diff --git a/extensions/xssrays/api/scan.rb b/extensions/xssrays/api/scan.rb index 7b9203a77..4b3dca967 100644 --- a/extensions/xssrays/api/scan.rb +++ b/extensions/xssrays/api/scan.rb @@ -18,10 +18,10 @@ module BeEF def start_scan(hb, body) @body = body config = BeEF::Core::Configuration.instance - hb = BeEF::Core::Models::HookedBrowser.first(:id => hb.id) + hb = BeEF::Core::Models::HookedBrowser.find(hb.id) #TODO: we should get the xssrays_scan table with more accuracy, if for some reasons we requested #TODO: 2 scans on the same hooked browsers, "first" could not get the right result we want - xs = BeEF::Core::Models::Xssraysscan.first(:hooked_browser_id => hb.id, :is_started => false) + xs = BeEF::Core::Models::Xssraysscan.where(:hooked_browser_id => hb.id, :is_started => false).first # stop here if there are no XssRays scans to be started return if xs == nil || xs.is_started == true diff --git a/extensions/xssrays/handler.rb b/extensions/xssrays/handler.rb index 8dd66ba90..4cd89d215 100644 --- a/extensions/xssrays/handler.rb +++ b/extensions/xssrays/handler.rb @@ -18,7 +18,7 @@ module BeEF # raise an error if it's null or not found in the DB beef_hook = params[:hbsess] || nil - if beef_hook.nil? || HB.first(:session => beef_hook).nil? + if beef_hook.nil? || HB.where(:session => beef_hook).first.nil? print_error "[XSSRAYS] Invalid beef hook ID: the hooked browser cannot be found in the database" return end @@ -53,8 +53,8 @@ module BeEF # parse incoming rays: rays are verified XSS, as the attack vector is calling back BeEF when executed. def parse_rays(rays_scan_id) - xssrays_scan = XS.first(:id => rays_scan_id) - hooked_browser = HB.first(:session => params[:hbsess]) + xssrays_scan = XS.find(rays_scan_id) + hooked_browser = HB.where(:session => params[:hbsess]).first if xssrays_scan.nil? print_error "[XSSRAYS] Invalid scan" @@ -76,7 +76,7 @@ module BeEF # finalize the XssRays scan marking the scan as finished in the db def finalize_scan(rays_scan_id) - xssrays_scan = BeEF::Core::Models::Xssraysscan.first(:id => rays_scan_id) + xssrays_scan = BeEF::Core::Models::Xssraysscan.find(rays_scan_id) if xssrays_scan.nil? print_error "[XSSRAYS] Invalid scan" diff --git a/extensions/xssrays/models/xssraysdetail.rb b/extensions/xssrays/models/xssraysdetail.rb index c56848837..c9fd68f92 100644 --- a/extensions/xssrays/models/xssraysdetail.rb +++ b/extensions/xssrays/models/xssraysdetail.rb @@ -9,21 +9,8 @@ module Models # # Store the rays details, basically verified XSS vulnerabilities # - class Xssraysdetail < ActiveRecord::Base - attribute :id, :Serial - - # The hooked browser id - attribute :hooked_browser_id, :Text, :lazy => false - - # The XssRays vector name for the vulnerability - attribute :vector_name, :Text, :lazy => true - - # The XssRays vector method (GET or POST) for the vulnerability - attribute :vector_method, :Text, :lazy => true - - # The XssRays Proof of Concept for the vulnerability - attribute :vector_poc, :Text, :lazy => true - + class Xssraysdetail < BeEF::Core::Model + belongs_to :hooked_browser belongs_to :xssraysscan end diff --git a/extensions/xssrays/models/xssraysscan.rb b/extensions/xssrays/models/xssraysscan.rb index eb435a27f..34ad64675 100644 --- a/extensions/xssrays/models/xssraysscan.rb +++ b/extensions/xssrays/models/xssraysscan.rb @@ -9,23 +9,10 @@ module Models # # Store the XssRays scans started and finished, with relative ID # - class Xssraysscan < ActiveRecord::Base + class Xssraysscan < BeEF::Core::Model - attribute :id, :Serial + has_many :xssrays_details - attribute :hooked_browser_id, :Text, :lazy => false - - attribute :scan_start, :DateTime, :lazy => true - attribute :scan_finish, :DateTime, :lazy => true - - attribute :domain, :Text, :lazy => true - attribute :cross_domain, :Text, :lazy => true - attribute :clean_timeout, :Integer, :lazy => false - - attribute :is_started, :Boolean, :lazy => false, :default => false - attribute :is_finished, :Boolean, :lazy => false, :default => false - - belongs_to :extension_xssrays_details end end diff --git a/extensions/xssrays/rest/xssrays.rb b/extensions/xssrays/rest/xssrays.rb index 59f5c9d3a..d81abf7fd 100644 --- a/extensions/xssrays/rest/xssrays.rb +++ b/extensions/xssrays/rest/xssrays.rb @@ -34,7 +34,7 @@ module BeEF # Returns the entire list of rays for all zombies get '/rays' do begin - rays = XD.all(:unique => true, :order => [:id.asc]) + rays = XD.all.distinct.order(:id) count = rays.length result = {} @@ -55,7 +55,7 @@ module BeEF begin id = params[:id] - rays = XD.all(:hooked_browser_id => id, :unique => true, :order => [:id.asc]) + rays = XD.where(:hooked_browser_id => id).distinct.order(:id) count = rays.length result = {} @@ -77,7 +77,7 @@ module BeEF # Returns the entire list of scans for all zombies get '/scans' do begin - scans = XS.all(:unique => true, :order => [:id.asc]) + scans = XS.distinct.order(:id) count = scans.length result = {} @@ -98,7 +98,7 @@ module BeEF begin id = params[:id] - scans = XS.all(:hooked_browser_id => id, :unique => true, :order => [:id.asc]) + scans = XS.where(:hooked_browser_id => id).distinct.order(:id) count = scans.length result = {} @@ -122,7 +122,7 @@ module BeEF begin id = params[:id] - hooked_browser = HB.first(:session => id, :unique => true, :order => [:id.asc]) + hooked_browser = HB.where(:session => id).distinct.order(:id) if hooked_browser.nil? print_error "[XSSRAYS] Invalid hooked browser ID"