Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

cleanup

  • Loading branch information...
commit 722e3fe669cc27145f25353be9dfe9d352b3d902 1 parent e4fa85b
Bernd authored December 01, 2011
4  lib/evasion-db/idmef-fetchers/prelude-db/lib/models/detect_time.rb
@@ -4,10 +4,6 @@ module PreludeDB
4 4
     class DetectTime < FIDIUS::PreludeDB::Connection
5 5
       set_primary_key :_message_ident
6 6
       set_table_name "Prelude_DetectTime"
7  
-      #def self.table_name
8  
-      #  puts "HALLO"
9  
-      #  "Prelude_DetectTime"
10  
-      #end
11 7
     end
12 8
   end
13 9
 end
8  lib/evasion-db/idmef-fetchers/prelude-db/lib/prelude_event_fetcher.rb
@@ -12,8 +12,6 @@ def config(conf)
12 12
       end
13 13
 
14 14
       def begin_record
15  
-        #a = FIDIUS::PreludeDB::Alert.find(:first,:joins => [:detect_time],:order=>"time DESC")
16  
-        #last_event = FIDIUS::PreludeDB::PreludeEvent.new(a)
17 15
         t = FIDIUS::PreludeDB::DetectTime.find(:first,:order=>"time DESC")
18 16
         @start_time = t.time
19 17
       end
@@ -24,9 +22,6 @@ def get_events
24 22
         sleep 3
25 23
         $logger.debug "alert.find(:all,:joins=>[:detect_time],time > #{@start_time})"
26 24
 
27  
-
28  
-        #events = FIDIUS::PreludeDB::Alert.find(:all,:joins => [:detect_time],:order=>"time DESC",:conditions=>["time > :d",{:d => @start_time}])
29  
-
30 25
         detect_times = FIDIUS::PreludeDB::DetectTime.find(:all,:order=>"time DESC",:conditions=>["time > :d",{:d => @start_time}])
31 26
         events = []
32 27
         detect_times.each do |dt|
@@ -41,7 +36,7 @@ def get_events
41 36
           if @local_ip
42 37
             if (ev.source_ip == @local_ip || ev.dest_ip == @local_ip)
43 38
               $logger.debug "adding #{ev.inspect} to events "
44  
-              res << ev  
  39
+              res << ev
45 40
             end
46 41
           else
47 42
             $logger.debug "adding #{ev.inspect} to events "
@@ -75,4 +70,3 @@ def fetch_events(module_instance=nil)
75 70
   $logger.debug "loading #{rb}"
76 71
   require rb
77 72
 end
78  
-
7  lib/evasion-db/knowledge/ids_rule.rb
@@ -27,13 +27,6 @@ def self.create_if_not_exists(text,sort=0)
27 27
         rescue
28 28
           puts $!.message
29 29
         end
30  
-        # try again without ignore maybe our database does not support ignore
31  
-        #SQLite3::SQLException: near "IGNORE"
32  
-        #h = Digest::MD5.hexdigest(text)
33  
-        #rule = self.find_or_create_by_rule_hash(h)
34  
-        #rule.rule_text=text
35  
-        #rule.sort = sort
36  
-        #rule.save
37 30
       end
38 31
     end
39 32
   end
3  lib/evasion-db/postgres_patch.rb
@@ -10,8 +10,6 @@
10 10
 #             ORDER BY a.attnum
11 11
 # provided @http://s3.amazonaws.com/activereload-lighthouse/assets/a3d9b3646f58246ef6ffe027001dd643cca7aade/postgresql-support-capitalized-table-names.diff?AWSAccessKeyId=1AJ9W2TX1B2Z7C2KYB82&Expires=1290010522&Signature=ignfCi9%2Bm37oHijccGBsbJj298w%3D
12 12
 
13  
-puts ">> Loading Postgres patch"
14  
-
15 13
 module ActiveRecord
16 14
   module ConnectionAdapters
17 15
     class PostgreSQLAdapter < AbstractAdapter
@@ -21,4 +19,3 @@ def quote_table_name(name)
21 19
     end
22 20
   end
23 21
 end
24  
-
23  lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb
... ...
@@ -1,20 +1,13 @@
1 1
 module FIDIUS
2 2
   module EvasionDB
3 3
     # This recorder provides an interface for the metasploit console
4  
-    # it is used to have callbacks when modules are executed. 
5  
-    # 
  4
+    # it is used to have callbacks when modules are executed.
  5
+    #
6 6
     # @see {file:msf-plugins/evasiondb.rb}
7 7
     module MsfRecorder
8 8
       def module_started(module_instance)
9 9
         # use rule_fetcher if the module starts
10 10
         @@current_exploit = FIDIUS::EvasionDB::Knowledge::AttackModule.find_or_create_by_name_and_options(module_instance.fullname,module_instance.datastore)
11  
-        #begin
12  
-        #  if FIDIUS::EvasionDB.current_rule_fetcher
13  
-        #    FIDIUS::EvasionDB.current_rule_fetcher.fetch_rules(@@current_exploit)
14  
-        #  end
15  
-        #rescue
16  
-        #  puts $!.message+":"+$!.backtrace.to_s
17  
-        #end
18 11
         FIDIUS::EvasionDB.current_fetcher.begin_record
19 12
       end
20 13
 
@@ -35,7 +28,7 @@ def module_completed(module_instance)
35 28
             if module_instance && module_instance.respond_to?("fullname")
36 29
               $logger.debug "idmef_events << #{idmef_event}"
37 30
               @@current_exploit.idmef_events << idmef_event
38  
-              # meterpreter is not a module and does not respond to fullname 
  31
+              # meterpreter is not a module and does not respond to fullname
39 32
               # we handle this seperatly
40 33
             elsif module_instance == "Meterpreter"
41 34
               $logger.debug "attack_payload.idmef_events << #{idmef_event}"
@@ -56,17 +49,15 @@ def module_error(module_instance,exception)
56 49
 
57 50
       def log_packet(module_instance,data,socket)
58 51
         begin
59  
-          # set local ip, if there is no
60  
-          #FIDIUS::EvasionDB.current_fetcher.local_ip = FIDIUS::Common.get_my_ip(socket.peerhost)
61 52
           $logger.debug "logged module_instance: #{module_instance} with #{data.size} bytes payload"
62  
-          # TODO: what shall we do with meterpreter? 
  53
+          # TODO: what shall we do with meterpreter?
63 54
           # it has not options and no fullname, logger assigns only the string "meterpreter"
64 55
           if module_instance.respond_to?("fullname")
65 56
             unless @@current_exploit.finished
66 57
               @@current_exploit.packets << FIDIUS::EvasionDB::Knowledge::Packet.create(:payload=>data,:src_addr=>socket.localhost,:src_port=>socket.localport,:dest_addr=>socket.peerhost,:dest_port=>socket.peerport)
67 58
               @@current_exploit.save
68 59
             end
69  
-          # meterpreter is not a module and does not respond to fullname 
  60
+          # meterpreter is not a module and does not respond to fullname
70 61
           # we handle this seperatly
71 62
           elsif module_instance == "Meterpreter"
72 63
             $logger.debug "module_instance is meterpreter"
@@ -77,8 +68,8 @@ def log_packet(module_instance,data,socket)
77 68
           $logger.debug "LOG: #{module_instance} #{data.size} Bytes on #{socket}"
78 69
         rescue ActiveRecord::StatementInvalid
79 70
           $logger.error "StatementInvalid"
80  
-        rescue 
81  
-          $logger.error "error:" # "#{$!.message}" ##{$!.inspect}:#{$!.backtrace}"
  71
+        rescue
  72
+          $logger.error "error:"
82 73
         end
83 74
       end
84 75
     end
9  lib/evasion-db/rule_fetchers/snort/lib/snort.rb
@@ -3,7 +3,7 @@
3 3
 rescue
4 4
   raise "can not find snortor gem. Please gem install snortor"
5 5
 end
6  
-#require 'evasion-db/vendor/bitfield'
  6
+
7 7
 require File.join(FIDIUS::EvasionDB::GEM_BASE, 'evasion-db', 'vendor', 'bitfield')
8 8
 
9 9
 module FIDIUS
@@ -52,15 +52,12 @@ def fetch_rules(attack_module)
52 52
         ruleset.save
53 53
       end
54 54
 
55  
-      # fetches rules with snortor 
  55
+      # fetches rules with snortor
56 56
       # and stores them all into db
57 57
       def import_rules
58 58
         raise "rules imported already" if FIDIUS::EvasionDB::Knowledge::IdsRule.all.size > 0
59 59
         import_rules_to_snortor
60 60
 
61  
-        start_time = Time.now
62  
-        puts "rules exported save to db now"
63  
-
64 61
         i = 0
65 62
         insert_query = []
66 63
         Snortor.rules.each do |rule|
@@ -79,8 +76,6 @@ def import_rules
79 76
             puts $!.message+":"+$!.backtrace.to_s
80 77
           end
81 78
         end
82  
-        end_time = Time.now
83  
-        puts "Import needed #{end_time-start_time} seconds"
84 79
       end
85 80
 
86 81
       def config(conf)
1  lib/evasion-db/rule_fetchers/snort/rule_fetcher.rb
... ...
@@ -1,4 +1,3 @@
1  
-puts "loading snort_fetcher"
2 1
 FIDIUS::EvasionDB.rule_fetcher "Snortrule-Fetcher" do
3 2
   install do
4 3
     require (File.join File.dirname(__FILE__), 'lib', 'snort.rb')
13  lib/msf-plugins/evasiondb.rb
@@ -52,7 +52,7 @@ def to_hex_dump(str, from=-1, to=-1)
52 52
 		snl = false
53 53
 		lst = 0
54 54
     rclosed = true
55  
-		while (idx < str.length)      
  55
+		while (idx < str.length)
56 56
 			chunk = str[idx, width]
57 57
 			line  = chunk.unpack("H*")[0].scan(/../).join(" ")
58 58
       if from >= idx && from < idx+width
@@ -184,7 +184,7 @@ def cmd_config_exploit(*args)
184 184
     def cmd_show_packet(*args)
185 185
       raise "please provide packet_id" if args.size != 1
186 186
       packet = FIDIUS::EvasionDB::Knowledge::Packet.find(args[0].to_i)
187  
-      
  187
+
188 188
       hex = to_hex_dump(packet.payload)
189 189
       print_line hex
190 190
     end
@@ -203,7 +203,7 @@ def cmd_show_event(*args)
203 203
         print_line "#{packet[:packet].payload.size} bytes"
204 204
         print_line "match #{packet[:index]} - #{packet[:index]+packet[:length]-1}"
205 205
         hex = to_hex_dump(packet[:packet].payload,packet[:index],packet[:index]+packet[:length]-1)
206  
-        print_line hex      
  206
+        print_line hex
207 207
       else
208 208
         print_line "no packets available"
209 209
       end
@@ -213,7 +213,6 @@ def cmd_show_event(*args)
213 213
     end
214 214
 
215 215
     def cmd_fetch_events(*args)
216  
-      #events = FIDIUS::EvasionDB::Knowledge.fetch_events
217 216
       FIDIUS::EvasionDB.current_fetcher.local_ip = nil
218 217
       events = FIDIUS::EvasionDB.current_fetcher.fetch_events
219 218
       if events
@@ -286,7 +285,7 @@ def self.log_packet(socket,data,module_instance=nil)
286 285
   end
287 286
 
288 287
   def self.inspect_socket(socket)
289  
-    "#{socket.localhost}:#{socket.localport} -> #{socket.peerhost}:#{socket.peerport}"    
  288
+    "#{socket.localhost}:#{socket.localport} -> #{socket.peerhost}:#{socket.peerport}"
290 289
   end
291 290
 
292 291
   class MySocketEventHandler
@@ -339,7 +338,7 @@ def on_module_error(instance, exception)
339 338
 end #FIDIUS
340 339
 
341 340
 # This extends the PacketDispatcher from Rex
342  
-# with Logging 
  341
+# with Logging
343 342
 # Original Source is: lib/rex/post/meterpreter/packet_dispatcher.rb
344 343
 module Rex::Post::Meterpreter::PacketDispatcher
345 344
   def send_packet(packet, completion_routine = nil, completion_param = nil)
@@ -362,7 +361,7 @@ def send_packet(packet, completion_routine = nil, completion_param = nil)
362 361
         @finish = true
363 362
 
364 363
         # Reraise the error to the top-level caller
365  
-        raise e		
  364
+        raise e
366 365
       end
367 366
     end
368 367
 

0 notes on commit 722e3fe

Please sign in to comment.
Something went wrong with that request. Please try again.