1
##
2
# nessus_xmlrpc_ping.rb
3
##
4

5
##
6
# This module requires Metasploit: https://metasploit.com/download
7
# Current source: https://github.com/rapid7/metasploit-framework
8
##
9

10
class MetasploitModule < Msf::Auxiliary
11
  include Msf::Exploit::Remote::HttpClient
12
  include Msf::Auxiliary::Report
13
  include Msf::Auxiliary::Scanner
14

15
  def initialize
16
    super(
17
      'Name' => 'Nessus XMLRPC Interface Ping Utility',
18
      'Description' => %q{
19
        This module simply attempts to find and check
20
        for Nessus XMLRPC interface.'
21
      },
22
      'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],
23
      'License' => MSF_LICENSE,
24
      'DefaultOptions' => { 'SSL' => true }
25
    )
26

27
    register_options(
28
      [
29
        Opt::RPORT(8834),
30
        OptInt.new('THREADS', [true, "The number of concurrent threads", 25]),
31
        OptString.new('URI', [true, "URI for Nessus XMLRPC. Default is /", "/"])
32
      ]
33
    )
34
  end
35

36
  def run_host(ip)
37
    begin
38
      res = send_request_cgi({
39
        'uri' => datastore['URI'],
40
        'method' => 'GET'
41
      }, 25)
42
      http_fingerprint({ :response => res })
43
    rescue ::Rex::ConnectionError => e
44
      vprint_error("#{datastore['URI']} - #{e.to_s}")
45
      return
46
    end
47

48
    if not res
49
      vprint_error("#{datastore['URI']} - No response")
50
      return
51
    end
52
    if not (res.code == 200 or res.code == 302)
53
      vprint_error("HTTP Response was not 200/302")
54
      return
55
    end
56
    if res.headers['Server'] =~ /NessusWWW/
57
      print_good("SUCCESS. '#{ip}' : '#{datastore['RPORT']}'")
58
      report_service(
59
        :host => ip,
60
        :port => datastore['RPORT'],
61
        :name => "nessus-xmlrpc",
62
        :info => 'Nessus XMLRPC',
63
        :state => 'open'
64
      )
65
    else
66
      vprint_error("Wrong HTTP Server header: #{res.headers['Server'] || ''}")
67
    end
68
  end
69
end
70

71