From 3e19245054cbfb17cb7be28c798396107d1b2a56 Mon Sep 17 00:00:00 2001
From: et <>
Date: Sun, 30 Nov 2008 22:41:09 +0000
Subject: [PATCH] Fixed handling of root website directory. Minor presentation
 fixes in test modules

git-svn-id: file:///home/svn/framework3/trunk@5987 4d416f70-5f16-0410-b530-b9f4589650da
---
 data/wmap/wmap_404s.txt                       |  1 +
 lib/msf/core/db.rb                            | 23 +++++++++++++++
 lib/msf/ui/console/command_dispatcher/wmap.rb | 28 +++++++++++--------
 modules/auxiliary/scanner/http/options.rb     |  2 ++
 .../auxiliary/scanner/http/wmap_brute_dirs.rb |  6 ++--
 .../scanner/http/wmap_copy_of_file.rb         | 10 ++++---
 6 files changed, 52 insertions(+), 18 deletions(-)

diff --git a/data/wmap/wmap_404s.txt b/data/wmap/wmap_404s.txt
index bb0d1c142e..1ea510a92e 100644
--- a/data/wmap/wmap_404s.txt
+++ b/data/wmap/wmap_404s.txt
@@ -19,6 +19,7 @@ Reload acp_userinfo database
 TYPE=.password
 TYPE=password
 The page you requested 
+The page you were looking for
 The userid or password that was specified is not valid.
 Unable to complete your request due to added security features
 Web access denied
diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb
index 205530d606..4fb7326249 100644
--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@@ -640,6 +640,29 @@ class DBManager
 		Report.find(:all, :conditions => ["parent_id=?",parent_id])			
 	end
 	
+	#
+	# WMAP
+	# Create a request (by hand) 
+	#
+	def create_request(host,port,ssl,meth,path,headers,query,body,respcode,resphead,response)
+		req = Request.create(
+				:host => host, 
+				:port => port, 
+				:ssl => ssl, 
+				:meth => meth,
+				:path => path,
+				:headers => headers,
+				:query => query,
+				:body => body,
+				:respcode => respcode,
+				:resphead => resphead,
+				:response => response,
+				:created => Time.now
+			)
+		req.save	
+		#framework.events.on_db_request(context, rec)
+	end
+	
 	
 		
 end
diff --git a/lib/msf/ui/console/command_dispatcher/wmap.rb b/lib/msf/ui/console/command_dispatcher/wmap.rb
index f16fec10ed..b110d58f7c 100644
--- a/lib/msf/ui/console/command_dispatcher/wmap.rb
+++ b/lib/msf/ui/console/command_dispatcher/wmap.rb
@@ -83,17 +83,26 @@ module Wmap
 						if uri_auth[1]
 							uri_port = uri_auth[1]
 						end
+						
+						uri_path = path
+						if path == nil or path == '' 
+							uri_path = '/'
+						end
 					
 						if Rex::Socket.dotted_ip?(uri_host)
-							framework.db.create_target(uri_host, uri_port, uri_ssl, 0)
-							print_status("Added. #{uri_host} #{uri_port} #{uri_ssl}")
+						    hip = uri_host
 						else
 							print_error("RHOSTS only accepts IP addresses: #{uri_host}") 
 							
 							hip = Rex::Socket.resolv_to_dotted(uri_host)
-							framework.db.create_target(hip, uri_port, uri_ssl, 0)
-							print_status("Added host #{uri_host} resolved as #{hip}.")
+							print_status("Host #{uri_host} resolved as #{hip}.")
 						end
+						
+						framework.db.create_target(hip, uri_port, uri_ssl, 0)
+						print_status("Added target #{hip} #{uri_port} #{uri_ssl}")
+						
+						framework.db.create_request(hip,uri_port,uri_ssl,'GET',uri_path,'',query,'','','','')
+						print_status("Added request #{uri_path} #{query}")
 					end
 				when '-p'
 					print_status("   Id. Host\t\t\t\t\tPort\tSSL")
@@ -422,7 +431,7 @@ module Wmap
 							# Fixing paths
 							#	
 							
-							if node.is_leaf? 
+							if node.is_leaf? and not node.is_root? 
 								#		
 								# Later we can add here more checks to see if its a file
 								#
@@ -445,7 +454,7 @@ module Wmap
 
 							case wtype
 							when :WMAP_FILE  
-								if node.is_leaf? 
+								if node.is_leaf? and not node.is_root? 
 									mod.datastore['PATH'] = strpath
 									print_status("Launching #{xref[3]} #{wtype} #{strpath} against #{xref[0].to_s}:#{xref[1].to_s}...")
 									
@@ -459,7 +468,7 @@ module Wmap
 									end	
 								end	 
 							when :WMAP_DIR 
-								if not node.is_leaf?	
+								if not node.is_leaf? or node.is_root?	
 									mod.datastore['PATH'] = strpath
 									print_status("Launching #{xref[3]} #{wtype} #{strpath} against #{xref[0].to_s}:#{xref[1].to_s}...")
 									
@@ -919,8 +928,6 @@ module Wmap
 			if selected_host == nil
 				print_error("Target not selected")
 			else
-							
-				
 				framework.db.each_request_target do |req|	
 					tarray = req.path.to_s.split(WMAP_PATH)
 					tarray.delete("")
@@ -940,7 +947,7 @@ module Wmap
 		#
 
 		def print_tree(tree)
-			if tree.is_leaf?
+			if tree.is_leaf? and tree.depth > 0
 				print_line(("|\t"*(tree.depth-1))+"+------"+tree.name)
 			else
 				print_line(("|\t"*tree.depth)+tree.name)
@@ -1025,7 +1032,6 @@ module Wmap
 			framework.db.selected_ssl
 		end
 		
-		
 end
 end
 end
diff --git a/modules/auxiliary/scanner/http/options.rb b/modules/auxiliary/scanner/http/options.rb
index c1d088120d..d86d7094f3 100644
--- a/modules/auxiliary/scanner/http/options.rb
+++ b/modules/auxiliary/scanner/http/options.rb
@@ -50,6 +50,8 @@ class Metasploit3 < Msf::Auxiliary
 				)
 				#not sure about this one, can you add columns in the db on the fly?
 				wmap_report(rep_id,'WEB_SERVER','OPTIONS',"#{res.headers['Allow']}",nil)
+			else
+				print_status("No options.")
 			end
 			
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
diff --git a/modules/auxiliary/scanner/http/wmap_brute_dirs.rb b/modules/auxiliary/scanner/http/wmap_brute_dirs.rb
index a883672f55..5fa7ba1c2a 100644
--- a/modules/auxiliary/scanner/http/wmap_brute_dirs.rb
+++ b/modules/auxiliary/scanner/http/wmap_brute_dirs.rb
@@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
 			tpath += '/'
 		end	
 
-		print_status("Running..")
+		print_status("Using error code #{datastore['ERROR_CODE']}...")
 			
 		Enumerable.cart(*numb).each {|testd| 
 			begin
@@ -84,7 +84,7 @@ class Metasploit3 < Msf::Auxiliary
 
 				if res
 					if res.code.to_i != datastore['ERROR_CODE'].to_i
-						print_status("Found http://#{target_host}:#{target_port}#{teststr} #{res.code.to_i}")
+						print_status("Found http://#{wmap_target_host}:#{wmap_target_port}#{teststr} #{res.code.to_i}")
 									
 						rep_id = wmap_base_report_id(
 										wmap_target_host,
@@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
 						wmap_report(rep_id,'DIRECTORY','NAME',"#{teststr}","Directory #{teststr} found.")
 									
 					else
-						print_status("NOT Found http://#{target_host}:#{target_port}#{teststr}  #{res.code.to_i}") 
+						print_status("NOT Found http://#{wmap_target_host}:#{wmap_target_port}#{teststr}  #{res.code.to_i}") 
 						#blah
 					end
 				end
diff --git a/modules/auxiliary/scanner/http/wmap_copy_of_file.rb b/modules/auxiliary/scanner/http/wmap_copy_of_file.rb
index 83c0ff85c4..f4ff189255 100644
--- a/modules/auxiliary/scanner/http/wmap_copy_of_file.rb
+++ b/modules/auxiliary/scanner/http/wmap_copy_of_file.rb
@@ -48,10 +48,12 @@ class Metasploit3 < Msf::Auxiliary
 		tpathf = datastore['PATH']
 		testf = tpathf.split('/').last
 
-		prestr.each do |pre|
-			filec = tpathf.sub(testf,pre + testf)
-			check_for_file(filec)
-		end
+		if testf
+			prestr.each do |pre|
+				filec = tpathf.sub(testf,pre + testf)
+				check_for_file(filec)
+			end
+		end	
 	end
 	
 	def check_for_file(file)