Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7

8
  def initialize(info = {})
9
    super(
10
      update_info(
11
        info,
12
        'Name' => 'Multi Gather Ping Sweep',
13
        'Description' => %q{ Performs IPv4 ping sweep using the OS included ping command.},
14
        'License' => MSF_LICENSE,
15
        'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
16
        'Platform' => %w[bsd linux osx solaris win],
17
        'SessionTypes' => [ 'meterpreter', 'shell' ]
18
      )
19
    )
20
    register_options(
21
      [
22

23
        OptAddressRange.new('RHOSTS', [true, 'IP Range to perform ping sweep against.']),
24

25
      ]
26
    )
27
  end
28

29
  # Run Method for when run command is issued
30
  def run
31
    iprange = datastore['RHOSTS']
32
    print_status("Performing ping sweep for IP range #{iprange}")
33
    iplst = []
34
    begin
35
      ipadd = Rex::Socket::RangeWalker.new(iprange)
36
      numip = ipadd.num_ips
37
      while (iplst.length < numip)
38
        ipa = ipadd.next_ip
39
        if !ipa
40
          break
41
        end
42

43
        iplst << ipa
44
      end
45

46
      case session.platform
47
      when 'windows'
48
        count = ' -n 1 '
49
        cmd = 'ping'
50
      when 'solaris'
51
        cmd = '/usr/sbin/ping'
52
      else
53
        count = ' -n -c 1 -W 2 '
54
        cmd = 'ping'
55
      end
56

57
      ip_found = []
58

59
      while (!iplst.nil? && !iplst.empty?)
60
        a = []
61
        1.upto session.max_threads do
62
          a << framework.threads.spawn("Module(#{refname})", false, iplst.shift) do |ip_add|
63
            next if ip_add.nil?
64

65
            if session.platform =~ /solaris/i
66
              r = cmd_exec(cmd, "-n #{ip_add} 1")
67
            else
68
              r = cmd_exec(cmd, count + ip_add)
69
            end
70
            if r =~ /(TTL|Alive)/i
71
              print_good "\t#{ip_add} host found"
72
              ip_found << ip_add
73
            else
74
              vprint_status("\t#{ip_add} host not found")
75
            end
76
          end
77
        end
78
        a.map(&:join)
79
      end
80
    rescue Rex::TimeoutError, Rex::Post::Meterpreter::RequestError
81
    rescue ::Exception => e
82
      print_status("The following Error was encountered: #{e.class} #{e}")
83
    end
84

85
    ip_found.each do |ip|
86
      report_host(host: ip)
87
    end
88
  end
89
end
90

91