'required': True,
'default': None
},
'rport': {
'type': 'port',
'description': 'The target port',
'required': True,
'default': 49152
},
},
'notes': {
'AKA': ['SharknAT&To', 'sharknatto']
}
}
def report_wproxy(target, response):
# We don't use the response here, but if we were a banner scraper we could
# print or report it
module.report_vuln(target[0], 'wproxy', port=target[0])
if __name__ == "__main__":
study = probe_scanner.make_scanner(
# Payload and pattern are given and applied straight to the socket, so
# they need to be bytes-like
payload=b'\x2a\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00',
pattern=b'^\\*\xce.{3}$',
onmatch=report_wproxy)
module.run(metadata, study)
'references': [
{'type': 'cve', 'ref': '2017-14117'},
{'type': 'url', 'ref': 'https://www.nomotion.net/blog/sharknatto/'},
{'type': 'url', 'ref': 'https://blog.rapid7.com/2017/09/07/measuring-sharknat-to-exposures/#vulnerability5port49152tcpexposure'},
{'type': 'aka', 'ref': 'SharknAT&To'},
{'type': 'aka', 'ref': 'sharknatto'}
],
'type': 'scanner.multi',
'options': {
'rhosts': {'type': 'address_range', 'description': 'The target address', 'required': True, 'default': None},
'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 49152},
},
}
def report_wproxy(target, response):
# We don't use the response here, but if we were a banner scraper we could
# print or report it
module.report_vuln(target[0], 'wproxy', port=target[0])
if __name__ == "__main__":
study = probe_scanner.make_scanner(
# Payload and pattern are given and applied straight to the socket, so
# they need to be bytes-like
payload=b'\x2a\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00',
pattern=b'^\\*\xce.{3}$',
onmatch=report_wproxy
)
module.run(metadata, study)