Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping.rb
Views: 11623
##1# nessus_xmlrpc_ping.rb2##34##5# This module requires Metasploit: https://metasploit.com/download6# Current source: https://github.com/rapid7/metasploit-framework7##89class MetasploitModule < Msf::Auxiliary10include Msf::Exploit::Remote::HttpClient11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner1314def initialize15super(16'Name' => 'Nessus XMLRPC Interface Ping Utility',17'Description' => %q{18This module simply attempts to find and check19for Nessus XMLRPC interface.'20},21'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],22'License' => MSF_LICENSE,23'DefaultOptions' => { 'SSL' => true }24)2526register_options(27[28Opt::RPORT(8834),29OptInt.new('THREADS', [true, "The number of concurrent threads", 25]),30OptString.new('URI', [true, "URI for Nessus XMLRPC. Default is /", "/"])31])32end3334def run_host(ip)35begin36res = send_request_cgi({37'uri' => datastore['URI'],38'method' => 'GET'39}, 25)40http_fingerprint({ :response => res })41rescue ::Rex::ConnectionError => e42vprint_error("#{datastore['URI']} - #{e.to_s}")43return44end4546if not res47vprint_error("#{datastore['URI']} - No response")48return49end50if not (res.code == 200 or res.code ==302)51vprint_error("HTTP Response was not 200/302")52return53end54if res.headers['Server'] =~ /NessusWWW/55print_good("SUCCESS. '#{ip}' : '#{datastore['RPORT']}'")56report_service(57:host => ip,58:port => datastore['RPORT'],59:name => "nessus-xmlrpc",60:info => 'Nessus XMLRPC',61:state => 'open'62)63else64vprint_error("Wrong HTTP Server header: #{res.headers['Server'] || ''}")65end6667end68end697071