New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simplified UX + enhancements for msfdb #11299

Merged
merged 17 commits into from Jan 25, 2019

Conversation

Projects
None yet
2 participants
@ebleiweiss-r7
Copy link
Contributor

ebleiweiss-r7 commented Jan 22, 2019

MS-3710

The msfdb script currently asks the user a whole bunch of overwhelming questions, especially when you do an init. All we really need to know is their desired webservice username, password, and whether they want to delete existing configs. This PR condenses the list of questions that the user has to answer.

Other enhancements:

  • Colored terminal output to help visually distinguish prompts and errors
  • A big ol' obvious info/warning message that lets a user know they should save/store their web token
  • A password prompt/command line option, in case the user wants to specify a password instead of having one randomly generated
  • A use-defaults command line option, which makes the whole script non-interactive, and uses all default values instead of prompting the user on an init
  • A [no-]msf-data-service command option, which allows a user to specify a name for the local msfconsole data service connection
  • start_db no longer loops forever if it encounters a database error, such as an incompatible version of postgres

screen shot 2019-01-23 at 12 51 45 pm

Verification

Test that the init process still works as expected, but with enhancements

  • ./msfdb delete
  • ./msfdb status
  • Verify that the database and web services are deleted
  • ./msfdb init
  • Verify that you get prompted for a password
  • Verify that you receive display output with your username, password, and web token
  • Verify that the web service gets created correctly (https://localhost:8080/api/v1/api-docs)

Test that you don't get prompted about deletion unnecessarily

  • ./msfdb delete --component database
  • ./msfdb init --component database
  • Verify that you do not see the prompt Would you like to delete your existing data and configurations?: (Since you just deleted the database, there's nothing left to delete)
  • ./msfdb reinit --component webservice to get things back into a working state, since you just deleted the database

Test the new --use-defaults command line option

  • ./msfdb reinit --use-defaults
  • Verify that you received no prompts, but that you still get a nice display of your creds and web token

Test the new --pass command line option

  • ./msfdb reinit --pass Password123
  • Verify that you do not receive a password prompt
  • Verify that the password output (MSF web service password) matches the input

Test the new [no-]msf-data-service command line option

  • ./msfdb reinit --msf-data-service custom_data_service
  • Verify that you do not receive a prompt to either add or name a data service connection
  • Open msf console ./msfconsole
  • db_connect -l
  • Verify that custom_data_service is present and set as default
  • ./msfdb reinit --no-msf-data-service
  • Verify that you do not receive a prompt to either add or name a data service connection
  • Open msf console ./msfconsole
  • db_connect -l
  • Verify that no additional data service connections have been added

ebleiweiss-r7 added some commits Jan 15, 2019

ebleiweiss-r7 added some commits Jan 23, 2019

@ebleiweiss-r7 ebleiweiss-r7 changed the title [WIP] Simplified UX + enhancements for msfdb Simplified UX + enhancements for msfdb Jan 24, 2019

@ebleiweiss-r7 ebleiweiss-r7 removed the delayed label Jan 24, 2019

ebleiweiss-r7 added some commits Jan 24, 2019

@jbarnett-r7 jbarnett-r7 self-assigned this Jan 24, 2019

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

jbarnett-r7 commented Jan 24, 2019

We probably don't need to address this in this PR, but it looks like msfdb delete only deletes the database data and config files. The webservice files still persist:

jbarnett@AUS-MBP-5726 ~/rapid7/msf_jbarnett ((HEAD detached at upstream/pr/11299)) $ ./msfdb delete
[?] Would you like to delete your existing data and configurations?: y
Stopping database at /Users/jbarnett/.msf4/db
Deleting all data at /Users/jbarnett/.msf4/db
MSF web service is no longer running
jbarnett@AUS-MBP-5726 ~/rapid7/msf_jbarnett ((HEAD detached at upstream/pr/11299)) $ ls ~/.msf4/
config			john.pot		logos			loot			modules			msf-ws-config.ru	plugins
history			local			logs			loot_bak		msf-ws-cert.pem		msf-ws-key.pem		store
jbarnett@AUS-MBP-5726 ~/rapid7/msf_jbarnett ((HEAD detached at upstream/pr/11299)) $ ./msfdb init
[?] Would you like to delete your existing data and configurations?: 

Since the --component options exist I would assume the default is to delete everything.

@ebleiweiss-r7

This comment has been minimized.

Copy link
Contributor Author

ebleiweiss-r7 commented Jan 24, 2019

Yeah, right now an msfdb delete behaves identically to stop for the webservice. I can look into adding that if you think it's in scope for this PR.

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

jbarnett-r7 commented Jan 24, 2019

According to the JIRA ticket, we were going to remove prompts confirming if the user wanted to add the local data service and just add it with the local-https-data-service name by default. Did we decide in a conversation that wasn't going to be the case?

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

jbarnett-r7 commented Jan 24, 2019

Yeah, right now an msfdb delete behaves identically to stop the webservice. I can look into adding that if you think it's in scope for this PR.

If it's simple, go ahead and do it here. If not, let me know and I'll throw a ticket on the backlog.

ebleiweiss-r7 added some commits Jan 25, 2019

@ebleiweiss-r7

This comment has been minimized.

Copy link
Contributor Author

ebleiweiss-r7 commented Jan 25, 2019

Updates:

  • The script will no longer prompt you to add a msf webservice connection and name. If you don't want to add a connection, or if you want a custom name, you can pass in the command line argument --[no-]msf-data-service NAME
  • msfdb delete --component webservice now deletes files relevant to the webservice
@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

jbarnett-r7 commented Jan 25, 2019

I just noticed that now that we automatically add the web service to console, the output text should probably be changed. Here is what it looks like currently:

jbarnett@AUS-MBP-5726 ~/rapid7/msf_jbarnett ((HEAD detached at upstream/pr/11299)) $ ./msfdb reinit --msf-data-service blah
[?] Would you like to delete your existing data and configurations?: y
Stopping database at /Users/jbarnett/.msf4/db
Deleting all data at /Users/jbarnett/.msf4/db
Creating database at /Users/jbarnett/.msf4/db
Starting database at /Users/jbarnett/.msf4/db...success
Creating database users
Writing client authentication configuration file /Users/jbarnett/.msf4/db/pg_hba.conf
Stopping database at /Users/jbarnett/.msf4/db
Starting database at /Users/jbarnett/.msf4/db...success
Creating initial database schema
Stopping MSF web service PID 13470
[?] Initial MSF web service account username? [jbarnett]: 
[?] Initial MSF web service account password? (Leave blank for random password): 
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user jbarnett

    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
    ##        Please store these credentials securely.        ##
    ##    You will need them to connect to the webservice.    ##
    ############################################################

MSF web service username: jbarnett
MSF web service password: <REDACTED>
MSF web service user API token: <REDACTED>


MSF web service configuration complete
Connect to the data service in msfconsole using the command:
db_connect --token <REDACTED> --cert /Users/jbarnett/.msf4/msf-ws-cert.pem --skip-verify https://localhost:8080

The username and password are credentials for the API account:
https://localhost:8080/api/v1/auth/account

We should probably change it to something like:

MSF web service configuration complete
The web service has been configured as your default data service named "<name>".

If needed, manually reconnect to the data service with the following command in msfconsole:
db_connect --token <REDACTED> --cert /Users/jbarnett/.msf4/msf-ws-cert.pem --skip-verify https://localhost:8080

The username and password are credentials for the API account:
https://localhost:8080/api/v1/auth/account
@ebleiweiss-r7

This comment has been minimized.

Copy link
Contributor Author

ebleiweiss-r7 commented Jan 25, 2019

Updated that message

@jbarnett-r7 jbarnett-r7 merged commit 6802bee into rapid7:master Jan 25, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jbarnett-r7 added a commit that referenced this pull request Jan 25, 2019

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

jbarnett-r7 commented Jan 25, 2019

Release Notes

Enhance the usability of the msfdb script. This is done by simplifying the questions asked during the init and reinit options. New flags were also added to improve scripting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment