metasploit-framework/modules/auxiliary/gather/zoomeye_search.rb

185 lines
5.0 KiB
Ruby
Raw Normal View History

2016-10-19 03:52:23 +00:00
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'rex/proto/http'
2016-10-19 03:52:23 +00:00
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
2016-10-19 03:52:23 +00:00
def initialize(info={})
super(update_info(info,
'Name' => 'ZoomEye Search',
'Description' => %q{
The module use the ZoomEye API to search ZoomEye. ZoomEye is a search
engine for cyberspace that lets the user find specific network
2016-10-19 07:23:11 +00:00
components(ip, services, etc.).
2016-10-19 03:52:23 +00:00
},
'Author' => [ 'Nixawk' ],
2016-10-19 07:23:11 +00:00
'References' => [
['URL', 'https://github.com/zoomeye/SDK'],
['URL', 'https://www.zoomeye.org/api/doc'],
['URL', 'https://www.zoomeye.org/help/manual']
],
2016-10-19 03:52:23 +00:00
'License' => MSF_LICENSE
))
deregister_options('RHOST', 'DOMAIN', 'DigestAuthIIS', 'NTLM::SendLM',
'NTLM::SendNTLM', 'VHOST', 'RPORT', 'NTLM::SendSPN', 'NTLM::UseLMKey',
'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2', 'SSL')
register_options(
[
OptString.new('USERNAME', [true, 'The ZoomEye username']),
OptString.new('PASSWORD', [true, 'The ZoomEye password']),
2016-10-19 03:52:23 +00:00
OptString.new('ZOOMEYE_DORK', [true, 'The ZoomEye Dock']),
OptEnum.new('RESOURCE', [true, 'ZoomEye Resource Type', 'host', ['host', 'web']]),
OptInt.new('MAXPAGE', [true, 'Max amount of pages to collect', 1])
])
2016-10-19 03:52:23 +00:00
end
# Check to see if api.zoomeye.org resolves properly
def zoomeye_resolvable?
begin
Rex::Socket.resolv_to_dotted("api.zoomeye.org")
rescue RuntimeError, SocketError
return false
end
true
end
def login(username, password)
# See more: https://www.zoomeye.org/api/doc#login
access_token = ''
@cli = Rex::Proto::Http::Client.new('api.zoomeye.org', 443, {}, true)
@cli.connect
data = {'username' => username, 'password' => password}
req = @cli.request_cgi({
'uri' => '/user/login',
'method' => 'POST',
'data' => data.to_json
})
res = @cli.send_recv(req)
unless res
print_error('server_response_error')
return
end
records = ActiveSupport::JSON.decode(res.body)
access_token = records['access_token'] if records && records.key?('access_token')
access_token
end
2016-10-20 01:54:31 +00:00
def dork_search(dork, resource, page)
2016-10-19 03:52:23 +00:00
# param: dork
# ex: country:cn
# access https://www.zoomeye.org/search/dorks for more details.
# param: page
# total page(s) number
# param: resource
# set a search resource type, ex: [web, host]
# param: facet
# ex: [app, device]
# A comma-separated list of properties to get summary information
begin
req = @cli.request_cgi({
'uri' => "/#{resource}/search",
'method' => 'GET',
'headers' => { 'Authorization' => "JWT #{@zoomeye_token}" },
'vars_get' => {
'query' => dork,
'page' => page,
'facet' => 'ip'
}
})
res = @cli.send_recv(req)
2016-10-20 01:54:31 +00:00
rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
print_error("HTTP Connection Failed")
end
2016-10-19 03:52:23 +00:00
unless res
print_error('server_response_error')
return
end
2016-10-19 03:52:23 +00:00
# Invalid Token, Not enough segments
# Invalid Token, Signature has expired
if res.body =~ /Invalid Token, /
fail_with(Failure::BadConfig, '401 Unauthorized. Your ZOOMEYE_APIKEY is invalid')
end
ActiveSupport::JSON.decode(res.body)
end
def match_records?(records)
2016-10-20 00:59:02 +00:00
records && records.key?('matches')
2016-10-19 03:52:23 +00:00
end
def parse_host_records(records)
records.each do |match|
host = match['ip']
port = match['portinfo']['port']
report_service(:host => host, :port => port)
print_good("Host: #{host} ,PORT: #{port}")
end
end
def parse_web_records(records)
records.each do |match|
host = match['ip'][0]
domains = match['domains']
report_host(:host => host)
print_good("Host: #{host}, Domains: #{domains}")
end
end
def run
# check to ensure api.zoomeye.org is resolvable
unless zoomeye_resolvable?
print_error("Unable to resolve api.zoomeye.org")
return
end
@zoomeye_token = login(datastore['USERNAME'], datastore['PASSWORD'])
2016-10-21 03:52:24 +00:00
if @zoomeye_token.blank?
print_error("Unable to login api.zoomeye.org")
return
end
# create ZoomEye request parameters
2016-10-19 03:52:23 +00:00
dork = datastore['ZOOMEYE_DORK']
resource = datastore['RESOURCE']
page = 1
maxpage = datastore['MAXPAGE']
# scroll max pages from ZoomEye
2016-10-19 03:52:23 +00:00
while page <= maxpage
print_status("ZoomEye #{resource} Search: #{dork} - page: #{page}")
results = dork_search(dork, resource, page) if dork
break unless match_records?(results)
matches = results['matches']
if resource.include?('web')
parse_web_records(matches)
else
parse_host_records(matches)
end
page += 1
end
end
end