Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Report
9
  include Msf::Auxiliary::Scanner
10

11
  def initialize
12
    super(
13
      'Name'        => 'Gopher gophermap Scanner',
14
      'Description' => %q(
15
        This module identifies Gopher servers, and processes the gophermap
16
        file which lists all the files on the server.
17
      ),
18
      'References'  =>
19
        [
20
          ['URL', 'https://sdfeu.org/w/tutorials:gopher']
21
        ],
22
      'Author'      => 'h00die',
23
      'License'     => MSF_LICENSE
24
    )
25

26
    register_options(
27
      [
28
        Opt::RPORT(70),
29
        OptString.new('PATH', [false, 'Path to enumerate', ''])
30
      ]
31
    )
32
  end
33

34
  TYPE_MAP = {
35
    '0' => 'Text file',
36
    '1' => 'Directory',
37
    '2' => 'CSO name server',
38
    '3' => 'Error',
39
    '4' => 'Mac HQX filer',
40
    '5' => 'PC binary',
41
    '6' => 'UNIX uuencoded file',
42
    '7' => 'Search server',
43
    '8' => 'Telnet Session',
44
    '9' => 'Binary File',
45
    'c' => 'Calendar',
46
    'e' => 'Event',
47
    'g' => 'GIF image',
48
    'h' => 'HTML',
49
    'i' => 'inline text',
50
    's' => 'Sound',
51
    'I' => 'Image',
52
    'M' => 'MIME multipart/mixed message',
53
    'T' => 'TN3270 Session'
54
  }.freeze
55

56
  def get_type(char)
57
    TYPE_MAP.fetch(char.chomp)
58
  end
59

60
  def run_host(ip)
61
    begin
62
      connect
63
      sock.put("#{datastore['path']}\r\n")
64
      gophermap = sock.get_once
65
      if gophermap
66
        gophermap.split("\r\n").each do |line|
67
          line_parts = line.split("\t")
68
          next unless line_parts.length >= 2
69
          # syntax: [type_character]description[tab]path[tab, after this is optional]server[tab]port
70
          line_parts = line.split("\t")
71
          desc = line_parts[0]
72
          type_char = desc.slice!(0) # remove first character which is the file type
73
          file_type = get_type(type_char)
74
          if file_type && file_type == 'inline text'
75
            print_good(desc)
76
            next
77
          end
78
          if file_type
79
            print_good("  #{file_type}: #{desc}")
80
          else
81
            print_good("  Invalid File Type (#{type_char}): #{desc}")
82
          end
83
          if line_parts.length >= 3
84
            print_good("    Path: #{line_parts[2]}:#{line_parts[3]}#{line_parts[1]}")
85
          elsif line.length >= 2
86
            print_good("    Path: #{line_parts[2]}#{line_parts[1]}")
87
          else
88
            print_good("    Path: #{line_parts[1]}")
89

90
          end
91
        end
92
        report_service(host: ip, port: rport, service: 'gopher', info: gophermap)
93
      else
94
        print_error('No gophermap')
95
      end
96
    rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET
97
    rescue ::Exception => e
98
      print_error("#{ip}: #{e} #{e.backtrace}")
99
    ensure
100
      disconnect
101
    end
102
  end
103
end
104

105