def parseOutputString(self, output, debug=False):
"""
This method will discard the output the shell sends, it will read it
from the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
try:
conn = psycopg2.connect(dbname=self.getSetting("Database"),
user=self.getSetting("User"),
password=self.getSetting("Password"),
host=self.getSetting("Server"),
port=self.getSetting("Port"))
cur = conn.cursor()
except Exception as e:
print "[Faraday - MetasplotiOn] Error Connecting to the database"
print "[Faraday - MetasplotiOn]Check your metasploit postgresql credentials and server IP/Port"
print e
return
cur = self._doSql(
cur,
"select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '" + self.getSetting("Workspace") + "';")
if cur is None:
print "Error getting database data\n"
return
self.path = self.data_path + "/" + api.getActiveWorkspace().name + \
"_metasploit_last"
if os.path.isfile(self.path):
f = open(self.path, "r")
self._sdate = f.readline()
f.close
for h in cur.fetchall():
h_id = self.createAndAddHost(
str(h[2]),
str(h[7]))
if self._isIPV4(str(h[2])):
i_id = self.createAndAddInterface(
h_id,
str(h[2]),
mac=str(h[3]),
ipv4_address=str(h[2]),
hostname_resolution=str(h[5]))
else:
i_id = self.createAndAddInterface(
h_id,
str(h[2]),
mac=str(h[3]),
ipv6_address=str(h[2]),
hostname_resolution=str(h[5]))
self._checkDate(str(h[13]))
cur = self._doSql(
cur,
"select * from vulns where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur = self._doSql(
cur,
"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";")
if cur is None:
return
refs = []
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToHost(
h_id,
str(v[4]),
str(v[6]),
refs)
cur = self._doSql(
cur,
"select * from notes where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";")
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToHost(
h_id,
str(n[2]),
str(n[9]))
cur = self._doSql(
cur,
"select * from services where host_id=" + str(h[0]))
if cur is None:
return
for s in cur.fetchall():
self._checkDate(str(s[7]))
s_id = self.createAndAddServiceToInterface(
h_id,
i_id,
name=str(s[6]),
ports=[str(s[3])],
protocol=str(s[4]),
status=str(s[5]),
description=str(s[8]),
version=str(s[8]))
cur = self._doSql(
cur,
"select * from creds where service_id=" + str(s[0]) + self._mwhere + ";")
if cur is None:
return
for c in cur.fetchall():
self._checkDate(str(c[3]))
self.createAndAddCredToService(
h_id,
s_id,
c[4],
c[5])
self.createAndAddVulnToService(
h_id,
s_id,
"Weak Credentials",
"[metasploit found the following credentials]\nuser:%s\npass:%s" % (c[4], c[
5]),
severity="high")
cur = self._doSql(
cur,
"select * from vulns where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur = self._doSql(
cur,
"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";")
if cur is None:
return
refs = []
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToService(
h_id,
s_id,
name=str(v[4]),
desc=str(v[6]),
ref=refs)
mwhere = re.sub(
"updated_at",
"web_vulns.updated_at",
self._mwhere)
cur = self._doSql(
cur,
"select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) where web_sites.service_id=" + str(s[0]) + mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[3]))
#TODO: should be nice to stop hardcoding the positions
# of the information and instead make it depend
# on the column name
# beware, next silly coder, the table as it stands
# right holds information in each position like this:
# v[0] = id, v[1] = web_site_id, v[2] = created_at
# v[3] = updated_at, v[4] = path, v[5] = method,
# v[6] = params, v[7] = pname, v[8] = risk, v[9] = name
# v[10] = query, v[11] = category, v[12] = confidence,
# v[13] = description, v[14] = blame, v[15] = request,
# v[16] = proof, v[17] = owner, v[18] = payload, v[19] = id,
# v[20] = service_id, v[21] = created_at, v[22] = updated_at
# v[23] = vhost, v[24] = comments, v[25] = options
# if the plugin breakes, check that everything is in the
# same position
# metasploit doesn't give us a website, but the vhost +
# path is kinda the same
website = str(v[23]) + str(v[4])
self.createAndAddVulnWebToService(
h_id,
s_id,
name=str(v[9]),
desc=str(v[13]),
website=website,
path=str(v[5]),
request=str(v[16]),
method=str(v[6]),
pname=str(v[8]),
params=str(v[7]),
query=str(v[11]))
cur = self._doSql(
cur,
"select * from notes where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere)
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToService(
h_id,
s_id,
str(n[2]),
str(n[9]))
cur = self._doSql(
cur,
"select * from web_sites where service_id=" + str(s[0]) + self._mwhere)
for w in cur.fetchall():
self._checkDate(str(w[3]))
n_id = self.createAndAddNoteToService(
h_id,
s_id,
"website",
"")
n2_id = self.createAndAddNoteToNote(
h_id,
s_id,
n_id,
str(w[4]),
"")
cur.close()
conn.close()
def parseOutputString(self, output, debug = False):
"""
This method will discard the output the shell sends, it will read it from
the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
try:
conn = psycopg2.connect("dbname='" + self.getSetting("Database")+ "' user='******' password='******' host='"+self.getSetting("Server")+"' port='"+self.getSetting("Port")+"'")
cur = conn.cursor()
except Exception as e:
print e
print "Error Connection database\n"
return
cur=self._doSql(cur,"select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '"+ self.getSetting("Wordspace")+"';")
if cur is None:
print "Error getting database data\n"
return
self.path=self.data_path + "/"+api.getActiveWorkspace().name+ "_metasploit_last"
if os.path.isfile(self.path):
f=open(self.path,"r")
self._sdate=f.readline()
f.close
for h in cur.fetchall():
h_id = self.createAndAddHost(str(h[2]), str(h[7]))
if self._isIPV4(str(h[2])):
i_id = self.createAndAddInterface(h_id, str(h[2]),
mac=str(h[3]),
ipv4_address=str(h[2]),
hostname_resolution=str(h[5])
)
else:
i_id = self.createAndAddInterface(h_id, str(h[2]),
mac=str(h[3]),
ipv6_address=str(h[2]),
hostname_resolution=str(h[5])
)
self._checkDate(str(h[13]))
cur=self._doSql(cur,"select * from vulns where host_id="+str(h[0])+" and service_id is null"+ self._mwhere +";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur=self._doSql(cur,"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id="+ str(v[0])+";")
if cur is None:
return
refs=[]
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToHost(h_id,str(v[4]),str(v[6]),refs)
cur=self._doSql(cur,"select * from notes where host_id="+str(h[0])+" and service_id is null"+ self._mwhere +";")
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToHost(h_id,str(n[2]),str(n[9]))
cur=self._doSql(cur,"select * from services where host_id="+str(h[0]))
if cur is None:
return
for s in cur.fetchall():
self._checkDate(str(s[7]))
s_id = self.createAndAddServiceToInterface(h_id,i_id,
name=str(s[6]),
ports=[str(s[3])],
protocol=str(s[4]),
status=str(s[5]),
description=str(s[8]),
version=str(s[8]),
)
cur=self._doSql(cur,"select * from creds where service_id="+str(s[0])+ self._mwhere +";")
creds=[]
if cur is None:
return
for c in cur.fetchall():
self._checkDate(str(c[3]))
self.createAndAddCredToService(h_id,s_id,c[4],c[5])
cur=self._doSql(cur,"select * from vulns where host_id="+str(h[0])+" and service_id="+str(s[0])+ self._mwhere +";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur=self._doSql(cur,"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id="+ str(v[0])+";")
if cur is None:
return
refs=[]
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToService(h_id,s_id,
name=str(v[4]),
desc=str(v[6]),ref=refs)
mwhere=re.sub("updated_at","web_vulns.updated_at",self._mwhere)
cur=self._doSql(cur,"select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) INNER JOIN web_vuln_category_metasploits as category ON (web_vulns.category_id=category.id) where web_sites.service_id="+str(s[0])+ mwhere +";")
for v in cur.fetchall():
self._checkDate(str(v[3]))
self.createAndAddVulnWebToService(h_id,s_id, name=str(v[28]), desc=str(v[29]), website=str(v[24]),
path=str(v[4]),request=str(v[15]), method=str(v[5]),pname=str(v[7]),
params=str(v[6]),query=str(v[10])
)
cur=self._doSql(cur,"select * from notes where host_id="+str(h[0])+" and service_id="+str(s[0])+ self._mwhere)
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToService(h_id,s_id,str(n[2]),str(n[9]))
cur=self._doSql(cur,"select * from web_sites where service_id="+str(s[0])+ self._mwhere)
for w in cur.fetchall():
self._checkDate(str(w[3]))
n_id = self.createAndAddNoteToService(h_id,s_id,"website","")
n2_id = self.createAndAddNoteToNote(h_id,s_id,n_id,str(w[4]),"")
cur.close()
conn.close()
def parseOutputString(self, output, debug=False):
"""
This method will discard the output the shell sends, it will read it
from the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
try:
conn = psycopg2.connect(dbname=self.getSetting("Database"),
user=self.getSetting("User"),
password=self.getSetting("Password"),
host=self.getSetting("Server"),
port=self.getSetting("Port"))
cur = conn.cursor()
except Exception as e:
print "[Faraday - MetasplotiOn] Error Connecting to the database"
print "[Faraday - MetasplotiOn]Check your metasploit postgresql credentials and server IP/Port"
print e
return
cur = self._doSql(
cur,
"select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '"
+ self.getSetting("Workspace") + "';")
if cur is None:
print "Error getting database data\n"
return
self.path = self.data_path + "/" + api.getActiveWorkspace().name + \
"_metasploit_last"
if os.path.isfile(self.path):
f = open(self.path, "r")
self._sdate = f.readline()
f.close
for h in cur.fetchall():
h_id = self.createAndAddHost(str(h[2]), str(h[7]))
if self._isIPV4(str(h[2])):
i_id = self.createAndAddInterface(h_id,
str(h[2]),
mac=str(h[3]),
ipv4_address=str(h[2]),
hostname_resolution=str(
h[5]))
else:
i_id = self.createAndAddInterface(h_id,
str(h[2]),
mac=str(h[3]),
ipv6_address=str(h[2]),
hostname_resolution=str(
h[5]))
self._checkDate(str(h[13]))
cur = self._doSql(
cur, "select * from vulns where host_id=" + str(h[0]) +
" and service_id is null" + self._mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur = self._doSql(
cur,
"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id="
+ str(v[0]) + ";")
if cur is None:
return
refs = []
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToHost(h_id, str(v[4]), str(v[6]), refs)
cur = self._doSql(
cur, "select * from notes where host_id=" + str(h[0]) +
" and service_id is null" + self._mwhere + ";")
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToHost(h_id, str(n[2]), str(n[9]))
cur = self._doSql(
cur, "select * from services where host_id=" + str(h[0]))
if cur is None:
return
for s in cur.fetchall():
self._checkDate(str(s[7]))
s_id = self.createAndAddServiceToInterface(h_id,
i_id,
name=str(s[6]),
ports=[str(s[3])],
protocol=str(s[4]),
status=str(s[5]),
description=str(
s[8]),
version=str(s[8]))
cur = self._doSql(
cur, "select * from creds where service_id=" + str(s[0]) +
self._mwhere + ";")
if cur is None:
return
for c in cur.fetchall():
self._checkDate(str(c[3]))
self.createAndAddCredToService(h_id, s_id, c[4], c[5])
self.createAndAddVulnToService(
h_id,
s_id,
"Weak Credentials",
"[metasploit found the following credentials]\nuser:%s\npass:%s"
% (c[4], c[5]),
severity="high")
cur = self._doSql(
cur, "select * from vulns where host_id=" + str(h[0]) +
" and service_id=" + str(s[0]) + self._mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur = self._doSql(
cur,
"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id="
+ str(v[0]) + ";")
if cur is None:
return
refs = []
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToService(h_id,
s_id,
name=str(v[4]),
desc=str(v[6]),
ref=refs)
mwhere = re.sub("updated_at", "web_vulns.updated_at",
self._mwhere)
cur = self._doSql(
cur,
"select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) where web_sites.service_id="
+ str(s[0]) + mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[3]))
#TODO: should be nice to stop hardcoding the positions
# of the information and instead make it depend
# on the column name
# beware, next silly coder, the table as it stands
# right holds information in each position like this:
# v[0] = id, v[1] = web_site_id, v[2] = created_at
# v[3] = updated_at, v[4] = path, v[5] = method,
# v[6] = params, v[7] = pname, v[8] = risk, v[9] = name
# v[10] = query, v[11] = category, v[12] = confidence,
# v[13] = description, v[14] = blame, v[15] = request,
# v[16] = proof, v[17] = owner, v[18] = payload, v[19] = id,
# v[20] = service_id, v[21] = created_at, v[22] = updated_at
# v[23] = vhost, v[24] = comments, v[25] = options
# if the plugin breakes, check that everything is in the
# same position
# metasploit doesn't give us a website, but the vhost +
# path is kinda the same
website = str(v[23]) + str(v[4])
self.createAndAddVulnWebToService(h_id,
s_id,
name=str(v[9]),
desc=str(v[13]),
website=website,
path=str(v[5]),
request=str(v[16]),
method=str(v[6]),
pname=str(v[8]),
params=str(v[7]),
query=str(v[11]))
cur = self._doSql(
cur, "select * from notes where host_id=" + str(h[0]) +
" and service_id=" + str(s[0]) + self._mwhere)
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToService(h_id, s_id, str(n[2]),
str(n[9]))
cur = self._doSql(
cur, "select * from web_sites where service_id=" +
str(s[0]) + self._mwhere)
for w in cur.fetchall():
self._checkDate(str(w[3]))
n_id = self.createAndAddNoteToService(
h_id, s_id, "website", "")
n2_id = self.createAndAddNoteToNote(
h_id, s_id, n_id, str(w[4]), "")
cur.close()
conn.close()
def parseOutputString(self, output, debug=False):
"""
This method will discard the output the shell sends, it will read it
from the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
try:
conn = psycopg2.connect(
"dbname='" + self.getSetting("Database") + "' user='******' password='******' host='" + self.getSetting("Server") + "' port='" + self.getSetting("Port") + "'")
cur = conn.cursor()
except Exception as e:
print e
print "Error Connection database\n"
return
cur = self._doSql(
cur,
"select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '" + self.getSetting("Wordspace") + "';")
if cur is None:
print "Error getting database data\n"
return
self.path = self.data_path + "/"+api.getActiveWorkspace().name + "_metasploit_last"
if os.path.isfile(self.path):
f = open(self.path, "r")
self._sdate = f.readline()
f.close
for h in cur.fetchall():
h_id = self.createAndAddHost(
str(h[2]),
str(h[7]))
if self._isIPV4(str(h[2])):
i_id = self.createAndAddInterface(
h_id,
str(h[2]),
mac=str(h[3]),
ipv4_address=str(h[2]),
hostname_resolution=str(h[5]))
else:
i_id = self.createAndAddInterface(
h_id,
str(h[2]),
mac=str(h[3]),
ipv6_address=str(h[2]),
hostname_resolution=str(h[5]))
self._checkDate(str(h[13]))
cur = self._doSql(
cur,
"select * from vulns where host_id="+str(h[0])+" and service_id is null" + self._mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur = self._doSql(
cur,
"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";")
if cur is None:
return
refs = []
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToHost(
h_id,
str(v[4]),
str(v[6]),
refs)
cur = self._doSql(
cur,
"select * from notes where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";")
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToHost(
h_id,
str(n[2]),
str(n[9]))
cur = self._doSql(
cur,
"select * from services where host_id="+str(h[0]))
if cur is None:
return
for s in cur.fetchall():
self._checkDate(str(s[7]))
s_id = self.createAndAddServiceToInterface(
h_id,
i_id,
name=str(s[6]),
ports=[str(s[3])],
protocol=str(s[4]),
status=str(s[5]),
description=str(s[8]),
version=str(s[8]))
cur = self._doSql(
cur,
"select * from creds where service_id=" + str(s[0]) + self._mwhere + ";")
if cur is None:
return
for c in cur.fetchall():
self._checkDate(str(c[3]))
self.createAndAddCredToService(
h_id,
s_id,
c[4],
c[5])
self.createAndAddVulnToService(
h_id,
s_id,
"Weak Credentials",
"[metasploit found the following credentials]\nuser:%s\npass:%s" % (c[4], c[5]),
severity="high")
cur = self._doSql(
cur,
"select * from vulns where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere + ";")
if cur is None:
return
for v in cur.fetchall():
self._checkDate(str(v[5]))
cur = self._doSql(
cur,
"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";")
if cur is None:
return
refs = []
for r in cur.fetchall():
self._checkDate(str(r[5]))
refs.append(r[6])
self.createAndAddVulnToService(
h_id,
s_id,
name=str(v[4]),
desc=str(v[6]),
ref=refs)
mwhere = re.sub(
"updated_at",
"web_vulns.updated_at",
self._mwhere)
cur = self._doSql(
cur,
"select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) INNER JOIN web_vuln_category_metasploits as category ON (web_vulns.category_id=category.id) where web_sites.service_id=" + str(s[0]) + mwhere + ";")
for v in cur.fetchall():
self._checkDate(str(v[3]))
self.createAndAddVulnWebToService(
h_id,
s_id,
name=str(v[28]),
desc=str(v[29]),
website=str(v[24]),
path=str(v[4]),
request=str(v[15]),
method=str(v[5]),
pname=str(v[7]),
params=str(v[6]),
query=str(v[10]))
cur = self._doSql(
cur,
"select * from notes where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere)
if cur is None:
return
for n in cur.fetchall():
self._checkDate(str(n[6]))
self.createAndAddNoteToService(
h_id,
s_id,
str(n[2]),
str(n[9]))
cur = self._doSql(
cur,
"select * from web_sites where service_id=" + str(s[0]) + self._mwhere)
for w in cur.fetchall():
self._checkDate(str(w[3]))
n_id = self.createAndAddNoteToService(
h_id,
s_id,
"website",
"")
n2_id = self.createAndAddNoteToNote(
h_id,
s_id,
n_id,
str(w[4]),
"")
cur.close()
conn.close()
