-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote Data Service (Goliath) #9717
Conversation
This method was in Msf::DbManager class but doesn't actually use the DB. This required you to have a DB connection just to do the check. Moved it out to a helper library so we have access to it without forcing a DB connection.
This enables modules to use report_loot with a remote data service
The session object is not intended to be store in the DB. There are a ton of subobjects and unneeded data that causes the JSON conversion to hang or fail with 'stack level too deep' errors.
Multiple calls to report_vuln for the same vuln results in the creation of duplicate VulnRef records, except for the CVE refs
…elete MS-2910: Remote Vuln Read Update Delete
Things to do next:
The help isn't very useful:
|
If there is a failure in connecting, framework completely dies. |
I'd rather just be able to do:
and it does the right thing. I should also be able to say 'https' and get SSL, not need an oddball flag |
What is |
Chatted with the team, these are all apparently known and will be addressed soon. Thanks! |
@bcook-r7 If you run the |
I marked this as no-release-notes since this isn't shipping in the 4.x branch (and we're largely looking for any integration bugs) |
This patch allows Metasploit to use a data source over HTTP which gives users the ability to easily connect to one or many different endpoints to retrieve and store data. The remote service can also be used to retrieve data through a well defined API (The API is also a work in progress) for users to build other applications atop.
Note: This project is a work in progress
We are attempting to merge this PR early to prevent an even more massive PR while giving the community a chance to provide feedback early.
For more information about this project see: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Data-Service-Enhancements-(Goliath)
Breakdown
Database server to provide data over HTTP
![goliath_server](https://user-images.githubusercontent.com/857346/37489273-0e99230e-2865-11e8-8138-e9b0dcf9b66d.png)
The image below show help and startup of the new service
WARNING! - This opens your current database, to test ensure your DB is empty
Client side changes allowing Metasploit to connect to aforementioned server
![goliath_client](https://user-images.githubusercontent.com/857346/37489481-c5ff62e2-2865-11e8-91ea-9977a44bba44.png)
The image below show the help for the client tool as well as how to connect to the server in '1'
Goliath Visualization
Work In Progress
Data Models left to port:
API V1 Definition
DB Import Commands
Verification
Metasploit should be setup to use a DB
Ensuring prior code is not broken:
Verify proper storage of hosts and services