Updated xssrays for AR

2019-11-30 15:23:27 +10:00
parent 173d55714a
commit 8ca7e2135c
5 changed files with 15 additions and 41 deletions
--- a/extensions/xssrays/api/scan.rb
+++ b/extensions/xssrays/api/scan.rb
@@ -18,10 +18,10 @@ module BeEF
          def start_scan(hb, body)
            @body = body
            config = BeEF::Core::Configuration.instance
-            hb = BeEF::Core::Models::HookedBrowser.first(:id => hb.id)
+            hb = BeEF::Core::Models::HookedBrowser.find(hb.id)
            #TODO: we should get the xssrays_scan table with more accuracy, if for some reasons we requested
            #TODO: 2 scans on the same hooked browsers, "first" could not get the right result we want
-            xs = BeEF::Core::Models::Xssraysscan.first(:hooked_browser_id => hb.id, :is_started => false)
+            xs = BeEF::Core::Models::Xssraysscan.where(:hooked_browser_id => hb.id, :is_started => false).first

            # stop here if there are no XssRays scans to be started
            return if xs == nil || xs.is_started == true
--- a/extensions/xssrays/handler.rb
+++ b/extensions/xssrays/handler.rb
@@ -18,7 +18,7 @@ module BeEF
          # raise an error if it's null or not found in the DB
          beef_hook = params[:hbsess] || nil

-          if beef_hook.nil? || HB.first(:session => beef_hook).nil?
+          if beef_hook.nil? || HB.where(:session => beef_hook).first.nil?
            print_error "[XSSRAYS] Invalid beef hook ID: the hooked browser cannot be found in the database"
            return
          end
@@ -53,8 +53,8 @@ module BeEF

        # parse incoming rays: rays are verified XSS, as the attack vector is calling back BeEF when executed.
        def parse_rays(rays_scan_id)
-          xssrays_scan = XS.first(:id => rays_scan_id)
-          hooked_browser = HB.first(:session => params[:hbsess])
+          xssrays_scan = XS.find(rays_scan_id)
+          hooked_browser = HB.where(:session => params[:hbsess]).first

          if xssrays_scan.nil?
            print_error "[XSSRAYS] Invalid scan"
@@ -76,7 +76,7 @@ module BeEF

        # finalize the XssRays scan marking the scan as finished in the db
        def finalize_scan(rays_scan_id)
-          xssrays_scan = BeEF::Core::Models::Xssraysscan.first(:id => rays_scan_id)
+          xssrays_scan = BeEF::Core::Models::Xssraysscan.find(rays_scan_id)

          if xssrays_scan.nil?
            print_error "[XSSRAYS] Invalid scan"
--- a/extensions/xssrays/models/xssraysdetail.rb
+++ b/extensions/xssrays/models/xssraysdetail.rb
@@ -9,21 +9,8 @@ module Models
  #
  # Store the rays details, basically verified XSS vulnerabilities
  #
-  class Xssraysdetail < ActiveRecord::Base
-    attribute :id, :Serial
-
-    # The hooked browser id
-    attribute :hooked_browser_id, :Text, :lazy => false
-
-    # The XssRays vector name for the vulnerability
-    attribute :vector_name, :Text, :lazy => true
-
-    # The XssRays vector method (GET or POST) for the vulnerability
-    attribute :vector_method, :Text, :lazy => true
-
-    # The XssRays Proof of Concept for the vulnerability
-    attribute :vector_poc, :Text, :lazy => true
-
+  class Xssraysdetail < BeEF::Core::Model
+    belongs_to :hooked_browser
    belongs_to :xssraysscan
  end
  
--- a/extensions/xssrays/models/xssraysscan.rb
+++ b/extensions/xssrays/models/xssraysscan.rb
@@ -9,23 +9,10 @@ module Models
  #
  # Store the XssRays scans started and finished, with relative ID
  #
-  class Xssraysscan < ActiveRecord::Base
+  class Xssraysscan < BeEF::Core::Model

-    attribute :id, :Serial
+    has_many :xssrays_details

-    attribute :hooked_browser_id, :Text, :lazy => false
-
-    attribute :scan_start, :DateTime, :lazy => true
-    attribute :scan_finish, :DateTime, :lazy => true
-
-    attribute :domain, :Text, :lazy => true
-    attribute :cross_domain, :Text, :lazy => true
-    attribute :clean_timeout, :Integer, :lazy => false
-
-    attribute :is_started, :Boolean, :lazy => false, :default => false
-    attribute :is_finished, :Boolean, :lazy => false, :default => false
-
-    belongs_to :extension_xssrays_details
  end

 end
--- a/extensions/xssrays/rest/xssrays.rb
+++ b/extensions/xssrays/rest/xssrays.rb
@@ -34,7 +34,7 @@ module BeEF
        # Returns the entire list of rays for all zombies
        get '/rays' do
          begin
-            rays = XD.all(:unique => true, :order => [:id.asc])
+            rays = XD.all.distinct.order(:id)
            count = rays.length

            result = {}
@@ -55,7 +55,7 @@ module BeEF
          begin
            id = params[:id]

-            rays = XD.all(:hooked_browser_id => id, :unique => true, :order => [:id.asc])
+            rays = XD.where(:hooked_browser_id => id).distinct.order(:id)
            count = rays.length

            result = {}
@@ -77,7 +77,7 @@ module BeEF
        # Returns the entire list of scans for all zombies
        get '/scans' do
          begin
-            scans = XS.all(:unique => true, :order => [:id.asc])
+            scans = XS.distinct.order(:id)
            count = scans.length

            result = {}
@@ -98,7 +98,7 @@ module BeEF
          begin
            id = params[:id]

-            scans = XS.all(:hooked_browser_id => id, :unique => true, :order => [:id.asc])
+            scans = XS.where(:hooked_browser_id => id).distinct.order(:id)
            count = scans.length

            result = {}
@@ -122,7 +122,7 @@ module BeEF
          begin
            id = params[:id]

-            hooked_browser = HB.first(:session => id, :unique => true, :order => [:id.asc])
+            hooked_browser = HB.where(:session => id).distinct.order(:id)

            if hooked_browser.nil?
              print_error "[XSSRAYS] Invalid hooked browser ID"