Skip to content

Fix/msf host info cidr filtering#21448

Open
kx7m2qd wants to merge 7 commits into
rapid7:masterfrom
kx7m2qd:fix/msf-host-info-cidr-filtering
Open

Fix/msf host info cidr filtering#21448
kx7m2qd wants to merge 7 commits into
rapid7:masterfrom
kx7m2qd:fix/msf-host-info-cidr-filtering

Conversation

@kx7m2qd
Copy link
Copy Markdown
Contributor

@kx7m2qd kx7m2qd commented May 13, 2026
edited
Loading

What this fixes

Fixes #21405

The msf_host_info MCP tool was not honoring CIDR range filters. When a CIDR
like 192.168.159.0/24 was passed as the addresses parameter, it was forwarded
directly to db_hosts which does exact string matching — so no hosts were ever
returned.

The fix detects CIDR notation (presence of /) and performs the filtering in Ruby
using IPAddr after fetching all hosts, instead of passing the CIDR to the API.
Exact IP addresses continue to be passed to the API as before.

Verification

  • Start the MCP server: ./msfconsole --mcp-transport http
  • Ensure your database has hosts in multiple subnets (e.g. some in 192.168.159.0/24 and some outside it)
  • Query with no filter — verify all hosts are returned
  • Query with a single IP e.g. 192.168.159.10 — verify only that host is returned
  • Query with CIDR 192.168.159.0/24 — verify only hosts in that subnet are returned
  • Query with CIDR + only_up=true — verify results are filtered correctly
  • Verify hosts outside the CIDR range are not included in results
  • Verify exact IP filtering still works as before

kx7m2qd and others added 5 commits May 6, 2026 22:38
@kx7m2qd
Fix get_os_architecture for Linux/BSD shell sessions
3167b68 
Uses Rex::Arch.from_uname to map uname -m output to ARCH_ constants
for non-meterpreter Linux/BSD shell sessions.

References rapid7/rex-arch#13
Fixes rapid7#21403
@kx7m2qd
Document get_os_architecture method
270610a 
Added documentation for the get_os_architecture method to clarify its purpose and return value.
@kx7m2qd @smcintyre-r7
Update lib/msf/core/post/architecture.rb
4655412 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
@kx7m2qd
Update rex-arch to 0.1.20
65f47b1
@kx7m2qd
fix: honor CIDR filtering in msf_host_info MCP tool
0aaed23 
The addresses parameter was passed directly to db_hosts which does
exact string matching, so CIDR ranges like 192.168.159.0/24 never
matched any host address and returned 0 results.

Fix: detect CIDR notation and filter using IPAddr in Ruby after
fetching all hosts, instead of passing the CIDR to the API.
Exact IP addresses continue to be passed to the API as before.

Fixes rapid7#21405
kx7m2qd added 2 commits May 13, 2026 12:05
@kx7m2qd
fix: honor CIDR filtering in msf_host_info MCP tool
3106b33 
The addresses parameter was passed directly to db_hosts which does
exact string matching, so CIDR ranges like 192.168.159.0/24 never
matched any host address and returned 0 results.

Fix: detect CIDR notation and filter using IPAddr in Ruby after
fetching all hosts, instead of passing the CIDR to the API.
Exact IP addresses continue to be passed to the API as before.

Fixes rapid7#21405
@kx7m2qd
fix: honor CIDR filtering in msf_host_info MCP tool
3d6f495 
The addresses parameter was passed directly to db_hosts which does
exact string matching, so CIDR ranges like 192.168.159.0/24 never
matched any host address and returned 0 results.

Fix: detect CIDR notation and filter using IPAddr in Ruby after
fetching all hosts, instead of passing the CIDR to the API.
Exact IP addresses continue to be passed to the API as before.

Fixes rapid7#21405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

msf_host_info does not honor CIDR filtering

2 participants

@kx7m2qd @smcintyre-r7