Use run_host so that we can use THREADS

jsherwood0 · jsherwood0 · commit d3c374147852 · 2015-06-03T18:08:38.000-04:00
- The refactor left the module using run_batch even though the
  features of the code that made this desirable were removed (i.e.,
  it was no longer doing one batch per community string).  By now
  switching back to run_host, we can again take advantage of the
  built-in metasploit multithreading capabilities.

- Also, added back in the display of the result.proof field.  This
  aids in identifying false positives (which have a blank response)
  and is functionality worth keeping.
diff --git a/modules/auxiliary/scanner/snmp/snmp_login.rb b/modules/auxiliary/scanner/snmp/snmp_login.rb
@@ -32,7 +32,6 @@ def initialize
       Opt::CHOST,
       OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 2]),
       OptInt.new('RETRIES', [true, 'The number of retries per community string', 0]),
-      OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
       OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1', '2c', 'all']]),
       OptString.new('PASSWORD', [ false, 'The password to test' ]),
       OptPath.new('PASS_FILE',  [ false, "File containing communities, one per line",
@@ -43,50 +42,42 @@ def initialize
     deregister_options('USERNAME', 'USER_FILE', 'USERPASS_FILE')
   end
 
+  # Operate on a single host so that we can take advantage of multithreading
+  def run_host(ip)
 
-  # Define our batch size
-  def run_batch_size
-    datastore['BATCHSIZE'].to_i
-  end
-
-  # Operate on an entire batch of hosts at once
-  def run_batch(batch)
+    collection = Metasploit::Framework::CommunityStringCollection.new(
+        pass_file: datastore['PASS_FILE'],
+        password: datastore['PASSWORD']
+    )
 
-    batch.each do |ip|
-      collection = Metasploit::Framework::CommunityStringCollection.new(
-          pass_file: datastore['PASS_FILE'],
-          password: datastore['PASSWORD']
-      )
+    scanner = Metasploit::Framework::LoginScanner::SNMP.new(
+        host: ip,
+        port: rport,
+        cred_details: collection,
+        stop_on_success: datastore['STOP_ON_SUCCESS'],
+        bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
+        connection_timeout: datastore['CONNECTION_TIMEOUT'],
+        retries: datastore['RETRIES'],
+        version: datastore['VERSION'],
+        framework: framework,
+        framework_module: self
+    )
 
-      scanner = Metasploit::Framework::LoginScanner::SNMP.new(
-          host: ip,
-          port: rport,
-          cred_details: collection,
-          stop_on_success: datastore['STOP_ON_SUCCESS'],
-          bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
-          connection_timeout: datastore['CONNECTION_TIMEOUT'],
-          retries: datastore['RETRIES'],
-          version: datastore['VERSION'],
-          framework: framework,
-          framework_module: self
+    scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
       )
-
-      scanner.scan! do |result|
-        credential_data = result.to_h
-        credential_data.merge!(
-            module_fullname: self.fullname,
-            workspace_id: myworkspace_id
-        )
-        if result.success?
-          credential_core = create_credential(credential_data)
-          credential_data[:core] = credential_core
-          create_credential_login(credential_data)
-
-          print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential} (Access level: #{result.access_level})"
-        else
-          invalidate_login(credential_data)
-          print_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status})"
-        end
+      if result.success?
+        credential_core = create_credential(credential_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
+
+        print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential} (Access level: #{result.access_level}); Proof (sysDescr.0): #{result.proof}"
+      else
+        invalidate_login(credential_data)
+        print_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status})"
       end
     end
   end
