diff --git a/data/wmap/wmap_404s.txt b/data/wmap/wmap_404s.txt index bb0d1c142e..1ea510a92e 100644 --- a/data/wmap/wmap_404s.txt +++ b/data/wmap/wmap_404s.txt @@ -19,6 +19,7 @@ Reload acp_userinfo database TYPE=.password TYPE=password The page you requested +The page you were looking for The userid or password that was specified is not valid. Unable to complete your request due to added security features Web access denied diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index 205530d606..4fb7326249 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -640,6 +640,29 @@ class DBManager Report.find(:all, :conditions => ["parent_id=?",parent_id]) end + # + # WMAP + # Create a request (by hand) + # + def create_request(host,port,ssl,meth,path,headers,query,body,respcode,resphead,response) + req = Request.create( + :host => host, + :port => port, + :ssl => ssl, + :meth => meth, + :path => path, + :headers => headers, + :query => query, + :body => body, + :respcode => respcode, + :resphead => resphead, + :response => response, + :created => Time.now + ) + req.save + #framework.events.on_db_request(context, rec) + end + end diff --git a/lib/msf/ui/console/command_dispatcher/wmap.rb b/lib/msf/ui/console/command_dispatcher/wmap.rb index f16fec10ed..b110d58f7c 100644 --- a/lib/msf/ui/console/command_dispatcher/wmap.rb +++ b/lib/msf/ui/console/command_dispatcher/wmap.rb @@ -83,17 +83,26 @@ module Wmap if uri_auth[1] uri_port = uri_auth[1] end + + uri_path = path + if path == nil or path == '' + uri_path = '/' + end if Rex::Socket.dotted_ip?(uri_host) - framework.db.create_target(uri_host, uri_port, uri_ssl, 0) - print_status("Added. #{uri_host} #{uri_port} #{uri_ssl}") + hip = uri_host else print_error("RHOSTS only accepts IP addresses: #{uri_host}") hip = Rex::Socket.resolv_to_dotted(uri_host) - framework.db.create_target(hip, uri_port, uri_ssl, 0) - print_status("Added host #{uri_host} resolved as #{hip}.") + print_status("Host #{uri_host} resolved as #{hip}.") end + + framework.db.create_target(hip, uri_port, uri_ssl, 0) + print_status("Added target #{hip} #{uri_port} #{uri_ssl}") + + framework.db.create_request(hip,uri_port,uri_ssl,'GET',uri_path,'',query,'','','','') + print_status("Added request #{uri_path} #{query}") end when '-p' print_status(" Id. Host\t\t\t\t\tPort\tSSL") @@ -422,7 +431,7 @@ module Wmap # Fixing paths # - if node.is_leaf? + if node.is_leaf? and not node.is_root? # # Later we can add here more checks to see if its a file # @@ -445,7 +454,7 @@ module Wmap case wtype when :WMAP_FILE - if node.is_leaf? + if node.is_leaf? and not node.is_root? mod.datastore['PATH'] = strpath print_status("Launching #{xref[3]} #{wtype} #{strpath} against #{xref[0].to_s}:#{xref[1].to_s}...") @@ -459,7 +468,7 @@ module Wmap end end when :WMAP_DIR - if not node.is_leaf? + if not node.is_leaf? or node.is_root? mod.datastore['PATH'] = strpath print_status("Launching #{xref[3]} #{wtype} #{strpath} against #{xref[0].to_s}:#{xref[1].to_s}...") @@ -919,8 +928,6 @@ module Wmap if selected_host == nil print_error("Target not selected") else - - framework.db.each_request_target do |req| tarray = req.path.to_s.split(WMAP_PATH) tarray.delete("") @@ -940,7 +947,7 @@ module Wmap # def print_tree(tree) - if tree.is_leaf? + if tree.is_leaf? and tree.depth > 0 print_line(("|\t"*(tree.depth-1))+"+------"+tree.name) else print_line(("|\t"*tree.depth)+tree.name) @@ -1025,7 +1032,6 @@ module Wmap framework.db.selected_ssl end - end end end diff --git a/modules/auxiliary/scanner/http/options.rb b/modules/auxiliary/scanner/http/options.rb index c1d088120d..d86d7094f3 100644 --- a/modules/auxiliary/scanner/http/options.rb +++ b/modules/auxiliary/scanner/http/options.rb @@ -50,6 +50,8 @@ class Metasploit3 < Msf::Auxiliary ) #not sure about this one, can you add columns in the db on the fly? wmap_report(rep_id,'WEB_SERVER','OPTIONS',"#{res.headers['Allow']}",nil) + else + print_status("No options.") end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout diff --git a/modules/auxiliary/scanner/http/wmap_brute_dirs.rb b/modules/auxiliary/scanner/http/wmap_brute_dirs.rb index a883672f55..5fa7ba1c2a 100644 --- a/modules/auxiliary/scanner/http/wmap_brute_dirs.rb +++ b/modules/auxiliary/scanner/http/wmap_brute_dirs.rb @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary tpath += '/' end - print_status("Running..") + print_status("Using error code #{datastore['ERROR_CODE']}...") Enumerable.cart(*numb).each {|testd| begin @@ -84,7 +84,7 @@ class Metasploit3 < Msf::Auxiliary if res if res.code.to_i != datastore['ERROR_CODE'].to_i - print_status("Found http://#{target_host}:#{target_port}#{teststr} #{res.code.to_i}") + print_status("Found http://#{wmap_target_host}:#{wmap_target_port}#{teststr} #{res.code.to_i}") rep_id = wmap_base_report_id( wmap_target_host, @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary wmap_report(rep_id,'DIRECTORY','NAME',"#{teststr}","Directory #{teststr} found.") else - print_status("NOT Found http://#{target_host}:#{target_port}#{teststr} #{res.code.to_i}") + print_status("NOT Found http://#{wmap_target_host}:#{wmap_target_port}#{teststr} #{res.code.to_i}") #blah end end diff --git a/modules/auxiliary/scanner/http/wmap_copy_of_file.rb b/modules/auxiliary/scanner/http/wmap_copy_of_file.rb index 83c0ff85c4..f4ff189255 100644 --- a/modules/auxiliary/scanner/http/wmap_copy_of_file.rb +++ b/modules/auxiliary/scanner/http/wmap_copy_of_file.rb @@ -48,10 +48,12 @@ class Metasploit3 < Msf::Auxiliary tpathf = datastore['PATH'] testf = tpathf.split('/').last - prestr.each do |pre| - filec = tpathf.sub(testf,pre + testf) - check_for_file(filec) - end + if testf + prestr.each do |pre| + filec = tpathf.sub(testf,pre + testf) + check_for_file(filec) + end + end end def check_for_file(file)