1212# It is worth noting that ONLY CHECKS are performed, no active exploiting.
1313# This makes it safe to run in many environments.
1414#
15- # Author:
16- # pbarry-r7
15+ # Authors:
16+ # * pbarry-r7
17+ # * dmohanty-r7
1718#
1819
1920@job_ids = []
@@ -29,6 +30,17 @@ def wait_until_jobs_done
2930 end
3031end
3132
33+ def run_scanner(host:, mod_name:)
34+ begin
35+ mod = framework.auxiliary.create(mod_name)
36+ mod.datastore['RHOSTS'] = host.address
37+ print_line("Running the #{mod.name}...")
38+ result = mod.run_simple({'RunAsJob': true, 'LocalOutput': self.output})
39+ rescue ::Exception => e
40+ print_error(e.message)
41+ end
42+ end
43+
3244def check_exploit(host:, mod_name:, vuln_check_ret_val:)
3345 begin
3446 mod = framework.exploits.create(mod_name)
5365
5466def setup
5567 # Test and see if we have a database connected
56- begin
57- framework.db.hosts
58- rescue ::ActiveRecord::ConnectionNotEstablished
68+ if not (framework.db and framework.db.active)
5969 print_error("Database connection isn't established")
6070 return false
6171 end
@@ -69,45 +79,28 @@ def main
6979 framework.db.workspace.hosts.each do |host|
7080 print_line("Checking IP: #{host.address}, OS: #{host.os_name}...")
7181
72- check_exploit(host: host,
73- mod_name: 'multi/misc/nodejs_v8_debugger',
74- vuln_check_ret_val: [ Exploit::CheckCode::Appears ])
75-
76- check_exploit(host: host,
77- mod_name: 'unix/misc/distcc_exec',
78- vuln_check_ret_val: [ Exploit::CheckCode::Vulnerable ])
79-
80- check_exploit(host: host,
81- mod_name: 'unix/misc/qnx_qconn_exec',
82- vuln_check_ret_val: [ Exploit::CheckCode::Vulnerable ])
83-
84- check_exploit(host: host,
85- mod_name: 'linux/misc/jenkins_java_deserialize',
86- vuln_check_ret_val: [ Exploit::CheckCode::Vulnerable ])
87-
88- check_exploit(host: host,
89- mod_name: 'linux/http/github_enterprise_secret',
90- vuln_check_ret_val: [ Exploit::CheckCode::Vulnerable ])
91-
92- check_exploit(host: host,
93- mod_name: 'multi/http/traq_plugin_exec',
94- vuln_check_ret_val: [ Exploit::CheckCode::Appears ])
95-
96- check_exploit(host: host,
97- mod_name: 'multi/http/builderengine_upload_exec',
98- vuln_check_ret_val: [ Exploit::CheckCode::Appears ])
99-
100- check_exploit(host: host,
101- mod_name: 'multi/http/mantisbt_php_exec',
102- vuln_check_ret_val: [ Exploit::CheckCode::Appears ])
103-
104- check_exploit(host: host,
105- mod_name: 'multi/http/vbulletin_unserialize',
106- vuln_check_ret_val: [ Exploit::CheckCode::Appears ])
82+ # Modules
83+ { 'multi/misc/nodejs_v8_debugger': [ Exploit::CheckCode::Appears ],
84+ 'unix/misc/distcc_exec': [ Exploit::CheckCode::Vulnerable ],
85+ 'unix/misc/qnx_qconn_exec': [ Exploit::CheckCode::Vulnerable ],
86+ 'linux/misc/jenkins_java_deserialize': [ Exploit::CheckCode::Vulnerable ],
87+ 'linux/http/github_enterprise_secret': [ Exploit::CheckCode::Vulnerable ],
88+ 'multi/http/traq_plugin_exec': [ Exploit::CheckCode::Appears ],
89+ 'multi/http/builderengine_upload_exec': [ Exploit::CheckCode::Appears ],
90+ 'multi/http/mantisbt_php_exec': [ Exploit::CheckCode::Appears ],
91+ 'multi/http/vbulletin_unserialize': [ Exploit::CheckCode::Appears ],
92+ 'unix/webapp/vbulletin_vote_sqli_exec': [ Exploit::CheckCode::Appears ],
93+ 'multi/misc/java_jmx_server': [ Exploit::CheckCode::Appears,
94+ Exploit::CheckCode::Detected ] }.each do |mod,ret_val|
95+ check_exploit(host: host,
96+ mod_name: mod.to_s,
97+ vuln_check_ret_val: ret_val)
98+ end
10799
108- check_exploit(host: host,
109- mod_name: 'unix/webapp/vbulletin_vote_sqli_exec',
110- vuln_check_ret_val: [ Exploit::CheckCode::Appears ])
100+ # Scanners
101+ [ 'scanner/misc/java_rmi_server' ].each do |mod|
102+ run_scanner(host: host, mod_name: mod.to_s)
103+ end
111104 end
112105
113106 wait_until_jobs_done
0 commit comments