test

2012-01-12 17:31:06 +01:00 · 2012-01-12 17:31:06 +01:00 · cbb9a03724
parent a3749f1d80
commit cbb9a03724
1 changed files with 57 additions and 0 deletions
--- a/scripts/resource/autocrawler.rc
+++ b/scripts/resource/autocrawler.rc
@ -0,0 +1,57 @@
+# autocrawler.rc
+# Author: m-1-k-3 (Web: http://www.s3cur1ty.de / Twitter: @s3cur1ty_de)
+
+# this Metasploit RC-File could be used to crawl webapps automatically
+# it uses the allready discovered webservers - "services -s http" / "services -s https"
+# some basic jobhandling to not kill our own machine is included - check the maxjobs and threadspercrawler variables
+
+<ruby>
+verbose = "true"
+threadspercrawler = "4"
+
+def jobwaiting()	#thread handling for poor guys ...
+        maxjobs=15      #throttling if we get too much jobs
+        while(framework.jobs.keys.length >= maxjobs)
+                ::IO.select(nil, nil, nil, 2.5)
+                print_error("waiting for finishing some modules... active jobs: #{framework.jobs.keys.length} / threads: #{framework.threads.length}")
+        end
+end
+
+framework.db.workspace.hosts.each do |host|
+	host.services.each do |serv|
+		next if not serv.host
+		next if (serv.state != ServiceState::Open)
+		next if (serv.name !~ /http/)
+		
+		if(verbose == "true")
+			print_status("")
+                        print_status("====================================")
+			print_status("Host: #{serv.host[:address]}")
+			print_status("Servicename: #{serv.name}")
+			print_status("Service Port: #{serv.port.to_i}")
+			print_status("Service Protocol: #{serv.proto}")
+			print_status("OS: #{host.os_name}")
+			print_status("IP: #{host.address}")
+                        print_status("====================================")
+			print_status("")
+		end
+		run_single("use auxiliary/scanner/http/crawler")
+		run_single("set MAX_THREADS #{threadspercrawler}")
+		run_single("set RHOST #{host.address}")
+		run_single("set RPORT #{serv.port.to_i}")
+		if(serv.name == "https")
+			run_single("set SSL true")
+		else
+			run_single("set SSL false")
+		end
+		if(verbose == "true")
+                       	run_single("set VERBOSE true")
+                        run_single("run -j")
+                else
+                     	run_single("run -j -q")
+                end
+		run_single("back")
+		jobwaiting()
+	end
+end
+</ruby>