infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replaced reporting to use notes 

git-svn-id: file:///home/svn/framework3/trunk@7605 4d416f70-5f16-0410-b530-b9f4589650da
unstable
et 2009-11-25 06:08:28 +00:00
parent b460843929
commit 5b81d85447
23 changed files with 255 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/msf/ui/console/command_dispatcher/wmap.rb
View File

@ -335,8 +335,7 @@ module Wmap
print_status("Using ALL wmap enabled modules.")
end
# Create report entry
framework.db.create_report(0,'WMAP','REPORT',"#{selected_host},#{selected_port},#{selected_ssl}","Metasploit WMAP Report",'WMAP Scanner')
when '-h'
print_status("Usage: wmap_run [options]")
print_line("\t-h Display this help text")

19
modules/auxiliary/scanner/http/options.rb
View File

@ -41,21 +41,14 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.headers['Allow'])
print_status("#{target_host} allows #{res.headers['Allow']} methods")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'HTTP_OPTIONS',
:data => res.headers['Allow']
)
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'HTTP_OPTIONS',
:data => res.headers['Allow']
)
wmap_report(rep_id,'WEB_SERVER','OPTIONS',"#{res.headers['Allow']}",nil)
else
''
end

13
modules/auxiliary/scanner/http/version.rb
View File

@ -44,13 +44,14 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.headers['Server'])
extra = http_fingerprint(res)
print_status("#{ip} is running #{res.headers['Server']}#{extra}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'WEB_SERVER',
:data => "#{res.headers['Server']}#{extra}"
)
wmap_report(rep_id,'WEB_SERVER','TYPE',"#{res.headers['Server']}#{extra}",nil)
end
rescue ::Timeout::Error, ::Errno::EPIPE

24
modules/auxiliary/scanner/http/wmap_backup_file.rb
View File

@ -68,18 +68,20 @@ class Metasploit3 < Msf::Auxiliary
}, 20)
if (res and res.code >= 200 and res.code < 300)
print_status("Found #{wmap_base_url}#{file}")
print_status("Found #{wmap_base_url}#{file}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
wmap_report(rep_id,'VULNERABILITY','BACKUP_FILE',"#{file}","A backup file was found.")
else
print_status("NOT Found #{wmap_base_url}#{file}")
#To be removed or just displayed with verbose debugging.
end
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'BACKUP_FILE',
:data => "#{file}"
)
else
print_status("NOT Found #{wmap_base_url}#{file}")
#To be removed or just displayed with verbose debugging.
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE

17
modules/auxiliary/scanner/http/wmap_blind_sql_query.rb
View File

@ -141,14 +141,13 @@ class Metasploit3 < Msf::Auxiliary
if reltruesize > relfalsesize
print_status("Possible #{tarr[0]} Blind SQL Injection Found #{datastore['PATH']} #{key}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
vul_id = wmap_report(rep_id,'VULNERABILITY','BLIND_SQL_INJECTION',"#{datastore['PATH']}","Possible blind SQL Injection Found #{datastore['PATH']}")
wmap_report(vul_id,'BLIND_SQL_INJECTION','PARAMETER',"#{key}","Vulnerable parameter is #{key}")
wmap_report(vul_id,'BLIND_SQL_INJECTION','TYPE',"#{tarr[0]}","Type of injection is #{tarr[0]}")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'BLIND_SQL_INJECTION',
:data => "#{datastore['PATH']} Parameter: #{key} Type: #{tarr[0]}"
)
else
print_status("NOT Vulnerable #{datastore['PATH']} parameter #{key}")
@ -169,4 +168,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end
end

16
modules/auxiliary/scanner/http/wmap_brute_dirs.rb
View File

@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary
in a given directory path.
},
'Author' => [ 'et [at] cyberspace.org' ],
'Author' => [ 'et' ],
'License' => BSD_LICENSE,
'Version' => '$Revision$'))
@ -168,13 +168,15 @@ class Metasploit3 < Msf::Auxiliary
print_error("Server returned an error code. #{wmap_base_url}#{teststr} #{res.code.to_i}")
else
print_status("Found #{wmap_base_url}#{teststr} #{res.code.to_i}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'DIRECTORY',
:data => "#{teststr}"
)
wmap_report(rep_id,'DIRECTORY/FILE','NAME',"#{teststr}","Directory/File #{teststr} found.")
end
end

13
modules/auxiliary/scanner/http/wmap_copy_of_file.rb
View File

@ -136,13 +136,14 @@ class Metasploit3 < Msf::Auxiliary
print_error("[#{wmap_target_host}] Server returned a 400 error on #{wmap_base_url}#{filec} [#{res.code.to_i}]")
else
print_status("[#{wmap_target_host}] Found #{wmap_base_url}#{filec} [#{res.code.to_i}]")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'COPY_FILE',
:data => "#{filec}"
)
wmap_report(rep_id,'VULNERABILITY','COPY_FILE',"#{filec}","A copy of file was found.")
end
end

26
modules/auxiliary/scanner/http/wmap_dir_listing.rb
View File

@ -22,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary
This module identifies directory listing vulnerabilities
in a given directory path.
},
'Author' => [ 'et [at] metasploit.com' ],
'Author' => [ 'et' ],
'License' => BSD_LICENSE,
'Version' => '$Revision$'))
@ -51,23 +51,27 @@ class Metasploit3 < Msf::Auxiliary
if res.to_s.include? "<title>Index of /" and res.to_s.include? "<h1>Index of /"
print_status("Found Directory Listing #{wmap_base_url}#{tpath}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'DIR_LISTING',
:data => "#{tpath}"
)
wmap_report(rep_id,'VULNERABILITY','DIR_LISTING',"#{tpath}","Directory #{tpath} discloses its contents.")
end
if res.to_s.include? "[To Parent Directory]</A>" and res.to_s.include? "#{tpath}</H1><hr>"
print_status("Found Directory Listing #{wmap_base_url}#{tpath}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'DIR_LISTING',
:data => "#{tpath}"
)
wmap_report(rep_id,'VULNERABILITY','DIR_LISTING',"#{tpath}","Directory #{tpath} discloses its contents.")
end
else

24
modules/auxiliary/scanner/http/wmap_dir_scanner.rb
View File

@ -143,20 +143,26 @@ class Metasploit3 < Msf::Auxiliary
print_status("NOT Found #{wmap_base_url}#{tpath}#{testfdir} #{res.code} (#{wmap_target_host})")
end
else
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'DIRECTORY',
:data => "#{tpath}#{testfdir} Code: #{res.code}"
)
vul_id = wmap_report(rep_id,'DIRECTORY','NAME',"#{tpath}#{testfdir}","Directory #{tpath}#{testfdir} found.")
wmap_report(vul_id,'DIRECTORY','RESP_CODE',"#{res.code}",nil)
print_status("Found #{wmap_base_url}#{tpath}#{testfdir} #{res.code} (#{wmap_target_host})")
if res.code.to_i == 401
print_status("#{wmap_base_url}#{tpath}#{testfdir} requires authentication: #{res.headers['WWW-Authenticate']}")
wmap_report(vul_id,'DIRECTORY','WWW-AUTHENTICATE',"#{res.headers['WWW-Authenticate']}",nil)
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'WWW_AUTHENTICATE',
:data => "#{tpath}#{testfdir} Auth: #{res.headers['WWW-Authenticate']}"
)
end
end

15
modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb
View File

@ -168,14 +168,15 @@ class Metasploit3 < Msf::Auxiliary
if (res.code.to_i == 207)
print_status("\tFound vulnerable WebDAV Unicode bypass target #{wmap_base_url}#{tpath}%c0%af#{testfdir} #{res.code} (#{wmap_target_host})")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'UNICODE_WEBDAV_BYPASS',
:data => "#{tpath}%c0%af#{testfdir} Code: #{res.code}"
)
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
vul_id = wmap_report(rep_id,'DIRECTORY','NAME',"#{tpath}#{testfdir}","Directory #{tpath}#{testfdir} found.")
wmap_report(vul_id,'DIRECTORY','RESP_CODE',"#{res.code}",nil)
end
end

66
modules/auxiliary/scanner/http/wmap_error_sql_injection.rb
View File

@ -143,14 +143,13 @@ class Metasploit3 < Msf::Auxiliary
print_error("[#{wmap_target_host}] Error string: '#{inje}'")
print_error("[#{wmap_target_host}] DB TYPE: #{dbt}, Error type '#{injt}'")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'DATABASE_ERROR',
:data => "#{datastore['PATH']} Error: #{inje} DB: #{dbt}"
)
vul_id = wmap_report(rep_id,'ERROR','ERROR_BASED_SQL_INJECTION',"#{datastore['PATH']}","Unable to test as normal response contains error message without injecting anything in a parameter")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','ERROR_STRING',"#{inje}","Error message found #{inje}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','DB_TYPE',"#{dbt}","Database type is #{dbt}")
return
end
@ -209,19 +208,14 @@ class Metasploit3 < Msf::Auxiliary
print_status("[#{wmap_target_host}] Error string: '#{inje}' Test Value: #{gvars[key]}")
print_status("[#{wmap_target_host}] Vuln query parameter: #{key} DB TYPE: #{dbt}, Error type '#{injt}'")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'SQL_INJECTION',
:data => "#{datastore['PATH']} Location: QUERY Parameter: #{key} Value: #{istr} Error: #{inje} DB: #{dbt}"
)
vul_id = wmap_report(rep_id,'VULNERABILITY','ERROR_BASED_SQL_INJECTION',"#{datastore['PATH']}","SQL Injection found (Error based) in #{datastore['PATH']}.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','PARAMETER',"#{key}","Parameter vulnerable #{key}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','LOCATION',"QUERY","Parameter located in URI query.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','INJECTION_TYPE',"#{injt}","Injection appears to be treated as a #{injt}.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','VALUE',"#{istr}","String injected using #{idesc} [#{istr}].")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','ERROR_STRING',"#{inje}","Error message found #{inje}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','DB_TYPE',"#{dbt}","Database type is #{dbt}")
break
end
else
@ -292,18 +286,13 @@ class Metasploit3 < Msf::Auxiliary
print_status("[#{wmap_target_host}] Error string: '#{inje}' Test Value: #{istr}")
print_status("[#{wmap_target_host}] Vuln data parameter: #{key} DB TYPE: #{dbt}, Error type '#{injt}'")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'SQL_INJECTION',
:data => "#{datastore['PATH']} Location: DATA Parameter: #{key} Value: #{istr} Error: #{inje} DB: #{dbt}"
)
vul_id = wmap_report(rep_id,'VULNERABILITY','ERROR_BASED_SQL_INJECTION',"#{datastore['PATH']}","SQL Injection found (Error based) in #{datastore['PATH']}.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','PARAMETER',"#{key}","Parameter vulnerable #{key}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','LOCATION',"DATA","Parameter located in request DATA (POST_DATA).")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','INJECTION_TYPE',"#{injt}","Injection appears to be treated as a #{injt}.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','VALUE',"#{istr}","String injected using #{idesc} [#{istr}].")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','ERROR_STRING',"#{inje}","Error message found #{inje}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','DB_TYPE',"#{dbt}","Database type is #{dbt}")
break
end
@ -374,18 +363,13 @@ class Metasploit3 < Msf::Auxiliary
print_status("[#{wmap_target_host}] Error string: '#{inje}' Test Value: #{istr}")
print_status("[#{wmap_target_host}] Vuln cookie parameter: #{key} DB TYPE: #{dbt}, Error type '#{injt}'")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'SQL_INJECTION',
:data => "#{datastore['PATH']} Location: COOKIE Parameter: #{key} Value: #{istr} Error: #{inje} DB: #{dbt}"
)
vul_id = wmap_report(rep_id,'VULNERABILITY','ERROR_BASED_SQL_INJECTION',"#{datastore['PATH']}","SQL Injection found (Error based) in #{datastore['PATH']}.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','PARAMETER',"#{key}","Parameter vulnerable #{key}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','LOCATION',"COOKIE","Parameter located in Cookies.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','INJECTION_TYPE',"#{injt}","Injection appears to be treated as a #{injt}.")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','VALUE',"#{istr}","String injected using #{idesc} [#{istr}].")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','ERROR_STRING',"#{inje}","Error message found #{inje}")
wmap_report(vul_id,'ERROR_BASED_SQL_INJECTION','DB_TYPE',"#{dbt}","Database type is #{dbt}")
break
end

14
modules/auxiliary/scanner/http/wmap_file_same_name_dir.rb
View File

@ -91,14 +91,14 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.code >= 200 and res.code < 300)
print_status("Found #{wmap_base_url}#{tpath}#{testfext}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'FILE',
:data => "#{tpath}#{testfext} Code: #{res.code}"
)
vul_id = wmap_report(rep_id,'FILE','NAME',"#{tpath}#{testfext}","File #{tpath}#{testfext} found.")
wmap_report(vul_id,'FILE','RESP_CODE',"#{res.code}",nil)
else
print_status("NOT Found #{wmap_base_url}#{tpath}#{testfext}")
end

16
modules/auxiliary/scanner/http/wmap_files_dir.rb
View File

@ -138,15 +138,15 @@ class Metasploit3 < Msf::Auxiliary
print_error("Server returned an error code. #{wmap_base_url}#{tpath}#{testfext} #{res.code.to_i}")
else
print_status("Found #{wmap_base_url}#{tpath}#{testfext} #{res.code.to_i}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'FILE',
:data => "#{tpath}#{testfext} Code: #{res.code}"
)
vul_id = wmap_report(rep_id,'FILE','NAME',"#{tpath}#{testfext}","File #{tpath}#{testfext} found.")
wmap_report(vul_id,'FILE','RESP_CODE',"#{res.code}",nil)
end
end
end

14
modules/auxiliary/scanner/http/wmap_prev_dir_same_name_file.rb
View File

@ -87,14 +87,14 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.code >= 200 and res.code < 300)
print_status("Found #{wmap_base_url}#{testf}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'FILE',
:data => "#{testf} Code: #{res.code}"
)
vul_id = wmap_report(rep_id,'FILE','NAME',"#{testf}","File #{testf} found.")
wmap_report(vul_id,'FILE','RESP_CODE',"#{res.code}",nil)
else
print_status("NOT Found #{wmap_base_url}#{testf}")
end

17
modules/auxiliary/scanner/http/wmap_replace_ext.rb
View File

@ -94,6 +94,7 @@ class Metasploit3 < Msf::Auxiliary
tcode = res.code.to_i
emesg = ""
# Look for a string we can signature on as well
if(tcode >= 200 and tcode <= 299)
@ -141,15 +142,15 @@ class Metasploit3 < Msf::Auxiliary
print_error("Server returned an error code. #{wmap_base_url}#{tpath} #{res.code.to_i}")
else
print_status("Found #{wmap_base_url}#{tpath}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'FILE',
:data => "#{tpath} Code: #{res.code}"
)
vul_id = wmap_report(rep_id,'FILE','NAME',"#{tpath}","File #{tpath} found.")
wmap_report(vul_id,'FILE','RESP_CODE',"#{res.code}",nil)
end
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout

17
modules/auxiliary/scanner/http/wmap_robots_txt.rb
View File

@ -61,13 +61,16 @@ class Metasploit3 < Msf::Auxiliary
result = res.body.scan(aregex).flatten.map{|s| s.strip}.uniq
print_status("[#{target_host}] #{tpath}robots.txt - #{result.join(", ")}")
result.each do |u|
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
vuln_id = wmap_report(rep_id,'ROBOTS','FILE/DIRECTORY',"#{u}","File/Directory in robots.txt response found.")
result.each do |u|
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'ROBOTS_TXT',
:data => "#{u}"
)
end
end

23
modules/auxiliary/scanner/http/wmap_ssl.rb
View File

@ -69,15 +69,22 @@ class Metasploit3 < Msf::Auxiliary
if vhostn
print_status("[#{ip}:#{datastore['RPORT']}] is host #{vhostn}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'VHOST',
:data => "#{vhostn}"
)
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'X509',
:data => "Subject: #{cert.subject} Algorithm: #{cert.signature_algorithm}"
)
wmap_report(rep_id,'VHOST','NAME',"#{vhostn}","Vhost #{vhostn} found.")
wmap_report(rep_id,'X509','SUBJECT',"#{cert.subject}",nil)
wmap_report(rep_id,'X509','SIGN_ALGORITHM',"#{cert.signature_algorithm}","Signature algorithm")
end
else
print_status("[#{ip}:#{datastore['RPORT']}] No certificate subject or CN found")

50
modules/auxiliary/scanner/http/wmap_svn_scanner.rb
View File

@ -121,15 +121,15 @@ class Metasploit3 < Msf::Auxiliary
end
else
print_status("[#{target_host}] SVN Entries file found.")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'SVN_ENTRIES',
:data => "#{turl}"
)
vuln_id = wmap_report(rep_id,'VULNERABILITY','SVN_ENTRIES',"#{turl}","SVN Entries file found.")
vers = res.body[0..1].chomp.to_i
if vers <= 6
print_error("[#{target_host}] Version #{vers} not supported")
@ -160,16 +160,35 @@ class Metasploit3 < Msf::Auxiliary
print_status("[#{target_host}] #{skind} #{sname} [#{slastauthor}]")
if slastauthor and slastauthor.length > 0
wmap_report(vuln_id,'SVN_ENTRIES','USERNAME',"#{slastauthor}","Username found.")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'USERNAME',
:data => "#{slastauthor}"
)
end
if skind
if skind == 'dir'
wmap_report(vuln_id,'SVN_ENTRIES','DIRECTORY',"#{sname}","Directory in .svn/entries found.")
if skind == 'dir'
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'DIRECTORY',
:data => "#{sname}"
)
end
if skind == 'file'
ent_id = wmap_report(vuln_id,'SVN_ENTRIES','FILE',"#{sname}","File in .svn/entries found.")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'FILE',
:data => "#{sname}"
)
if datastore['GET_SOURCE']
print_status("- Trying to get file #{sname} source code.")
@ -188,7 +207,14 @@ class Metasploit3 < Msf::Auxiliary
if datastore['SHOW_SOURCE']
print_status("#{srcres.body}")
end
wmap_report(ent_id,'SVN_SOURCE_CODE','CODE',"#{srcres.body}","Source code found.")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'SOURCE_CODE',
:data => "#{sname} Code: #{srcres.body}"
)
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE

25
modules/auxiliary/scanner/http/wmap_verb_auth_bypass.rb
View File

@ -53,17 +53,19 @@ class Metasploit3 < Msf::Auxiliary
}, 10)
if res
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
auth_code = res.code
if res.headers['WWW-Authenticate']
print_status("#{ip} requires authentication: #{res.headers['WWW-Authenticate']} [#{auth_code}]")
wmap_report(rep_id,'WWW-AUTHENTICATE','REALM',"#{res.headers['WWW-Authenticate']}",nil)
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'WWW_AUTHENTICATE',
:data => "#{datastore['PATH']} Realm: #{res.headers['WWW-Authenticate']}"
)
verbs.each do |tv|
resauth = send_request_raw({
@ -75,7 +77,14 @@ class Metasploit3 < Msf::Auxiliary
print_status("Testing verb #{tv} resp code: [#{resauth.code}]")
if resauth.code != auth_code and resauth.code <= 302
print_status("Possible authentication bypass with verb #{tv} code #{resauth.code}")
wmap_report(rep_id,'VULNERABILITY','AUTH_BYPASS_VERB',"#{tv}","Possible auth bypassing with verb #{tv} in #{datastore['PATH']}")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'AUTH_BYPASS_VERB',
:data => "#{datastore['PATH']} Verb: #{tv}"
)
end
end
end

21
modules/auxiliary/scanner/http/wmap_webdav_internal_ip.rb
View File

@ -50,16 +50,17 @@ class Metasploit3 < Msf::Auxiliary
result = res.body.scan(intipregex).uniq
result.each do |addr|
print_status("Found internal IP in WebDAV response (#{target_host}) #{addr}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
vuln_id = wmap_report(rep_id,'IP','INTERNAL ADDRESS',"#{addr}","Internal IP in WebDAV response found.")
result.each do |addr|
print_status("Found internal IP in WebDAV response (#{target_host}) #{addr}")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'INTERNAL_IP',
:data => "#{addr}"
)
end
end

7
modules/auxiliary/scanner/http/wmap_webdav_scanner.rb
View File

@ -49,12 +49,6 @@ class Metasploit3 < Msf::Auxiliary
print_status("#{target_host} (#{tserver}) has #{wdtype} ENABLED")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
report_note(
:host => target_host,
:proto => 'HTTP',
@ -63,7 +57,6 @@ class Metasploit3 < Msf::Auxiliary
:data => 'enabled'
)
wmap_report(rep_id,'WEB_SERVER',wdtype,"ENABLED",nil)
else
print_status("#{target_host} (#{tserver}) WebDAV disabled.")
end

22
modules/auxiliary/scanner/http/wmap_webdav_website_content.rb
View File

@ -50,16 +50,18 @@ class Metasploit3 < Msf::Auxiliary
result = res.body.scan(urlregex).uniq
result.each do |u|
print_status("Found file or directory in WebDAV response (#{target_host}) #{u}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
vuln_id = wmap_report(rep_id,'WEBDAV','FILE/DIRECTORY',"#{u}","File/Directory in WebDAV response found.")
result.each do |u|
print_status("Found file or directory in WebDAV response (#{target_host}) #{u}")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'WEBDAV_FILE_DIRECTORY',
:data => "#{u}"
)
end
end

14
modules/auxiliary/scanner/http/writable.rb
View File

@ -85,14 +85,14 @@ class Metasploit3 < Msf::Auxiliary
if res and (tcode >= 200 and tcode <= 299)
if res.body.include? datastore['DATA']
print_status("Upload succeeded on #{wmap_base_url}#{datastore['PATH']} [#{res.code}]")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
wmap_report(rep_id,'VULNERABILITY','PUT_ENABLED',"#{datastore['PATH']}","Upload succeeded on #{datastore['PATH']}")
report_note(
:host => target_host,
:proto => 'HTTP',
:port => rport,
:type => 'PUT_ENABLED',
:data => "#{datastore['PATH']}"
)
end
else