'required': True, 'default': None }, 'rport': { 'type': 'port', 'description': 'The target port', 'required': True, 'default': 49152 }, }, 'notes': { 'AKA': ['SharknAT&To', 'sharknatto'] } } def report_wproxy(target, response): # We don't use the response here, but if we were a banner scraper we could # print or report it module.report_vuln(target[0], 'wproxy', port=target[0]) if __name__ == "__main__": study = probe_scanner.make_scanner( # Payload and pattern are given and applied straight to the socket, so # they need to be bytes-like payload=b'\x2a\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00', pattern=b'^\\*\xce.{3}$', onmatch=report_wproxy) module.run(metadata, study)
'references': [ {'type': 'cve', 'ref': '2017-14117'}, {'type': 'url', 'ref': 'https://www.nomotion.net/blog/sharknatto/'}, {'type': 'url', 'ref': 'https://blog.rapid7.com/2017/09/07/measuring-sharknat-to-exposures/#vulnerability5port49152tcpexposure'}, {'type': 'aka', 'ref': 'SharknAT&To'}, {'type': 'aka', 'ref': 'sharknatto'} ], 'type': 'scanner.multi', 'options': { 'rhosts': {'type': 'address_range', 'description': 'The target address', 'required': True, 'default': None}, 'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 49152}, }, } def report_wproxy(target, response): # We don't use the response here, but if we were a banner scraper we could # print or report it module.report_vuln(target[0], 'wproxy', port=target[0]) if __name__ == "__main__": study = probe_scanner.make_scanner( # Payload and pattern are given and applied straight to the socket, so # they need to be bytes-like payload=b'\x2a\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00', pattern=b'^\\*\xce.{3}$', onmatch=report_wproxy ) module.run(metadata, study)