45 lines
1.2 KiB
Ruby
45 lines
1.2 KiB
Ruby
##
|
|
# This module requires Metasploit: http://metasploit.com/download
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
##
|
|
|
|
require 'msf/core'
|
|
|
|
class MetasploitModule < Msf::Auxiliary
|
|
include Msf::Auxiliary::Report
|
|
include Msf::Auxiliary::UDPScanner
|
|
|
|
def initialize
|
|
super(
|
|
'Name' => 'UDP Empty Prober',
|
|
'Description' => 'Detect UDP services that reply to empty probes',
|
|
'Author' => 'Jon Hart <jon_hart[at]rapid7.com>',
|
|
'License' => MSF_LICENSE
|
|
)
|
|
register_options([
|
|
OptString.new('PORTS', [true, 'Ports to probe', '1-1024,1194,2000,2049,4353,5060,5061,5351,8443'])
|
|
], self.class)
|
|
end
|
|
|
|
def setup
|
|
super
|
|
@ports = Rex::Socket.portspec_crack(datastore['PORTS'])
|
|
raise Msf::OptionValidateError.new(['PORTS']) if @ports.empty?
|
|
end
|
|
|
|
def scanner_prescan(batch)
|
|
print_status("Sending #{@ports.length} empty probes to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
|
|
end
|
|
|
|
def scan_host(ip)
|
|
@ports.each do |port|
|
|
scanner_send('', ip, port)
|
|
end
|
|
end
|
|
|
|
def scanner_process(data, shost, sport)
|
|
print_good("Received #{data.inspect} from #{shost}:#{sport}/udp")
|
|
report_service(:host => shost, :port => sport, :proto => 'udp', :info => data.inspect)
|
|
end
|
|
end
|