metasploit-framework/modules/auxiliary/scanner/ssh/detect_kippo.rb

33 lines
1.0 KiB
Ruby
Raw Normal View History

2014-12-11 03:37:35 +00:00
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Kippo SSH Honeypot Detector',
'Version' => '$Revision: 1 $',
'Description' => 'Detect if an SSH server is a Kippo honeypot',
'Author' => 'Andrew Morris',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT(22)
], self.class)
end
def run_host(ip)
connect()
banner = sock.recv(1024)
sock.puts("\n\n\n\n\n\n\n\n")
response = sock.recv(1024)
if response.include? "168430090"
print_status("#{ip} - Kippo honeypot detected!")
end
disconnect()
end
end