Changes to the directory scanner
git-svn-id: file:///home/svn/framework3/trunk@5907 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore
parent
76f0f4202e
commit
e90c534500
|
|
@ -0,0 +1,29 @@
|
||||||
|
404
|
||||||
|
Access Failed
|
||||||
|
Client Authentication Remote Service
|
||||||
|
Error - Bad Request
|
||||||
|
Error Occurred While Processing Request
|
||||||
|
Error Page
|
||||||
|
Error processing SSI file
|
||||||
|
ExtendNet
|
||||||
|
FAIL
|
||||||
|
FireWall-1 message
|
||||||
|
HP Web JetAdmin
|
||||||
|
IMail Server Web Messaging
|
||||||
|
Management Console
|
||||||
|
No web site is configured at this address
|
||||||
|
PHP Fatal error: Unable to open
|
||||||
|
Please identify yourself:
|
||||||
|
RSA SecurID User Name Request
|
||||||
|
Reload acp_userinfo database
|
||||||
|
TYPE=.password
|
||||||
|
TYPE=password
|
||||||
|
The page you requested
|
||||||
|
The userid or password that was specified is not valid.
|
||||||
|
Unable to complete your request due to added security features
|
||||||
|
Web access denied
|
||||||
|
Webmin server
|
||||||
|
encountered an error while publishing this resource
|
||||||
|
error has occurred
|
||||||
|
forcelogon.htm
|
||||||
|
not found
|
||||||
|
|
@ -37,6 +37,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
OptPath.new('DICTIONARY', [ false, "Path of word dictionary to use",
|
OptPath.new('DICTIONARY', [ false, "Path of word dictionary to use",
|
||||||
File.join(Msf::Config.install_root, "data", "wmap", "wmap_dirs.txt")
|
File.join(Msf::Config.install_root, "data", "wmap", "wmap_dirs.txt")
|
||||||
]
|
]
|
||||||
|
),
|
||||||
|
OptPath.new('HTTP404S', [ false, "Path of 404 signatures to use",
|
||||||
|
File.join(Msf::Config.install_root, "data", "wmap", "wmap_404s.txt")
|
||||||
|
]
|
||||||
)
|
)
|
||||||
], self.class)
|
], self.class)
|
||||||
|
|
||||||
|
|
@ -44,12 +48,18 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
def run_host(ip)
|
def run_host(ip)
|
||||||
conn = true
|
conn = true
|
||||||
|
ecode = nil
|
||||||
|
emesg = nil
|
||||||
|
|
||||||
tpath = datastore['PATH']
|
tpath = datastore['PATH']
|
||||||
if tpath[-1,1] != '/'
|
if tpath[-1,1] != '/'
|
||||||
tpath += '/'
|
tpath += '/'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
vhost = datastore['VHOST'] || target_host
|
||||||
|
prot = datastore['SSL'] ? 'https' : 'http'
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Detect error code
|
# Detect error code
|
||||||
#
|
#
|
||||||
|
|
@ -61,20 +71,41 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'ctype' => 'text/html'
|
'ctype' => 'text/html'
|
||||||
}, 20)
|
}, 20)
|
||||||
|
|
||||||
if (res)
|
|
||||||
ecode = res.code.to_i
|
ecode = datastore['ERROR_CODE'].to_i
|
||||||
print_status("Error code set to #{ecode}")
|
|
||||||
else
|
return if not res
|
||||||
ecode = datastore['ERROR_CODE']
|
|
||||||
print_status("Using default error code #{ecode}")
|
tcode = res.code.to_i
|
||||||
|
|
||||||
|
# Look for a string we can signature on as well
|
||||||
|
if(tcode >= 200 and tcode <= 299)
|
||||||
|
ecode = nil
|
||||||
|
File.open(datastore['HTTP404S']).each do |str|
|
||||||
|
if(res.body.index(str))
|
||||||
|
emesg = str
|
||||||
|
break
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if(not emesg)
|
||||||
|
print_status("Using first 256 bytes of the response as 404 string")
|
||||||
|
emesg = res.body[0,256]
|
||||||
|
else
|
||||||
|
print_status("Using custom 404 string of '#{emesg}'")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||||
conn = false
|
conn = false
|
||||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||||
end
|
end
|
||||||
|
|
||||||
if conn
|
return if not conn
|
||||||
File.open(datastore['DICTIONARY']).each { |testf|
|
|
||||||
|
|
||||||
|
File.open(datastore['DICTIONARY']).each do |testf|
|
||||||
begin
|
begin
|
||||||
testfdir = testf.chomp + '/'
|
testfdir = testf.chomp + '/'
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
|
|
@ -83,8 +114,11 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'ctype' => 'text/html'
|
'ctype' => 'text/html'
|
||||||
}, 20)
|
}, 20)
|
||||||
|
|
||||||
if (res and res.code.to_i != ecode.to_i)
|
|
||||||
print_status("Found http://#{target_host}:#{datastore['RPORT']}#{tpath}#{testfdir} #{res.code}")
|
if(not res or (res.code.to_i == ecode) or (emesg and res.body.index(emesg)))
|
||||||
|
print_status("NOT Found #{prot}://#{vhost}:#{datastore['RPORT']}#{tpath}#{testfdir} #{res.code} (#{target_host})")
|
||||||
|
else
|
||||||
|
print_status("Found #{prot}://#{vhost}:#{datastore['RPORT']}#{tpath}#{testfdir} #{res.code} (#{target_host})")
|
||||||
rep_id = wmap_base_report_id(
|
rep_id = wmap_base_report_id(
|
||||||
wmap_target_host,
|
wmap_target_host,
|
||||||
wmap_target_port,
|
wmap_target_port,
|
||||||
|
|
@ -92,14 +126,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
)
|
)
|
||||||
vul_id = wmap_report(rep_id,'DIRECTORY','NAME',"#{tpath}#{testfdir}","Directory #{tpath}#{testfdir} found.")
|
vul_id = wmap_report(rep_id,'DIRECTORY','NAME',"#{tpath}#{testfdir}","Directory #{tpath}#{testfdir} found.")
|
||||||
wmap_report(vul_id,'DIRECTORY','RESP_CODE',"#{res.code}",nil)
|
wmap_report(vul_id,'DIRECTORY','RESP_CODE',"#{res.code}",nil)
|
||||||
else
|
|
||||||
print_status("NOT Found http://#{target_host}:#{datastore['RPORT']}#{tpath}#{testfdir} #{res.code}")
|
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||||
end
|
end
|
||||||
}
|
end
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue