Skip to content

Commit

Permalink
Add hierarchical search table support
Browse files Browse the repository at this point in the history
  • Loading branch information
adfoster-r7 committed Nov 29, 2023
1 parent 1b6efbb commit 1f846a1
Show file tree
Hide file tree
Showing 9 changed files with 194 additions and 31 deletions.
4 changes: 2 additions & 2 deletions data/auxiliary/gather/ldap_query/ldap_queries_default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ queries:
- https://www.netspi.com/blog/technical/network-penetration-testing/exploiting-adidns/
- https://github.com/dirkjanm/krbrelayx/blob/master/dnstool.py
- action: ENUM_DNS_ZONES
description: 'Dump info about DNS zones the server knows about using the dnsZone object class under the DC DomainDnsZones. This is needed as without this BASEDN prefix we often miss certain entries.'
description: 'Dump all known DNS zones using the dnsZone object class under the DC DomainDnsZones. Without A BASEDN prefix you can miss certain entries.'
filter: '(objectClass=dnsZone)'
base_dn_prefix: 'DC=DomainDnsZones'
attributes:
Expand Down Expand Up @@ -325,7 +325,7 @@ queries:
references:
- https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
- action: ENUM_USER_ASREP_ROASTABLE
description: 'Dump info about all users who are configured not to require kerberos pre-authentication and are therefore AS-REP roastable.'
description: 'Dump all users who are configured not to require kerberos pre-authentication, i.e. AS-REP roastable.'
filter: '(&(samAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=4194304))'
attributes:
- cn
Expand Down
7 changes: 7 additions & 0 deletions lib/msf/core/feature_manager.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ class FeatureManager
METASPLOIT_PAYLOAD_WARNINGS = 'metasploit_payload_warnings'
DEFER_MODULE_LOADS = 'defer_module_loads'
DNS_FEATURE = 'dns_feature'
HIERARCHICAL_SEARCH_TABLE = 'hierarchical_search_table'
DEFAULTS = [
{
name: WRAPPED_TABLES,
Expand Down Expand Up @@ -60,6 +61,12 @@ class FeatureManager
description: 'When enabled, allows configuration of DNS resolution behaviour in Metasploit',
requires_restart: false,
default_value: false
}.freeze,
{
name: HIERARCHICAL_SEARCH_TABLE,
description: 'When enabled, the search table is enhanced to show details on module actions and targets',
requires_restart: false,
default_value: false
}.freeze
].freeze

Expand Down
24 changes: 24 additions & 0 deletions lib/msf/core/modules/metadata/obj.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ module Modules
module Metadata

class Obj
# @return [Hash]
attr_reader :actions
# @return [String]
attr_reader :name
# @return [String]
Expand Down Expand Up @@ -98,6 +100,15 @@ def initialize(module_instance, obj_hash = nil)
@ref_name = module_instance.class.refname
@needs_cleanup = module_instance.respond_to?(:needs_cleanup) && module_instance.needs_cleanup

if module_instance.respond_to?(:actions)
@actions = module_instance.actions.sort_by(&:name).map do |action|
{
'name' => action.name,
'description' => action.description
}
end
end

if module_instance.respond_to?(:autofilter_ports)
@autofilter_ports = module_instance.autofilter_ports
end
Expand Down Expand Up @@ -171,6 +182,8 @@ def to_json(*args)
'needs_cleanup' => @needs_cleanup,
}

data['actions'] = @actions if @actions

if @payload_type
payload_data = {
'payload_type' => @payload_type,
Expand Down Expand Up @@ -211,6 +224,7 @@ def path
#######

def init_from_hash(obj_hash)
@actions = obj_hash['actions']
@name = obj_hash['name']
@fullname = obj_hash['fullname']
@aliases = obj_hash['aliases'] || []
Expand Down Expand Up @@ -257,6 +271,16 @@ def sort_platform_string
end

def force_encoding(encoding)
if @actions
# Encode the actions hashes, assumes that there are no nested hashes
@actions = @actions.map do |action|
action.map do |k, v|
new_key = k.dup.force_encoding(encoding)
new_value = v.is_a?(String) ? v.dup.force_encoding(encoding) : v
[new_key, new_value]
end.to_h
end
end
@name = @name.dup.force_encoding(encoding)
@fullname = @fullname.dup.force_encoding(encoding)
@description = @description.dup.force_encoding(encoding)
Expand Down
6 changes: 5 additions & 1 deletion lib/msf/core/modules/metadata/search.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ module Msf::Modules::Metadata::Search

VALID_PARAMS =
%w[
action
adapter
aka
arch
Expand Down Expand Up @@ -139,7 +140,8 @@ def is_match(params, module_metadata)
# free form text search will honor 'and' semantics, i.e. 'metasploit pro' will only match modules that contain both
# words, and will return false when only one word is matched
if keyword == 'text'
text_segments = [module_metadata.name, module_metadata.fullname, module_metadata.description] + module_metadata.references + module_metadata.author + (module_metadata.notes['AKA'] || [])
module_actions = (module_metadata.actions || []).flat_map { |action| action.values.map(&:to_s) }
text_segments = [module_metadata.name, module_metadata.fullname, module_metadata.description] + module_metadata.references + module_metadata.author + (module_metadata.notes['AKA'] || []) + module_actions

if module_metadata.targets
text_segments = text_segments + module_metadata.targets
Expand Down Expand Up @@ -167,6 +169,8 @@ def is_match(params, module_metadata)

regex = as_regex(search_term)
case keyword
when 'action'
match = [keyword, search_term] if (module_metadata&.actions || []).any? { |action| action.any? { |k, v| k =~ regex || v =~ regex } }
when 'aka'
match = [keyword, search_term] if (module_metadata.notes['AKA'] || []).any? { |aka| aka =~ regex }
when 'author', 'authors'
Expand Down
Loading

0 comments on commit 1f846a1

Please sign in to comment.