github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-09-18 14:00:12 +02:00
Code Releases Activity

Added wmap profiles capabilities to use as a method to run specific modules

Browse Source 
git-svn-id: file:///home/svn/framework3/trunk@5988 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
et 2008-12-01 03:48:23 +00:00
parent 3e19245054
commit 8547688d7d
2 changed files with 78 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
data/wmap/wmap_sample_profile.txt Normal file
View File

@ -0,0 +1,23 @@
#
# WMAP Sample Profile
# wmap_run -e /path/to/profile
#
frontpage
frontpage_login
lucky_punch
options
version
wmap_backup_file
wmap_blind_sql_query
#wmap_brute_dirs
wmap_copy_of_file
wmap_dir_listing
wmap_dir_scanner
wmap_file_same_name_dir
wmap_files_dir
wmap_prev_dir_same_name_file
wmap_replace_ext
wmap_ssl_vhost
wmap_verb_auth_bypass
wmap_vhost_scanner
writable

80
lib/msf/ui/console/command_dispatcher/wmap.rb
View File

@ -216,6 +216,9 @@ module Wmap
stamp = Time.now.to_f
mode = 0
eprofile = []
using_p = false
args.push("-h") if args.length == 0
while (arg = args.shift)
@ -225,13 +228,38 @@ module Wmap
when '-e'
mode |= WMAP_EXPL
profile = args.shift
if profile
print_status("Using profile #{profile}.")
begin
File.open(profile).each do |str|
if not str.include? '#'
# Not a comment
modname = str.strip
if not modname.empty?
eprofile << modname
end
end
using_p = true
end
rescue
print_error("Profile not found or invalid.")
return
end
else
print_status("Using ALL wmap enabled modules.")
end
# Create report entry
framework.db.create_report(0,'WMAP','REPORT',"#{selected_host},#{selected_port},#{selected_ssl}","Metasploit WMAP Report",'WMAP Scanner')
when '-h'
print_status("Usage: wmap_run [options]")
print_line("\t-h Display this help text")
print_line("\t-t Show all matching exploit modules")
print_line("\t-e Launch exploits against all matched targets")
print_line("\t-h Display this help text")
print_line("\t-t Show all matching exploit modules")
print_line("\t-e [profile] Launch profile test modules against all matched targets.")
print_line("\t No profile runs all enabled modules.")
print_line("")
return
@ -276,28 +304,30 @@ module Wmap
penabled = e.wmap_enabled
if (penabled)
#
# First run the WMAP_SERVER plugins
#
case e.wmap_type
when :WMAP_SERVER
matches1[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_QUERY
matches2[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_BODY
matches3[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_HEADERS
matches4[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_UNIQUE_QUERY
matches5[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_GENERIC
matches10[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_DIR, :WMAP_FILE
matches[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
else
# Black Hole
end
if penabled
if not using_p or eprofile.include? n.split('/').last
#
# First run the WMAP_SERVER plugins
#
case e.wmap_type
when :WMAP_SERVER
matches1[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_QUERY
matches2[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_BODY
matches3[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_HEADERS
matches4[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_UNIQUE_QUERY
matches5[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_GENERIC
matches10[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
when :WMAP_DIR, :WMAP_FILE
matches[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
else
# Black Hole
end
end
end
end
end