Fixed handling of root website directory. Minor presentation fixes in test modules

git-svn-id: file:///home/svn/framework3/trunk@5987 4d416f70-5f16-0410-b530-b9f4589650da
unstable
et 2008-11-30 22:41:09 +00:00
parent 8b600b97e1
commit 3e19245054
6 changed files with 52 additions and 18 deletions

View File

@ -19,6 +19,7 @@ Reload acp_userinfo database
TYPE=.password
TYPE=password
The page you requested
The page you were looking for
The userid or password that was specified is not valid.
Unable to complete your request due to added security features
Web access denied

View File

@ -640,6 +640,29 @@ class DBManager
Report.find(:all, :conditions => ["parent_id=?",parent_id])
end
#
# WMAP
# Create a request (by hand)
#
def create_request(host,port,ssl,meth,path,headers,query,body,respcode,resphead,response)
req = Request.create(
:host => host,
:port => port,
:ssl => ssl,
:meth => meth,
:path => path,
:headers => headers,
:query => query,
:body => body,
:respcode => respcode,
:resphead => resphead,
:response => response,
:created => Time.now
)
req.save
#framework.events.on_db_request(context, rec)
end
end

View File

@ -83,17 +83,26 @@ module Wmap
if uri_auth[1]
uri_port = uri_auth[1]
end
uri_path = path
if path == nil or path == ''
uri_path = '/'
end
if Rex::Socket.dotted_ip?(uri_host)
framework.db.create_target(uri_host, uri_port, uri_ssl, 0)
print_status("Added. #{uri_host} #{uri_port} #{uri_ssl}")
hip = uri_host
else
print_error("RHOSTS only accepts IP addresses: #{uri_host}")
hip = Rex::Socket.resolv_to_dotted(uri_host)
framework.db.create_target(hip, uri_port, uri_ssl, 0)
print_status("Added host #{uri_host} resolved as #{hip}.")
print_status("Host #{uri_host} resolved as #{hip}.")
end
framework.db.create_target(hip, uri_port, uri_ssl, 0)
print_status("Added target #{hip} #{uri_port} #{uri_ssl}")
framework.db.create_request(hip,uri_port,uri_ssl,'GET',uri_path,'',query,'','','','')
print_status("Added request #{uri_path} #{query}")
end
when '-p'
print_status(" Id. Host\t\t\t\t\tPort\tSSL")
@ -422,7 +431,7 @@ module Wmap
# Fixing paths
#
if node.is_leaf?
if node.is_leaf? and not node.is_root?
#
# Later we can add here more checks to see if its a file
#
@ -445,7 +454,7 @@ module Wmap
case wtype
when :WMAP_FILE
if node.is_leaf?
if node.is_leaf? and not node.is_root?
mod.datastore['PATH'] = strpath
print_status("Launching #{xref[3]} #{wtype} #{strpath} against #{xref[0].to_s}:#{xref[1].to_s}...")
@ -459,7 +468,7 @@ module Wmap
end
end
when :WMAP_DIR
if not node.is_leaf?
if not node.is_leaf? or node.is_root?
mod.datastore['PATH'] = strpath
print_status("Launching #{xref[3]} #{wtype} #{strpath} against #{xref[0].to_s}:#{xref[1].to_s}...")
@ -919,8 +928,6 @@ module Wmap
if selected_host == nil
print_error("Target not selected")
else
framework.db.each_request_target do |req|
tarray = req.path.to_s.split(WMAP_PATH)
tarray.delete("")
@ -940,7 +947,7 @@ module Wmap
#
def print_tree(tree)
if tree.is_leaf?
if tree.is_leaf? and tree.depth > 0
print_line(("|\t"*(tree.depth-1))+"+------"+tree.name)
else
print_line(("|\t"*tree.depth)+tree.name)
@ -1025,7 +1032,6 @@ module Wmap
framework.db.selected_ssl
end
end
end
end

View File

@ -50,6 +50,8 @@ class Metasploit3 < Msf::Auxiliary
)
#not sure about this one, can you add columns in the db on the fly?
wmap_report(rep_id,'WEB_SERVER','OPTIONS',"#{res.headers['Allow']}",nil)
else
print_status("No options.")
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout

View File

@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
tpath += '/'
end
print_status("Running..")
print_status("Using error code #{datastore['ERROR_CODE']}...")
Enumerable.cart(*numb).each {|testd|
begin
@ -84,7 +84,7 @@ class Metasploit3 < Msf::Auxiliary
if res
if res.code.to_i != datastore['ERROR_CODE'].to_i
print_status("Found http://#{target_host}:#{target_port}#{teststr} #{res.code.to_i}")
print_status("Found http://#{wmap_target_host}:#{wmap_target_port}#{teststr} #{res.code.to_i}")
rep_id = wmap_base_report_id(
wmap_target_host,
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
wmap_report(rep_id,'DIRECTORY','NAME',"#{teststr}","Directory #{teststr} found.")
else
print_status("NOT Found http://#{target_host}:#{target_port}#{teststr} #{res.code.to_i}")
print_status("NOT Found http://#{wmap_target_host}:#{wmap_target_port}#{teststr} #{res.code.to_i}")
#blah
end
end

View File

@ -48,10 +48,12 @@ class Metasploit3 < Msf::Auxiliary
tpathf = datastore['PATH']
testf = tpathf.split('/').last
prestr.each do |pre|
filec = tpathf.sub(testf,pre + testf)
check_for_file(filec)
end
if testf
prestr.each do |pre|
filec = tpathf.sub(testf,pre + testf)
check_for_file(filec)
end
end
end
def check_for_file(file)