Skip to content

RPC vulns and services reports resources and parents (service only) #21305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sjanusz-r7 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

RPC vulns and services reports resources and parents (service only) #21305

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c07df96
RPC vulns and services reports resources and parents (service only)
sjanusz-r7 Apr 15, 2026
646b620
Bump max recursion count on service queries
sjanusz-r7 Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 35 additions & 12 deletions lib/msf/core/rpc/v10/rpc_db.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,8 @@ def rpc_hosts(xopts)
# * 'state' [String] Service state.
# * 'name' [String] Service name.
# * 'info' [String] Additional information about the service.
# * 'resource' [Hash] Service resource.
# * 'parents' [Array<Hash>] List of parent services with same set of keys as the service.
# @example Here's how you would use this from the client:
# rpc.call('db.services', {})
def rpc_services( xopts)
Expand All @@ -471,18 +473,8 @@ def rpc_services( xopts)
ret = {}
ret[:services] = []

wspace.services.includes(:host).where(conditions).offset(offset).limit(limit).each do |s|
service = {}
host = s.host
service[:host] = host.address || "unknown"
service[:created_at] = s[:created_at].to_i
service[:updated_at] = s[:updated_at].to_i
service[:port] = s[:port]
service[:proto] = s[:proto].to_s
service[:state] = s[:state].to_s
service[:name] = s[:name].to_s
service[:info] = s[:info].to_s
ret[:services] << service
wspace.services.includes(:host, :parents).where(conditions).offset(offset).limit(limit).each do |s|
ret[:services] << process_service(s)
end
ret
}
Expand Down Expand Up @@ -511,6 +503,7 @@ def rpc_services( xopts)
# * 'host' [String] Vulnerable host.
# * 'name' [String] Exploit that was used.
# * 'refs' [String] Vulnerability references.
# * 'resource' [String] Vulnerability resource.
# @example Here's how you would use this from the client:
# rpc.call('db.vulns', {})
def rpc_vulns(xopts)
Expand Down Expand Up @@ -541,6 +534,7 @@ def rpc_vulns(xopts)
vuln[:host] = v.host.address || nil
vuln[:name] = v.name
vuln[:refs] = reflist.join(',')
vuln[:resource] = v.resource
ret[:vulns] << vuln
end
ret
Expand Down Expand Up @@ -1988,6 +1982,35 @@ def rpc_disconnect
end


private

# Process an Mdm::Service object to a hash, with recursive parent lookup.
#
# @param mdm_service [Mdm::Service] The service record to process.
# @param recursion_count [Integer] Current recursion iteration count
# @return [Hash] Serialized service data.
def process_service(mdm_service, recursion_count = 0)
return { error: :recursion_limit_reached } unless recursion_count >= 0 && recursion_count < 6

service = {}
host = mdm_service.host

service[:host] = host.address || "unknown"
service[:created_at] = mdm_service[:created_at].to_i
service[:updated_at] = mdm_service[:updated_at].to_i
service[:port] = mdm_service[:port]
service[:proto] = mdm_service[:proto].to_s
service[:state] = mdm_service[:state].to_s
service[:name] = mdm_service[:name].to_s
service[:info] = mdm_service[:info].to_s
service[:resource] = mdm_service[:resource]
service[:parents] = mdm_service.parents.map do |parent|
process_service(parent, recursion_count + 1)
end

service
end

end
end
end
Loading