github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity

Land #8533, record vulnerability attempts

Browse Source
This commit is contained in:
Brent Cook 2017-06-09 17:52:49 -05:00
commit bf674263f3
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/msf/core/auxiliary/report.rb
View File

@ -274,7 +274,28 @@ module Auxiliary::Report
:workspace => myworkspace,
:task => mytask
}.merge(opts)
framework.db.report_vuln(opts)
vuln = framework.db.report_vuln(opts)
# add vuln attempt audit details here during report
timestamp = opts[:timestamp]
username = opts[:username]
mname = self.fullname # use module name when reporting attempt for correlation
# report_vuln is only called in an identified case, consider setting value reported here
attempt_info = {
:vuln_id => vuln.id,
:attempted_at => timestamp || Time.now.utc,
:exploited => false,
:fail_detail => 'vulnerability identified',
:fail_reason => 'Untried', # Mdm::VulnAttempt::Status::UNTRIED, avoiding direct dependency on Mdm, used elsewhere in this module
:module => mname,
:username => username || "unknown",
}
vuln.vuln_attempts.create(attempt_info)
vuln
end
# This will simply log a deprecation warning, since report_exploit()