metasploit-framework/modules/auxiliary/scanner/http/http_hsts.rb

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::HttpClient
	include Msf::Auxiliary::Scanner

	def initialize(info={})
		super(update_info(info,
			'Name'        => 'HTTP Strict Transport Security (HSTS) Detection',
			'Description' => %q{
				Display HTTP Strict Transport Security (HSTS) information about each system.
			},
			'Author'      => 'Matt "hostess" Andreko <mandreko[at]accuvant.com>',
			'License'     => MSF_LICENSE
		))

		register_options([
				OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
				Opt::RPORT(443)
			])
	end

	def run_host(ip)
		begin
			res = send_request_cgi({
				'uri'    => '/',
				'method' => 'GET',
				}, 25)

			if res
				hsts = res.headers['Strict-Transport-Security']

				if hsts
					print_good("#{ip}:#{rport} - Strict-Transport-Security:#{hsts}")
					report_note({
						:data => hsts,
						:type => "hsts.data",
						:host => ip,
						:port => rport
					})
				else
					print_error("#{ip}:#{rport} No HSTS found.")
				end
			else
				print_error("#{ip}:#{rport} No headers were returned.")
			end

		rescue ::Timeout::Error, ::Errno::EPIPE
		end
	end

end
Minor changes here and there Changes include: * Some corrections in metadata * report_note() * Removes connect(), usually don't need it in modules 2012-11-30 20:24:27 +00:00			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/framework/`
			`##`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00
Minor changes here and there Changes include: * Some corrections in metadata * report_note() * Removes connect(), usually don't need it in modules 2012-11-30 20:24:27 +00:00			`require 'msf/core'`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00
			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Auxiliary::Scanner`

Minor changes here and there Changes include: * Some corrections in metadata * report_note() * Removes connect(), usually don't need it in modules 2012-11-30 20:24:27 +00:00			`def initialize(info={})`
			`super(update_info(info,`
			`'Name' => 'HTTP Strict Transport Security (HSTS) Detection',`
			`'Description' => %q{`
			`Display HTTP Strict Transport Security (HSTS) information about each system.`
			`},`
			`'Author' => 'Matt "hostess" Andreko <mandreko[at]accuvant.com>',`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00			`'License' => MSF_LICENSE`
Minor changes here and there Changes include: * Some corrections in metadata * report_note() * Removes connect(), usually don't need it in modules 2012-11-30 20:24:27 +00:00			`))`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00
			`register_options([`
			`OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),`
Changed RPORT definition per egypt 2012-11-30 18:57:25 +00:00			`Opt::RPORT(443)`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00			`])`
			`end`

			`def run_host(ip)`
			`begin`
			`res = send_request_cgi({`
Minor changes here and there Changes include: * Some corrections in metadata * report_note() * Removes connect(), usually don't need it in modules 2012-11-30 20:24:27 +00:00			`'uri' => '/',`
			`'method' => 'GET',`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00			`}, 25)`

Fixed a bug in the HSTS module around null headers 2013-05-23 19:02:39 +00:00			`if res`
			`hsts = res.headers['Strict-Transport-Security']`

			`if hsts`
			`print_good("#{ip}:#{rport} - Strict-Transport-Security:#{hsts}")`
			`report_note({`
			`:data => hsts,`
			`:type => "hsts.data",`
			`:host => ip,`
			`:port => rport`
			`})`
			`else`
			`print_error("#{ip}:#{rport} No HSTS found.")`
			`end`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00			`else`
Fixed a bug in the HSTS module around null headers 2013-05-23 19:02:39 +00:00			`print_error("#{ip}:#{rport} No headers were returned.")`
Added HSTS scanner for HTTPS sites 2012-11-30 14:30:11 +00:00			`end`

			`rescue ::Timeout::Error, ::Errno::EPIPE`
			`end`
			`end`

			`end`