def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.cmds = [ { "name": self.proto + "_nmap_" + self.port, "cmd": 'nmap -n --scripts "imap* and default" -sV -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, ] if self.proto == "imap": self.cmds.append({ "name": self.proto + "_version_" + self.port, "cmd": 'nc -w 20 -q 1 -vn ' + self.host + ' ' + self.port + ' </dev/null', "shell": True, "chain": False }) else: self.cmds.append({ "name": self.proto + "_version_" + self.port, "cmd": 'echo "A1 Logout" | openssl s_client -connect ' + self.host + ':' + self.port + ' -crlf -quiet', "shell": True, "chain": False }) msfmodules = [{ "path": "auxiliary/scanner/imap/imap_version", "toset": { "RHOSTS": self.host, "RPORT": self.port } }] self.cmds.append({ "name": self.proto + "_msf_" + self.port, "cmd": self.create_msf_cmd(msfmodules), "shell": True, "chain": False }) if self.intensity == "3": self.extra_info = "You can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames." ssl = " -S " if self.proto == "imaps" else "" # Check if SSL is needed if username != "": self.cmds = [{ "name": self.proto + "_brute_hydra_" + self.port, "cmd": 'hydra -f -e ns -l ' + self.username + ' -P ' + self.plist + ssl + ' -s ' + self.port + ' ' + self.host + ' imap', "shell": True, "chain": False }] else: self.cmds = [{ "name": self.proto + "_brute_hydra_" + self.port, "cmd": 'hydra -f -e ns -L ' + self.ulist + ' -P ' + self.plist + ssl + ' -s ' + self.port + ' ' + self.host + ' imap', "shell": True, "chain": False }]
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.cmds = [ { "name": self.proto + "_nmap_" + self.port, "cmd": 'nmap -n --script "smtp-open-relay or (default and *smtp*)" -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, ] if self.proto == "smtp": self.cmds.append({ "name": self.proto + "_version_" + self.port, "cmd": 'nc -w 20 -q 1 -vn ' + self.host + ' ' + self.port + ' </dev/null', "shell": True, "chain": False }) else: self.cmds.append({ "name": self.proto + "_version_" + self.port, "cmd": 'echo QUIT | openssl s_client -starttls smtp -crlf -connect ' + self.host + ':' + self.port, "shell": True, "chain": False }) msfmodules = [ { "path": "auxiliary/scanner/smtp/smtp_version", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/smtp/smtp_ntlm_domain", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/smtp/smtp_relay", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, ] self.cmds.append({ "name": self.proto + "_msf_" + self.port, "cmd": self.create_msf_cmd(msfmodules), "shell": True, "chain": False }) if self.intensity == 2: self.cmds.append({ "name": self.proto + "_nmap_vuln_" + self.port, "cmd": 'nmap --script smtp-vuln-cve2011-1764,smtp-vuln-cve2011-1720,smtp-vuln-cve2010-4344 ' + self.host + ' ' + self.port, "shell": True, "chain": False }) if self.intensity == "3": # TODO: think about using other methods like RCT self.extra_info = "By default VRFY method is used, if you want to use other (EXPN or RCPT) set it in 'path' variable." self.extra_info += "\nYou can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames." self.path = "VRFY" if self.path.upper() not in [ "EXPN", "RCPT" ] else self.path.upper() if username != "": self.cmds = [{ "name": self.proto + "_brute", "cmd": 'smtp-user-enum -M ' + self.path + ' -u ' + self.username + ' -p ' + self.port + ' -t ' + self.host, "shell": True, "chain": False }] else: self.cmds = [{ "name": self.proto + "_brute", "cmd": 'smtp-user-enum -M ' + self.path + ' -U ' + self.ulist + ' -p ' + self.port + ' -t ' + self.host, "shell": True, "chain": False }]
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.password = self.password if len(self.password) > 0 else "vpn" self.extra_info += "\nIf nothing is set in variable 'password' this module will use 'vpn' as ID." self.cmds = [ { "name": "ike_nmap", "cmd": 'nmap -n -sV --script *ike* -sU -p ' + self.port + ' ' + self.host, "shell": False, "chain": False }, { "name": "ike-scan", "cmd": 'ike-scan -M --sport ' + self.port + ' --dport ' + self.port + ' ' + self.host, "shell": False, "chain": True }, { "name": "ike-scan_nat", "cmd": 'ike-scan -M --nat-t ' + self.host, "shell": False, "chain": True }, { "name": "ike-scan_showback", "cmd": 'ike-scan -M --showbackoff --sport ' + self.port + ' --dport ' + self.port + ' ' + self.host, "shell": False, "chain": True }, { "name": "ike-scan_agressive", "cmd": 'ike-scan --aggressive --id=' + self.password + ' --sport ' + self.port + ' --dport ' + self.port + ' ' + self.host, "shell": False, "chain": True }, { "name": "ike-scan_agr_psk", "cmd": 'ike-scan --pskcrack --aggressive --id=' + self.password + ' --sport ' + self.port + ' --dport ' + self.port + ' ' + self.host, "shell": False, "chain": True }, ] if self.intensity == "3": self.extra_info = "To bruteforce IKE an 'ip' must be set." if self.ip != "": self.plist = self.plist if self.plist != "" else self.wordlists_path + '/wordlists/groupnames.txt' self.cmds.append({ "name": "ikeforce_id", "cmd": 'ikeforce ' + self.ip + ' -e -w ' + self.plist + ' -s 2', "shell": False, "chain": True })
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.cmds = [ { "name": self.proto + "_nikto_" + self.port, "cmd": 'echo n | nikto -nointeractive -maxtime 45m -timeout 60 -host ' + self.proto_host_port_path + ' -Plugins "paths;outdated;report_sqlg;auth;content_search;report_text;fileops;parked;shellshock;report_html;cgi;headers;report_nbe;favicon;cookies;robots;report_xml;report_csv;ms10_070;msgs;drupal;apache_expect_xss;siebel;put_del_test;apacheusers;dictionary;embedded;ssl;clientaccesspolicy;httpoptions;subdomain;negotiate;sitefiles;mutiple_index;strutshock;dishwasher;paths;docker_registry;origin_reflection;dir_traversal;multiple_index"', "shell": True, "chain": False }, { "name": self.proto + "_whatweb_" + self.port, "cmd": "whatweb -a 3 " + self.proto_host_port_path, "shell": False, "chain": False }, { "name": self.proto + "_robots_" + self.port, "cmd": 'curl ' + self.proto_host_port + '/robots.txt -L -k --user-agent "Googlebot/2.1 (+http://www.google.com/bot.html)" --connect-timeout 30 --max-time 180', "shell": True, "chain": False }, { "name": self.proto + "_nmap_" + self.port, "cmd": 'nmap -n -sV --script "(http* and not (dos or brute) and not http-xssed)" -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, { "name": self.proto + "_wafw00f_" + self.port, "cmd": 'wafw00f ' + self.proto_host_port_path, "shell": False, "chain": False }, { "name": self.proto + "_fast_dirsearch_" + self.port, "cmd": "dirsearch -F -r -u " + self.proto_host_port_path + " -e " + self.extensions, "shell": False, "chain": False }, { "name": self.proto + "_dirhunt_" + self.port, "cmd": "dirhunt " + self.proto_host_port_path, "shell": False, "chain": False }, #{"name": "gobuster", "cmd": "gobuster -k -fw -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u "+self.proto_host_port_path+" -x html,txt,"+self.extensions, "shell": False, "chain": False}, #{"name":"dirb","cmd": "dirb -S " + self.proto_host_port_path + " -X ." + self.extensions.replace(",",",."), "shell": False, "chain": False}, #Dirb needs the extension with a point. The flag '-f' in dirsearch makes it behave like dirb (force ext and "/") { "name": self.proto + "_cmsmap_" + self.port, "cmd": 'echo "y" | cmsmap -s ' + self.proto_host_port_path, "shell": True, "chain": False }, { "name": self.proto + "_curl_put_" + self.port, "cmd": 'curl -v -X PUT -d "Hey! I am a PUT" ' + self.proto_host_port_path + "/legion.txt", "shell": True, "chain": False }, ] #if self.domain and self.ip: # self.cmds.append({"name": self.proto+"_vhost-brute", "cmd": "vhost-brute.php --domain "+self.domain+" --ip "+self.ip+" --wordlist "+self.wordlists_path+'/subdomains.txt' + (" --ssl" if self.proto == "https" else ""), "shell": False, "chain": False}) if self.proto == "https": self.cmds.append({ "name": "https_sslscan_" + self.port, "cmd": "sslscan " + self.host_port, "shell": False, "chain": False }) self.cmds.append({ "name": "https_sslyze_" + self.port, "cmd": "sslyze --regular " + self.host_port, "shell": False, "chain": False }) self.cmds.append({ "name": "https_ssl_nmap_" + self.port, "cmd": 'nmap -sV --script "ssl-* and not brute and not dos" -p ' + self.port + " " + self.host, "shell": True, "chain": False }) if self.intensity >= "2": self.cmds.append({ "name": self.proto + "_medium_dirsearch_" + self.port, "cmd": "dirsearch -f -F -r -u " + self.proto_host_port_path + " -e " + self.extensions + " -w /usr/share/wordlists/dirb/common.txt", "shell": False, "chain": False }) if self.intensity == "3": self.extra_info = "You can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames. The default 'path' is '/'." if username != "": self.cmds = [{ "name": self.proto + "_brute_hydra_" + self.port, "cmd": "hydra -l " + self.username + " -P " + self.plist + " " + self.host + " " + self.proto + "-get -s " + self.port + " -f -e ns -m " + self.path, "shell": False, "chain": False }] else: self.cmds = [{ "name": self.proto + "_brute_hydra_" + self.port, "cmd": "hydra -L " + self.ulist + " -P " + self.plist + " " + self.host + " " + self.proto + "-get -s " + self.port + " -f -e ns -m " + self.path, "shell": False, "chain": False }] dav_auth = "-auth " + self.username + ":" + self.password + " " if ( self.username and self.password) else "" self.demand_cmds = [ { "name": self.proto + "_slow_dirsearch_" + self.port, "cmd": "dirsearch -f -F -u " + self.proto_host_port + " -e " + self.extensions + " -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt", "shell": False, "chain": False }, { "name": self.proto + "_sqlmap_" + self.port, "cmd": "sqlmap -u " + self.proto_host_port_path + " --batch --crawl=3 --forms --random-agent --level 1 --risk 1 -f -a", "shell": False, "chain": False }, { "name": self.proto + "_davtestmove_" + self.port, "cmd": "davtest " + dav_auth + "-move -sendbd auto -url " + self.proto_host_port_path, "shell": False, "chain": False }, { "name": self.proto + "_davtestnorm_" + self.port, "cmd": "davtest " + dav_auth + " -sendbd auto -url " + self.proto_host_port_path, "shell": False, "chain": False }, { "name": self.proto + "_wpscan_" + self.port, "cmd": "wpscan --url " + self.proto_host_port_path + " --rua --no-update --enumerate ap", "shell": False, "chain": False }, { "name": self.proto + "_cewl_" + self.port, "cmd": "cewl " + self.proto_host_port_path + " -m 6", "shell": False, "chain": False }, { "name": self.proto + "_arjun_" + self.port, "cmd": "cd " + self.git_path + "/arjun 2>/dev/null; ./arjun.py --get -u " + self.proto_host_port_path + "; " + "./arjun.py --post -u " + self.proto_host_port_path + "; " + "./arjun.py --json -u " + self.proto_host_port_path + "; cd - 2>/dev/null", "shell": True, "chain": False }, ]
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.cmds = [ { "name": "ftp_nmap_" + self.port, "cmd": 'nmap -n -sV --script "ftp* and default" -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, { "name": "ftp_version_" + self.port, "cmd": 'nc -w 20 -q 1 -vn ' + self.host + ' ' + self.port + ' </dev/null', "shell": True, "chain": False }, ] msfmodules = [ { "path": "auxiliary/scanner/ftp/anonymous", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/ftp/ftp_version", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, ] self.cmds.append({ "name": "ftp_msf_" + self.port, "cmd": self.create_msf_cmd(msfmodules), "shell": True, "chain": False }) if self.intensity >= "2": self.cmds.append({ "name": "ftp_nmap_vuln_" + self.port, "cmd": 'nmap -sV --script "ftp* and vuln" -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }) msfmodules_vuln = [ { "path": "auxiliary/scanner/ftp/bison_ftp_traversal", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/ftp/colorado_ftp_traversal", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/ftp/easy_file_sharing_ftp", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/ftp/konica_ftp_traversal", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/ftp/pcman_ftp_traversal", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/ftp/titanftp_xcrc_traversal", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, ] self.cmds.append({ "name": "ftp_msf_vuln_" + self.port, "cmd": self.create_msf_cmd(msfmodules_vuln), "shell": True, "chain": False }) if self.intensity == "3": self.extra_info = "You can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames." if username != "": self.cmds = [{ "name": "ftp_brute_hydra_" + self.port, "cmd": 'hydra -f -e ns -l ' + self.username + ' -P ' + self.plist + ' -s ' + self.port + ' ' + self.host + ' ftp', "shell": True, "chain": False }] else: self.cmds = [{ "name": "ftp_brute_hydra_" + self.port, "cmd": 'hydra -f -e ns -L ' + self.ulist + ' -P ' + self.plist + ' -s ' + self.port + ' ' + self.host + ' ftp', "shell": True, "chain": False }]
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.workdir = self.workdir + "/../" if self.ip != "": self.cmds = [{ "name": "udp-proto-scanner", "cmd": 'udp-proto-scanner.pl ' + self.ip, "shell": False, "chain": False }] self.cmds += [ { "name": "nmap_fast_udp", "cmd": 'nmap -F -sU -sV -T 4 -oA ' + self.workdir + 'nmapu ' + self.host, "shell": False, "chain": False }, { "name": "nmap_init", "cmd": 'nmap -sS -sV -T 4 -oA ' + self.workdir + 'nmapi ' + self.host, "shell": False, "chain": True }, { "name": "nmap_full_fast", "cmd": 'nmap -sS -sV -sC -O -T 4 -p - -oA ' + self.workdir + 'nmapff ' + self.host, "shell": False, "chain": True }, { "name": "nmap_full", "cmd": 'nmap -sS -sV -sC -O -p - -oA ' + self.workdir + 'nmapf ' + self.host, "shell": False, "chain": True }, { "name": "nmap_sctp_full", "cmd": 'nmap -T 4 -sY -sV -sC -p - -oA ' + self.workdir + 'nmapfsctp ' + self.host, "shell": False, "chain": False }, #{"name": "nmap_udp_full", "cmd": 'nmap -sU -sV -p - ' + self.host, "shell": False, "chain": False} ]
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) # TODO: ADD DNSsec attacks and other IPv6 attacks self.cmds = [ { "name": "dnsrecon_127.0.0.0_24", "cmd": 'dnsrecon -r 127.0.0.0/24 -n ' + self.host, "shell": False, "chain": False }, { "name": "dnsrecon_127.0.1.0_24", "cmd": 'dnsrecon -r 127.0.1.0/24 -n ' + self.host, "shell": False, "chain": False }, { "name": "dns_nmap_tcp_" + self.port, "cmd": 'nmap -n -sV --script "(*dns* and (default or (discovery and safe))) or dns-random-txid or dns-random-srcport" -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, { "name": "dns_nmap_udp_" + self.port, "cmd": 'nmap -n -sV -sU --script "(*dns* and (default or (discovery and safe))) or dns-random-txid or dns-random-srcport" -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, ] if self.ip != "": self.cmds.append({ "name": "dig_NS_" + self.port, "cmd": 'dig -x ' + self.ip + ' @' + self.host, "shell": False, "chain": False }) self.cmds.append({ "name": "dnsrecon_" + self.ip + "_24", "cmd": 'dnsrecon -r ' + self.ip + '/24 -n ' + self.host, "shell": False, "chain": False }) if self.ipv6 != "": self.cmds.append({ "name": "dig_NS", "cmd": 'dig -x ' + self.ipv6 + ' @' + self.host, "shell": False, "chain": False }) if self.intensity >= "2": msfmodules_vuln = [{ "path": "auxiliary/scanner/dns/dns_amp", "toset": { "RPORT": self.port, "RHOSTS": self.host } }] self.cmds.append({ "name": "dns_msf_vuln_" + self.port, "cmd": self.create_msf_cmd(msfmodules_vuln), "shell": True, "chain": False }) if self.domain != "": self.cmds.append({ "name": "dig", "cmd": self.dig_cmds( ["axfr", "ANY", "A", "AAAA", "TXT", "MX", "NS", "SOA"]), "shell": True, "chain": False }) self.cmds.append({ "name": "dnsrecon_domain", "cmd": 'dnsrecon -d ' + self.domain + ' -a -n ' + self.host, "shell": False, "chain": False }) msfmodules = [{ "path": "auxiliary/gather/enum_dns", "toset": { "DOMAIN": self.domain, "NS": self.host } }] self.cmds.append({ "name": "DNS_msf", "cmd": self.create_msf_cmd(msfmodules), "shell": True, "chain": False }) if self.intensity == "3": self.wordlist = self.plist if self.plist != "" else self.wordlists_path + '/subdomains.txt' self.cmds = [{ "name": "dnsrecon_brute", "cmd": 'dnsrecon -D ' + self.wordlist + ' -d ' + self.domain + ' -n ' + self.host, "shell": False, "chain": False }]
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.sids = plist if len( plist) > 0 else self.wordlists_path + '/sids-oracle.txt' self.cmds = [ { "name": self.proto + "_nmap_" + self.port, "cmd": 'nmap -n --script "oracle-tns-version" -T4 -sV -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, { "name": self.proto + "_tnscmd10g_version_" + self.port, "cmd": 'tnscmd10g version -p ' + self.port + ' -h ' + self.host, "shell": False, "chain": False }, { "name": self.proto + "_tnscmd10g_status_" + self.port, "cmd": 'tnscmd10g status -p ' + self.port + ' -h ' + self.host, "shell": False, "chain": False }, { "name": self.proto + "_oscanner_" + self.port, "cmd": 'oscanner -p ' + self.port + ' -s ' + self.host, "shell": False, "chain": False }, { "name": self.proto + "_odat_all_" + self.port, "cmd": 'odat.py all -p ' + self.port + ' -s ' + self.host, "shell": False, "chain": False }, { "name": self.proto + "_hydra_sids_" + self.port, "cmd": 'hydra -f -L ' + self.sids + ' -s ' + self.port + ' ' + self.host + ' oracle-sid', "shell": False, "chain": False }, ] if self.intensity >= "2": self.extra_info = "Set the SID that you want to brute force in the 'username' option" if username != "": self.cmds.append( { "name": self.proto + "_brute_nmap_" + self.port, "cmd": 'nmap -sV --script oracle-brute-stealth --script-args oracle-brute-stealth.sid=' + self.username + ' -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, )
def __init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec): Warrior.__init__(self, host, port, workdir, protocol, intensity, username, ulist, password, plist, notuse, extensions, path, reexec, ipv6, domain, interactive, verbose, executed, exec) self.cmds = [ { "name": self.proto + "_nmap_" + self.port, "cmd": 'nmap -n -sV --script pjl-ready-message -p ' + self.port + ' ' + self.host, "shell": True, "chain": False }, ] msfmodules = [ { "path": "auxiliary/scanner/printer/printer_env_vars", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_list_dir", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_list_volumes", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_ready_message", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_version_info", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_version_info", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_env_vars", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, { "path": "auxiliary/scanner/printer/printer_env_vars", "toset": { "RHOSTS": self.host, "RPORT": self.port } }, ] self.cmds.append({ "name": self.proto + "_msf_" + self.port, "cmd": self.create_msf_cmd(msfmodules), "shell": True, "chain": False })