# autocrawler.rc # Author: m-1-k-3 (Web: http://www.s3cur1ty.de / Twitter: @s3cur1ty_de) # This Metasploit RC-File could be used to crawl webapps automatically # it uses the allready discovered webservers - "services -s http" / "services -s https" # you could use db_nmap or http_version for discovering the werbservers # some basic jobhandling to not kill our own machine is included - check the maxjobs and threadspercrawler variables if (framework.datastore['VERBOSE'] == "true") #we look in the global datastore for a global VERBOSE option and use it verbose = 1 #true else verbose = 0 end threadspercrawler = "4" #check this ... now its default # Test and see if we have a database connected begin framework.db.hosts rescue ::ActiveRecord::ConnectionNotEstablished print_error("Database connection isn't established") return end def jobwaiting() #thread handling for poor guys ... maxjobs=15 #throttling if we get too much jobs while(framework.jobs.keys.length >= maxjobs) ::IO.select(nil, nil, nil, 2.5) print_error("waiting for finishing some modules... active jobs: #{framework.jobs.keys.length} / threads: #{framework.threads.length}") end end framework.db.workspace.hosts.each do |host| host.services.each do |serv| next if not serv.host next if (serv.state != ServiceState::Open) next if (serv.name !~ /http/) if(verbose == 1) print_line("IP: #{host.address}") print_line("OS: #{host.os_name}") print_line("Servicename: #{serv.name}") print_line("Service Port: #{serv.port.to_i}") print_line("Service Protocol: #{serv.proto}") end run_single("use auxiliary/scanner/http/crawler") run_single("set MAX_THREADS #{threadspercrawler}") run_single("set RHOST #{host.address}") run_single("set RPORT #{serv.port.to_i}") if(serv.name == "https") run_single("set SSL true") else run_single("set SSL false") end if(verbose == 1) run_single("set VERBOSE true") run_single("run -j") else run_single("run -j -q") end run_single("back") jobwaiting() end end