Merge pull request #228 from m-1-k-3/resource-scripts

Resource scripts
unstable
sinn3r 2012-03-13 09:36:11 -07:00
commit 1699825c27
9 changed files with 123 additions and 13 deletions

View File

@ -38,6 +38,14 @@ else
verbose = 0 verbose = 0
end end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
def jobwaiting(maxjobs,verbose) #thread handling for poor guys def jobwaiting(maxjobs,verbose) #thread handling for poor guys
while(framework.jobs.keys.length >= maxjobs) while(framework.jobs.keys.length >= maxjobs)
::IO.select(nil, nil, nil, 2.5) ::IO.select(nil, nil, nil, 2.5)

View File

@ -14,6 +14,14 @@ else
verbose = 0 verbose = 0
end end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
def jobwaiting(verbose) def jobwaiting(verbose)
maxjobs=15 #throtteling if we get too much jobs maxjobs=15 #throtteling if we get too much jobs
while(framework.jobs.keys.length >= maxjobs) while(framework.jobs.keys.length >= maxjobs)

View File

@ -32,6 +32,14 @@ else
verbose = 0 verbose = 0
end end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
def infos(serv,creds,host) def infos(serv,creds,host)
print_line("") print_line("")
print_line("====================================") print_line("====================================")

View File

@ -15,6 +15,14 @@ end
threadspercrawler = "4" #check this ... now its default threadspercrawler = "4" #check this ... now its default
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
def jobwaiting() #thread handling for poor guys ... def jobwaiting() #thread handling for poor guys ...
maxjobs=15 #throttling if we get too much jobs maxjobs=15 #throttling if we get too much jobs
while(framework.jobs.keys.length >= maxjobs) while(framework.jobs.keys.length >= maxjobs)

View File

@ -45,6 +45,14 @@ else
nmap = 0 nmap = 0
end end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
def jobwaiting(maxjobs,verbose) #thread handling for poor guys def jobwaiting(maxjobs,verbose) #thread handling for poor guys
while(framework.jobs.keys.length >= maxjobs) while(framework.jobs.keys.length >= maxjobs)
::IO.select(nil, nil, nil, 2.5) ::IO.select(nil, nil, nil, 2.5)

View File

@ -0,0 +1,44 @@
# nessus_cleaner.rc
# Author: m-1-k-3 (Web: http://www.s3cur1ty.de / Twitter: @s3cur1ty_de)
#
# after importing the nesssus results, typically we have lots of mess in our vuln database
# cause we dont use the vuln infos which just have a Nessus ID (NSS) we could clean them out
# of our database
<ruby>
# having a counter is nice
count = 0
#we look in the global datastore for a global VERBOSE option and use it
if (framework.datastore['VERBOSE'] == "true")
verbose = 1
else
verbose = 0
end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
if (framework.db.workspace.vulns.size > 0)
print_line("starting with #{framework.db.workspace.vulns.size} vulnerabilities")
end
framework.db.workspace.vulns.each do |vuln|
next if (vuln.refs.to_s !~ /NSS/)
next if (vuln.refs.size > 1)
if (verbose == 1)
print_line("#{vuln.refs.to_s}")
print_line("deleting Nessus stuff ...")
end
vuln.destroy
count = count +1
end
print_line("cleaned out #{count} vulnerabilities, results with #{framework.db.workspace.vulns.size} vulnerabilities")
</ruby>

View File

@ -4,17 +4,25 @@
# This Metasploit RC-File could be used to clean up your metasploit database from closed ports # This Metasploit RC-File could be used to clean up your metasploit database from closed ports
<ruby> <ruby>
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
counter = 0 counter = 0
framework.db.hosts.each do |host| framework.db.hosts.each do |host|
host.services.each do |serv| host.services.each do |serv|
next if not serv.host next if not serv.host
if (serv.state != ServiceState::Open) if (serv.state != ServiceState::Open)
print_line("cleaning closed services (Port: #{serv.port.to_i} / Host: #{host.address})") print_line("cleaning closed services (Port: #{serv.port.to_i} / Host: #{host.address})")
run_single("services -d -p #{serv.port.to_i} -r #{serv.proto} #{host.address}") run_single("services -d -p #{serv.port.to_i} -r #{serv.proto} #{host.address}")
counter = counter + 1 counter = counter + 1
next next
end end
end end
end end
print_line("") print_line("")
print_line("cleaned #{counter} closed ports") print_line("cleaned #{counter} closed ports")

View File

@ -41,6 +41,14 @@ else
nmap = 0 nmap = 0
end end
# Test and see if we have a database connected
begin
framework.db.hosts
rescue ::ActiveRecord::ConnectionNotEstablished
print_error("Database connection isn't established")
return
end
print_line("") print_line("")
print_line("starting portscanners ...") print_line("starting portscanners ...")
print_line("") print_line("")

View File

@ -6,22 +6,32 @@
# for learning the application # for learning the application
<ruby> <ruby>
#wmap profile - set it to nil if you would not use any profile if (framework.datastore['WMAP_PROFILE'] == nil)
#profile = nil profile = nil
profile = "#{Msf::Config.install_root}/data/wmap/wmap_sample_profile.txt" elsif (framework.datastore['WMAP_PROFILE'] == "profile")
#default profile of the metasploit installation
profile = "#{Msf::Config.install_root}/data/wmap/wmap_sample_profile.txt"
else
#we are able to define an other file as the profile file, for example we are able to
#define a file in our .msf4 directory which we use for our webaudits
profile = framework.datastore['WMAP_PROFILE']
end
if (framework.datastore['THREADS'] == nil) #default to 50 Threads #default to 50 Threads
if (framework.datastore['THREADS'] == nil)
run_single("setg THREADS 50") run_single("setg THREADS 50")
end end
#we look in the global datastore for a global VERBOSE option and use it #we look in the global datastore for a global VERBOSE option and use it
if (framework.datastore['VERBOSE'] == "true") if (framework.datastore['VERBOSE'] == "true")
verbose = 1 verbose = 1
else else
verbose = 0 verbose = 0
end end
if (framework.plugins.to_s !~ /Wmap/) if (framework.plugins.to_s =~ /[Ww]map/)
print_line("Wmap plugin already loaded ...")
else
print_line("loading the wmap plugin ...") print_line("loading the wmap plugin ...")
run_single("load wmap") run_single("load wmap")
end end