|
3 | 3 | # Current source: https://github.com/rapid7/metasploit-framework |
4 | 4 | ## |
5 | 5 |
|
6 | | - |
7 | 6 | require 'msf/core' |
8 | 7 |
|
9 | | - |
10 | 8 | class Metasploit3 < Msf::Auxiliary |
11 | 9 |
|
12 | | - # Exploit mixins should be called first |
13 | 10 | include Msf::Exploit::Remote::HttpClient |
14 | | - # Scanner mixin should be near last |
15 | 11 | include Msf::Auxiliary::Scanner |
16 | 12 | include Msf::Auxiliary::Report |
17 | 13 |
|
18 | | - def initialize |
19 | | - super( |
20 | | - 'Name' => 'ElasticSearch Enum Utility', |
21 | | - 'Description' => 'Send a request to enumerate ElasticSearch indices', |
22 | | - 'Author' => ['Silas Cutler <Silas.Cutler [at] BlackListThisDomain.com'], |
23 | | - 'License' => MSF_LICENSE |
24 | | - ) |
| 14 | + def initialize(info = {}) |
| 15 | + super(update_info(info, |
| 16 | + 'Name' => 'ElasticSearch Enum Utility', |
| 17 | + 'Description' => %q{ Send a request to enumerate ElasticSearch indices}, |
| 18 | + 'Author' => |
| 19 | + [ |
| 20 | + 'Silas Cutler <Silas.Cutler [at] BlackListThisDomain.com>' |
| 21 | + ], |
| 22 | + 'License' => MSF_LICENSE |
| 23 | + )) |
| 24 | + |
25 | 25 | register_options( |
26 | 26 | [ |
27 | 27 | Opt::RPORT(9200) |
28 | | - ] |
29 | | - ) |
30 | | - |
| 28 | + ], self.class) |
31 | 29 | end |
32 | 30 |
|
33 | | - def run_host(target_host) |
34 | | - |
| 31 | + def run_host(ip) |
35 | 32 | begin |
36 | 33 | res = send_request_raw({ |
37 | 34 | 'uri' => '/_aliases', |
38 | 35 | 'method' => 'GET', |
39 | 36 | 'version' => '1.0', |
40 | 37 | }, 10) |
41 | 38 |
|
42 | | - if res.nil? |
43 | | - print_error("No response for #{target_host}") |
44 | | - return nil |
45 | | - end |
46 | | - |
47 | 39 | begin |
48 | | - temp = JSON.parse(res.body) |
| 40 | + json_body = JSON.parse(res.body) |
49 | 41 | rescue JSON::ParserError |
50 | 42 | print_error("Unable to parse JSON") |
51 | 43 | return |
52 | 44 | end |
53 | 45 |
|
54 | | - |
55 | | - if (res.code == 200) |
56 | | - temp.each do |index| |
| 46 | + if res and res.code == 200 and res.body.length > 0 |
| 47 | + json_body.each do |index| |
57 | 48 | print_good("Index : " + index[0]) |
58 | 49 | end |
59 | | - end |
60 | 50 |
|
61 | | - if res and res.code == 200 and res.headers['Content-Type'] and res.body.length > 0 |
62 | | - path = store_loot("elasticsearch.enum.file", "text/plain", rhost, res.body, "ElasticSearch Enum Results") |
63 | | - print_status("Results saved to #{path}") |
| 51 | + path = store_loot("elasticsearch.enum.file", "text/plain", ip, res.body, "ElasticSearch Enum Results") |
| 52 | + print_good("Results saved to #{path}") |
64 | 53 | else |
65 | 54 | print_error("Failed to save the result") |
66 | 55 | end |
67 | 56 |
|
68 | | - |
69 | 57 | rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout |
70 | 58 | rescue ::Timeout::Error, ::Errno::EPIPE |
71 | 59 | end |
|
0 commit comments