plugins/db_tracker.rb
module Msf
###
#
# This class hooks all socket calls and updates the database with
# data gathered from the connection parameters
#
###
class Plugin::DB_Tracer < Msf::Plugin
###
#
# This class implements a socket communication tracker
#
###
class DBTracerEventHandler
include Rex::Socket::Comm::Events
def on_before_socket_create(comm, param); end
def on_socket_created(_comm, sock, param)
# Ignore local listening sockets
return if !sock.peerhost
if ((sock.peerhost != '0.0.0.0') && sock.peerport)
# Ignore sockets that didn't set up their context
# to hold the framework in 'Msf'
return if !param.context['Msf']
host = param.context['Msf'].db.find_or_create_host(host: sock.peerhost, state: Msf::HostState::Alive)
return if !host
param.context['Msf'].db.report_service(host: host, proto: param.proto, port: sock.peerport)
end
end
end
def initialize(framework, opts)
super
if !framework.db.active
raise PluginLoadError, 'The database backend has not been initialized'
end
framework.plugins.each do |plugin|
if plugin.instance_of?(Msf::Plugin::DB_Tracer)
raise PluginLoadError, 'This plugin should not be loaded more than once'
end
end
@eh = DBTracerEventHandler.new
Rex::Socket::Comm::Local.register_event_handler(@eh)
end
def cleanup
Rex::Socket::Comm::Local.deregister_event_handler(@eh)
end
def name
'db_tracker'
end
def desc
'Monitors socket calls and updates the database backend'
end
end
end