sempervictus
diff --git a/‎lib/msf/core/rpc/v10/client.rb
Lines changed: 41 additions & 3 deletions b/‎lib/msf/core/rpc/v10/client.rb
Lines changed: 41 additions & 3 deletions
diff --git a/‎lib/msf/core/rpc/v10/constants.rb
Lines changed: 12 additions & 0 deletions b/‎lib/msf/core/rpc/v10/constants.rb
Lines changed: 12 additions & 0 deletions
diff --git a/‎lib/msf/core/rpc/v10/rpc_auth.rb
Lines changed: 65 additions & 1 deletion b/‎lib/msf/core/rpc/v10/rpc_auth.rb
Lines changed: 65 additions & 1 deletion
diff --git a/‎lib/msf/core/rpc/v10/rpc_base.rb
Lines changed: 9 additions & 0 deletions b/‎lib/msf/core/rpc/v10/rpc_base.rb
Lines changed: 9 additions & 0 deletions
diff --git a/‎lib/msf/core/rpc/v10/rpc_console.rb
Lines changed: 98 additions & 0 deletions b/‎lib/msf/core/rpc/v10/rpc_console.rb
Lines changed: 98 additions & 0 deletions
@@ -12,9 +12,21 @@ module RPC
 
 class Client
 
-  attr_accessor :token, :info
+  # @!attribute token
+  #   @return [String] A login token.
+  attr_accessor :token
 
+  # @!attribute info
+  #   @return [Hash] Login information.
+  attr_accessor :info
 
+
+  # Initializes the RPC client to connect to: https://127.0.0.1:3790 (TLS1)
+  # The connection information is overridden through the optional info hash.
+  #
+  # @param [Hash] info Information needed for the initialization.
+  # @option info [String] :token A token used by the client.
+  # @return [void]
   def initialize(info={})
     self.info = {
       :host => '127.0.0.1',
@@ -29,6 +41,13 @@ def initialize(info={})
   end
 
 
+  # Logs in by calling the 'auth.login' API. The authentication token will expire 5 minutes
+  # after the last request was made.
+  #
+  # @param [String] user Username.
+  # @param [String] pass Password.
+  # @raise RuntimeError Indicating a failed authentication.
+  # @return [TrueClass] Indicating a successful login.
   def login(user,pass)
     res = self.call("auth.login", user, pass)
     unless (res && res['result'] == "success")
@@ -38,8 +57,23 @@ def login(user,pass)
     true
   end
 
-  # Prepend the authentication token as the first parameter
-  # of every call except auth.login. Requires the
+
+  # Calls an API.
+  #
+  # @param [String] meth The RPC API to call.
+  # @param [Array<string>] args The arguments to pass.
+  # @raise [RuntimeError] Something is wrong while calling the remote API, including:
+  #                       * A missing token (your client needs to authenticate).
+  #                       * A unexpected response from the server, such as a timeout or unexpected HTTP code.
+  # @raise [Msf::RPC::ServerException] The RPC service returns an error.
+  # @return [Hash] The API response. It contains the following keys:
+  #  * 'version' [String] Framework version.
+  #  * 'ruby' [String] Ruby version.
+  #  * 'api' [String] API version.
+  # @example
+  #  # This will return something like this:
+  #  # {"version"=>"4.11.0-dev", "ruby"=>"2.1.5 x86_64-darwin14.0 2014-11-13", "api"=>"1.0"}
+  #  rpc.call('core.version')
   def call(meth, *args)
     unless meth == "auth.login"
       unless self.token
@@ -84,6 +118,10 @@ def call(meth, *args)
     end
   end
 
+
+  # Closes the client.
+  #
+  # @return [void]
   def close
     if @cli && @cli.conn?
       @cli.close
 
@@ -8,6 +8,11 @@ module RPC
 class Exception < RuntimeError
   attr_accessor :code, :message
 
+  # Initializes Exception.
+  #
+  # @param [Fixnum] code An error code.
+  # @param [String] message An error message.
+  # @return [void]
   def initialize(code, message)
     self.code    = code
     self.message = message
@@ -18,6 +23,13 @@ def initialize(code, message)
 class ServerException < RuntimeError
   attr_accessor :code, :error_message, :error_class, :error_backtrace
 
+  # Initializes ServerException.
+  #
+  # @param [Fixnum] code An error code.
+  # @param [String] error_message An error message.
+  # @param [Exception] error_class An error class.
+  # @param [Array] error_backtrace A backtrace of the error.
+  # @return [void]
   def initialize(code, error_message, error_class, error_backtrace)
     self.code          = code
     self.error_message = error_message
 
@@ -11,8 +11,21 @@ class RPC_Auth < RPC_Base
 rescue ::LoadError
 end
 
+  # Handles client authentication. The authentication token will expire 5 minutes after the
+  # last request was made.
+  #
+  # @param [String] user The username.
+  # @param [String] pass The password.
+  # @raise [Msf::RPC::Exception] Something is wrong while authenticating, you can possibly get:
+  #                              * 401 Failed authentication.
+  # @return [Hash] A hash indicating a successful login, it contains the following keys:
+  #  * 'result' [String] A successful message: 'success'.
+  #  * 'token' [String] A token for the authentication.
+  # @example Here's how you would use this from the client:
+  #  # This returns something like the following:
+  #  # {"result"=>"success", "token"=>"TEMPyp1N40NK8GM0Tx7A87E6Neak2tVJ"}
+  #  rpc.call('auth.login_noauth', 'username', 'password')
   def rpc_login_noauth(user,pass)
-
     if not (user.kind_of?(::String) and pass.kind_of?(::String))
       error(401, "Login Failed")
     end
@@ -42,6 +55,19 @@ def rpc_login_noauth(user,pass)
     { "result" => "success", "token" => token }
   end
 
+
+  # Handles client deauthentication.
+  #
+  # @param [String] token The user's token to log off.
+  # @raise [Msf::RPC::Exception] An error indicating a failed deauthentication, including:
+  #                              * 500 Invalid authentication token.
+  #                              * 500 Permanent authentication token.
+  # @return [Hash] A hash indiciating the action was successful. It contains the following key:
+  #  * 'result' [String] The successful message: 'success'
+  # @example Here's how you would use this from the client:
+  #  # This returns something like:
+  #  # {"result"=>"success"}
+  #  rpc.call('auth.logout', 'TEMPyp1N40NK8GM0Tx7A87E6Neak2tVJ')
   def rpc_logout(token)
     found = self.service.tokens[token]
     error("500", "Invalid Authentication Token") if not found
@@ -53,6 +79,16 @@ def rpc_logout(token)
     { "result" => "success" }
   end
 
+
+  # Returns a list of authentication tokens, including the ones that are
+  # temporary, permanent, or stored in the backend.
+  #
+  # @return [Hash] A hash that contains a list of authentication tokens. It contains the following key:
+  #  * 'tokens' [Array<string>] An array of tokens.
+  # @example Here's how you would use this from the client:
+  #  # This returns something like:
+  #  # {"tokens"=>["TEMPf5I4Ec8cBEKVD8D7xtIbTXWoKapP", "TEMPtcVmMld8w74zo0CYeosM3iXW0nJz"]}
+  #  rpc.call('auth.token_list')
   def rpc_token_list
     res = self.service.tokens.keys
     begin
@@ -66,6 +102,14 @@ def rpc_token_list
     { "tokens" => res }
   end
 
+
+  # Adds a new token to the database.
+  #
+  # @param [String] token A unique token.
+  # @return [Hash] A hash indicating the action was successful. It contains the following key:
+  #  * 'result' [String] The successful message: 'success'
+  # @example Here's how you would use this from the client:
+  #  rpc.call('auth.token_add', 'UNIQUE_TOKEN')
   def rpc_token_add(token)
     db = false
     begin
@@ -85,6 +129,16 @@ def rpc_token_add(token)
     { "result" => "success" }
   end
 
+
+  # Generates a random 32-byte authentication token. The token is added to the
+  # database as a side-effect.
+  #
+  # @return [Hash] A hash indicating the action was successful, also the new token.
+  #  It contains the following keys:
+  #  * 'result' [String] The successful message: 'success'
+  #  * 'token' [String] A new token.
+  # @example Here's how you would use this from the client:
+  #  rpc.call('auth.token_generate')
   def rpc_token_generate
     token = Rex::Text.rand_text_alphanumeric(32)
     db = false
@@ -106,6 +160,16 @@ def rpc_token_generate
     { "result" => "success", "token" => token }
   end
 
+
+  # Removes a token from the database. Similar to what #rpc_logout does internally, except this
+  # can remove tokens stored in the database backend (Mdm).
+  #
+  # @see #rpc_logout
+  # @param [String] token The token to delete.
+  # @return [Hash] A hash indicating the action was successful. It contains the following key:
+  #  * 'result' [String] The successful message: 'success'
+  # @example Here's how you would use this from the client:
+  #  rpc.call('auth.token_remove', 'TEMPtcVmMld8w74zo0CYeosM3iXW0nJz')
   def rpc_token_remove(token)
     db = false
     begin
 
@@ -5,13 +5,22 @@ module RPC
 class RPC_Base
   attr_accessor :framework, :service, :tokens, :users
 
+  # Initializes framework, service, tokens, and users
+  #
+  # return [void]
   def initialize(service)
     self.service   = service
     self.framework = service.framework
     self.tokens    = service.tokens
     self.users     = service.users
   end
 
+  # Raises an Msf::RPC Exception.
+  #
+  # @param [Fixnum] code The error code to raise.
+  # @param [String] message The error message.
+  # @raise [Msf::RPC::Exception]
+  # @return [void]
   def error(code, message)
     raise Msf::RPC::Exception.new(code, message)
   end
 
@@ -7,11 +7,24 @@ module Msf
 module RPC
 class RPC_Console < RPC_Base
 
+  # Initializes the RPC console
+  #
+  # @return [Msf::Ui::Web::Driver]
   def initialize(*args)
     super
     @console_driver = Msf::Ui::Web::Driver.new(:framework => framework)
   end
 
+  # Creates a new framework console instance.
+  #
+  # @param [Hash] opts See Msf::Ui::Web::Driver#create_console
+  # @return [Hash] Information about the new console. It contains the following keys:
+  #  * 'id' [Fixnum] The console's ID.
+  #  * 'prompt' [String] The framework prompt (example: 'msf > ')
+  #  * 'busy' [TrueClass] The console's busy state, or
+  #  * 'busy' [FalseClass] The console's busy state.
+  # @example Here's how you would use this from the client:
+  #  rpc.call('console.create')
   def rpc_create(opts={})
     cid = @console_driver.create_console(opts)
     {
@@ -21,6 +34,17 @@ def rpc_create(opts={})
     }
   end
 
+
+  # Returns a list of framework consoles.
+  #
+  # @return [Hash] Console information.
+  #  * 'consoles' [Array<Hash>] consoles, each element is a hash that includes:
+  #    * 'id' [Fixnum] The console's ID
+  #    * 'prompt' [String] The framework prompt (example: 'msf > ')
+  #    * 'busy' [TrueClass] The console's busy state, or
+  #    * 'busy' [FalseClass] The console's busy state.
+  # @example Here's how you would use this from the client:
+  #  rpc.call('console.list')
   def rpc_list
     ret = []
     @console_driver.consoles.each_key do |cid|
@@ -33,13 +57,37 @@ def rpc_list
     {'consoles' => ret}
   end
 
+
+  # Deletes a framework console instance.
+  #
+  # @param [Fixnum] cid Framework console ID.
+  # @return [Hash] A result indicating whether the action was successful or not.
+  #                It contains the following key:
+  #                * 'result' [String] Either 'success' or 'failure'.
+  # @example Here's how you would use this from the client:
+  #  rpc.call('console.destroy', 1)
   def rpc_destroy(cid)
     cid = cid.to_s
     return { 'result' => 'failure' } if not @console_driver.consoles[cid]
     res = @console_driver.destroy_console(cid)
     { 'result' => res ? 'success' : 'failure' }
   end
 
+
+  # Returns the framework console output in raw form.
+  #
+  # @param [Fixnum] cid Framework console ID.
+  # @return [Hash] There are two different hashes you might get:
+  #
+  #  If the console ID is invalid, you will get a hash like the following:
+  #  * 'result' [String] A value that says 'failure'.
+  #  If the console ID is valid, you will get a hash like the following:
+  #  * 'data' [String] The output the framework console produces (example: the banner)
+  #  * 'prompt' [String] The framework prompt (example: 'msf > ')
+  #  * 'busy' [TrueClass] The console's busy state, or
+  #  * 'busy' [FalseClass] The console's busy state.
+  # @example Here's how you would use this from the client:
+  #  rpc.call('console.read', 1)
   def rpc_read(cid)
     cid = cid.to_s
     return { 'result' => 'failure' } if not @console_driver.consoles[cid]
@@ -50,25 +98,75 @@ def rpc_read(cid)
     }
   end
 
+
+  # Sends an input (such as a command) to the framework console.
+  #
+  # @param [Fixnum] cid Framework console ID.
+  # @param [String] data User input.
+  # @return [Hash] There are two different hashes you might get:
+  #
+  #  If the console ID is invalid, you will get a hash like the following:
+  #  * 'result' [String] A value that says 'failure'.
+  #  If the console ID is invalid, you will get a hash like the following:
+  #  * 'wrote' [Fixnum] Number of bytes sent.
+  # @note Remember to add a newline (\\r\\n) at the end of input, otherwise
+  #       the console will not do anything. And you will need to use the
+  #       #rpc_read method to retrieve the output again.
+  # @example Here's how you would use this from the client:
+  #  # This will show the current module's options.
+  #  rpc.call('console.write', 4, "show options\r\n")
   def rpc_write(cid, data)
     cid = cid.to_s
     return { 'result' => 'failure' } if not @console_driver.consoles[cid]
     { "wrote" => @console_driver.write_console(cid, data || '') }
   end
 
+
+  # Returns the tab-completed version of your input (such as a module path).
+  #
+  # @param [Fixnum] cid Framework console ID.
+  # @param [String] line Command.
+  # @return [Hash] There are two different hashes you might get:
+  #
+  #  If the console ID is invalid, you will get a hash like the following:
+  #  * 'result' [String] A value that says 'failure'.
+  #  If the console ID is valid, you will get a hash like the following:
+  #  * 'tabs' [String] The tab-completed version of the command.
+  # @example Here's how you would use this from the client:
+  #  # This will return:
+  #  # {"tabs"=>["use exploit/windows/smb/ms08_067_netapi"]}
+  #  rpc.call('console.tabs', 4, "use exploit/windows/smb/ms08_067_")
   def rpc_tabs(cid, line)
     cid = cid.to_s
     return { 'result' => 'failure' } if not @console_driver.consoles[cid]
     { "tabs" => @console_driver.consoles[cid].tab_complete(line) }
   end
 
+
+  # Kills a framework session. This serves the same purpose as [CTRL]+[C] to abort an interactive session.
+  # You might also want to considering using the session API calls instead of this.
+  #
+  # @param [Fixnum] cid Framework console ID.
+  # @return [Hash] A hash indicating whether the action was successful or not. It contains:
+  #  * 'result' [String] A message that says 'success' if the console ID is valid (and successfully killed, otherwise 'failed')
+  # @example Here's how you would use this from the client:
+  #  rpc.call('console.session_kill', 4)
   def rpc_session_kill(cid)
     cid = cid.to_s
     return { 'result' => 'failure' } if not @console_driver.consoles[cid]
     @console_driver.consoles[cid].session_kill
     { 'result' => 'success' }
   end
 
+
+  # Detaches a framework session. This serves the same purpose as [CTRL]+[Z] to
+  # background an interactive session.
+  #
+  # @param [Fixnum] cid Framework console ID.
+  # @return [Hash] A hash indicating whether the action was successful or not. It contains:
+  #  * 'result' [String] A message that says 'success' if the console ID is valid (and successfully detached, otherwise 'failed')
+  # @example Here's how you would use this from the client:
+  #  rpc.call('console.session_detach', 4)
   def rpc_session_detach(cid)
     cid = cid.to_s
     return { 'result' => 'failure' } if not @console_driver.consoles[cid]