Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance analyze command API to understand modules' needs #15011

Merged
merged 16 commits into from May 14, 2021
Merged

Enhance analyze command API to understand modules' needs #15011

merged 16 commits into from May 14, 2021

Conversation

acammack-r7
Copy link
Contributor

Beginning steps to enhance the analyze command to be able to understand what potentially testable modules will need in order to run. Currently re-working vuln/service matching to lose less information. Putting more module option information in the module cache and/or having a step that instantiates good matches will likely be needed soon to provide better targeting.

@acammack-r7
Add local modules and statuses to analyze
0122daa
@acammack-r7
Move analyze results to new class & add creds
a33903f
@acammack-r7
Remove superfluous default_cred? methods
6096d0f
@acammack-r7
Attempt service-preserving analysis
b500724
@acammack-r7
Fix grouping of transitive vulns and add spec
14a3d48 
Properly merge the contents of the grouping sets when combining sets of
vulns. All permutations of simple double-transitive sets are now tested.
@acammack-r7
Make analyze output less verbose by default
861c538
@acammack-r7
Require meterpreter sessions by default
d05e637 
Some older modules don't have proper session type requirements. A
sampling indicates they nearly always require meterpreter, so we can add
this pending a metadata unification for those modules.
@acammack-r7
Fix service cred check
6b43004
@acammack-r7
Initialize modules to check datastore requirements
acc0439
@acammack-r7
Add messaging for invalid proposed option values
f645823
@acammack-r7 acammack-r7 marked this pull request as ready for review April 23, 2021 15:40
@pbarry-r7
Copy link
Contributor

Added folks as reviewers for visibility that this is posted up. Thanks!

adfoster-r7
adfoster-r7 reviewed May 7, 2021
View reviewed changes
lib/msf/core/analyze/result.rb Show resolved Hide resolved
spec/lib/msf/core/analyze_spec.rb Outdated Show resolved Hide resolved
spec/lib/msf/core/analyze_spec.rb Outdated Show resolved Hide resolved
lib/msf/core/db_manager/import.rb Outdated Show resolved Hide resolved
adfoster-r7
adfoster-r7 reviewed May 7, 2021
View reviewed changes
lib/msf/core/analyze.rb Outdated Show resolved Hide resolved
adfoster-r7
adfoster-r7 reviewed May 7, 2021
View reviewed changes
lib/msf/core/analyze/result.rb Show resolved Hide resolved
lib/msf/core/analyze/result.rb Show resolved Hide resolved
lib/msf/core/analyze/result.rb Show resolved Hide resolved
lib/msf/core/analyze/result.rb Outdated Show resolved Hide resolved
lib/msf/core/analyze/result.rb Outdated Show resolved Hide resolved
@adfoster-r7
Copy link
Contributor

Looks good to me 👍

I can get this landed after the those last tweaks are in 🚢 :shipit:

@adfoster-r7
Copy link
Contributor

Imports and analyzing working:

msf6 > db_import ~/Downloads/m3_report.xml
[*] Successfully imported /Users/adfoster/Downloads/m3_report.xml
msf6 > analyze
[*] Analysis for 192.168.18.118 ->
[*]   exploit/windows/smb/ms17_010_eternalblue - ready for testing
[*]   exploit/windows/smb/ms17_010_eternalblue_win8 - ready for testing
[*]   exploit/windows/smb/ms17_010_psexec - credentials are required
[*]   exploit/windows/smb/smb_doublepulsar_rce - ready for testing
msf6 > exit

And sweet bonus UX improvements too 🎉 🙇‍♂️

msf6 > analyze
[*] No existing hosts stored to analyze.

With hosts but no vulns:

msf6 > analyze
[*] No matching modules found.

Also confirmed what was discussed during module hacking - the speed is acceptable for a small number of hosts/vulns, but might need some tweaks to scale to larger data sets - but overall a great first step 👍

msf6 exploit(multi/http/cockpit_cms_rce) > time analyze 192.168.18.118
[*] Analysis for 192.168.18.118 ->
[*]   exploit/windows/smb/ms17_010_eternalblue - ready for testing
[*]   exploit/windows/smb/ms17_010_eternalblue_win8 - ready for testing
[*]   exploit/windows/smb/ms17_010_psexec - credentials are required
[*]   exploit/windows/smb/smb_doublepulsar_rce - ready for testing
[+] Command "analyze 192.168.18.118" completed in 1.021813000086695 seconds

I think it's just that last line that needs a tweak then we can get this shipped 🚢

@adfoster-r7 adfoster-r7 merged commit ac2c467 into rapid7:master May 14, 2021
@adfoster-r7
Copy link
Contributor

adfoster-r7 commented May 14, 2021
edited by pbarry-r7

Release Notes

Enhanced the analyze command to show additional information about an identified exploit being immediately runnable, or if it requires additional credentials or options to be set before being ran.

@sgonzalez-r7 sgonzalez-r7 added the rn-enhancement release notes enhancement label May 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erran-r7 erran-r7 Awaiting requested review from erran-r7

@ebleiweiss-r7 ebleiweiss-r7 Awaiting requested review from ebleiweiss-r7

@jmartin-tech jmartin-tech Awaiting requested review from jmartin-tech

@adfoster-r7 adfoster-r7 Awaiting requested review from adfoster-r7

Assignees
No one assigned
Labels
enhancement rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@acammack-r7 @pbarry-r7 @adfoster-r7 @sgonzalez-r7