From c216cf8c53f0e7d0ea33550a177814e7fa88aa03 Mon Sep 17 00:00:00 2001
From: Josh Abraham <jabra@spl0it.org>
Date: Fri, 19 Sep 2014 10:29:05 -0400
Subject: [PATCH] added spoofing capabilities to udp_scanner

---
 lib/msf/core/auxiliary/drdos.rb       | 13 +++++++++++++
 lib/msf/core/auxiliary/udp_scanner.rb | 18 ++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/lib/msf/core/auxiliary/drdos.rb b/lib/msf/core/auxiliary/drdos.rb
index fdf3f3f93e..b6b08fc5ed 100644
--- a/lib/msf/core/auxiliary/drdos.rb
+++ b/lib/msf/core/auxiliary/drdos.rb
@@ -8,6 +8,15 @@ module Msf
 ###
 module Auxiliary::DRDoS
 
+  def initialize(info = {})
+    super
+    register_advanced_options(
+      [
+        OptAddress.new('SRCIP', [false, 'Use this source IP']),
+        OptInt.new('NUM_REQUESTS', [false, 'Number of requests to send', 1]),
+      ], self.class)
+  end
+
   def prove_amplification(response_map)
     vulnerable = false
     proofs = []
@@ -43,5 +52,9 @@ module Auxiliary::DRDoS
     [ vulnerable, proofs.join(', ') ]
   end
 
+  def spoofed?
+    !datastore['SRCIP'].nil?
+  end
+
 end
 end
diff --git a/lib/msf/core/auxiliary/udp_scanner.rb b/lib/msf/core/auxiliary/udp_scanner.rb
index 2891c0da72..b33a573447 100644
--- a/lib/msf/core/auxiliary/udp_scanner.rb
+++ b/lib/msf/core/auxiliary/udp_scanner.rb
@@ -69,6 +69,24 @@ module Auxiliary::UDPScanner
     scanner_postscan(batch)
   end
 
+  # Send a spoofed packet to a given host and port
+  def scanner_spoof_send(data, ip, port, srcip, num_packets=1)
+    open_pcap
+    p = PacketFu::UDPPacket.new
+    p.ip_saddr = srcip
+    p.ip_daddr = ip
+    p.ip_ttl = 255
+    p.udp_src = (rand((2**16)-1024)+1024).to_i
+    p.udp_dst = port
+    p.payload = @probe
+    p.recalc
+    1.upto(num_packets) do |x|
+      print_status("Sending packet to #{ip} from #{srcip}")
+      capture_sendto(p, ip)
+    end
+    close_pcap
+  end
+
   # Send a packet to a given host and port
   def scanner_send(data, ip, port)