Store at most one http.fingerprint per host/port, revert http_version

bug/bundler_fix
HD Moore 2014-03-23 10:42:20 -07:00
parent f80b9d50f0
commit 903af02e08
2 changed files with 15 additions and 4 deletions

View File

@ -467,7 +467,6 @@ module Exploit::Remote::HttpClient
service.notes.where(:ntype => 'http.fingerprint').order("notes.id DESC").each do |n|
next unless n.data and n.data.kind_of?(::Hash)
next unless n.data[:uri] == uri and n.data[:method] == method
# Append additional fingerprints to the results as found
fprints.unshift n.data.dup
end
@ -511,7 +510,7 @@ module Exploit::Remote::HttpClient
return fprint if opts[:full]
# Otherwise just return the signature string for compatibility
fprint[:signature]
return fprint[:signature]
end
# Go ahead and send a request to the target for fingerprinting
@ -623,7 +622,15 @@ module Exploit::Remote::HttpClient
fprint[:content] = res.body.to_s[0,65535]
# Report a new http.fingerprint note
report_note(:host => rhost, :port => rport, :ntype => 'http.fingerprint', :data => fprint, :update => :unique_data)
report_note(
:host => rhost,
:port => rport,
:proto => 'tcp',
:ntype => 'http.fingerprint',
:data => fprint,
# Limit reporting to one stored note per host/service combination
:update => :unique
)
# Report here even if info is empty since the fact that we didn't
# return early means we at least got a connection and the service is up

View File

@ -32,9 +32,13 @@ class Metasploit3 < Msf::Auxiliary
# Fingerprint a single host
def run_host(ip)
begin
fp = http_fingerprint
connect
res = send_request_raw({ 'uri' => '/', 'method' => 'GET' })
fp = http_fingerprint(:response => res)
print_status("#{ip}:#{rport} #{fp}") if fp
rescue ::Timeout::Error, ::Errno::EPIPE
ensure
disconnect
end
end