Land #18581, Add hierarchical search table support

rapid7 · Dec 4, 2023 · 45c5479 · 45c5479
2 parents 4c13d35 + 02c892c
commit 45c5479
Show file tree

Hide file tree

Showing 10 changed files with 207 additions and 32 deletions.
diff --git a/data/auxiliary/gather/ldap_query/ldap_queries_default.yaml b/data/auxiliary/gather/ldap_query/ldap_queries_default.yaml
@@ -135,7 +135,7 @@ queries:
       - https://www.netspi.com/blog/technical/network-penetration-testing/exploiting-adidns/
       - https://github.com/dirkjanm/krbrelayx/blob/master/dnstool.py
   - action: ENUM_DNS_ZONES
-    description: 'Dump info about DNS zones the server knows about using the dnsZone object class under the DC DomainDnsZones. This is needed as without this BASEDN prefix we often miss certain entries.'
+    description: 'Dump all known DNS zones using the dnsZone object class under the DC DomainDnsZones. Without A BASEDN prefix you can miss certain entries.'
     filter: '(objectClass=dnsZone)'
     base_dn_prefix: 'DC=DomainDnsZones'
     attributes:
@@ -325,7 +325,7 @@ queries:
     references:
       - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
   - action: ENUM_USER_ASREP_ROASTABLE
-    description: 'Dump info about all users who are configured not to require kerberos pre-authentication and are therefore AS-REP roastable.'
+    description: 'Dump all users who are configured not to require kerberos pre-authentication, i.e. AS-REP roastable.'
     filter: '(&(samAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=4194304))'
     attributes:
       - cn

diff --git a/lib/msf/core/feature_manager.rb b/lib/msf/core/feature_manager.rb
@@ -21,6 +21,7 @@ class FeatureManager
     METASPLOIT_PAYLOAD_WARNINGS = 'metasploit_payload_warnings'
     DEFER_MODULE_LOADS = 'defer_module_loads'
     DNS_FEATURE = 'dns_feature'
+    HIERARCHICAL_SEARCH_TABLE = 'hierarchical_search_table'
     DEFAULTS = [
       {
         name: WRAPPED_TABLES,
@@ -60,6 +61,12 @@ class FeatureManager
         description: 'When enabled, allows configuration of DNS resolution behaviour in Metasploit',
         requires_restart: false,
         default_value: false
+      }.freeze,
+      {
+        name: HIERARCHICAL_SEARCH_TABLE,
+        description: 'When enabled, the search table is enhanced to show details on module actions and targets',
+        requires_restart: false,
+        default_value: false
       }.freeze
     ].freeze
 

diff --git a/lib/msf/core/modules/metadata/obj.rb b/lib/msf/core/modules/metadata/obj.rb
@@ -8,6 +8,8 @@ module Modules
 module Metadata
 
 class Obj
+  # @return [Hash]
+  attr_reader :actions
   # @return [String]
   attr_reader :name
   # @return [String]
@@ -98,6 +100,15 @@ def initialize(module_instance, obj_hash = nil)
     @ref_name           = module_instance.class.refname
     @needs_cleanup      = module_instance.respond_to?(:needs_cleanup) && module_instance.needs_cleanup
 
+    if module_instance.respond_to?(:actions)
+      @actions = module_instance.actions.sort_by(&:name).map do |action|
+        {
+          'name' => action.name,
+          'description' => action.description
+        }
+      end
+    end
+
     if module_instance.respond_to?(:autofilter_ports)
       @autofilter_ports = module_instance.autofilter_ports
     end
@@ -171,6 +182,8 @@ def to_json(*args)
       'needs_cleanup'      => @needs_cleanup,
     }
 
+    data['actions'] = @actions if @actions
+
     if @payload_type
       payload_data = {
         'payload_type'       => @payload_type,
@@ -211,6 +224,7 @@ def path
   #######
 
   def init_from_hash(obj_hash)
+    @actions             = obj_hash['actions']
     @name                = obj_hash['name']
     @fullname            = obj_hash['fullname']
     @aliases             = obj_hash['aliases'] || []
@@ -257,6 +271,16 @@ def sort_platform_string
   end
 
   def force_encoding(encoding)
+    if @actions
+      # Encode the actions hashes, assumes that there are no nested hashes
+      @actions = @actions.map do |action|
+        action.map do |k, v|
+          new_key = k.dup.force_encoding(encoding)
+          new_value = v.is_a?(String) ? v.dup.force_encoding(encoding) : v
+          [new_key, new_value]
+        end.to_h
+      end
+    end
     @name = @name.dup.force_encoding(encoding)
     @fullname = @fullname.dup.force_encoding(encoding)
     @description = @description.dup.force_encoding(encoding)

diff --git a/lib/msf/core/modules/metadata/search.rb b/lib/msf/core/modules/metadata/search.rb
@@ -8,6 +8,7 @@ module Msf::Modules::Metadata::Search
 
   VALID_PARAMS =
     %w[
+      action
       adapter
       aka
       arch
@@ -139,7 +140,8 @@ def is_match(params, module_metadata)
         # free form text search will honor 'and' semantics, i.e. 'metasploit pro' will only match modules that contain both
         # words, and will return false when only one word is matched
         if keyword == 'text'
-          text_segments = [module_metadata.name, module_metadata.fullname, module_metadata.description] + module_metadata.references + module_metadata.author + (module_metadata.notes['AKA'] || [])
+          module_actions = (module_metadata.actions || []).flat_map { |action| action.values.map(&:to_s) }
+          text_segments = [module_metadata.name, module_metadata.fullname, module_metadata.description] + module_metadata.references + module_metadata.author + (module_metadata.notes['AKA'] || []) + module_actions
 
           if module_metadata.targets
             text_segments = text_segments + module_metadata.targets
@@ -167,6 +169,8 @@ def is_match(params, module_metadata)
 
           regex = as_regex(search_term)
           case keyword
+            when 'action'
+              match = [keyword, search_term] if (module_metadata&.actions || []).any? { |action| action.any? { |k, v| k =~ regex || v =~ regex } }
             when 'aka'
               match = [keyword, search_term] if (module_metadata.notes['AKA'] || []).any? { |aka| aka =~ regex }
             when 'author', 'authors'