Update the post module

2014-01-08 18:41:22 -06:00 · 2014-01-08 18:41:22 -06:00 · a99e2eb567
parent 130a99f52b
commit a99e2eb567
1 changed files with 25 additions and 11 deletions
--- a/modules/post/multi/gather/check_malware.rb
+++ b/modules/post/multi/gather/check_malware.rb
@ -32,7 +32,15 @@ class Metasploit3 < Msf::Post
      ], self.class)
  end

+  def rhost
+    session.sock.peerhost
+  end
+
  def get_report(api_key, checksum)
+    #
+    # We have to use Net::HTTP instead of HttpClient because of the following error:
+    # The supplied module name is ambiguous: undefined method `register_autofilter_ports'
+    #
    url = URI.parse("https://www.virustotal.com/vtapi/v2/file/report")
    req = Net::HTTP::Post.new(url.path, initheader={'Host'=>'www.virustotal.com'})
    req.set_form_data({'apikey'=>api_key, 'resource'=>checksum})
@ -41,22 +49,25 @@ class Metasploit3 < Msf::Post
    res = http.start {|http| http.request(req)}

    unless res
-      print_error("Connection timed out while requesting a report from VirusTotal")
+      print_error("#{rhost} - Connection timed out")
      return ''
    end

    case res.code
    when 204
-      print_error("You have reached the request limit, please wait for one minute to try again")
-      return
+      print_error("#{rhost} - You have reached the request limit, please wait for one minute to try again")
+      return ''
    when 403
-      print_error("No privilege to execute this request probably due to an invalye API key")
+      print_error("#{rhost} - No privilege to execute this request probably due to an invalye API key")
+      return ''
    end

    body = ''
    begin
      body = JSON.parse(res.body)
-    rescue JSON::ParserError  
+    rescue JSON::ParserError
+      print_error("#{rhost} - Unable to parse the response")
+      return body
    end

    body
@ -67,9 +78,9 @@ class Metasploit3 < Msf::Post
    sha1   = res['sha1']   || ''
    sha256 = res['sha256'] || ''

-    print_status("MD5: #{md5}")       unless md5.blank?
-    print_status("SHA1: #{sha1}")     unless sha1.blank?
-    print_status("SHA256: #{sha256}") unless sha256.blank?
+    print_status("#{rhost} - MD5: #{md5}")       unless md5.blank?
+    print_status("#{rhost} - SHA1: #{sha1}")     unless sha1.blank?
+    print_status("#{rhost} - SHA256: #{sha256}") unless sha256.blank?

    tbl = Rex::Ui::Text::Table.new(
      'Header'  => "Analysis Report: #{filename} (#{res['positives']} / #{res['total']}): #{res['sha256']}",
@ -96,14 +107,17 @@ class Metasploit3 < Msf::Post
    api_key  = datastore['APIKEY']

    unless file?(filename)
-      print_error("File not found: #{filename}")
+      print_error("#{rhost} - File not found: #{filename}")
      return
    end

    checksum = file_remote_digestsha1(filename)
-    print_status("Checking: #{filename}...")
+    print_status("#{rhost} - Checking: #{filename}...")
    report   = get_report(api_key, checksum)
-    print_status("VirusTotal: #{report['verbose_msg']}")
+
+    return if report.blank?
+
+    print_status("#{rhost} - VirusTotal message: #{report['verbose_msg']}")
    if report['response_code'] == 1
      show_report(report, File.basename(filename))
    end