metasploit-framework/modules/auxiliary/scanner/kademlia/server_info.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::UDPScanner
  include Msf::Auxiliary::Kademlia

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name'           => 'Gather Kademlia Server Information',
        'Description'    => %q(
          This module uses the Kademlia BOOTSTRAP and PING messages to identify
          and extract information from Kademlia speaking UDP endpoints,
          typically belonging to eMule/eDonkey/BitTorrent servers or other P2P
          applications.
        ),
        'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
        'References'     =>
          [
            # There are lots of academic papers on the protocol but they tend to lack usable
            # protocol details.  This is the best I've found
            ['URL', 'http://gbmaster.wordpress.com/2013/06/16/botnets-surrounding-us-sending-kademlia2_bootstrap_req-kademlia2_hello_req-and-their-strict-cousins/#more-125']
          ],
        'License'        => MSF_LICENSE,
        'Actions'        => [
          ['BOOTSTRAP', 'Description' => 'Use a Kademlia2 BOOTSTRAP'],
          ['PING', 'Description' => 'Use a Kademlia2 PING']
        ],
        'DefaultAction'  => 'BOOTSTRAP'
      )
    )

    register_options(
    [
      Opt::RPORT(4672)
    ], self.class)
  end

  def build_probe
    @probe ||= case action.name
               when 'BOOTSTRAP'
                 BootstrapRequest.new
               when 'PING'
                 Ping.new
               end
  end

  def scanner_process(response, src_host, src_port)
    return if response.blank?
    peer = "#{src_host}:#{src_port}"

    case action.name
    when 'BOOTSTRAP'
      if bootstrap_res = BootstrapResponse.from_data(response)
        info = {
          peer_id: bootstrap_res.peer_id,
          tcp_port: bootstrap_res.tcp_port,
          version: bootstrap_res.version,
          peers: bootstrap_res.peers
        }
        print_good("#{peer} ID #{bootstrap_res.peer_id}, TCP port #{bootstrap_res.tcp_port}," +
                   " version #{bootstrap_res.version}, #{bootstrap_res.peers.size} peers")
      end
    when 'PING'
      if pong = Pong.from_data(response)
        print_good("#{peer} PONG port #{pong.port}")
        # port should match the port we contacted it from.  TODO: validate this?
        info = { udp_port: pong.port }
      end
    end

    return unless info
    @results[src_host] ||= []
    @results[src_host] << info
  end

  def scanner_postscan(_batch)
    @results.each_pair do |host, info|
      report_host(host: host)
      report_service(
        host: host,
        proto: 'udp',
        port: rport,
        name: 'kademlia',
        info: info
      )
    end
  end
end
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`##`
			`# This module requires Metasploit: http://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'msf/core'`

Revert "change Metasploit3 class names" This reverts commit 666ae14259085ff71cf1b5966d65c84cd0996c5d. 2016-03-07 19:19:55 +00:00			`class Metasploit3 < Msf::Auxiliary`
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`include Msf::Auxiliary::Report`
			`include Msf::Auxiliary::UDPScanner`
Partial commit 2014-11-20 21:49:36 +00:00			`include Msf::Auxiliary::Kademlia`
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00
			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => 'Gather Kademlia Server Information',`
			`'Description' => %q(`
			`This module uses the Kademlia BOOTSTRAP and PING messages to identify`
			`and extract information from Kademlia speaking UDP endpoints,`
			`typically belonging to eMule/eDonkey/BitTorrent servers or other P2P`
			`applications.`
			`),`
YARD and spec cleanup 2014-11-18 21:27:59 +00:00			`'Author' => 'Jon Hart <jon_hart[at]rapid7.com>',`
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`'References' =>`
			`[`
			`# There are lots of academic papers on the protocol but they tend to lack usable`
			`# protocol details. This is the best I've found`
			`['URL', 'http://gbmaster.wordpress.com/2013/06/16/botnets-surrounding-us-sending-kademlia2_bootstrap_req-kademlia2_hello_req-and-their-strict-cousins/#more-125']`
			`],`
			`'License' => MSF_LICENSE,`
			`'Actions' => [`
			`['BOOTSTRAP', 'Description' => 'Use a Kademlia2 BOOTSTRAP'],`
			`['PING', 'Description' => 'Use a Kademlia2 PING']`
			`],`
			`'DefaultAction' => 'BOOTSTRAP'`
			`)`
			`)`

			`register_options(`
			`[`
			`Opt::RPORT(4672)`
			`], self.class)`
			`end`

			`def build_probe`
			`@probe \|\|= case action.name`
			`when 'BOOTSTRAP'`
Move Kademlia stuff to a more OO model, etc, per reviews All of the work is done in rex. The msf mixin just prevents the desire to call rex directly from the module 2014-11-24 22:03:43 +00:00			`BootstrapRequest.new`
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`when 'PING'`
Move Kademlia stuff to a more OO model, etc, per reviews All of the work is done in rex. The msf mixin just prevents the desire to call rex directly from the module 2014-11-24 22:03:43 +00:00			`Ping.new`
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`end`
			`end`

			`def scanner_process(response, src_host, src_port)`
Mostly complete Kademlia PING / BOOTSTRAP scanner 2014-11-14 22:39:40 +00:00			`return if response.blank?`
			`peer = "#{src_host}:#{src_port}"`

			`case action.name`
			`when 'BOOTSTRAP'`
Move Kademlia stuff to a more OO model, etc, per reviews All of the work is done in rex. The msf mixin just prevents the desire to call rex directly from the module 2014-11-24 22:03:43 +00:00			`if bootstrap_res = BootstrapResponse.from_data(response)`
			`info = {`
			`peer_id: bootstrap_res.peer_id,`
			`tcp_port: bootstrap_res.tcp_port,`
			`version: bootstrap_res.version,`
			`peers: bootstrap_res.peers`
			`}`
			`print_good("#{peer} ID #{bootstrap_res.peer_id}, TCP port #{bootstrap_res.tcp_port}," +`
			`" version #{bootstrap_res.version}, #{bootstrap_res.peers.size} peers")`
Mostly complete Kademlia PING / BOOTSTRAP scanner 2014-11-14 22:39:40 +00:00			`end`
			`when 'PING'`
Move Kademlia stuff to a more OO model, etc, per reviews All of the work is done in rex. The msf mixin just prevents the desire to call rex directly from the module 2014-11-24 22:03:43 +00:00			`if pong = Pong.from_data(response)`
			`print_good("#{peer} PONG port #{pong.port}")`
			`# port should match the port we contacted it from. TODO: validate this?`
			`info = { udp_port: pong.port }`
			`end`
Mostly complete Kademlia PING / BOOTSTRAP scanner 2014-11-14 22:39:40 +00:00			`end`

Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`return unless info`
			`@results[src_host] \|\|= []`
			`@results[src_host] << info`
			`end`

			`def scanner_postscan(_batch)`
			`@results.each_pair do \|host, info\|`
			`report_host(host: host)`
			`report_service(`
			`host: host,`
			`proto: 'udp',`
			`port: rport,`
Downcase the service name for consistency 2014-12-12 22:40:42 +00:00			`name: 'kademlia',`
Add beginnings of Kademlia gather module and protocol support 2014-11-14 20:44:07 +00:00			`info: info`
			`)`
			`end`
			`end`
			`end`