Class: Msf::FrameworkEventSubscriber

Inherits:
Object
  • Object
show all
Includes:
Msf::Framework::Offspring, GeneralEventSubscriber, SessionEvent, UiEventSubscriber
Defined in:
lib/msf/core/framework.rb

Instance Attribute Summary

Attributes included from Msf::Framework::Offspring

#framework

Instance Method Summary collapse

Methods included from SessionEvent

#on_session_filedelete, #on_session_interact

Methods included from GeneralEventSubscriber

#on_module_created, #on_module_load

Constructor Details

#initialize(framework) ⇒ FrameworkEventSubscriber

Returns a new instance of FrameworkEventSubscriber.



296
297
298
# File 'lib/msf/core/framework.rb', line 296

def initialize(framework)
  self.framework = framework
end

Instance Method Details

#module_event(name, instance, opts = {}) ⇒ Object

Generic handler for module events



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
# File 'lib/msf/core/framework.rb', line 311

def module_event(name, instance, opts={})
  if framework.db.active
    event = {
      :workspace => framework.db.find_workspace(instance.workspace),
      :name      => name,
      :username  => instance.owner,
      :info => {
        :module_name => instance.fullname,
        :module_uuid => instance.uuid
      }.merge(opts)
    }

    report_event(event)
  end
end

#on_module_complete(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



336
337
338
# File 'lib/msf/core/framework.rb', line 336

def on_module_complete(instance)
  module_event('module_complete', instance)
end

#on_module_error(instance, exception = nil) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



342
343
344
# File 'lib/msf/core/framework.rb', line 342

def on_module_error(instance, exception=nil)
  module_event('module_error', instance, :exception => exception.to_s)
end

#on_module_run(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors



329
330
331
332
# File 'lib/msf/core/framework.rb', line 329

def on_module_run(instance)
  opts = { :datastore => instance.datastore.to_h }
  module_event('module_run', instance, opts)
end

#on_session_close(session, reason = '') ⇒ Object

:category: ::Msf::SessionEvent implementors



451
452
453
454
455
456
457
458
459
# File 'lib/msf/core/framework.rb', line 451

def on_session_close(session, reason='')
  session_event('session_close', session)
  if session.db_record
    # Don't bother saving here, the session's cleanup method will take
    # care of that later.
    session.db_record.close_reason = reason
    session.db_record.closed_at = Time.now.utc
  end
end

#on_session_command(session, command) ⇒ Object

:category: ::Msf::SessionEvent implementors



467
468
469
470
471
472
473
474
# File 'lib/msf/core/framework.rb', line 467

def on_session_command(session, command)
  session_event('session_command', session, :command => command)
  framework.db.report_session_event({
    :etype => 'command',
    :session => session,
    :command => command
  })
end

#on_session_download(session, rpath, lpath) ⇒ Object

:category: ::Msf::SessionEvent implementors



439
440
441
442
443
444
445
446
447
# File 'lib/msf/core/framework.rb', line 439

def on_session_download(session, rpath, lpath)
  session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'download',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_session_module_run(session, mod) ⇒ Object

:category: ::Msf::SessionEvent implementors



523
524
525
526
527
528
529
# File 'lib/msf/core/framework.rb', line 523

def on_session_module_run(session, mod)
  framework.db.report_session_event({
    :etype => 'module_run',
    :session => session,
    :local_path => mod.fullname
  })
end

#on_session_open(session) ⇒ Object

:category: ::Msf::SessionEvent implementors



420
421
422
423
424
# File 'lib/msf/core/framework.rb', line 420

def on_session_open(session)
  opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
  session_event('session_open', session, opts)
  framework.db.report_session(:session => session)
end

#on_session_output(session, output) ⇒ Object

:category: ::Msf::SessionEvent implementors



478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
# File 'lib/msf/core/framework.rb', line 478

def on_session_output(session, output)
  # Break up the output into chunks that will fit into the database.
  buff = output.dup
  chunks = []
  if buff.length > 1024
    while buff.length > 0
      chunks << buff.slice!(0,1024)
    end
  else
    chunks << buff
  end
  chunks.each { |chunk|
    session_event('session_output', session, :output => chunk)
    framework.db.report_session_event({
      :etype => 'output',
      :session => session,
      :output => chunk
    })
  }
end

#on_session_route(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors



501
502
503
# File 'lib/msf/core/framework.rb', line 501

def on_session_route(session, route)
  framework.db.report_session_route({session: session, route: route})
end

#on_session_route_remove(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors



507
508
509
# File 'lib/msf/core/framework.rb', line 507

def on_session_route_remove(session, route)
  framework.db.report_session_route_remove({session: session, route: route})
end

#on_session_script_run(session, script) ⇒ Object

:category: ::Msf::SessionEvent implementors



513
514
515
516
517
518
519
# File 'lib/msf/core/framework.rb', line 513

def on_session_script_run(session, script)
  framework.db.report_session_event({
    :etype => 'script_run',
    :session => session,
    :local_path => script
  })
end

#on_session_upload(session, lpath, rpath) ⇒ Object

:category: ::Msf::SessionEvent implementors



428
429
430
431
432
433
434
435
436
# File 'lib/msf/core/framework.rb', line 428

def on_session_upload(session, lpath, rpath)
  session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'upload',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_ui_command(command) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors



349
350
351
352
353
# File 'lib/msf/core/framework.rb', line 349

def on_ui_command(command)
  if (framework.db and framework.db.active)
    report_event(:name => "ui_command", :info => {:command => command})
  end
end

#on_ui_start(rev) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors



365
366
367
368
369
370
371
372
373
# File 'lib/msf/core/framework.rb', line 365

def on_ui_start(rev)
  #
  # The database is not active at startup time unless msfconsole was
  # started with a database.yml, so this event won't always be saved to
  # the db.  Not great, but best we can do.
  #
  info = { :revision => rev }
  report_event(:name => "ui_start", :info => info)
end

#on_ui_stopObject

:category: ::Msf::UiEventSubscriber implementors



357
358
359
360
361
# File 'lib/msf/core/framework.rb', line 357

def on_ui_stop()
  if (framework.db and framework.db.active)
    report_event(:name => "ui_stop")
  end
end

#report_event(data) ⇒ Object



300
301
302
303
304
# File 'lib/msf/core/framework.rb', line 300

def report_event(data)
  if framework.db.active
    framework.db.report_event(data)
  end
end

#session_event(name, session, opts = {}) ⇒ Object

Generic handler for session events



381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
# File 'lib/msf/core/framework.rb', line 381

def session_event(name, session, opts={})
  address = session.session_host

  if not (address and address.length > 0)
    elog("Session with no session_host/target_host/tunnel_peer. Session Info: #{session.inspect}")
    return
  end

  if framework.db.active
    ws = framework.db.find_workspace(session.workspace)
    opts.each_key do |attr|
      opts[attr].force_encoding('UTF-8') if opts[attr].is_a?(String)
    end

    event = {
      :workspace => ws,
      :username  => session.username,
      :name => name,
      :host => address,
      :info => {
        :session_id   => session.sid,
        :session_info => session.info,
        :session_uuid => session.uuid,
        :session_type => session.type,
        :username     => session.username,
        :target_host  => address,
        :via_exploit  => session.via_exploit,
        :via_payload  => session.via_payload,
        :tunnel_peer  => session.tunnel_peer,
        :exploit_uuid => session.exploit_uuid
      }.merge(opts)
    }
    report_event(event)
  end
end