class BaseAuxiliary_iax2: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_llmnr(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='JavaMeterpreterDebug', required=False, description= "Run the payload in debug mode, with logging enabled"), BaseOption(name='Spawn', required=True, description="Number of subprocesses to spawn", value=2) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Drdos(self): self.target_type = "http" self.register_options([ BaseOption(name='SRCIP', required=False, description='Use this source IP'), BaseOption(name='NUM_REQUESTS', required=False, description='Number of requests to send', value=1), ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.target_type = "http" self.register_options([ BaseOption(name="URIPATH", required=False, description='The URI to use for this exploit (default is random)'), BaseOption(name='FILENAME', required=True, description='The file name', value='thg.webarchive'), BaseOption(name='GRABPATH', required=False, description="The URI to receive the UXSS'ed data", value='grab'), BaseOption(name='DOWNLOAD_PATH', required=True, description='The path to download the webarchive', value='thg.webarchive'), BaseOption(name='FILE_URLS', required=False, description='Additional file:// URLs to steal. $USER will be resolved to the username.',), BaseOption(name='STEAL_COOKIES', required=True, description="Enable cookie stealing", value=True), BaseOption(name='STEAL_FILES', required=True, description="Enable local file stealing",value=True), BaseOption(name='INSTALL_EXTENSION', required=True, description="Silently install a Safari extensions (requires click)",value=False), BaseOption(name='EXTENSION_URL', required=False, description="HTTP URL of a Safari extension to install",value="https://data.getadblock.com/safari/AdBlock.safariextz"), BaseOption(name='EXTENSION_ID', required=False, description="The ID of the Safari extension to install", value="com.betafish.adblockforsafari-UAMUU4S2D9") ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='LPATH', required=False, description='The path of the local file to utilize'), BaseOption( name='FILE_LPATHS', required=False, description='A file containing a list of local files to utilize' ) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Etcd: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Etcd(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='RPORT',required=True, description="Port to connect",value=""), BaseOption(name='TARGETURI',required=True, description='base URI of etcd',value='/') ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='PATH', required=True, description='The path to the vulnerable script.',value= '/' ), BaseOption(name='GET', required=False, description="GET parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", value="" ), BaseOption(name='POST',required=False, description="POST parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)",value= "" ), BaseOption(name='COOKIES',required=False, description="Cookies to be sent with the request. ('foo=bar;vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", value="" ), BaseOption(name='HEADERS',required=False, description="Headers to be sent with the request. ('User-Agent=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", value="" ), ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='RPORT', required=True, description="Remote RPORT to Connect",value=5985), BaseOption(name='DOMAIN', required=True, description='The domain to use for Windows authentification', value='WORKSTATION'), BaseOption(name='URI', required=True, description="The URI of the WinRM service", value="/wsman" ), BaseOption(name='USERNAME', required=False, description='A specific username to authenticate as' ), BaseOption(name='PASSWORD', required=False, description='A specific password to authenticate with' ), ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='SERVICE_NAME', required=False, description='The service name' ), BaseOption(name='SERVICE_DISPLAY_NAME', required=False, description='The service display name'), BaseOption(name='SERVICE_PERSIST', required=False, description='Create an Auto run service and do not remove it.', value=False), BaseOption(name='SERVICE_DESCRIPTION', required=False, description="Service description to to be used on target for pretty listing") ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='SRVPORT', required=True, description= 'The local port to listen on.', value=445 ), BaseOption(name='SMBServerMaximumBuffer', required=True, description= 'The maximum number of data in megabytes to buffer', value=2 ), BaseOption(name='SMBServerIdleTimeout', required=True, description= 'The maximum amount of time to keep an idle session open in seconds', value=120) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Pii: name = None # nome do auxiliar description = None # descricao do auxiliar author = [] # nome do autor references = [] # referenia do exploit disclosure_date = None # data de divulgacao service_name = None # nome do servico service_version = None # versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name','service_version'] # info database multi_target = False # vvarios alvos targets = [] # alvo target_type = None # tipo de alvo options = None # opcoes results = None # resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_pii(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='ENTRIES', required=False, description="PII Entry Count", value=1000), BaseOption(name='EMAIL_DOMAIN', required=False, description="Email Domain", value="localhost.localdomain") ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Rservices: name = None # nome do auxiliar description = None # descricao do auxiliar author = [] # nome do autor references = [] # referenia do exploit disclosure_date = None # data de divulgacao service_name = None # nome do servico service_version = None # versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] # info database multi_target = False # vvarios alvos targets = [] # alvo target_type = None # tipo de alvo options = None # opcoes results = None # resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Rservices(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='RUNTIME', required=True, description="The number of seconds to run the test", value=5), BaseOption(name='FROMUSER', required=True, description='The username to login from'), BaseOption( name='FROMUSER_FILE', required=True, description='File containing from usernames, one per line'), BaseOption( name='REMOVE_FROMUSER_FILE', required=True, description= "Automatically delete the FROMUSER_FILE on module completion", value=False) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Udp_Scanner: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_udp_scanner(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='BATCHSIZE', required=True, description='The number of hosts to probe in each set', value=256), BaseOption(name='THREADS', required=True, description="The number of concurrent threads", value=10), #Opt::CHOST, #Opt::CPORT, BaseOption( name='ScannerRecvInterval', required=True, description= 'The maximum numbers of sends before entering the processing loop', value=30), BaseOption( name='ScannerMaxResends', required=True, description= 'The maximum times to resend a packet when out of buffers', value=10), BaseOption( name='ScannerRecvQueueLimit', required=True, description= 'The maximum queue size before breaking out of the processing loop', value=100), BaseOption( name='ScannerRecvWindow', required=True, description= 'The number of seconds to wait post-scan to catch leftover replies', value=15) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='SMB::pipe_evasion', required=True, description='Enable segmented read/writes for SMB Pipes', value=False), BaseOption(name='SMB::pipe_write_min_size', required=True, description='Minimum buffer size for pipe writes', value=1), BaseOption(name='SMB::pipe_write_max_size', required=True, description='Maximum buffer size for pipe writes', value=1024), BaseOption(name='SMB::pipe_read_min_size', required=True, description='Minimum buffer size for pipe reads', value=1), BaseOption(name='SMB::pipe_read_max_size', required=True, description='Maximum buffer size for pipe reads', value=1024), BaseOption(name='SMB::pad_data_level', required=True, description='Place extra padding between headers and data (level 0-3)', value=0), BaseOption(name='SMB::pad_file_level', required=True, description='Obscure path names used in open/create (level 0-3)', value=0), BaseOption(name='SMB::obscure_trans_pipe_level', required=True, description='Obscure PIPE string in TransNamedPipe (level 0-3)', value=0), BaseOption(name='SMBDirect', required=False, description='The target port is a raw SMB service (not NetBIOS)', value=True), BaseOption(name='SMBUser', required=False, description='The username to authenticate as', value=''), BaseOption(name='SMBPass', required=False, description='The password for the specified username', value=''), BaseOption(name='SMBDomain', required=False, description='The Windows domain to use for authentication', value='.'), BaseOption(name='SMBName', required=True, description='The NetBIOS hostname (required for port 139 connections)', value='*SMBSERVER'), BaseOption(name='SMB::VerifySignature', required=True, description="Enforces client-side verification of server response signatures",value=False), BaseOption(name='SMB::ChunkSize', required=True, description='The chunk size for SMB segments, bigger values will increase speed but break NT 4.0 and SMB signing', value=500), # # Control the identified operating system of the client # BaseOption(name='SMB::Native_OS', required=True, description='The Native OS to send during authentication', value='Windows 2000 2195'), BaseOption(name='SMB::Native_LM', required=True, description='The Native LM to send during authentication', value='Windows 2000 5.0'), BaseOption(name='RHOST', required=True, description="Remote Host to connect"), BaseOption(name='RPORT', required=True, description='The SMB service port', value=445) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption( name='TARGETURI', required=True, description='The base path to the wordpress application', value='/'), #], Msf::Exploit::Remote::HTTP::Wordpress BaseOption(name='WPCONTENTDIR', required=True, description='The name of the wp-content directory', value='wp-content'), BaseOption( name='WPCHECK', required=True, description='Check if the website is a valid WordPress install', value=True), #], Msf::Exploit::Remote::HTTP::Wordpress ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.target_type = "http" self.register_options([ BaseOption(name='RPORT', required=False, description="port connections", value=53), BaseOption(name='Proxies', required=False, description="proxy connections"), BaseOption(name='DOMAIN', required=False, description="The target domain name"), BaseOption( name='NS', required=False, description= "Specify the nameservers to use for queries, space separated"), BaseOption(name='SEARCHLIST', required=False, description="DNS domain search list, comma separated"), BaseOption( name='THREADS', required=True, description="Number of threads to use in threaded queries", value=1), BaseOption( name='DnsClientDefaultNS', required=False, description= "Specify the default to use for queries, space separated", value='8.8.8.8 8.8.4.4'), BaseOption( name='DnsClientRetry', required=False, description= "Number of times to try to resolve a record if no response is received", value=2), BaseOption( name='DnsClientRetryInterval', required=False, description="Number of seconds to wait before doing a retry", value=2), BaseOption(name='DnsClientReportARecords', required=False, description="Add hosts found via BRT and RVL to DB", value=True), BaseOption(name='DnsClientRVLExistingOnly', required=False, description="Only perform lookups on hosts in DB", value=True), BaseOption(name='DnsClientTcpDns', required=False, description="Run queries over TCP", value=False), BaseOption( name='DnsClientResolvconf', required=True, description= "Resolvconf formatted configuration file to use for Resolver", value="/dev/null") ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.target_type = "http" self.register_options([ BaseOption(name='SRVPORT', required=True, description='The local port to listen on.', value=53), BaseOption( name='STATIC_ENTRIES', required=False, description= "DNS domain search list (hosts file or space/semicolon separate entries)" ), BaseOption(name='DISABLE_RESOLVER', required=False, description="Disable DNS request forwarding", value=False), BaseOption(name='DISABLE_NS_CACHE', required=False, description="Disable DNS response caching", value=False), BaseOption(name='DnsServerUdp', required=True, description="Serve UDP DNS requests", value=True), BaseOption(name='DnsServerTcp', required=True, description="Serve TCP DNS requests", value=False) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Fuzzer: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Fuzzer(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption( name='FuzzTracer', required=True, description= 'Sets the magic string to embed into fuzzer string inputs', value='MSFROCKS'), BaseOption(name='FuzzChar', required=True, description= 'Sets the character to use for generating long strings', value='X') ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Llmnr: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Llmnr(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name="RHOST", required=True, description="ip to test"), BaseOption(name="RHOST", required=True, description="ip to test"), BaseOption( name='RHOSTS', required=False, description= 'The multicast address or CIDR range of targets to query', value='224.0.0.252'), BaseOption(name='RPORT', required=False, description="port of connection", value=5355), BaseOption(name='NAME', required=True, description='The name to query', volue='localhost'), BaseOption(name='TYPE', required=True, description='The query type (name, # or TYPE#)', value='A') ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Brute: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_tcp_target_brute(self, port_value=None, timeout_value=5, threads_value=1): self.target_type = "tcp" self.register_options([ BaseOption(name="HOST", required=True, description="The IP address to be tested"), BaseOption(name="PORT", required=True, description="The port to be tested", value=port_value), BaseOption(name="TIMEOUT", required=True, description="Connection timeout", value=timeout_value), BaseOption(name="THREADS", required=True, description="The number of threads", value=threads_value), BaseOption(name='USERNAME', required=True, description='A specific username to authenticate as'), BaseOption(name='PASSWORD', required=True, description='A specific password to authenticate with'), BaseOption(name='USER_FILE', required=True, description="File containing usernames, one per line"), BaseOption(name='PASS_FILE', required=True, description="File containing passwords, one per line"), BaseOption(name='USERNAME', required=False, description='A specific username to authenticate as'), BaseOption(name='PASSWORD', required=False, description='A specific password to authenticate with'), BaseOption(name='USER_FILE', required=False, description="File containing usernames, one per line",value=wordlists.aspx), BaseOption(name='PASS_FILE', required=False, description="File containing passwords, one per line"), BaseOption(name='USERPASS_FILE', required=False, description="File containing users and passwords separated by space, one pair per line"), BaseOption(name='BRUTEFORCE_SPEED', required=True, description="How fast to bruteforce, from 0 to 5"), BaseOption(name='VERBOSE', required=True, description="Whether to print output for all attempts"), BaseOption(name='BLANK_PASSWORDS', required=False, description="Try blank passwords for all users"), BaseOption(name='USER_AS_PASS', required=False, description="Try the username as the password for all users"), BaseOption(name='DB_ALL_CREDS', required=False,description="Try each user/password couple stored in the current database"), BaseOption(name='DB_ALL_USERS', required=False,description="Add all users in the current database to the list"), BaseOption(name='DB_ALL_PASS', required=False,description="Add all passwords in the current database to the list"), BaseOption(name='STOP_ON_SUCCESS', required=True,description="Stop guessing when a credential works for a host"), BaseOption(name='REMOVE_USER_FILE', required=True,description="Automatically delete the USER_FILE on module completion", value=False), BaseOption(name='REMOVE_PASS_FILE', required=True,description="Automatically delete the PASS_FILE on module completion", value=False), BaseOption(name='REMOVE_USERPASS_FILE', required=True,description="Automatically delete the USERPASS_FILE on module completion", value=False), BaseOption(name='PASSWORD_SPRAY', required=True,description="Reverse the credential pairing order. For each password, attempt every possible user.",value=False), BaseOption(name='TRANSITION_DELAY', required=False,description="Amount of time (in minutes) to delay before transitioning to the next user in the array (or password when PASSWORD_SPRAY=true)",value=0), BaseOption(name='MaxGuessesPerService', required=False,description="Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used.",value=0), BaseOption(name='MaxMinutesPerService', required=False,description="Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used.",value=0), BaseOption(name='MaxGuessesPerUser', required=False,description="Maximum guesses for a particular username for the service instance.Note that users are considered unique among different services") ]) def register_http_target_brute(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name="URL", required=True, description="The url to be tested"), BaseOption(name="TIMEOUT", required=True, description="Connection timeout", value=timeout_value), BaseOption(name="THREADS", required=True, description="The number of threads", value=threads_value), BaseOption(name='USERNAME', required=True, description='A specific username to authenticate as'), BaseOption(name='PASSWORD', required=True, description='A specific password to authenticate with'), BaseOption(name='USER_FILE', required=True, description="File containing usernames, one per line"), BaseOption(name='PASS_FILE', required=True, description="File containing passwords, one per line"), BaseOption(name='USERNAME', required=False, description='A specific username to authenticate as'), BaseOption(name='PASSWORD', required=False, description='A specific password to authenticate with'), BaseOption(name='USER_FILE', required=False, description="File containing usernames, one per line"), BaseOption(name='PASS_FILE', required=False, description="File containing passwords, one per line"), BaseOption(name='USERPASS_FILE', required=False, description="File containing users and passwords separated by space, one pair per line"), BaseOption(name='BRUTEFORCE_SPEED', required=True, description="How fast to bruteforce, from 0 to 5"), BaseOption(name='VERBOSE', required=True, description="Whether to print output for all attempts"), BaseOption(name='BLANK_PASSWORDS', required=False, description="Try blank passwords for all users"), BaseOption(name='USER_AS_PASS', required=False, description="Try the username as the password for all users"), BaseOption(name='DB_ALL_CREDS', required=False, description="Try each user/password couple stored in the current database"), BaseOption(name='DB_ALL_USERS', required=False, description="Add all users in the current database to the list"), BaseOption(name='DB_ALL_PASS', required=False, description="Add all passwords in the current database to the list"), BaseOption(name='STOP_ON_SUCCESS', required=True, description="Stop guessing when a credential works for a host"), BaseOption(name='REMOVE_USER_FILE', required=True, description="Automatically delete the USER_FILE on module completion", value=False), BaseOption(name='REMOVE_PASS_FILE', required=True, description="Automatically delete the PASS_FILE on module completion", value=False), BaseOption(name='REMOVE_USERPASS_FILE', required=True, description="Automatically delete the USERPASS_FILE on module completion", value=False), BaseOption(name='PASSWORD_SPRAY', required=True, description="Reverse the credential pairing order. For each password, attempt every possible user.", value=False), BaseOption(name='TRANSITION_DELAY', required=False, description="Amount of time (in minutes) to delay before transitioning to the next user in the array (or password when PASSWORD_SPRAY=true)", value=0), BaseOption(name='MaxGuessesPerService', required=False, description="Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used.", value=0), # Tracked in @@guesses_per_service BaseOption(name='MaxMinutesPerService', required=False, description="Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used.", value=0), # Tracked in @@brute_start_time BaseOption(name='MaxGuessesPerUser', required=False, description="Maximum guesses for a particular username for the service instance.Note that users are considered unique among different services, so auser at 10.1.1.1:22 is different from one at 10.2.2.2:22, and both willbe tried up to the MaxGuessesPerUser limit. If set to zero or a non-number,this option will not be used") ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Mqtt: def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Mqtt(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ #Opt::RPORT(Rex::Proto::MQTT::DEFAULT_PORT) BaseOption( name='CLIENT_ID', required=False, description= 'The client ID to send if necessary for bypassing clientid_prefixes' ), BaseOption( name='READ_TIMEOUT', required=False, description='Seconds to wait while reading MQTT responses', value=5) #register_autofilter_ports([Rex::Proto::MQTT::DEFAULT_PORT, Rex::Proto::MQTT::DEFAULT_SSL_PORT]) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Crawler: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def get_full_info(self): return self.dbinfo def register_crawler(self): self.target_type = "http" self.register_options([ BaseOption(name="RHOST", required=True, description="ip to test"), BaseOption(name="RPORT", required=True, description="port", value=80), BaseOption(name='VHOST', required=False, description="HTTP server virtual host"), BaseOption(name='URI', required=True, description="The starting page to crawl", value="/"), BaseOption(name="Proxies", required=True, description="proxy to connnect"), BaseOption( name='MAX_PAGES', required=True, description='The maximum number of pages to crawl per URL', value=500), BaseOption(name='MAX_MINUTES', required=True, description= 'The maximum number of minutes to spend on each URL', value=5), BaseOption(name='MAX_THREADS', required=True, description='The maximum number of concurrent requests', value=4), BaseOption( name='HttpUsername', required=False, description='The HTTP username to specify for authentication'), BaseOption( name='HttpPassword', required=False, description='The HTTP password to specify for authentication'), BaseOption( name='DOMAIN', required=True, description='The domain to use for windows authentication', value='WORKSTATION'), BaseOption( name='SSL', required=False, description='Negotiate SSL/TLS for outgoing connections', value=False), BaseOption(name='DirBust', required=False, description='Bruteforce common URL paths', value=True), BaseOption( name='RequestTimeout', required=False, description='The maximum number of seconds to wait for a reply', value=15), BaseOption(name='RedirectLimit', required=False, description= 'The maximum number of redirects for a single request', value=5), BaseOption(name='RetryLimit', required=False, description= 'The maximum number of attempts for a single request', value=5), BaseOption( name='UserAgent', required=True, description='The User-Agent header to use for all requests', value= "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ), BaseOption( name='BasicAuthUser', required=False, description= 'The HTTP username to specify for basic authentication'), BaseOption( name='BasicAuthPass', required=False, description= 'The HTTP password to specify for basic authentication'), BaseOption( name='HTTPAdditionalHeaders', required=False, description= "A list of additional headers to send (separated by \\x01)"), BaseOption( name='HTTPCookie', required=False, description="A HTTP cookie header to send with each request"), BaseOption(name='SSLVersion', required=True, description="SSL VERSION TO CONNECT") ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_alphanum(self): self.target_type = "http" self.register_options([ BaseOption( name='BufferRegister', required=False, description="The register that pointers to the encoded payload" ), BaseOption( name='BufferOffset', required=False, description= "The offset to the buffer from the start of the register", value=False), BaseOption( name='AllowWin32SEH', required=True, description= "Use SEH to determine the address of the stub (Windows only)", value=False) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_iax2: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_iax2(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='IAX_HOST', required=True, description='The IAX2 server to communicate with'), BaseOption(name='IAX_PORT', required=True, description='The IAX2 server port', value=4569), BaseOption(name='IAX_USER', required=False, description='An optional IAX2 username'), BaseOption(name='IAX_PASS', required=False, description='An optional IAX2 password', value=""), BaseOption(name='IAX_CID_NAME', required=False, description='The default caller ID name', value=''), BaseOption(name='IAX_CID_NUMBER', required=True, description='The default caller ID number', value='15555555555'), BaseOption(name='IAX_DEBUG', required=False, description='Enable IAX2 debugging messages', value=False) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Scanner: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_scanner(self): self.target_type = "http" self.register_options([ BaseOption(name='THREADS', required=True, description="The number of concurrent threads", value=1), BaseOption(name='ShowProgress', required=True, description='Display progress messages during a scan', value=True), BaseOption(name='ShowProgressPercent', required=True, description= 'The interval in percent that progress should be shown', value=10) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption( name='NAMEDPIPE', required=False, description= 'A named pipe that can be connected to (leave blank for auto)', value=""), BaseOption(name='LEAKATTEMPTS', required=True, description='How many times to try to leak transaction', value=99), # Win10 can get stubborn BaseOption(name='RPORT', required=True, description='The Target port', value=445), BaseOption(name='DBGTRACE', required=True, description="Show extra debug trace info", value=False), ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption(name='URIPATH', required=False, description="The URI to use for this exploit (default is random)"), #Exploit::Remote::HttpServer BaseOption(name='HTTP::no_cache', required=False, description='Disallow the browser to cache HTTP content', value=False), BaseOption(name='HTTP::chunked', required=False, description='Enable chunking of HTTP responses via "Transfer-Encoding: chunked"',value=False), BaseOption(name='HTTP::header_folding', required=False, description='Enable folding of HTTP headers', value=False), BaseOption(name='HTTP::junk_headers', required=False, description='Enable insertion of random junk HTTP headers', value=False), BaseOption(name='HTTP::compression', required=False, description='Enable compression of HTTP responses via content encoding', value='none',), #['none','gzip','deflate']] BaseOption(name='HTTP::server_name', required=True, description='Configures the Server header of all outgoing replies', value='Apache'), BaseOption(name='URIHOST', required=False, description='Host to use in URI (useful for tunnels)'), BaseOption(name='URIPORT', required=False, description='Port to use in URI (useful for tunnels)'), BaseOption(name='SendRobots', required=False, description='Return a robots.txt file if asked for one', value=False) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Mms: def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Mms(self, timeout_value=5, threads_value=1): self.target_type = "http" BaseOption(name="RHOST", required=True, description="ip to test"), self.register_options([ BaseOption(name='SMTPFROM',required=False, description='The FROM field for SMTP', value=''), BaseOption(name='SMTPADDRESS',required=True, description='The SMTP server to use to send the text messages',value=''), BaseOption(name='MMSSUBJECT',required=False, description='The Email subject', value=''), BaseOption(name='SMTPPORT',required=True, description='The SMTP port to use to send the text messages', value=25), BaseOption(name='SMTPUSERNAME',required=True, description='The SMTP account to use to send the text messages'), BaseOption(name='SMTPPASSWORD',required=True, description='The SMTP password to use to send the text messages'), BaseOption(name='MMSCARRIER',required=True, description='The targeted MMS service provider', value=''), BaseOption(name='CELLNUMBERS',required=True, description='The phone numbers to send to'), BaseOption(name='TEXTMESSAGE',required=True, description='The text message to send'), BaseOption(name='MMSFILE',required=True, description='The attachment to include in the text file'), BaseOption(name='MMSFILECTYPE',required=True, description='The attachment content type'), BaseOption(name='SmtpLoginType',required=True, description='The SMTP login type', value=''), BaseOption(name='HeloDdomain', required=True, description='The domain to use for HELO',value='') ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Redis: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_redis(self, timeout_value=5, threads_value=1): self.target_type = "http" self.register_options([ BaseOption(name='RUNTIME', required=True, description="The number of seconds to run the test", value=5), BaseOption(name='RPORT', required=True, description='port', value=6379), BaseOption(name='PASSWORD', required=False, description='Redis password for authentication test', value='foobared'), BaseOption( name='READ_TIMEOUT', required=True, description='Seconds to wait while reading redis responses', value=2) ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Drdos: name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = [] #referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] #info database multi_target = False #vvarios alvos targets = [] #alvo target_type = None #tipo de alvo options = None #opcoes results = None #resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_client_dns(self): self.register_options([ BaseOption( name='VERB', required=True, description='HTTP Method to use (for CVE-2010-0738)', value='POST', ), #['GET', 'POST', 'HEAD']] BaseOption( name='PACKAGE', required=False, description='The package containing the BSHDeployer service') ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)
class BaseAuxiliary_Nmap: name = None # nome do auxiliar description = None # descricao do auxiliar author = [] # nome do autor references = [] # referenia do exploit disclosure_date = None # data de divulgacao service_name = None # nome do servico service_version = None # versao do servico dbinfo = [ 'name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version' ] # info database multi_target = False # vvarios alvos targets = [] # alvo target_type = None # tipo de alvo options = None # opcoes results = None # resultados def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() def get_info(self): info = {} for field_name in self.dbinfo: info[field_name] = getattr(self, field_name) return info def register_Nmap(self): self.target_type = "http" self.register_options([ BaseOption(name='RHOSTS', required=False, description="list of hosts", value=""), BaseOption(name='NMAP_VERBOSE', required=False, description='Display nmap output', volue=True), BaseOption( name='RPORTS', required=False, description='Ports to target'), # RPORT supersedes RPORTS ]) def thg_update_info(self, info): for name in info: if name in self.dbinfo: setattr(self, name, info[name]) def register_options(self, option_array): for option in option_array: self.options.add_option(option) def get_missing_options(self): def is_missing(option): return option.required and option.value in [None, ''] missing_options = filter(is_missing, self.options.get_options()) return list(missing_options)