From 1a43eaf2048266842735b98fc4d7f2acfaf72e7f Mon Sep 17 00:00:00 2001 From: Trevor Rosen Date: Thu, 19 Feb 2015 12:10:46 -0600 Subject: [PATCH] Create initial migration, model, spec files MSP-12172 --- .../metasploit_data_models/module_run.rb | 78 +++++++++++ .../20150219173821_create_module_runs.rb | 21 +++ .../metasploit_data_models/module_run_spec.rb | 8 ++ spec/dummy/db/structure.sql | 124 ++++++++++++++++++ spec/factories/module_runs.rb | 16 +++ 5 files changed, 247 insertions(+) create mode 100644 app/models/metasploit_data_models/module_run.rb create mode 100644 db/migrate/20150219173821_create_module_runs.rb create mode 100644 spec/app/models/metasploit_data_models/module_run_spec.rb create mode 100644 spec/factories/module_runs.rb diff --git a/app/models/metasploit_data_models/module_run.rb b/app/models/metasploit_data_models/module_run.rb new file mode 100644 index 00000000..09e24968 --- /dev/null +++ b/app/models/metasploit_data_models/module_run.rb @@ -0,0 +1,78 @@ +# Holds the record of having launched piece of Metasploit content. +# Has associations to {Mdm::User} for audit purposes, and makes polymorphic associations to things like +# {Mdm::Vuln} and {Mdm::Host} for flexible record keeping about activity attacking either specific vulns or just +# making mischief on specific remote targets w/out the context of a vuln or even a remote IP service. +class MetasploitDataModels::ModuleRun < ActiveRecord::Base + # + # Constants + # + + # Marks the module as having successfully run + STATUS_EXPLOITED = 'exploited' + # Marks the run as having not run successfully + STATUS_FAILED = 'failed' + # Marks the module as having had a runtime error + STATUS_ERROR = 'error' + # {ModuleRun} objects will be validated against these statuses + VALID_STATUSES = [STATUS_EXPLOITED, STATUS_FAILED, STATUS_ERROR] + + + # + # Attributes + # + + # @!attribute [rw] attempted_at + # The date/time when this module was run + # @return [Datetime] + + # @!attribute [rw] fail_detail + # Arbitrary information captured by the module to give in-depth reason for failure + # @return [String] + + # @!attribute [rw] fail_reason + # One of the values of the constants in {Msf::Module::Failure} + # @return [String] + + # @!attribute [rw] module_name + # The Msf::Module#fullname of the module being run + # @return [String] + + # @!attribute [rw] port + # The port that the remote host was attacked on, if any + # @return [Fixnum] + + # @!attribute [rw] proto + # The name of the protocol that the host was attacked on, if any + # @return [String] + + # @!attribute [rw] session_id + # The {Mdm::Session} that this was run with, in the case of a post module. In exploit modules, this field will + # remain null. + # @return [Datetime] + + # @!attribute [rw] status + # The result of running the module + # @return [String] + + # @!attribute [rw] username + # The name of the user running this module + # @return [Datetime] + + + + # + # Associations + # + + + belongs_to :trackable, polymorphic: true + + # The user that launched this module + # @return [Mdm::User] + belongs_to :user, + class_name: "Mdm::User", + foreign_key: "user_id", + inverse_of: :module_runs + + +end diff --git a/db/migrate/20150219173821_create_module_runs.rb b/db/migrate/20150219173821_create_module_runs.rb new file mode 100644 index 00000000..c5faa364 --- /dev/null +++ b/db/migrate/20150219173821_create_module_runs.rb @@ -0,0 +1,21 @@ +class CreateModuleRuns < ActiveRecord::Migration + def change + create_table :module_runs do |t| + t.string :trackable_type + t.integer :trackable_id + t.datetime :attempted_at + t.integer :session_id + t.integer :port + t.string :proto + t.text :fail_detail + t.string :status + t.string :username + t.integer :user_id + t.string :fail_reason + t.text :module_name + t.integer :module_detail_id + + t.timestamps + end + end +end diff --git a/spec/app/models/metasploit_data_models/module_run_spec.rb b/spec/app/models/metasploit_data_models/module_run_spec.rb new file mode 100644 index 00000000..e69616f6 --- /dev/null +++ b/spec/app/models/metasploit_data_models/module_run_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' + +describe MetasploitDataModels::ModuleRun do + + context "associations" do + it { is_expected.to belong_to(:user).class_name('Mdm::User') } + end +end diff --git a/spec/dummy/db/structure.sql b/spec/dummy/db/structure.sql index 8ba8e9d7..46e16b51 100644 --- a/spec/dummy/db/structure.sql +++ b/spec/dummy/db/structure.sql @@ -60,6 +60,42 @@ CREATE SEQUENCE api_keys_id_seq ALTER SEQUENCE api_keys_id_seq OWNED BY api_keys.id; +-- +-- Name: automatic_exploitation_matches; Type: TABLE; Schema: public; Owner: -; Tablespace: +-- + +CREATE TABLE automatic_exploitation_matches ( + id integer NOT NULL, + module_detail_id integer, + state character varying(255), + nexpose_data_vulnerability_definition_id integer, + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL, + match_set_id integer, + matchable_type character varying(255), + matchable_id integer +); + + +-- +-- Name: automatic_exploitation_matches_id_seq; Type: SEQUENCE; Schema: public; Owner: - +-- + +CREATE SEQUENCE automatic_exploitation_matches_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +-- +-- Name: automatic_exploitation_matches_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - +-- + +ALTER SEQUENCE automatic_exploitation_matches_id_seq OWNED BY automatic_exploitation_matches.id; + + -- -- Name: clients; Type: TABLE; Schema: public; Owner: -; Tablespace: -- @@ -732,6 +768,49 @@ CREATE SEQUENCE module_refs_id_seq ALTER SEQUENCE module_refs_id_seq OWNED BY module_refs.id; +-- +-- Name: module_runs; Type: TABLE; Schema: public; Owner: -; Tablespace: +-- + +CREATE TABLE module_runs ( + id integer NOT NULL, + trackable_type character varying(255), + trackable_id integer, + attempted_at timestamp without time zone, + session_id integer, + port integer, + proto character varying(255), + fail_detail text, + status character varying(255), + username character varying(255), + user_id integer, + fail_reason character varying(255), + module_name text, + module_detail_id integer, + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL +); + + +-- +-- Name: module_runs_id_seq; Type: SEQUENCE; Schema: public; Owner: - +-- + +CREATE SEQUENCE module_runs_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +-- +-- Name: module_runs_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - +-- + +ALTER SEQUENCE module_runs_id_seq OWNED BY module_runs.id; + + -- -- Name: module_targets; Type: TABLE; Schema: public; Owner: -; Tablespace: -- @@ -1819,6 +1898,13 @@ ALTER SEQUENCE workspaces_id_seq OWNED BY workspaces.id; ALTER TABLE ONLY api_keys ALTER COLUMN id SET DEFAULT nextval('api_keys_id_seq'::regclass); +-- +-- Name: id; Type: DEFAULT; Schema: public; Owner: - +-- + +ALTER TABLE ONLY automatic_exploitation_matches ALTER COLUMN id SET DEFAULT nextval('automatic_exploitation_matches_id_seq'::regclass); + + -- -- Name: id; Type: DEFAULT; Schema: public; Owner: - -- @@ -1952,6 +2038,13 @@ ALTER TABLE ONLY module_platforms ALTER COLUMN id SET DEFAULT nextval('module_pl ALTER TABLE ONLY module_refs ALTER COLUMN id SET DEFAULT nextval('module_refs_id_seq'::regclass); +-- +-- Name: id; Type: DEFAULT; Schema: public; Owner: - +-- + +ALTER TABLE ONLY module_runs ALTER COLUMN id SET DEFAULT nextval('module_runs_id_seq'::regclass); + + -- -- Name: id; Type: DEFAULT; Schema: public; Owner: - -- @@ -2163,6 +2256,14 @@ ALTER TABLE ONLY api_keys ADD CONSTRAINT api_keys_pkey PRIMARY KEY (id); +-- +-- Name: automatic_exploitation_matches_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: +-- + +ALTER TABLE ONLY automatic_exploitation_matches + ADD CONSTRAINT automatic_exploitation_matches_pkey PRIMARY KEY (id); + + -- -- Name: clients_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- @@ -2315,6 +2416,14 @@ ALTER TABLE ONLY module_refs ADD CONSTRAINT module_refs_pkey PRIMARY KEY (id); +-- +-- Name: module_runs_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: +-- + +ALTER TABLE ONLY module_runs + ADD CONSTRAINT module_runs_pkey PRIMARY KEY (id); + + -- -- Name: module_targets_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- @@ -2547,6 +2656,13 @@ ALTER TABLE ONLY workspaces ADD CONSTRAINT workspaces_pkey PRIMARY KEY (id); +-- +-- Name: index_automatic_exploitation_matches_on_ref_id; Type: INDEX; Schema: public; Owner: -; Tablespace: +-- + +CREATE INDEX index_automatic_exploitation_matches_on_ref_id ON automatic_exploitation_matches USING btree (module_detail_id); + + -- -- Name: index_hosts_on_name; Type: INDEX; Schema: public; Owner: -; Tablespace: -- @@ -3000,6 +3116,12 @@ INSERT INTO schema_migrations (version) VALUES ('20130604145732'); INSERT INTO schema_migrations (version) VALUES ('20130717150737'); +INSERT INTO schema_migrations (version) VALUES ('20131002004641'); + +INSERT INTO schema_migrations (version) VALUES ('20131011184338'); + +INSERT INTO schema_migrations (version) VALUES ('20131021185657'); + INSERT INTO schema_migrations (version) VALUES ('20140905031549'); INSERT INTO schema_migrations (version) VALUES ('20150112203945'); @@ -3010,6 +3132,8 @@ INSERT INTO schema_migrations (version) VALUES ('20150209195939'); INSERT INTO schema_migrations (version) VALUES ('20150212214222'); +INSERT INTO schema_migrations (version) VALUES ('20150219173821'); + INSERT INTO schema_migrations (version) VALUES ('21'); INSERT INTO schema_migrations (version) VALUES ('22'); diff --git a/spec/factories/module_runs.rb b/spec/factories/module_runs.rb new file mode 100644 index 00000000..094b5eff --- /dev/null +++ b/spec/factories/module_runs.rb @@ -0,0 +1,16 @@ +FactoryGirl.define do + factory :module_run do + trackable_type "MyString" + trackable_id 1 + attempted_at "2015-02-19 11:38:21" + session_id 1 + port 1 + proto "MyString" + fail_detail "MyText" + status "MyString" + username "MyString" + user_id 1 + module_name "exploit/windows/happy-stack-smasher" + end +end +