Module: Msf::RPC::Simple::ModuleMapper
- Defined in:
- lib/msfrpc-simple/module_mapper.rb
Class Method Summary collapse
-
.get_discovery_modules_for_endpoint(endpoint) ⇒ Object
Public: Returns all discovery modules for a singular endpoint.
-
.get_discovery_modules_for_endpoints(endpoints) ⇒ Object
Public: Get all discovery modules, given a host endpoint.
-
.get_protocol_by_port_num(endpoint) ⇒ Object
Public: Returns a guessed protocol based on transport and port num.
Class Method Details
.get_discovery_modules_for_endpoint(endpoint) ⇒ Object
Public: Returns all discovery modules for a singular endpoint
An endpoint looks like:
{ :ip_address,
:port_num,
:protocol,
:transport,
:modules_and_options => [ { :module_name, :module_option_string }, ...],
}
Returns the endpoint object
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/msfrpc-simple/module_mapper.rb', line 46 def self.get_discovery_modules_for_endpoint(endpoint) # If we have an unknown protocol, fall back to guessing by port endpoint[:protocol] = get_protocol_by_port_num(endpoint) unless endpoint[:protocol] # Start out with an empty modules_and_options array endpoint[:modules_and_options] = [] # Now iterate through our protocols, assigning modules & optionss # # FTP # if endpoint[:protocol] == "FTP" endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/ftp/ftp_version", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } # # TELNET # elsif endpoint[:protocol] == "TELNET" endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/telnet/telnet_version", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } # # HTTP # elsif endpoint[:protocol] == "HTTP" endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/http/http_version", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } # # SNMP # elsif endpoint[:protocol] == "SNMP" endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/snmp/snmp_enum", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/snmp/snmp_enumshares", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/snmp/snmp_enumusers", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } # # HTTPS # elsif endpoint[:protocol] == "HTTPS" endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/http/http_version", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } endpoint[:modules_and_options] << { :module_name => "auxiliary/scanner/http/cert", :module_option_string => "RHOSTS #{endpoint[:ip_address]}, RPORT #{endpoint[:port_num]}" } # # Unknown protocol # else end # Return the modified endpoint endpoint end |
.get_discovery_modules_for_endpoints(endpoints) ⇒ Object
Public: Get all discovery modules, given a host endpoint
This method may seem poorly abstracted but you must pass in an IP address
in order to compensate for the different ways that modules accept an
endpoint. For example, scanners need an RHOSTS option, while most other
modules will accept a RHOST option.
Returns a list of hashes, each one containing:
[
{ :ip_address,
:port_num,
:protocol,
:transport,
:modules_and_options => [ { :module_name, :module_option_string }, ...],
}, ...
]
22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/msfrpc-simple/module_mapper.rb', line 22 def self.get_discovery_modules_for_endpoints(endpoints) # # Iterate through the endpoints, assigning modules # endpoints_with_modules = [] endpoints.each do |endpoint| endpoints_with_modules << get_discovery_modules_for_endpoint(endpoint) end endpoints_with_modules end |
.get_protocol_by_port_num(endpoint) ⇒ Object
Public: Returns a guessed protocol based on transport and port num
Returns a protocol (string)
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/msfrpc-simple/module_mapper.rb', line 118 def self.get_protocol_by_port_num(endpoint) #return endpoint[:protocol] unless endpoint[:protocol] == nil protocol = nil if endpoint[:transport] == "TCP" if endpoint[:port_num] == 21 protocol = "FTP" elsif endpoint[:port_num] == 23 protocol = "TELNET" elsif endpoint[:port_num] == 80 protocol = "HTTP" elsif endpoint[:port_num] == 443 protocol = "HTTPS" elsif endpoint[:port_num] == 8080 protocol = "HTTP" end elsif endpoint[:transport] == "UDP" if endpoint[:port_num] == 161 protocol = "SNMP" end else raise "Unknown Transport" end protocol end |