Basic generic wmap modules

git-svn-id: file:///home/svn/framework3/trunk@6948 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-10 00:04:01 +00:00 · 2009-08-10 00:04:01 +00:00 · d0289671f6
parent 87d59b4512
commit d0289671f6
2 changed files with 112 additions and 0 deletions
--- a/modules/auxiliary/scanner/http/wmap_generic_comments.rb
+++ b/modules/auxiliary/scanner/http/wmap_generic_comments.rb
@ -0,0 +1,56 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'rex/proto/http'
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::WMAPScanGeneric
+	include Msf::Auxiliary::Scanner
+
+	def initialize(info = {})
+		super(update_info(info,	
+			'Name'   		=> 'WMAP Generic Comments Extractor',
+			'Description'	=> %q{
+				This module extracts commented code from http responses stored in the wmap database.
+			},
+			'Author' 		=> [ 'et [at] metasploit.com' ],
+			'License'		=> BSD_LICENSE,
+			'Version'		=> '$Revision: 6479 $'))   
+	end
+	
+	def wmap_enabled
+		false
+	end
+
+	def run_host(ip)
+		hcommregex = /(<!--(.*?)-->|\/\*(.*?)\*\/)/i
+		
+		
+		#extemails = []
+		
+		if report_active?
+			wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req|
+				tpath = req.path
+				result = req.response.scan(hcommregex).uniq
+				result.each do |c|
+					print_status("HTML Comment found #{c} in #{tpath}")
+						
+					rep_id = wmap_base_report_id(
+							wmap_target_host,
+							wmap_target_port,
+							wmap_target_ssl
+					)
+					vuln_id = wmap_report(rep_id,'HTML','COMMENT',"#{c}","Comment found in #{tpath}.")
+				end
+			end
+		end
+	end		
+end
--- a/modules/auxiliary/scanner/http/wmap_generic_source_code.rb
+++ b/modules/auxiliary/scanner/http/wmap_generic_source_code.rb
@ -0,0 +1,56 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'rex/proto/http'
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::WMAPScanGeneric
+	include Msf::Auxiliary::Scanner
+
+	def initialize(info = {})
+		super(update_info(info,	
+			'Name'   		=> 'WMAP Generic Source Code Detection',
+			'Description'	=> %q{
+				This module detects source code in http responses stored in the wmap database.
+			},
+			'Author' 		=> [ 'et [at] metasploit.com' ],
+			'License'		=> BSD_LICENSE,
+			'Version'		=> '$Revision: 6479 $'))   
+	end
+	
+	def wmap_enabled
+		false
+	end
+
+	def run_host(ip)
+		hcommregex = /(<%(.*?)%>|<?(.*?)?>)/i
+		
+		
+		#extemails = []
+		
+		if report_active?
+			wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req|
+				tpath = req.path
+				result = req.response.scan(hcommregex).uniq
+				result.each do |c|
+					print_status("Source code found: #{c} in #{tpath}")
+						
+					rep_id = wmap_base_report_id(
+							wmap_target_host,
+							wmap_target_port,
+							wmap_target_ssl
+					)
+					vuln_id = wmap_report(rep_id,'HTML','SOURCE CODE',"#{c}","Source code found in #{tpath}.")
+				end
+			end
+		end
+	end		
+end