From d0289671f63a840ede9ec9c17b911ba412e4cfb5 Mon Sep 17 00:00:00 2001 From: et <> Date: Mon, 10 Aug 2009 00:04:01 +0000 Subject: [PATCH] Basic generic wmap modules git-svn-id: file:///home/svn/framework3/trunk@6948 4d416f70-5f16-0410-b530-b9f4589650da --- .../scanner/http/wmap_generic_comments.rb | 56 +++++++++++++++++++ .../scanner/http/wmap_generic_source_code.rb | 56 +++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 modules/auxiliary/scanner/http/wmap_generic_comments.rb create mode 100644 modules/auxiliary/scanner/http/wmap_generic_source_code.rb diff --git a/modules/auxiliary/scanner/http/wmap_generic_comments.rb b/modules/auxiliary/scanner/http/wmap_generic_comments.rb new file mode 100644 index 0000000000..3ddc0186d2 --- /dev/null +++ b/modules/auxiliary/scanner/http/wmap_generic_comments.rb @@ -0,0 +1,56 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'rex/proto/http' +require 'msf/core' + + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::HttpClient + include Msf::Auxiliary::WMAPScanGeneric + include Msf::Auxiliary::Scanner + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'WMAP Generic Comments Extractor', + 'Description' => %q{ + This module extracts commented code from http responses stored in the wmap database. + }, + 'Author' => [ 'et [at] metasploit.com' ], + 'License' => BSD_LICENSE, + 'Version' => '$Revision: 6479 $')) + end + + def wmap_enabled + false + end + + def run_host(ip) + hcommregex = /(|\/\*(.*?)\*\/)/i + + + #extemails = [] + + if report_active? + wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req| + tpath = req.path + result = req.response.scan(hcommregex).uniq + result.each do |c| + print_status("HTML Comment found #{c} in #{tpath}") + + rep_id = wmap_base_report_id( + wmap_target_host, + wmap_target_port, + wmap_target_ssl + ) + vuln_id = wmap_report(rep_id,'HTML','COMMENT',"#{c}","Comment found in #{tpath}.") + end + end + end + end +end diff --git a/modules/auxiliary/scanner/http/wmap_generic_source_code.rb b/modules/auxiliary/scanner/http/wmap_generic_source_code.rb new file mode 100644 index 0000000000..8690a2fa8f --- /dev/null +++ b/modules/auxiliary/scanner/http/wmap_generic_source_code.rb @@ -0,0 +1,56 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'rex/proto/http' +require 'msf/core' + + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::HttpClient + include Msf::Auxiliary::WMAPScanGeneric + include Msf::Auxiliary::Scanner + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'WMAP Generic Source Code Detection', + 'Description' => %q{ + This module detects source code in http responses stored in the wmap database. + }, + 'Author' => [ 'et [at] metasploit.com' ], + 'License' => BSD_LICENSE, + 'Version' => '$Revision: 6479 $')) + end + + def wmap_enabled + false + end + + def run_host(ip) + hcommregex = /(<%(.*?)%>|)/i + + + #extemails = [] + + if report_active? + wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req| + tpath = req.path + result = req.response.scan(hcommregex).uniq + result.each do |c| + print_status("Source code found: #{c} in #{tpath}") + + rep_id = wmap_base_report_id( + wmap_target_host, + wmap_target_port, + wmap_target_ssl + ) + vuln_id = wmap_report(rep_id,'HTML','SOURCE CODE',"#{c}","Source code found in #{tpath}.") + end + end + end + end +end