digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated for post-parameterisation

Browse Source
This commit is contained in:
thomashaw
2017-01-17 16:27:18 +00:00
parent f8a97b2842
commit 43c02f220f
5 changed files with 267 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
lib/schemas/build_metadata_schema.xsd
View File

@@ -33,6 +33,7 @@
<!--optional input values-->
<xs:element name="read_fact" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="default_input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
<!--optional details-->
<xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
@@ -84,4 +85,85 @@
</xs:complexType>
</xs:element>
<xs:complexType name="InputElements">
<xs:sequence>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name='vulnerability' type='VulnerabilityType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='service' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='utility' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='network' type='NetworkType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='generator' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='encoder' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='value' type='xs:string' minOccurs='0' maxOccurs='unbounded' />
</xs:choice>
</xs:sequence>
<xs:attribute name='into' type='xs:string'/>
</xs:complexType>
<xs:complexType name="VulnerabilityType">
<xs:sequence>
<xs:element name="input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name="privilege" type="xs:string"/>
<xs:attribute name="access" type="xs:string"/>
<xs:attribute name="platform" type="xs:string"/>
<!--optional vulnerability inputs-->
<xs:attribute name="read_fact" type="xs:string"/>
<!--optional vulnerability details-->
<xs:attribute name="difficulty" type="xs:string"/>
<xs:attribute name="cve" type="xs:string"/>
<xs:attribute name="cvss_base_score" type="xs:string"/>
<xs:attribute name="cvss_vector" type="xs:string"/>
<xs:attribute name="reference" type="xs:string"/>
<xs:attribute name="software_name" type="xs:string"/>
<xs:attribute name="software_license" type="xs:string"/>
<!--optional breadcrumb (info that is leaked and required to exploit)-->
<xs:attribute name="breadcrumb" type="xs:string"/>
<!--optional hints-->
<xs:attribute name="msf_module" type="xs:string"/>
<xs:attribute name="hint" type="xs:string"/>
<xs:attribute name="solution" type="xs:string"/>
</xs:complexType>
<xs:complexType name="ServiceUtilityEncoderGeneratorType">
<xs:sequence>
<xs:element name="input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name="platform" type="xs:string"/>
<xs:attribute name="reference" type="xs:string"/>
<xs:attribute name="software_name" type="xs:string"/>
<xs:attribute name="software_license" type="xs:string"/>
</xs:complexType>
<xs:complexType name="NetworkType">
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name='range' type='xs:string'/>
</xs:complexType>
</xs:schema>

85
lib/schemas/service_metadata_schema.xsd
View File

@@ -36,6 +36,10 @@
<xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<!--I/O: a generator writes it's output to one fact & can also take inputs-->
<xs:element name="read_fact" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="default_input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
<!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
<xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
@@ -81,4 +85,85 @@
</xs:complexType>
</xs:element>
<xs:complexType name="InputElements">
<xs:sequence>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name='vulnerability' type='VulnerabilityType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='service' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='utility' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='network' type='NetworkType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='generator' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='encoder' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='value' type='xs:string' minOccurs='0' maxOccurs='unbounded' />
</xs:choice>
</xs:sequence>
<xs:attribute name='into' type='xs:string'/>
</xs:complexType>
<xs:complexType name="VulnerabilityType">
<xs:sequence>
<xs:element name="input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name="privilege" type="xs:string"/>
<xs:attribute name="access" type="xs:string"/>
<xs:attribute name="platform" type="xs:string"/>
<!--optional vulnerability inputs-->
<xs:attribute name="read_fact" type="xs:string"/>
<!--optional vulnerability details-->
<xs:attribute name="difficulty" type="xs:string"/>
<xs:attribute name="cve" type="xs:string"/>
<xs:attribute name="cvss_base_score" type="xs:string"/>
<xs:attribute name="cvss_vector" type="xs:string"/>
<xs:attribute name="reference" type="xs:string"/>
<xs:attribute name="software_name" type="xs:string"/>
<xs:attribute name="software_license" type="xs:string"/>
<!--optional breadcrumb (info that is leaked and required to exploit)-->
<xs:attribute name="breadcrumb" type="xs:string"/>
<!--optional hints-->
<xs:attribute name="msf_module" type="xs:string"/>
<xs:attribute name="hint" type="xs:string"/>
<xs:attribute name="solution" type="xs:string"/>
</xs:complexType>
<xs:complexType name="ServiceUtilityEncoderGeneratorType">
<xs:sequence>
<xs:element name="input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name="platform" type="xs:string"/>
<xs:attribute name="reference" type="xs:string"/>
<xs:attribute name="software_name" type="xs:string"/>
<xs:attribute name="software_license" type="xs:string"/>
</xs:complexType>
<xs:complexType name="NetworkType">
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name='range' type='xs:string'/>
</xs:complexType>
</xs:schema>

84
lib/schemas/utility_metadata_schema.xsd
View File

@@ -36,6 +36,10 @@
<xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<!--I/O: a generator writes it's output to one fact & can also take inputs-->
<xs:element name="read_fact" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="default_input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
<!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
<xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
@@ -81,4 +85,84 @@
</xs:complexType>
</xs:element>
<xs:complexType name="InputElements">
<xs:sequence>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name='vulnerability' type='VulnerabilityType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='service' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='utility' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='network' type='NetworkType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='generator' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='encoder' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
<xs:element name='value' type='xs:string' minOccurs='0' maxOccurs='unbounded' />
</xs:choice>
</xs:sequence>
<xs:attribute name='into' type='xs:string'/>
</xs:complexType>
<xs:complexType name="VulnerabilityType">
<xs:sequence>
<xs:element name="input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name="privilege" type="xs:string"/>
<xs:attribute name="access" type="xs:string"/>
<xs:attribute name="platform" type="xs:string"/>
<!--optional vulnerability inputs-->
<xs:attribute name="read_fact" type="xs:string"/>
<!--optional vulnerability details-->
<xs:attribute name="difficulty" type="xs:string"/>
<xs:attribute name="cve" type="xs:string"/>
<xs:attribute name="cvss_base_score" type="xs:string"/>
<xs:attribute name="cvss_vector" type="xs:string"/>
<xs:attribute name="reference" type="xs:string"/>
<xs:attribute name="software_name" type="xs:string"/>
<xs:attribute name="software_license" type="xs:string"/>
<!--optional breadcrumb (info that is leaked and required to exploit)-->
<xs:attribute name="breadcrumb" type="xs:string"/>
<!--optional hints-->
<xs:attribute name="msf_module" type="xs:string"/>
<xs:attribute name="hint" type="xs:string"/>
<xs:attribute name="solution" type="xs:string"/>
</xs:complexType>
<xs:complexType name="ServiceUtilityEncoderGeneratorType">
<xs:sequence>
<xs:element name="input" type="InputElements" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name="platform" type="xs:string"/>
<xs:attribute name="reference" type="xs:string"/>
<xs:attribute name="software_name" type="xs:string"/>
<xs:attribute name="software_license" type="xs:string"/>
</xs:complexType>
<xs:complexType name="NetworkType">
<xs:attribute name="module_path" type="xs:string"/>
<xs:attribute name="name" type="xs:string"/>
<xs:attribute name="author" type="xs:string"/>
<xs:attribute name="module_license" type="xs:string"/>
<xs:attribute name="description" type="xs:string"/>
<xs:attribute name="type" type="xs:string"/>
<xs:attribute name='range' type='xs:string'/>
</xs:complexType>
</xs:schema>

16
modules/build/unix/cleanup/secgen_metadata.xml
View File

@@ -15,7 +15,21 @@
<read_fact>clobber_file_times</read_fact>
<read_fact>disable_ssh</read_fact>
<!--TODO: default values-->
<default_input into="remove_history">
<value>true</value>
</default_input>
<default_input into="root_password">
<generator module_path=".*strong_password.*"/>
</default_input>
<default_input into="clobber_file_times">
<value>false</value>
</default_input>
<default_input into="disable_ssh">
<value>false</value>
</default_input>
<requires>
<module_path>utilities/unix/system/accounts</module_path>

12
scenarios/simple_examples/random_vuln_with_cleanup.xml
View File

@@ -11,18 +11,8 @@
<vulnerability/>
<build type="cleanup">
<input into="remove_history">
<value>true</value>
</input>
<input into="root_password">
<value>test</value>
<!--<generator module_path=".*strong_password.*"/>-->
</input>
<input into="clobber_file_times">
<value>false</value>
</input>
<input into="disable_ssh">
<value>false</value>
<value>pwnable</value>
</input>
</build>