CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/tools/modules/module_reference.rb
Views: 1904
#!/usr/bin/env ruby12##3# This module requires Metasploit: https://metasploit.com/download4# Current source: https://github.com/rapid7/metasploit-framework5##67#8# This script lists each module with its references9#1011msfbase = __FILE__12msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) while File.symlink?(msfbase)1314$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))15require 'msfenv'1617$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']1819require 'rex'20require 'uri'2122# See lib/msf/core/module/reference.rb23# We gsub '#{in_ctx_val}' with the actual value24def types25{26'ALL' => '',27'CVE' => 'https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}',28'CWE' => 'http://cwe.mitre.org/data/definitions/#{in_ctx_val}.html',29'BID' => 'http://www.securityfocus.com/bid/#{in_ctx_val}',30'MSB' => 'https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/#{in_ctx_val}',31'EDB' => 'http://www.exploit-db.com/exploits/#{in_ctx_val}',32'US-CERT-VU' => 'http://www.kb.cert.org/vuls/id/#{in_ctx_val}',33'ZDI' => 'http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}',34'WPVDB' => 'https://wpscan.com/vulnerability/#{in_ctx_val}',35'PACKETSTORM' => 'https://packetstormsecurity.com/files/#{in_ctx_val}',36'URL' => '#{in_ctx_val}'37}38end3940STATUS_ALIVE = 'Alive'41STATUS_DOWN = 'Down'42STATUS_REDIRECT = 'Redirect'43STATUS_UNSUPPORTED = 'Unsupported'4445sort = 046filter = 'All'47filters = ['all', 'exploit', 'payload', 'post', 'nop', 'encoder', 'auxiliary']48type = 'ALL'49match = nil50check = false51save = nil52is_url_alive_cache = {}53http_timeout = 2054$verbose = false5556opts = Rex::Parser::Arguments.new(57'-h' => [ false, 'Help menu.' ],58'-c' => [ false, 'Check Reference status'],59'-s' => [ false, 'Sort by Reference instead of Module Type.'],60'-r' => [ false, 'Reverse Sort'],61'-f' => [ true, 'Filter based on Module Type [All,Exploit,Payload,Post,NOP,Encoder,Auxiliary] (Default = ALL).'],62'-t' => [ true, "Type of Reference to sort by #{types.keys}"],63'-x' => [ true, 'String or RegEx to try and match against the Reference Field'],64'-o' => [ true, 'Save the results to a file'],65'--csv' => [ false, 'Save the results file in CSV format'],66'-i' => [ true, 'Set an HTTP timeout'],67'-v' => [ false, 'Verbose']68)6970flags = []7172opts.parse(ARGV) do |opt, _idx, val|73case opt74when '-h'75puts "\nMetasploit Script for Displaying Module Reference information."76puts '=========================================================='77puts opts.usage78exit79when '-c'80flags << 'URI Check: Yes'81check = true82when '-s'83flags << 'Order: Sorting by Reference'84sort = 185when '-r'86flags << 'Order: Reverse Sorting'87sort = 288when '-f'89unless filters.include?(val.downcase)90puts "Invalid Filter Supplied: #{val}"91puts "Please use one of these: #{filters.map { |f| f.capitalize }.join(', ')}"92exit93end94flags << "Module Filter: #{val}"95filter = val96when '-t'97val = (val || '').upcase98unless types.has_key?(val)99puts "Invalid Type Supplied: #{val}"100puts "Please use one of these: #{types.keys.inspect}"101exit102end103type = val104when '-i'105http_timeout = /^\d+/ === val ? val.to_i : 20106when '-v'107$verbose = true108when '-x'109flags << "Regex: #{val}"110match = Regexp.new(val)111when '-o'112flags << 'Output to file: Yes'113save = val114when '--csv'115flags << 'Output as CSV'116$csv = true117end118end119120if $csv && save.nil?121abort('Error: -o flag required when using CSV output')122end123124flags << "Type: #{type}"125126puts flags * ' | '127128def get_ipv4_addr(hostname)129Rex::Socket.getaddresses(hostname, false)[0]130end131132def vprint_debug(msg = '')133print_debug(msg) if $verbose134end135136def print_debug(msg = '')137warn "[*] #{msg}"138end139140def is_url_alive(uri, http_timeout, cache)141if cache.key? uri.to_s142print_debug("Cached: #{uri} -> #{cache[uri]}")143return cache[uri.to_s]144end145print_debug("Checking: #{uri}")146147begin148uri = URI(uri)149rhost = get_ipv4_addr(uri.host)150rescue SocketError, URI::InvalidURIError => e151vprint_debug("#{e.message} in #is_url_alive")152return STATUS_DOWN153end154155rport = uri.port || 80156path = uri.path.blank? ? '/' : uri.path157vhost = rport == 80 ? uri.host : "#{uri.host}:#{rport}"158if uri.scheme == 'https'159cli = ::Rex::Proto::Http::Client.new(rhost, 443, {}, true)160else161cli = ::Rex::Proto::Http::Client.new(rhost, rport)162end163164begin165cli.connect(http_timeout)166req = cli.request_raw('uri' => path, 'vhost' => vhost)167res = cli.send_recv(req, http_timeout)168rescue Errno::ECONNRESET, Rex::ConnectionError, Rex::ConnectionRefused, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::UnsupportedProtocol, ::Timeout::Error, Errno::ETIMEDOUT, ::Exception => e169vprint_debug("#{e.message} for #{uri}")170cache[uri.to_s] = STATUS_DOWN171return STATUS_DOWN172ensure173cli.close174end175176if !res.nil? && res.code.to_s =~ %r{3\d\d}177if res.headers['Location']178vprint_debug("Redirect: #{uri} redirected to #{res.headers['Location']}")179else180print_error("Error: Couldn't find redirect location for #{uri}")181end182cache[uri.to_s] = STATUS_REDIRECT183return STATUS_REDIRECT184elsif res.nil? || res.body =~ %r{<title>.*not found</title>}i || !res.code.to_s =~ %r{2\d\d}185vprint_debug("Down: #{uri} returned a not-found response")186cache[uri.to_s] = STATUS_DOWN187return STATUS_DOWN188end189190vprint_debug("Good: #{uri}")191192cache[uri.to_s] = STATUS_ALIVE193STATUS_ALIVE194end195196def save_results(path, results)197File.open(path, 'wb') do |f|198f.write(results)199end200puts "Results saved to: #{path}"201rescue Exception => e202puts "Failed to save the file: #{e.message}"203end204205# Always disable the database (we never need it just to list module206# information).207framework_opts = { 'DisableDatabase' => true }208209# If the user only wants a particular module type, no need to load the others210if filter.downcase != 'all'211framework_opts[:module_types] = [ filter.downcase ]212end213214# Initialize the simplified framework instance.215$framework = Msf::Simple::Framework.create(framework_opts)216217if check218columns = [ 'Module', 'Status', 'Reference' ]219else220columns = [ 'Module', 'Reference' ]221end222223tbl = Rex::Text::Table.new(224'Header' => 'Module References',225'Indent' => 2,226'Columns' => columns227)228229bad_refs_count = 0230231$framework.modules.each do |name, mod|232if mod.nil?233elog("module_reference.rb is unable to load #{name}")234next235end236237next if match and !(name =~ match)238239x = mod.new240x.references.each do |r|241ctx_id = r.ctx_id.upcase242ctx_val = r.ctx_val243next unless type == 'ALL' || type == ctx_id244245if check246if types.has_key?(ctx_id)247if ctx_id == 'MSB'248year = ctx_val[2..3]249century = year[0] == '9' ? '19' : '20'250new_ctx_val = "#{century}#{year}/#{ctx_val}"251uri = types[r.ctx_id.upcase].gsub(/\#{in_ctx_val}/, new_ctx_val)252else253uri = types[r.ctx_id.upcase].gsub(/\#{in_ctx_val}/, r.ctx_val.to_s)254end255256status = is_url_alive(uri, http_timeout, is_url_alive_cache)257bad_refs_count += 1 if status == STATUS_DOWN258else259# The reference ID isn't supported so we don't know how to check this260bad_refs_count += 1261status = STATUS_UNSUPPORTED262end263end264265ref = "#{r.ctx_id}-#{r.ctx_val}"266new_column = []267new_column << x.fullname268new_column << status if check269new_column << ref270tbl << new_column271end272end273274if sort == 1275tbl.sort_rows(1)276end277278if sort == 2279tbl.sort_rows(1)280tbl.rows.reverse281end282283puts284puts tbl.to_s285puts286287puts "Number of bad references found: #{bad_refs_count}" if check288save_results(save, $csv.nil? ? tbl.to_s : tbl.to_csv) if save289290291