Skip to content

Comments

Add LeakIX search module with 6 actions and bulk streaming#21002

Open
Chocapikk wants to merge 4 commits intorapid7:masterfrom
Chocapikk:add-module-leakix-search
Open

Add LeakIX search module with 6 actions and bulk streaming#21002
Chocapikk wants to merge 4 commits intorapid7:masterfrom
Chocapikk:add-module-leakix-search

Conversation

@Chocapikk
Copy link
Contributor

@Chocapikk Chocapikk commented Feb 21, 2026

Hello Metasploit Team,

This PR adds auxiliary/gather/leakix_search, a new module for the LeakIX API - a search engine focused on indexing internet-exposed services and leaked credentials/databases.

The module provides 6 actions:

  • SEARCH - Paginated search with leak/service scope, up to 500 pages (10,000 results)
  • HOST - Full service and leak details for a specific IP
  • DOMAIN - Full service and leak details for a specific domain
  • SUBDOMAINS - Subdomain enumeration with distinct IP counts and last-seen timestamps
  • PLUGINS - List all available LeakIX scanner plugins (useful for building targeted queries)
  • BULK - True HTTP chunked NDJSON streaming for bulk leak export (Pro API key required)

The BULK action implements manual chunked transfer-encoding dechunking and NDJSON line parsing, processing events as they arrive rather than buffering the entire response. A MAXRESULTS option caps collected results across both SEARCH and BULK. Setting DATABASE true populates the MSF services database for seamless pivoting into other modules.

Query syntax examples:

+country:"France" +port:3306
plugin:HttpOpenProxy
+software.name:"nginx" +country:"US"

Verification

  • Start msfconsole
  • use auxiliary/gather/leakix_search
  • set LEAKIX_APIKEY <your-api-key>
  • set QUERY +port:3306
  • run
  • Verify SEARCH returns results in a table with IP, port, protocol, host, country, organization, software, type, and source columns
  • set ACTION HOST
  • set TARGET_IP <ip-from-results>
  • run
  • Verify HOST returns services and leaks for the given IP
  • set ACTION DOMAIN
  • set TARGET_DOMAIN example.com
  • run
  • Verify DOMAIN returns services and leaks for the given domain
  • set ACTION SUBDOMAINS
  • run
  • Verify SUBDOMAINS returns a list of subdomains with distinct IPs and last-seen dates
  • set ACTION PLUGINS
  • run
  • Verify PLUGINS returns the list of available LeakIX scanner plugins
  • set ACTION BULK
  • set QUERY +country:"France"
  • set MAXRESULTS 30
  • run
  • Verify BULK streams events and stops at MAXRESULTS limit (requires Pro API key)
  • Verify setting DATABASE true populates hosts/services (hosts and services commands)
  • Documentation is included

@Chocapikk
Feat: Add LeakIX search module
692a79a 
Add auxiliary/gather/leakix_search module with 6 actions:
SEARCH, HOST, DOMAIN, SUBDOMAINS, PLUGINS, and BULK streaming.
Includes chunked NDJSON streaming for bulk API, MAXRESULTS
limiting, subdomain enumeration, and database reporting.
@dledda-r7 dledda-r7 added module docs rn-modules release notes for new or majorly enhanced modules labels Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

docs module rn-modules release notes for new or majorly enhanced modules

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Chocapikk @dledda-r7