Class: Msf::FrameworkEventSubscriber

Inherits:
Object
  • Object
show all
Includes:
Msf::Framework::Offspring, GeneralEventSubscriber, SessionEvent, UiEventSubscriber
Defined in:
lib/msf/core/framework.rb

Instance Attribute Summary

Attributes included from Msf::Framework::Offspring

#framework

Instance Method Summary collapse

Methods included from SessionEvent

#on_session_filedelete, #on_session_interact

Methods included from GeneralEventSubscriber

#on_module_created, #on_module_load

Constructor Details

#initialize(framework) ⇒ FrameworkEventSubscriber

Returns a new instance of FrameworkEventSubscriber.



298
299
300
# File 'lib/msf/core/framework.rb', line 298

def initialize(framework)
  self.framework = framework
end

Instance Method Details

#module_event(name, instance, opts = {}) ⇒ Object

Generic handler for module events



313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
# File 'lib/msf/core/framework.rb', line 313

def module_event(name, instance, opts={})
  if framework.db.active
    event = {
      :workspace => framework.db.find_workspace(instance.workspace),
      :name      => name,
      :username  => instance.owner,
      :info => {
        :module_name => instance.fullname,
        :module_uuid => instance.uuid
      }.merge(opts)
    }

    report_event(event)
  end
end

#on_module_complete(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



338
339
340
# File 'lib/msf/core/framework.rb', line 338

def on_module_complete(instance)
  module_event('module_complete', instance)
end

#on_module_error(instance, exception = nil) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



344
345
346
# File 'lib/msf/core/framework.rb', line 344

def on_module_error(instance, exception=nil)
  module_event('module_error', instance, :exception => exception.to_s)
end

#on_module_run(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



331
332
333
334
# File 'lib/msf/core/framework.rb', line 331

def on_module_run(instance)
  opts = { :datastore => instance.datastore.to_h }
  module_event('module_run', instance, opts)
end

#on_session_close(session, reason = '') ⇒ Object

:category: ::Msf::SessionEvent implementors



453
454
455
456
457
458
459
460
461
# File 'lib/msf/core/framework.rb', line 453

def on_session_close(session, reason='')
  session_event('session_close', session)
  if session.db_record
    # Don't bother saving here, the session's cleanup method will take
    # care of that later.
    session.db_record.close_reason = reason
    session.db_record.closed_at = Time.now.utc
  end
end

#on_session_command(session, command) ⇒ Object

:category: ::Msf::SessionEvent implementors



469
470
471
472
473
474
475
476
# File 'lib/msf/core/framework.rb', line 469

def on_session_command(session, command)
  session_event('session_command', session, :command => command)
  framework.db.report_session_event({
    :etype => 'command',
    :session => session,
    :command => command
  })
end

#on_session_download(session, rpath, lpath) ⇒ Object

:category: ::Msf::SessionEvent implementors



441
442
443
444
445
446
447
448
449
# File 'lib/msf/core/framework.rb', line 441

def on_session_download(session, rpath, lpath)
  session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'download',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_session_module_run(session, mod) ⇒ Object

:category: ::Msf::SessionEvent implementors



525
526
527
528
529
530
531
# File 'lib/msf/core/framework.rb', line 525

def on_session_module_run(session, mod)
  framework.db.report_session_event({
    :etype => 'module_run',
    :session => session,
    :local_path => mod.fullname
  })
end

#on_session_open(session) ⇒ Object

:category: ::Msf::SessionEvent implementors



422
423
424
425
426
# File 'lib/msf/core/framework.rb', line 422

def on_session_open(session)
  opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
  session_event('session_open', session, opts)
  framework.db.report_session(:session => session)
end

#on_session_output(session, output) ⇒ Object

:category: ::Msf::SessionEvent implementors



480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
# File 'lib/msf/core/framework.rb', line 480

def on_session_output(session, output)
  # Break up the output into chunks that will fit into the database.
  buff = output.dup
  chunks = []
  if buff.length > 1024
    while buff.length > 0
      chunks << buff.slice!(0,1024)
    end
  else
    chunks << buff
  end
  chunks.each { |chunk|
    session_event('session_output', session, :output => chunk)
    framework.db.report_session_event({
      :etype => 'output',
      :session => session,
      :output => chunk
    })
  }
end

#on_session_route(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors



503
504
505
# File 'lib/msf/core/framework.rb', line 503

def on_session_route(session, route)
  framework.db.report_session_route({session: session, route: route})
end

#on_session_route_remove(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors



509
510
511
# File 'lib/msf/core/framework.rb', line 509

def on_session_route_remove(session, route)
  framework.db.report_session_route_remove({session: session, route: route})
end

#on_session_script_run(session, script) ⇒ Object

:category: ::Msf::SessionEvent implementors



515
516
517
518
519
520
521
# File 'lib/msf/core/framework.rb', line 515

def on_session_script_run(session, script)
  framework.db.report_session_event({
    :etype => 'script_run',
    :session => session,
    :local_path => script
  })
end

#on_session_upload(session, lpath, rpath) ⇒ Object

:category: ::Msf::SessionEvent implementors



430
431
432
433
434
435
436
437
438
# File 'lib/msf/core/framework.rb', line 430

def on_session_upload(session, lpath, rpath)
  session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'upload',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_ui_command(command) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors



351
352
353
354
355
# File 'lib/msf/core/framework.rb', line 351

def on_ui_command(command)
  if (framework.db and framework.db.active)
    report_event(:name => "ui_command", :info => {:command => command})
  end
end

#on_ui_start(rev) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors



367
368
369
370
371
372
373
374
375
# File 'lib/msf/core/framework.rb', line 367

def on_ui_start(rev)
  #
  # The database is not active at startup time unless msfconsole was
  # started with a database.yml, so this event won't always be saved to
  # the db.  Not great, but best we can do.
  #
  info = { :revision => rev }
  report_event(:name => "ui_start", :info => info)
end

#on_ui_stopObject

:category: ::Msf::UiEventSubscriber implementors



359
360
361
362
363
# File 'lib/msf/core/framework.rb', line 359

def on_ui_stop()
  if (framework.db and framework.db.active)
    report_event(:name => "ui_stop")
  end
end

#report_event(data) ⇒ Object



302
303
304
305
306
# File 'lib/msf/core/framework.rb', line 302

def report_event(data)
  if framework.db.active
    framework.db.report_event(data)
  end
end

#session_event(name, session, opts = {}) ⇒ Object

Generic handler for session events



383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
# File 'lib/msf/core/framework.rb', line 383

def session_event(name, session, opts={})
  address = session.session_host

  if not (address and address.length > 0)
    elog("Session with no session_host/target_host/tunnel_peer. Session Info: #{session.inspect}")
    return
  end

  if framework.db.active
    ws = framework.db.find_workspace(session.workspace)
    opts.each_key do |attr|
      opts[attr].force_encoding('UTF-8') if opts[attr].is_a?(String)
    end

    event = {
      :workspace => ws,
      :username  => session.username,
      :name => name,
      :host => address,
      :info => {
        :session_id   => session.sid,
        :session_info => session.info,
        :session_uuid => session.uuid,
        :session_type => session.type,
        :username     => session.username,
        :target_host  => address,
        :via_exploit  => session.via_exploit,
        :via_payload  => session.via_payload,
        :tunnel_peer  => session.tunnel_peer,
        :exploit_uuid => session.exploit_uuid
      }.merge(opts)
    }
    report_event(event)
  end
end