add new module: Pcap OT/IOT analyzer

[jubachm]

Tell us what this change does. If you're fixing a bug, please mention
the github issue number.

Please ensure you are submitting from a unique branch in your repository to master in Rapid7's.

Verification

List the steps needed to make sure this thing works

• Start msfconsole
• use exploit/windows/smb/ms08_067_netapi
• ...
• Verify the thing does what it should
• Verify the thing does not do what it should not
• Document the thing and how it works (Example)

If you are opening a PR for a new module that exploits a specific piece of hardware or requires a complex or hard-to-find testing environment, we recommend that you send us a demo of your module executing correctly. Seeing your module in action will help us review your PR faster!

Specific Hardware Examples:

• Switches
• Routers
• IP Cameras
• IoT devices

Complex Software Examples:

• Expensive proprietary software
• Software with an extensive installation process
• Software that requires exploit testing across multiple significantly different versions
• Software without an English language UI

We will also accept demonstrations of successful module execution even if your module doesn't meet the above conditions. It's not a necessity, but it may help us land your module faster!

Demonstration of successful module execution can take the form of a packet capture (pcap) or a screen recording. You can send pcaps and recordings to [email protected]. Please include a CVE number in the subject header (if applicable), and a link to your PR in the email body.
If you wish to sanitize your pcap, please see the wiki.

[smcintyre-r7]

Instead of print_error for each of these you should use fail_with(Failure::BadConfig, ...

[smcintyre-r7]

Can we switch this to the ISO8601 format please? it's YYYY-MM-DDTHH:MM:SS IIRC.

Suggested change

	timestamp = Time.at(packet.timestamp.to_f).strftime('%y/%m/%d - %H:%M:%S')
	timestamp = Time.at(packet.timestamp.to_f).strftime()

[jmartin-tech]

PCAP is already a supported import format that in theory, can populate the database (although I have not tested it recently). This module seems better suited as a standalone tool as it does not really take advantage of anything provided by msf rather it preforms an ETL of a PCAP into a specific CSV format using PacketFu which can be used as a standalone gem.

A useful enhancement for msf might be to be have this CSV format be added to the db_export supported formats for a host data only export. Currently only xml for the full dataset and pwdump for extracted passwords formats are supported.

[jheysel-r7]

A useful enhancement for msf might be to be have this CSV format be added to the db_export supported formats for a host data only export. Currently only xml for the full dataset and pwdump for extracted passwords formats are supported.

Thanks for the input Jeffrey! I'd agree that might be a more useful enhancement for the framework.

@jubachm would you be interested in attempting to make those suggested changes? We'd be happy to help.

[github-actions]

Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it attic and closed it for now.

What does this generally mean? It could be one or more of several things:

• It doesn't look like there has been any activity on this pull request in a while
• We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
• Sometimes the implementation isn't quite right and a different approach is necessary.

We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!