CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
module Msf::Ui::Console::CommandDispatcher::Db::Analyze
2

3
  def cmd_analyze_help
4
    print_line "Usage: analyze [OPTIONS] [addr1 addr2 ...]"
5
    print_line
6
  end
7

8
  def cmd_analyze(*args)
9
    unless active?
10
      print_error "Not currently connected to a data service for analysis."
11
      return []
12
    end
13

14
    host_ranges = []
15
    print_empty = false
16

17
    found_vulns = false
18
    reported_module = false
19

20
    while (arg = args.shift)
21
      case arg
22
        when '-h','help'
23
          cmd_analyze_help
24
          return
25
        when '-a', '-v'
26
          print_empty = true
27
        when '-p'
28
          wanted_payloads = args.shift.split(',')
29
        else
30
          (arg_host_range(arg, host_ranges))
31
      end
32
    end
33

34
    host_ranges.push(nil) if host_ranges.empty?
35

36
    host_ids = []
37
    suggested_modules = {}
38
    each_host_range_chunk(host_ranges) do |host_search|
39
      next if host_search && host_search.empty?
40
      eval_hosts_ids = framework.db.hosts(address: host_search).map(&:id)
41
      if eval_hosts_ids
42
        eval_hosts_ids.each do |eval_id|
43
          host_ids.push(eval_id)
44
        end
45
      end
46
    end
47

48
    if host_ids.empty?
49
      print_status("No existing hosts stored to analyze.")
50
    else
51

52
      host_ids.each do |id|
53
        eval_host = framework.db.hosts(id: id).first
54
        next unless eval_host
55
        unless eval_host.vulns
56
          print_status("No suggestions for #{eval_host.address}.") if  print_empty
57
          next
58
        end
59
        found_vulns = true
60

61
        host_result = framework.analyze.host(eval_host, payloads: wanted_payloads)
62
        found_modules = host_result[:results]
63
        if found_modules.any?
64
          reported_module = true
65
          print_status("Analysis for #{eval_host.address} ->")
66
          found_modules.each do |res|
67
            print_status("  " + res.mod.fullname + " - " + res.description)
68
          end
69

70
          suggested_modules[eval_host.address] = found_modules
71
        elsif print_empty
72
          print_status("No suggestions for #{eval_host.address}.")
73
        end
74
      end
75

76
      if !print_empty
77
        if !found_vulns
78
          if host_ranges.any?
79
            print_status("No vulnerabilities found for given hosts.")
80
          else
81
            print_status("No vulnerabilities found for hosts in this workspace.")
82
          end
83
        elsif !reported_module
84
          print_status("No matching modules found.")
85
        end
86
      end
87
    end
88

89
    suggested_modules
90
  end
91

92
  def cmd_analyze_tabs(_str, words)
93
    return [] unless framework.db.active
94

95
    hosts = framework.db.hosts.map(&:address)
96

97
    # Limit completion to supplied host if it's the only one
98
    return [] if words.length > 1 && hosts.length == 1
99

100
    hosts
101
  end
102

103
end
104

105