1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::DECT_COA
8

9
  def initialize
10
    super(
11
      'Name' => 'DECT Call Scanner',
12
      'Description' => 'This module scans for active DECT calls.',
13
      'Author' => [ 'DK <privilegedmode[at]gmail.com>' ],
14
      'License' => MSF_LICENSE,
15
      'Notes' => {
16
        'Stability' => [CRASH_SAFE],
17
        'SideEffects' => [],
18
        'Reliability' => []
19
      }
20
    )
21
  end
22

23
  def print_results
24
    print_line("Time\t\t\t\tRFPI\t\tChannel")
25
    @calls.each_value do |data|
26
      print_line("#{data['time']}\t#{data['rfpi']}\t#{data['channel']}")
27
    end
28
  end
29

30
=begin
31
  def record_call(data)
32
    print_status("Synchronizing..")
33
    pp_scan_mode(data['rfpi_raw'])
34
    while(true)
35
      data = poll_coa()
36
      puts data
37
    end
38
  end
39
=end
40

41
  def run
42
    @calls = {}
43

44
    print_status("Opening interface: #{datastore['INTERFACE']}")
45
    print_status("Using band: #{datastore['BAND']}")
46

47
    open_coa
48

49
    begin
50
      print_status('Changing to call scan mode.')
51
      call_scan_mode
52
      print_status('Scanning...')
53

54
      loop do
55
        data = poll_coa
56
        if data
57
          parsed_data = parse_call(data)
58
          parsed_data['time'] = Time.now
59
          print_good("Found active call on: #{parsed_data['rfpi']}")
60
          @calls[parsed_data['time']] = parsed_data
61
        end
62

63
        next_channel
64

65
        vprint_status("Switching to channel: #{channel}")
66
        select(nil, nil, nil, 1)
67
      end
68
    ensure
69
      print_status('Closing interface')
70
      stop_coa
71
      close_coa
72
    end
73

74
    print_results
75
  end
76
end
77

78