metasploit-framework/modules/auxiliary/scanner/http/f5_mgmt_scanner.rb

96 lines
2.8 KiB
Ruby

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'F5 Networks Devices Management Interface Scanner',
'Description' => %q{
This module scans for web management interfaces of the following F5 Networks devices:
BigIP, BigIQ, Enterprise Manager, ARX, and FirePass.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Denis Kolegov <dnkolegov[at]gmail.com>',
'Oleg Broslavsky <ovbroslavsky[at]gmail.com>',
'Nikita Oleksov <neoleksov[at]gmail.com>'
],
'DefaultOptions' =>
{
'SSL' => true,
'SSLVersion' => 'TLS1',
'RPORT' => 443
}
))
register_options(
[
OptInt.new('TIMEOUT', [true, 'HTTPS connect/read timeout in seconds', 1])
], self.class)
end
def port_open?
begin
res = send_request_raw({'method' => 'GET', 'uri' => '/'}, datastore['TIMEOUT'])
return true if res
rescue ::Rex::ConnectionRefused
vprint_status("#{peer} - Connection refused")
return false
rescue ::Rex::ConnectionError
vprint_error("#{peer} - Connection failed")
return false
rescue ::OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL/TLS connection error")
return false
end
end
def run_host(ip)
return unless port_open?
res = send_request_raw('method' => 'GET', 'uri' => '/')
if res && res.code == 200
# Detect BigIP management interface
if res.body =~ /<title>BIG\-IP/
print_good("#{peer} - F5 BigIP web management interface found")
return
end
# Detect EM management interface
if res.body =~ /<title>Enterprise Manager/
print_good("#{peer} - F5 Enterprise Manager web management interface found")
return
end
# Detect ARX management interface
if res.body =~ /<title>F5 ARX Manager Login<\/title>/
print_good("#{peer} - ARX web management interface found")
return
end
end
# Detect BigIQ management interface
res = send_request_raw('method' => 'GET', 'uri' => '/ui/login/')
if res && res.code == 200 && res.body =~ /<title>BIG\-IQ/
print_good("#{peer} - F5 BigIQ web management interface found")
return
end
# Detect FirePass management interface
res = send_request_raw('method' => 'GET', 'uri' => '/admin/', 'rport' => rport)
if res && res.code == 200 && res.body =~ /<br><br><br><big><b>&nbsp;FirePass/
print_good("#{peer} - F5 FirePass web management interface found")
return
end
end
end