Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/lib/msf/core/module/reference.rb
Views: 11784
# -*- coding: binary -*-12###3#4# A reference to some sort of information. This is typically a URL, but could5# be any type of referential value that people could use to research a topic.6#7###8class Msf::Module::Reference910#11# Serialize a reference from a string.12#13def self.from_s(str)14return self.new(str)15end1617#18# Initializes a reference from a string.19#20def initialize(in_str)21self.str = in_str22end2324#25# Compares references to see if they're equal.26#27def ==(tgt)28return (tgt.to_s == to_s)29end3031#32# Returns the reference as a string.33#34def to_s35return self.str36end3738#39# Serializes the reference instance from a string.40#41def from_s(in_str)42self.str = in_str43end4445#46# The reference string.47#48attr_reader :str4950protected5152attr_writer :str # :nodoc:5354end5556###57#58# A reference to a website.59#60###61class Msf::Module::SiteReference < Msf::Module::Reference6263#64# Class method that translates a URL into a site reference instance.65#66def self.from_s(str)67instance = self.new6869if (instance.from_s(str) == false)70return nil71end7273return instance74end7576#77# Initializes a site reference from an array. ary[0] is the site and78# ary[1] is the site context identifier, such as CVE.79#80def self.from_a(ary)81return nil if (ary.length < 2)8283self.new(ary[0], ary[1])84end8586#87# Initialize the site reference.88# If you're updating the references, please also update:89# * tools/module_reference.rb90# * https://docs.metasploit.com/docs/development/developing-modules/module-metadata/module-reference-identifiers.html91#92def initialize(in_ctx_id = 'Unknown', in_ctx_val = '')93self.ctx_id = in_ctx_id94self.ctx_val = in_ctx_val9596if in_ctx_id == 'CVE'97self.site = "https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}"98elsif in_ctx_id == 'CWE'99self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"100elsif in_ctx_id == 'BID'101self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"102elsif in_ctx_id == 'MSB'103year = in_ctx_val[2..3]104century = year[0] == '9' ? '19' : '20'105self.site = "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/#{century}#{year}/#{in_ctx_val}"106elsif in_ctx_id == 'EDB'107self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"108elsif in_ctx_id == 'US-CERT-VU'109self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"110elsif in_ctx_id == 'ZDI'111self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"112elsif in_ctx_id == 'WPVDB'113self.site = "https://wpscan.com/vulnerability/#{in_ctx_val}"114elsif in_ctx_id == 'PACKETSTORM'115self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"116elsif in_ctx_id == 'URL'117self.site = in_ctx_val.to_s118elsif in_ctx_id == 'LOGO'119self.site = "Logo: #{in_ctx_val}"120elsif in_ctx_id == 'SOUNDTRACK'121self.site = "Soundtrack: #{in_ctx_val}"122else123self.site = in_ctx_id124self.site += " (#{in_ctx_val})" if (in_ctx_val)125end126end127128#129# Returns the absolute site URL.130#131def to_s132return site || ''133end134135#136# Serializes a site URL string.137#138def from_s(str)139if (/(http:\/\/|https:\/\/|ftp:\/\/)/.match(str))140self.site = str141self.ctx_id = 'URL'142self.ctx_val = self.site143else144return false145end146147return true148end149150#151# The site being referenced.152#153attr_reader :site154#155# The context identifier of the site, such as CVE.156#157attr_reader :ctx_id158#159# The context value of the reference, such as MS02-039160#161attr_reader :ctx_val162163protected164165attr_writer :site, :ctx_id, :ctx_val166167end168169170