2012-06-29 00:18:28 -05:00
|
|
|
# -*- coding: binary -*-
|
2005-07-09 21:18:49 +00:00
|
|
|
require 'msf/core'
|
2005-06-05 00:03:23 +00:00
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
2005-11-15 15:11:43 +00:00
|
|
|
# A reference to some sort of information. This is typically a URL, but could
|
|
|
|
|
# be any type of referential value that people could use to research a topic.
|
2005-06-05 00:03:23 +00:00
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
class Msf::Module::Reference
|
|
|
|
|
|
2013-08-30 16:28:33 -05:00
|
|
|
#
|
|
|
|
|
# Serialize a reference from a string.
|
|
|
|
|
#
|
|
|
|
|
def self.from_s(str)
|
|
|
|
|
return self.new(str)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Initializes a reference from a string.
|
|
|
|
|
#
|
|
|
|
|
def initialize(in_str)
|
|
|
|
|
self.str = in_str
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Compares references to see if their equal.
|
|
|
|
|
#
|
|
|
|
|
def ==(tgt)
|
|
|
|
|
return (tgt.to_s == to_s)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Returns the reference as a string.
|
|
|
|
|
#
|
|
|
|
|
def to_s
|
|
|
|
|
return self.str
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Serializes the reference instance from a string.
|
|
|
|
|
#
|
|
|
|
|
def from_s(in_str)
|
|
|
|
|
self.str = in_str
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# The reference string.
|
|
|
|
|
#
|
|
|
|
|
attr_reader :str
|
2005-06-05 00:03:23 +00:00
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
2013-08-30 16:28:33 -05:00
|
|
|
attr_writer :str # :nodoc:
|
2005-06-05 00:03:23 +00:00
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# A reference to a website.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
class Msf::Module::SiteReference < Msf::Module::Reference
|
|
|
|
|
|
2013-08-30 16:28:33 -05:00
|
|
|
#
|
|
|
|
|
# Class method that translates a URL into a site reference instance.
|
|
|
|
|
#
|
|
|
|
|
def self.from_s(str)
|
|
|
|
|
instance = self.new
|
|
|
|
|
|
|
|
|
|
if (instance.from_s(str) == false)
|
|
|
|
|
return nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return instance
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Initializes a site reference from an array. ary[0] is the site and
|
2016-09-20 14:27:59 -05:00
|
|
|
# ary[1] is the site context identifier, such as CVE.
|
2013-08-30 16:28:33 -05:00
|
|
|
#
|
|
|
|
|
def self.from_a(ary)
|
|
|
|
|
return nil if (ary.length < 2)
|
|
|
|
|
|
|
|
|
|
self.new(ary[0], ary[1])
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Initialize the site reference.
|
2014-11-05 09:57:13 -06:00
|
|
|
# If you're updating the references, please also update:
|
|
|
|
|
# * tools/module_reference.rb
|
|
|
|
|
# * https://github.com/rapid7/metasploit-framework/wiki/Metasploit-module-reference-identifiers
|
2013-08-30 16:28:33 -05:00
|
|
|
#
|
|
|
|
|
def initialize(in_ctx_id = 'Unknown', in_ctx_val = '')
|
|
|
|
|
self.ctx_id = in_ctx_id
|
|
|
|
|
self.ctx_val = in_ctx_val
|
|
|
|
|
|
2016-09-20 14:27:59 -05:00
|
|
|
if (in_ctx_id == 'CVE')
|
2017-01-01 21:26:01 -06:00
|
|
|
self.site = "https://cvedetails.com/cve/CVE-#{in_ctx_val}/"
|
2013-08-30 16:28:33 -05:00
|
|
|
elsif (in_ctx_id == 'CWE')
|
2015-05-02 10:11:17 -05:00
|
|
|
self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
|
2013-08-30 16:28:33 -05:00
|
|
|
elsif (in_ctx_id == 'BID')
|
2014-10-02 23:03:31 +02:00
|
|
|
self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
|
2013-08-30 16:28:33 -05:00
|
|
|
elsif (in_ctx_id == 'MSB')
|
2017-01-01 21:26:01 -06:00
|
|
|
self.site = "https://technet.microsoft.com/en-us/library/security/#{in_ctx_val}"
|
2013-08-30 16:28:33 -05:00
|
|
|
elsif (in_ctx_id == 'EDB')
|
2015-05-02 10:11:17 -05:00
|
|
|
self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"
|
2013-08-30 16:28:33 -05:00
|
|
|
elsif (in_ctx_id == 'US-CERT-VU')
|
2017-01-01 21:26:01 -06:00
|
|
|
self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"
|
2013-10-21 13:39:07 -05:00
|
|
|
elsif (in_ctx_id == 'ZDI')
|
2014-10-02 23:03:31 +02:00
|
|
|
self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
|
2014-10-03 17:13:18 +02:00
|
|
|
elsif (in_ctx_id == 'WPVDB')
|
2014-10-02 23:03:31 +02:00
|
|
|
self.site = "https://wpvulndb.com/vulnerabilities/#{in_ctx_val}"
|
2015-09-01 23:25:01 -05:00
|
|
|
elsif (in_ctx_id == 'PACKETSTORM')
|
2015-08-20 00:36:27 -03:00
|
|
|
self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"
|
2013-08-30 16:28:33 -05:00
|
|
|
elsif (in_ctx_id == 'URL')
|
|
|
|
|
self.site = in_ctx_val.to_s
|
|
|
|
|
else
|
|
|
|
|
self.site = in_ctx_id
|
|
|
|
|
self.site += " (#{in_ctx_val})" if (in_ctx_val)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Returns the absolute site URL.
|
|
|
|
|
#
|
|
|
|
|
def to_s
|
|
|
|
|
return site || ''
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Serializes a site URL string.
|
|
|
|
|
#
|
|
|
|
|
def from_s(str)
|
|
|
|
|
if (/(http:\/\/|https:\/\/|ftp:\/\/)/.match(str))
|
|
|
|
|
self.site = str
|
|
|
|
|
self.ctx_id = 'URL'
|
|
|
|
|
self.ctx_val = self.site
|
|
|
|
|
else
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# The site being referenced.
|
|
|
|
|
#
|
|
|
|
|
attr_reader :site
|
|
|
|
|
#
|
2016-09-20 14:27:59 -05:00
|
|
|
# The context identifier of the site, such as CVE.
|
2013-08-30 16:28:33 -05:00
|
|
|
#
|
|
|
|
|
attr_reader :ctx_id
|
|
|
|
|
#
|
|
|
|
|
# The context value of the reference, such as MS02-039
|
|
|
|
|
#
|
|
|
|
|
attr_reader :ctx_val
|
2005-06-05 00:03:23 +00:00
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
2013-08-30 16:28:33 -05:00
|
|
|
attr_writer :site, :ctx_id, :ctx_val
|
2005-06-05 00:03:23 +00:00
|
|
|
|
2009-09-27 21:30:45 +00:00
|
|
|
end
|
