Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote Data Service (Goliath) #9717

Merged
merged 199 commits into from
Mar 23, 2018
Merged

Remote Data Service (Goliath) #9717

merged 199 commits into from
Mar 23, 2018

Conversation

clee-r7
Copy link
Contributor

@clee-r7 clee-r7 commented Mar 15, 2018
edited by busterb
Loading

This patch allows Metasploit to use a data source over HTTP which gives users the ability to easily connect to one or many different endpoints to retrieve and store data. The remote service can also be used to retrieve data through a well defined API (The API is also a work in progress) for users to build other applications atop.

Note: This project is a work in progress
We are attempting to merge this PR early to prevent an even more massive PR while giving the community a chance to provide feedback early.

For more information about this project see: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Data-Service-Enhancements-(Goliath)

Breakdown

  1. Database server to provide data over HTTP
    The image below show help and startup of the new service
    goliath_server
    WARNING! - This opens your current database, to test ensure your DB is empty

  2. Client side changes allowing Metasploit to connect to aforementioned server
    The image below show the help for the client tool as well as how to connect to the server in '1'
    goliath_client

Goliath Visualization

goliath_viz

Work In Progress

  1. Data Models left to port:

    • Credentials
    • Event
    • Notes
    • Web Vulns
    • Sessions

  2. API V1 Definition

  3. DB Import Commands

Verification

Metasploit should be setup to use a DB

Ensuring prior code is not broken:

  • Run rspec

Verify proper storage of hosts and services

  • Start the data source as a web service ('msfdb_ws') Note the server exposes current data in DB
  • Start Metasploit
  • Connect to your web service ('data_services -a ')
  • Run 'db_nmap '
  • Run 'hosts' command (data is now being retrieved via remote data store)
  • Run 'services' command (data is not being retrieved via remote data store)

clee-r7 and others added 30 commits July 7, 2017 13:33
@clee-r7
Pass 1: externalize database
b81e9a4
@clee-r7
Bug fixes
53530b3
@clee-r7
Merge master
c09796e
@clee-r7
Added session data export
000f561
@clee-r7
Added msf red connection mechanism
2cd9649
@jbarnett-r7
loot posting working
765ea01
@jbarnett-r7
Fix a couple of bugs.
9f95f88
@jbarnett-r7
loot printing (maybe) working
812ad9f
@jbarnett-r7
Print host with loot output
f87adf5
@jbarnett-r7
Merge remote-tracking branch 'rapid7/master' into proxy_loot
40abbcc
@jbarnett-r7
Get posting working with loot -a
ee3e354
@jbarnett-r7
Allow filtering of loot
0b29408
@jbarnett-r7
Move normaliize_host to a library method
f88840e 
This method was in Msf::DbManager class but doesn't actually use the DB.
This required you to have a DB connection just to do the check.
Moved it out to a helper library so we have access to it without forcing
a DB connection.
@jbarnett-r7
Proxy session events.
ed74c37 
This enables modules to use report_loot with a remote data service
@clee-r7
Merge master: 8853193
293d1ed
@jbarnett-r7
use a better method for storing session_events
eb92766
@jbarnett-r7
Make session_events retrievable from the API
49f5256
@clee-r7
Clean up db startup script
2d85ef7
@jbarnett-r7
Pass loot contents over the API and write file
08b62db
@jbarnett-r7
WIP: Drop session objects before JSON conversion
0dbfc9d 
The session object is not intended to be store in the DB.
There are a ton of subobjects and unneeded data that causes the JSON conversion
to hang or fail with 'stack level too deep' errors.
@jbarnett-r7
WIP: proxy credentials
4c164fa
@jbarnett-r7
Typo
2002697
@jbarnett-r7
Another Typo
35533cd
@jbarnett-r7
More typo
31bb0ff
@jbarnett-r7
creds command converted
5232e99
@clee-r7
More general cleanup including is_local db check
2c8f27c
@jbarnett-r7
Successfully storing creds remotely
ffcec52
@jbarnett-r7
Fix bug with creating session_events
d63b087
@jbarnett-r7
Merge branch 'goliath' into loot_and_creds
a491407
@jbarnett-r7
Fix typo in thread_manager
5f433e3
mkienow-r7 and others added 16 commits March 16, 2018 17:53
@mkienow-r7
Fix report_vuln duplicate VulnRef record creation
fc83220 
Multiple calls to report_vuln for the same vuln results in the creation
of duplicate VulnRef records, except for the CVE refs
@jbarnett-r7
Fix services spec
45a6b24
@mkienow-r7
Display vulns information column based on option
cd7ecc4
@mkienow-r7
Fix cmd vulns and DBManager Session spec
ced6707
@mkienow-r7
Merge branch 'goliath' into MS-2910-remote-vuln-read-update-delete
5537895
@mkienow-r7
Remove vulns cmd help short-circuit
09bea3e
@mkienow-r7
Make vulns cmd option string literals consistent
9759484
@mkienow-r7
Omit parentheses for no argument get_db calls
8d66008
@jbarnett-r7
Fix indent
f6fddb3
@jbarnett-r7
Address code review comments and bug
eee2436
@jbarnett-r7
Last few review comments
93d4f5c
@clee-r7
Merge pull request #20 from clee-r7/MS-2910-remote-vuln-read-update-d…
f5b1d27 
…elete

MS-2910: Remote Vuln Read Update Delete
@jbarnett-r7
Merge branch 'goliath' into MS-2879_db_export
6c5a7a6
@jbarnett-r7
Address more code review comments
ed5b22a
@mkienow-r7
Land #19, externalize db_export command
eb47962
@jbarnett-r7
Merge branch 'rapid7/master' into goliath
6b3a4a5
@busterb busterb self-assigned this Mar 23, 2018
@busterb
Copy link
Member

busterb commented Mar 23, 2018

Things to do next:

  • 'msfdb_ws' should be called 'msfdb' and have the same API as 'msfdb' in omnibus and Kali
  • rename or merge the 'data_services -a' command to work like 'db_connect'. Don't be arbitrarily different if there isn't a need for it.

The help isn't very useful:

msf5 auxiliary(scanner/ssh/ssh_login) > data_services -h
Usage: data_services [ options ] - list data services by default

OPTIONS:
  -h, --help                  Show this help information.
  -s, --set <id>              Set the data service by identifier.
  -a, --add [ options ] host  Adds data service
  Add Data Service Options:
  -p <port>         The port the data service is listening on. Default is 8080.
  -s, --ssl         Enable SSL. Required for HTTPS data services.
  -c, --cert        Certificate file matching the server's certificate. Needed when using self-signed SSL cert.
  --skip-verify     Skip validating authenticity of server's certificate. NOT RECOMMENDED.

msf5 auxiliary(scanner/ssh/ssh_login) > data_services -a 127.0.0.1 8080
Registered data service: remote_data_service: (http://8080:8080)
/Users/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:123:in `log_error': Problem retrieving workspace: undefined method `first' for nil:NilClass. See log for more details. (Exception)
	from /Users/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/workspace_data_proxy.rb:35:in `rescue in workspace'
	from /Users/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/workspace_data_proxy.rb:30:in `workspace'
	from /Users/bcook/projects/metasploit-framework/lib/rex/ui/text/shell.rb:186:in `run'
	from /Users/bcook/projects/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
	from /Users/bcook/projects/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
	from ./msfconsole:48:in `<main>'

@busterb
Copy link
Member

busterb commented Mar 23, 2018

If there is a failure in connecting, framework completely dies.

@busterb
Copy link
Member

busterb commented Mar 23, 2018

I'd rather just be able to do:

msf> db_connect http://127.0.0.1:8080

and it does the right thing. I should also be able to say 'https' and get SSL, not need an oddball flag

@busterb
Copy link
Member

busterb commented Mar 23, 2018

What is -s, --set <id> Set the data service by identifier. even for?

@busterb
Copy link
Member

busterb commented Mar 23, 2018

Chatted with the team, these are all apparently known and will be addressed soon. Thanks!

@busterb busterb merged commit 6b3a4a5 into rapid7:master Mar 23, 2018
busterb added a commit that referenced this pull request Mar 23, 2018
@busterb
Land #9717, add new remote data service
778906d
@mkienow-r7 mkienow-r7 mentioned this pull request Mar 23, 2018
Merged
4 tasks
@mkienow-r7
Copy link
Contributor

@bcook-r7 If you run the data_services command it will list the available data services and their IDs. You can then use the data_services --set <id> command to change which data service is active. This allows you to switch between local and remote data services.

@busterb busterb added the rn-no-release-notes no release notes label Mar 25, 2018
@busterb
Copy link
Member

busterb commented Mar 25, 2018

I marked this as no-release-notes since this isn't shipping in the 4.x branch (and we're largely looking for any integration bugs)

@mkienow-r7 mkienow-r7 mentioned this pull request Apr 17, 2018
Merged
10 tasks
@mkienow-r7 mkienow-r7 mentioned this pull request May 23, 2019
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@busterb busterb

Labels
database enhancement msf5 rn-no-release-notes no release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@clee-r7 @busterb @mkienow-r7 @jbarnett-r7