2012-06-29 05:18:28 +00:00
|
|
|
# -*- coding: binary -*-
|
2008-09-22 22:32:20 +00:00
|
|
|
module Msf
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP-enabled modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapModule
|
2008-10-19 20:32:14 +00:00
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
attr_accessor :orderid
|
|
|
|
attr_accessor :requiredids
|
2012-05-24 22:28:20 +00:00
|
|
|
|
2008-09-22 22:32:20 +00:00
|
|
|
#
|
|
|
|
# Initializes an instance of a WMAP module
|
|
|
|
#
|
|
|
|
def initialize(info = {})
|
|
|
|
super
|
2012-02-03 21:43:21 +00:00
|
|
|
self.orderid = 0xFFFFFF
|
|
|
|
self.requiredids = {}
|
2008-09-22 22:32:20 +00:00
|
|
|
end
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
def register_wmap_options(options)
|
|
|
|
if options.has_key?('OrderID')
|
|
|
|
self.orderid = options['OrderID']
|
|
|
|
end
|
|
|
|
|
|
|
|
if options.has_key?('Require')
|
|
|
|
self.requiredids = options['Require']
|
|
|
|
end
|
|
|
|
end
|
2012-05-24 22:28:20 +00:00
|
|
|
|
2008-09-22 22:32:20 +00:00
|
|
|
def wmap_enabled
|
|
|
|
#enabled by default
|
|
|
|
true
|
|
|
|
end
|
2012-05-24 22:28:20 +00:00
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
def wmap_getoid
|
2012-05-24 22:28:20 +00:00
|
|
|
self.orderid
|
2012-02-03 21:43:21 +00:00
|
|
|
end
|
2012-05-24 22:28:20 +00:00
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
def wmap_setoid(oid)
|
|
|
|
self.orderid = oid
|
|
|
|
end
|
2012-05-24 22:28:20 +00:00
|
|
|
|
2008-09-22 22:32:20 +00:00
|
|
|
def wmap_type
|
|
|
|
#default type
|
|
|
|
nil
|
|
|
|
end
|
2008-10-19 20:32:14 +00:00
|
|
|
|
2008-11-10 04:38:05 +00:00
|
|
|
def wmap_target_host
|
2009-03-28 17:45:14 +00:00
|
|
|
datastore['RHOST']
|
2008-11-10 04:38:05 +00:00
|
|
|
end
|
2011-11-20 01:05:14 +00:00
|
|
|
|
2008-11-10 04:38:05 +00:00
|
|
|
def wmap_target_port
|
2009-03-28 17:45:14 +00:00
|
|
|
datastore['RPORT']
|
2008-11-10 04:38:05 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def wmap_target_ssl
|
2009-03-28 17:57:12 +00:00
|
|
|
datastore['SSL']
|
2009-03-28 17:45:14 +00:00
|
|
|
end
|
2011-11-20 01:05:14 +00:00
|
|
|
|
2011-02-04 05:57:26 +00:00
|
|
|
def wmap_target_vhost
|
|
|
|
datastore['VHOST']
|
|
|
|
end
|
2011-11-20 01:05:14 +00:00
|
|
|
|
2009-03-28 17:45:14 +00:00
|
|
|
def wmap_base_url
|
2009-03-28 17:57:12 +00:00
|
|
|
res = (ssl ? "https://" : "http://")
|
2009-03-30 04:22:47 +00:00
|
|
|
if datastore['VHOST'].nil?
|
|
|
|
res << wmap_target_host
|
|
|
|
else
|
|
|
|
res << datastore['VHOST']
|
|
|
|
end
|
2013-02-08 18:05:27 +00:00
|
|
|
res << ":" + wmap_target_port.to_s
|
2009-03-28 17:57:12 +00:00
|
|
|
res
|
2008-11-10 04:38:05 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Modified from CGI.rb as we dont use arrays
|
|
|
|
#
|
2008-09-22 22:32:20 +00:00
|
|
|
def headersparse(qheaders)
|
|
|
|
params = Hash.new()
|
|
|
|
|
2011-11-20 01:05:14 +00:00
|
|
|
qheaders.split(/[&;]/n).each do |pairs|
|
|
|
|
key, value = pairs.split(':',2)
|
|
|
|
if params.has_key?(key)
|
2008-09-22 22:32:20 +00:00
|
|
|
#Error
|
2011-11-20 01:05:14 +00:00
|
|
|
else
|
2008-09-22 22:32:20 +00:00
|
|
|
params[key] = value
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
|
|
|
end
|
2008-09-22 22:32:20 +00:00
|
|
|
params
|
|
|
|
end
|
|
|
|
|
2008-10-19 20:32:14 +00:00
|
|
|
#modified from CGI.rb as we dont use arrays
|
2008-09-22 22:32:20 +00:00
|
|
|
def queryparse(query)
|
|
|
|
params = Hash.new()
|
|
|
|
|
2011-11-20 01:05:14 +00:00
|
|
|
query.split(/[&;]/n).each do |pairs|
|
|
|
|
key, value = pairs.split('=',2)
|
|
|
|
if params.has_key?(key)
|
2008-09-22 22:32:20 +00:00
|
|
|
#Error
|
2011-11-20 01:05:14 +00:00
|
|
|
else
|
2008-09-22 22:32:20 +00:00
|
|
|
params[key] = value
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
|
|
|
end
|
2008-09-22 22:32:20 +00:00
|
|
|
params
|
|
|
|
end
|
|
|
|
|
2011-11-20 01:05:14 +00:00
|
|
|
# Levenshtein distance algorithm (slow, huge mem consuption)
|
|
|
|
def distance(a, b)
|
|
|
|
case
|
|
|
|
when a.empty?
|
2008-09-23 15:41:13 +00:00
|
|
|
b.length
|
2011-11-20 01:05:14 +00:00
|
|
|
when b.empty?
|
2008-09-23 15:41:13 +00:00
|
|
|
a.length
|
2011-11-20 01:05:14 +00:00
|
|
|
else
|
2008-09-23 15:41:13 +00:00
|
|
|
[(a[0] == b[0] ? 0 : 1) + distance(a[1..-1], b[1..-1]),
|
2008-09-22 22:32:20 +00:00
|
|
|
1 + distance(a[1..-1], b),
|
|
|
|
2 + distance(a, b[1..-1])].min
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2008-09-22 22:32:20 +00:00
|
|
|
end
|
|
|
|
|
2011-02-04 05:57:26 +00:00
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP SSL Scanner modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanSSL
|
|
|
|
include Auxiliary::WmapModule
|
2011-02-04 05:57:26 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_ssl
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2011-02-04 05:57:26 +00:00
|
|
|
end
|
|
|
|
|
2008-09-22 22:32:20 +00:00
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP File Scanner modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanFile
|
|
|
|
include Auxiliary::WmapModule
|
2008-09-22 22:32:20 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_file
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2008-09-22 22:32:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP Directory Scanner modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanDir
|
|
|
|
include Auxiliary::WmapModule
|
2008-09-22 22:32:20 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_dir
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2008-09-22 22:32:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP Web Server Scanner modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanServer
|
|
|
|
include Auxiliary::WmapModule
|
2008-09-22 22:32:20 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_server
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2008-09-22 22:32:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP Query Scanner modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanQuery
|
|
|
|
include Auxiliary::WmapModule
|
2008-09-22 22:32:20 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_query
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2008-09-22 22:32:20 +00:00
|
|
|
end
|
|
|
|
|
2008-10-01 03:57:57 +00:00
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP Unique Query Scanner modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanUniqueQuery
|
|
|
|
include Auxiliary::WmapModule
|
2008-10-01 03:57:57 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_unique_query
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
|
|
|
|
2011-02-13 04:36:00 +00:00
|
|
|
def signature(fpath,fquery)
|
2008-10-01 03:57:57 +00:00
|
|
|
hsig = Hash.new()
|
2011-11-20 01:05:14 +00:00
|
|
|
|
2011-02-13 04:36:00 +00:00
|
|
|
hsig = queryparse(fquery)
|
2011-11-20 01:05:14 +00:00
|
|
|
|
2008-10-01 03:57:57 +00:00
|
|
|
#
|
|
|
|
# Signature of the form ',p1,p2,pn' then to be appended to path: path,p1,p2,pn
|
|
|
|
#
|
2011-11-20 01:05:14 +00:00
|
|
|
|
2011-02-13 04:36:00 +00:00
|
|
|
sigstr = fpath + "," + hsig.map{|p| p[0].to_s}.join(",")
|
2008-10-01 03:57:57 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2008-10-12 03:46:49 +00:00
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapScanGeneric
|
|
|
|
include Auxiliary::WmapModule
|
2008-10-12 03:46:49 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_generic
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2008-10-12 03:46:49 +00:00
|
|
|
end
|
|
|
|
|
2009-03-30 04:22:47 +00:00
|
|
|
###
|
|
|
|
#
|
|
|
|
# This module provides methods for WMAP Crawler modules
|
|
|
|
#
|
|
|
|
###
|
|
|
|
|
2012-02-03 21:43:21 +00:00
|
|
|
module Auxiliary::WmapCrawler
|
|
|
|
include Auxiliary::WmapModule
|
2009-03-30 04:22:47 +00:00
|
|
|
|
|
|
|
def wmap_type
|
2012-02-03 21:43:21 +00:00
|
|
|
:wmap_crawler
|
2011-11-20 01:05:14 +00:00
|
|
|
end
|
2009-03-30 04:22:47 +00:00
|
|
|
end
|
|
|
|
|
2008-11-10 04:38:05 +00:00
|
|
|
end
|