Use the connect/read timeout as used by the HTTPClient mixin

Author: jvazquez-r7

modules/auxiliary/scanner/http/f5_bigip_http_vs_scanner.rb

@@ -13,11 +13,10 @@ def initialize(info = {})
     super(update_info(info,
       'Name'        => 'F5 BigIP HTTP Virtual Server Scanner',
       'Description' => %q{
-        This module scans for BigIP HTTP virtual servers based on simple banner grabbing technique.
-        BigIP system uses different HTTP profiles for managing HTTP traffic. In particular, BIG-IP
-        system uses an HTTP profile that specifies the string used as the server agent name in
-        traffic generated by LTM. The default value is equal to "BigIP" or "BIG-IP" and depends on
-        BigIP system version.
+        This module scans for BigIP HTTP virtual servers using banner grabbing. BigIP system uses
+        different HTTP profiles for managing HTTP traffic and these profiles allow to customize
+        the string used as Server HTTP header. The default values are "BigIP" or "BIG-IP" depending
+        on the BigIP system version.
       },
       'Author'      =>
         [
@@ -34,55 +33,53 @@ def initialize(info = {})
 
     register_options(
     [
-      OptString.new('PORTS', [true, "Ports to scan (e.g. 80-81,443,8080-8090)", "80,443"]),
-      OptInt.new('TIMEOUT', [true, "The socket connect timeout in milliseconds", 1000]),
+      OptString.new('PORTS', [true, 'Ports to scan (e.g. 80-81,443,8080-8090)', '80,443']),
+      OptInt.new('TIMEOUT', [true, 'The socket connect/read timeout in seconds', 1]),
     ], self.class)
 
-    deregister_options('RPORT','RHOST')
+    deregister_options('RPORT')
   end
 
-  def bigip_http?(ip, port, ssl, verbose = false)
+  def bigip_http?(ip, port, ssl)
     begin
-      timeout = (datastore['TIMEOUT'] || 1000).to_f / 1000.0
-      ::Timeout.timeout(timeout) do
-        begin
-          res = send_request_raw('method' => 'GET', 'uri' => '/', 'rport' => port, 'SSL' => ssl)
-            if res
-              server = res.headers['Server']
-              return true if server =~ /BIG\-IP/  || server =~ /BigIP/
-            end
-        rescue ::Rex::ConnectionRefused
-          vprint_error("#{ip}:#{port} - Connection refused")
-        rescue ::Rex::ConnectionError
-          vprint_error("#{ip}:#{port} - Connection error")
-        rescue ::OpenSSL::SSL::SSLError
-          vprint_error("#{ip}:#{port} - SSL/TLS connection error")
-        end
-      end
-    rescue Timeout::Error
-      vprint_error("#{ip}:#{port} - HTTP connection timed out") if verbose
+      res = send_request_raw(
+        'method' => 'GET',
+        'uri' => '/',
+        'rport' => port,
+        'SSL' => ssl,
+        'timeout' => 1
+      )
+      return false unless res
+      server = res.headers['Server']
+      return true if server =~ /BIG\-IP/ || server =~ /BigIP/
+    rescue ::Rex::ConnectionRefused
+      vprint_error("#{ip}:#{port} - Connection refused")
+    rescue ::Rex::ConnectionError
+      vprint_error("#{ip}:#{port} - Connection error")
+    rescue ::OpenSSL::SSL::SSLError
+      vprint_error("#{ip}:#{port} - SSL/TLS connection error")
     end
-    return false
+
+    false
   end
 
   def run_host(ip)
-    verbose = datastore['VERBOSE']
     ports = Rex::Socket.portspec_crack(datastore['PORTS'])
-    fail Msf::OptionValidateError.new(['PORTS']) if ports.empty?
-    ports.each do |port|
-      next if port == 443
-      if bigip_http?(ip, port, ssl = false, verbose)
-        print_good("#{ip}:#{port} - BigIP HTTP virtual server found")
-        ports.delete(port)
-      end
+
+    if ports.empty?
+      print_error('PORTS options is invalid')
+      return
     end
 
     ports.each do |port|
-      next if port == 80
-      if bigip_http?(ip, port, ssl = true, verbose)
+      if bigip_http?(ip, port, false)
         print_good("#{ip}:#{port} - BigIP HTTP virtual server found")
+        next
       end
-    end
 
+      if bigip_http?(ip, port, true)
+        print_good("#{ip}:#{port} - BigIP HTTPS virtual server found")
+      end
+    end
   end
 end