forked from rapid7/metasploit-framework
-
Notifications
You must be signed in to change notification settings - Fork 0
/
wiki.rb
574 lines (537 loc) · 17.8 KB
/
wiki.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
##
#
# This plugin requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
#
##
module Msf
###
#
# This plugin extends the Rex::Text::Table class and provides commands
# that output database information for the current workspace in a wiki
# friendly format
#
# @author Trenton Ivey
# * *email:* ("[email protected]").gsub(/example/,"gmail")
# * *github:* kn0
# * *twitter:* trentonivey
###
class Plugin::Wiki < Msf::Plugin
###
#
# This class implements a command dispatcher that provides commands to
# output database information in a wiki friendly format.
#
###
class WikiCommandDispatcher
include Msf::Ui::Console::CommandDispatcher
#
# The dispatcher's name.
#
def name
"Wiki"
end
#
# Returns the hash of commands supported by the wiki dispatcher.
#
def commands
{
"dokuwiki" => "Outputs data from the current workspace in dokuwiki markup.",
"mediawiki" => "Outputs data from the current workspace in mediawiki markup."
}
end
#
# Outputs database entries as Dokuwiki formatted text by passing the
# arguments to the wiki method with a wiki_type of 'dokuwiki'
# @param [Array<String>] args the arguments passed when the command is
# called
# @see #wiki
#
def cmd_dokuwiki(*args)
wiki("dokuwiki", *args)
end
#
# Outputs database entries as Mediawiki formatted text by passing the
# arguments to the wiki method with a wiki_type of 'mediawiki'
# @param [Array<String>] args the arguments passed when the command is
# called
# @see #wiki
#
def cmd_mediawiki(*args)
wiki("mediawiki", *args)
end
#
# This method parses arguments passed from the wiki output commands
# and then formats and displays or saves text according to the
# provided wiki type
#
# @param [String] wiki_type selects the wiki markup lanuguage output to
# use, it can be:
# * dokuwiki
# * mediawiki
#
# @param [Array<String>] args the arguments passed when the command is
# called
#
def wiki(wiki_type, *args)
# Create a table options hash
tbl_opts = {}
# Set some default options for the table hash
tbl_opts[:hosts] = []
tbl_opts[:links] = false
tbl_opts[:wiki_type] = wiki_type
tbl_opts[:heading_size] = 5
case wiki_type
when "dokuwiki"
tbl_opts[:namespace] = 'notes:targets:hosts:'
else
tbl_opts[:namespace] = ''
end
# Get the table we should be looking at
command = args.shift
if command.nil? or not(["creds","hosts","loot","services","vulns"].include?(command.downcase))
usage(wiki_type)
return
end
# Parse the rest of the arguments
while (arg = args.shift)
case arg
when '-o','--output'
tbl_opts[:file_name] = next_opt(args)
when '-h','--help'
usage(wiki_type)
return
when '-l', '-L', '--link', '--links'
tbl_opts[:links] = true
when '-n', '-N', '--namespace'
tbl_opts[:namespace] = next_opt(args)
when '-p', '-P', '--port', '--ports'
tbl_opts[:ports] = next_opts(args)
tbl_opts[:ports].map! {|p| p.to_i}
when '-s', '-S', '--search'
tbl_opts[:search] = next_opt(args)
when '-i', '-I', '--heading-size'
heading_size = next_opt(args)
tbl_opts[:heading_size] = heading_size.to_i unless heading_size.nil?
else
# Assume it is a host
rw = Rex::Socket::RangeWalker.new(arg)
if rw.valid?
rw.each do |ip|
tbl_opts[:hosts] << ip
end
else
print_warning "#{arg} is an invalid hostname"
end
end
end
# Create an Array to hold a list of tables that we want to show
outputs = []
# Output the table
if respond_to? "#{command}_to_table", true
table = send "#{command}_to_table", tbl_opts
if table.respond_to? "to_#{wiki_type}", true
if tbl_opts[:file_name]
print_status("Wrote the #{command} table to a file as a #{wiki_type} formatted table")
File.open(tbl_opts[:file_name],"wb") {|f|
f.write(table.send "to_#{wiki_type}")
}
else
print_line table.send "to_#{wiki_type}"
end
return
end
end
usage(wiki_type)
end
#
# Gets the next set of arguments when parsing command options
#
# *Note:* This will modify the provided argument list
#
# @param [Array] args the list of unparsed arguments
# @return [Array] the unique list of items before the next '-' in the
# provided array
#
def next_opts(args)
opts = []
while ( opt = args.shift )
if opt =~ /^-/
args.unshift opt
break
end
opts.concat ( opt.split(',') )
end
return opts.uniq
end
#
# Gets the next argument when parsing command options
#
# *Note:* This will modify the provided argument list
#
# @param [Array] args the list of unparsed arguments
# @return [String, nil] the argument or nil if the argument starts with a '-'
#
def next_opt(args)
return nil if args[0] =~ /^-/
args.shift
end
#
# Outputs the help message
#
# @param [String] cmd_name the type of the wiki output command to display
# help for
#
def usage(cmd_name = "<wiki cmd>")
print_line "Usage: #{cmd_name} <table> [options] [IP1 IP2,IPn]"
print_line
print_line "The first argument must be the type of table to retrieve:"
print_line " creds, hosts, loot, services, vulns"
print_line
print_line "OPTIONS:"
print_line " -l,--link Enables links for host addresses"
print_line " -n,--namespace <ns> Changes the default namespace for host links"
print_line " -o,--output <file> Write output to a file"
print_line " -p,--port <ports> Only return results that relate to given ports"
print_line " -s,--search <search> Only show results that match the provided text"
print_line " -i,--heading-size <1-6> Changes the heading size"
print_line " -h,--help Displays this menu"
print_line
end
#
# Outputs credentials in the database (within the current workspace) as a Rex table object
# @param [Hash] opts
# @option opts [Array<String>] :hosts contains list of hosts used to limit results
# @option opts [Array<Integer>] :ports contains list of ports used to limit results
# @option opts [String] :search limits results to those containing a provided string
# @return [Rex::Text::Table] table containing credentials
#
def creds_to_table(opts = {})
tbl = Rex::Text::Table.new({'Columns' => ['host','port','user','pass','type','proof','active?']})
tbl.header = 'Credentials'
tbl.headeri = opts[:heading_size]
framework.db.creds.each do |cred|
unless opts[:hosts].nil? or opts[:hosts].empty?
next unless opts[:hosts].include? cred.service.host.address
end
unless opts[:ports].nil?
next unless opts[:ports].any? {|p| cred.service.port.eql? p}
end
address = cred.service.host.address
address = to_wikilink(address,opts[:namespace]) if opts[:links]
row = [
address,
cred.service.port,
cred.user,
cred.pass,
cred.ptype,
cred.proof,
cred.active
]
if opts[:search]
tbl << row if row.any? {|r| /#{opts[:search]}/i.match r.to_s}
else
tbl << row
end
end
return tbl
end
#
# Outputs host information stored in the database (within the current
# workspace) as a Rex table object
# @param [Hash] opts
# @option opts [Array<String>] :hosts contains list of hosts used to limit results
# @option opts [Array<String>] :ports contains list of ports used to limit results
# @option opts [String] :search limits results to those containing a provided string
# @return [Rex::Text::Table] table containing credentials
#
def hosts_to_table(opts = {})
tbl = Rex::Text::Table.new({'Columns' => ['address','mac','name','os_name','os_flavor','os_sp','purpose','info','comments']})
tbl.header = 'Hosts'
tbl.headeri = opts[:heading_size]
framework.db.hosts.each do |host|
unless opts[:hosts].nil? or opts[:hosts].empty?
next unless opts[:hosts].include? host.address
end
unless opts[:ports].nil?
next unless (host.services.map{|s| s[:port]}).any? {|p| opts[:ports].include? p}
end
address = host.address
address = to_wikilink(address,opts[:namespace]) if opts[:links]
row = [
address,
host.mac,
host.name,
host.os_name,
host.os_flavor,
host.os_sp,
host.purpose,
host.info,
host.comments
]
if opts[:search]
tbl << row if row.any? {|r| /#{opts[:search]}/i.match r.to_s}
else
tbl << row
end
end
return tbl
end
#
# Outputs loot information stored in the database (within the current
# workspace) as a Rex table object
# @param [Hash] opts
# @option opts [Array<String>] :hosts contains list of hosts used to limit results
# @option opts [Array<String>] :ports contains list of ports used to limit results
# @option opts [String] :search limits results to those containing a provided string
# @return [Rex::Text::Table] table containing credentials
#
def loot_to_table(opts = {})
tbl = Rex::Text::Table.new({'Columns' => ['host','service','type','name','content','info','path']})
tbl.header = 'Loot'
tbl.headeri = opts[:heading_size]
framework.db.loots.each do |loot|
unless opts[:hosts].nil? or opts[:hosts].empty?
next unless opts[:hosts].include? loot.host.address
end
unless opts[:ports].nil? or opts[:ports].empty?
next if loot.service.nil? or loot.service.port.nil? or not opts[:ports].include? loot.service.port
end
if loot.service
svc = (loot.service.name ? loot.service.name : "#{loot.service.port}/#{loot.service.proto}")
end
address = loot.host.address
address = to_wikilink(address,opts[:namespace]) if opts[:links]
row = [
address,
svc || "",
loot.ltype,
loot.name,
loot.content_type,
loot.info,
loot.path
]
if opts[:search]
tbl << row if row.any? {|r| /#{opts[:search]}/i.match r.to_s}
else
tbl << row
end
end
return tbl
end
#
# Outputs service information stored in the database (within the current
# workspace) as a Rex table object
# @param [Hash] opts
# @option opts [Array<String>] :hosts contains list of hosts used to limit results
# @option opts [Array<String>] :ports contains list of ports used to limit results
# @option opts [String] :search limits results to those containing a provided string
# @return [Rex::Text::Table] table containing credentials
#
def services_to_table(opts = {})
tbl = Rex::Text::Table.new({'Columns' => ['host','port','proto','name','state','info']})
tbl.header = 'Services'
tbl.headeri = opts[:heading_size]
framework.db.services.each do |service|
unless opts[:hosts].nil? or opts[:hosts].empty?
next unless opts[:hosts].include? service.host.address
end
unless opts[:ports].nil? or opts[:ports].empty?
next unless opts[:ports].any? {|p| service[:port].eql? p}
end
address = service.host.address
address = to_wikilink(address,opts[:namespace]) if opts[:links]
row = [
address,
service.port,
service.proto,
service.name,
service.state,
service.info
]
if opts[:search]
tbl << row if row.any? {|r| /#{opts[:search]}/i.match r.to_s}
else
tbl << row
end
end
return tbl
end
#
# Outputs vulnerability information stored in the database (within the current
# workspace) as a Rex table object
# @param [Hash] opts
# @option opts [Array<String>] :hosts contains list of hosts used to limit results
# @option opts [Array<String>] :ports contains list of ports used to limit results
# @option opts [String] :search limits results to those containing a provided string
# @return [Rex::Text::Table] table containing credentials
#
def vulns_to_table(opts = {})
tbl = Rex::Text::Table.new({'Columns' => ['Title','Host','Port','Info','Detail Count','Attempt Count','Exploited At','Updated At']})
tbl.header = 'Vulns'
tbl.headeri = opts[:heading_size]
framework.db.vulns.each do |vuln|
unless opts[:hosts].nil? or opts[:hosts].empty?
next unless opts[:hosts].include? vuln.host.address
end
unless opts[:ports].nil? or opts[:ports].empty?
next unless opts[:ports].any? {|p| vuln.service.port.eql? p}
end
address = vuln.host.address
address = to_wikilink(address,opts[:namespace]) if opts[:links]
row = [
vuln.name,
address,
(vuln.service ? vuln.service.port : ""),
vuln.info,
vuln.vuln_detail_count,
vuln.vuln_attempt_count,
vuln.exploited_at,
vuln.updated_at,
]
if opts[:search]
tbl << row if row.any? {|r| /#{opts[:search]}/i.match r.to_s}
else
tbl << row
end
end
return tbl
end
#
# Converts a value to a wiki link
# @param [String] text value to convert to a link
# @param [String] namespace optional namespace to set for the link
# @return [String] the formated wiki link
def to_wikilink(text,namespace = "")
return "[[" + namespace + text + "]]"
end
end
#
# Plugin Initialization
#
#
# Constructs a new instance of the plugin and registers the console
# dispatcher. It also extends Rex by adding the following methods:
# * Rex::Text::Table.to_dokuwiki
# * Rex::Text::Table.to_mediawiki
#
def initialize(framework, opts)
super
# Extend Rex::Text::Table class so it can output wiki formats
add_dokuwiki_to_rex
add_mediawiki_to_rex
# Add the console dispatcher
add_console_dispatcher(WikiCommandDispatcher)
end
#
# The cleanup routine removes the methods added to Rex by the plugin
# initialization and then removes the console dispatcher
#
def cleanup
# Cleanup methods added to Rex::Text::Table
Rex::Text::Table.class_eval { undef :to_dokuwiki }
Rex::Text::Table.class_eval { undef :to_mediawiki }
# Deregister the console dispatcher
remove_console_dispatcher('Wiki')
end
#
# Returns the plugin's name.
#
def name
"wiki"
end
#
# This method returns a brief description of the plugin. It should be no
# more than 60 characters, but there are no hard limits.
#
def desc
"Adds output to wikitext"
end
#
# The following methods are added here to keep the initialize method
# readable
#
#
# Extends Rex tables to be able to create Dokuwiki tables
#
def add_dokuwiki_to_rex
Rex::Text::Table.class_eval do
def to_dokuwiki
str = prefix.dup
# Print the header if there is one. Use headeri to determine wiki paragraph level
if header
level = "=" * headeri
str << level + header + level + "\n"
end
# Add the column names to the top of the table
columns.each do |col|
str << "^ " + col.to_s + " "
end
str << "^\n" unless columns.count.eql? 0
# Fill out the rest of the table with rows
rows.each do |row|
row.each do |val|
cell = val.to_s
cell = "<nowiki>#{cell}</nowiki>" if cell.include? "|"
str << "| " + cell + " "
end
str << "|\n" unless rows.count.eql? 0
end
return str
end
end
end
#
# Extends Rex tables to be able to create Mediawiki tables
#
def add_mediawiki_to_rex
Rex::Text::Table.class_eval do
def to_mediawiki
str = prefix.dup
# Print the header if there is one. Use headeri to determine wiki
# headline level. Mediawiki does headlines a bit backwards so that
# the header level isn't limited. This results in the need to 'flip'
# the headline length to standardize it.
if header
if headeri <= 6
level = "=" * (-headeri + 7)
str << "#{level} #{header} #{level}"
else
str << "#{header}"
end
str << "\n"
end
# Setup the table with some standard formatting options
str << "{|class=\"wikitable\"\n"
# Output formated column names as the first row
unless columns.count.eql? 0
str << "!"
str << columns.join("!!")
str << "\n"
end
# Add the rows to the table
unless rows.count.eql? 0
rows.each do |row|
str << "|-\n|"
# Try and prevent formatting tags from causing problems
bad = ['&','<','>','"',"'",'/']
r = row.join("|| ")
r.each_char do |c|
if bad.include? c
str << Rex::Text.html_encode(c)
else
str << c
end
end
str << "\n"
end
end
# Finish up the table
str << "|}"
return str
end
end
end
protected
end
end