cleanup

fidius · Dec 1, 2011 · 722e3fe · 722e3fe
1 parent e4fa85b
commit 722e3fe
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 52 deletions.
diff --git a/lib/evasion-db/idmef-fetchers/prelude-db/lib/models/detect_time.rb b/lib/evasion-db/idmef-fetchers/prelude-db/lib/models/detect_time.rb
@@ -4,10 +4,6 @@ module PreludeDB
     class DetectTime < FIDIUS::PreludeDB::Connection
       set_primary_key :_message_ident
       set_table_name "Prelude_DetectTime"
-      #def self.table_name
-      #  puts "HALLO"
-      #  "Prelude_DetectTime"
-      #end
     end
   end
 end
diff --git a/lib/evasion-db/idmef-fetchers/prelude-db/lib/prelude_event_fetcher.rb b/lib/evasion-db/idmef-fetchers/prelude-db/lib/prelude_event_fetcher.rb
@@ -12,8 +12,6 @@ def config(conf)
       end
 
       def begin_record
-        #a = FIDIUS::PreludeDB::Alert.find(:first,:joins => [:detect_time],:order=>"time DESC")
-        #last_event = FIDIUS::PreludeDB::PreludeEvent.new(a)
         t = FIDIUS::PreludeDB::DetectTime.find(:first,:order=>"time DESC")
         @start_time = t.time
       end
@@ -24,9 +22,6 @@ def get_events
         sleep 3
         $logger.debug "alert.find(:all,:joins=>[:detect_time],time > #{@start_time})"
 
-
-        #events = FIDIUS::PreludeDB::Alert.find(:all,:joins => [:detect_time],:order=>"time DESC",:conditions=>["time > :d",{:d => @start_time}])
-
         detect_times = FIDIUS::PreludeDB::DetectTime.find(:all,:order=>"time DESC",:conditions=>["time > :d",{:d => @start_time}])
         events = []
         detect_times.each do |dt|
@@ -41,7 +36,7 @@ def get_events
           if @local_ip
             if (ev.source_ip == @local_ip || ev.dest_ip == @local_ip)
               $logger.debug "adding #{ev.inspect} to events "
-              res << ev  
+              res << ev
             end
           else
             $logger.debug "adding #{ev.inspect} to events "
@@ -75,4 +70,3 @@ def fetch_events(module_instance=nil)
   $logger.debug "loading #{rb}"
   require rb
 end
-
diff --git a/lib/evasion-db/knowledge/ids_rule.rb b/lib/evasion-db/knowledge/ids_rule.rb
@@ -27,13 +27,6 @@ def self.create_if_not_exists(text,sort=0)
         rescue
           puts $!.message
         end
-        # try again without ignore maybe our database does not support ignore
-        #SQLite3::SQLException: near "IGNORE"
-        #h = Digest::MD5.hexdigest(text)
-        #rule = self.find_or_create_by_rule_hash(h)
-        #rule.rule_text=text
-        #rule.sort = sort
-        #rule.save
       end
     end
   end

diff --git a/lib/evasion-db/postgres_patch.rb b/lib/evasion-db/postgres_patch.rb
@@ -10,8 +10,6 @@
 #             ORDER BY a.attnum
 # provided @http://s3.amazonaws.com/activereload-lighthouse/assets/a3d9b3646f58246ef6ffe027001dd643cca7aade/postgresql-support-capitalized-table-names.diff?AWSAccessKeyId=1AJ9W2TX1B2Z7C2KYB82&Expires=1290010522&Signature=ignfCi9%2Bm37oHijccGBsbJj298w%3D
 
-puts ">> Loading Postgres patch"
-
 module ActiveRecord
   module ConnectionAdapters
     class PostgreSQLAdapter < AbstractAdapter
@@ -21,4 +19,3 @@ def quote_table_name(name)
     end
   end
 end
-
diff --git a/lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb b/lib/evasion-db/recorders/msf-recorder/lib/msf-recorder.rb
@@ -1,20 +1,13 @@
 module FIDIUS
   module EvasionDB
     # This recorder provides an interface for the metasploit console
-    # it is used to have callbacks when modules are executed. 
+    # it is used to have callbacks when modules are executed.
-    # 
+    #
     # @see {file:msf-plugins/evasiondb.rb}
     module MsfRecorder
       def module_started(module_instance)
         # use rule_fetcher if the module starts
         @@current_exploit = FIDIUS::EvasionDB::Knowledge::AttackModule.find_or_create_by_name_and_options(module_instance.fullname,module_instance.datastore)
-        #begin
-        #  if FIDIUS::EvasionDB.current_rule_fetcher
-        #    FIDIUS::EvasionDB.current_rule_fetcher.fetch_rules(@@current_exploit)
-        #  end
-        #rescue
-        #  puts $!.message+":"+$!.backtrace.to_s
-        #end
         FIDIUS::EvasionDB.current_fetcher.begin_record
       end
 
@@ -35,7 +28,7 @@ def module_completed(module_instance)
             if module_instance && module_instance.respond_to?("fullname")
               $logger.debug "idmef_events << #{idmef_event}"
               @@current_exploit.idmef_events << idmef_event
-              # meterpreter is not a module and does not respond to fullname 
+              # meterpreter is not a module and does not respond to fullname
               # we handle this seperatly
             elsif module_instance == "Meterpreter"
               $logger.debug "attack_payload.idmef_events << #{idmef_event}"
@@ -56,17 +49,15 @@ def module_error(module_instance,exception)
 
       def log_packet(module_instance,data,socket)
         begin
-          # set local ip, if there is no
-          #FIDIUS::EvasionDB.current_fetcher.local_ip = FIDIUS::Common.get_my_ip(socket.peerhost)
           $logger.debug "logged module_instance: #{module_instance} with #{data.size} bytes payload"
-          # TODO: what shall we do with meterpreter? 
+          # TODO: what shall we do with meterpreter?
           # it has not options and no fullname, logger assigns only the string "meterpreter"
           if module_instance.respond_to?("fullname")
             unless @@current_exploit.finished
               @@current_exploit.packets << FIDIUS::EvasionDB::Knowledge::Packet.create(:payload=>data,:src_addr=>socket.localhost,:src_port=>socket.localport,:dest_addr=>socket.peerhost,:dest_port=>socket.peerport)
               @@current_exploit.save
             end
-          # meterpreter is not a module and does not respond to fullname 
+          # meterpreter is not a module and does not respond to fullname
           # we handle this seperatly
           elsif module_instance == "Meterpreter"
             $logger.debug "module_instance is meterpreter"
@@ -77,8 +68,8 @@ def log_packet(module_instance,data,socket)
           $logger.debug "LOG: #{module_instance} #{data.size} Bytes on #{socket}"
         rescue ActiveRecord::StatementInvalid
           $logger.error "StatementInvalid"
-        rescue 
+        rescue
-          $logger.error "error:" # "#{$!.message}" ##{$!.inspect}:#{$!.backtrace}"
+          $logger.error "error:"
         end
       end
     end

diff --git a/lib/evasion-db/rule_fetchers/snort/lib/snort.rb b/lib/evasion-db/rule_fetchers/snort/lib/snort.rb
@@ -3,7 +3,7 @@
 rescue
   raise "can not find snortor gem. Please gem install snortor"
 end
-#require 'evasion-db/vendor/bitfield'
+
 require File.join(FIDIUS::EvasionDB::GEM_BASE, 'evasion-db', 'vendor', 'bitfield')
 
 module FIDIUS
@@ -52,15 +52,12 @@ def fetch_rules(attack_module)
         ruleset.save
       end
 
-      # fetches rules with snortor 
+      # fetches rules with snortor
       # and stores them all into db
       def import_rules
         raise "rules imported already" if FIDIUS::EvasionDB::Knowledge::IdsRule.all.size > 0
         import_rules_to_snortor
 
-        start_time = Time.now
-        puts "rules exported save to db now"
-
         i = 0
         insert_query = []
         Snortor.rules.each do |rule|
@@ -79,8 +76,6 @@ def import_rules
             puts $!.message+":"+$!.backtrace.to_s
           end
         end
-        end_time = Time.now
-        puts "Import needed #{end_time-start_time} seconds"
       end
 
       def config(conf)

diff --git a/lib/evasion-db/rule_fetchers/snort/rule_fetcher.rb b/lib/evasion-db/rule_fetchers/snort/rule_fetcher.rb
@@ -1,4 +1,3 @@
-puts "loading snort_fetcher"
 FIDIUS::EvasionDB.rule_fetcher "Snortrule-Fetcher" do
   install do
     require (File.join File.dirname(__FILE__), 'lib', 'snort.rb')

diff --git a/lib/msf-plugins/evasiondb.rb b/lib/msf-plugins/evasiondb.rb
@@ -52,7 +52,7 @@ def to_hex_dump(str, from=-1, to=-1)
 		snl = false
 		lst = 0
     rclosed = true
-		while (idx < str.length)      
+		while (idx < str.length)
 			chunk = str[idx, width]
 			line  = chunk.unpack("H*")[0].scan(/../).join(" ")
       if from >= idx && from < idx+width
@@ -184,7 +184,7 @@ def cmd_config_exploit(*args)
     def cmd_show_packet(*args)
       raise "please provide packet_id" if args.size != 1
       packet = FIDIUS::EvasionDB::Knowledge::Packet.find(args[0].to_i)
-      
+
       hex = to_hex_dump(packet.payload)
       print_line hex
     end
@@ -203,7 +203,7 @@ def cmd_show_event(*args)
         print_line "#{packet[:packet].payload.size} bytes"
         print_line "match #{packet[:index]} - #{packet[:index]+packet[:length]-1}"
         hex = to_hex_dump(packet[:packet].payload,packet[:index],packet[:index]+packet[:length]-1)
-        print_line hex      
+        print_line hex
       else
         print_line "no packets available"
       end
@@ -213,7 +213,6 @@ def cmd_show_event(*args)
     end
 
     def cmd_fetch_events(*args)
-      #events = FIDIUS::EvasionDB::Knowledge.fetch_events
       FIDIUS::EvasionDB.current_fetcher.local_ip = nil
       events = FIDIUS::EvasionDB.current_fetcher.fetch_events
       if events
@@ -286,7 +285,7 @@ def self.log_packet(socket,data,module_instance=nil)
   end
 
   def self.inspect_socket(socket)
-    "#{socket.localhost}:#{socket.localport} -> #{socket.peerhost}:#{socket.peerport}"    
+    "#{socket.localhost}:#{socket.localport} -> #{socket.peerhost}:#{socket.peerport}"
   end
 
   class MySocketEventHandler
@@ -339,7 +338,7 @@ def on_module_error(instance, exception)
 end #FIDIUS
 
 # This extends the PacketDispatcher from Rex
-# with Logging 
+# with Logging
 # Original Source is: lib/rex/post/meterpreter/packet_dispatcher.rb
 module Rex::Post::Meterpreter::PacketDispatcher
   def send_packet(packet, completion_routine = nil, completion_param = nil)
@@ -362,7 +361,7 @@ def send_packet(packet, completion_routine = nil, completion_param = nil)
         @finish = true
 
         # Reraise the error to the top-level caller
-        raise e		
+        raise e
       end
     end