Add vuln reporting to external module API

Author: acammack-r7

lib/msf/core/module/external.rb

@@ -69,6 +69,20 @@ def process_report(m)
       service[:name] = data['name'] if data['name']
 
       report_service(service)
+    when 'vuln'
+      # Required
+      vuln = {host: data['host'], name: data['name']}
+
+      # Optional
+      vuln[:info] = data['info'] if data['info']
+      vuln[:refs] = data['refs'] if data['refs']
+      vuln[:port] = data['port'] if data['port']
+      vuln[:proto] = data['port'] if data['port']
+
+      # Metasploit magic
+      vuln[:refs] = self.references
+
+      report_vuln(vuln)
     else
       print_warning "Skipping unrecognized report type #{m.params['type']}"
     end

lib/msf/core/modules/external/python/metasploit/module.py

@@ -1,26 +1,37 @@
 import sys, os, json
 
+
 def log(message, level='info'):
     rpc_send({'jsonrpc': '2.0', 'method': 'message', 'params': {
         'level': level,
         'message': message
     }})
 
-def report_host(ip, opts={}):
+
+def report_host(ip, **opts):
     host = opts.copy()
     host.update({'host': ip})
     rpc_send({'jsonrpc': '2.0', 'method': 'report', 'params': {
         'type': 'host', 'data': host
     }})
 
-def report_service(ip, opts={}):
+
+def report_service(ip, **opts):
     service = opts.copy()
     service.update({'host': ip})
     rpc_send({'jsonrpc': '2.0', 'method': 'report', 'params': {
         'type': 'service', 'data': service
     }})
 
 
+def report_vuln(ip, name, **opts):
+    vuln = opts.copy()
+    vuln.update({'host': ip, 'name': name})
+    rpc_send({'jsonrpc': '2.0', 'method': 'report', 'params': {
+        'type': 'vuln', 'data': vuln
+    }})
+
+
 def run(metadata, module_callback):
     req = json.loads(os.read(0, 10000))
     if req['method'] == 'describe':
@@ -32,6 +43,7 @@ def run(metadata, module_callback):
             'message': 'Module completed'
         }})
 
+
 def rpc_send(req):
     print(json.dumps(req))
     sys.stdout.flush()