@@ -11,9 +11,10 @@ class Metasploit3 < Msf::Auxiliary
1111
1212 def initialize ( info = { } )
1313 super ( update_info ( info ,
14- 'Name' => 'F5 Management Interface Scanner' ,
14+ 'Name' => 'F5 Networks Devices Management Interface Scanner' ,
1515 'Description' => %q{
16- This module simply detects web management interface of the following F5 Networks devices: BigIP, BigIQ, Enterprise Manager, ARX, and FirePass.
16+ This module scans for web management interfaces of the following F5 Networks devices:
17+ BigIP, BigIQ, Enterprise Manager, ARX, and FirePass.
1718 } ,
1819 'License' => MSF_LICENSE ,
1920 'Author' =>
@@ -31,76 +32,63 @@ def initialize(info = {})
3132 ) )
3233
3334 register_options (
34- [
35- OptInt . new ( 'TIMEOUT' , [ true , "Timeout for the HTTPS probe in milliseconds" , 1000 ] )
36- ] , self . class )
35+ [
36+ OptInt . new ( 'TIMEOUT' , [ true , ' HTTPS connect/read timeout in seconds' , 1 ] )
37+ ] , self . class )
3738 end
3839
39- def port_open? ( to , verbose )
40+ def port_open?
4041 begin
41- ::Timeout . timeout ( to ) do
42- begin
43- res = send_request_raw ( 'method' => 'GET' , 'uri' => '/' )
44- return true if res
45- rescue ::Rex ::ConnectionRefused
46- print_status ( "#{ peer } ) if verbose
47- return false
48- rescue ::Rex ::ConnectionError
49- print_error ( "#{ peer } ) if verbose
50- return false
51- rescue ::OpenSSL ::SSL ::SSLError
52- print_error ( "#{ peer } ) if verbose
53- return false
54- rescue => e
55- print_error ( "#{ peer } ) if verbose
56- end
57- end
58- rescue Timeout ::Error
59- print_error ( "#{ peer } ) if verbose
42+ res = send_request_raw ( 'method' => 'GET' , 'uri' => '/' , 'timeout' => datastore [ 'TIMEOUT' ] )
43+ return true if res
44+ rescue ::Rex ::ConnectionRefused
45+ vprint_status ( "#{ peer } )
46+ return false
47+ rescue ::Rex ::ConnectionError
48+ vprint_error ( "#{ peer } )
49+ return false
50+ rescue ::OpenSSL ::SSL ::SSLError
51+ vprint_error ( "#{ peer } )
6052 return false
6153 end
6254 end
6355
6456 def run_host ( ip )
65- # Test if a RPORT on a remote host is reachable using HTTPClient
66- to = ( datastore [ 'TIMEOUT' ] || 500 ) . to_f / 1000.0
67- verbose = datastore [ 'VERBOSE' ]
68- return unless port_open? ( to , verbose )
57+ return unless port_open?
6958
7059 res = send_request_raw ( 'method' => 'GET' , 'uri' => '/' )
7160 if res && res . code == 200
7261
7362 # Detect BigIP management interface
7463 if res . body =~ /<title>BIG\- IP/
75- print_status ( "#{ peer } )
64+ print_good ( "#{ peer } )
7665 return
7766 end
7867
7968 # Detect EM management interface
8069 if res . body =~ /<title>Enterprise Manager/
81- print_status ( "#{ peer } )
70+ print_good ( "#{ peer } )
8271 return
8372 end
8473
8574 # Detect ARX management interface
8675 if res . body =~ /<title>F5 ARX Manager Login<\/ title>/
87- print_status ( "#{ peer } )
76+ print_good ( "#{ peer } )
8877 return
8978 end
9079 end
9180
92- res = send_request_raw ( 'method' => 'GET' , 'uri' => '/ui/login/' , 'rport' => rport )
93-
9481 # Detect BigIQ management interface
82+ res = send_request_raw ( 'method' => 'GET' , 'uri' => '/ui/login/' )
9583 if res && res . code == 200 && res . body =~ /<title>BIG\- IQ/
96- print_status ( "#{ peer } )
84+ print_good ( "#{ peer } )
9785 return
9886 end
9987
10088 # Detect FirePass management interface
10189 res = send_request_raw ( 'method' => 'GET' , 'uri' => '/admin/' , 'rport' => rport )
10290 if res && res . code == 200 && res . body =~ /<br><br><br><big><b> FirePass/
103- print_status ( "#{ peer } )
91+ print_good ( "#{ peer } )
10492 return
10593 end
10694 end
0 commit comments