adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates from review

Browse Source
This commit is contained in:
h00die
2020-12-04 21:50:31 -05:00
parent bf60c4678d
commit b21fccebaa
2 changed files with 172 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/auxiliary/scanner/http/wordpress_scanner.md
+137 -117
View File
@@ -123,127 +123,147 @@ msf5 auxiliary(scanner/http/wordpress_scanner) >
```
### Wordpress 5.4.2 with Pluin and Theme Enumeration
### Wordpress 5.4.2 with Plugin and Theme Enumeration
```
msf6 > use auxiliary/scanner/http/wordpress_scanner
msf6 auxiliary(scanner/http/wordpress_scanner) > set rhosts 192.168.2.144
rhosts => 192.168.2.144
msf6 > use auxiliary/scanner/http/wordpress_scanner
[*] Using auxiliary/scanner/http/wordpress_scanner
msf6 auxiliary(scanner/http/wordpress_scanner) > set rhosts 1.1.1.1
rhosts => 1.1.1.1
msf6 auxiliary(scanner/http/wordpress_scanner) > run
[*] Trying 192.168.2.144
[+] 192.168.2.144 running Wordpress 5.4.2
[*] Enumerating Themes
[*] Progress 0/19226 (0.0%)
[*] Progress 1000/19226 (5.2%)
[*] Progress 2000/19226 (10.4%)
[*] Progress 3000/19226 (15.6%)
[*] Progress 4000/19226 (20.8%)
[*] Progress 5000/19226 (26.0%)
[*] Progress 6000/19226 (31.2%)
[*] Progress 7000/19226 (36.4%)
[*] Progress 8000/19226 (41.61%)
[*] Progress 9000/19226 (46.81%)
[*] Progress 10000/19226 (52.01%)
[*] Progress 11000/19226 (57.21%)
[*] Progress 12000/19226 (62.41%)
[*] Progress 13000/19226 (67.61%)
[*] Progress 14000/19226 (72.81%)
[*] Progress 15000/19226 (78.01%)
[*] Progress 16000/19226 (83.22%)
[*] Progress 17000/19226 (88.42%)
[+] Detected Theme: twentynineteen version 1.5
[+] Detected Theme: twentyseventeen version 2.3
[*] Progress 18000/19226 (93.62%)
[*] Progress 19000/19226 (98.82%)
[*] Enumerating Plugins
[*] Progress 0/80624 (0.0%)
[*] Progress 1000/80624 (1.24%)
[*] Progress 2000/80624 (2.48%)
[+] Detected Plugin: akismet version 4.1.5
[*] Progress 3000/80624 (3.72%)
[*] Progress 4000/80624 (4.96%)
[*] Progress 5000/80624 (6.2%)
[*] Progress 6000/80624 (7.44%)
[*] Progress 7000/80624 (8.68%)
[*] Progress 8000/80624 (9.92%)
[*] Progress 9000/80624 (11.16%)
[*] Progress 10000/80624 (12.4%)
[*] Progress 11000/80624 (13.64%)
[*] Progress 12000/80624 (14.88%)
[*] Progress 13000/80624 (16.12%)
[+] Detected Plugin: contact-form-7 version 5.1.9
[*] Progress 14000/80624 (17.36%)
[*] Progress 15000/80624 (18.6%)
[*] Progress 16000/80624 (19.84%)
[*] Progress 17000/80624 (21.08%)
[*] Progress 18000/80624 (22.32%)
[+] Detected Plugin: drag-and-drop-multiple-file-upload-contact-form-7 version 1.3.3.2
[*] Progress 19000/80624 (23.56%)
[*] Progress 20000/80624 (24.8%)
[+] Detected Plugin: email-subscribers version 4.2.2
[*] Progress 21000/80624 (26.04%)
[*] Progress 22000/80624 (27.28%)
[*] Progress 23000/80624 (28.52%)
[*] Progress 24000/80624 (29.76%)
[*] Progress 25000/80624 (31.0%)
[*] Progress 26000/80624 (32.24%)
[*] Progress 27000/80624 (33.48%)
[*] Progress 28000/80624 (34.72%)
[*] Progress 29000/80624 (35.96%)
[*] Progress 30000/80624 (37.2%)
[*] Progress 31000/80624 (38.45%)
[*] Progress 32000/80624 (39.69%)
[*] Progress 33000/80624 (40.93%)
[*] Progress 34000/80624 (42.17%)
[*] Progress 35000/80624 (43.41%)
[+] Detected Plugin: loginizer version 1.6.3
[*] Progress 36000/80624 (44.65%)
[*] Progress 37000/80624 (45.89%)
[*] Progress 38000/80624 (47.13%)
[*] Progress 39000/80624 (48.37%)
[*] Progress 40000/80624 (49.61%)
[*] Progress 41000/80624 (50.85%)
[*] Progress 42000/80624 (52.09%)
[*] Progress 43000/80624 (53.33%)
[*] Progress 44000/80624 (54.57%)
[*] Progress 45000/80624 (55.81%)
[*] Progress 46000/80624 (57.05%)
[*] Progress 47000/80624 (58.29%)
[*] Progress 48000/80624 (59.53%)
[*] Progress 49000/80624 (60.77%)
[*] Progress 50000/80624 (62.01%)
[*] Progress 51000/80624 (63.25%)
[*] Progress 52000/80624 (64.49%)
[*] Progress 53000/80624 (65.73%)
[*] Progress 54000/80624 (66.97%)
[*] Progress 55000/80624 (68.21%)
[+] Detected Plugin: simple-file-list version 4.2.2
[*] Progress 56000/80624 (69.45%)
[*] Progress 57000/80624 (70.69%)
[*] Progress 58000/80624 (71.93%)
[*] Progress 59000/80624 (73.17%)
[*] Progress 60000/80624 (74.41%)
[*] Progress 61000/80624 (75.65%)
[*] Progress 62000/80624 (76.9%)
[*] Progress 63000/80624 (78.14%)
[*] Progress 64000/80624 (79.38%)
[*] Progress 65000/80624 (80.62%)
[*] Progress 66000/80624 (81.86%)
[*] Progress 67000/80624 (83.1%)
[*] Progress 68000/80624 (84.34%)
[*] Progress 69000/80624 (85.58%)
[*] Progress 70000/80624 (86.82%)
[*] Progress 71000/80624 (88.06%)
[*] Progress 72000/80624 (89.3%)
[*] Progress 73000/80624 (90.54%)
[*] Progress 74000/80624 (91.78%)
[*] Progress 75000/80624 (93.02%)
[*] Progress 76000/80624 (94.26%)
[*] Progress 77000/80624 (95.5%)
[*] Progress 78000/80624 (96.74%)
[*] Progress 79000/80624 (97.98%)
[*] Progress 80000/80624 (99.22%)
[*] Trying 1.1.1.1
[+] 1.1.1.1 - Detected Wordpress 5.4.2
[*] 1.1.1.1 - Enumerating Themes
[*] 1.1.1.1 - Progress 0/19226 (0.0%)
[*] 1.1.1.1 - Progress 1000/19226 (5.2%)
[*] 1.1.1.1 - Progress 2000/19226 (10.4%)
[*] 1.1.1.1 - Progress 3000/19226 (15.6%)
[*] 1.1.1.1 - Progress 4000/19226 (20.8%)
[*] 1.1.1.1 - Progress 5000/19226 (26.0%)
[*] 1.1.1.1 - Progress 6000/19226 (31.2%)
[*] 1.1.1.1 - Progress 7000/19226 (36.4%)
[*] 1.1.1.1 - Progress 8000/19226 (41.61%)
[*] 1.1.1.1 - Progress 9000/19226 (46.81%)
[*] 1.1.1.1 - Progress 10000/19226 (52.01%)
[*] 1.1.1.1 - Progress 11000/19226 (57.21%)
[*] 1.1.1.1 - Progress 12000/19226 (62.41%)
[*] 1.1.1.1 - Progress 13000/19226 (67.61%)
[*] 1.1.1.1 - Progress 14000/19226 (72.81%)
[*] 1.1.1.1 - Progress 15000/19226 (78.01%)
[*] 1.1.1.1 - Progress 16000/19226 (83.22%)
[*] 1.1.1.1 - Progress 17000/19226 (88.42%)
[+] 1.1.1.1 - Detected theme: twentynineteen version 1.5
[+] 1.1.1.1 - Detected theme: twentyseventeen version 2.3
[*] 1.1.1.1 - Progress 18000/19226 (93.62%)
[*] 1.1.1.1 - Progress 19000/19226 (98.82%)
[*] 1.1.1.1 - Finished scanning themes
[*] 1.1.1.1 - Enumerating plugins
[*] 1.1.1.1 - Progress 0/80624 (0.0%)
[*] 1.1.1.1 - Progress 1000/80624 (1.24%)
[*] 1.1.1.1 - Progress 2000/80624 (2.48%)
[+] 1.1.1.1 - Detected plugin: akismet version 4.1.5
[*] 1.1.1.1 - Progress 3000/80624 (3.72%)
[*] 1.1.1.1 - Progress 4000/80624 (4.96%)
[*] 1.1.1.1 - Progress 5000/80624 (6.2%)
[*] 1.1.1.1 - Progress 6000/80624 (7.44%)
[*] 1.1.1.1 - Progress 7000/80624 (8.68%)
[*] 1.1.1.1 - Progress 8000/80624 (9.92%)
[*] 1.1.1.1 - Progress 9000/80624 (11.16%)
[*] 1.1.1.1 - Progress 10000/80624 (12.4%)
[*] 1.1.1.1 - Progress 11000/80624 (13.64%)
[*] 1.1.1.1 - Progress 12000/80624 (14.88%)
[*] 1.1.1.1 - Progress 13000/80624 (16.12%)
[+] 1.1.1.1 - Detected plugin: contact-form-7 version 5.1.9
[*] 1.1.1.1 - Progress 14000/80624 (17.36%)
[*] 1.1.1.1 - Progress 15000/80624 (18.6%)
[*] 1.1.1.1 - Progress 16000/80624 (19.84%)
[*] 1.1.1.1 - Progress 17000/80624 (21.08%)
[*] 1.1.1.1 - Progress 18000/80624 (22.32%)
[+] 1.1.1.1 - Detected plugin: drag-and-drop-multiple-file-upload-contact-form-7 version 1.3.3.2
[*] 1.1.1.1 - Progress 19000/80624 (23.56%)
[*] 1.1.1.1 - Progress 20000/80624 (24.8%)
[+] 1.1.1.1 - Detected plugin: email-subscribers version 4.2.2
[*] 1.1.1.1 - Progress 21000/80624 (26.04%)
[*] 1.1.1.1 - Progress 22000/80624 (27.28%)
[*] 1.1.1.1 - Progress 23000/80624 (28.52%)
[*] 1.1.1.1 - Progress 24000/80624 (29.76%)
[*] 1.1.1.1 - Progress 25000/80624 (31.0%)
[*] 1.1.1.1 - Progress 26000/80624 (32.24%)
[*] 1.1.1.1 - Progress 27000/80624 (33.48%)
[*] 1.1.1.1 - Progress 28000/80624 (34.72%)
[*] 1.1.1.1 - Progress 29000/80624 (35.96%)
[*] 1.1.1.1 - Progress 30000/80624 (37.2%)
[*] 1.1.1.1 - Progress 31000/80624 (38.45%)
[*] 1.1.1.1 - Progress 32000/80624 (39.69%)
[*] 1.1.1.1 - Progress 33000/80624 (40.93%)
[*] 1.1.1.1 - Progress 34000/80624 (42.17%)
[*] 1.1.1.1 - Progress 35000/80624 (43.41%)
[+] 1.1.1.1 - Detected plugin: loginizer version 1.6.3
[*] 1.1.1.1 - Progress 36000/80624 (44.65%)
[*] 1.1.1.1 - Progress 37000/80624 (45.89%)
[*] 1.1.1.1 - Progress 38000/80624 (47.13%)
[*] 1.1.1.1 - Progress 39000/80624 (48.37%)
[*] 1.1.1.1 - Progress 40000/80624 (49.61%)
[*] 1.1.1.1 - Progress 41000/80624 (50.85%)
[*] 1.1.1.1 - Progress 42000/80624 (52.09%)
[*] 1.1.1.1 - Progress 43000/80624 (53.33%)
[*] 1.1.1.1 - Progress 44000/80624 (54.57%)
[*] 1.1.1.1 - Progress 45000/80624 (55.81%)
[*] 1.1.1.1 - Progress 46000/80624 (57.05%)
[*] 1.1.1.1 - Progress 47000/80624 (58.29%)
[*] 1.1.1.1 - Progress 48000/80624 (59.53%)
[*] 1.1.1.1 - Progress 49000/80624 (60.77%)
[*] 1.1.1.1 - Progress 50000/80624 (62.01%)
[*] 1.1.1.1 - Progress 51000/80624 (63.25%)
[*] 1.1.1.1 - Progress 52000/80624 (64.49%)
[*] 1.1.1.1 - Progress 53000/80624 (65.73%)
[*] 1.1.1.1 - Progress 54000/80624 (66.97%)
[*] 1.1.1.1 - Progress 55000/80624 (68.21%)
[+] 1.1.1.1 - Detected plugin: simple-file-list version 4.2.2
[*] 1.1.1.1 - Progress 56000/80624 (69.45%)
[*] 1.1.1.1 - Progress 57000/80624 (70.69%)
[*] 1.1.1.1 - Progress 58000/80624 (71.93%)
[*] 1.1.1.1 - Progress 59000/80624 (73.17%)
[*] 1.1.1.1 - Progress 60000/80624 (74.41%)
[*] 1.1.1.1 - Progress 61000/80624 (75.65%)
[*] 1.1.1.1 - Progress 62000/80624 (76.9%)
[*] 1.1.1.1 - Progress 63000/80624 (78.14%)
[*] 1.1.1.1 - Progress 64000/80624 (79.38%)
[*] 1.1.1.1 - Progress 65000/80624 (80.62%)
[*] 1.1.1.1 - Progress 66000/80624 (81.86%)
[*] 1.1.1.1 - Progress 67000/80624 (83.1%)
[*] 1.1.1.1 - Progress 68000/80624 (84.34%)
[*] 1.1.1.1 - Progress 69000/80624 (85.58%)
[*] 1.1.1.1 - Progress 70000/80624 (86.82%)
[*] 1.1.1.1 - Progress 71000/80624 (88.06%)
[*] 1.1.1.1 - Progress 72000/80624 (89.3%)
[*] 1.1.1.1 - Progress 73000/80624 (90.54%)
[*] 1.1.1.1 - Progress 74000/80624 (91.78%)
[*] 1.1.1.1 - Progress 75000/80624 (93.02%)
[*] 1.1.1.1 - Progress 76000/80624 (94.26%)
[*] 1.1.1.1 - Progress 77000/80624 (95.5%)
[*] 1.1.1.1 - Progress 78000/80624 (96.74%)
[*] 1.1.1.1 - Progress 79000/80624 (97.98%)
[*] 1.1.1.1 - Progress 80000/80624 (99.22%)
[*] 1.1.1.1 - Finished scanning plugins
[*] 1.1.1.1 - Finished all scans
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/wordpress_scanner) > notes
Notes
=====
Time Host Service Port Protocol Type Data
---- ---- ------- ---- -------- ---- ----
2020-12-04 19:01:18 UTC 1.1.1.1 http 80 tcp Wordpress 5.4.2 "/"
2020-12-05 02:16:03 UTC 1.1.1.1 http 80 tcp Wordpress Theme: twentynineteen version 1.5 {}
2020-12-05 02:16:03 UTC 1.1.1.1 http 80 tcp Wordpress Theme: twentyseventeen version 2.3 {}
2020-12-05 02:16:58 UTC 1.1.1.1 http 80 tcp Wordpress Plugin: akismet version 4.1.5 {}
2020-12-05 02:18:44 UTC 1.1.1.1 http 80 tcp Wordpress Plugin: contact-form-7 version 5.1.9 {}
2020-12-05 02:19:35 UTC 1.1.1.1 http 80 tcp Wordpress Plugin: drag-and-drop-multiple-file-upload-contact-form-7 version 1.3.3.2 {}
2020-12-05 02:19:58 UTC 1.1.1.1 http 80 tcp Wordpress Plugin: email-subscribers version 4.2.2 {}
2020-12-05 02:22:41 UTC 1.1.1.1 http 80 tcp Wordpress Plugin: loginizer version 1.6.3 {}
2020-12-05 02:26:05 UTC 1.1.1.1 http 80 tcp Wordpress Plugin: simple-file-list version 4.2.2 {}
```
modules/auxiliary/scanner/http/wordpress_scanner.rb
+35 -12
View File
@@ -33,8 +33,8 @@ class MetasploitModule < Msf::Auxiliary
]
end
def print_progress(i, total)
print_status("Progress #{i}/#{total} (#{((i.to_f / total) * 100).truncate(2)}%)")
def print_progress(host, i, total)
print_status("#{host} - Progress #{i.to_s.rjust(Math.log10(total).ceil + 1)}/#{total} (#{((i.to_f / total) * 100).truncate(2)}%)")
end
def run_host(target_host)
@@ -42,7 +42,7 @@ class MetasploitModule < Msf::Auxiliary
if wordpress_and_online?
version = wordpress_version
version_string = version || '(no version detected)'
print_good("#{target_host} running Wordpress #{version_string}")
print_good("#{target_host} - Detected Wordpress #{version_string}")
report_note(
{
host: target_host,
@@ -50,11 +50,11 @@ class MetasploitModule < Msf::Auxiliary
sname: (ssl ? 'https' : 'http'),
port: rport,
type: "Wordpress #{version_string}",
data: target_uri
data: target_uri.to_s
}
)
if datastore['THEMES']
print_status('Enumerating Themes')
print_status("#{target_host} - Enumerating Themes")
f = File.open(datastore['THEMES_FILE'], 'rb')
total = f.lines.count
@@ -62,16 +62,27 @@ class MetasploitModule < Msf::Auxiliary
f = f.lines
f.each_with_index do |theme, i|
theme = theme.strip
print_progress(i, total) if i % datastore['PROGRESS'] == 0
vprint_status("Checking theme: #{theme}")
print_progress(target_host, i, total) if i % datastore['PROGRESS'] == 0
vprint_status("#{target_host} - Checking theme: #{theme}")
version = check_theme_version_from_readme(theme)
next if version == Msf::Exploit::CheckCode::Unknown # aka not found
print_good("Detected Theme: #{theme} version #{version.details} ")
print_good("#{target_host} - Detected theme: #{theme} version #{version.details[:version]}")
report_note(
{
host: target_host,
proto: 'tcp',
sname: (ssl ? 'https' : 'http'),
port: rport,
type: "Wordpress Theme: #{theme} version #{version.details[:version]}",
#data: target_uri
}
)
end
print_status("#{target_host} - Finished scanning themes")
end
if datastore['PLUGINS']
print_status('Enumerating Plugins')
print_status("#{target_host} - Enumerating plugins")
f = File.open(datastore['PLUGINS_FILE'], 'rb')
total = f.lines.count
@@ -79,14 +90,26 @@ class MetasploitModule < Msf::Auxiliary
f = f.lines
f.each_with_index do |plugin, i|
plugin = plugin.strip
print_progress(i, total) if i % datastore['PROGRESS'] == 0
vprint_status("Checking plugin: #{plugin}")
print_progress(target_host, i, total) if i % datastore['PROGRESS'] == 0
vprint_status("#{target_host} - Checking plugin: #{plugin}")
version = check_plugin_version_from_readme(plugin)
next if version == Msf::Exploit::CheckCode::Unknown # aka not found
print_good("Detected Plugin: #{plugin} version #{version.details} ")
print_good("#{target_host} - Detected plugin: #{plugin} version #{version.details[:version]}")
report_note(
{
host: target_host,
proto: 'tcp',
sname: (ssl ? 'https' : 'http'),
port: rport,
type: "Wordpress Plugin: #{plugin} version #{version.details[:version]}",
#data: target_uri
}
)
end
print_status("#{target_host} - Finished scanning plugins")
end
print_status("#{target_host} - Finished all scans")
end
end
end