adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

modules/auxiliary/vsploit: Resolve RuboCop violations

Browse Source
This commit is contained in:
bcoles
2025-05-03 00:09:57 +10:00
parent 371196f681
commit dfb82a37b6
5 changed files with 165 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb
+33 -28
View File
@@ -7,38 +7,43 @@ class MetasploitModule < Msf::Auxiliary
def initialize
super(
'Name' => 'VSploit Mariposa DNS Query Module',
'Description' => 'This module queries known Mariposa Botnet DNS records.',
'Author' => 'MJC',
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf']
]
'Name' => 'VSploit Mariposa DNS Query Module',
'Description' => 'This module queries known Mariposa Botnet DNS records.',
'Author' => 'MJC',
'License' => MSF_LICENSE,
'References' => [
[ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf']
],
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => []
}
)
register_options(
[
OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
OptInt.new('COUNT', [false, "Number of intervals to loop",1]),
OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
])
OptString.new('DNS_SERVER', [false, 'Specifies a DNS server']),
OptInt.new('COUNT', [false, 'Number of intervals to loop', 1]),
OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])
]
)
end
def run
@res = Net::DNS::Resolver.new()
@res = Net::DNS::Resolver.new
domain = [
"lalundelau.sinip.es","bf2back.sinip.es","thejacksonfive.mobi",
"thejacksonfive.us","thejacksonfive.biz","butterfly.BigMoney.biz",
"bfisback.sinip.es","bfisback.no-ip.org","qwertasdfg.sinip.es",
"shv4b.getmyip.com","shv4.no-ip.biz","butterfly.sinip.es",
"defintelsucks.sinip.es","defintelsucks.net","defintelsucks.com",
"gusanodeseda.sinip.es","gusanodeseda.net","legion.sinip.es",
"booster.estr.es","sexme.in","extraperlo.biz",
"legionarios.servecounterstrike.com","thesexydude.com",
"yougotissuez.com","gusanodeseda.mobi","tamiflux.org",
"tamiflux.net","binaryfeed.in","youare.sexidude.com",
"mierda.notengodominio.com",
'lalundelau.sinip.es', 'bf2back.sinip.es', 'thejacksonfive.mobi',
'thejacksonfive.us', 'thejacksonfive.biz', 'butterfly.BigMoney.biz',
'bfisback.sinip.es', 'bfisback.no-ip.org', 'qwertasdfg.sinip.es',
'shv4b.getmyip.com', 'shv4.no-ip.biz', 'butterfly.sinip.es',
'defintelsucks.sinip.es', 'defintelsucks.net', 'defintelsucks.com',
'gusanodeseda.sinip.es', 'gusanodeseda.net', 'legion.sinip.es',
'booster.estr.es', 'sexme.in', 'extraperlo.biz',
'legionarios.servecounterstrike.com', 'thesexydude.com',
'yougotissuez.com', 'gusanodeseda.mobi', 'tamiflux.org',
'tamiflux.net', 'binaryfeed.in', 'youare.sexidude.com',
'mierda.notengodominio.com',
]
if datastore['DNS_SERVER']
@@ -50,11 +55,11 @@ class MetasploitModule < Msf::Auxiliary
while count < datastore['COUNT']
domain.each do |name|
query = @res.query(name, "A")
query = @res.query(name, 'A')
time = Time.new
time = time.strftime("%Y-%m-%d %H:%M:%S")
time = time.strftime('%Y-%m-%d %H:%M:%S')
print_status("#{time} - DNS Query sent for => #{name}")
if query.answer.length == 0
if query.answer.empty?
print_error("#{time} - #{name} => No Record Found")
else
a = query.answer[0].to_s.split(/[\s,]+/)
@@ -63,7 +68,7 @@ class MetasploitModule < Msf::Auxiliary
end
unless count == (datastore['COUNT'] - 1)
time = Time.new
time = time.strftime("%Y-%m-%d %H:%M:%S")
time = time.strftime('%Y-%m-%d %H:%M:%S')
print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query")
select(nil, nil, nil, datastore['DELAY'])
end
modules/auxiliary/vsploit/malware/dns/dns_query.rb
+22 -16
View File
@@ -7,23 +7,29 @@ class MetasploitModule < Msf::Auxiliary
def initialize
super(
'Name' => 'VSploit DNS Beaconing Emulation',
'Description' => 'This module takes a list and emulates malicious DNS beaconing.',
'Author' => 'MJC',
'License' => MSF_LICENSE
'Name' => 'VSploit DNS Beaconing Emulation',
'Description' => 'This module takes a list of domains and emulates malicious DNS beaconing.',
'Author' => 'MJC',
'License' => MSF_LICENSE,
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => []
}
)
register_options(
[
OptString.new('DOMAINS', [ true, "Separate Domains by whitespace"]),
OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
OptInt.new('COUNT', [false, "Number of intervals to loop",2]),
OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
])
[
OptString.new('DOMAINS', [ true, 'Separate domains by whitespace']),
OptString.new('DNS_SERVER', [false, 'Specifies a DNS Server']),
OptInt.new('COUNT', [false, 'Number of intervals to loop', 2]),
OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])
]
)
end
def run
@res = Net::DNS::Resolver.new()
#@res.retry = 2
@res = Net::DNS::Resolver.new
# @res.retry = 2
if datastore['DNS_SERVER']
@res.nameservers = datastore['DNS_SERVER']
@@ -35,11 +41,11 @@ class MetasploitModule < Msf::Auxiliary
domain = datastore['DOMAINS'].split(/[\s,]+/)
domain.each do |name|
query = @res.query(name, "A")
query = @res.query(name, 'A')
time = Time.new
time = time.strftime("%Y-%m-%d %H:%M:%S")
time = time.strftime('%Y-%m-%d %H:%M:%S')
print_status("#{time} - DNS Query sent for => #{name}")
if query.answer.length == 0
if query.answer.empty?
print_error("#{time} - #{name} => No Record Found")
else
a = query.answer[0].to_s.split(/[\s,]+/)
@@ -48,7 +54,7 @@ class MetasploitModule < Msf::Auxiliary
end
unless count == (datastore['COUNT'] - 1)
time = Time.new
time = time.strftime("%Y-%m-%d %H:%M:%S")
time = time.strftime('%Y-%m-%d %H:%M:%S')
print_status("#{time} - Waiting #{datastore['DELAY']} seconds to beacon")
select(nil, nil, nil, datastore['DELAY'])
end
modules/auxiliary/vsploit/malware/dns/dns_zeus.rb
+38 -33
View File
@@ -7,43 +7,48 @@ class MetasploitModule < Msf::Auxiliary
def initialize
super(
'Name' => 'VSploit Zeus DNS Query Module',
'Description' => 'This module queries known Zeus Botnet DNS records.',
'Author' => 'MJC',
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist']
]
'Name' => 'VSploit Zeus DNS Query Module',
'Description' => 'This module queries known Zeus Botnet DNS records.',
'Author' => 'MJC',
'License' => MSF_LICENSE,
'References' => [
[ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist']
],
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => []
}
)
register_options(
[
OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
OptInt.new('COUNT', [false, "Number of intervals to loop",1]),
OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
])
OptString.new('DNS_SERVER', [false, 'Specifies a DNS server']),
OptInt.new('COUNT', [false, 'Number of intervals to loop', 1]),
OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])
]
)
end
def run
@res = Net::DNS::Resolver.new()
@res = Net::DNS::Resolver.new
domain = [
"allspring.net","antifoher.biz","asdfasdgqghgsw.cx.cc",
"ashnmjjpoljfnl.info","atlaz.net","b3l.org","back.boroborogold.ru",
"bandwithcheckstart.com","batmanrobinho.com","bellicbridge.ru",
"bestfihteerdr.com","bestprice2you.net","billyd.com.au",
"bitschoonerop.com","blackskullbg.sytes.net","botikov.eu.tf",
"botnetdown.gicp.net","boutique.vcm-mode.it","brandc.name",
"bxkkuskgdjskdn.com","c0re.su","cdvqvnjqqtkqhsoo.info",
"christmassuper.com","ciritas.ru","citi-spb.ru","clavn.ru",
"client.trackups.org","client.upsclients.net","cnewsus.ru",
"cnnus.ru","concapow.in","consoleencydd.com","cqoqgzqmkpkrmlo.com",
"ctllutheran.org","currencytradechat.com","cyytmmlxsthywst.com",
"damaka.com","datacricketuf.ru","deimingames.com",
"dfhhdkdddqjda.start.tl","djerk.info","djpeterblue.com.br",
"dlmsonisfzksioqq.org","domio.pwomega.ru","favdstgssdqdsfg.start.tl",
"favoritopilodjd.com","favqnornkwvkwfxv.biz","fdhjkfhskas.com",
"federalreserve-report.com","federetoktyt.net"
'allspring.net', 'antifoher.biz', 'asdfasdgqghgsw.cx.cc',
'ashnmjjpoljfnl.info', 'atlaz.net', 'b3l.org', 'back.boroborogold.ru',
'bandwithcheckstart.com', 'batmanrobinho.com', 'bellicbridge.ru',
'bestfihteerdr.com', 'bestprice2you.net', 'billyd.com.au',
'bitschoonerop.com', 'blackskullbg.sytes.net', 'botikov.eu.tf',
'botnetdown.gicp.net', 'boutique.vcm-mode.it', 'brandc.name',
'bxkkuskgdjskdn.com', 'c0re.su', 'cdvqvnjqqtkqhsoo.info',
'christmassuper.com', 'ciritas.ru', 'citi-spb.ru', 'clavn.ru',
'client.trackups.org', 'client.upsclients.net', 'cnewsus.ru',
'cnnus.ru', 'concapow.in', 'consoleencydd.com', 'cqoqgzqmkpkrmlo.com',
'ctllutheran.org', 'currencytradechat.com', 'cyytmmlxsthywst.com',
'damaka.com', 'datacricketuf.ru', 'deimingames.com',
'dfhhdkdddqjda.start.tl', 'djerk.info', 'djpeterblue.com.br',
'dlmsonisfzksioqq.org', 'domio.pwomega.ru', 'favdstgssdqdsfg.start.tl',
'favoritopilodjd.com', 'favqnornkwvkwfxv.biz', 'fdhjkfhskas.com',
'federalreserve-report.com', 'federetoktyt.net'
]
if datastore['DNS_SERVER']
@@ -55,11 +60,11 @@ class MetasploitModule < Msf::Auxiliary
while count < datastore['COUNT']
domain.each do |name|
query = @res.query(name, "A")
query = @res.query(name, 'A')
time = Time.new
time = time.strftime("%Y-%m-%d %H:%M:%S")
time = time.strftime('%Y-%m-%d %H:%M:%S')
print_status("#{time} - DNS Query sent for => #{name}")
if query.answer.length == 0
if query.answer.empty?
print_error("#{time} - #{name} => No Record Found")
else
a = query.answer[0].to_s.split(/[\s,]+/)
@@ -68,7 +73,7 @@ class MetasploitModule < Msf::Auxiliary
end
unless count == (datastore['COUNT'] - 1)
time = Time.new
time = time.strftime("%Y-%m-%d %H:%M:%S")
time = time.strftime('%Y-%m-%d %H:%M:%S')
print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query")
select(nil, nil, nil, datastore['DELAY'])
end
modules/auxiliary/vsploit/pii/email_pii.rb
+24 -16
View File
@@ -12,24 +12,32 @@ class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::PII
def initialize(info = {})
super(update_info(info,
'Name' => 'VSploit Email PII',
'Description' => %q{
super(
update_info(
info,
'Name' => 'VSploit Email PII',
'Description' => %q{
This auxiliary reads from a file and sends data which
should be flagged via an internal or external SMTP server.
},
'License' => MSF_LICENSE,
'Author' => ['willis']
))
register_options(
[
OptString.new('RHOST', [true, "SMTP server address",'127.0.0.1']),
OptPort.new('RPORT', [true, "SMTP server port", 25])
])
should be flagged via an internal or external SMTP server.
},
'License' => MSF_LICENSE,
'Author' => ['willis'],
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => []
}
)
)
register_options(
[
OptString.new('RHOST', [true, 'SMTP server address', '127.0.0.1']),
OptPort.new('RPORT', [true, 'SMTP server port', 25])
]
)
end
def run
msg = Rex::MIME::Message.new
msg.mime_defaults
msg.subject = datastore['SUBJECT']
@@ -38,9 +46,9 @@ class MetasploitModule < Msf::Auxiliary
data = create_pii
msg.add_part(data, "text/plain")
msg.add_part(data, 'text/plain')
msg.add_part_attachment(data, rand_text_english(10))
resp = send_message(msg.to_s)
send_message(msg.to_s)
end
end
modules/auxiliary/vsploit/pii/web_pii.rb
+48 -41
View File
@@ -12,48 +12,55 @@ class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::PII
def initialize(info = {})
super(update_info(info,
'Name' => 'VSploit Web PII',
'Description' => 'This module emulates a webserver leaking PII data',
'License' => MSF_LICENSE,
'Author' => 'MJC',
'References' =>
[
[ 'URL', 'https://www.rapid7.com/blog/post/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework']
],
'DefaultOptions' => { 'HTTP::server_name' => 'IIS'}
))
super(
update_info(
info,
'Name' => 'VSploit Web PII',
'Description' => 'This module emulates a webserver leaking PII data',
'License' => MSF_LICENSE,
'Author' => 'MJC',
'References' => [
[ 'URL', 'https://www.rapid7.com/blog/post/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework']
],
'DefaultOptions' => { 'HTTP::server_name' => 'IIS' },
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => []
}
)
)
register_options(
[
OptBool.new('META_REFRESH', [ false, "Set page to auto refresh.", false]),
OptInt.new('REFRESH_TIME', [ false, "Set page refresh interval.", 15]),
OptInt.new('ENTRIES', [ false, "PII Entry Count", 1000])
])
[
OptBool.new('META_REFRESH', [ false, 'Set page to auto refresh.', false]),
OptInt.new('REFRESH_TIME', [ false, 'Set page refresh interval.', 15]),
OptInt.new('ENTRIES', [ false, 'PII Entry Count', 1000])
]
)
end
def create_page
# Webpage Title
title = "vSploit PII Webserver"
sheep = <<-EOS
__________
< baaaaah! >
---------
\\
\\
,@;@,
;@;@( \\@;@;@;@;@;@,
/x @\\_|@;@;@;@;@;@;,
/ )@:@;@;@;@;@;@;@|)
*---;@;@;@;@;@;@;@;@;
';@;\;@;\;@;@
|| | \\ (
|| | // /
// ( // /
~~~~~ ~~~~
title = 'vSploit PII Webserver'
sheep = <<~EOS
__________
< baaaaah! >
---------
\\
\\
,@;@,
;@;@( \\@;@;@;@;@;@,
/x @\\_|@;@;@;@;@;@;,
/ )@:@;@;@;@;@;@;@|)
*---;@;@;@;@;@;@;@;@;
';@;\;@;\;@;@
|| | \\ (
|| | // /
// ( // /
~~~~~ ~~~~
EOS
page = ""
EOS
page = ''
page << "<html>\n<head>\n"
if datastore['META_REFRESH']
@@ -71,21 +78,21 @@ EOS
end
# Start creating PII data
pii = create_pii()
pii = create_pii
page << "\n"
page << pii
page << "</pre>\n</body>\n</html>"
page
end
def on_request_uri(cli,request)
def on_request_uri(cli, _request)
# Transmit the response to the client
res = create_page()
print_status("Leaking PII...")
res = create_page
print_status('Leaking PII...')
send_response(cli, res, { 'Content-Type' => 'text/html' })
end
def run
exploit()
exploit
end
end