Class: Msf::FrameworkEventSubscriber

Inherits:

Object

• Object
• Msf::FrameworkEventSubscriber

Includes:

Msf::Framework::Offspring, GeneralEventSubscriber, SessionEvent, UiEventSubscriber

Defined in:

lib/msf/core/framework.rb

Instance Attribute Summary

Attributes included from Msf::Framework::Offspring

#framework

Instance Method Summary

• #initialize(framework) ⇒ FrameworkEventSubscriber constructor

  A new instance of FrameworkEventSubscriber.

• #module_event(name, instance, opts = {}) ⇒ Object

  Generic handler for module events.

• #on_module_complete(instance) ⇒ Object

  :category: ::Msf::GeneralEventSubscriber implementors.

• #on_module_error(instance, exception = nil) ⇒ Object

  :category: ::Msf::GeneralEventSubscriber implementors.

• #on_module_run(instance) ⇒ Object

  :category: ::Msf::GeneralEventSubscriber implementors.

• #on_session_close(session, reason = '') ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_command(session, command) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_download(session, rpath, lpath) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_module_run(session, mod) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_open(session) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_output(session, output) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_route(session, route) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_route_remove(session, route) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_script_run(session, script) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_session_upload(session, lpath, rpath) ⇒ Object

  :category: ::Msf::SessionEvent implementors.

• #on_ui_command(command) ⇒ Object

  :category: ::Msf::UiEventSubscriber implementors.

• #on_ui_start(rev) ⇒ Object

  :category: ::Msf::UiEventSubscriber implementors.

• #on_ui_stop ⇒ Object

  :category: ::Msf::UiEventSubscriber implementors.

• #report_event(data) ⇒ Object
• #session_event(name, session, opts = {}) ⇒ Object

  Generic handler for session events.

Methods included from SessionEvent

#on_session_filedelete, #on_session_interact

Methods included from GeneralEventSubscriber

#on_module_created, #on_module_load

Constructor Details

#initialize(framework) ⇒ FrameworkEventSubscriber

Returns a new instance of FrameworkEventSubscriber.

# File 'lib/msf/core/framework.rb', line 323

def initialize(framework)
  self.framework = framework
end

Instance Method Details

#module_event(name, instance, opts = {}) ⇒ Object

Generic handler for module events

# File 'lib/msf/core/framework.rb', line 338

def module_event(name, instance, opts={})
  if framework.db.active
    event = {
      :workspace => framework.db.find_workspace(instance.workspace),
      :name      => name,
      :username  => instance.owner,
      :info => {
        :module_name => instance.fullname,
        :module_uuid => instance.uuid
      }.merge(opts)
    }

    report_event(event)
  end
end

#on_module_complete(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors

# File 'lib/msf/core/framework.rb', line 363

def on_module_complete(instance)
  module_event('module_complete', instance)
end

#on_module_error(instance, exception = nil) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors

# File 'lib/msf/core/framework.rb', line 369

def on_module_error(instance, exception=nil)
  module_event('module_error', instance, :exception => exception.to_s)
end

#on_module_run(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors

# File 'lib/msf/core/framework.rb', line 356

def on_module_run(instance)
  opts = { :datastore => instance.datastore.to_h }
  module_event('module_run', instance, opts)
end

#on_session_close(session, reason = '') ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 478

def on_session_close(session, reason='')
  session_event('session_close', session)
  if session.db_record
    # Don't bother saving here, the session's cleanup method will take
    # care of that later.
    session.db_record.close_reason = reason
    session.db_record.closed_at = Time.now.utc
  end
end

#on_session_command(session, command) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 494

def on_session_command(session, command)
  session_event('session_command', session, :command => command)
  framework.db.report_session_event({
    :etype => 'command',
    :session => session,
    :command => command
  })
end

#on_session_download(session, rpath, lpath) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 466

def on_session_download(session, rpath, lpath)
  session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'download',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_session_module_run(session, mod) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 550

def on_session_module_run(session, mod)
  framework.db.report_session_event({
    :etype => 'module_run',
    :session => session,
    :local_path => mod.fullname
  })
end

#on_session_open(session) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 447

def on_session_open(session)
  opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
  session_event('session_open', session, opts)
  framework.db.report_session(:session => session)
end

#on_session_output(session, output) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 505

def on_session_output(session, output)
  # Break up the output into chunks that will fit into the database.
  buff = output.dup
  chunks = []
  if buff.length > 1024
    while buff.length > 0
      chunks << buff.slice!(0,1024)
    end
  else
    chunks << buff
  end
  chunks.each { |chunk|
    session_event('session_output', session, :output => chunk)
    framework.db.report_session_event({
      :etype => 'output',
      :session => session,
      :output => chunk
    })
  }
end

#on_session_route(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 528

def on_session_route(session, route)
  framework.db.report_session_route({session: session, route: route})
end

#on_session_route_remove(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 534

def on_session_route_remove(session, route)
  framework.db.report_session_route_remove({session: session, route: route})
end

#on_session_script_run(session, script) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 540

def on_session_script_run(session, script)
  framework.db.report_session_event({
    :etype => 'script_run',
    :session => session,
    :local_path => script
  })
end

#on_session_upload(session, lpath, rpath) ⇒ Object

:category: ::Msf::SessionEvent implementors

# File 'lib/msf/core/framework.rb', line 455

def on_session_upload(session, lpath, rpath)
  session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'upload',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_ui_command(command) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors

# File 'lib/msf/core/framework.rb', line 376

def on_ui_command(command)
  if (framework.db and framework.db.active)
    report_event(:name => "ui_command", :info => {:command => command})
  end
end

#on_ui_start(rev) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors

# File 'lib/msf/core/framework.rb', line 392

def on_ui_start(rev)
  #
  # The database is not active at startup time unless msfconsole was
  # started with a database.yml, so this event won't always be saved to
  # the db.  Not great, but best we can do.
  #
  info = { :revision => rev }
  report_event(:name => "ui_start", :info => info)
end

#on_ui_stop ⇒ Object

:category: ::Msf::UiEventSubscriber implementors

# File 'lib/msf/core/framework.rb', line 384

def on_ui_stop()
  if (framework.db and framework.db.active)
    report_event(:name => "ui_stop")
  end
end

#report_event(data) ⇒ Object

# File 'lib/msf/core/framework.rb', line 327

def report_event(data)
  if framework.db.active
    framework.db.report_event(data)
  end
end

#session_event(name, session, opts = {}) ⇒ Object

Generic handler for session events

# File 'lib/msf/core/framework.rb', line 408

def session_event(name, session, opts={})
  address = session.session_host

  if not (address and address.length > 0)
    elog("Session with no session_host/target_host/tunnel_peer. Session Info: #{session.inspect}")
    return
  end

  if framework.db.active
    ws = framework.db.find_workspace(session.workspace)
    opts.each_key do |attr|
      opts[attr].force_encoding('UTF-8') if opts[attr].is_a?(String)
    end

    event = {
      :workspace => ws,
      :username  => session.username,
      :name => name,
      :host => address,
      :info => {
        :session_id   => session.sid,
        :session_info => session.info,
        :session_uuid => session.uuid,
        :session_type => session.type,
        :username     => session.username,
        :target_host  => address,
        :via_exploit  => session.via_exploit,
        :via_payload  => session.via_payload,
        :tunnel_peer  => session.tunnel_peer,
        :exploit_uuid => session.exploit_uuid
      }.merge(opts)
    }
    report_event(event)
  end
end