The database layer for Metasploit
MetasploitDataModels exists to do several key things:
-
Allow code sharing between Metasploit Framework (MSF) and the commercial versions of Metasploit (Community, Express, Pro -- usually referred to collectively as "Pro")
-
Give developers a lightweight entry point to MSF's backend for use in developing tools that gather data intended for later use with Metasploit (e.g. specialized scanners).
-
Make it easy to keep commercial stuff private while increasing the functionality of the open-source tools we provide to the community.
In a Rails application, MetasploitDataModels acts a
Rails Engine and the models are available to application
just as if they were defined under app/models
. If your Rails appliation needs to modify the models, this can be done
using ActiveSupport.on_load
hooks in initializers. The block passed to on_load hook is evaluated in the context of the
model class, so defining method and including modules will work just like reopeninng the class, but
ActiveSupport.on_load
ensures that the monkey patches will work after reloading in development mode. Each class has a
different on_load
name, which is just the class name converted to an underscored symbol, so Mdm::ApiKey
runs the
:mdm_api_key
load hooks, etc.
# Gemfile
gem :metasploiit_data_models, :git => git://github.com/rapid7/metasploit_data_models.git, :tag => 'v0.3.0'
# config/initializers/metasploit_data_models.rb
ActiveSupport.on_load(:mdm_api_key) do
# Returns the String obfuscated token for display. Meant to avoid CSRF
# api-key stealing attackes.
def obfuscated_token
token[0..3] + "****************************"
end
end
This gem's Rails::Engine
is not required automatically. You'll need to also add the following to your config/application.rb
:
require 'metasploit_data_models/engine'
In Metasploit Framework, MetasploitDataModels::Engine
is loaded, but the data models are only if the user wants to use
the database.
In Metasploit Pro, MDM is loaded via the metasploit_data_models gem: https://rubygems.org/gems/metasploit_data_models
An MRI and JRuby implementation is generated for all substantial updates.
The gem includes a console based on Pry
Give it a path to a working MSF database.yml file for full ActiveRecord-based access to your data.
Note: "development" mode is hardcoded into the console currently.
See CONTRIBUTING.md