Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing report web methods #12583

Merged
merged 3 commits into from Nov 18, 2019

Conversation

@dwelch-r7
Copy link
Contributor

dwelch-r7 commented Nov 16, 2019

Resolves #12523 and #12334

Adds missing apis for reporting web pages, forms and vulns

Still needs swagger docs but no point delaying review of the rest

Verification

  • Start msfconsole
  • use auxiliary/scanner/http/brute_dirs
  • set options
  • Verify it doesn't break when it discovers a directory
dwelch-r7 added 3 commits Nov 15, 2019
Also adds some extra verification for the specified workspace in incoming requests
@@ -37,12 +37,20 @@ def self.process_opts_workspace(opts, framework, required = true)
raise ArgumentError.new("opts must include a valid :workspace")
end

if wspace.kind_of?(String)
case wspace

This comment has been minimized.

Copy link
@busterb

busterb Nov 16, 2019

Member

Nice catch here, this seems pretty useful.

This comment has been minimized.

Copy link
@busterb

busterb Nov 18, 2019

Member

@jmartin-r7 this might solve some of the Pro issues you were running into as well

This comment has been minimized.

Copy link
@jmartin-r7

jmartin-r7 Nov 18, 2019

Contributor

This is one of the paths in the possible solutions set. Definitely an improvement on detection.

There are other possible ramifications as this does not yet handle when the workspace name is changed from under the existing object by another db connection.

Copy link
Member

busterb left a comment

Checked it out locally, this looks like he right way to go. Thanks!

@dwelch-r7 dwelch-r7 marked this pull request as ready for review Nov 18, 2019
@dwelch-r7 dwelch-r7 changed the title [WIP] Missing report web methods Missing report web methods Nov 18, 2019
@busterb busterb self-assigned this Nov 18, 2019
bcook-r7 pushed a commit that referenced this pull request Nov 18, 2019
@bcook-r7 bcook-r7 merged commit a97c145 into rapid7:master Nov 18, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

busterb commented Nov 18, 2019

Release Notes

This adds web reporting methods to the Metasploit 5 data service, reenabling reporting support for several web vuln. modules with Metasploit 5.

@dwelch-r7 dwelch-r7 deleted the dwelch-r7:report-web-12523 branch Nov 18, 2019
@busterb busterb added the msf5 label Nov 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.