CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/amqp/amqp_version.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Auxiliary::Scanner

8
  include Msf::Auxiliary::Report

9


10
  def initialize

11
    super(

12
      'Name' => 'AMQP 0-9-1 Version Scanner',

13
      'Description' => 'Detect AMQP version information.',

14
      'Author' => 'Spencer McIntyre',

15
      'License' => MSF_LICENSE,

16
      'References' => [

17
        [ 'URL', 'https://www.rabbitmq.com/amqp-0-9-1-reference.html' ]

18
      ]

19
    )

20


21
    register_options([

22
      Opt::RPORT(5671)

23
    ])

24


25
    register_advanced_options(

26
      [

27
        OptBool.new('SSL', [ true, 'Negotiate SSL/TLS for outgoing connections', true ]),

28
        Opt::SSLVersion

29
      ]

30
    )

31
  end

32


33
  def peer

34
    rhost = datastore['RHOST']

35
    rport = datastore['RPORT']

36
    if Rex::Socket.is_ipv6?(rhost)

37
      "[#{rhost}]:#{rport}"

38
    else

39
      "#{rhost}:#{rport}"

40
    end

41
  end

42


43
  def print_prefix

44
    peer.ljust(21) + ' - '

45
  end

46


47
  def run_host(target_host)

48
    amqp_client = Rex::Proto::Amqp::Version091::Client.new(

49
      target_host,

50
      port: datastore['RPORT'],

51
      context: { 'Msf' => framework, 'MsfExploit' => self },

52
      ssl: datastore['SSL'],

53
      ssl_version: datastore['SSLVersion']

54
    )

55


56
    amqp_client.connect

57
    amqp_client.send_protocol_header

58
    amqp_client.recv_connection_start

59
    server_info = amqp_client.server_info

60


61
    info_line = 'AMQP Detected'

62
    unless server_info[:properties]['product'].blank? || server_info[:properties]['version'].blank?

63
      info_line << " (version:#{server_info[:properties]['product']} #{server_info[:properties]['version']})"

64
    end

65
    unless server_info[:properties]['cluster_name'].blank?

66
      info_line << " (cluster:#{server_info[:properties]['cluster_name']})"

67
    end

68
    unless server_info[:properties]['platform'].blank?

69
      info_line << " (platform:#{server_info[:properties]['platform']})"

70
    end

71
    info_line << " (authentication:#{server_info[:security_mechanisms].join(', ')})"

72
    print_status(info_line)

73
    report_service(

74
      host: target_host,

75
      port: datastore['RPORT'],

76
      name: "amqp#{datastore['SSL'] ? 's' : ''}",

77
      info: info_line

78
    )

79
  rescue Rex::Proto::Amqp::Error::UnexpectedReplyError => e

80
    fail_with(Failure::UnexpectedReply, e.message)

81
  rescue Rex::Proto::Amqp::Error::AmqpError => e

82
    fail_with(Failure::Unknown, e.message)

83
  ensure

84
    amqp_client.close

85
  end

86
end

87


88