Path: blob/master/modules/auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum.rb
19758 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Udp7include Msf::Auxiliary::Report89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Jenkins Server Broadcast Enumeration',14'Description' => %q{15This module sends out a udp broadcast packet querying for16any Jenkins servers on the local network.17Be advised that while this module does not identify the18port on which Jenkins is running, the default port for19Jenkins is 8080.20},21'Author' => [22'Adam Compton <[email protected]>',23'Matt Schmidt <[email protected]>'24],25'References' => [26[ 'URL', 'https://wiki.jenkins-ci.org/display/JENKINS/Auto-discovering+Jenkins+on+the+network' ]27],28'License' => MSF_LICENSE,29'Notes' => {30'Reliability' => UNKNOWN_RELIABILITY,31'Stability' => UNKNOWN_STABILITY,32'SideEffects' => UNKNOWN_SIDE_EFFECTS33}34)35)36deregister_udp_options37end3839def parse_reply(pkt)40# if empty packet, exit41return unless pkt[1]4243# strip to just the IPv4 address44if pkt[1] =~ /^::ffff:/45pkt[1] = pkt[1].sub(/^::ffff:/, '')46end4748# check for and extract the version string49ver = pkt[0].scan(/version>(.*)<\/version/i).flatten.first5051# if a version was identified, then out and store to DB52if ver53print_good("#{pkt[1]} - Found Jenkins Server #{ver} Version")54report_host(55host: pkt[1],56info: "Jenkins v.#{ver} (port typically 8080)"57)58end59end6061def run62print_status('Sending Jenkins UDP Broadcast Probe ...')6364udp_sock = connect_udp6566udp_sock.sendto('\n', '255.255.255.255', 33848, 0)6768# loop a few times to account for multiple or slow responders69iter = 070while (r = udp_sock.recvfrom(65535, 0.1)) && (iter < 20)71parse_reply(r)72iter += 173end74end75end767778