forked from rapid7/metasploit-framework
-
Notifications
You must be signed in to change notification settings - Fork 0
/
msfdb
executable file
·987 lines (838 loc) · 29.4 KB
/
msfdb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
#!/usr/bin/env ruby
require 'fileutils'
require 'json'
require 'net/http'
require 'net/https'
require 'open3'
require 'optparse'
require 'rex/socket'
require 'rex/text'
require 'securerandom'
require 'uri'
require 'yaml'
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'msf/util/helper'
@script_name = File.basename(__FILE__)
@framework = File.expand_path(File.dirname(__FILE__))
@localconf = "#{ENV['HOME']}/.msf4"
@db = "#{@localconf}/db"
@db_conf = "#{@localconf}/database.yml"
@ws_tag = 'msf-ws'
@ws_conf = "#{@localconf}/#{@ws_tag}-config.ru"
@ws_ssl_key_default = "#{@localconf}/#{@ws_tag}-key.pem"
@ws_ssl_cert_default = "#{@localconf}/#{@ws_tag}-cert.pem"
@ws_log = "#{@localconf}/logs/#{@ws_tag}.log"
@ws_pid = "#{@localconf}/#{@ws_tag}.pid"
@current_user = ENV['LOGNAME'] || ENV['USERNAME'] || ENV['USER']
@msf_ws_user = (@current_user || "msfadmin").to_s.strip
@ws_generated_ssl = false
@ws_api_token = nil
@components = %w(database webservice)
@environments = %w(production development)
@options = {
component: :all,
debug: false,
msf_db_name: 'msf',
msf_db_user: 'msf',
msftest_db_name: 'msftest',
msftest_db_user: 'msftest',
db_port: 5433,
db_pool: 200,
address: 'localhost',
port: 8080,
ssl: true,
ssl_cert: @ws_ssl_cert_default,
ssl_key: @ws_ssl_key_default,
ssl_disable_verify: true,
ws_env: ENV['RACK_ENV'] || 'production',
retry_max: 10,
retry_delay: 5.0,
ws_user: nil
}
def run_cmd(cmd, input: nil, env: {})
exitstatus = 0
err = out = ""
puts "run_cmd: cmd=#{cmd}, input=#{input}, env=#{env}" if @options[:debug]
Open3.popen3(env, cmd) do |stdin, stdout, stderr, wait_thr|
stdin.puts(input) if input
if @options[:debug]
err = stderr.read
out = stdout.read
end
exitstatus = wait_thr.value.exitstatus
end
if exitstatus != 0
if @options[:debug]
puts "'#{cmd}' returned #{exitstatus}"
puts out
puts err
end
end
exitstatus
end
def run_psql(cmd, db_name: 'postgres')
if @options[:debug]
puts "psql -p #{@options[:db_port]} -c \"#{cmd};\" #{db_name}"
end
run_cmd("psql -p #{@options[:db_port]} -c \"#{cmd};\" #{db_name}")
end
def pw_gen
SecureRandom.base64(32)
end
def tail(file)
begin
File.readlines(file).last.to_s.strip
rescue
nil
end
end
def status_db
update_db_port
if Dir.exist?(@db)
if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") == 0
puts "Database started at #{@db}"
else
puts "Database is not running at #{@db}"
end
else
puts "No database found at #{@db}"
end
end
def started_db
if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") == 0
puts "Database already started at #{@db}"
return true
end
print "Starting database at #{@db}..."
run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} -l #{@db}/log start")
sleep(2)
if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") != 0
puts 'failed'
false
else
puts 'success'
true
end
end
def start_db
if !Dir.exist?(@db)
puts "No database found at #{@db}, not starting"
return
end
update_db_port
while !started_db
last_log = tail("#{@db}/log")
puts last_log
fixed = false
if last_log =~ /not compatible/
puts 'Please attempt to upgrade the database manually using pg_upgrade.'
end
if !fixed
if ask_yn('Your database may be corrupt, would you like to reinitialize it?')
fixed = reinit_db
end
end
if !fixed
if !ask_yn('Database not started, try again?')
return
end
end
end
end
def stop_db
update_db_port
if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") == 0
puts "Stopping database at #{@db}"
run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} stop")
else
puts "Database is no longer running at #{@db}"
end
end
def restart_db
stop_db
start_db
end
def create_db
puts "Creating database at #{@db}"
Dir.mkdir(@db)
run_cmd("initdb --auth-host=trust --auth-local=trust -E UTF8 #{@db}")
File.open("#{@db}/postgresql.conf", 'a') do |f|
f.puts "port = #{@options[:db_port]}"
end
end
def init_db
if Dir.exist?(@db)
puts "Found a database at #{@db}, checking to see if it is started"
start_db
return
end
if File.exist?(@db_conf) &&
!ask_yn("Found database config at #{@db_conf}, do you want to overwrite it?")
if !load_db_config
puts "Failed to load existing database config. Please reinit and overwrite the file."
return
end
else
write_db_config
end
create_db
start_db
puts 'Creating database users'
run_psql("create user #{@options[:msf_db_user]} with password '#{@msf_pass}'")
run_psql("create user #{@options[:msftest_db_user]} with password '#{@msftest_pass}'")
run_psql("alter role #{@options[:msf_db_user]} createdb")
run_psql("alter role #{@options[:msftest_db_user]} createdb")
run_psql("alter role #{@options[:msf_db_user]} with password '#{@msf_pass}'")
run_psql("alter role #{@options[:msftest_db_user]} with password '#{@msftest_pass}'")
run_cmd("createdb -p #{@options[:db_port]} -O #{@options[:msf_db_user]} -h 127.0.0.1 -U #{@options[:msf_db_user]} -E UTF-8 -T template0 #{@options[:msf_db_name]}",
input: "#{@msf_pass}\n#{@msf_pass}\n")
run_cmd("createdb -p #{@options[:db_port]} -O #{@options[:msftest_db_user]} -h 127.0.0.1 -U #{@options[:msftest_db_user]} -E UTF-8 -T template0 #{@options[:msftest_db_name]}",
input: "#{@msftest_pass}\n#{@msftest_pass}\n")
write_db_client_auth_config
restart_db
puts 'Creating initial database schema'
Dir.chdir(@framework) do
run_cmd('bundle exec rake db:migrate')
end
end
def load_db_config
if File.file?(@db_conf)
config = YAML.load(File.read(@db_conf))
production = config['production']
if production.nil?
puts "No production section found in database config #{@db_conf}."
return false
end
test = config['test']
if test.nil?
puts "No test section found in database config #{@db_conf}."
return false
end
# get values for development and production
@options[:msf_db_name] = production['database']
@options[:msf_db_user] = production['username']
@msf_pass = production['password']
@options[:db_port] = production['port']
@options[:db_pool] = production['pool']
# get values for test
@options[:msftest_db_name] = test['database']
@options[:msftest_db_user] = test['username']
@msftest_pass = test['password']
return true
end
return false
end
def write_db_config
# Generate new database passwords if not already assigned
@msf_pass ||= pw_gen
@msftest_pass ||= pw_gen
# Write a default database config file
Dir.mkdir(@localconf) unless File.directory?(@localconf)
File.open(@db_conf, 'w') do |f|
f.puts <<~EOF
development: &pgsql
adapter: postgresql
database: #{@options[:msf_db_name]}
username: #{@options[:msf_db_user]}
password: #{@msf_pass}
host: 127.0.0.1
port: #{@options[:db_port]}
pool: #{@options[:db_pool]}
production: &production
<<: *pgsql
test:
<<: *pgsql
database: #{@options[:msftest_db_name]}
username: #{@options[:msftest_db_user]}
password: #{@msftest_pass}
EOF
end
File.chmod(0640, @db_conf)
end
def write_db_client_auth_config
client_auth_config = "#{@db}/pg_hba.conf"
puts "Writing client authentication configuration file #{client_auth_config}"
File.open(client_auth_config, 'w') do |f|
f.puts "host \"#{@options[:msf_db_name]}\" \"#{@options[:msf_db_user]}\" 127.0.0.1/32 md5"
f.puts "host \"#{@options[:msftest_db_name]}\" \"#{@options[:msftest_db_user]}\" 127.0.0.1/32 md5"
f.puts "host \"postgres\" \"#{@options[:msftest_db_user]}\" 127.0.0.1/32 md5"
f.puts "host \"template1\" all 127.0.0.1/32 trust"
if Gem.win_platform?
f.puts "host all all 127.0.0.1/32 trust"
f.puts "host all all ::1/128 trust"
else
f.puts "local all all trust"
end
end
end
def update_db_port
if File.file?(@db_conf)
config = YAML.load(File.read(@db_conf))
if config["production"] && config["production"]["port"]
port = config["production"]["port"]
if port != @options[:db_port]
puts "Using database port #{port} found in #{@db_conf}"
@options[:db_port] = port
end
end
end
end
def ask_yn(question)
loop do
print "#{question}: "
yn = STDIN.gets
case yn
when /^[Yy]/
return true
when /^[Nn]/
return false
else
puts 'Please answer yes or no.'
end
end
end
def ask_value(question, default_value)
print "#{question}[#{default_value}]: "
input = STDIN.gets.strip
if input.nil? || input.empty?
return default_value
else
return input
end
end
def delete_db
if Dir.exist?(@db)
stop_db
if ask_yn("Delete all data at #{@db}?")
puts "Deleting all data at #{@db}"
FileUtils.rm_rf(@db)
end
if File.file?(@db_conf) && ask_yn("Delete database configuration at #{@db_conf}?")
File.delete(@db_conf)
end
else
puts "No data at #{@db}, doing nothing"
end
end
def reinit_db
delete_db
init_db
end
def status_web_service
if File.file?(@ws_pid)
ws_pid = tail(@ws_pid)
if ws_pid.nil? || !process_active?(ws_pid.to_i)
puts "MSF web service is not running: PID file found at #{@ws_pid}, but no active process running as PID #{ws_pid}"
else
puts "MSF web service is running as PID #{ws_pid}"
end
else
puts "MSF web service is not running: no PID file found at #{@ws_pid}"
end
end
def init_web_service
if File.file?(@ws_conf)
puts "Found web service config at #{@ws_conf}, checking to see if it is started"
start_web_service(expect_auth: true)
return
end
if @options[:ws_user].nil?
@msf_ws_user = ask_value('Initial MSF web service account username?', @msf_ws_user)
else
@msf_ws_user = @options[:ws_user]
end
# Write a default Rack config file for the web service
Dir.mkdir(@localconf) unless File.directory?(@localconf)
# TODO: free the REST API from all of these requirements
File.open(@ws_conf, 'w') do |f|
f.puts <<~EOF
# #{File.basename(@ws_conf)}
# created on: #{Time.now.utc}
@framework_path = '#{@framework}'
$LOAD_PATH << @framework_path unless $LOAD_PATH.include?(@framework_path)
require File.expand_path('./config/boot', @framework_path)
require 'metasploit/framework/parsed_options/remote_db'
require 'msf/core/web_services/metasploit_api_app'
def require_environment!(parsed_options)
# RAILS_ENV must be set before requiring 'config/application.rb'
parsed_options.environment!
ARGV.replace(parsed_options.positional)
# allow other Rails::Applications to use this command
if !defined?(Rails) || Rails.application.nil?
# @see https://github.com/rails/rails/blob/v3.2.17/railties/lib/rails/commands.rb#L39-L40
require File.expand_path('./config/application', @framework_path)
end
# have to configure before requiring environment because
# config/environment.rb calls initialize! and the initializers will use
# the configuration from the parsed options.
parsed_options.configure(Rails.application)
Rails.application.require_environment!
end
parsed_options = Metasploit::Framework::ParsedOptions::RemoteDB.new
require_environment!(parsed_options)
run MetasploitApiApp
EOF
end
File.chmod(0640, @ws_conf)
if @options[:ssl] && ((!File.file?(@options[:ssl_key]) || !File.file?(@options[:ssl_cert])) ||
(@options[:ssl_key] == @ws_ssl_key_default && @options[:ssl_cert] == @ws_ssl_cert_default))
generate_web_service_ssl(key: @options[:ssl_key], cert: @options[:ssl_cert])
end
if start_web_service(expect_auth: false)
if add_web_service_workspace && add_web_service_user
output_web_service_information
else
puts 'Failed to complete MSF web service configuration, please reinitialize.'
stop_web_service
end
end
end
def start_web_service(expect_auth: true)
unless File.file?(@ws_conf)
puts "No MSF web service configuration found at #{@ws_conf}, not starting"
return false
end
# check if MSF web service is already started
if File.file?(@ws_pid)
ws_pid = tail(@ws_pid)
if ws_pid.nil? || !process_active?(ws_pid.to_i)
puts "MSF web service PID file found, but no active process running as PID #{ws_pid}"
puts "Deleting MSF web service PID file #{@ws_pid}"
File.delete(@ws_pid)
else
puts "MSF web service is already running as PID #{ws_pid}"
return false
end
end
# daemonize MSF web service
puts 'Attempting to start MSF web service...'
if run_cmd("#{thin_cmd} start") == 0
# wait until web service is online
retry_count = 0
response_data = web_service_online_check(expect_auth: expect_auth)
is_online = response_data[:state] != :offline
while !is_online && retry_count < @options[:retry_max]
retry_count += 1
if @options[:debug]
puts "MSF web service doesn't appear to be online. Sleeping #{@options[:retry_delay]}s until check #{retry_count}/#{@options[:retry_max]}"
end
sleep(@options[:retry_delay])
response_data = web_service_online_check(expect_auth: expect_auth)
is_online = response_data[:state] != :offline
end
if response_data[:state] == :online
puts 'MSF web service started and online'
return true
elsif response_data[:state] == :error
puts 'MSF web service appears to be started, but may not operate as expected.'
puts "#{response_data[:message]}"
else
puts 'MSF web service does not appear to be started.'
end
puts "Please see #{@ws_log} for additional details."
return false
else
puts 'Failed to start MSF web service'
return false
end
end
def stop_web_service
ws_pid = tail(@ws_pid)
if ws_pid.nil? || !process_active?(ws_pid.to_i)
puts 'MSF web service is no longer running'
if File.file?(@ws_pid)
puts "Deleting MSF web service PID file #{@ws_pid}"
File.delete(@ws_pid)
end
else
puts "Stopping MSF web service PID #{ws_pid}"
run_cmd("#{thin_cmd} stop")
end
end
def restart_web_service
stop_web_service
start_web_service
end
def delete_web_service
stop_web_service
if File.file?(@ws_conf) && ask_yn("Delete MSF web service configuration at #{@ws_conf}?")
File.delete(@ws_conf)
end
end
def reinit_web_service
delete_web_service
init_web_service
end
def generate_web_service_ssl(key:, cert:)
@ws_generated_ssl = true
if (File.file?(key) || File.file?(cert)) &&
!ask_yn("Either MSF web service SSL key #{key} or certificate #{cert} already exist, overwrite both?")
return
end
puts 'Generating SSL key and certificate for MSF web service'
# @ssl_cert = Rex::Socket::SslTcpServer.ssl_generate_certificate
@ssl_key, @ssl_cert, @ssl_extra_chain_cert = Rex::Socket::Ssl.ssl_generate_certificate
# write PEM format key and certificate
mode = 'wb'
mode_int = 0600
File.open(key, mode) { |f| f.write(@ssl_key.to_pem) }
File.chmod(mode_int, key)
File.open(cert, mode) { |f| f.write(@ssl_cert.to_pem) }
File.chmod(mode_int, cert)
end
def web_service_online_check(expect_auth:)
msf_version_uri = get_web_service_uri(path: '/api/v1/msf/version')
response_data = http_request(uri: msf_version_uri, method: :get,
skip_verify: skip_ssl_verify?, cert: get_ssl_cert)
if !response_data[:exception].nil? && response_data[:exception].is_a?(Errno::ECONNREFUSED)
response_data[:state] = :offline
elsif !response_data[:exception].nil? && response_data[:exception].is_a?(OpenSSL::OpenSSLError)
response_data[:state] = :error
response_data[:message] = 'Detected an SSL issue. Please set the same options used to initialize the web service or reinitialize.'
elsif !response_data[:response].nil? && response_data[:response].dig(:error, :code) == 401
if expect_auth
response_data[:state] = :online
else
response_data[:state] = :error
response_data[:message] = 'MSF web service expects authentication. If you wish to reinitialize the web service account you will need to reinitialize the database.'
end
elsif !response_data[:response].nil? && !response_data[:response].dig(:data, :metasploit_version).nil?
response_data[:state] = :online
else
response_data[:state] = :error
end
puts "web_service_online: expect_auth=#{expect_auth}, response_msg=#{response_data}" if @options[:debug]
response_data
end
def add_web_service_workspace(name: 'default')
# Send request to create new workspace
workspace_data = { name: name }
workspaces_uri = get_web_service_uri(path: '/api/v1/workspaces')
response_data = http_request(uri: workspaces_uri, data: workspace_data, method: :post,
skip_verify: skip_ssl_verify?, cert: get_ssl_cert)
response = response_data[:response]
puts "add_web_service_workspace: add workspace response=#{response}" if @options[:debug]
if response.nil? || response.dig(:data, :name) != name
puts "Error creating MSF web service workspace '#{name}'"
return false
end
return true
end
def add_web_service_user
puts "Creating MSF web service user #{@msf_ws_user}"
# Generate new web service user password
msf_ws_pass = pw_gen
cred_data = { username: @msf_ws_user, password: msf_ws_pass }
# Send request to create new admin user
user_data = cred_data.merge({ admin: true })
user_uri = get_web_service_uri(path: '/api/v1/users')
response_data = http_request(uri: user_uri, data: user_data, method: :post,
skip_verify: skip_ssl_verify?, cert: get_ssl_cert)
response = response_data[:response]
puts "add_web_service_user: create user response=#{response}" if @options[:debug]
if response.nil? || response.dig(:data, :username) != @msf_ws_user
puts "Error creating MSF web service user #{@msf_ws_user}"
return false
end
puts "\nMSF web service username: #{@msf_ws_user}"
puts "MSF web service password: #{msf_ws_pass}"
# Send request to create new API token for the user
generate_token_uri = get_web_service_uri(path: '/api/v1/auth/generate-token')
response_data = http_request(uri: generate_token_uri, data: cred_data, method: :post,
skip_verify: skip_ssl_verify?, cert: get_ssl_cert)
response = response_data[:response]
puts "add_web_service_user: generate token response=#{response}" if @options[:debug]
if response.nil? || (@ws_api_token = response.dig(:data, :token)).nil?
puts 'Error creating MSF web service user API token'
return false
end
puts "MSF web service user API token: #{@ws_api_token}"
puts 'Please store these credentials securely.'
return true
end
def output_web_service_information
puts ''
puts 'MSF web service configuration complete'
puts 'Connect to the data service in msfconsole using the command:'
puts "#{get_db_connect_command}"
puts ''
puts 'The username and password are credentials for the API account:'
puts "#{get_web_service_uri(path: '/api/v1/auth/account')}"
puts ''
persist_data_service
end
def persist_data_service
if ask_yn('Add data service connection to local msfconsole and persist as default?')
data_service_name = "local-#{@options[:ssl] ? 'https' : 'http'}-data-service"
data_service_name = ask_value('Data service connection name?', data_service_name)
# execute msfconsole commands to add and persist the data service connection
connect_cmd = get_db_connect_command(name: data_service_name)
cmd = "msfconsole -qx \"#{connect_cmd}; db_save; exit\""
if run_cmd(cmd) != 0
# attempt to execute msfconsole in the current working directory
if run_cmd(cmd, env: {'PATH' => ".:#{ENV["PATH"]}"}) != 0
puts 'Failed to run msfconsole and persist the data service connection'
end
end
end
end
def get_db_connect_command(name: nil)
# build db_connect command based on install options
connect_cmd = "db_connect"
connect_cmd << " --name #{name}" unless name.nil?
connect_cmd << " --token #{@ws_api_token}"
connect_cmd << " --cert #{@options[:ssl_cert]}" if @options[:ssl]
connect_cmd << " --skip-verify" if skip_ssl_verify?
connect_cmd << " #{get_web_service_uri}"
connect_cmd
end
def get_web_service_uri(path: nil)
uri_class = @options[:ssl] ? URI::HTTPS : URI::HTTP
uri_class.build({host: get_web_service_host, port: @options[:port], path: path})
end
def get_web_service_host
# user specified any address INADDR_ANY (0.0.0.0), return a routable address
@options[:address] == '0.0.0.0' ? 'localhost' : @options[:address]
end
def skip_ssl_verify?
@ws_generated_ssl || @options[:ssl_disable_verify]
end
def get_ssl_cert
@options[:ssl] ? @options[:ssl_cert] : nil
end
def thin_cmd
server_opts = "--rackup #{@ws_conf} --address #{@options[:address]} --port #{@options[:port]}"
ssl_opts = @options[:ssl] ? "--ssl --ssl-key-file #{@options[:ssl_key]} --ssl-cert-file #{@options[:ssl_cert]}" : ''
ssl_opts << ' --ssl-disable-verify' if skip_ssl_verify?
adapter_opts = "--environment #{@options[:ws_env]}"
daemon_opts = "--daemonize --log #{@ws_log} --pid #{@ws_pid} --tag #{@ws_tag}"
all_opts = [server_opts, ssl_opts, adapter_opts, daemon_opts].reject(&:empty?).join(' ')
"thin #{all_opts}"
end
def process_active?(pid)
begin
Process.kill(0, pid)
true
rescue Errno::ESRCH
false
end
end
def http_request(uri:, query: nil, data: nil, method: :get, headers: nil, skip_verify: false, cert: nil)
all_headers = { 'User-Agent': @script_name }
all_headers.merge!(headers) unless headers.nil?
query_str = (!query.nil? && !query.empty?) ? URI.encode_www_form(query.compact) : nil
uri.query = query_str
http = Net::HTTP.new(uri.host, uri.port)
if uri.is_a?(URI::HTTPS)
http.use_ssl = true
if skip_verify
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
else
# https://stackoverflow.com/questions/22093042/implementing-https-certificate-pubkey-pinning-with-ruby
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
user_passed_cert = OpenSSL::X509::Certificate.new(File.read(cert))
http.verify_callback = lambda do |preverify_ok, cert_store|
server_cert = cert_store.chain[0]
return true unless server_cert.to_der == cert_store.current_cert.to_der
same_public_key?(server_cert, user_passed_cert)
end
end
end
begin
response_data = { response: nil }
case method
when :get
request = Net::HTTP::Get.new(uri.request_uri, initheader=all_headers)
when :post
request = Net::HTTP::Post.new(uri.request_uri, initheader=all_headers)
else
raise Exception, "Request method #{method} is not handled"
end
request.content_type = 'application/json'
unless data.nil?
json_body = data.to_json
request.body = json_body
end
response = http.request(request)
unless response.body.nil? || response.body.empty?
response_data[:response] = JSON.parse(response.body, symbolize_names: true)
end
rescue => e
response_data[:exception] = e
puts "Problem with HTTP #{method} request #{uri.request_uri}, message: #{e.message}" if @options[:debug]
end
response_data
end
# Tells us whether the private keys on the passed certificates match
# and use the same algo
def same_public_key?(ref_cert, actual_cert)
pkr, pka = ref_cert.public_key, actual_cert.public_key
# First check if the public keys use the same crypto...
return false unless pkr.class == pka.class
# ...and then - that they have the same contents
return false unless pkr.to_pem == pka.to_pem
true
end
def parse_args(args)
subtext = <<~USAGE
Commands:
init initialize the component
reinit delete and reinitialize the component
delete delete and stop the component
status check component status
start start the component
stop stop the component
restart restart the component
USAGE
parser = OptionParser.new do |opts|
opts.banner = "Usage: #{@script_name} [options] <command>"
opts.separator('Manage a Metasploit Framework database and web service')
opts.separator('')
opts.separator('General Options:')
opts.on('--component COMPONENT', @components + ['all'], 'Component used with provided command (default: all)',
" (#{@components.join(', ')})") { |component|
@options[:component] = component.to_sym
}
opts.on('-d', '--debug', 'Enable debug output') { |d| @options[:debug] = d }
opts.on('-h', '--help', 'Show this help message') {
puts opts
exit
}
opts.separator('')
opts.separator('Database Options:')
opts.on('--msf-db-name NAME', "Database name (default: #{@options[:msf_db_name]})") { |n|
@options[:msf_db_name] = n
}
opts.on('--msf-db-user-name USER', "Database username (default: #{@options[:msf_db_user]})") { |u|
@options[:msf_db_user] = u
}
opts.on('--msf-test-db-name NAME', "Test database name (default: #{@options[:msftest_db_name]})") { |n|
@options[:msftest_db_name] = n
}
opts.on('--msf-test-db-user-name USER', "Test database username (default: #{@options[:msftest_db_user]})") { |u|
@options[:msftest_db_user] = u
}
opts.on('--db-port PORT', Integer, "Database port (default: #{@options[:db_port]})") { |p|
@options[:db_port] = p
}
opts.on('--db-pool MAX', Integer, "Database connection pool size (default: #{@options[:db_pool]})") { |m|
@options[:db_pool] = m
}
opts.separator('')
opts.separator('Web Service Options:')
opts.on('-a', '--address ADDRESS',
"Bind to host address (default: #{@options[:address]})") { |a|
@options[:address] = a
}
opts.on('-p', '--port PORT', Integer,
"Web service port (default: #{@options[:port]})") { |p|
@options[:port] = p
}
opts.on('--[no-]ssl', "Enable SSL (default: #{@options[:ssl]})") { |s| @options[:ssl] = s }
opts.on('--ssl-key-file PATH', "Path to private key (default: #{@options[:ssl_key]})") { |p|
@options[:ssl_key] = p
}
opts.on('--ssl-cert-file PATH', "Path to certificate (default: #{@options[:ssl_cert]})") { |p|
@options[:ssl_cert] = p
}
opts.on('--[no-]ssl-disable-verify',
"Disables (optional) client cert requests (default: #{@options[:ssl_disable_verify]})") { |v|
@options[:ssl_disable_verify] = v
}
opts.on('--environment ENV', @environments,
"Web service framework environment (default: #{@options[:ws_env]})",
" (#{@environments.join(', ')})") { |e|
@options[:ws_env] = e
}
opts.on('--retry-max MAX', Integer,
"Maximum number of web service connect attempts (default: #{@options[:retry_max]})") { |m|
@options[:retry_max] = m
}
opts.on('--retry-delay DELAY', Float,
"Delay in seconds between web service connect attempts (default: #{@options[:retry_delay]})") { |d|
@options[:retry_delay] = d
}
opts.on('--user USER', 'Initial web service admin username') { |u|
@options[:ws_user] = u
}
opts.separator('')
opts.separator(subtext)
end
parser.parse!(args)
if args.length != 1
puts parser
abort
end
@options
end
def invoke_command(commands, component, command)
method = commands[component][command]
if !method.nil?
send(method)
else
puts "Error: unrecognized command '#{command}' for #{component}"
end
end
def has_requirements
ret_val = true
postgresql_cmds = %w(psql pg_ctl initdb createdb)
other_cmds = %w(bundle thin)
missing_msg = "Missing requirement: %<name>s does not appear to be installed or '%<prog>s' is not in the environment path"
postgresql_cmds.each do |cmd|
next unless Msf::Util::Helper.which(cmd).nil?
puts missing_msg % { name: 'PostgreSQL', prog: cmd }
ret_val = false
end
other_cmds.each do |cmd|
if Msf::Util::Helper.which(cmd).nil?
puts missing_msg % { name: "'#{cmd}'", prog: cmd }
ret_val = false
end
end
ret_val
end
if $PROGRAM_NAME == __FILE__
# Bomb out if we're root
if !Gem.win_platform? && Process.uid.zero?
puts "Please run #{@script_name} as a non-root user"
abort
end
unless has_requirements
abort
end
# map component commands to methods
commands = {
database: {
init: :init_db,
reinit: :reinit_db,
delete: :delete_db,
status: :status_db,
start: :start_db,
stop: :stop_db,
restart: :restart_db
},
webservice: {
init: :init_web_service,
reinit: :reinit_web_service,
delete: :delete_web_service,
status: :status_web_service,
start: :start_web_service,
stop: :stop_web_service,
restart: :restart_web_service
}
}
parse_args(ARGV)
command = ARGV[0].to_sym
if @options[:component] == :all
@components.each { |component|
invoke_command(commands, component.to_sym, command)
}
else
invoke_command(commands, @options[:component], command)
end
end