Path: blob/master/modules/auxiliary/scanner/http/backup_file.rb
19715 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::WmapScanFile8include Msf::Auxiliary::Scanner9include Msf::Auxiliary::Report1011def initialize(info = {})12super(13update_info(14info,15'Name' => 'HTTP Backup File Scanner',16'Description' => %q{17This module identifies the existence of possible copies18of a specific file in a given path.19},20'Author' => [ 'et [at] cyberspace.org' ],21'License' => BSD_LICENSE,22'Notes' => {23'Reliability' => UNKNOWN_RELIABILITY,24'Stability' => UNKNOWN_STABILITY,25'SideEffects' => UNKNOWN_SIDE_EFFECTS26}27)28)2930register_options(31[32OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp'])33]34)35end3637def run_host(ip)38bakextensions = [39'.backup',40'.bak',41'.copy',42'.copia',43'.old',44'.orig',45'.temp',46'.txt',47'~'48]4950bakextensions.each do |ext|51file = normalize_uri(datastore['PATH']) + ext52check_for_file(file, ip)53end54if datastore['PATH'] =~ %r#(.*)(/.+$)#55file = $1 + $2.sub('/', '/.') + '.swp'56check_for_file(file, ip)57end58end5960def check_for_file(file, ip)61begin62res = send_request_cgi({63'uri' => file,64'method' => 'GET',65'ctype' => 'text/plain'66}, 20)6768if (res and res.code >= 200 and res.code < 300)69print_good("Found #{wmap_base_url}#{file}")7071report_web_vuln(72:host => ip,73:port => rport,74:vhost => vhost,75:ssl => ssl,76:path => file,77:method => 'GET',78:pname => "",79:proof => "Res code: #{res.code.to_s}",80:risk => 0,81:confidence => 100,82:category => 'file',83:description => 'Backup file found.',84:name => 'backup file'85)8687else88vprint_status("NOT Found #{wmap_base_url}#{file}")89# To be removed or just displayed with verbose debugging.90end91rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout92rescue ::Timeout::Error, ::Errno::EPIPE93end94end95end969798