github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-12 11:52:01 +01:00
Code Releases Activity

fixes #8928

Browse Source
This commit is contained in:
h00die 2017-10-01 19:49:32 -04:00
parent b9bed5af95
commit fc66683502
2 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/rex/google/geolocation.rb
View File

@ -7,11 +7,12 @@ module Rex
module Google
# @example
# g = Rex::Google::Geolocation.new
# g.set_api_key('example')
# g.add_wlan("00:11:22:33:44:55", "example", -80)
# g.fetch!
# puts g, g.google_maps_url
class Geolocation
GOOGLE_API_URI = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true&"
GOOGLE_API_URI = "https://www.googleapis.com/geolocation/v1/geolocate?key="
attr_accessor :accuracy
attr_accessor :latitude
@ -24,20 +25,24 @@ module Rex
# Ask Google's Maps API for the location of a given set of BSSIDs (MAC
# addresses of access points), ESSIDs (AP names), and signal strengths.
def fetch!
@uri.query << @wlan_list.take(10).join("&wifi=")
request = Net::HTTP::Get.new(@uri.request_uri)
def fetch!
request = Net::HTTP::Post.new(@uri.request_uri)
request.body = {'wifiAccessPoints' => @wlan_list}.to_json
request['Content-Type'] = 'application/json'
http = Net::HTTP.new(@uri.host, @uri.port)
http.use_ssl = true
response = http.request(request)
msg = "Failure connecting to Google for location lookup."
if response && response.code == '200'
results = JSON.parse(response.body)
self.latitude = results["location"]["lat"]
self.longitude = results["location"]["lng"]
self.accuracy = results["accuracy"]
elsif response && response.body && response.code != '404' # we can json load and get a good error message
msg += " Code #{results['error']['code']} for query #{@uri} with error #{results['error']['message']}"
fail msg
else
msg = "Failure connecting to Google for location lookup."
msg += " Code #{response.code} for query #{@uri}" if response
fail msg
end
@ -45,15 +50,14 @@ module Rex
# Add an AP to the list to send to Google when {#fetch!} is called.
#
# Turns out Google's API doesn't really care about ESSID or signal strength
# as long as you have BSSIDs. Presumably adding them will make it more
# accurate? Who knows.
#
# @param mac [String] in the form "00:11:22:33:44:55"
# @param ssid [String] ESSID associated with the mac
# @param signal_strength [String] a thing like
def add_wlan(mac, ssid = nil, signal_strength = nil)
@wlan_list.push(URI.encode("mac:#{mac.upcase}|ssid:#{ssid}|ss=#{signal_strength.to_i}"))
def add_wlan(mac, signal_strength)
@wlan_list.push({ :macAddress => mac.upcase.to_s, :signalStrength => signal_strength.to_s })
end
def set_api_key(key)
@uri = URI.parse(URI.encode(GOOGLE_API_URI + key))
end
def google_maps_url

12
modules/post/multi/gather/wlan_geolocate.rb
View File

@ -21,7 +21,8 @@ class MetasploitModule < Msf::Post
register_options(
[
OptBool.new('GEOLOCATE', [ false, 'Use Google APIs to geolocate Linux, Windows, and OS X targets.', false])
OptBool.new('GEOLOCATE', [ false, 'Use Google APIs to geolocate Linux, Windows, and OS X targets.', false]),
OptString.new('APIKEY', [ false, 'Key for Google APIs if error is received without one.', '']),
])
end
@ -83,13 +84,16 @@ class MetasploitModule < Msf::Post
def perform_geolocation(wlan_list)
if wlan_list.blank?
print_error("Unable to enumerate wireless networks from the target. Wireless may not be present or enabled.")
print_error('Unable to enumerate wireless networks from the target. Wireless may not be present or enabled.')
return
elsif datastore['APIKEY'].empty?
print_error("Google API key is required.")
return
end
g = Rex::Google::Geolocation.new
g.set_api_key(datastore['APIKEY'])
wlan_list.each do |wlan|
g.add_wlan(*wlan)
g.add_wlan(wlan[0], wlan[2]) # bssid, signalstrength
end
begin