metasploit-framework/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping.rb

##
# nessus_xmlrpc_ping.rb
##

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner

  def initialize
    super(
      'Name'           => 'Nessus XMLRPC Interface Ping Utility',
      'Description'    => %q{
        This module simply attempts to find and check
        for Nessus XMLRPC interface.'
      },
      'Author'         => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],
      'License'        => MSF_LICENSE
    )

    register_options(
      [
        Opt::RPORT(8834),
        OptInt.new('THREADS', [true, "The number of concurrent threads", 25]),
        OptString.new('URI', [true, "URI for Nessus XMLRPC. Default is /", "/"])
      ], self.class)

    register_advanced_options(
    [
      OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true])
    ], self.class)
  end

  def run_host(ip)
    begin
      res = send_request_cgi({
        'uri'     => datastore['URI'],
        'method'  => 'GET'
        }, 25)
      http_fingerprint({ :response => res })
    rescue ::Rex::ConnectionError => e
      vprint_error("#{datastore['URI']} - #{e.to_s}")
      return
    end

    if not res
      vprint_error("#{datastore['URI']} - No response")
      return
    end
    if not (res.code == 200 or res.code ==302)
      vprint_error("HTTP Response was not 200/302")
      return
    end
    if res.headers['Server'] =~ /NessusWWW/
      print_good("SUCCESS. '#{ip}' : '#{datastore['RPORT']}'")
      report_service(
        :host => ip,
        :port => datastore['RPORT'],
        :name => "nessus-xmlrpc",
        :info => 'Nessus XMLRPC',
        :state => 'open'
      )
    else
      vprint_error("Wrong HTTP Server header: #{res.headers['Server'] || ''}")
    end

  end
end
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00			`##`
Remove EOL spaces 2012-11-15 21:43:47 +00:00			`# nessus_xmlrpc_ping.rb`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00			`##`

			`##`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# This module requires Metasploit: http//metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00			`##`

			`require 'msf/core'`

			`class Metasploit3 < Msf::Auxiliary`

Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Auxiliary::Report`
			`include Msf::Auxiliary::Scanner`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def initialize`
			`super(`
			`'Name' => 'Nessus XMLRPC Interface Ping Utility',`
			`'Description' => %q{`
			`This module simply attempts to find and check`
			`for Nessus XMLRPC interface.'`
			`},`
			`'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],`
			`'License' => MSF_LICENSE`
			`)`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`register_options(`
			`[`
			`Opt::RPORT(8834),`
			`OptInt.new('THREADS', [true, "The number of concurrent threads", 25]),`
			`OptString.new('URI', [true, "URI for Nessus XMLRPC. Default is /", "/"])`
			`], self.class)`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`register_advanced_options(`
			`[`
			`OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true])`
			`], self.class)`
			`end`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def run_host(ip)`
			`begin`
			`res = send_request_cgi({`
			`'uri' => datastore['URI'],`
			`'method' => 'GET'`
			`}, 25)`
			`http_fingerprint({ :response => res })`
			`rescue ::Rex::ConnectionError => e`
			`vprint_error("#{datastore['URI']} - #{e.to_s}")`
			`return`
			`end`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`if not res`
			`vprint_error("#{datastore['URI']} - No response")`
			`return`
			`end`
			`if not (res.code == 200 or res.code ==302)`
			`vprint_error("HTTP Response was not 200/302")`
			`return`
			`end`
			`if res.headers['Server'] =~ /NessusWWW/`
			`print_good("SUCCESS. '#{ip}' : '#{datastore['RPORT']}'")`
			`report_service(`
			`:host => ip,`
			`:port => datastore['RPORT'],`
			`:name => "nessus-xmlrpc",`
			`:info => 'Nessus XMLRPC',`
Fixed status in MSF db for Nessus 2014-07-28 17:49:24 +00:00			`:state => 'open'`
Retab modules 2013-08-30 21:28:54 +00:00			`)`
			`else`
			`vprint_error("Wrong HTTP Server header: #{res.headers['Server'] \|\| ''}")`
			`end`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`end`
Initial import of Nessus basic aux scripts 2012-11-15 21:28:56 +00:00			`end`