diff --git a/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb b/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb index 7866999192..43b59a9354 100644 --- a/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb +++ b/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb @@ -35,32 +35,33 @@ class Metasploit3 < Msf::Auxiliary 'Context' => {'Msf' => framework, 'MsfExploit' => self} } ) add_socket(udp_sock) - vprint_status "Scanning #{datastore['PROTOCOL']} ports #{datastore['PORTS']} on #{host} using NATPMP" + peer = "#{host}:#{datastore['RPORT']}" + vprint_status("#{peer} Scanning #{datastore['PROTOCOL']} ports #{datastore['PORTS']} using NATPMP") # first, send a request to get the external address - udp_sock.sendto(external_address_request, host, datastore['RPORT'].to_i, 0) + udp_sock.sendto(external_address_request, host, datastore['RPORT'], 0) external_address = nil while (r = udp_sock.recvfrom(12, 0.25) and r[1]) (ver,op,result,epoch,external_address) = parse_external_address_response(r[0]) end if (external_address) - print_good("External address of #{host} is #{external_address}") + print_good("#{peer} responded with external address of #{external_address}") else - vprint_status("Didn't get a response for #{host}'s external address") + vprint_status("#{peer} didn't responsd with an external address") return end Rex::Socket.portspec_crack(datastore['PORTS']).each do |port| # send one request to clear the mapping if *we've* created it before clear_req = map_port_request(port, port, Rex::Proto::NATPMP.const_get(datastore['PROTOCOL']), 0) - udp_sock.sendto(clear_req, host, datastore['RPORT'].to_i, 0) + udp_sock.sendto(clear_req, host, datastore['RPORT'], 0) while (r = udp_sock.recvfrom(16, 1.0) and r[1]) end # now try the real mapping map_req = map_port_request(port, port, Rex::Proto::NATPMP.const_get(datastore['PROTOCOL']), 1) - udp_sock.sendto(map_req, host, datastore['RPORT'].to_i, 0) + udp_sock.sendto(map_req, host, datastore['RPORT'], 0) while (r = udp_sock.recvfrom(16, 1.0) and r[1]) handle_reply(host, external_address, r) end @@ -85,20 +86,21 @@ class Metasploit3 < Msf::Auxiliary protocol = datastore['PROTOCOL'].to_s.downcase (ver, op, result, epoch, int, ext, lifetime) = parse_map_port_response(pkt[0]) + peer = "#{host}:#{datastore['RPORT']}" if (result == 0) # we always ask to map an external port to the same port on us. If # we get a successful reponse back but the port we requested be forwarded # is different, that means that someone else already has it open if (int != ext) state = Msf::ServiceState::Open - print_status("#{external_addr} - #{int}/#{protocol} #{state} because of successful mapping with unmatched ports") + print_good("#{peer} #{external_addr} - #{int}/#{protocol} #{state} because of successful mapping with unmatched ports") else state = Msf::ServiceState::Closed - print_status("#{external_addr} - #{int}/#{protocol} #{state} because of successful mapping with matched ports") if (datastore['DEBUG']) + print_status("#{peer} #{external_addr} - #{int}/#{protocol} #{state} because of successful mapping with matched ports") if (datastore['DEBUG']) end else state = Msf::ServiceState::Closed - print_status("#{external_addr} - #{int}/#{protocol} #{state} because of code #{result} response") if (datastore['DEBUG']) + print_status("#{peer} #{external_addr} - #{int}/#{protocol} #{state} because of code #{result} response") if (datastore['DEBUG']) end if inside_workspace_boundary?(external_addr)