Land rapid7#8511, console search options

lands sempervictus' console search command
enahncements and bug fixes

Author: David Maloney

lib/msf/ui/console/command_dispatcher/core.rb

@@ -51,6 +51,7 @@ class Core
     "-r"  => [ false, "Reset the ring buffer for the session given with -i, or all"    ],
     "-u"  => [ true,  "Upgrade a shell to a meterpreter session on many platforms"     ],
     "-t"  => [ true,  "Set a response timeout (default: 15)"                           ],
+    "-S"  => [ true, "Row search filter."                                              ],
     "-x" =>  [ false, "Show extended information in the session table"                 ])
 
   @@threads_opts = Rex::Parser::Arguments.new(
@@ -85,6 +86,10 @@ class Core
     "-k" => [ true,  "Keep (include) arg lines at start of output."   ],
     "-c" => [ false, "Only print a count of matching lines."          ])
 
+  @@search_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help banner."                                   ],
+    "-S" => [ true, "Row search filter."                              ])
+
   @@history_opts = Rex::Parser::Arguments.new(
     "-h" => [ false, "Help banner."                                   ],
     "-a" => [ false, "Show all commands in history."                  ],
@@ -95,7 +100,6 @@ class Core
     "-h" => [ false, "Help banner."                                   ],
     "-e" => [ true,  "Expression to evaluate."                        ])
 
-
   # Returns the list of commands supported by this command dispatcher
   def commands
     {
@@ -171,9 +175,6 @@ def cmd_color(*args)
     driver.update_prompt
   end
 
-
-
-
   def cmd_cd_help
     print_line "Usage: cd <directory>"
     print_line
@@ -869,10 +870,12 @@ def cmd_route(*args)
 
     when "add", "remove", "del"
       subnet = args.shift
-      netmask = nil
-      if subnet
-        subnet, cidr_mask = subnet.split("/")
-        netmask = Rex::Socket.addr_ctoa(cidr_mask.to_i) if cidr_mask
+      subnet,cidr_mask = subnet.split("/")
+      if Rex::Socket.is_ipv4?(args.first)
+        netmask = args.shift
+      else
+        cidr_mask = '32' if cidr_mask.nil?
+        netmask = Rex::Socket.addr_ctoa(cidr_mask.to_i)
       end
 
       netmask = args.shift if netmask.nil?
@@ -1074,7 +1077,6 @@ def cmd_save(*args)
     print_line("Saved configuration to: #{Msf::Config.config_file}")
   end
 
-
   def cmd_spool_help
     print_line "Usage: spool <off>|<filename>"
     print_line
@@ -1139,6 +1141,7 @@ def cmd_sessions(*args)
     script   = nil
     reset_ring = false
     response_timeout = 15
+    search_term = nil
 
     # any arguments that don't correspond to an option or option arg will
     # be put in here
@@ -1151,53 +1154,58 @@ def cmd_sessions(*args)
       # Parse the command options
       @@sessions_opts.parse(args) do |opt, idx, val|
         case opt
-        when '-q'
+        when "-q"
           quiet = true
         # Run a command on all sessions, or the session given with -i
-        when '-c'
+        when "-c"
           method = 'cmd'
           cmds << val if val
-        when '-C'
+        when "-C"
             method = 'meterp-cmd'
             cmds << val if val
-        when '-x'
+        when "-x"
           show_extended = true
-        when '-v'
+        when "-v"
           verbose = true
         # Do something with the supplied session identifier instead of
         # all sessions.
-        when '-i'
+        when "-i"
           sid = val
         # Display the list of active sessions
-        when '-l'
+        when "-l"
           method = 'list'
-        when '-k'
+        when "-k"
           method = 'kill'
           sid = val || false
-        when '-K'
+        when "-K"
           method = 'killall'
         # Run a script on all meterpreter sessions
-        when '-s'
+        when "-s"
           unless script
             method = 'scriptall'
             script = val
           end
         # Upload and exec to the specific command session
-        when '-u'
+        when "-u"
           method = 'upexec'
           sid = val || false
+        # Search for specific session
+        when "-S", "--search"
+          search_term = val
         # Reset the ring buffer read pointer
-        when '-r'
+        when "-r"
           reset_ring = true
           method = 'reset_ring'
         # Display help banner
-        when '-h'
+        when "-h"
           cmd_sessions_help
           return false
-        when '-t'
+        when "-t"
           if val.to_s =~ /^\d+$/
             response_timeout = val.to_i
           end
+        when "-S", "--search"
+          search_term = val
         else
           extra << val
         end
@@ -1463,7 +1471,7 @@ def cmd_sessions(*args)
       end
     when 'list',nil
       print_line
-      print(Serializer::ReadableText.dump_sessions(framework, :show_extended => show_extended, :verbose => verbose))
+      print(Serializer::ReadableText.dump_sessions(framework, :show_extended => show_extended, :verbose => verbose, :search_term => search_term))
       print_line
     end
 
@@ -1952,7 +1960,6 @@ def cmd_unsetg_tabs(str, words)
 
   alias cmd_unsetg_help cmd_unset_help
 
-
   #
   # Returns the revision of the framework and console library
   #
@@ -2411,7 +2418,6 @@ def binary_install
     return binary_paths.include? Msf::Config.install_root
   end
 
-
   #
   # Returns an array of lines at the provided line number plus any before and/or after lines requested
   # from all_lines by supplying the +before+ and/or +after+ parameters which are always positive

lib/msf/ui/console/command_dispatcher/creds.rb

@@ -15,7 +15,7 @@ class Creds
   include Msf::Ui::Console::CommandDispatcher
   include Metasploit::Credential::Creation
   include Msf::Ui::Console::CommandDispatcher::Common
-  
+
   #
   # The dispatcher's name.
   #
@@ -31,11 +31,11 @@ def commands
       "creds" => "List all credentials in the database"
     }
   end
-  
+
   def allowed_cred_types
     %w(password ntlm hash)
   end
-  
+
   #
   # Returns true if the db is connected, prints an error and returns
   # false if not.
@@ -51,22 +51,55 @@ def active?
     end
     true
   end
-  
+
+  #
+  # Miscellaneous option helpers
+  #
+
+  # Parse +arg+ into a {Rex::Socket::RangeWalker} and append the result into +host_ranges+
+  #
+  # @note This modifies +host_ranges+ in place
+  #
+  # @param arg [String] The thing to turn into a RangeWalker
+  # @param host_ranges [Array] The array of ranges to append
+  # @param required [Boolean] Whether an empty +arg+ should be an error
+  # @return [Boolean] true if parsing was successful or false otherwise
+  def arg_host_range(arg, host_ranges, required=false)
+    if (!arg and required)
+      print_error("Missing required host argument")
+      return false
+    end
+    begin
+      rw = Rex::Socket::RangeWalker.new(arg)
+    rescue
+      print_error("Invalid host parameter, #{arg}.")
+      return false
+    end
+
+    if rw.valid?
+      host_ranges << rw
+    else
+      print_error("Invalid host parameter, #{arg}.")
+      return false
+    end
+    return true
+  end
+
   #
   # Can return return active or all, on a certain host or range, on a
   # certain port or range, and/or on a service name.
   #
   def cmd_creds(*args)
     return unless active?
-    
+
     # Short-circuit help
     if args.delete "-h"
       cmd_creds_help
       return
     end
-    
+
     subcommand = args.shift
-    
+
     case subcommand
     when 'help'
       cmd_creds_help
@@ -79,7 +112,7 @@ def cmd_creds(*args)
     end
 
   end
-  
+
   #
   # TODO: this needs to be cleaned up to use the new syntax
   #
@@ -126,7 +159,7 @@ def cmd_creds_help
     print_line "   creds add user:other hash:d19c32489b870735b5f587d76b934283"
     print_line "   # Add a NonReplayableHash"
     print_line "   creds add hash:d19c32489b870735b5f587d76b934283"
-    
+
     print_line
     print_line "General options"
     print_line "  -h,--help             Show this help information"
@@ -156,7 +189,7 @@ def cmd_creds_help
     print_line "  creds -d -s smb"
     print_line
   end
-  
+
   # @param private_type [Symbol] See `Metasploit::Credential::Creation#create_credential`
   # @param username [String]
   # @param password [String]
@@ -168,35 +201,35 @@ def creds_add(*args)
       hsh[opt[0]] = opt[1..-1].join(':') # everything before the first : is the key, reasembling everything after the colon. why ntlm hashes
       hsh
     end
-    
+
     begin
       params.assert_valid_keys('user','password','realm','realm-type','ntlm','ssh-key','hash','address','port','protocol', 'service-name')
     rescue ArgumentError => e
       print_error(e.message)
     end
-    
+
     # Verify we only have one type of private
     if params.slice('password','ntlm','ssh-key','hash').length > 1
       private_keys = params.slice('password','ntlm','ssh-key','hash').keys
       print_error("You can only specify a single Private type. Private types given: #{private_keys.join(', ')}")
       return
     end
-    
+
     login_keys = params.slice('address','port','protocol','service-name')
     if login_keys.any? and login_keys.length < 3
       missing_login_keys = ['host','port','proto','service-name'] - login_keys.keys
       print_error("Creating a login requires a address, a port, and a protocol. Missing params: #{missing_login_keys}")
       return
     end
-   
+
     data = {
       workspace_id: framework.db.workspace,
       origin_type: :import,
       filename: 'msfconsole'
     }
-    
+
     data[:username] = params['user'] if params.key? 'user'
-    
+
     if params.key? 'realm'
       if params.key? 'realm-type'
         if Metasploit::Model::Realm::Key::SHORT_NAMES.key? params['realm-type']
@@ -235,7 +268,7 @@ def creds_add(*args)
       data[:private_type] = :nonreplayable_hash
       data[:private_data] = params['hash']
     end
-        
+
     begin
       if login_keys.any?
         data[:address] = params['address']
@@ -250,7 +283,7 @@ def creds_add(*args)
       print_error("Failed to add #{data['private_type']}: #{e}")
     end
   end
-  
+
   def creds_search(*args)
     host_ranges   = []
     origin_ranges = []
@@ -264,6 +297,7 @@ def creds_search(*args)
     cred_table_columns = [ 'host', 'origin' , 'service', 'public', 'private', 'realm', 'private_type' ]
     user = nil
     delete_count = 0
+    search_term = nil
 
     while (arg = args.shift)
       case arg
@@ -314,6 +348,8 @@ def creds_search(*args)
           return
         end
         arg_host_range(hosts, origin_ranges)
+      when '-S', '--search-term'
+        search_term = args.shift
       else
         # Anything that wasn't an option is a host to search for
         unless (arg_host_range(arg, host_ranges))
@@ -343,7 +379,8 @@ def creds_search(*args)
     svcs.flatten!
     tbl_opts = {
       'Header'  => "Credentials",
-      'Columns' => cred_table_columns
+      'Columns' => cred_table_columns,
+      'SearchTerm' => search_term
     }
 
     tbl = Rex::Text::Table.new(tbl_opts)
@@ -481,8 +518,8 @@ def cmd_creds_tabs(str, words)
     end
     return tabs
   end
-  
-  
+
+
 end
 
 end end end end