Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Report
8
  include Msf::Auxiliary::UDPScanner
9
  include Msf::Auxiliary::LLMNR
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name'           => 'LLMNR Query',
16
        'Description'    => %q(
17
          This module sends LLMNR queries, which are really just normal UDP DNS
18
          queries done (usually) over multicast on a different port, 5355.
19
          Targets other than the default RHOSTS' 224.0.0.252 should not respond
20
          but may anyway.
21
        ),
22
        'Author'         =>
23
          [
24
            'Jon Hart <jon_hart[at]rapid7.com>'
25
          ],
26
        'License'        => MSF_LICENSE
27
      )
28
    )
29
  end
30

31
  def scanner_prescan(batch)
32
    print_status("Sending LLMNR #{query_type_name}/#{query_class_name} queries for #{query_name} to #{batch[0]}->#{batch[-1]} port #{rport} (#{batch.length} hosts)")
33
    @results = {}
34
  end
35

36
  def scanner_postscan(_batch)
37
    found = {}
38
    @results.each_pair do |peer, resps|
39
      resps.each do |resp|
40
        found[peer] ||= {}
41
        next if found[peer][resp]
42
        response_info = describe_response(resp)
43
        print_good("#{peer} responded with #{response_info}")
44
        report_service(host: peer, port: rport, proto: "udp", name: "llmnr", info: response_info)
45
        found[peer][resp] = true
46
      end
47
    end
48
  end
49
end
50

51