CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Udp

8
  include Msf::Auxiliary::Report

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name'           => 'Jenkins Server Broadcast Enumeration',

15
        'Description'    => %q(

16
            This module sends out a udp broadcast packet querying for

17
            any Jenkins servers on the local network.

18
            Be advised that while this module does not identify the

19
            port on which Jenkins is running, the default port for

20
            Jenkins is 8080.

21
        ),

22
        'Author'         =>

23
          [

24
            'Adam Compton <[email protected]>',

25
            'Matt Schmidt <[email protected]>'

26
          ],

27
        'References'     =>

28
          [

29
            [ 'URL', 'https://wiki.jenkins-ci.org/display/JENKINS/Auto-discovering+Jenkins+on+the+network' ]

30
          ],

31
        'License'        => MSF_LICENSE

32
      )

33
    )

34
    deregister_udp_options

35
  end

36


37
  def parse_reply(pkt)

38
    # if empty packet, exit

39
    return unless pkt[1]

40


41
    # strip to just the IPv4 address

42
    if pkt[1] =~ /^::ffff:/

43
      pkt[1] = pkt[1].sub(/^::ffff:/, '')

44
    end

45


46
    # check for and extract the version string

47
    ver = pkt[0].scan(/version>(.*)<\/version/i).flatten.first

48


49
    # if a version was identified, then out and store to DB

50
    if ver

51
      print_good("#{pkt[1]} - Found Jenkins Server #{ver} Version")

52
      report_host(

53
        host: pkt[1],

54
        info: "Jenkins v.#{ver} (port typically 8080)"

55
      )

56
    end

57
  end

58


59
  def run

60
    print_status('Sending Jenkins UDP Broadcast Probe ...')

61


62
    udp_sock = connect_udp

63


64
    udp_sock.sendto('\n', '255.255.255.255', 33848, 0)

65


66
    # loop a few times to account for multiple or slow responders

67
    iter = 0

68
    while (r = udp_sock.recvfrom(65535, 0.1)) && (iter < 20)

69
      parse_reply(r)

70
      iter += 1

71
    end

72
  end

73
end

74


75