Class: Msf::FrameworkEventSubscriber

Inherits:
Object
  • Object
show all
Includes:
Msf::Framework::Offspring, GeneralEventSubscriber, SessionEvent, UiEventSubscriber
Defined in:
lib/msf/core/framework.rb

Instance Attribute Summary

Attributes included from Msf::Framework::Offspring

#framework

Instance Method Summary collapse

Methods included from SessionEvent

#on_session_filedelete, #on_session_interact

Methods included from GeneralEventSubscriber

#on_module_created, #on_module_load

Constructor Details

#initialize(framework) ⇒ FrameworkEventSubscriber

Returns a new instance of FrameworkEventSubscriber.



322
323
324
# File 'lib/msf/core/framework.rb', line 322

def initialize(framework)
  self.framework = framework
end

Instance Method Details

#module_event(name, instance, opts = {}) ⇒ Object

Generic handler for module events



337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
# File 'lib/msf/core/framework.rb', line 337

def module_event(name, instance, opts={})
  if framework.db.active
    event = {
      :workspace => framework.db.find_workspace(instance.workspace),
      :name      => name,
      :username  => instance.owner,
      :info => {
        :module_name => instance.fullname,
        :module_uuid => instance.uuid
      }.merge(opts)
    }

    report_event(event)
  end
end

#on_module_complete(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



362
363
364
# File 'lib/msf/core/framework.rb', line 362

def on_module_complete(instance)
  module_event('module_complete', instance)
end

#on_module_error(instance, exception = nil) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



368
369
370
# File 'lib/msf/core/framework.rb', line 368

def on_module_error(instance, exception=nil)
  module_event('module_error', instance, :exception => exception.to_s)
end

#on_module_run(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



355
356
357
358
# File 'lib/msf/core/framework.rb', line 355

def on_module_run(instance)
  opts = { :datastore => instance.datastore.to_h }
  module_event('module_run', instance, opts)
end

#on_session_close(session, reason = '') ⇒ Object

:category: ::Msf::SessionEvent implementors



477
478
479
480
481
482
483
484
485
# File 'lib/msf/core/framework.rb', line 477

def on_session_close(session, reason='')
  session_event('session_close', session)
  if session.db_record
    # Don't bother saving here, the session's cleanup method will take
    # care of that later.
    session.db_record.close_reason = reason
    session.db_record.closed_at = Time.now.utc
  end
end

#on_session_command(session, command) ⇒ Object

:category: ::Msf::SessionEvent implementors



493
494
495
496
497
498
499
500
# File 'lib/msf/core/framework.rb', line 493

def on_session_command(session, command)
  session_event('session_command', session, :command => command)
  framework.db.report_session_event({
    :etype => 'command',
    :session => session,
    :command => command
  })
end

#on_session_download(session, rpath, lpath) ⇒ Object

:category: ::Msf::SessionEvent implementors



465
466
467
468
469
470
471
472
473
# File 'lib/msf/core/framework.rb', line 465

def on_session_download(session, rpath, lpath)
  session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'download',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_session_module_run(session, mod) ⇒ Object

:category: ::Msf::SessionEvent implementors



549
550
551
552
553
554
555
# File 'lib/msf/core/framework.rb', line 549

def on_session_module_run(session, mod)
  framework.db.report_session_event({
    :etype => 'module_run',
    :session => session,
    :local_path => mod.fullname
  })
end

#on_session_open(session) ⇒ Object

:category: ::Msf::SessionEvent implementors



446
447
448
449
450
# File 'lib/msf/core/framework.rb', line 446

def on_session_open(session)
  opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
  session_event('session_open', session, opts)
  framework.db.report_session(:session => session)
end

#on_session_output(session, output) ⇒ Object

:category: ::Msf::SessionEvent implementors



504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
# File 'lib/msf/core/framework.rb', line 504

def on_session_output(session, output)
  # Break up the output into chunks that will fit into the database.
  buff = output.dup
  chunks = []
  if buff.length > 1024
    while buff.length > 0
      chunks << buff.slice!(0,1024)
    end
  else
    chunks << buff
  end
  chunks.each { |chunk|
    session_event('session_output', session, :output => chunk)
    framework.db.report_session_event({
      :etype => 'output',
      :session => session,
      :output => chunk
    })
  }
end

#on_session_route(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors



527
528
529
# File 'lib/msf/core/framework.rb', line 527

def on_session_route(session, route)
  framework.db.report_session_route({session: session, route: route})
end

#on_session_route_remove(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors



533
534
535
# File 'lib/msf/core/framework.rb', line 533

def on_session_route_remove(session, route)
  framework.db.report_session_route_remove({session: session, route: route})
end

#on_session_script_run(session, script) ⇒ Object

:category: ::Msf::SessionEvent implementors



539
540
541
542
543
544
545
# File 'lib/msf/core/framework.rb', line 539

def on_session_script_run(session, script)
  framework.db.report_session_event({
    :etype => 'script_run',
    :session => session,
    :local_path => script
  })
end

#on_session_upload(session, lpath, rpath) ⇒ Object

:category: ::Msf::SessionEvent implementors



454
455
456
457
458
459
460
461
462
# File 'lib/msf/core/framework.rb', line 454

def on_session_upload(session, lpath, rpath)
  session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'upload',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_ui_command(command) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors



375
376
377
378
379
# File 'lib/msf/core/framework.rb', line 375

def on_ui_command(command)
  if (framework.db and framework.db.active)
    report_event(:name => "ui_command", :info => {:command => command})
  end
end

#on_ui_start(rev) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors



391
392
393
394
395
396
397
398
399
# File 'lib/msf/core/framework.rb', line 391

def on_ui_start(rev)
  #
  # The database is not active at startup time unless msfconsole was
  # started with a database.yml, so this event won't always be saved to
  # the db.  Not great, but best we can do.
  #
  info = { :revision => rev }
  report_event(:name => "ui_start", :info => info)
end

#on_ui_stopObject

:category: ::Msf::UiEventSubscriber implementors



383
384
385
386
387
# File 'lib/msf/core/framework.rb', line 383

def on_ui_stop()
  if (framework.db and framework.db.active)
    report_event(:name => "ui_stop")
  end
end

#report_event(data) ⇒ Object



326
327
328
329
330
# File 'lib/msf/core/framework.rb', line 326

def report_event(data)
  if framework.db.active
    framework.db.report_event(data)
  end
end

#session_event(name, session, opts = {}) ⇒ Object

Generic handler for session events



407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
# File 'lib/msf/core/framework.rb', line 407

def session_event(name, session, opts={})
  address = session.session_host

  if not (address and address.length > 0)
    elog("Session with no session_host/target_host/tunnel_peer. Session Info: #{session.inspect}")
    return
  end

  if framework.db.active
    ws = framework.db.find_workspace(session.workspace)
    opts.each_key do |attr|
      opts[attr].force_encoding('UTF-8') if opts[attr].is_a?(String)
    end

    event = {
      :workspace => ws,
      :username  => session.username,
      :name => name,
      :host => address,
      :info => {
        :session_id   => session.sid,
        :session_info => session.info,
        :session_uuid => session.uuid,
        :session_type => session.type,
        :username     => session.username,
        :target_host  => address,
        :via_exploit  => session.via_exploit,
        :via_payload  => session.via_payload,
        :tunnel_peer  => session.tunnel_peer,
        :exploit_uuid => session.exploit_uuid
      }.merge(opts)
    }
    report_event(event)
  end
end