metasploit-framework/tools/modules/module_reference.rb

242 lines
6.2 KiB
Ruby
Executable File

#!/usr/bin/env ruby
#
# This script lists each module with its references
#
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
require 'msfenv'
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'rex'
require 'msf/ui'
require 'msf/base'
require 'uri'
# See lib/msf/core/module/reference.rb
# We gsub '#{in_ctx_val}' with the actual value
def types
{
'ALL' => '',
'OSVDB' => 'http://www.osvdb.org/#{in_ctx_val}',
'CVE' => 'http://cvedetails.com/cve/#{in_ctx_val}/',
'CWE' => 'http://cwe.mitre.org/data/definitions/#{in_ctx_val}.html',
'BID' => 'http://www.securityfocus.com/bid/#{in_ctx_val}',
'MSB' => 'http://technet.microsoft.com/en-us/security/bulletin/#{in_ctx_val}',
'EDB' => 'http://www.exploit-db.com/exploits/#{in_ctx_val}',
'US-CERT-VU' => 'http://www.kb.cert.org/vuls/id/#{in_ctx_val}',
'ZDI' => 'http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}',
'WPVDB' => 'https://wpvulndb.com/vulnerabilities/#{in_ctx_val}',
'PACKETSTORM' => 'https://packetstormsecurity.com/files/#{in_ctx_val}',
'URL' => '#{in_ctx_val}'
}
end
STATUS_ALIVE = 'Alive'
STATUS_DOWN = 'Down'
STATUS_UNSUPPORTED = 'Unsupported'
sort = 0
filter = 'All'
filters = ['all','exploit','payload','post','nop','encoder','auxiliary']
type ='ALL'
match = nil
check = false
save = nil
opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help menu." ],
"-c" => [ false, "Check reference status"],
"-s" => [ false, "Sort by Reference instead of Module Type."],
"-r" => [ false, "Reverse Sort"],
"-f" => [ true, "Filter based on Module Type [All,Exploit,Payload,Post,NOP,Encoder,Auxiliary] (Default = ALL)."],
"-t" => [ true, "Type of Reference to sort by #{types.keys}"],
"-x" => [ true, "String or RegEx to try and match against the Reference Field"],
"-o" => [ true, "Save the results to a file"]
)
flags = []
opts.parse(ARGV) { |opt, idx, val|
case opt
when "-h"
puts "\nMetasploit Script for Displaying Module Reference information."
puts "=========================================================="
puts opts.usage
exit
when "-c"
flags << "URI Check: Yes"
check = true
when "-s"
flags << "Order: Sorting by License"
sort = 1
when "-r"
flags << "Order: Reverse Sorting"
sort = 2
when "-f"
unless filters.include?(val.downcase)
puts "Invalid Filter Supplied: #{val}"
puts "Please use one of these: #{filters.map{|f|f.capitalize}.join(", ")}"
exit
end
flags << "Module Filter: #{val}"
filter = val
when "-t"
val = (val || '').upcase
unless types.has_key(val)
puts "Invalid Type Supplied: #{val}"
puts "Please use one of these: #{types.keys.inspect}"
exit
end
type = val
when "-x"
flags << "Regex: #{val}"
match = Regexp.new(val)
when "-o"
flags << "Output to file: Yes"
save = val
end
}
flags << "Type: #{type}"
puts flags * " | "
def get_ipv4_addr(hostname)
Rex::Socket::getaddresses(hostname, false)[0]
end
def is_url_alive?(uri)
#puts "URI: #{uri}"
begin
uri = URI(uri)
rhost = get_ipv4_addr(uri.host)
rescue SocketError, URI::InvalidURIError => e
#puts "Return false 1: #{e.message}"
return false
end
rport = uri.port || 80
path = uri.path.blank? ? '/' : uri.path
vhost = rport == 80 ? uri.host : "#{uri.host}:#{rport}"
if uri.scheme == 'https'
cli = ::Rex::Proto::Http::Client.new(rhost, 443, {}, true, 'TLS1')
else
cli = ::Rex::Proto::Http::Client.new(rhost, rport)
end
begin
cli.connect
req = cli.request_raw('uri'=>path, 'vhost'=>vhost)
res = cli.send_recv(req)
rescue Errno::ECONNRESET, Rex::ConnectionError, Rex::ConnectionRefused, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::UnsupportedProtocol, ::Timeout::Error, Errno::ETIMEDOUT => e
#puts "Return false 2: #{e.message}"
return false
ensure
cli.close
end
if res.nil? || res.code == 404 || res.body =~ /<title>.*not found<\/title>/i
#puts "Return false 3: HTTP #{res.code}"
#puts req.to_s
return false
end
true
end
def save_results(path, results)
begin
File.open(path, 'wb') do |f|
f.write(results)
end
puts "Results saved to: #{path}"
rescue Exception => e
puts "Failed to save the file: #{e.message}"
end
end
# Always disable the database (we never need it just to list module
# information).
framework_opts = { 'DisableDatabase' => true }
# If the user only wants a particular module type, no need to load the others
if filter.downcase != 'all'
framework_opts[:module_types] = [ filter.downcase ]
end
# Initialize the simplified framework instance.
$framework = Msf::Simple::Framework.create(framework_opts)
if check
columns = [ 'Module', 'Status', 'Reference' ]
else
columns = [ 'Module', 'Reference' ]
end
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Module References',
'Indent' => 2,
'Columns' => columns
)
bad_refs_count = 0
$framework.modules.each { |name, mod|
next if match and not name =~ match
x = mod.new
x.references.each do |r|
ctx_id = r.ctx_id.upcase
if type == 'ALL' || type == ctx_id
if check
if types.has_key?(ctx_id)
uri = types[r.ctx_id.upcase].gsub(/\#{in_ctx_val}/, r.ctx_val)
if is_url_alive?(uri)
status = STATUS_ALIVE
else
bad_refs_count += 1
status = STATUS_DOWN
end
else
# The reference ID isn't supported so we don't know how to check this
bad_refs_count += 1
status = STATUS_UNSUPPORTED
end
end
ref = "#{r.ctx_id}-#{r.ctx_val}"
new_column = []
new_column << x.fullname
new_column << status if check
new_column << ref
tbl << new_column
end
end
}
if sort == 1
tbl.sort_rows(1)
end
if sort == 2
tbl.sort_rows(1)
tbl.rows.reverse
end
puts
puts tbl.to_s
puts
puts "Number of bad references found: #{bad_refs_count}" if check
save_results(save, tbl.to_s) if save