Code and doc tweaks (minor).

Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.

Author: pbarry-r7

documentation/modules/post/hardware/zigbee/zstumbler.md

@@ -4,24 +4,24 @@ Actively scans the Zigbee channels by sending a beacon broadcast packet and list
 
   **DEVICE**
 
-  Zigbee Device ID.  Defaults to the target device that is specified via the target command or if
-  one device is presented when runnign 'supported_devices' it will use that device.
+  ZigBee Device ID.  Defaults to the target device that is specified via the target command or if
+  one device is presented when running 'supported_devices' it will use that device.
 
   **CHANNEL**
 
-  The Channel to scan.  This will prevent the stumbler from changing channels.  Range is 11-25
-
+  The channel to scan.  Setting this options will prevent the stumbler from changing channels.  Range is 11-26, inclusive.  Default: not set
+n
   **LOOP**
 
-  How many times to loop over the channels.  Specifying a -1 will loop forever.  The default is once.
+  How many times to loop over the channels.  Specifying a -1 will loop forever.  Default: 1
 
   **DELAY**
 
-  The delay in seconds to listen to each channel.  The default is 2
+  The delay in seconds to listen to each channel.  Default: 2
 
 ## Scenarios
 
-  Scanning channel 11 for other Zigbee devices in the area.
+  Scanning channel 11 for other ZigBee devices in the area.
 
 ```
 hwbridge > run post/hardware/zigbee/zstumbler channel=11

lib/msf/core/post/hardware/zigbee/utils.rb

@@ -42,103 +42,83 @@ module Utils
   DOT154_CRYPT_ENC_MIC64          = 0x06    #: Encryption, 64-bit MIC
   DOT154_CRYPT_ENC_MIC128         = 0x07    #: Encryption, 128-bit MIC
 
+  # Infer if the current session is for a ZigBee device.
+  # @return [Boolean] true if session is for a ZigBee device, false otherwise
+  def is_zigbee_hwbridge_session?
+    return true if client.zigbee
+    print_error("Not a ZigBee hwbridge session")
+    false
+  end
+
+  # Verify if a device has been specified.
+  # @return [Boolean] true if device is specified, false otherwise
+  def verify_device(device)
+    return true if device
+    print_line("No target device set, use 'target' or specify bus via the options.")
+    false
+  end
+
   # Retrieves the target Zigbee device.  This is typically set by the user via the
   # interactive HWBridge command line
   # @return [String] Zigbee device ID
   def get_target_device
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return
-    end
+    return unless is_zigbee_hwbridge_session?
     return client.zigbee.get_target_device
   end
 
   # Sets the target default Zigbee Device.  This command typically isn't called via a script
   # Instead the user is expected to set this via the interactive HWBridge commandline
   # @param device [String] Zigbee device ID
   def set_target_device(device)
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return
-    end
+    return unless is_zigbee_hwbridge_session?
     client.zigbee.set_target_device device
   end
 
   # Sets the Zigbee Channel
   # @param device [String] Zigbee device ID
   # @param channel [Integer] Channel number, typically 11-25
   def set_channel(device, channel)
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return {}
-    end
-    device = client.zigbee.target_device if not device
-    if not device
-      print_line("No target device set, use 'target' or specify bus via the options")
-      return {}
-    end
+    return {} unless is_zigbee_hwbridge_session?
+    device = client.zigbee.target_device unless device
+    return {} unless verify_device(device)
     client.zigbee.set_channel(device, channel)
   end
 
   # Inject raw packets.  Need firmware on the zigbee device that supports transmission.
   # @param device [String] Zigbee device ID
   # @param data [String] Raw binary data sent as a string
   def inject(device, data)
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return {}
-    end
-    device = client.zigbee.target_device if not device
-    if not device
-      print_line("No target device set, use 'target' or specify bus via the options")
-      return {}
-    end
+    return {} unless is_zigbee_hwbridge_session?
+    device = client.zigbee.target_device unless device
+    return {} unless verify_device(device)
     client.zigbee.inject(device, data)
   end
 
   # Recieves data from the Zigbee device
   # @param device [String] Zigbee device ID
   # @return [String] Binary blob of returned data
   def recv(device)
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return {}
-    end
-    device = client.zigbee.target_device if not device
-    if not device
-      print_line("No target device set, use 'target' or specify bus via the options")
-      return {}
-    end
+    return {} unless is_zigbee_hwbridge_session?
+    device = client.zigbee.target_device unless device
+    return {} unless verify_device(device)
     client.zigbee.recv(device)
   end
 
   # Turn off Zigbee receiving
   # @param device [String] Zigbee device ID
   def sniffer_off(device)
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return {}
-    end
-    device = client.zigbee.target_device if not device
-    if not device
-      print_line("No target device set, use 'target' or specify bus via the options")
-      return {}
-    end
+    return {} unless is_zigbee_hwbridge_session?
+    device = client.zigbee.target_device unless device
+    return {} unless verify_device(device)
     client.zigbee.sniffer_off(device)
   end
 
   # Turn on Zigbee receiving
   # @param device [String] Zigbee device ID
   def sniffer_on(device)
-    if not client.zigbee
-      print_error("Not a Zigbee hwbridge session")
-      return {}
-    end
-    device = client.zigbee.target_device if not device
-    if not device
-      print_line("No target device set, use 'target' or specify bus via the options")
-      return {}
-    end
+    return {} unless is_zigbee_hwbridge_session?
+    device = client.zigbee.target_device unless device
+    return {} unless verify_device(device)
     client.zigbee.sniffer_on(device)
   end
 

lib/rex/post/hwbridge/ui/console/command_dispatcher/automotive.rb

@@ -63,7 +63,7 @@ def cmd_supported_buses
   def cmd_busconfig(*args)
     bus = ''
     bus_config_opts = Rex::Parser::Arguments.new(
-      '-h' => [ false, 'Help Banner' ],
+      '-h' => [ false, 'Help banner' ],
       '-b' => [ true, 'Target bus']
     )
     bus_config_opts.parse(args) do |opt, _idx, val|

lib/rex/post/hwbridge/ui/console/command_dispatcher/zigbee.rb

@@ -6,6 +6,7 @@ module Rex
 module Post
 module HWBridge
 module Ui
+
 ###
 # Zigbee extension - set of commands to be executed on Zigbee compatible devices
 ###
@@ -18,7 +19,7 @@ class Console::CommandDispatcher::Zigbee
   #
   def commands
     all = {
-      'supported_devices'   => 'Get supported zigbee devices',
+      'supported_devices'   => 'Get supported ZigBee devices',
       'target' => 'Set the target device id',
       'channel' => 'Set the channel'
     }
@@ -38,19 +39,19 @@ def set_target_device(device)
   #
   def cmd_supported_devices
     devices = client.zigbee.supported_devices
-    if not devices or not devices.has_key? "devices"
+    if !devices or !devices.has_key? "devices"
       print_line("error retrieving list of devices")
       return
     end
     devices = devices["devices"]
-    if not devices.size > 0
+    unless devices.size > 0
       print_line("none")
       return
     end
     set_target_device(devices[0]) if devices.size == 1
     str = "Supported Devices: "
-    str += devices.join(', ')
-    str += "\nUse device name to set your desired device, default is: #{self.target_device}"
+    str << devices.join(', ')
+    str << "\nUse device name to set your desired device, default is: #{self.target_device}"
     print_line(str)
   end
 
@@ -60,7 +61,7 @@ def cmd_supported_devices
   def cmd_target(*args)
     self.target_device = ""
     device_opts = Rex::Parser::Arguments.new(
-      '-h' => [ false, 'Help Banner' ],
+      '-h' => [ false, 'Help banner' ],
       '-d' => [ true, 'Device ID' ]
     )
     device_opts.parse(args) do |opt, _idx, val|
@@ -83,9 +84,9 @@ def cmd_channel(*args)
     chan = 11
     dev = self.target_device if self.target_device
     xopts = Rex::Parser::Arguments.new(
-      '-h' => [ false, 'Help Banner' ],
-      '-d' => [ true, 'Zigbee Device' ],
-      '-c' => [ true, 'channel number' ]
+      '-h' => [ false, 'Help banner' ],
+      '-d' => [ true, 'ZigBee device' ],
+      '-c' => [ true, 'Channel number' ]
     )
     xopts.parse(args) do |opt, _idx, val|
       case opt
@@ -99,7 +100,7 @@ def cmd_channel(*args)
         chan = val.to_i
       end
     end
-    if not dev
+    if !dev
       print_line("You must specify or set a target device")
       return
     end

modules/post/hardware/zigbee/zstumbler.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Post
 
   def initialize(info={})
     super( update_info( info,
-        'Name'          => 'Sends Beacons to Scan for Active Zigbee Networks',
+        'Name'          => 'Sends Beacons to Scan for Active ZigBee Networks',
         'Description'   => %q{ Post Module to send beacon signals to the broadcast address while
                                channel hopping},
         'License'       => MSF_LICENSE,
@@ -22,10 +22,10 @@ def initialize(info={})
         'SessionTypes'  => ['hwbridge']
       ))
     register_options([
-      OptInt.new('CHANNEL', [false, "Disable channel hopping by forcing a channel", nil]),
-      OptInt.new('LOOP', [false, "How many times to loop over the channels. -1 is forever", 1]),
+      OptInt.new('CHANNEL', [false, "Disable channel hopping by forcing a channel (11-26)", nil]),
+      OptInt.new('LOOP', [false, "How many times to loop over the channels (-1 will run in an endless loop)", 1]),
       OptInt.new('DELAY', [false, "Delay in seconds to listen on each channel", 2]),
-      OptString.new('DEVICE', [false, "Zigbee device ID, defaults to target device", nil])
+      OptString.new('DEVICE', [false, "ZigBee device ID, defaults to target device", nil])
     ], self.class)
     @seq = 0
     @channel = 11
@@ -55,8 +55,6 @@ def display_details(routerdata)
   end
 
   def scan
-    @loop_count += 1 if @channel > 26 or datastore["CHANNEL"]
-    @channel = 11 if @channel > 26
     @seq = 0 if @seq > 255
     print_status("Scanning Channel #{@channel}")
     set_channel(datastore["DEVICE"], @channel)
@@ -80,14 +78,17 @@ def scan
     sniffer_off(datastore["DEVICE"]) # Needed to clear receive buffers
     @seq += 1
     @channel += 1 if not datastore["CHANNEL"]
+    @loop_count += 1 if @channel > 26 or datastore["CHANNEL"]
+    @channel = 11 if @channel > 26
   end
 
   def run
     if not get_target_device and not datastore["DEVICE"]
-      print_error "No target device set.  Either set one with the 'target' command or specify the DEVICE"
+      print_error "No target device set.  Either set one with the 'target' command or specify the DEVICE."
       return
     end
     @channel = datastore["CHANNEL"] if datastore["CHANNEL"]
+    @channel = 11 if @channel > 26
     if datastore["LOOP"] == -1
       while(1) do
         scan

tools/hardware/killerbee_msfrelay

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 # KillerBee Metasploit relay server
 
 import re
@@ -171,7 +171,7 @@ class MSFHandler(BaseHTTPRequestHandler):
 
 class Killerbee_MSFRelay(cmd.Cmd):
     intro = """
-       Killerbee Metasploit Relay
+       KillerBee Metasploit Relay
 """
 
     def __init__(self, ip='0.0.0.0', port=8080):
@@ -191,7 +191,7 @@ class Killerbee_MSFRelay(cmd.Cmd):
             try:
                 self._sock = HTTPServer((self._ip, self._port), MSFHandler)
                 starttime = int(time.time())
-                print("Killerbee MSFRelay running.")
+                print("KillerBee MSFRelay running.")
                 self._sock.serve_forever()
             except KeyboardInterrupt:
                 self._sock.socket.close()
@@ -236,13 +236,13 @@ if __name__ == "__main__":
             if len(devs) > 0:
                 dev_found = True
             elif not wait_msg:
-                print("Insert Killerbee compatible Zigbee device.  (You may need to add permissions)")
+                print("Insert KillerBee compatible ZigBee device.  (You may need to add permissions)")
                 wait_msg = True
         except KeyboardInterrupt:
             sys.exit()
         except:
             if not wait_msg:
-                print("Insert Killerbee compatible Zigbee device.  (You may need to add permissions)")
+                print("Insert KillerBee compatible ZigBee device.  (You may need to add permissions)")
                 wait_msg = True
 
     beerelay = Killerbee_MSFRelay(ip, port)