Display metasploit module information for each detected CVE-IDs (#1011)

* add metasploit

* fix go deps

* fix msf report

* fix msfdb server port number

* delete non-unique msfdb url from fulltext report

* fix(report): validate msfdb config on report (#1)

* fix(msfdb): update deps (go-msfdb)

* version up go-msfdb v0.1.0

Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>

commands/server.go

@@ -13,6 +13,7 @@ import (
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/exploit"
 	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/msf"
 	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/server"
@@ -23,12 +24,13 @@ import (
 
 // ServerCmd is subcommand for server
 type ServerCmd struct {
-	configPath  string
-	listen      string
-	cveDict     c.GoCveDictConf
-	ovalDict    c.GovalDictConf
-	gostConf    c.GostConf
-	exploitConf c.ExploitConf
+	configPath     string
+	listen         string
+	cveDict        c.GoCveDictConf
+	ovalDict       c.GovalDictConf
+	gostConf       c.GostConf
+	exploitConf    c.ExploitConf
+	metasploitConf c.MetasploitConf
 }
 
 // Name return subcommand name
@@ -65,6 +67,9 @@ func (*ServerCmd) Usage() string {
 		[-exploitdb-type=sqlite3|mysql|redis|http]
 		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
 		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+		[-msfdb-type=sqlite3|mysql|redis|http]
+		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
+		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
 
 		[RFC3339 datetime format under results dir]
 `
@@ -126,6 +131,12 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
 		"http://exploit.com:1326 or DB connection string")
+
+	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
+		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
+		"http://metasploit.com:1327 or DB connection string")
 }
 
 // Execute execute
@@ -144,6 +155,7 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	c.Conf.OvalDict.Overwrite(p.ovalDict)
 	c.Conf.Gost.Overwrite(p.gostConf)
 	c.Conf.Exploit.Overwrite(p.exploitConf)
+	c.Conf.Metasploit.Overwrite(p.metasploitConf)
 
 	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnReport() {
@@ -191,12 +203,21 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		}
 	}
 
+	if c.Conf.Metasploit.URL != "" {
+		err := msf.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-msfdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
 	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
-		CveDictCnf:  c.Conf.CveDict,
-		OvalDictCnf: c.Conf.OvalDict,
-		GostCnf:     c.Conf.Gost,
-		ExploitCnf:  c.Conf.Exploit,
-		DebugSQL:    c.Conf.DebugSQL,
+		CveDictCnf:    c.Conf.CveDict,
+		OvalDictCnf:   c.Conf.OvalDict,
+		GostCnf:       c.Conf.Gost,
+		ExploitCnf:    c.Conf.Exploit,
+		MetasploitCnf: c.Conf.Metasploit,
+		DebugSQL:      c.Conf.DebugSQL,
 	})
 	if locked {
 		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)