2011-08-24 18:47:35 +00:00
|
|
|
#!/usr/bin/env ruby
|
|
|
|
require 'rubygems'
|
|
|
|
require 'optparse'
|
|
|
|
require 'msfrpc-client'
|
|
|
|
require 'rex/ui'
|
|
|
|
|
|
|
|
def usage(ropts)
|
2013-09-30 18:47:53 +00:00
|
|
|
$stderr.puts ropts
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
if @rpc and @rpc.token
|
|
|
|
wspaces = @rpc.call("pro.workspaces") rescue {}
|
|
|
|
if wspaces.keys.length > 0
|
|
|
|
$stderr.puts "Active Projects:"
|
|
|
|
wspaces.each_pair do |k,v|
|
|
|
|
$stderr.puts "\t#{k}"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
$stderr.puts ""
|
|
|
|
exit(1)
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
opts = {}
|
|
|
|
|
|
|
|
# Parse script-specific options
|
|
|
|
parser = Msf::RPC::Client.option_parser(opts)
|
|
|
|
parser.separator('Discover Mandatory Options:')
|
|
|
|
|
|
|
|
parser.on("--project PROJECT") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:project] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--targets TARGETS") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:targets] = [x]
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--blacklist BLACKLIST (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:blacklist] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--speed SPEED (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:speed] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--extra-ports PORTS (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:extra_ports] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--blacklist-ports PORTS (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:blacklist_ports] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--custom-ports PORTS (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:custom_ports] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--portscan-timeout TIMEOUT (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:portscan_timeout] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--source-port PORT (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:source_port] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--custom-nmap-options OPTIONS (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:custom_nmap_options] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--disable-udp-probes (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:disable_udp_probes] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--disable-finger-users (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:disable_finger_users] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--disable-snmp-scan (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:disable_snmp_scan] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--disable-service-identification (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:disable_service_identification] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--smb-user USER (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:smb_user] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--smb-pass PASS (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:smb_pass] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--smb-domain DOMAIN (optional)") do |x|
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:smb_domain] = x
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--dry-run (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:dry_run] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--single-scan (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:single_scan] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--fast-detect (optional)") do
|
2013-09-30 18:47:53 +00:00
|
|
|
opts[:fast_detect] = true
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.on("--help") do
|
2013-09-30 18:47:53 +00:00
|
|
|
$stderr.puts parser
|
|
|
|
exit(1)
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
parser.separator('')
|
|
|
|
parser.parse!(ARGV)
|
|
|
|
|
|
|
|
@rpc = Msf::RPC::Client.new(opts)
|
|
|
|
|
|
|
|
if not @rpc.token
|
2013-09-30 18:47:53 +00:00
|
|
|
$stderr.puts "Error: Invalid RPC server options specified"
|
|
|
|
$stderr.puts parser
|
|
|
|
exit(1)
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# Provide default values for certain options - If there's no alternative set
|
|
|
|
# use the default provided by Pro -- see the documentation.
|
|
|
|
project = opts[:project] || usage(parser)
|
|
|
|
targets = opts[:targets] || usage(parser)
|
|
|
|
blacklist = opts[:blacklist]
|
2011-10-11 22:07:14 +00:00
|
|
|
speed = opts[:speed] || "5"
|
2011-08-24 18:47:35 +00:00
|
|
|
extra_ports = opts[:extra_ports]
|
|
|
|
blacklist_ports = opts[:blacklist_ports]
|
|
|
|
custom_ports = opts[:custom_ports]
|
|
|
|
portscan_timeout = opts[:portscan_timeout] || 300
|
|
|
|
source_port = opts[:source_port]
|
|
|
|
custom_nmap_options = opts[:custom_nmap_options] ||
|
|
|
|
disable_udp_probes = opts[:disable_udp_probes] || false
|
|
|
|
disable_finger_users = opts[:disable_finger_users] || false
|
|
|
|
disable_snmp_scan = opts[:disable_snmp_scan] || false
|
|
|
|
disable_service_identification = opts[:disable_service_identification] || false
|
|
|
|
smb_user = opts[:smb_user] || ""
|
|
|
|
smb_pass = opts[:smb_pass] || ""
|
|
|
|
smb_domain = opts[:smb_domain] || ""
|
|
|
|
single_scan = opts[:single_scan] || false
|
|
|
|
fast_detect = opts[:fast_detect] || false
|
|
|
|
|
|
|
|
# Get the default user from Pro
|
|
|
|
user = @rpc.call("pro.default_admin_user")['username']
|
|
|
|
|
|
|
|
# Create the task object with all options
|
|
|
|
task = @rpc.call("pro.start_discover", {
|
2013-09-30 18:47:53 +00:00
|
|
|
'workspace' => project,
|
|
|
|
'username' => user,
|
|
|
|
'ips' => targets,
|
|
|
|
'DS_BLACKLIST_HOSTS' => blacklist,
|
|
|
|
'DS_PORTSCAN_SPEED' => speed,
|
|
|
|
'DS_PORTS_EXTRA' => extra_ports,
|
|
|
|
'DS_PORTS_BLACKLIST' => blacklist_ports,
|
|
|
|
'DS_PORTS_CUSTOM' => custom_ports,
|
|
|
|
'DS_PORTSCAN_TIMEOUT' => portscan_timeout,
|
|
|
|
'DS_PORTSCAN_SOURCE_PORT' => source_port,
|
|
|
|
'DS_CustomNmap' => custom_nmap_options,
|
|
|
|
'DS_UDP_PROBES' => disable_udp_probes,
|
|
|
|
'DS_FINGER_USERS' => disable_finger_users,
|
|
|
|
'DS_SNMP_SCAN' => disable_snmp_scan,
|
|
|
|
'DS_IDENTIFY_SERVICES' => disable_service_identification,
|
|
|
|
'DS_SMBUser' => smb_user,
|
|
|
|
'DS_SMBPass' => smb_pass,
|
|
|
|
'DS_SMBDomain' => smb_domain,
|
|
|
|
'DS_SINGLE_SCAN' => single_scan,
|
|
|
|
'DS_FAST_DETECT' => fast_detect
|
2011-08-24 18:47:35 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
puts "DEBUG: Running task with #{task.inspect}"
|
|
|
|
|
|
|
|
if not task['task_id']
|
2013-09-30 18:47:53 +00:00
|
|
|
$stderr.puts "[-] Error starting the task: #{task.inspect}"
|
|
|
|
exit(0)
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
puts "[*] Creating Task ID #{task['task_id']}..."
|
|
|
|
while true
|
2013-09-30 18:47:53 +00:00
|
|
|
select(nil, nil, nil, 0.50)
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
stat = @rpc.call("pro.task_status", task['task_id'])
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
if stat['status'] == 'invalid'
|
|
|
|
$stderr.puts "[-] Error checking task status"
|
|
|
|
exit(0)
|
|
|
|
end
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
info = stat[ task['task_id'] ]
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
if not info
|
|
|
|
$stderr.puts "[-] Error finding the task"
|
|
|
|
exit(0)
|
|
|
|
end
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
if info['status'] == "error"
|
|
|
|
$stderr.puts "[-] Error generating report: #{info['error']}"
|
|
|
|
exit(0)
|
|
|
|
end
|
2011-08-24 18:47:35 +00:00
|
|
|
|
2013-09-30 18:47:53 +00:00
|
|
|
break if info['progress'] == 100
|
2011-08-24 18:47:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
$stdout.puts "[+] Task Complete!"
|