Land rapid7#8606

David Maloney · David Maloney · commit 1cbc4af6b662 · 2017-06-30T14:58:46.000-05:00
land's bcook's module search rpc work
diff --git a/lib/msf/core/db_manager/module_cache.rb b/lib/msf/core/db_manager/module_cache.rb
@@ -198,7 +198,7 @@ def search_modules(search_string)
 
     ActiveRecord::Base.connection_pool.with_connection do
       @query = Mdm::Module::Detail.all
-      
+
       @archs    = Set.new
       @authors  = Set.new
       @names    = Set.new
@@ -207,10 +207,10 @@ def search_modules(search_string)
       @stances  = Set.new
       @text     = Set.new
       @types    = Set.new
-            
+
       value_set_by_keyword.each do |keyword, value_set|
         formatted_values = match_values(value_set)
-        
+
         case keyword
           when 'app'
             formatted_values = value_set.collect { |value|
@@ -244,7 +244,7 @@ def search_modules(search_string)
         end
       end
     end
-        
+
     @query = @query.module_arch(            @archs.to_a.flatten   ) if @archs.any?
     @query = @query.module_author(          @authors.to_a.flatten ) if @authors.any?
     @query = @query.module_name(            @names.to_a.flatten   ) if @names.any?
@@ -253,7 +253,7 @@ def search_modules(search_string)
     @query = @query.module_type(            @types.to_a.flatten   ) if @types.any?
     @query = @query.module_stance(          @stances.to_a.flatten ) if @stances.any?
     @query = @query.module_ref(             @refs.to_a.flatten    ) if @refs.any?
-    
+
     @query.uniq
   end
 
@@ -371,4 +371,4 @@ def update_module_details(module_instance)
       module_detail.save!
     end
   end
-end
+end
diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb
@@ -229,6 +229,44 @@ def threads?
     }
   end
 
+  def search(match, verbose: false)
+    # Check if the database is usable
+    use_db = true
+    if self.db
+      if !(self.db.migrated && self.db.modules_cached)
+        if verbose
+          print_warning("Module database cache not built yet, using slow search")
+        end
+        use_db = false
+      end
+    else
+      if verbose
+        print_warning("Database not connected, using slow search")
+      end
+      use_db = false
+    end
+
+    # Used the database for search
+    if use_db
+      return self.db.search_modules(match)
+    end
+
+    # Do an in-place search
+    matches = []
+    [ self.exploits, self.auxiliary, self.post, self.payloads, self.nops, self.encoders ].each do |mset|
+      mset.each do |m|
+        begin
+          o = mset.create(m[0])
+          if o && !o.search_filter(match)
+            matches << o
+          end
+        rescue
+        end
+      end
+    end
+    matches
+  end
+
 protected
 
   # @!attribute options
diff --git a/lib/msf/core/rpc/v10/rpc_module.rb b/lib/msf/core/rpc/v10/rpc_module.rb
@@ -99,12 +99,7 @@ def rpc_info_html(mtype, mname)
   #  rpc.call('module.info', 'exploit', 'windows/smb/ms08_067_netapi')
   def rpc_info(mtype, mname)
     m = _find_module(mtype,mname)
-    res = {}
-
-    res['type'] = m.type
-    res['name'] = m.name
-    res['fullname'] = m.fullname
-    res['rank'] = m.rank.to_i
+    res = module_short_info(m)
     res['description'] = Rex::Text.compress(m.description)
     res['license'] = m.license
     res['filepath'] = m.file_path
@@ -165,6 +160,23 @@ def rpc_info(mtype, mname)
     res
   end
 
+  def module_short_info(m)
+    res = {}
+    res['type'] = m.type
+    res['name'] = m.name
+    res['fullname'] = m.fullname
+    res['rank'] = RankingName[m.rank].to_s
+    res['disclosuredate'] = m.disclosure_date.nil? ? "" : m.disclosure_date.strftime("%Y-%m-%d")
+    res
+  end
+
+  def rpc_search(match)
+    matches = []
+    self.framework.search(match).each do |m|
+      matches << module_short_info(m)
+    end
+    matches
+  end
 
   # Returns the compatible payloads for a specific exploit.
   #
diff --git a/lib/msf/ui/console/command_dispatcher/modules.rb b/lib/msf/ui/console/command_dispatcher/modules.rb
@@ -18,9 +18,6 @@ class Modules
           # Constant for a retry timeout on using modules before they're loaded
           CMD_USE_TIMEOUT = 3
 
-          # Constant for disclosure date formatting in search functions
-          DISCLOSURE_DATE_FORMAT = "%Y-%m-%d"
-
           @@search_opts = Rex::Parser::Arguments.new(
             "-h" => [ false, "Help banner."],
             "-S" => [ true, "Row search filter."],
@@ -401,49 +398,15 @@ def cmd_search(*args)
               end
             }
 
-            if framework.db
-              if framework.db.migrated && framework.db.modules_cached
-                search_modules_sql(match, search_term)
-                return
-              else
-                print_warning("Module database cache not built yet, using slow search")
-              end
-            else
-              print_warning("Database not connected, using slow search")
-            end
-
-            tbl = generate_module_table("Matching Modules", search_term)
-            [
-              framework.exploits,
-              framework.auxiliary,
-              framework.post,
-              framework.payloads,
-              framework.nops,
-              framework.encoders
-            ].each do |mset|
-              mset.each do |m|
-                o = mset.create(m[0]) rescue nil
-
-                # Expected if modules are loaded without the right pre-requirements
-                next if not o
-
-                if not o.search_filter(match)
-                  tbl << [ o.fullname, o.disclosure_date.nil? ? "" : o.disclosure_date.strftime(DISCLOSURE_DATE_FORMAT), o.rank_to_s, o.name ]
-                end
-              end
-            end
-            print_line(tbl.to_s)
-
-          end
-
-          # Prints table of modules matching the search_string.
-          #
-          # @param (see Msf::DBManager#search_modules)
-          # @return [void]
-          def search_modules_sql(search_string, search_term = nil)
+            # Display the table of matches
             tbl = generate_module_table("Matching Modules", search_term)
-            framework.db.search_modules(search_string).each do |o|
-              tbl << [ o.fullname, o.disclosure_date.nil? ? "" : o.disclosure_date.strftime(DISCLOSURE_DATE_FORMAT), RankingName[o.rank].to_s, o.name ]
+            framework.search(match, verbose: true).each do |m|
+              tbl << [
+                m.fullname,
+                m.disclosure_date.nil? ? "" : m.disclosure_date.strftime("%Y-%m-%d"),
+                RankingName[m.rank].to_s,
+                m.name
+              ]
             end
             print_line(tbl.to_s)
           end
@@ -1154,7 +1117,12 @@ def show_module_set(type, module_set, regex = nil, minrank = nil, opts = nil) #
                     end
                   end
                   if (opts == nil or show == true)
-                    tbl << [ refname, o.disclosure_date.nil? ? "" : o.disclosure_date.strftime(DISCLOSURE_DATE_FORMAT), o.rank_to_s, o.name ]
+                    tbl << [
+                      refname,
+                      o.disclosure_date.nil? ? "" : o.disclosure_date.strftime("%Y-%m-%d"),
+                      o.rank_to_s,
+                      o.name
+                    ]
                   end
                 end
               end
diff --git a/spec/lib/msf/ui/console/command_dispatcher/modules_spec.rb b/spec/lib/msf/ui/console/command_dispatcher/modules_spec.rb
