diff --git a/modules/auxiliary/scanner/http/wmap_generic_comments.rb b/modules/auxiliary/scanner/http/wmap_generic_comments.rb deleted file mode 100644 index 3ddc0186d2..0000000000 --- a/modules/auxiliary/scanner/http/wmap_generic_comments.rb +++ /dev/null @@ -1,56 +0,0 @@ -## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ -## - -require 'rex/proto/http' -require 'msf/core' - - -class Metasploit3 < Msf::Auxiliary - - include Msf::Exploit::Remote::HttpClient - include Msf::Auxiliary::WMAPScanGeneric - include Msf::Auxiliary::Scanner - - def initialize(info = {}) - super(update_info(info, - 'Name' => 'WMAP Generic Comments Extractor', - 'Description' => %q{ - This module extracts commented code from http responses stored in the wmap database. - }, - 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision: 6479 $')) - end - - def wmap_enabled - false - end - - def run_host(ip) - hcommregex = /(|\/\*(.*?)\*\/)/i - - - #extemails = [] - - if report_active? - wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req| - tpath = req.path - result = req.response.scan(hcommregex).uniq - result.each do |c| - print_status("HTML Comment found #{c} in #{tpath}") - - rep_id = wmap_base_report_id( - wmap_target_host, - wmap_target_port, - wmap_target_ssl - ) - vuln_id = wmap_report(rep_id,'HTML','COMMENT',"#{c}","Comment found in #{tpath}.") - end - end - end - end -end diff --git a/modules/auxiliary/scanner/http/wmap_generic_email_extract.rb b/modules/auxiliary/scanner/http/wmap_generic_email_extract.rb deleted file mode 100644 index bfac69d597..0000000000 --- a/modules/auxiliary/scanner/http/wmap_generic_email_extract.rb +++ /dev/null @@ -1,64 +0,0 @@ -## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ -## - -require 'rex/proto/http' -require 'msf/core' - - -class Metasploit3 < Msf::Auxiliary - - include Msf::Exploit::Remote::HttpClient - include Msf::Auxiliary::WMAPScanGeneric - include Msf::Auxiliary::Scanner - - def initialize(info = {}) - super(update_info(info, - 'Name' => 'WMAP Generic Email Extractor', - 'Description' => %q{ - This module extracts email addresses from http responses stored in the wmap database. - }, - 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) - - register_options( - [ - OptString.new('DOMAIN', [ false, "Extract emails from specified domain", '']) - ], self.class) - - end - - def wmap_enabled - false - end - - def run_host(ip) - # www.regular-expressions.info/email.html - emailregex = /[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}/i - - #extemails = [] - - if report_active? - wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req| - result = req.response.scan(emailregex).uniq - result.each do |addr| - if addr.include?(datastore['DOMAIN']) and datastore['DOMAIN'] - print_status("Found email #{addr}") - - rep_id = wmap_base_report_id( - wmap_target_host, - wmap_target_port, - wmap_target_ssl - ) - vuln_id = wmap_report(rep_id,'EMAIL','ADDRESS',"#{addr}","Email address found.") - wmap_report(vuln_id,'LOCATION','PATH',"#{req.path}","Path where email was found.") - end - end - end - end - end -end diff --git a/modules/auxiliary/scanner/http/wmap_generic_source_code.rb b/modules/auxiliary/scanner/http/wmap_generic_source_code.rb deleted file mode 100644 index 8690a2fa8f..0000000000 --- a/modules/auxiliary/scanner/http/wmap_generic_source_code.rb +++ /dev/null @@ -1,56 +0,0 @@ -## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ -## - -require 'rex/proto/http' -require 'msf/core' - - -class Metasploit3 < Msf::Auxiliary - - include Msf::Exploit::Remote::HttpClient - include Msf::Auxiliary::WMAPScanGeneric - include Msf::Auxiliary::Scanner - - def initialize(info = {}) - super(update_info(info, - 'Name' => 'WMAP Generic Source Code Detection', - 'Description' => %q{ - This module detects source code in http responses stored in the wmap database. - }, - 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision: 6479 $')) - end - - def wmap_enabled - false - end - - def run_host(ip) - hcommregex = /(<%(.*?)%>|)/i - - - #extemails = [] - - if report_active? - wmap_request_sql(wmap_target_host,wmap_target_port,'').each do |req| - tpath = req.path - result = req.response.scan(hcommregex).uniq - result.each do |c| - print_status("Source code found: #{c} in #{tpath}") - - rep_id = wmap_base_report_id( - wmap_target_host, - wmap_target_port, - wmap_target_ssl - ) - vuln_id = wmap_report(rep_id,'HTML','SOURCE CODE',"#{c}","Source code found in #{tpath}.") - end - end - end - end -end