#MetasploitDataModels
The database layer for Metasploit
MetasploitDataModels exists to do several key things:
-
Allow code sharing between Metasploit Framework (MSF) and the commercial versions of Metasploit (Community, Express, Pro -- usually referred to collectively as "Pro")
-
Give developers a lightweight entry point to MSF's backend for use in developing tools that gather data intended for later use with Metasploit (e.g. specialized scanners).
-
Make it easy to keep commercial stuff private while increasing the functionality of the open-source tools we provide to the community.
In a Rails application, MetasploitDataModels acts a Rails Engine and the models are available to application just as if they were defined under app/models. If your Rails appliation needs to modify the models, this can be done using ActiveSupport.on_load hooks in initializers. The block passed to on_load hook is evaluated in the context of the model class, so defining method and including modules will work just like reopeninng the class, but ActiveSupport.on_load ensures that the monkey patches will work after reloading in development mode. Each class has a different on_load name, which is just the class name converted to an underscored symbol, so Mdm::ApiKey runs the :mdm_api_key load hooks, etc.
# Gemfile
gem :metasploiit_data_models, :git => git://github.com/rapid7/metasploit_data_models.git, :tag => 'v0.3.0'
# config/initializers/metasploit_data_models.rb
ActiveSupport.on_load(:mdm_api_key) do
# Returns the String obfuscated token for display. Meant to avoid CSRF
# api-key stealing attackes.
def obfuscated_token
token[0..3] + "****************************"
end
end
In Metasploit Framework, MetasploitDataModels.require_models is called by the Msf::DbManager to use the data models
only if the user wants to use the database.
In Metasploit Pro, MDM is loaded via the metasploit_data_models gem: https://rubygems.org/gems/metasploit_data_models
An MRI and JRuby implementation is generated for all substantial updates.
The gem includes a console based on Pry
Give it a path to a working MSF database.yml file for full ActiveRecord-based access to your data.
Note: "development" mode is hardcoded into the console currently.