1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Report
8
  include Msf::Auxiliary::UDPScanner
9

10
  def initialize
11
    super(
12
      'Name' => 'UDP Empty Prober',
13
      'Description' => 'Detect UDP services that reply to empty probes.',
14
      'Author' => 'Jon Hart <jon_hart[at]rapid7.com>',
15
      'License' => MSF_LICENSE,
16
      'Notes' => {
17
        'Stability' => [CRASH_SAFE],
18
        'SideEffects' => [],
19
        'Reliability' => []
20
      }
21
    )
22
    register_options([
23
      OptString.new('PORTS', [true, 'Ports to probe', '1-1024,1194,2000,2049,4353,5060,5061,5351,8443'])
24
    ])
25
  end
26

27
  def setup
28
    super
29
    @ports = Rex::Socket.portspec_crack(datastore['PORTS'])
30
    raise Msf::OptionValidateError, ['PORTS'] if @ports.empty?
31
  end
32

33
  def scanner_prescan(batch)
34
    print_status("Sending #{@ports.length} empty probes to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
35
  end
36

37
  def scan_host(ip)
38
    @ports.each do |port|
39
      scanner_send('', ip, port)
40
    end
41
  end
42

43
  def scanner_process(data, shost, sport)
44
    print_good("Received #{data.inspect} from #{shost}:#{sport}/udp")
45
    report_service(host: shost, port: sport, proto: 'udp', info: data.inspect)
46
  end
47
end
48

49