class Metasploit::Credential::Importer::Zip

Implements importation of a zip file containing credentials. Each well-formed zip should contain one CSV file and a subdirectory holding a collection of files, each containing one SSH private key.

Constants

KEYS_SUBDIRECTORY_NAME

The name of the directory in the zip file’s root directory that contains SSH keys

MANIFEST_FILE_NAME

The name of the file in the zip which is opened and passed as a ‘File` to an instance of {Metasploit::Credential::Importer::CSV::Core}

ZIP_HEADER_BYTE_LENGTH

Zip file identifying header length in bytes ({ZIP_HEADER_IDENTIFIER} length)

ZIP_HEADER_IDENTIFIER

Standard 4-byte binary header for all zips - www.fileformat.info/format/zip/corion.htm

Attributes

extracted_zip_directory[RW]

@!attribute extracted_zip_directory

The path to the directory holding the extracted zip contents

@return [String]
manifest_importer[RW]

@!attribute manifest_importer

The importer for the zip's manifest file

@return [Metasploit::Credential::Importer::CSV::Manifest]

Public Instance Methods

import!() click to toggle source

Extract the zip file and pass the CSV file contained therein to a {Metasploit::Credential::Importer::CSV::Core}, which is in charge of creating new {Metasploit::Credential::Core} objects, creating new {Metasploit::Credential::Public} objects or linking existing ones, and associating them with extracted {Metasploit::Credential::SSHKey} objects read from the files indicated in the manifest.

@return [void]

# File lib/metasploit/credential/importer/zip.rb, line 57
def import!
  ::Zip::File.open(input.path) do |zip_file|
    zip_file.each do |entry|
      entry.extract(File.join(extracted_zip_directory, entry.name))
    end
  end

  csv_path = Dir.glob(File.join(extracted_zip_directory,'**', MANIFEST_FILE_NAME)).first
  csv_input = File.open(csv_path)
  Metasploit::Credential::Importer::Core.new(input: csv_input, origin: origin, workspace: workspace).import!
end
input_is_well_formed() click to toggle source

Validates that the zip file contains a CSV file and that it can be handled with the {::Zip::File::open} method.

@return [void]

# File lib/metasploit/credential/importer/zip.rb, line 81
def input_is_well_formed
  begin
    Zip::File.open input.path do |archive|
      glob_check  = archive.glob("**#{File::SEPARATOR}#{MANIFEST_FILE_NAME}")
      if glob_check.present?
        true
      else
        errors.add(:input, :missing_manifest)
      end
    end
  rescue ::Zip::Error
    errors.add(:input, :malformed_archive)
  end
end