Class: Msf::Module::SiteReference

Inherits:
Reference
  • Object
show all
Defined in:
lib/msf/core/module/reference.rb

Overview

A reference to a website.

Instance Attribute Summary collapse

Attributes inherited from Reference

#str

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Reference

#==

Constructor Details

#initialize(in_ctx_id = 'Unknown', in_ctx_val = '') ⇒ SiteReference

Initialize the site reference. If you’re updating the references, please also update:



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/msf/core/module/reference.rb', line 93

def initialize(in_ctx_id = 'Unknown', in_ctx_val = '')
  self.ctx_id  = in_ctx_id
  self.ctx_val = in_ctx_val

  if in_ctx_id == 'CVE'
    self.site = "https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}"
  elsif in_ctx_id == 'CWE'
    self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
  elsif in_ctx_id == 'BID'
    self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
  elsif in_ctx_id == 'MSB'
    year = in_ctx_val[2..3]
    century = year[0] == '9' ? '19' : '20'
    self.site = "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/#{century}#{year}/#{in_ctx_val}"
  elsif in_ctx_id == 'EDB'
    self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"
  elsif in_ctx_id == 'US-CERT-VU'
    self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"
  elsif in_ctx_id == 'ZDI'
    self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
  elsif in_ctx_id == 'WPVDB'
    self.site = "https://wpscan.com/vulnerability/#{in_ctx_val}"
  elsif in_ctx_id == 'PACKETSTORM'
    self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"
  elsif in_ctx_id == 'URL'
    self.site = in_ctx_val.to_s
  elsif in_ctx_id == 'LOGO'
    self.site = "Logo: #{in_ctx_val}"
  elsif in_ctx_id == 'SOUNDTRACK'
    self.site = "Soundtrack: #{in_ctx_val}"
  elsif in_ctx_id == 'ATT&CK'
    match = in_ctx_val.match(/\A(?<category>[A-Z]+)(?<id>[\d.]+)\z/)
    path = Msf::Mitre::Attack::Categories::PATHS[match[:category]]
    id_path = match[:id].gsub('.', '/')
    self.site = "https://attack.mitre.org/#{path}/#{match[:category]}#{id_path}/"
  else
    self.site  = in_ctx_id
    self.site += " (#{in_ctx_val})" if (in_ctx_val)
  end
end

Instance Attribute Details

#ctx_idObject

The context identifier of the site, such as CVE.



163
164
165
 
# File 'lib/msf/core/module/reference.rb', line 163

def ctx_id
  @ctx_id
end

#ctx_valObject

The context value of the reference, such as MS02-039



167
168
169
 
# File 'lib/msf/core/module/reference.rb', line 167

def ctx_val
  @ctx_val
end

#siteObject

The site being referenced.



159
160
161
 
# File 'lib/msf/core/module/reference.rb', line 159

def site
  @site
end

Class Method Details

.from_a(ary) ⇒ Object

Initializes a site reference from an array. ary is the site and ary is the site context identifier, such as CVE.



81
82
83
84
85
 
# File 'lib/msf/core/module/reference.rb', line 81

def self.from_a(ary)
  return nil if (ary.length < 2)

  self.new(ary[0], ary[1])
end

.from_s(str) ⇒ Object

Class method that translates a URL into a site reference instance.



67
68
69
70
71
72
73
74
75
 
# File 'lib/msf/core/module/reference.rb', line 67

def self.from_s(str)
  instance = self.new

  if (instance.from_s(str) == false)
    return nil
  end

  return instance
end

Instance Method Details

#from_s(str) ⇒ Object

Serializes a site URL string.



144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/msf/core/module/reference.rb', line 144

def from_s(str)
  if (/(http:\/\/|https:\/\/|ftp:\/\/)/.match(str))
    self.site = str
    self.ctx_id  = 'URL'
    self.ctx_val = self.site
  else
    return false
  end

  return true
end

#to_sObject

Returns the absolute site URL.



137
138
139
 
# File 'lib/msf/core/module/reference.rb', line 137

def to_s
  return site || ''
end