1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00

Added wmap profiles capabilities to use as a method to run specific modules

git-svn-id: file:///home/svn/framework3/trunk@5988 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
et 2008-12-01 03:48:23 +00:00
parent 3e19245054
commit 8547688d7d
2 changed files with 78 additions and 25 deletions

View File

@ -0,0 +1,23 @@
#
# WMAP Sample Profile
# wmap_run -e /path/to/profile
#
frontpage
frontpage_login
lucky_punch
options
version
wmap_backup_file
wmap_blind_sql_query
#wmap_brute_dirs
wmap_copy_of_file
wmap_dir_listing
wmap_dir_scanner
wmap_file_same_name_dir
wmap_files_dir
wmap_prev_dir_same_name_file
wmap_replace_ext
wmap_ssl_vhost
wmap_verb_auth_bypass
wmap_vhost_scanner
writable

View File

@ -216,6 +216,9 @@ module Wmap
stamp = Time.now.to_f stamp = Time.now.to_f
mode = 0 mode = 0
eprofile = []
using_p = false
args.push("-h") if args.length == 0 args.push("-h") if args.length == 0
while (arg = args.shift) while (arg = args.shift)
@ -225,13 +228,38 @@ module Wmap
when '-e' when '-e'
mode |= WMAP_EXPL mode |= WMAP_EXPL
profile = args.shift
if profile
print_status("Using profile #{profile}.")
begin
File.open(profile).each do |str|
if not str.include? '#'
# Not a comment
modname = str.strip
if not modname.empty?
eprofile << modname
end
end
using_p = true
end
rescue
print_error("Profile not found or invalid.")
return
end
else
print_status("Using ALL wmap enabled modules.")
end
# Create report entry # Create report entry
framework.db.create_report(0,'WMAP','REPORT',"#{selected_host},#{selected_port},#{selected_ssl}","Metasploit WMAP Report",'WMAP Scanner') framework.db.create_report(0,'WMAP','REPORT',"#{selected_host},#{selected_port},#{selected_ssl}","Metasploit WMAP Report",'WMAP Scanner')
when '-h' when '-h'
print_status("Usage: wmap_run [options]") print_status("Usage: wmap_run [options]")
print_line("\t-h Display this help text") print_line("\t-h Display this help text")
print_line("\t-t Show all matching exploit modules") print_line("\t-t Show all matching exploit modules")
print_line("\t-e Launch exploits against all matched targets") print_line("\t-e [profile] Launch profile test modules against all matched targets.")
print_line("\t No profile runs all enabled modules.")
print_line("") print_line("")
return return
@ -276,28 +304,30 @@ module Wmap
penabled = e.wmap_enabled penabled = e.wmap_enabled
if (penabled) if penabled
# if not using_p or eprofile.include? n.split('/').last
# First run the WMAP_SERVER plugins #
# # First run the WMAP_SERVER plugins
case e.wmap_type #
when :WMAP_SERVER case e.wmap_type
matches1[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_SERVER
when :WMAP_QUERY matches1[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
matches2[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_QUERY
when :WMAP_BODY matches2[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
matches3[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_BODY
when :WMAP_HEADERS matches3[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
matches4[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_HEADERS
when :WMAP_UNIQUE_QUERY matches4[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
matches5[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_UNIQUE_QUERY
when :WMAP_GENERIC matches5[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
matches10[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_GENERIC
when :WMAP_DIR, :WMAP_FILE matches10[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
matches[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true when :WMAP_DIR, :WMAP_FILE
else matches[[selected_host,selected_port,selected_ssl,mtype[1]+'/'+n]]=true
# Black Hole else
end # Black Hole
end
end
end end
end end
end end