def metasploit_detect_vulns(self, cmd_output):
r = SmartModuleResult()
if 'VULNERABLE to MS17-010' in cmd_output:
r.add_option('vuln-ms17-010', 'true')
return r
def nmap_detect_jmx_and_rmissl(self, cmd_output):
r = SmartModuleResult()
if 'jmxrmi' in cmd_output:
r.add_option('jmx', 'true')
if 'ssl' in cmd_output:
r.add_option('rmissl', 'true')
return r
def cmseek_detect_cms(self, cmd_output):
r = SmartModuleResult()
m = re.search('Detected CMS: (?P<cms>[a-zA-Z ]+[a-zA-Z])', cmd_output)
if m:
cms = m.group('cms').replace(' ', '-').lower()
if cms in self.supported_list_options['cms']:
r.add_option('cms', cms)
return r
def clusterd_detect_server(self, cmd_output):
r = SmartModuleResult()
m = re.search(
'Matched .* fingerprints for service (?P<server>[a-zA-Z]+)',
cmd_output)
if m:
server = m.group('server').lower()
if server in self.supported_list_options['server']:
r.add_option('server', server)
return r
def wig_detect_cms_server_language(self, cmd_output):
MAPPING_WIG = {
'Magento Enterprise Edition': 'magento',
'ASP.NET': 'asp',
}
r = SmartModuleResult()
try:
m = re.findall('m([a-zA-Z ]+[a-zA-Z]).*(CMS|Platform)\s+',
cmd_output[cmd_output.index('VERSION'):])
if m:
for val, typ in m:
if val in MAPPING_WIG.keys():
val = MAPPING_WIG[val]
val = val.replace(' ', '-')
if typ == 'CMS':
if val.lower() in self.supported_list_options['cms']:
r.add_option('cms', val.lower())
else:
if val.lower(
) in self.supported_list_options['server']:
r.add_option('server', val.lower())
elif val.lower(
) in self.supported_list_options['language']:
r.add_option('language', val.lower())
except:
pass
return r
def nmap_detect_vulns(self, cmd_output):
r = SmartModuleResult()
if re.search(
'Microsoft Windows system vulnerable to remote code execution \(MS08-067\)\s*(\r\n|\r|\n)\|\s*State: VULNERABLE',
cmd_output, re.IGNORECASE):
r.add_option('vuln-ms08-067', 'true')
if re.search(
'Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)\s*(\r\n|\r|\n)\|\s*State: VULNERABLE',
cmd_output, re.IGNORECASE):
r.add_option('vuln-ms17-010', 'true')
if re.search(
'SAMBA Remote Code Execution from Writable Share\s*(\r\n|\r|\n)\|\s*State: VULNERABLE',
cmd_output, re.IGNORECASE):
r.add_option('vuln-sambacry', 'true')
return r
def sjet_auth_disabled(self, cmd_output):
r = SmartModuleResult()
if 'Successfully loaded' in cmd_output:
r.add_option('jmxauthdisabled', 'true')
return r
def nmap_detect_ftps(self, cmd_output):
r = SmartModuleResult()
if re.search('open(\s+)ftps', cmd_output):
r.add_option('ftps', 'true')
return r
def tnscmd_sid(self, cmd_output):
r = SmartModuleResult()
m = re.search('ALIAS=(listener_)?(?P<sid>[a-zA-Z0-9]+)\)', cmd_output)
if m:
r.add_option('sid', m.group('sid'))
return r
def start(self, service):
# Mapping Nmap banner (lowercase) => context-specific option value
MAPPING_BANNER = {
'domino': 'lotusdomino',
}
# Mapping from Wappalyzer output (lowercase) => context-specific option value
MAPPING_WAPPALYZER = {
'apache-tomcat': 'tomcat',
'jboss-application-server': 'jboss',
'jboss-web': 'jboss',
'lotus-domino': 'lotusdomino',
'microsoft-asp.net': 'asp',
'adobe-coldfusion': 'coldfusion',
}
result = SmartModuleResult()
# Autodetect https
if service.url.lower().startswith('https://'):
logger.info('HTTPS protocol detected from URL')
result.add_option('https', 'true')
# Try to detect server from banner
if service.banner:
banner = service.banner.lower()
detected = None
for server in self.supported_list_options['server']:
if server in banner:
result.add_option('server', server)
detected = server
for server in MAPPING_BANNER.keys():
if server in banner:
result.add_option('server', server)
detected = server
if detected:
logger.info('Server detected from banner: {server}'.format(
server=detected))
# Autodetect web technos using Wappalyzer
try:
#print(WebPage(service.url).info())
technos = list(
map(lambda x: x.lower().replace(' ', '-'),
WebPage(service.url).info()['apps'].split(';')))
logger.smartinfo(
'Wappalyzer fingerprinting returns: {}'.format(technos))
for tech in technos:
if tech in MAPPING_WAPPALYZER.keys():
tech = MAPPING_WAPPALYZER[tech]
if tech in self.supported_list_options['language']:
result.add_option('language', tech)
elif tech in self.supported_list_options['cms']:
result.add_option('cms', tech)
elif tech in self.supported_list_options['server']:
result.add_option('server', tech)
except Exception as e:
logger.error('Wappalyzer error: {}'.format(e))
return result