adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/DBManager/Web.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1087 lines
70 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::DBManager::Web
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::DBManager::Web";
relpath = '../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../_index.html">Index (W)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../DBManager.html" title="Msf::DBManager (class)">DBManager</a></span></span>
&raquo;
<span class="title">Web</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::DBManager::Web
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../DBManager.html" title="Msf::DBManager (class)">Msf::DBManager</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/db_manager/web.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#report_web_form-instance_method" title="#report_web_form (instance method)">#<strong>report_web_form</strong>(opts) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Report a Web Form to the database.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#report_web_page-instance_method" title="#report_web_page (instance method)">#<strong>report_web_page</strong>(opts) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Report a Web Page to the database.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#report_web_site-instance_method" title="#report_web_site (instance method)">#<strong>report_web_site</strong>(opts) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Report a Web Site to the database.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#report_web_vuln-instance_method" title="#report_web_vuln (instance method)">#<strong>report_web_vuln</strong>(opts) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Report a Web Vuln to the database.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="report_web_form-instance_method">
#<strong>report_web_form</strong>(opts) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Report a Web Form to the database. WebForm must be tied to an existing Web Site</p>
<p>opts MUST contain</p>
<dl class="rdoc-list note-list"><dt><code>:web_site</code></dt>
<dd>
<p>the web site object that this page should be associated with</p>
</dd><dt><code>:path</code></dt>
<dd>
<p>the virtual host name for this particular web site</p>
</dd><dt><code>:query</code></dt>
<dd>
<p>the query string that is appended to the path (not valid for GET)</p>
</dd><dt><code>:method</code></dt>
<dd>
<p>the form method, one of GET, POST, or PATH</p>
</dd><dt><code>:params</code></dt>
<dd>
<p>an ARRAY of all parameters and values specified in the form</p>
</dd></dl>
<p>If web_site is NOT specified, the following values are mandatory</p>
<dl class="rdoc-list note-list"><dt><code>:host</code></dt>
<dd>
<p>the ip address of the server hosting the web site</p>
</dd><dt><code>:port</code></dt>
<dd>
<p>the port number of the associated web site</p>
</dd><dt><code>:vhost</code></dt>
<dd>
<p>the virtual host for this particular web site</p>
</dd><dt><code>:ssl</code></dt>
<dd>
<p>whether or not SSL is in use on this port</p>
</dd></dl>
<p>Duplicate records for a given web_site, path, method, and params combination will be overwritten</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/web.rb', line 20</span>
<span class='kw'>def</span> <span class='id identifier rubyid_report_web_form'>report_web_form</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_active'>active</span>
<span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ApplicationRecord.html" title="ApplicationRecord (class)">ApplicationRecord</a></span></span><span class='period'>.</span><span class='id identifier rubyid_connection_pool'>connection_pool</span><span class='period'>.</span><span class='id identifier rubyid_with_connection'>with_connection</span> <span class='lbrace'>{</span>
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_clone'>clone</span><span class='lparen'>(</span><span class='rparen'>)</span> <span class='comment'># protect the original caller&#39;s opts
</span> <span class='id identifier rubyid_wspace'>wspace</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util.html" title="Msf::Util (module)">Util</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util/DBManager.html" title="Msf::Util::DBManager (module)">DBManager</a></span></span><span class='period'>.</span><span class='id identifier rubyid_process_opts_workspace'><span class='object_link'><a href="../Util/DBManager.html#process_opts_workspace-class_method" title="Msf::Util::DBManager.process_opts_workspace (method)">process_opts_workspace</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='rparen'>)</span>
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:path</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_meth'>meth</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:method</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span>
<span class='id identifier rubyid_para'>para</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:params</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_quer'>quer</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:query</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='lparen'>(</span><span class='id identifier rubyid_path'>path</span> <span class='kw'>and</span> <span class='id identifier rubyid_meth'>meth</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_form requires the path and method parameters</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='words_beg'>%W{</span><span class='tstring_content'>GET</span><span class='words_sep'> </span><span class='tstring_content'>POST</span><span class='words_sep'> </span><span class='tstring_content'>PATH</span><span class='tstring_end'>}</span></span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_meth'>meth</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_form requires the method to be one of GET, POST, PATH</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebSite</span><span class='rparen'>)</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='symbol'>:web_site</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='id identifier rubyid_report_web_site'>report_web_site</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:vhost</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:ssl</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ssl</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_site'>site</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_form was unable to create the associated web site</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='comment'># Since one of our serialized fields is used as a unique parameter, we must do the final
</span> <span class='comment'># comparisons through ruby and not SQL.
</span>
<span class='id identifier rubyid_form'>form</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebForm</span><span class='period'>.</span><span class='id identifier rubyid_where'>where</span><span class='lparen'>(</span><span class='label'>web_site_id:</span> <span class='id identifier rubyid_site'>site</span><span class='lbracket'>[</span><span class='symbol'>:id</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>path:</span> <span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='label'>method:</span> <span class='id identifier rubyid_meth'>meth</span><span class='comma'>,</span> <span class='label'>query:</span> <span class='id identifier rubyid_quer'>quer</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_xform'>xform</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_xform'>xform</span><span class='period'>.</span><span class='id identifier rubyid_params'>params</span> <span class='op'>==</span> <span class='id identifier rubyid_para'>para</span>
<span class='id identifier rubyid_form'>form</span> <span class='op'>=</span> <span class='id identifier rubyid_xform'>xform</span>
<span class='kw'>break</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_form'>form</span>
<span class='id identifier rubyid_form'>form</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebForm</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_form'>form</span><span class='period'>.</span><span class='id identifier rubyid_web_site_id'>web_site_id</span> <span class='op'>=</span> <span class='id identifier rubyid_site'>site</span><span class='lbracket'>[</span><span class='symbol'>:id</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_form'>form</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_path'>path</span>
<span class='id identifier rubyid_form'>form</span><span class='period'>.</span><span class='id identifier rubyid_method'>method</span> <span class='op'>=</span> <span class='id identifier rubyid_meth'>meth</span>
<span class='id identifier rubyid_form'>form</span><span class='period'>.</span><span class='id identifier rubyid_params'>params</span> <span class='op'>=</span> <span class='id identifier rubyid_para'>para</span>
<span class='id identifier rubyid_form'>form</span><span class='period'>.</span><span class='id identifier rubyid_query'>query</span> <span class='op'>=</span> <span class='id identifier rubyid_quer'>quer</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_msf_assign_timestamps'>msf_assign_timestamps</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_form'>form</span><span class='rparen'>)</span>
<span class='id identifier rubyid_form'>form</span><span class='period'>.</span><span class='id identifier rubyid_save!'>save!</span>
<span class='id identifier rubyid_ret'>ret</span><span class='lbracket'>[</span><span class='symbol'>:web_form</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_form'>form</span>
<span class='rbrace'>}</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="report_web_page-instance_method">
#<strong>report_web_page</strong>(opts) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Report a Web Page to the database. WebPage must be tied to an existing Web Site</p>
<p>opts MUST contain</p>
<dl class="rdoc-list note-list"><dt><code>:web_site</code></dt>
<dd>
<p>the web site object that this page should be associated with</p>
</dd><dt><code>:path</code></dt>
<dd>
<p>the virtual host name for this particular web site</p>
</dd><dt><code>:code</code></dt>
<dd>
<p>the http status code from requesting this page</p>
</dd><dt><code>:headers</code></dt>
<dd>
<p>this is a HASH of headers (lowercase name as key) of ARRAYs of values</p>
</dd><dt><code>:body</code></dt>
<dd>
<p>the document body of the server response</p>
</dd><dt><code>:query</code></dt>
<dd>
<p>the query string after the path</p>
</dd></dl>
<p>If web_site is NOT specified, the following values are mandatory</p>
<dl class="rdoc-list note-list"><dt><code>:host</code></dt>
<dd>
<p>the ip address of the server hosting the web site</p>
</dd><dt><code>:port</code></dt>
<dd>
<p>the port number of the associated web site</p>
</dd><dt><code>:vhost</code></dt>
<dd>
<p>the virtual host for this particular web site</p>
</dd><dt><code>:ssl</code></dt>
<dd>
<p>whether or not SSL is in use on this port</p>
</dd></dl>
<p>These values will be used to create new host, service, and web_site records</p>
<p>opts can contain</p>
<dl class="rdoc-list note-list"><dt><code>:cookie</code></dt>
<dd>
<p>the Set-Cookie headers, merged into a string</p>
</dd><dt><code>:auth</code></dt>
<dd>
<p>the Authorization headers, merged into a string</p>
</dd><dt><code>:ctype</code></dt>
<dd>
<p>the Content-Type headers, merged into a string</p>
</dd><dt><code>:mtime</code></dt>
<dd>
<p>the timestamp returned from the server of the last modification time</p>
</dd><dt><code>:location</code></dt>
<dd>
<p>the URL that a redirect points to</p>
</dd></dl>
<p>Duplicate records for a given web_site, path, and query combination will be overwritten</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/web.rb', line 108</span>
<span class='kw'>def</span> <span class='id identifier rubyid_report_web_page'>report_web_page</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_active'>active</span>
<span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ApplicationRecord.html" title="ApplicationRecord (class)">ApplicationRecord</a></span></span><span class='period'>.</span><span class='id identifier rubyid_connection_pool'>connection_pool</span><span class='period'>.</span><span class='id identifier rubyid_with_connection'>with_connection</span> <span class='lbrace'>{</span>
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_clone'>clone</span><span class='lparen'>(</span><span class='rparen'>)</span> <span class='comment'># protect the original caller&#39;s opts
</span> <span class='id identifier rubyid_wspace'>wspace</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util.html" title="Msf::Util (module)">Util</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util/DBManager.html" title="Msf::Util::DBManager (module)">DBManager</a></span></span><span class='period'>.</span><span class='id identifier rubyid_process_opts_workspace'><span class='object_link'><a href="../Util/DBManager.html#process_opts_workspace-class_method" title="Msf::Util::DBManager.process_opts_workspace (method)">process_opts_workspace</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='rparen'>)</span>
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:path</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_code'>code</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:code</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:body</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_query'>query</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:query</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_headers'>headers</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:headers</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='lparen'>(</span><span class='id identifier rubyid_path'>path</span> <span class='kw'>and</span> <span class='id identifier rubyid_code'>code</span> <span class='kw'>and</span> <span class='id identifier rubyid_body'>body</span> <span class='kw'>and</span> <span class='id identifier rubyid_headers'>headers</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_page requires the path, query, code, body, and headers parameters</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebSite</span><span class='rparen'>)</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='symbol'>:web_site</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='id identifier rubyid_report_web_site'>report_web_site</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:vhost</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:ssl</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ssl</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_site'>site</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_page was unable to create the associated web site</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_page'>page</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebPage</span><span class='period'>.</span><span class='id identifier rubyid_where'>where</span><span class='lparen'>(</span><span class='label'>web_site_id:</span> <span class='id identifier rubyid_site'>site</span><span class='lbracket'>[</span><span class='symbol'>:id</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>path:</span> <span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='label'>query:</span> <span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first_or_initialize'>first_or_initialize</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>=</span> <span class='id identifier rubyid_code'>code</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='id identifier rubyid_body'>body</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span> <span class='op'>=</span> <span class='id identifier rubyid_headers'>headers</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cookie</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cookie</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_auth'>auth</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:auth</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:auth</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_mtime'>mtime</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:mtime</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:mtime</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ctype</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>||</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ctype</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_ctype'>ctype</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_ctype'>ctype</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ctype</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_location'>location</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:location</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:location</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_assign_timestamps'>msf_assign_timestamps</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_page'>page</span><span class='rparen'>)</span>
<span class='id identifier rubyid_page'>page</span><span class='period'>.</span><span class='id identifier rubyid_save!'>save!</span>
<span class='id identifier rubyid_ret'>ret</span><span class='lbracket'>[</span><span class='symbol'>:web_page</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_page'>page</span>
<span class='rbrace'>}</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="report_web_site-instance_method">
#<strong>report_web_site</strong>(opts) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Report a Web Site to the database. WebSites must be tied to an existing Service</p>
<p>opts MUST contain</p>
<dl class="rdoc-list note-list"><dt><code>:service</code></dt>
<dd>
<p>the service object this site should be associated with</p>
</dd><dt><code>:vhost</code></dt>
<dd>
<p>the virtual host name for this particular web site`</p>
</dd></dl>
<p>If <code>:service</code> is NOT specified, the following values are mandatory</p>
<dl class="rdoc-list note-list"><dt><code>:host</code></dt>
<dd>
<p>the ip address of the server hosting the web site</p>
</dd><dt><code>:port</code></dt>
<dd>
<p>the port number of the associated web site</p>
</dd><dt><code>:ssl</code></dt>
<dd>
<p>whether or not SSL is in use on this port</p>
</dd></dl>
<p>These values will be used to create new host and service records</p>
<p>opts can contain</p>
<dl class="rdoc-list note-list"><dt><code>:options</code></dt>
<dd>
<p>a hash of options for accessing this particular web site</p>
</dd><dt><code>:info</code></dt>
<dd>
<p>if present, report the service with this info</p>
</dd></dl>
<p>Duplicate records for a given host, port, vhost combination will be overwritten</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/web.rb', line 190</span>
<span class='kw'>def</span> <span class='id identifier rubyid_report_web_site'>report_web_site</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_active'>active</span>
<span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ApplicationRecord.html" title="ApplicationRecord (class)">ApplicationRecord</a></span></span><span class='period'>.</span><span class='id identifier rubyid_connection_pool'>connection_pool</span><span class='period'>.</span><span class='id identifier rubyid_with_connection'>with_connection</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_conn'>conn</span><span class='op'>|</span>
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_clone'>clone</span><span class='lparen'>(</span><span class='rparen'>)</span> <span class='comment'># protect the original caller&#39;s opts
</span> <span class='id identifier rubyid_wspace'>wspace</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util.html" title="Msf::Util (module)">Util</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util/DBManager.html" title="Msf::Util::DBManager (module)">DBManager</a></span></span><span class='period'>.</span><span class='id identifier rubyid_process_opts_workspace'><span class='object_link'><a href="../Util/DBManager.html#process_opts_workspace-class_method" title="Msf::Util::DBManager.process_opts_workspace (method)">process_opts_workspace</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vhost'>vhost</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='symbol'>:vhost</span><span class='rparen'>)</span>
<span class='id identifier rubyid_addr'>addr</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_port'>port</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_serv'>serv</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:service</span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:service</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>Service</span><span class='rparen'>)</span>
<span class='id identifier rubyid_serv'>serv</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:service</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_addr'>addr</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_port'>port</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ssl</span><span class='rbracket'>]</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>https</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:info</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='lparen'>(</span><span class='id identifier rubyid_addr'>addr</span> <span class='kw'>and</span> <span class='id identifier rubyid_port'>port</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_site requires service OR host/port/ssl</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='comment'># Force addr to be the address and not hostname
</span> <span class='id identifier rubyid_addr'>addr</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='period'>.</span><span class='id identifier rubyid_getaddress'>getaddress</span><span class='lparen'>(</span><span class='id identifier rubyid_addr'>addr</span><span class='comma'>,</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>=</span> <span class='id identifier rubyid_serv'>serv</span> <span class='op'>?</span> <span class='id identifier rubyid_serv'>serv</span><span class='period'>.</span><span class='id identifier rubyid_host'>host</span> <span class='op'>:</span> <span class='id identifier rubyid_find_or_create_host'>find_or_create_host</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_addr'>addr</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../HostState.html" title="Msf::HostState (module)">HostState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../HostState.html#Alive-constant" title="Msf::HostState::Alive (constant)">Alive</a></span></span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='id identifier rubyid_vhost'>vhost</span>
<span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_save!'>save!</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_serv'>serv</span> <span class='op'>=</span> <span class='id identifier rubyid_serv'>serv</span> <span class='op'>?</span> <span class='id identifier rubyid_serv'>serv</span> <span class='op'>:</span> <span class='id identifier rubyid_find_or_create_service'>find_or_create_service</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_host'>host</span><span class='comma'>,</span>
<span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_port'>port</span><span class='comma'>,</span>
<span class='symbol'>:proto</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>open</span><span class='tstring_end'>&#39;</span></span>
<span class='rparen'>)</span>
<span class='comment'># Change the service name if it is blank or it has
</span> <span class='comment'># been explicitly specified.
</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_keys'>keys</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='symbol'>:ssl</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='id identifier rubyid_serv'>serv</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ssl</span><span class='rbracket'>]</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>https</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_serv'>serv</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='id identifier rubyid_name'>name</span>
<span class='kw'>end</span>
<span class='comment'># Add the info if it&#39;s there.
</span> <span class='kw'>unless</span> <span class='id identifier rubyid_info'>info</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_serv'>serv</span><span class='period'>.</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='id identifier rubyid_info'>info</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_serv'>serv</span><span class='period'>.</span><span class='id identifier rubyid_save!'>save!</span> <span class='kw'>if</span> <span class='id identifier rubyid_serv'>serv</span><span class='period'>.</span><span class='id identifier rubyid_changed?'>changed?</span>
<span class='embdoc_beg'>=begin
</span><span class='embdoc'> host.updated_at = host.created_at
</span><span class='embdoc'> host.state = HostState::Alive
</span><span class='embdoc'> host.save!
</span><span class='embdoc_end'>=end
</span>
<span class='id identifier rubyid_vhost'>vhost</span> <span class='op'>||=</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebSite</span><span class='period'>.</span><span class='id identifier rubyid_where'>where</span><span class='lparen'>(</span><span class='label'>vhost:</span> <span class='id identifier rubyid_vhost'>vhost</span><span class='comma'>,</span> <span class='label'>service_id:</span> <span class='id identifier rubyid_serv'>serv</span><span class='lbracket'>[</span><span class='symbol'>:id</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first_or_initialize'>first_or_initialize</span>
<span class='id identifier rubyid_site'>site</span><span class='period'>.</span><span class='id identifier rubyid_options'>options</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:options</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:options</span><span class='rbracket'>]</span>
<span class='comment'># XXX:
</span> <span class='id identifier rubyid_msf_assign_timestamps'>msf_assign_timestamps</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_site'>site</span><span class='rparen'>)</span>
<span class='id identifier rubyid_site'>site</span><span class='period'>.</span><span class='id identifier rubyid_save!'>save!</span>
<span class='id identifier rubyid_ret'>ret</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_site'>site</span>
<span class='rbrace'>}</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="report_web_vuln-instance_method">
#<strong>report_web_vuln</strong>(opts) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Report a Web Vuln to the database. WebVuln must be tied to an existing Web Site</p>
<p>opts MUST contain</p>
<dl class="rdoc-list note-list"><dt><code>:web_site</code></dt>
<dd>
<p>the web site object that this page should be associated with</p>
</dd><dt><code>:path</code></dt>
<dd>
<p>the virtual host name for this particular web site</p>
</dd><dt><code>:query</code></dt>
<dd>
<p>the query string appended to the path (not valid for GET method flaws)</p>
</dd><dt><code>:method</code></dt>
<dd>
<p>the form method, one of GET, POST, or PATH</p>
</dd><dt><code>:params</code></dt>
<dd>
<p>an ARRAY of all parameters and values specified in the form</p>
</dd><dt><code>:pname</code></dt>
<dd>
<p>the specific field where the vulnerability occurs</p>
</dd><dt><code>:proof</code></dt>
<dd>
<p>the string showing proof of the vulnerability</p>
</dd><dt><code>:risk</code></dt>
<dd>
<p>an INTEGER value from 0 to 5 indicating the risk (5 is highest)</p>
</dd><dt><code>:name</code></dt>
<dd>
<p>the string indicating the type of vulnerability</p>
</dd></dl>
<p>If web_site is NOT specified, the following values are mandatory</p>
<dl class="rdoc-list note-list"><dt><code>:host</code></dt>
<dd>
<p>the ip address of the server hosting the web site</p>
</dd><dt><code>:port</code></dt>
<dd>
<p>the port number of the associated web site</p>
</dd><dt><code>:vhost</code></dt>
<dd>
<p>the virtual host for this particular web site</p>
</dd><dt><code>:ssl</code></dt>
<dd>
<p>whether or not SSL is in use on this port</p>
</dd></dl>
<p>Duplicate records for a given web_site, path, method, pname, and name combination will be overwritten</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/web.rb', line 292</span>
<span class='kw'>def</span> <span class='id identifier rubyid_report_web_vuln'>report_web_vuln</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_active'>active</span>
<span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ApplicationRecord.html" title="ApplicationRecord (class)">ApplicationRecord</a></span></span><span class='period'>.</span><span class='id identifier rubyid_connection_pool'>connection_pool</span><span class='period'>.</span><span class='id identifier rubyid_with_connection'>with_connection</span> <span class='lbrace'>{</span>
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_clone'>clone</span><span class='lparen'>(</span><span class='rparen'>)</span> <span class='comment'># protect the original caller&#39;s opts
</span> <span class='id identifier rubyid_wspace'>wspace</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util.html" title="Msf::Util (module)">Util</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Util/DBManager.html" title="Msf::Util::DBManager (module)">DBManager</a></span></span><span class='period'>.</span><span class='id identifier rubyid_process_opts_workspace'><span class='object_link'><a href="../Util/DBManager.html#process_opts_workspace-class_method" title="Msf::Util::DBManager.process_opts_workspace (method)">process_opts_workspace</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='rparen'>)</span>
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:path</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_meth'>meth</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:method</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_para'>para</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:params</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_quer'>quer</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:query</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_pname'>pname</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:pname</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_proof'>proof</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:proof</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_risk'>risk</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:risk</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:name</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='id identifier rubyid_blame'>blame</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:blame</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='id identifier rubyid_desc'>desc</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:description</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='id identifier rubyid_conf'>conf</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:confidence</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_cat'>cat</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:category</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='id identifier rubyid_payload'>payload</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:payload</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_owner'>owner</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:owner</span><span class='rbracket'>]</span> <span class='op'>?</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:owner</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_shortname'>shortname</span> <span class='op'>:</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='lparen'>(</span><span class='id identifier rubyid_path'>path</span> <span class='kw'>and</span> <span class='id identifier rubyid_meth'>meth</span> <span class='kw'>and</span> <span class='id identifier rubyid_proof'>proof</span> <span class='kw'>and</span> <span class='id identifier rubyid_pname'>pname</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_vuln requires the path, method, proof, risk, name, params, and pname parameters. Received </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_inspect'>inspect</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='words_beg'>%W{</span><span class='tstring_content'>GET</span><span class='words_sep'> </span><span class='tstring_content'>POST</span><span class='words_sep'> </span><span class='tstring_content'>PATH</span><span class='tstring_end'>}</span></span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_meth'>meth</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_vuln requires the method to be one of GET, POST, PATH. Received &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_meth'>meth</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_risk'>risk</span> <span class='op'>&lt;</span> <span class='int'>0</span> <span class='kw'>or</span> <span class='id identifier rubyid_risk'>risk</span> <span class='op'>&gt;</span> <span class='int'>5</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_vuln requires the risk to be between 0 and 5 (inclusive). Received &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_risk'>risk</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_conf'>conf</span> <span class='op'>&lt;</span> <span class='int'>0</span> <span class='kw'>or</span> <span class='id identifier rubyid_conf'>conf</span> <span class='op'>&gt;</span> <span class='int'>100</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_vuln requires the confidence to be between 1 and 100 (inclusive). Received &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_conf'>conf</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_cat'>cat</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_vuln requires the category to be a valid string</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_name'>name</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_vuln requires the name to be a valid string</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:web_site</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebSite</span><span class='rparen'>)</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='symbol'>:web_site</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_site'>site</span> <span class='op'>=</span> <span class='id identifier rubyid_report_web_site'>report_web_site</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:vhost</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:host</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:ssl</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:ssl</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_site'>site</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>report_web_form was unable to create the associated web site</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_meth'>meth</span> <span class='op'>=</span> <span class='id identifier rubyid_meth'>meth</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span>
<span class='id identifier rubyid_vuln'>vuln</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>Mdm</span><span class='op'>::</span><span class='const'>WebVuln</span><span class='period'>.</span><span class='id identifier rubyid_where'>where</span><span class='lparen'>(</span><span class='label'>web_site_id:</span> <span class='id identifier rubyid_site'>site</span><span class='lbracket'>[</span><span class='symbol'>:id</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>path:</span> <span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='label'>method:</span> <span class='id identifier rubyid_meth'>meth</span><span class='comma'>,</span> <span class='label'>pname:</span> <span class='id identifier rubyid_pname'>pname</span><span class='comma'>,</span> <span class='label'>name:</span> <span class='id identifier rubyid_name'>name</span><span class='comma'>,</span> <span class='label'>category:</span> <span class='id identifier rubyid_cat'>cat</span><span class='comma'>,</span> <span class='label'>query:</span> <span class='id identifier rubyid_quer'>quer</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first_or_initialize'>first_or_initialize</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span> <span class='op'>=</span> <span class='id identifier rubyid_name'>name</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_risk'>risk</span> <span class='op'>=</span> <span class='id identifier rubyid_risk'>risk</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_params'>params</span> <span class='op'>=</span> <span class='id identifier rubyid_para'>para</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_proof'>proof</span> <span class='op'>=</span> <span class='id identifier rubyid_proof'>proof</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_category'>category</span> <span class='op'>=</span> <span class='id identifier rubyid_cat'>cat</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_blame'>blame</span> <span class='op'>=</span> <span class='id identifier rubyid_blame'>blame</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_description'>description</span> <span class='op'>=</span> <span class='id identifier rubyid_desc'>desc</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_confidence'>confidence</span> <span class='op'>=</span> <span class='id identifier rubyid_conf'>conf</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span> <span class='op'>=</span> <span class='id identifier rubyid_payload'>payload</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_owner'>owner</span> <span class='op'>=</span> <span class='id identifier rubyid_owner'>owner</span>
<span class='id identifier rubyid_msf_assign_timestamps'>msf_assign_timestamps</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_vuln'>vuln</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vuln'>vuln</span><span class='period'>.</span><span class='id identifier rubyid_save!'>save!</span>
<span class='id identifier rubyid_ret'>ret</span><span class='lbracket'>[</span><span class='symbol'>:web_vuln</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_vuln'>vuln</span>
<span class='rbrace'>}</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:07 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink