From 12561e5cf93eaec44d3f23111dea025a6391a306 Mon Sep 17 00:00:00 2001 From: Stuart Morgan Date: Sat, 5 Dec 2015 15:32:47 +0000 Subject: [PATCH] Add delay/jitter to xmas scan --- modules/auxiliary/scanner/portscan/xmas.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/portscan/xmas.rb b/modules/auxiliary/scanner/portscan/xmas.rb index 8f64a84695..dd6b4055ad 100644 --- a/modules/auxiliary/scanner/portscan/xmas.rb +++ b/modules/auxiliary/scanner/portscan/xmas.rb @@ -27,6 +27,8 @@ class Metasploit3 < Msf::Auxiliary OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]), OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]), OptInt.new('BATCHSIZE', [true, "The number of hosts to scan per set", 256]), + OptInt.new('DELAY', [true, "The delay between connections, per thread, in milliseconds", 0]), + OptInt.new('JITTER', [true, "The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.", 0]), OptString.new('INTERFACE', [false, 'The name of the interface']) ], self.class) @@ -48,11 +50,20 @@ class Metasploit3 < Msf::Auxiliary pcap = self.capture ports = Rex::Socket.portspec_crack(datastore['PORTS']) - if ports.empty? raise Msf::OptionValidateError.new(['PORTS']) end + jitter_value = datastore['JITTER'].to_i + if jitter_value < 0 + raise Msf::OptionValidateError.new(['JITTER']) + end + + delay_value = datastore['DELAY'].to_i + if delay_value < 0 + raise Msf::OptionValidateError.new(['DELAY']) + end + to = (datastore['TIMEOUT'] || 500).to_f / 1000.0 # we copy the hosts because some may not be reachable and need to be ejected @@ -67,6 +78,9 @@ class Metasploit3 < Msf::Auxiliary begin probe = buildprobe(shost, sport, dhost, dport) + # Add the delay based on JITTER and DELAY if needs be + add_delay_jitter(delay_value,jitter_value) + unless capture_sendto(probe, dhost) host_queue.delete(dhost) next