-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSS feed plugin #8612
RSS feed plugin #8612
Conversation
plugins/rssfeed.rb
Outdated
@@ -0,0 +1,123 @@ | |||
# | |||
# $Id$ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These aren't necessary.
plugins/rssfeed.rb
Outdated
super | ||
|
||
@items = [] | ||
self.queue = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be an actual Queue
object to avoid race conditions, since sessions come in at random times.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guarantees on that are questionable - VM assumptions. For completeness sake, given the mix of async evt callbacks and threaded calls, maybe we take a lock?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpicks really, having to do with some of the oddities of our low level concurrency semantics. Works out of the box, so if they're annoying feel free to ignore. It's got my ACK. Thanks @mubix - now the world will learn of pwnage as it happens :).
plugins/rssfeed.rb
Outdated
end | ||
|
||
def start_event_queue | ||
self.queue_thread = Thread.new do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the sake of consistency, and do reduce chance of losing thread handles if a new queue_thread is created, could we do this as Rex::ThreadFactory.spawn...
?
while(event = self.queue.shift) | ||
generate_feed(event) | ||
end | ||
select(nil, nil, nil, 0.25) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to double check how the select call here actually traverses the overrides, but im leaning toward "this is a native select call" which may also have some issues esp in a GIL-free VM. Where have a Rex::ThreadSafe.select method which should handle those potential edge cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The man himself overloaded Kernel.select to avoid these calls being a problem - withdrawn.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that so? TIL!
plugins/rssfeed.rb
Outdated
super | ||
|
||
@items = [] | ||
self.queue = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guarantees on that are questionable - VM assumptions. For completeness sake, given the mix of async evt callbacks and threaded calls, maybe we take a lock?
plugins/rssfeed.rb
Outdated
def stop_event_queue | ||
self.queue_thread.kill if self.queue_thread | ||
self.queue_thread = nil | ||
self.queue = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bad suggestion in Ruby terms, but given how we solve this concern elsewhere, can we GC.run here to clear out the nested object refs on the queue members?
while(event = self.queue.shift) | ||
generate_feed(event) | ||
end | ||
select(nil, nil, nil, 0.25) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The man himself overloaded Kernel.select to avoid these calls being a problem - withdrawn.
Release NotesAn RSS feed plugin has been added to the framework. The RSS feed is loaded in the current working directory as feed.rss. You can use the plugin to keep track of what Metasploit is doing and integrate with third-party services. For example, you could set up IFTTT to text you when you get a session. |
@egypt GitHub is blaming me for unassigning you and I did no such thing. But it won't let me reassign you? 🙈 |
That was caused by some automated scripts. Will get that fixed. |
Loading
Serving the file
But can obviously be done with Apache, or Nginx or python
The RSS feed is loaded in the current working directory as
feed.rss
. Making this modifiable by the user is v2, as well as serving out the RSS feed using Metasploit's HTTP server.But it can be used for cool stuff like IFTTT: