1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::DECT_COA
8

9
  def initialize
10
    super(
11
      'Name' => 'DECT Base Station Scanner',
12
      'Description' => 'This module scans for DECT base stations.',
13
      'Author' => [ 'DK <privilegedmode[at]gmail.com>' ],
14
      'License' => MSF_LICENSE,
15
      'Notes' => {
16
        'Stability' => [CRASH_SAFE],
17
        'SideEffects' => [],
18
        'Reliability' => []
19
      }
20
    )
21
  end
22

23
  def print_results
24
    print_line("RFPI\t\tChannel")
25
    @base_stations.each_value do |data|
26
      print_line("#{data['rfpi']}\t#{data['channel']}")
27
    end
28
  end
29

30
  def run
31
    @base_stations = {}
32

33
    print_status("Opening interface: #{datastore['INTERFACE']}")
34
    print_status("Using band: #{datastore['BAND']}")
35

36
    open_coa
37

38
    begin
39
      print_status('Changing to fp scan mode.')
40
      fp_scan_mode
41
      print_status('Scanning...')
42

43
      loop do
44
        data = poll_coa
45

46
        if data
47
          parsed_data = parse_station(data)
48
          if !@base_stations.key?(parsed_data['rfpi'])
49
            print_good("Found New RFPI: #{parsed_data['rfpi']}")
50
            @base_stations[parsed_data['rfpi']] = parsed_data
51
          end
52
        end
53

54
        next_channel
55

56
        vprint_status("Switching to channel: #{channel}")
57
        select(nil, nil, nil, 1)
58
      end
59
    ensure
60
      print_status('Closing interface')
61
      stop_coa
62
      close_coa
63
    end
64

65
    print_results
66
  end
67
end
68

69