Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpClient
8
  include Msf::Auxiliary::Scanner
9
  include Msf::Exploit::Remote::HTTP::Nifi
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'Apache NiFi Version Scanner',
16
        'Description' => %q{
17
          This module identifies Apache NiFi websites and reports their version number.
18

19
          Tested against NiFi major releases 1.14.0 - 1.21.0, and 1.11.0-1.13.0
20
          Also works against NiFi <= 1.13.0, but the module needs to be adjusted:
21
          set SSL false
22
          set rport 8080
23
        },
24
        'License' => MSF_LICENSE,
25
        'Author' => [
26
          'h00die',
27
        ],
28
        'Notes' => {
29
          'Stability' => [CRASH_SAFE],
30
          'Reliability' => [],
31
          'SideEffects' => []
32
        }
33
      )
34
    )
35
  end
36

37
  def run_host(ip)
38
    vprint_status("Checking #{ip}")
39
    version = get_version
40

41
    if version.nil?
42
      print_bad("Apache NiFi not detected on #{ip}")
43
      return
44
    end
45

46
    print_good("Apache NiFi #{version} found on #{ip}")
47
  end
48
end
49

50