Updated xssrays for AR

extensions/xssrays/api/scan.rb

@@ -18,10 +18,10 @@ module BeEF
           def start_scan(hb, body)
             @body = body
             config = BeEF::Core::Configuration.instance
-            hb = BeEF::Core::Models::HookedBrowser.first(:id => hb.id)
+            hb = BeEF::Core::Models::HookedBrowser.find(hb.id)
             #TODO: we should get the xssrays_scan table with more accuracy, if for some reasons we requested
             #TODO: 2 scans on the same hooked browsers, "first" could not get the right result we want
-            xs = BeEF::Core::Models::Xssraysscan.first(:hooked_browser_id => hb.id, :is_started => false)
+            xs = BeEF::Core::Models::Xssraysscan.where(:hooked_browser_id => hb.id, :is_started => false).first
 
             # stop here if there are no XssRays scans to be started
             return if xs == nil || xs.is_started == true

extensions/xssrays/handler.rb

@@ -18,7 +18,7 @@ module BeEF
           # raise an error if it's null or not found in the DB
           beef_hook = params[:hbsess] || nil
 
-          if beef_hook.nil? || HB.first(:session => beef_hook).nil?
+          if beef_hook.nil? || HB.where(:session => beef_hook).first.nil?
             print_error "[XSSRAYS] Invalid beef hook ID: the hooked browser cannot be found in the database"
             return
           end
@@ -53,8 +53,8 @@ module BeEF
 
         # parse incoming rays: rays are verified XSS, as the attack vector is calling back BeEF when executed.
         def parse_rays(rays_scan_id)
-          xssrays_scan = XS.first(:id => rays_scan_id)
+          xssrays_scan = XS.find(rays_scan_id)
-          hooked_browser = HB.first(:session => params[:hbsess])
+          hooked_browser = HB.where(:session => params[:hbsess]).first
 
           if xssrays_scan.nil?
             print_error "[XSSRAYS] Invalid scan"
@@ -76,7 +76,7 @@ module BeEF
 
         # finalize the XssRays scan marking the scan as finished in the db
         def finalize_scan(rays_scan_id)
-          xssrays_scan = BeEF::Core::Models::Xssraysscan.first(:id => rays_scan_id)
+          xssrays_scan = BeEF::Core::Models::Xssraysscan.find(rays_scan_id)
 
           if xssrays_scan.nil?
             print_error "[XSSRAYS] Invalid scan"

extensions/xssrays/models/xssraysdetail.rb

@@ -9,21 +9,8 @@ module Models
   #
   # Store the rays details, basically verified XSS vulnerabilities
   #
-  class Xssraysdetail < ActiveRecord::Base
+  class Xssraysdetail < BeEF::Core::Model
-    attribute :id, :Serial
+    belongs_to :hooked_browser
-
-    # The hooked browser id
-    attribute :hooked_browser_id, :Text, :lazy => false
-
-    # The XssRays vector name for the vulnerability
-    attribute :vector_name, :Text, :lazy => true
-
-    # The XssRays vector method (GET or POST) for the vulnerability
-    attribute :vector_method, :Text, :lazy => true
-
-    # The XssRays Proof of Concept for the vulnerability
-    attribute :vector_poc, :Text, :lazy => true
-
     belongs_to :xssraysscan
   end
   

extensions/xssrays/models/xssraysscan.rb

@@ -9,23 +9,10 @@ module Models
   #
   # Store the XssRays scans started and finished, with relative ID
   #
-  class Xssraysscan < ActiveRecord::Base
+  class Xssraysscan < BeEF::Core::Model
 
-    attribute :id, :Serial
+    has_many :xssrays_details
 
-    attribute :hooked_browser_id, :Text, :lazy => false
-
-    attribute :scan_start, :DateTime, :lazy => true
-    attribute :scan_finish, :DateTime, :lazy => true
-
-    attribute :domain, :Text, :lazy => true
-    attribute :cross_domain, :Text, :lazy => true
-    attribute :clean_timeout, :Integer, :lazy => false
-
-    attribute :is_started, :Boolean, :lazy => false, :default => false
-    attribute :is_finished, :Boolean, :lazy => false, :default => false
-
-    belongs_to :extension_xssrays_details
   end
 
 end

extensions/xssrays/rest/xssrays.rb

@@ -34,7 +34,7 @@ module BeEF
         # Returns the entire list of rays for all zombies
         get '/rays' do
           begin
-            rays = XD.all(:unique => true, :order => [:id.asc])
+            rays = XD.all.distinct.order(:id)
             count = rays.length
 
             result = {}
@@ -55,7 +55,7 @@ module BeEF
           begin
             id = params[:id]
 
-            rays = XD.all(:hooked_browser_id => id, :unique => true, :order => [:id.asc])
+            rays = XD.where(:hooked_browser_id => id).distinct.order(:id)
             count = rays.length
 
             result = {}
@@ -77,7 +77,7 @@ module BeEF
         # Returns the entire list of scans for all zombies
         get '/scans' do
           begin
-            scans = XS.all(:unique => true, :order => [:id.asc])
+            scans = XS.distinct.order(:id)
             count = scans.length
 
             result = {}
@@ -98,7 +98,7 @@ module BeEF
           begin
             id = params[:id]
 
-            scans = XS.all(:hooked_browser_id => id, :unique => true, :order => [:id.asc])
+            scans = XS.where(:hooked_browser_id => id).distinct.order(:id)
             count = scans.length
 
             result = {}
@@ -122,7 +122,7 @@ module BeEF
           begin
             id = params[:id]
 
-            hooked_browser = HB.first(:session => id, :unique => true, :order => [:id.asc])
+            hooked_browser = HB.where(:session => id).distinct.order(:id)
 
             if hooked_browser.nil?
               print_error "[XSSRAYS] Invalid hooked browser ID"