Display metasploit module information for each detected CVE-IDs (#1011)

* add metasploit * fix go deps * fix msf report * fix msfdb server port number * delete non-unique msfdb url from fulltext report * fix(report): validate msfdb config on report (#1) * fix(msfdb): update deps (go-msfdb) * version up go-msfdb v0.1.0 Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
2020-07-03 14:05:07 +09:00
parent 89f49b0e29
commit 11a7a0c934
15 changed files with 539 additions and 87 deletions
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -346,13 +346,14 @@ func (r ScanResult) FormatTextReportHeadedr() string {
 		buf.WriteString("=")
 	}

-	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n",
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s, %s\n",
 		r.ServerInfo(),
 		buf.String(),
 		r.ScannedCves.FormatCveSummary(),
 		r.ScannedCves.FormatFixedStatus(r.Packages),
 		r.FormatUpdatablePacksSummary(),
 		r.FormatExploitCveSummary(),
+		r.FormatMetasploitCveSummary(),
 		r.FormatAlertSummary(),
 	)
 }
@@ -388,6 +389,17 @@ func (r ScanResult) FormatExploitCveSummary() string {
 	return fmt.Sprintf("%d exploits", nExploitCve)
 }

+// FormatMetasploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatMetasploitCveSummary() string {
+	nMetasploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Metasploits) {
+			nMetasploitCve++
+		}
+	}
+	return fmt.Sprintf("%d modules", nMetasploitCve)
+}
+
 // FormatAlertSummary returns a summary of XCERT alerts
 func (r ScanResult) FormatAlertSummary() string {
 	jaCnt := 0
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -150,6 +150,7 @@ type VulnInfo struct {
 	DistroAdvisories     DistroAdvisories     `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
 	CveContents          CveContents          `json:"cveContents,omitempty"`
 	Exploits             []Exploit            `json:"exploits,omitempty"`
+	Metasploits          []Metasploit         `json:"metasploits,omitempty"`
 	AlertDict            AlertDict            `json:"alertDict,omitempty"`
 	CpeURIs              []string             `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml
 	GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"`
@@ -791,6 +792,14 @@ type Exploit struct {
 	BinaryURL    *string                   `json:"binaryURL,omitempty"`
 }

+// Metasploit :
+type Metasploit struct {
+	Name        string   `json:"name"`
+	Title       string   `json:"title"`
+	Description string   `json:"description,omitempty"`
+	URLs        []string `json:",omitempty"`
+}
+
 // AlertDict has target cve's JPCERT and USCERT alert data
 type AlertDict struct {
 	Ja []Alert `json:"ja"`