metasploit-framework/modules/auxiliary/scanner/http/f5_mgmt_scanner.rb

93 lines
2.7 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
2015-05-08 19:56:39 +00:00
'Name' => 'F5 Networks Devices Management Interface Scanner',
'Description' => %q{
2015-05-08 19:56:39 +00:00
This module scans for web management interfaces of the following F5 Networks devices:
BigIP, BigIQ, Enterprise Manager, ARX, and FirePass.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Denis Kolegov <dnkolegov[at]gmail.com>',
'Oleg Broslavsky <ovbroslavsky[at]gmail.com>',
'Nikita Oleksov <neoleksov[at]gmail.com>'
],
2015-03-23 08:34:38 +00:00
'DefaultOptions' =>
2015-03-23 08:31:08 +00:00
{
'SSL' => true,
'RPORT' => 443
2015-03-23 08:31:08 +00:00
}
))
2015-03-23 08:31:08 +00:00
register_options(
2015-05-08 19:56:39 +00:00
[
OptInt.new('TIMEOUT', [true, 'HTTPS connect/read timeout in seconds', 1])
])
end
2015-05-08 19:56:39 +00:00
def port_open?
begin
2015-05-08 20:23:08 +00:00
res = send_request_raw({'method' => 'GET', 'uri' => '/'}, datastore['TIMEOUT'])
2015-05-08 19:56:39 +00:00
return true if res
rescue ::Rex::ConnectionRefused
2016-02-01 22:06:34 +00:00
vprint_status("Connection refused")
2015-05-08 19:56:39 +00:00
return false
rescue ::Rex::ConnectionError
2016-02-01 22:06:34 +00:00
vprint_error("Connection failed")
2015-05-08 19:56:39 +00:00
return false
rescue ::OpenSSL::SSL::SSLError
2016-02-01 22:06:34 +00:00
vprint_error("SSL/TLS connection error")
return false
end
end
def run_host(ip)
2015-05-08 19:56:39 +00:00
return unless port_open?
2015-05-02 09:09:03 +00:00
res = send_request_raw('method' => 'GET', 'uri' => '/')
if res && res.code == 200
# Detect BigIP management interface
if res.body =~ /<title>BIG\-IP/
2016-02-01 22:06:34 +00:00
print_good("F5 BigIP web management interface found")
return
end
# Detect EM management interface
if res.body =~ /<title>Enterprise Manager/
2016-02-01 22:06:34 +00:00
print_good("F5 Enterprise Manager web management interface found")
return
end
# Detect ARX management interface
if res.body =~ /<title>F5 ARX Manager Login<\/title>/
2016-02-01 22:06:34 +00:00
print_good("ARX web management interface found")
return
end
end
# Detect BigIQ management interface
2015-05-08 19:56:39 +00:00
res = send_request_raw('method' => 'GET', 'uri' => '/ui/login/')
if res && res.code == 200 && res.body =~ /<title>BIG\-IQ/
2016-02-01 22:06:34 +00:00
print_good("F5 BigIQ web management interface found")
return
2015-03-23 08:31:08 +00:00
end
2015-03-23 08:34:38 +00:00
# Detect FirePass management interface
res = send_request_raw('method' => 'GET', 'uri' => '/admin/', 'rport' => rport)
if res && res.code == 200 && res.body =~ /<br><br><br><big><b>&nbsp;FirePass/
2016-02-01 22:06:34 +00:00
print_good("F5 FirePass web management interface found")
return
end
end
end