln_info) + msf_import_vuln(vuln_info) end end diff --git a/lib/msf/core/db_manager/import/spiceworks.rb b/lib/msf/core/db_manager/import/spiceworks.rb index 820f5543f707..cb955d94829e 100644 --- a/lib/msf/core/db_manager/import/spiceworks.rb +++ b/lib/msf/core/db_manager/import/spiceworks.rb @@ -28,7 +28,7 @@ def import_spiceworks_csv(args={}, &block) if os - report_note( + msf_import_note( :workspace => wspace, :task => args[:task], :host => ip, @@ -44,7 +44,7 @@ def import_spiceworks_csv(args={}, &block) info << "Location: #{location}" unless location.blank? conf[:info] = info.join(", ") unless info.empty? - host = report_host(conf) + host = msf_import_host(conf) report_import_note(wspace, host) end end diff --git a/lib/msf/core/db_manager/loot.rb b/lib/msf/core/db_manager/loot.rb index 84fe3ddf198f..02ac15774a75 100644 --- a/lib/msf/core/db_manager/loot.rb +++ b/lib/msf/core/db_manager/loot.rb @@ -89,7 +89,7 @@ def report_loot(opts) loot.name = name if name loot.info = info if info loot.workspace = wspace - msf_import_timestamps(opts,loot) + msf_assign_timestamps(opts, loot) loot.save! ret[:loot] = loot diff --git a/lib/msf/core/db_manager/note.rb b/lib/msf/core/db_manager/note.rb index 8d0e30990f16..91cd4ce954c1 100644 --- a/lib/msf/core/db_manager/note.rb +++ b/lib/msf/core/db_manager/note.rb @@ -191,7 +191,7 @@ def report_note(opts) if opts[:vuln_id] note.vuln_id = opts[:vuln_id] end - msf_import_timestamps(opts,note) + msf_assign_timestamps(opts, note) note.save! ret[:note] = note } diff --git a/lib/msf/core/db_manager/service.rb b/lib/msf/core/db_manager/service.rb index e0ee56b0a07e..fb20b27848e8 100644 --- a/lib/msf/core/db_manager/service.rb +++ b/lib/msf/core/db_manager/service.rb @@ -82,14 +82,6 @@ def report_service(opts) end ret = {} -=begin - host = get_host(:workspace => wspace, :address => addr) - if host - host.updated_at = host.created_at - host.state = HostState::Alive - host.save! - end -=end proto = opts[:proto] || Msf::DBManager::DEFAULT_SERVICE_PROTO @@ -120,7 +112,6 @@ def report_service(opts) end if (service and service.changed?) - msf_import_timestamps(opts,service) service.save! end diff --git a/lib/msf/core/db_manager/task.rb b/lib/msf/core/db_manager/task.rb index 2922e3e6135e..7cd0da2b7842 100644 --- a/lib/msf/core/db_manager/task.rb +++ b/lib/msf/core/db_manager/task.rb @@ -36,7 +36,7 @@ def report_task(opts) task.path = path task.progress = prog task.result = result if result - msf_import_timestamps(opts,task) + msf_assign_timestamps(opts, task) # Having blank completed_ats, while accurate, will cause unstoppable tasks. if completed_at.nil? || completed_at.empty? task.completed_at = opts[:updated_at] diff --git a/lib/msf/core/db_manager/user.rb b/lib/msf/core/db_manager/user.rb index ca3596886af5..4c5ab99d8bb2 100644 --- a/lib/msf/core/db_manager/user.rb +++ b/lib/msf/core/db_manager/user.rb @@ -60,7 +60,7 @@ def report_user(opts) # Finalize if user.changed? - msf_import_timestamps(opts, user) + msf_assign_timestamps(opts, user) user.save! end diff --git a/lib/msf/core/db_manager/vuln.rb b/lib/msf/core/db_manager/vuln.rb index 80e79869054b..97060a7fcb4f 100644 --- a/lib/msf/core/db_manager/vuln.rb +++ b/lib/msf/core/db_manager/vuln.rb @@ -226,7 +226,7 @@ def report_vuln(opts) # Finalize if vuln.changed? - msf_import_timestamps(opts,vuln) + msf_assign_timestamps(opts, vuln) vuln.save! end diff --git a/lib/msf/core/db_manager/web.rb b/lib/msf/core/db_manager/web.rb index b4f0d5fef339..36c27ffb90ad 100644 --- a/lib/msf/core/db_manager/web.rb +++ b/lib/msf/core/db_manager/web.rb @@ -71,7 +71,7 @@ def report_web_form(opts) form.query = quer end - msf_import_timestamps(opts, form) + msf_assign_timestamps(opts, form) form.save! ret[:web_form] = form } @@ -154,7 +154,7 @@ def report_web_page(opts) page.location = opts[:location] if opts[:location] - msf_import_timestamps(opts, page) + msf_assign_timestamps(opts, page) page.save! ret[:web_page] = page @@ -258,7 +258,7 @@ def report_web_site(opts) site.options = opts[:options] if opts[:options] # XXX: - msf_import_timestamps(opts, site) + msf_assign_timestamps(opts, site) site.save! ret[:web_site] = site @@ -366,7 +366,7 @@ def report_web_vuln(opts) vuln.payload = payload vuln.owner = owner - msf_import_timestamps(opts, vuln) + msf_assign_timestamps(opts, vuln) vuln.save! ret[:web_vuln] = vuln diff --git a/spec/support/shared/examples/msf/db_manager/import.rb b/spec/support/shared/examples/msf/db_manager/import.rb index 872b4d8667d1..8dcce705c025 100644 --- a/spec/support/shared/examples/msf/db_manager/import.rb +++ b/spec/support/shared/examples/msf/db_manager/import.rb @@ -9,7 +9,8 @@ it { is_expected.to respond_to :import } it { is_expected.to respond_to :import_file } it { is_expected.to respond_to :import_filetype_detect } - it { is_expected.to respond_to :msf_import_timestamps } + it { is_expected.to respond_to :msf_assign_timestamps } + it { is_expected.to respond_to :normalise_import_timestamps } it { is_expected.to respond_to :report_import_note } it { is_expected.to respond_to :rexmlify } it { is_expected.to respond_to :validate_import_file } From cf97b36d981c901756515488f8179935607a1459 Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Mon, 3 Jun 2024 11:09:59 +0100 Subject: [PATCH 2/2] Align importing timestamps method with msf_ prefix --- lib/msf/core/db_manager/import.rb | 24 +++++++++---------- .../shared/examples/msf/db_manager/import.rb | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb index 9c5ee84f00c3..a86fbee5a141 100644 --- a/lib/msf/core/db_manager/import.rb +++ b/lib/msf/core/db_manager/import.rb @@ -481,57 +481,57 @@ def import_filetype_detect(data) end def msf_import_service(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_service(normalised_import_timestamp_opts) end def msf_import_vuln(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_vuln(normalised_import_timestamp_opts) end def msf_import_note(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_note(normalised_import_timestamp_opts) end def msf_import_host(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_host(normalised_import_timestamp_opts) end def msf_import_task(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_task(normalised_import_timestamp_opts) end def msf_import_user(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_user(normalised_import_timestamp_opts) end def msf_import_loot(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_loot(normalised_import_timestamp_opts) end def msf_import_web_site(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_web_site(normalised_import_timestamp_opts) end def msf_import_web_page(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_web_page(normalised_import_timestamp_opts) end def msf_import_web_vuln(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_web_vuln(normalised_import_timestamp_opts) end def msf_import_artifact(opts) - normalised_import_timestamp_opts = normalise_import_timestamps(opts) + normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts) report_artifact(normalised_import_timestamp_opts) end @@ -544,7 +544,7 @@ def msf_assign_timestamps(opts,obj) end # Handles timestamps from Metasploit Express/Pro imports. - def normalise_import_timestamps(opts) + def msf_normalise_import_timestamps(opts) opts[:created_at] ||= (opts["created_at"] || ::Time.now.utc) opts[:updated_at] ||= (opts["updated_at"] || opts[:created_at]) opts diff --git a/spec/support/shared/examples/msf/db_manager/import.rb b/spec/support/shared/examples/msf/db_manager/import.rb index 8dcce705c025..7a576b342298 100644 --- a/spec/support/shared/examples/msf/db_manager/import.rb +++ b/spec/support/shared/examples/msf/db_manager/import.rb @@ -10,7 +10,7 @@ it { is_expected.to respond_to :import_file } it { is_expected.to respond_to :import_filetype_detect } it { is_expected.to respond_to :msf_assign_timestamps } - it { is_expected.to respond_to :normalise_import_timestamps } + it { is_expected.to respond_to :msf_normalise_import_timestamps } it { is_expected.to respond_to :report_import_note } it { is_expected.to respond_to :rexmlify } it { is_expected.to respond_to :validate_import_file }