Skip to content

Commit

Permalink
Fix service 'updated at' time not being updated correctly
Browse files Browse the repository at this point in the history
  • Loading branch information
sjanusz-r7 committed May 31, 2024
1 parent d37a825 commit b2e2074
Show file tree
Hide file tree
Showing 32 changed files with 156 additions and 97 deletions.
5 changes: 3 additions & 2 deletions lib/msf/core/db_manager/cred.rb
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ def report_auth_info(opts={})

# Service management; assume the user knows what
# he's talking about.
service = opts[:service] || report_service(:host => host, :port => port, :proto => proto, :name => sname, :workspace => wspace)
service = opts[:service] || msf_import_service(:host => host, :port => port, :proto => proto, :name => sname, :workspace => wspace)

# Non-US-ASCII usernames are tripping up the database at the moment, this is a temporary fix until we update the tables
if (token[0])
Expand Down Expand Up @@ -211,7 +211,8 @@ def report_auth_info(opts={})

# Update the timestamp
if cred.changed?
msf_import_timestamps(opts,cred)
cred.created_at = opts[:created_at]
cred.updated_at = opts[:updated_at]
cred.save!
end

Expand Down
1 change: 0 additions & 1 deletion lib/msf/core/db_manager/host.rb
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,6 @@ def report_host(opts)
host_state_changed(host, ostate) if host.state != ostate

if host.changed?
msf_import_timestamps(opts, host)
host.save!
end
rescue ActiveRecord::RecordNotUnique, ActiveRecord::RecordInvalid
Expand Down
73 changes: 66 additions & 7 deletions lib/msf/core/db_manager/import.rb
Original file line number Diff line number Diff line change
Expand Up @@ -480,18 +480,77 @@ def import_filetype_detect(data)
raise Msf::DBImportError.new("Could not automatically determine file type")
end

def msf_import_service(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_service(normalised_import_timestamp_opts)
end

def msf_import_vuln(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_vuln(normalised_import_timestamp_opts)
end

def msf_import_note(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_note(normalised_import_timestamp_opts)
end

def msf_import_host(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_host(normalised_import_timestamp_opts)
end

def msf_import_task(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_task(normalised_import_timestamp_opts)
end

def msf_import_user(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_user(normalised_import_timestamp_opts)
end

# I think this might not be needed. Double-check.
def msf_import_webform(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_user(normalised_import_timestamp_opts)
end

def msf_import_loot(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_loot(normalised_import_timestamp_opts)
end

def msf_import_web_site(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_web_site(normalised_import_timestamp_opts)
end

def msf_import_web_page(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_web_page(normalised_import_timestamp_opts)
end

def msf_import_web_vuln(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_web_vuln(normalised_import_timestamp_opts)
end

def msf_import_artifact(opts)
normalised_import_timestamp_opts = normalize_import_timestamps(opts)
report_artifact(normalised_import_timestamp_opts)
end

# Handles timestamps from Metasploit Express/Pro imports.
def msf_import_timestamps(opts,obj)
obj.created_at = opts["created_at"] if opts["created_at"]
obj.created_at = opts[:created_at] if opts[:created_at]
obj.updated_at = opts["updated_at"] ? opts["updated_at"] : obj.created_at
obj.updated_at = opts[:updated_at] ? opts[:updated_at] : obj.created_at
return obj
def normalize_import_timestamps(opts)
opts[:created_at] ||= (opts["created_at"] || ::Time.now.utc)
opts[:updated_at] ||= (opts["updated_at"] || opts[:created_at])
opts
end

def report_import_note(wspace,addr)
if @import_filedata.kind_of?(Hash) && @import_filedata[:filename] && @import_filedata[:filename] !~ /msfe-nmap[0-9]{8}/
report_note(
msf_import_note(
:workspace => wspace,
:host => addr,
:type => 'host.imported',
Expand Down
2 changes: 1 addition & 1 deletion lib/msf/core/db_manager/import/gpp.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def import_gpp_xml(args = {}, &block)
end

# Store entire file as loot, including metadata
report_loot(
msf_import_loot(
workspace: wspace,
path: args[:filename],
name: File.basename(args[:filename]),
Expand Down
12 changes: 6 additions & 6 deletions lib/msf/core/db_manager/import/ip360/v3.rb
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,11 @@ def import_ip360_xml_v3(args={}, &block)
host_hash[:name] = hname.to_s.strip if hname
host_hash[:mac] = mac.to_s.strip.upcase if mac

hobj = report_host(host_hash)
hobj = msf_import_host(host_hash)

yield(:os, os) if block
if os
report_note(
msf_import_note(
:workspace => wspace,
:task => args[:task],
:host => hobj,
Expand Down Expand Up @@ -131,15 +131,15 @@ def import_ip360_xml_v3(args={}, &block)
# IP360 v3 svc
def handle_ip360_v3_svc(wspace,hobj,port,proto,hname,task=nil)
addr = hobj.address
report_host(:workspace => wspace, :host => hobj, :state => Msf::HostState::Alive, :task => task)
msf_import_host(:workspace => wspace, :host => hobj, :state => Msf::HostState::Alive, :task => task)

info = { :workspace => wspace, :host => hobj, :port => port, :proto => proto, :task => task }
if hname != "unknown" and hname[-1,1] != "?"
info[:name] = hname
end

if port.to_i != 0
report_service(info)
msf_import_service(info)
end
end

Expand All @@ -153,7 +153,7 @@ def handle_ip360_v3_vuln(wspace,hobj,port,proto,hname,vulnid,vulnname,cves,bids,
end

if port.to_i != 0
report_service(info)
msf_import_service(info)
end

refs = []
Expand Down Expand Up @@ -181,6 +181,6 @@ def handle_ip360_v3_vuln(wspace,hobj,port,proto,hname,vulnid,vulnname,cves,bids,
vuln[:proto] = proto
end

report_vuln(vuln)
msf_import_vuln(vuln)
end
end
14 changes: 7 additions & 7 deletions lib/msf/core/db_manager/import/libpcap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def import_libpcap(args={}, &block)
unless( bl.include?(saddr) || rfc3330_reserved(saddr))
yield(:address,saddr) if block and !seen_hosts.keys.include?(saddr)
unless seen_hosts[saddr]
report_host(
msf_import_host(
:workspace => wspace,
:host => saddr,
:state => Msf::HostState::Alive,
Expand All @@ -48,7 +48,7 @@ def import_libpcap(args={}, &block)
unless( bl.include?(daddr) || rfc3330_reserved(daddr))
yield(:address,daddr) if block and !seen_hosts.keys.include?(daddr)
unless seen_hosts[daddr]
report_host(
msf_import_host(
:workspace => wspace,
:host => daddr,
:state => Msf::HostState::Alive,
Expand All @@ -63,7 +63,7 @@ def import_libpcap(args={}, &block)
pkt.tcp_src < 1024 # If it's a low port, assume it's a proper service.
if seen_hosts[saddr]
unless seen_hosts[saddr].include? [pkt.tcp_src,"tcp"]
report_service(
msf_import_service(
:workspace => wspace, :host => saddr,
:proto => "tcp", :port => pkt.tcp_src,
:state => Msf::ServiceState::Open,
Expand All @@ -79,7 +79,7 @@ def import_libpcap(args={}, &block)
[saddr,daddr].each do |xaddr|
if seen_hosts[xaddr]
unless seen_hosts[xaddr].include? [pkt.udp_src,"udp"]
report_service(
msf_import_service(
:workspace => wspace, :host => xaddr,
:proto => "udp", :port => pkt.udp_src,
:state => Msf::ServiceState::Open,
Expand All @@ -93,7 +93,7 @@ def import_libpcap(args={}, &block)
elsif pkt.udp_src < 1024 # Probably a service
if seen_hosts[saddr]
unless seen_hosts[saddr].include? [pkt.udp_src,"udp"]
report_service(
msf_import_service(
:workspace => wspace, :host => saddr,
:proto => "udp", :port => pkt.udp_src,
:state => Msf::ServiceState::Open,
Expand Down Expand Up @@ -142,7 +142,7 @@ def inspect_single_packet_http(pkt,wspace,args)
if pkt.payload =~ /^HTTP\x2f1\x2e[01]/n
http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/n)
if http_server_match.kind_of?(MatchData) and http_server_match[1]
report_service(
msf_import_service(
:workspace => wspace,
:host => pkt.ip_saddr,
:port => pkt.tcp_src,
Expand Down Expand Up @@ -172,7 +172,7 @@ def inspect_single_packet_http(pkt,wspace,args)
# this point, we'll just believe everything the packet says -- validation ought
# to come later.
user,pass = b64_cred.unpack("m*").first.split(/:/,2)
report_service(
msf_import_service(
:workspace => wspace,
:host => pkt.ip_daddr,
:port => pkt.tcp_dst,
Expand Down
10 changes: 5 additions & 5 deletions lib/msf/core/db_manager/import/metasploit_framework/xml.rb
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ def import_msf_note_element(note, allow_yaml, note_data={})
note_data[datum.gsub("-","_")] = nils_for_nulls(note.at(datum).text.to_s.strip)
end
}
report_note(note_data)
msf_import_note(note_data)
end

# Imports web_form element using Msf::DBManager#report_web_form.
Expand Down Expand Up @@ -294,7 +294,7 @@ def parse_web_site(web, wspace, allow_yaml, &block)
end
}

report_web_site(info)
msf_import_web_site(info)
yield(:web_site, "#{info[:host]}:#{info[:port]} (#{info[:vhost]})") if block
end

Expand Down Expand Up @@ -331,7 +331,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
end
}
host_address = host_data[:host].dup # Preserve after report_host() deletes
hobj = report_host(host_data)
hobj = msf_import_host(host_data)

host.xpath("host_details/host_detail").each do |hdet|
hdet_data = {}
Expand Down Expand Up @@ -371,7 +371,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
end
end
}
report_service(service_data)
msf_import_service(service_data)
end

host.xpath('notes/note').each do |note|
Expand Down Expand Up @@ -417,7 +417,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
end
end

vobj = report_vuln(vuln_data)
vobj = msf_import_vuln(vuln_data)

vuln.xpath("notes/note").each do |note|
note_data = {}
Expand Down
2 changes: 1 addition & 1 deletion lib/msf/core/db_manager/import/metasploit_framework/zip.rb
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info,
if ::File.exist?(new_task)
::File.unlink new_task # Delete it, and don't report it.
else
report_task(task_info) # It's new, so report it.
msf_import_task(task_info) # It's new, so report it.
end
::FileUtils.copy(task_info[:orig_path], new_task)
yield(:msf_task, new_task) if block
Expand Down
4 changes: 2 additions & 2 deletions lib/msf/core/db_manager/import/nessus.rb
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil
if name and name != "unknown" and name[-1,1] != "?"
info[:name] = name
end
report_service(info)
msf_import_service(info)

if nasl.nil? || nasl.empty? || nasl == 0 || nasl == "0"
return
Expand Down Expand Up @@ -78,6 +78,6 @@ def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil
:refs => refs,
:task => task,
}
report_vuln(vuln_info)
msf_import_vuln(vuln_info)
end
end
4 changes: 2 additions & 2 deletions lib/msf/core/db_manager/import/nessus/nbe.rb
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def import_nessus_nbe(args={}, &block)
yield(:address,addr) if block
end

hobj_map[ addr ] ||= report_host(:host => addr, :workspace => wspace, :task => args[:task])
hobj_map[ addr ] ||= msf_import_host(:host => addr, :workspace => wspace, :task => args[:task])

# Match the NBE types with the XML severity ratings
case type
Expand All @@ -61,7 +61,7 @@ def import_nessus_nbe(args={}, &block)
end
if nasl == "11936"
os = data.match(/The remote host is running (.*)\\n/)[1]
report_note(
msf_import_note(
:workspace => wspace,
:task => args[:task],
:host => hobj_map[ addr ],
Expand Down
4 changes: 2 additions & 2 deletions lib/msf/core/db_manager/import/nessus/xml/v1.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,13 @@ def import_nessus_xml(args={}, &block)

# Record the hostname
hinfo.merge!(:name => hname.to_s.strip) if hname
hobj = report_host(hinfo)
hobj = msf_import_host(hinfo)
report_import_note(wspace,hobj)

# Record the OS
os ||= host.elements["os_name"]
if os
report_note(
msf_import_note(
:workspace => wspace,
:task => args[:task],
:host => hobj,
Expand Down
8 changes: 4 additions & 4 deletions lib/msf/core/db_manager/import/nessus/xml/v2.rb
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,13 @@ def import_nessus_xml_v2(args={}, &block)
# We can't use them anyway, so take just the first.
host_info[:mac] = mac.to_s.strip.upcase.split(/\s+/).first if mac

hobj = report_host(host_info)
hobj = msf_import_host(host_info)
report_import_note(wspace,hobj)

os = host['os']
yield(:os,os) if block
if os
report_note(
msf_import_note(
:workspace => wspace,
:task => args[:task],
:host => hobj,
Expand Down Expand Up @@ -110,7 +110,7 @@ def handle_nessus_v2(wspace,hobj,port,proto,name,nasl,nasl_name,severity,descrip
end

if port.to_i != 0
report_service(info)
msf_import_service(info)
end

if nasl.nil? || nasl.empty? || nasl == 0 || nasl == "0"
Expand Down Expand Up @@ -159,6 +159,6 @@ def handle_nessus_v2(wspace,hobj,port,proto,name,nasl,nasl_name,severity,descrip
vuln[:proto] = proto
end

report_vuln(vuln)
msf_import_vuln(vuln)
end
end
4 changes: 2 additions & 2 deletions lib/msf/core/db_manager/import/netsparker.rb
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def import_netsparker_xml(args={}, &block)
end

# Report the web page to the database
report_web_page(info)
msf_import_web_page(info)

yield(:web_page, url) if block
end
Expand Down Expand Up @@ -145,7 +145,7 @@ def import_netsparker_xml(args={}, &block)

next if vuln['type'].to_s.empty?

report_web_vuln(info)
msf_import_web_vuln(info)
yield(:web_vuln, url) if block
end

Expand Down
Loading

0 comments on commit b2e2074

Please sign in to comment.