2012-11-15 21:28:56 +00:00
|
|
|
##
|
2012-11-15 21:43:47 +00:00
|
|
|
# nessus_xmlrpc_ping.rb
|
2012-11-15 21:28:56 +00:00
|
|
|
##
|
|
|
|
|
|
|
|
##
|
|
|
|
# This file is part of the Metasploit Framework and may be subject to
|
|
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
|
|
|
# web site for more information on licensing and terms of use.
|
|
|
|
# http://metasploit.com/
|
|
|
|
##
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
|
|
|
|
class Metasploit3 < Msf::Auxiliary
|
|
|
|
|
|
|
|
include Msf::Exploit::Remote::HttpClient
|
|
|
|
include Msf::Auxiliary::Report
|
|
|
|
|
|
|
|
include Msf::Auxiliary::Scanner
|
|
|
|
|
|
|
|
def initialize
|
|
|
|
super(
|
|
|
|
'Name' => 'Nessus XMLRPC Interface Ping Utility',
|
2012-11-24 07:13:36 +00:00
|
|
|
'Description' => %q{
|
2012-11-24 18:34:42 +00:00
|
|
|
This module simply attempts to find and check
|
2012-11-24 07:13:36 +00:00
|
|
|
for Nessus XMLRPC interface.'
|
|
|
|
},
|
2012-11-15 21:28:56 +00:00
|
|
|
'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],
|
|
|
|
'License' => MSF_LICENSE
|
|
|
|
)
|
|
|
|
|
|
|
|
register_options(
|
|
|
|
[
|
|
|
|
Opt::RPORT(8834),
|
|
|
|
OptInt.new('THREADS', [true, "The number of concurrent threads", 25]),
|
|
|
|
OptString.new('URI', [true, "URI for Nessus XMLRPC. Default is /", "/"]),
|
|
|
|
], self.class)
|
|
|
|
|
|
|
|
register_advanced_options(
|
|
|
|
[
|
|
|
|
OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true])
|
|
|
|
], self.class)
|
|
|
|
end
|
|
|
|
|
|
|
|
def run_host(ip)
|
|
|
|
begin
|
|
|
|
res = send_request_cgi({
|
|
|
|
'uri' => "#{datastore['URI']}",
|
|
|
|
'method' => 'GET'
|
|
|
|
}, 25)
|
|
|
|
http_fingerprint({ :response => res })
|
|
|
|
rescue ::Rex::ConnectionError => e
|
2012-11-24 07:09:26 +00:00
|
|
|
vprint_error("#{msg} #{datastore['URI']} - #{e}")
|
2012-11-15 21:28:56 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if not res
|
2012-11-24 07:09:26 +00:00
|
|
|
vprint_error("#{msg} #{datastore['URI']} - No response")
|
2012-11-15 21:28:56 +00:00
|
|
|
return
|
|
|
|
end
|
2012-11-24 07:09:26 +00:00
|
|
|
if not (res.code == 200 or res.code ==302)
|
|
|
|
vprint_error("#{msg} - HTTP Response was not 200/302")
|
2012-11-15 21:28:56 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
if res.headers['Server'] =~ /NessusWWW/
|
|
|
|
print_good("#{msg} SUCCESS. '#{ip}' : '#{datastore['RPORT']}'")
|
|
|
|
report_service(
|
|
|
|
:host => ip,
|
|
|
|
:port => datastore['RPORT'],
|
|
|
|
:name => "nessus-xmlrpc",
|
|
|
|
:info => 'Nessus XMLRPC',
|
|
|
|
:state => 'UP'
|
|
|
|
)
|
2012-11-24 07:09:26 +00:00
|
|
|
else
|
|
|
|
vprint_error("#{msg} - Wrong HTTP Server header: #{res.headers['Server']}")
|
2012-11-15 21:28:56 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
def msg
|
|
|
|
"#{vhost}:#{rport} NessusXMLRPC -"
|
|
|
|
end
|
|
|
|
end
|