Path: blob/master/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb
19593 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'English'6class MetasploitModule < Msf::Auxiliary78# Exploit mixins should be called first9include Msf::Exploit::Remote::DCERPC1011include Msf::Auxiliary::Report1213# Scanner mixin should be near last14include Msf::Auxiliary::Scanner1516def initialize17super(18'Name' => 'Endpoint Mapper Service Discovery',19'Description' => %q{20This module can be used to obtain information from the21Endpoint Mapper service.22},23'Author' => 'hdm',24'License' => MSF_LICENSE,25'Notes' => {26'Stability' => [CRASH_SAFE],27'SideEffects' => [],28'Reliability' => []29}30)3132register_options(33[34Opt::RPORT(135)35]36)37end3839# Obtain information about a single host40def run_host(ip)41ids = dcerpc_endpoint_list42return unless ids4344name = nil45ids.each do |id|46next if !id[:prot]4748line = "#{id[:uuid]} v#{id[:vers]} "49line << "#{id[:prot].upcase} "50line << "(#{id[:port]}) " if id[:port]51line << "(#{id[:pipe]}) " if id[:pipe]52line << "#{id[:host]} " if id[:host]53line << "[#{id[:note]}]" if id[:note]54print_status(line)55if id[:host] && (id[:host][0, 2] == '\\\\')56name = id[:host][2..]57end58next unless (id[:prot].downcase == 'tcp') || (id[:prot].downcase == 'udp')5960report_service(61host: ip,62port: id[:port],63proto: id[:prot].downcase,64name: 'dcerpc',65info: "#{id[:uuid]} v#{id[:vers]} #{id[:note]}"66)67end6869report_host(host: ip, name: name) if name70report_service(71host: ip,72port: rport,73proto: 'tcp',74name: 'dcerpc',75info: "Endpoint Mapper (#{ids.length} services)"76)77rescue ::Interrupt78raise $ERROR_INFO79rescue ::Rex::Proto::DCERPC::Exceptions::Fault => e80vprint_error("#{ip}:#{rport} error: #{e}")81rescue StandardError => e82print_error("#{ip}:#{rport} error: #{e}")83end84end858687