CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1

2
require 'metasploit/framework/login_scanner/http'
3

4
module Metasploit
5
  module Framework
6
    module LoginScanner
7

8
      class Nessus < HTTP
9

10
        DEFAULT_PORT  = 8834
11
        PRIVATE_TYPES = [ :password ]
12
        LIKELY_SERVICE_NAMES = [ 'nessus' ]
13
        LOGIN_STATUS  = Metasploit::Model::Login::Status # Shorter name
14

15

16
        # Checks if the target is a Tenable Nessus server.
17
        #
18
        # @return [Boolean] TrueClass if target is Nessus server, otherwise FalseClass
19
        def check_setup
20
          login_uri = "/server/properties"
21
          res = send_request({'uri'=> login_uri})
22
          if res && res.body.include?('Nessus')
23
            return true
24
          end
25

26
          false
27
        end
28

29
        # Actually doing the login. Called by #attempt_login
30
        #
31
        # @param username [String] The username to try
32
        # @param password [String] The password to try
33
        # @return [Hash]
34
        #   * :status [Metasploit::Model::Login::Status]
35
        #   * :proof [String] the HTTP response body
36
        def get_login_state(username, password)
37
          login_uri = "#{uri}"
38

39
          res = send_request({
40
            'uri' => login_uri,
41
            'method' => 'POST',
42
            'vars_post' => {
43
              'username' => username,
44
              'password' => password
45
            }
46
          })
47

48
          unless res
49
            return {:status => LOGIN_STATUS::UNABLE_TO_CONNECT, :proof => res.to_s}
50
          end
51
          if res.code == 200 && res.body =~ /token/
52
            return {:status => LOGIN_STATUS::SUCCESSFUL, :proof => res.body.to_s}
53
          end
54

55
          {:status => LOGIN_STATUS::INCORRECT, :proof => res.to_s}
56
        end
57

58

59
        # Attempts to login to Nessus.
60
        #
61
        # @param credential [Metasploit::Framework::Credential] The credential object
62
        # @return [Result] A Result object indicating success or failure
63
        def attempt_login(credential)
64
          result_opts = {
65
            credential: credential,
66
            status: Metasploit::Model::Login::Status::INCORRECT,
67
            proof: nil,
68
            host: host,
69
            port: port,
70
            protocol: 'tcp'
71
          }
72

73
          begin
74
            result_opts.merge!(get_login_state(credential.public, credential.private))
75
          rescue ::Rex::ConnectionError => e
76
            # Something went wrong during login. 'e' knows what's up.
77
            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)
78
          end
79

80
          Result.new(result_opts)
81
        end
82

83
        def set_sane_defaults
84
          super
85
          # nessus_rest_login has the same default in TARGETURI, but rspec doesn't check nessus_rest_login
86
          # so we have to set the default here, too.
87
          self.uri = '/session'
88
        end
89

90
      end
91
    end
92
  end
93
end
94

95

96