def parseOutputString(self, output, debug=False): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. NOTE: if 'debug' is true then it is being run from a test case and the output being sent is valid. """ try: conn = psycopg2.connect(dbname=self.getSetting("Database"), user=self.getSetting("User"), password=self.getSetting("Password"), host=self.getSetting("Server"), port=self.getSetting("Port")) cur = conn.cursor() except Exception as e: print "[Faraday - MetasplotiOn] Error Connecting to the database" print "[Faraday - MetasplotiOn]Check your metasploit postgresql credentials and server IP/Port" print e return cur = self._doSql( cur, "select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '" + self.getSetting("Workspace") + "';") if cur is None: print "Error getting database data\n" return self.path = self.data_path + "/" + api.getActiveWorkspace().name + \ "_metasploit_last" if os.path.isfile(self.path): f = open(self.path, "r") self._sdate = f.readline() f.close for h in cur.fetchall(): h_id = self.createAndAddHost( str(h[2]), str(h[7])) if self._isIPV4(str(h[2])): i_id = self.createAndAddInterface( h_id, str(h[2]), mac=str(h[3]), ipv4_address=str(h[2]), hostname_resolution=str(h[5])) else: i_id = self.createAndAddInterface( h_id, str(h[2]), mac=str(h[3]), ipv6_address=str(h[2]), hostname_resolution=str(h[5])) self._checkDate(str(h[13])) cur = self._doSql( cur, "select * from vulns where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur = self._doSql( cur, "select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";") if cur is None: return refs = [] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToHost( h_id, str(v[4]), str(v[6]), refs) cur = self._doSql( cur, "select * from notes where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";") if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToHost( h_id, str(n[2]), str(n[9])) cur = self._doSql( cur, "select * from services where host_id=" + str(h[0])) if cur is None: return for s in cur.fetchall(): self._checkDate(str(s[7])) s_id = self.createAndAddServiceToInterface( h_id, i_id, name=str(s[6]), ports=[str(s[3])], protocol=str(s[4]), status=str(s[5]), description=str(s[8]), version=str(s[8])) cur = self._doSql( cur, "select * from creds where service_id=" + str(s[0]) + self._mwhere + ";") if cur is None: return for c in cur.fetchall(): self._checkDate(str(c[3])) self.createAndAddCredToService( h_id, s_id, c[4], c[5]) self.createAndAddVulnToService( h_id, s_id, "Weak Credentials", "[metasploit found the following credentials]\nuser:%s\npass:%s" % (c[4], c[ 5]), severity="high") cur = self._doSql( cur, "select * from vulns where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur = self._doSql( cur, "select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";") if cur is None: return refs = [] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToService( h_id, s_id, name=str(v[4]), desc=str(v[6]), ref=refs) mwhere = re.sub( "updated_at", "web_vulns.updated_at", self._mwhere) cur = self._doSql( cur, "select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) where web_sites.service_id=" + str(s[0]) + mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[3])) #TODO: should be nice to stop hardcoding the positions # of the information and instead make it depend # on the column name # beware, next silly coder, the table as it stands # right holds information in each position like this: # v[0] = id, v[1] = web_site_id, v[2] = created_at # v[3] = updated_at, v[4] = path, v[5] = method, # v[6] = params, v[7] = pname, v[8] = risk, v[9] = name # v[10] = query, v[11] = category, v[12] = confidence, # v[13] = description, v[14] = blame, v[15] = request, # v[16] = proof, v[17] = owner, v[18] = payload, v[19] = id, # v[20] = service_id, v[21] = created_at, v[22] = updated_at # v[23] = vhost, v[24] = comments, v[25] = options # if the plugin breakes, check that everything is in the # same position # metasploit doesn't give us a website, but the vhost + # path is kinda the same website = str(v[23]) + str(v[4]) self.createAndAddVulnWebToService( h_id, s_id, name=str(v[9]), desc=str(v[13]), website=website, path=str(v[5]), request=str(v[16]), method=str(v[6]), pname=str(v[8]), params=str(v[7]), query=str(v[11])) cur = self._doSql( cur, "select * from notes where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere) if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToService( h_id, s_id, str(n[2]), str(n[9])) cur = self._doSql( cur, "select * from web_sites where service_id=" + str(s[0]) + self._mwhere) for w in cur.fetchall(): self._checkDate(str(w[3])) n_id = self.createAndAddNoteToService( h_id, s_id, "website", "") n2_id = self.createAndAddNoteToNote( h_id, s_id, n_id, str(w[4]), "") cur.close() conn.close()
def parseOutputString(self, output, debug = False): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. NOTE: if 'debug' is true then it is being run from a test case and the output being sent is valid. """ try: conn = psycopg2.connect("dbname='" + self.getSetting("Database")+ "' user='******' password='******' host='"+self.getSetting("Server")+"' port='"+self.getSetting("Port")+"'") cur = conn.cursor() except Exception as e: print e print "Error Connection database\n" return cur=self._doSql(cur,"select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '"+ self.getSetting("Wordspace")+"';") if cur is None: print "Error getting database data\n" return self.path=self.data_path + "/"+api.getActiveWorkspace().name+ "_metasploit_last" if os.path.isfile(self.path): f=open(self.path,"r") self._sdate=f.readline() f.close for h in cur.fetchall(): h_id = self.createAndAddHost(str(h[2]), str(h[7])) if self._isIPV4(str(h[2])): i_id = self.createAndAddInterface(h_id, str(h[2]), mac=str(h[3]), ipv4_address=str(h[2]), hostname_resolution=str(h[5]) ) else: i_id = self.createAndAddInterface(h_id, str(h[2]), mac=str(h[3]), ipv6_address=str(h[2]), hostname_resolution=str(h[5]) ) self._checkDate(str(h[13])) cur=self._doSql(cur,"select * from vulns where host_id="+str(h[0])+" and service_id is null"+ self._mwhere +";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur=self._doSql(cur,"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id="+ str(v[0])+";") if cur is None: return refs=[] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToHost(h_id,str(v[4]),str(v[6]),refs) cur=self._doSql(cur,"select * from notes where host_id="+str(h[0])+" and service_id is null"+ self._mwhere +";") if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToHost(h_id,str(n[2]),str(n[9])) cur=self._doSql(cur,"select * from services where host_id="+str(h[0])) if cur is None: return for s in cur.fetchall(): self._checkDate(str(s[7])) s_id = self.createAndAddServiceToInterface(h_id,i_id, name=str(s[6]), ports=[str(s[3])], protocol=str(s[4]), status=str(s[5]), description=str(s[8]), version=str(s[8]), ) cur=self._doSql(cur,"select * from creds where service_id="+str(s[0])+ self._mwhere +";") creds=[] if cur is None: return for c in cur.fetchall(): self._checkDate(str(c[3])) self.createAndAddCredToService(h_id,s_id,c[4],c[5]) cur=self._doSql(cur,"select * from vulns where host_id="+str(h[0])+" and service_id="+str(s[0])+ self._mwhere +";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur=self._doSql(cur,"select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id="+ str(v[0])+";") if cur is None: return refs=[] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToService(h_id,s_id, name=str(v[4]), desc=str(v[6]),ref=refs) mwhere=re.sub("updated_at","web_vulns.updated_at",self._mwhere) cur=self._doSql(cur,"select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) INNER JOIN web_vuln_category_metasploits as category ON (web_vulns.category_id=category.id) where web_sites.service_id="+str(s[0])+ mwhere +";") for v in cur.fetchall(): self._checkDate(str(v[3])) self.createAndAddVulnWebToService(h_id,s_id, name=str(v[28]), desc=str(v[29]), website=str(v[24]), path=str(v[4]),request=str(v[15]), method=str(v[5]),pname=str(v[7]), params=str(v[6]),query=str(v[10]) ) cur=self._doSql(cur,"select * from notes where host_id="+str(h[0])+" and service_id="+str(s[0])+ self._mwhere) if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToService(h_id,s_id,str(n[2]),str(n[9])) cur=self._doSql(cur,"select * from web_sites where service_id="+str(s[0])+ self._mwhere) for w in cur.fetchall(): self._checkDate(str(w[3])) n_id = self.createAndAddNoteToService(h_id,s_id,"website","") n2_id = self.createAndAddNoteToNote(h_id,s_id,n_id,str(w[4]),"") cur.close() conn.close()
def parseOutputString(self, output, debug=False): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. NOTE: if 'debug' is true then it is being run from a test case and the output being sent is valid. """ try: conn = psycopg2.connect(dbname=self.getSetting("Database"), user=self.getSetting("User"), password=self.getSetting("Password"), host=self.getSetting("Server"), port=self.getSetting("Port")) cur = conn.cursor() except Exception as e: print "[Faraday - MetasplotiOn] Error Connecting to the database" print "[Faraday - MetasplotiOn]Check your metasploit postgresql credentials and server IP/Port" print e return cur = self._doSql( cur, "select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '" + self.getSetting("Workspace") + "';") if cur is None: print "Error getting database data\n" return self.path = self.data_path + "/" + api.getActiveWorkspace().name + \ "_metasploit_last" if os.path.isfile(self.path): f = open(self.path, "r") self._sdate = f.readline() f.close for h in cur.fetchall(): h_id = self.createAndAddHost(str(h[2]), str(h[7])) if self._isIPV4(str(h[2])): i_id = self.createAndAddInterface(h_id, str(h[2]), mac=str(h[3]), ipv4_address=str(h[2]), hostname_resolution=str( h[5])) else: i_id = self.createAndAddInterface(h_id, str(h[2]), mac=str(h[3]), ipv6_address=str(h[2]), hostname_resolution=str( h[5])) self._checkDate(str(h[13])) cur = self._doSql( cur, "select * from vulns where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur = self._doSql( cur, "select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";") if cur is None: return refs = [] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToHost(h_id, str(v[4]), str(v[6]), refs) cur = self._doSql( cur, "select * from notes where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";") if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToHost(h_id, str(n[2]), str(n[9])) cur = self._doSql( cur, "select * from services where host_id=" + str(h[0])) if cur is None: return for s in cur.fetchall(): self._checkDate(str(s[7])) s_id = self.createAndAddServiceToInterface(h_id, i_id, name=str(s[6]), ports=[str(s[3])], protocol=str(s[4]), status=str(s[5]), description=str( s[8]), version=str(s[8])) cur = self._doSql( cur, "select * from creds where service_id=" + str(s[0]) + self._mwhere + ";") if cur is None: return for c in cur.fetchall(): self._checkDate(str(c[3])) self.createAndAddCredToService(h_id, s_id, c[4], c[5]) self.createAndAddVulnToService( h_id, s_id, "Weak Credentials", "[metasploit found the following credentials]\nuser:%s\npass:%s" % (c[4], c[5]), severity="high") cur = self._doSql( cur, "select * from vulns where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur = self._doSql( cur, "select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";") if cur is None: return refs = [] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToService(h_id, s_id, name=str(v[4]), desc=str(v[6]), ref=refs) mwhere = re.sub("updated_at", "web_vulns.updated_at", self._mwhere) cur = self._doSql( cur, "select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) where web_sites.service_id=" + str(s[0]) + mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[3])) #TODO: should be nice to stop hardcoding the positions # of the information and instead make it depend # on the column name # beware, next silly coder, the table as it stands # right holds information in each position like this: # v[0] = id, v[1] = web_site_id, v[2] = created_at # v[3] = updated_at, v[4] = path, v[5] = method, # v[6] = params, v[7] = pname, v[8] = risk, v[9] = name # v[10] = query, v[11] = category, v[12] = confidence, # v[13] = description, v[14] = blame, v[15] = request, # v[16] = proof, v[17] = owner, v[18] = payload, v[19] = id, # v[20] = service_id, v[21] = created_at, v[22] = updated_at # v[23] = vhost, v[24] = comments, v[25] = options # if the plugin breakes, check that everything is in the # same position # metasploit doesn't give us a website, but the vhost + # path is kinda the same website = str(v[23]) + str(v[4]) self.createAndAddVulnWebToService(h_id, s_id, name=str(v[9]), desc=str(v[13]), website=website, path=str(v[5]), request=str(v[16]), method=str(v[6]), pname=str(v[8]), params=str(v[7]), query=str(v[11])) cur = self._doSql( cur, "select * from notes where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere) if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToService(h_id, s_id, str(n[2]), str(n[9])) cur = self._doSql( cur, "select * from web_sites where service_id=" + str(s[0]) + self._mwhere) for w in cur.fetchall(): self._checkDate(str(w[3])) n_id = self.createAndAddNoteToService( h_id, s_id, "website", "") n2_id = self.createAndAddNoteToNote( h_id, s_id, n_id, str(w[4]), "") cur.close() conn.close()
def parseOutputString(self, output, debug=False): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. NOTE: if 'debug' is true then it is being run from a test case and the output being sent is valid. """ try: conn = psycopg2.connect( "dbname='" + self.getSetting("Database") + "' user='******' password='******' host='" + self.getSetting("Server") + "' port='" + self.getSetting("Port") + "'") cur = conn.cursor() except Exception as e: print e print "Error Connection database\n" return cur = self._doSql( cur, "select * from hosts inner join workspaces ON (hosts.workspace_id=workspaces.id) where workspaces.name like '" + self.getSetting("Wordspace") + "';") if cur is None: print "Error getting database data\n" return self.path = self.data_path + "/"+api.getActiveWorkspace().name + "_metasploit_last" if os.path.isfile(self.path): f = open(self.path, "r") self._sdate = f.readline() f.close for h in cur.fetchall(): h_id = self.createAndAddHost( str(h[2]), str(h[7])) if self._isIPV4(str(h[2])): i_id = self.createAndAddInterface( h_id, str(h[2]), mac=str(h[3]), ipv4_address=str(h[2]), hostname_resolution=str(h[5])) else: i_id = self.createAndAddInterface( h_id, str(h[2]), mac=str(h[3]), ipv6_address=str(h[2]), hostname_resolution=str(h[5])) self._checkDate(str(h[13])) cur = self._doSql( cur, "select * from vulns where host_id="+str(h[0])+" and service_id is null" + self._mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur = self._doSql( cur, "select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";") if cur is None: return refs = [] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToHost( h_id, str(v[4]), str(v[6]), refs) cur = self._doSql( cur, "select * from notes where host_id=" + str(h[0]) + " and service_id is null" + self._mwhere + ";") if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToHost( h_id, str(n[2]), str(n[9])) cur = self._doSql( cur, "select * from services where host_id="+str(h[0])) if cur is None: return for s in cur.fetchall(): self._checkDate(str(s[7])) s_id = self.createAndAddServiceToInterface( h_id, i_id, name=str(s[6]), ports=[str(s[3])], protocol=str(s[4]), status=str(s[5]), description=str(s[8]), version=str(s[8])) cur = self._doSql( cur, "select * from creds where service_id=" + str(s[0]) + self._mwhere + ";") if cur is None: return for c in cur.fetchall(): self._checkDate(str(c[3])) self.createAndAddCredToService( h_id, s_id, c[4], c[5]) self.createAndAddVulnToService( h_id, s_id, "Weak Credentials", "[metasploit found the following credentials]\nuser:%s\npass:%s" % (c[4], c[5]), severity="high") cur = self._doSql( cur, "select * from vulns where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere + ";") if cur is None: return for v in cur.fetchall(): self._checkDate(str(v[5])) cur = self._doSql( cur, "select * from vulns_refs inner join refs ON (vulns_refs.id=refs.id) where vulns_refs.vuln_id=" + str(v[0]) + ";") if cur is None: return refs = [] for r in cur.fetchall(): self._checkDate(str(r[5])) refs.append(r[6]) self.createAndAddVulnToService( h_id, s_id, name=str(v[4]), desc=str(v[6]), ref=refs) mwhere = re.sub( "updated_at", "web_vulns.updated_at", self._mwhere) cur = self._doSql( cur, "select * from web_vulns INNER JOIN web_sites ON (web_vulns.web_site_id=web_sites.id) INNER JOIN web_vuln_category_metasploits as category ON (web_vulns.category_id=category.id) where web_sites.service_id=" + str(s[0]) + mwhere + ";") for v in cur.fetchall(): self._checkDate(str(v[3])) self.createAndAddVulnWebToService( h_id, s_id, name=str(v[28]), desc=str(v[29]), website=str(v[24]), path=str(v[4]), request=str(v[15]), method=str(v[5]), pname=str(v[7]), params=str(v[6]), query=str(v[10])) cur = self._doSql( cur, "select * from notes where host_id=" + str(h[0]) + " and service_id=" + str(s[0]) + self._mwhere) if cur is None: return for n in cur.fetchall(): self._checkDate(str(n[6])) self.createAndAddNoteToService( h_id, s_id, str(n[2]), str(n[9])) cur = self._doSql( cur, "select * from web_sites where service_id=" + str(s[0]) + self._mwhere) for w in cur.fetchall(): self._checkDate(str(w[3])) n_id = self.createAndAddNoteToService( h_id, s_id, "website", "") n2_id = self.createAndAddNoteToNote( h_id, s_id, n_id, str(w[4]), "") cur.close() conn.close()