Module: Msf::Auxiliary::ReportSummary

Defined in:
lib/msf/core/auxiliary/report_summary.rb

Overview

This module provides a means to report module summaries

Instance Method Summary collapse

Instance Method Details

#create_credential_and_login(credential_data) ⇒ Metasploit::Credential::Login

Creates a credential and adds to to the DB if one is present, then calls create_credential_login to attempt a login

This is needed when create_credential_and_login in lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb is called, which doesn’t call of to create_credential_login at any point to initialize @report

This allow modules that make use of create_credential_and_login to make use of the report summary mixin

Parameters:

  • credential_data (Hash)

Returns:

  • (Metasploit::Credential::Login)


90
91
92
93
94
95
96
# File 'lib/msf/core/auxiliary/report_summary.rb', line 90

def (credential_data)
  return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report

  @report[rhost] = { successful_logins: [] }
  @report[rhost][:successful_logins] << (credential_data)
  super
end

#create_credential_login(credential_data) ⇒ Metasploit::Credential::Login

Creates a credential and adds to to the DB if one is present

Parameters:

  • credential_data (Hash)

Returns:

  • (Metasploit::Credential::Login)


71
72
73
74
75
76
77
# File 'lib/msf/core/auxiliary/report_summary.rb', line 71

def (credential_data)
  return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report

  @report[rhost] = { successful_logins: [] }
  @report[rhost][:successful_logins] << (credential_data)
  super
end

#initialize(info = {}) ⇒ Object



18
19
20
21
22
23
24
25
26
27
28
# File 'lib/msf/core/auxiliary/report_summary.rb', line 18

def initialize(info = {})
  super(info)

  if framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS)
    register_options(
      [
        OptBool.new('ShowSuccessfulLogins', [false, 'Outputs a table of successful logins', true]),
      ]
    )
  end
end

#login_credentials(credential_data) ⇒ Hash

Take credentials hash and check data for username and password and then returns a hash for those values

Parameters:

  • credential_data (Hash)

Returns:

  • (Hash)


46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# File 'lib/msf/core/auxiliary/report_summary.rb', line 46

def (credential_data)
  # If the database is active and core is populated then grab the creds from there, otherwise
  # fallback and check in credentials data's top layer
  if framework.db&.active && credential_data[:core]
    {
      public: credential_data[:core].public,
      private_data: credential_data[:core].private
    }
  elsif credential_data[:username] && credential_data[:private_data]
    {
      public: credential_data[:username],
      private_data: credential_data[:private_data]
    }
  else
    {
      public: 'credentials could not be reported',
      private_data: 'credentials could not be reported'
    }
  end
end

#runObject



30
31
32
33
34
35
36
37
38
39
40
# File 'lib/msf/core/auxiliary/report_summary.rb', line 30

def run
  return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins']

  @report = {}
  @report.extend(::Rex::Ref)
  rhost_walker = Msf::RhostsWalker.new(datastore['RHOSTS'], datastore).to_enum
  conditional_verbose_output(rhost_walker.count)
  result = super
  print_report_summary
  result
end

#start_session(obj, info, ds_merge, crlf = false, sock = nil, sess = nil) ⇒ Msf::Sessions::<SESSION_CLASS>

Framework is notified that we have a new session opened

Parameters:

  • obj (MetasploitModule)
  • info (Object)
  • ds_merge (Hash)
  • crlf (FalseClass) (defaults to: false)
  • sock (Socket) (defaults to: nil)
  • sess (Msf::Sessions::<SESSION_CLASS>) (defaults to: nil)

Returns:



107
108
109
110
111
112
113
114
115
116
117
118
119
120
# File 'lib/msf/core/auxiliary/report_summary.rb', line 107

def start_session(obj, info, ds_merge, crlf = false, sock = nil, sess = nil)
  return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins']

  unless @report && @report[rhost]
    elog("No RHOST found in report, skipping reporting for #{rhost}")
    print_brute level: :error, ip: rhost, msg: "No RHOST found in report, skipping reporting for #{rhost}"
    return super
  end

  result = super
  @report[rhost].merge!({ successful_sessions: [] })
  @report[rhost][:successful_sessions] << result
  result
end