RSS feed plugin #8612
RSS feed plugin #8612
Conversation
plugins/rssfeed.rb
Outdated
| @@ -0,0 +1,123 @@ | |||
| # | |||
| # $Id$ | |||
plugins/rssfeed.rb
Outdated
| super | ||
|
|
||
| @items = [] | ||
| self.queue = [] |
There was a problem hiding this comment.
This should probably be an actual Queue object to avoid race conditions, since sessions come in at random times.
There was a problem hiding this comment.
Guarantees on that are questionable - VM assumptions. For completeness sake, given the mix of async evt callbacks and threaded calls, maybe we take a lock?
There was a problem hiding this comment.
Nitpicks really, having to do with some of the oddities of our low level concurrency semantics. Works out of the box, so if they're annoying feel free to ignore. It's got my ACK. Thanks @mubix - now the world will learn of pwnage as it happens :).
plugins/rssfeed.rb
Outdated
| end | ||
|
|
||
| def start_event_queue | ||
| self.queue_thread = Thread.new do |
There was a problem hiding this comment.
For the sake of consistency, and do reduce chance of losing thread handles if a new queue_thread is created, could we do this as Rex::ThreadFactory.spawn... ?
| while(event = self.queue.shift) | ||
| generate_feed(event) | ||
| end | ||
| select(nil, nil, nil, 0.25) |
There was a problem hiding this comment.
I need to double check how the select call here actually traverses the overrides, but im leaning toward "this is a native select call" which may also have some issues esp in a GIL-free VM. Where have a Rex::ThreadSafe.select method which should handle those potential edge cases.
There was a problem hiding this comment.
The man himself overloaded Kernel.select to avoid these calls being a problem - withdrawn.
plugins/rssfeed.rb
Outdated
| super | ||
|
|
||
| @items = [] | ||
| self.queue = [] |
There was a problem hiding this comment.
Guarantees on that are questionable - VM assumptions. For completeness sake, given the mix of async evt callbacks and threaded calls, maybe we take a lock?
plugins/rssfeed.rb
Outdated
| def stop_event_queue | ||
| self.queue_thread.kill if self.queue_thread | ||
| self.queue_thread = nil | ||
| self.queue = [] |
There was a problem hiding this comment.
This is a bad suggestion in Ruby terms, but given how we solve this concern elsewhere, can we GC.run here to clear out the nested object refs on the queue members?
| while(event = self.queue.shift) | ||
| generate_feed(event) | ||
| end | ||
| select(nil, nil, nil, 0.25) |
There was a problem hiding this comment.
The man himself overloaded Kernel.select to avoid these calls being a problem - withdrawn.
Release NotesAn RSS feed plugin has been added to the framework. The RSS feed is loaded in the current working directory as feed.rss. You can use the plugin to keep track of what Metasploit is doing and integrate with third-party services. For example, you could set up IFTTT to text you when you get a session. |
|
@egypt GitHub is blaming me for unassigning you and I did no such thing. But it won't let me reassign you? 🙈 |
|
That was caused by some automated scripts. Will get that fixed. |
Loading
Serving the file
But can obviously be done with Apache, or Nginx or python
The RSS feed is loaded in the current working directory as
feed.rss. Making this modifiable by the user is v2, as well as serving out the RSS feed using Metasploit's HTTP server.But it can be used for cool stuff like IFTTT: