adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/Flowise.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

933 lines
59 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::Flowise
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::Flowise";
relpath = '../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../_index.html">Index (F)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span>
&raquo;
<span class="title">Flowise</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::Flowise
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../HttpClient.html" title="Msf::Exploit::Remote::HttpClient (module)">Msf::Exploit::Remote::HttpClient</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/flowise.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module provides a way of interacting with Flowise installations. It includes methods for version detection, authentication, and sending requests to the customMCP endpoint.</p>
</div>
</div>
<div class="tags">
<div class="examples">
<h4 class="tag_title">Examples:</h4>
<pre class="example code"><code><span class='id identifier rubyid_include'>include</span> <span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span><span class='op'>::</span><span class='const'>Flowise</span>
<span class='kw'>def</span> <span class='id identifier rubyid_exploit'>exploit</span>
<span class='id identifier rubyid_version'>version</span> <span class='op'>=</span> <span class='id identifier rubyid_flowise_get_version'>flowise_get_version</span>
<span class='kw'>if</span> <span class='id identifier rubyid_flowise_requires_auth?'>flowise_requires_auth?</span><span class='lparen'>(</span><span class='id identifier rubyid_version'>version</span><span class='rparen'>)</span>
<span class='id identifier rubyid_flowise_login'>flowise_login</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>admin@example.com</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>password</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_flowise_send_custommcp_request'>flowise_send_custommcp_request</span><span class='lparen'>(</span><span class='id identifier rubyid_payload_data'>payload_data</span><span class='rparen'>)</span>
<span class='kw'>end</span></code></pre>
</div>
</div>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../HttpClient.html" title="Msf::Exploit::Remote::HttpClient (module)">Msf::Exploit::Remote::HttpClient</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../HttpClient.html#client-instance_method" title="Msf::Exploit::Remote::HttpClient#client (method)">#client</a></span>, <span class='object_link'><a href="../HttpClient.html#cookie_jar-instance_method" title="Msf::Exploit::Remote::HttpClient#cookie_jar (method)">#cookie_jar</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#flowise_get_version-instance_method" title="#flowise_get_version (instance method)">#<strong>flowise_get_version</strong> &#x21d2; Rex::Version<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Retrieves the Flowise version from the target.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#flowise_login-instance_method" title="#flowise_login (instance method)">#<strong>flowise_login</strong>(email, password) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Authenticates with Flowise using JWT (email/password).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#flowise_requires_auth%3F-instance_method" title="#flowise_requires_auth? (instance method)">#<strong>flowise_requires_auth?</strong>(version = nil) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Checks if the Flowise version requires authentication.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#flowise_send_custommcp_request-instance_method" title="#flowise_send_custommcp_request (instance method)">#<strong>flowise_send_custommcp_request</strong>(payload_data, opts = {}) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Sends a request to the customMCP endpoint.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../HttpClient.html" title="Msf::Exploit::Remote::HttpClient (module)">Msf::Exploit::Remote::HttpClient</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../HttpClient.html#basic_auth-instance_method" title="Msf::Exploit::Remote::HttpClient#basic_auth (method)">#basic_auth</a></span>, <span class='object_link'><a href="../HttpClient.html#cleanup-instance_method" title="Msf::Exploit::Remote::HttpClient#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="../HttpClient.html#configure_http_login_scanner-instance_method" title="Msf::Exploit::Remote::HttpClient#configure_http_login_scanner (method)">#configure_http_login_scanner</a></span>, <span class='object_link'><a href="../HttpClient.html#connect-instance_method" title="Msf::Exploit::Remote::HttpClient#connect (method)">#connect</a></span>, <span class='object_link'><a href="../HttpClient.html#connect_ws-instance_method" title="Msf::Exploit::Remote::HttpClient#connect_ws (method)">#connect_ws</a></span>, <span class='object_link'><a href="../HttpClient.html#deregister_http_client_options-instance_method" title="Msf::Exploit::Remote::HttpClient#deregister_http_client_options (method)">#deregister_http_client_options</a></span>, <span class='object_link'><a href="../HttpClient.html#disconnect-instance_method" title="Msf::Exploit::Remote::HttpClient#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="../HttpClient.html#download-instance_method" title="Msf::Exploit::Remote::HttpClient#download (method)">#download</a></span>, <span class='object_link'><a href="../HttpClient.html#full_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#full_uri (method)">#full_uri</a></span>, <span class='object_link'><a href="../HttpClient.html#handler-instance_method" title="Msf::Exploit::Remote::HttpClient#handler (method)">#handler</a></span>, <span class='object_link'><a href="../HttpClient.html#http_fingerprint-instance_method" title="Msf::Exploit::Remote::HttpClient#http_fingerprint (method)">#http_fingerprint</a></span>, <span class='object_link'><a href="../HttpClient.html#initialize-instance_method" title="Msf::Exploit::Remote::HttpClient#initialize (method)">#initialize</a></span>, <span class='object_link'><a href="../HttpClient.html#lookup_http_fingerprints-instance_method" title="Msf::Exploit::Remote::HttpClient#lookup_http_fingerprints (method)">#lookup_http_fingerprints</a></span>, <span class='object_link'><a href="../HttpClient.html#normalize_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#normalize_uri (method)">#normalize_uri</a></span>, <span class='object_link'><a href="../HttpClient.html#path_from_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#path_from_uri (method)">#path_from_uri</a></span>, <span class='object_link'><a href="../HttpClient.html#peer-instance_method" title="Msf::Exploit::Remote::HttpClient#peer (method)">#peer</a></span>, <span class='object_link'><a href="../HttpClient.html#proxies-instance_method" title="Msf::Exploit::Remote::HttpClient#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="../HttpClient.html#reconfig_redirect_opts!-instance_method" title="Msf::Exploit::Remote::HttpClient#reconfig_redirect_opts! (method)">#reconfig_redirect_opts!</a></span>, <span class='object_link'><a href="../HttpClient.html#request_opts_from_url-instance_method" title="Msf::Exploit::Remote::HttpClient#request_opts_from_url (method)">#request_opts_from_url</a></span>, <span class='object_link'><a href="../HttpClient.html#request_url-instance_method" title="Msf::Exploit::Remote::HttpClient#request_url (method)">#request_url</a></span>, <span class='object_link'><a href="../HttpClient.html#rhost-instance_method" title="Msf::Exploit::Remote::HttpClient#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="../HttpClient.html#rport-instance_method" title="Msf::Exploit::Remote::HttpClient#rport (method)">#rport</a></span>, <span class='object_link'><a href="../HttpClient.html#send_request_cgi-instance_method" title="Msf::Exploit::Remote::HttpClient#send_request_cgi (method)">#send_request_cgi</a></span>, <span class='object_link'><a href="../HttpClient.html#send_request_cgi!-instance_method" title="Msf::Exploit::Remote::HttpClient#send_request_cgi! (method)">#send_request_cgi!</a></span>, <span class='object_link'><a href="../HttpClient.html#send_request_raw-instance_method" title="Msf::Exploit::Remote::HttpClient#send_request_raw (method)">#send_request_raw</a></span>, <span class='object_link'><a href="../HttpClient.html#service_details-instance_method" title="Msf::Exploit::Remote::HttpClient#service_details (method)">#service_details</a></span>, <span class='object_link'><a href="../HttpClient.html#setup-instance_method" title="Msf::Exploit::Remote::HttpClient#setup (method)">#setup</a></span>, <span class='object_link'><a href="../HttpClient.html#ssl-instance_method" title="Msf::Exploit::Remote::HttpClient#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="../HttpClient.html#ssl_version-instance_method" title="Msf::Exploit::Remote::HttpClient#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="../HttpClient.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::HttpClient#sslkeylogfile (method)">#sslkeylogfile</a></span>, <span class='object_link'><a href="../HttpClient.html#strip_tags-instance_method" title="Msf::Exploit::Remote::HttpClient#strip_tags (method)">#strip_tags</a></span>, <span class='object_link'><a href="../HttpClient.html#target_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#target_uri (method)">#target_uri</a></span>, <span class='object_link'><a href="../HttpClient.html#validate_fingerprint-instance_method" title="Msf::Exploit::Remote::HttpClient#validate_fingerprint (method)">#validate_fingerprint</a></span>, <span class='object_link'><a href="../HttpClient.html#vhost-instance_method" title="Msf::Exploit::Remote::HttpClient#vhost (method)">#vhost</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Kerberos/ServiceAuthenticator/Options.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options (module)">Kerberos::ServiceAuthenticator::Options</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Kerberos/ServiceAuthenticator/Options.html#kerberos_auth_options-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_auth_options (method)">#kerberos_auth_options</a></span>, <span class='object_link'><a href="../Kerberos/ServiceAuthenticator/Options.html#kerberos_clock_skew_seconds-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_clock_skew_seconds (method)">#kerberos_clock_skew_seconds</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Kerberos/Ticket/Storage.html" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage (module)">Kerberos::Ticket::Storage</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Kerberos/Ticket/Storage.html#initialize-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#initialize (method)">#initialize</a></span>, <span class='object_link'><a href="../Kerberos/Ticket/Storage.html#kerberos_storage_options-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_storage_options (method)">#kerberos_storage_options</a></span>, <span class='object_link'><a href="../Kerberos/Ticket/Storage.html#kerberos_ticket_storage-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_ticket_storage (method)">#kerberos_ticket_storage</a></span>, <span class='object_link'><a href="../Kerberos/Ticket/Storage.html#store_ccache-class_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage.store_ccache (method)">store_ccache</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Auxiliary/LoginScanner.html" title="Msf::Auxiliary::LoginScanner (module)">Auxiliary::LoginScanner</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Auxiliary/LoginScanner.html#configure_login_scanner-instance_method" title="Msf::Auxiliary::LoginScanner#configure_login_scanner (method)">#configure_login_scanner</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Auxiliary/Report.html" title="Msf::Auxiliary::Report (module)">Auxiliary::Report</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Auxiliary/Report.html#active_db%3F-instance_method" title="Msf::Auxiliary::Report#active_db? (method)">#active_db?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_cracked_credential-instance_method" title="Msf::Auxiliary::Report#create_cracked_credential (method)">#create_cracked_credential</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential-instance_method" title="Msf::Auxiliary::Report#create_credential (method)">#create_credential</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential_and_login-instance_method" title="Msf::Auxiliary::Report#create_credential_and_login (method)">#create_credential_and_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential_login-instance_method" title="Msf::Auxiliary::Report#create_credential_login (method)">#create_credential_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#db-instance_method" title="Msf::Auxiliary::Report#db (method)">#db</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#db_warning_given%3F-instance_method" title="Msf::Auxiliary::Report#db_warning_given? (method)">#db_warning_given?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#get_client-instance_method" title="Msf::Auxiliary::Report#get_client (method)">#get_client</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#get_host-instance_method" title="Msf::Auxiliary::Report#get_host (method)">#get_host</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#inside_workspace_boundary%3F-instance_method" title="Msf::Auxiliary::Report#inside_workspace_boundary? (method)">#inside_workspace_boundary?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#invalidate_login-instance_method" title="Msf::Auxiliary::Report#invalidate_login (method)">#invalidate_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#mytask-instance_method" title="Msf::Auxiliary::Report#mytask (method)">#mytask</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#myworkspace-instance_method" title="Msf::Auxiliary::Report#myworkspace (method)">#myworkspace</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#myworkspace_id-instance_method" title="Msf::Auxiliary::Report#myworkspace_id (method)">#myworkspace_id</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_auth_info-instance_method" title="Msf::Auxiliary::Report#report_auth_info (method)">#report_auth_info</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_client-instance_method" title="Msf::Auxiliary::Report#report_client (method)">#report_client</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_exploit-instance_method" title="Msf::Auxiliary::Report#report_exploit (method)">#report_exploit</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_host-instance_method" title="Msf::Auxiliary::Report#report_host (method)">#report_host</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_loot-instance_method" title="Msf::Auxiliary::Report#report_loot (method)">#report_loot</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_note-instance_method" title="Msf::Auxiliary::Report#report_note (method)">#report_note</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_service-instance_method" title="Msf::Auxiliary::Report#report_service (method)">#report_service</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_vuln-instance_method" title="Msf::Auxiliary::Report#report_vuln (method)">#report_vuln</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_form-instance_method" title="Msf::Auxiliary::Report#report_web_form (method)">#report_web_form</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_page-instance_method" title="Msf::Auxiliary::Report#report_web_page (method)">#report_web_page</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_site-instance_method" title="Msf::Auxiliary::Report#report_web_site (method)">#report_web_site</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_vuln-instance_method" title="Msf::Auxiliary::Report#report_web_vuln (method)">#report_web_vuln</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#store_cred-instance_method" title="Msf::Auxiliary::Report#store_cred (method)">#store_cred</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#store_local-instance_method" title="Msf::Auxiliary::Report#store_local (method)">#store_local</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#store_loot-instance_method" title="Msf::Auxiliary::Report#store_loot (method)">#store_loot</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html" title="Metasploit::Framework::Require (module)">Metasploit::Framework::Require</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally-class_method" title="Metasploit::Framework::Require.optionally (method)">optionally</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_active_record_railtie-class_method" title="Metasploit::Framework::Require.optionally_active_record_railtie (method)">optionally_active_record_railtie</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-class_method" title="Metasploit::Framework::Require.optionally_include_metasploit_credential_creation (method)">optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-instance_method" title="Metasploit::Framework::Require#optionally_include_metasploit_credential_creation (method)">#optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_require_metasploit_db_gem_engines-class_method" title="Metasploit::Framework::Require.optionally_require_metasploit_db_gem_engines (method)">optionally_require_metasploit_db_gem_engines</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="flowise_get_version-instance_method">
#<strong>flowise_get_version</strong> &#x21d2; <tt><span class='object_link'><a href="../../../../Rex/Version.html" title="Rex::Version (class)">Rex::Version</a></span></tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Retrieves the Flowise version from the target</p>
</div>
</div>
<div class="tags">
<div class="examples">
<h4 class="tag_title">Examples:</h4>
<pre class="example code"><code><span class='id identifier rubyid_version'>version</span> <span class='op'>=</span> <span class='id identifier rubyid_flowise_get_version'>flowise_get_version</span>
<span class='comment'># =&gt; #&lt;Rex::Version:0x00007f8b1c0a0b00 @version=&quot;2.2.7-patch.1&quot;&gt;</span></code></pre>
</div>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../../../../Rex/Version.html" title="Rex::Version (class)">Rex::Version</a></span></tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The Flowise version, or nil if the version cannot be retrieved</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/flowise.rb', line 30</span>
<span class='kw'>def</span> <span class='id identifier rubyid_flowise_get_version'>flowise_get_version</span>
<span class='id identifier rubyid_version_url'>version_url</span> <span class='op'>=</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>api</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>v1</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>version</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_version_url'>version_url</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GET</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>headers</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Accept</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/json</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span>
<span class='id identifier rubyid_version_str'>version_str</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_get_json_document'>get_json_document</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>version</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_version_str'>version_str</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_version_str'>version_str</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="flowise_login-instance_method">
#<strong>flowise_login</strong>(email, password) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Authenticates with Flowise using JWT (email/password)</p>
</div>
</div>
<div class="tags">
<div class="examples">
<h4 class="tag_title">Examples:</h4>
<pre class="example code"><code><span class='id identifier rubyid_flowise_login'>flowise_login</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>admin@example.com</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>password</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span></code></pre>
</div>
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>email</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The email address for authentication</p>
</div>
</li>
<li>
<span class='name'>password</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The password for authentication</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>true if authentication succeeds</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../../Failed.html" title="Msf::Exploit::Failed (class)">Msf::Exploit::Failed</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>if authentication fails or credentials are invalid</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/flowise.rb', line 71</span>
<span class='kw'>def</span> <span class='id identifier rubyid_flowise_login'>flowise_login</span><span class='lparen'>(</span><span class='id identifier rubyid_email'>email</span><span class='comma'>,</span> <span class='id identifier rubyid_password'>password</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_email'>email</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>||</span> <span class='id identifier rubyid_password'>password</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html#BadConfig-constant" title="Msf::Module::Failure::BadConfig (constant)">BadConfig</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Email and password are required for authentication</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_login_url'>login_url</span> <span class='op'>=</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>api</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>v1</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>auth</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>login</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_login_url'>login_url</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>POST</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ctype</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/json</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>headers</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>x-request-from</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>internal</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Accept</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/json, text/plain, */*</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>data</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>email</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_email'>email</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>password</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_password'>password</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_to_json'>to_json</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html#TimeoutExpired-constant" title="Msf::Module::Failure::TimeoutExpired (constant)">TimeoutExpired</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>No response from server during login attempt</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>case</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span>
<span class='kw'>when</span> <span class='int'>200</span><span class='comma'>,</span> <span class='int'>201</span>
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Authentication successful</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>when</span> <span class='int'>401</span>
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html#NoAccess-constant" title="Msf::Module::Failure::NoAccess (constant)">NoAccess</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Authentication failed - invalid credentials</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='int'>404</span>
<span class='comment'># Flowise returns 404 with &quot;User Not Found&quot; when the user doesn&#39;t exist
</span> <span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html#NoAccess-constant" title="Msf::Module::Failure::NoAccess (constant)">NoAccess</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Authentication failed - user not found</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Module/Failure.html#UnexpectedReply-constant" title="Msf::Module::Failure::UnexpectedReply (constant)">UnexpectedReply</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Login failed with HTTP </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="flowise_requires_auth?-instance_method">
#<strong>flowise_requires_auth?</strong>(version = nil) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Checks if the Flowise version requires authentication</p>
</div>
</div>
<div class="tags">
<div class="examples">
<h4 class="tag_title">Examples:</h4>
<pre class="example code"><code><span class='kw'>if</span> <span class='id identifier rubyid_flowise_requires_auth?'>flowise_requires_auth?</span>
<span class='id identifier rubyid_flowise_login'>flowise_login</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>admin@example.com</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>password</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></code></pre>
</div>
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>version</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../../Rex/Version.html" title="Rex::Version (class)">Rex::Version</a></span></tt>, <tt>nil</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The Flowise version to check. If nil, retrieves it automatically</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>true if authentication is required (version &gt;= 3.0.1), false otherwise</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
55
56
57
58
59
60</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/flowise.rb', line 55</span>
<span class='kw'>def</span> <span class='id identifier rubyid_flowise_requires_auth?'>flowise_requires_auth?</span><span class='lparen'>(</span><span class='id identifier rubyid_version'>version</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_version'>version</span> <span class='op'>||=</span> <span class='id identifier rubyid_flowise_get_version'>flowise_get_version</span>
<span class='kw'>return</span> <span class='kw'>false</span> <span class='kw'>unless</span> <span class='id identifier rubyid_version'>version</span>
<span class='id identifier rubyid_version'>version</span> <span class='op'>&gt;=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>3.0.1</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="flowise_send_custommcp_request-instance_method">
#<strong>flowise_send_custommcp_request</strong>(payload_data, opts = {}) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Sends a request to the customMCP endpoint</p>
</div>
</div>
<div class="tags">
<div class="examples">
<h4 class="tag_title">Examples:</h4>
<pre class="example code"><code><span class='id identifier rubyid_payload_data'>payload_data</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>loadMethod</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>listActions</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>inputs</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>mcpServerConfig</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>{...}</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_flowise_send_custommcp_request'>flowise_send_custommcp_request</span><span class='lparen'>(</span><span class='id identifier rubyid_payload_data'>payload_data</span><span class='comma'>,</span> <span class='label'>username:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>admin</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='label'>password:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>password</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span></code></pre>
</div>
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>payload_data</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>The payload data to send (must include 'loadMethod' and 'inputs')</p>
</div>
</li>
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>Optional parameters</p>
</div>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>opts</tt>):</p>
<ul class="option">
<li>
<span class="name">:username</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>Username for Basic Auth (if required)</p>
</div>
</li>
<li>
<span class="name">:password</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>Password for Basic Auth (if required)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>true if the request was sent successfully (HTTP 200 or no response for background payloads), false otherwise</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/flowise.rb', line 124</span>
<span class='kw'>def</span> <span class='id identifier rubyid_flowise_send_custommcp_request'>flowise_send_custommcp_request</span><span class='lparen'>(</span><span class='id identifier rubyid_payload_data'>payload_data</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_exploit_url'>exploit_url</span> <span class='op'>=</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>api</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>v1</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>node-load-method</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>customMCP</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_headers'>headers</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>x-request-from</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>internal</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Accept</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/json, text/plain, */*</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Authorization</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_basic_auth'>basic_auth</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_request_opts'>request_opts</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_exploit_url'>exploit_url</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>POST</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ctype</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/json</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>headers</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_headers'>headers</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>data</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_payload_data'>payload_data</span><span class='period'>.</span><span class='id identifier rubyid_to_json'>to_json</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='id identifier rubyid_request_opts'>request_opts</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_vprint_warning'>vprint_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>No response from server (command may still execute in background)</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span>
<span class='kw'>case</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span>
<span class='kw'>when</span> <span class='int'>200</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Command sent successfully (HTTP 200)</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>when</span> <span class='int'>401</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Authentication required - check credentials</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>when</span> <span class='int'>404</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Endpoint not found - target may not be vulnerable</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>when</span> <span class='int'>500</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Server error - command may have failed to execute</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_vprint_warning'>vprint_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unexpected HTTP response code: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:04 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink