93 lines
2.7 KiB
Ruby
93 lines
2.7 KiB
Ruby
##
|
|
# This module requires Metasploit: https://metasploit.com/download
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
##
|
|
|
|
class MetasploitModule < Msf::Auxiliary
|
|
include Msf::Exploit::Remote::HttpClient
|
|
include Msf::Auxiliary::Scanner
|
|
|
|
def initialize(info = {})
|
|
super(update_info(info,
|
|
'Name' => 'F5 Networks Devices Management Interface Scanner',
|
|
'Description' => %q{
|
|
This module scans for web management interfaces of the following F5 Networks devices:
|
|
BigIP, BigIQ, Enterprise Manager, ARX, and FirePass.
|
|
},
|
|
'License' => MSF_LICENSE,
|
|
'Author' =>
|
|
[
|
|
'Denis Kolegov <dnkolegov[at]gmail.com>',
|
|
'Oleg Broslavsky <ovbroslavsky[at]gmail.com>',
|
|
'Nikita Oleksov <neoleksov[at]gmail.com>'
|
|
],
|
|
'DefaultOptions' =>
|
|
{
|
|
'SSL' => true,
|
|
'RPORT' => 443
|
|
}
|
|
))
|
|
|
|
register_options(
|
|
[
|
|
OptInt.new('TIMEOUT', [true, 'HTTPS connect/read timeout in seconds', 1])
|
|
])
|
|
end
|
|
|
|
def port_open?
|
|
begin
|
|
res = send_request_raw({'method' => 'GET', 'uri' => '/'}, datastore['TIMEOUT'])
|
|
return true if res
|
|
rescue ::Rex::ConnectionRefused
|
|
vprint_status("Connection refused")
|
|
return false
|
|
rescue ::Rex::ConnectionError
|
|
vprint_error("Connection failed")
|
|
return false
|
|
rescue ::OpenSSL::SSL::SSLError
|
|
vprint_error("SSL/TLS connection error")
|
|
return false
|
|
end
|
|
end
|
|
|
|
def run_host(ip)
|
|
return unless port_open?
|
|
|
|
res = send_request_raw('method' => 'GET', 'uri' => '/')
|
|
if res && res.code == 200
|
|
|
|
# Detect BigIP management interface
|
|
if res.body =~ /<title>BIG\-IP/
|
|
print_good("F5 BigIP web management interface found")
|
|
return
|
|
end
|
|
|
|
# Detect EM management interface
|
|
if res.body =~ /<title>Enterprise Manager/
|
|
print_good("F5 Enterprise Manager web management interface found")
|
|
return
|
|
end
|
|
|
|
# Detect ARX management interface
|
|
if res.body =~ /<title>F5 ARX Manager Login<\/title>/
|
|
print_good("ARX web management interface found")
|
|
return
|
|
end
|
|
end
|
|
|
|
# Detect BigIQ management interface
|
|
res = send_request_raw('method' => 'GET', 'uri' => '/ui/login/')
|
|
if res && res.code == 200 && res.body =~ /<title>BIG\-IQ/
|
|
print_good("F5 BigIQ web management interface found")
|
|
return
|
|
end
|
|
|
|
# Detect FirePass management interface
|
|
res = send_request_raw('method' => 'GET', 'uri' => '/admin/', 'rport' => rport)
|
|
if res && res.code == 200 && res.body =~ /<br><br><br><big><b> FirePass/
|
|
print_good("F5 FirePass web management interface found")
|
|
return
|
|
end
|
|
end
|
|
end
|