diff --git a/lib/msf/base/simple/auxiliary.rb b/lib/msf/base/simple/auxiliary.rb index 4c50afd2da..69c1adf956 100644 --- a/lib/msf/base/simple/auxiliary.rb +++ b/lib/msf/base/simple/auxiliary.rb @@ -90,6 +90,7 @@ protected def self.job_run_proc(mod) begin mod.setup + mod.framework.events.on_module_run(mod) mod.run rescue ::Interrupt mod.print_error("Auxiliary interrupted by the console user") diff --git a/lib/msf/base/simple/exploit.rb b/lib/msf/base/simple/exploit.rb index c97eb53d64..6d7711fb0a 100644 --- a/lib/msf/base/simple/exploit.rb +++ b/lib/msf/base/simple/exploit.rb @@ -55,7 +55,6 @@ module Exploit # job. # def self.exploit_simple(exploit, opts) - # Trap and print errors here (makes them UI-independent) begin @@ -117,7 +116,6 @@ module Exploit driver.use_job = true end - exploit.framework.events.on_module_run(exploit) # Let's rock this party session = driver.run diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index f741064a45..f3c2eee134 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -162,7 +162,7 @@ class DBManager # Report a host's attributes such as operating system and service pack # # The opts parameter MUST contain - # :address -- the host's ip address + # :host -- the host's ip address # # The opts parameter can contain: # :state -- one of the Msf::HostState constants @@ -625,6 +625,12 @@ class DBManager end + def report_event(opts = {}) + framework.db.queue(Proc.new { + Event.create(opts.merge(:workspace_id => workspace.id)) + }) + end + # # WMAP # Support methods diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb index 90c112cbda..668e990007 100644 --- a/lib/msf/core/exploit.rb +++ b/lib/msf/core/exploit.rb @@ -1,4 +1,5 @@ require 'msf/core' +require 'msf/core/module' module Msf diff --git a/lib/msf/core/exploit_driver.rb b/lib/msf/core/exploit_driver.rb index 769398a51c..61ec9ed04c 100644 --- a/lib/msf/core/exploit_driver.rb +++ b/lib/msf/core/exploit_driver.rb @@ -172,6 +172,8 @@ protected # Set the exploit up the bomb exploit.setup + exploit.framework.events.on_module_run(exploit) + # Launch the exploit exploit.exploit diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb index 354ba93226..eb0765a731 100644 --- a/lib/msf/core/framework.rb +++ b/lib/msf/core/framework.rb @@ -61,6 +61,7 @@ class Framework require 'msf/core/module_manager' require 'msf/core/session_manager' require 'msf/core/db_manager' + require 'msf/core/event_dispatcher' # # Creates an instance of the framework context. @@ -77,6 +78,13 @@ class Framework self.jobs = Rex::JobContainer.new self.plugins = PluginManager.new(self) self.db = DBManager.new(self) + + subscriber = FrameworkEventSubscriber.new(self) + events.add_exploit_subscriber(subscriber) + events.add_session_subscriber(subscriber) + events.add_general_subscriber(subscriber) + events.add_db_subscriber(subscriber) + events.add_ui_subscriber(subscriber) end def inspect @@ -179,5 +187,96 @@ protected attr_writer :db # :nodoc: end +class FrameworkEventSubscriber + include Framework::Offspring + def initialize(framework) + self.framework = framework + end + + def report_event(data) + data.merge!(:user => ENV['USER']) + framework.db.report_event(data) + end + + include GeneralEventSubscriber + def on_module_run(instance) + info = {} + info[:module_name] = instance.refname + info[:datastore] = instance.datastore + report_event(:name => "module_run", :info => info) + end + + include ::Msf::UiEventSubscriber + def on_ui_command(command) + report_event(:name => "ui_command", :info => {:command => command}) + end + + def on_ui_stop() + report_event(:name => "ui_stop") + end + + def on_ui_start(rev) + # + # The database is not active at startup time, so this event can never + # be saved to the db. Might look into storing it in a flat file or + # something later. + # + #info = { :revision => rev } + #report_event(:name => "ui_start", :info => info) + end + + require 'msf/core/session' + include ::Msf::SessionEvent + def on_session_open(session) + info = { :session_id => session.sid } + info[:via_exploit] = session.via_exploit + + # Strip off the port + address = session.tunnel_peer[0, session.tunnel_peer.rindex(":")] + host = framework.db.find_or_create_host(:host=>address) + + report_event(:name => "session_open", :info => info, :host_id => host.id) + end + + def on_session_close(session) + info = { :session_id => session.sid } + + # Strip off the port + address = session.tunnel_peer[0, session.tunnel_peer.rindex(":")] + host = framework.db.find_or_create_host(:host=>address) + + report_event(:name => "session_close", :info => info, :host_id => host.id) + end + + def on_session_interact(session) + info = { :session_id => session.sid } + + # Strip off the port + address = session.tunnel_peer[0, session.tunnel_peer.rindex(":")] + host = framework.db.find_or_create_host(:host=>address) + + report_event(:name => "session_interact", :info => info, :host_id => host.id) + end + + def on_session_command(session, command) + info = { :session_id => session.sid, :command => command } + + # Strip off the port + address = session.tunnel_peer[0, session.tunnel_peer.rindex(":")] + host = framework.db.find_or_create_host(:host=>address) + + report_event(:name => "session_command", :info => info, :host_id => host.id) + end + + + # + # This is covered by on_module_run and on_session_open, so don't bother + # + #require 'msf/core/exploit' + #include ExploitEvent + #def on_exploit_success(exploit, session) + #end + +end end diff --git a/lib/msf/ui.rb b/lib/msf/ui.rb index 09e77933f0..974f1ec87a 100644 --- a/lib/msf/ui.rb +++ b/lib/msf/ui.rb @@ -1,4 +1,15 @@ module Msf +module UiEventSubscriber + def on_ui_command(line) + end + + def on_ui_stop() + end + + def on_ui_start() + end +end + module Ui end end diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb index deb6f93aa5..9abdc8326e 100644 --- a/lib/msf/ui/console/driver.rb +++ b/lib/msf/ui/console/driver.rb @@ -10,17 +10,6 @@ module Msf module Ui module Console -class UiEventSubscriber - def on_ui_command(line) - end - - def on_ui_stop() - end - - def on_ui_start() - end -end - ### # # This class implements a user interface driver on a console interface. diff --git a/lib/msf/ui/driver.rb b/lib/msf/ui/driver.rb index 76a86ee81a..293c226cac 100644 --- a/lib/msf/ui/driver.rb +++ b/lib/msf/ui/driver.rb @@ -36,4 +36,4 @@ protected end end -end \ No newline at end of file +end