Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/gather/browser_info.rb
19567 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::BrowserExploitServer

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => "HTTP Client Information Gather",

14
        'Description' => %q{

15
          This module gathers information about a browser that exploits might be interested in, such

16
          as OS name, browser version, plugins, etc. By default, the module will return a fake 404,

17
          but you can customize this output by changing the Custom404 datastore option, and

18
          redirect to an external web page.

19
        },

20
        'License' => MSF_LICENSE,

21
        'Author' => [ 'sinn3r' ],

22
        'DisclosureDate' => '2016-03-22',

23
        'Actions' => [

24
          [

25
            'WebServer',

26
            'Description' => 'A web server that collects information about the browser.'

27
          ]

28
        ],

29
        'PassiveActions' => [ 'WebServer' ],

30
        'DefaultAction' => 'WebServer',

31
        'Notes' => {

32
          'Reliability' => UNKNOWN_RELIABILITY,

33
          'Stability' => UNKNOWN_STABILITY,

34
          'SideEffects' => UNKNOWN_SIDE_EFFECTS

35
        }

36
      )

37
    )

38
  end

39


40
  def is_key_wanted?(key)

41
    ![:module, :created_at, :tried, :vuln_test, :address].include?(key)

42
  end

43


44
  def is_value_wanted?(value)

45
    !(value.nil? || value =~ /^undefined|false/ || !value)

46
  end

47


48
  def ignore_items!(target_info)

49
    target_info.delete_if do |key, value|

50
      !is_key_wanted?(key) || !is_value_wanted?(value)

51
    end

52
  end

53


54
  def report_host_info(target_info)

55
    opts = { host: target_info[:address] }

56
    opts.merge!(target_info)

57
    report_host(opts)

58
  end

59


60
  def translate_script_meaning(value)

61
    case value

62
    when 'script'

63
      'Browser allows JavaScript'

64
    when 'headers'

65
      'Browser does not allow JavaScript'

66
    end

67
  end

68


69
  def print_target_info(cli, target_info)

70
    print_good("#{cli.peerhost} - We have found the following interesting information:")

71
    report_host_info(target_info)

72
    ignore_items!(target_info)

73
    target_info.each_pair do |key, value|

74
      if key == :source

75
        value = translate_script_meaning(value)

76
      end

77
      print_status("#{cli.peerhost} - #{key} = #{value}")

78
    end

79
  end

80


81
  def on_request_exploit(cli, req, target_info)

82
    print_target_info(cli, target_info)

83
    send_response(cli, '')

84
  end

85


86
  def run

87
    exploit

88
  end

89
end

90


91