cgranleese-r7
99 lines
2.8 KiB
Ruby
99 lines
2.8 KiB
Ruby
##
|
|
# This module requires Metasploit: https://metasploit.com/download
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
##
|
|
|
|
class MetasploitModule < Msf::Auxiliary
|
|
include Msf::Exploit::Remote::HttpClient
|
|
include Msf::Auxiliary::Scanner
|
|
|
|
def initialize(info = {})
|
|
super(
|
|
update_info(
|
|
info,
|
|
'Name' => 'HTTP Header Detection',
|
|
'Description' => %q{ This module shows HTTP Headers returned by the scanned systems. },
|
|
'Author' => [
|
|
'Christian Mehlmauer',
|
|
'rick2600'
|
|
],
|
|
'References' => [
|
|
['URL', 'http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html'],
|
|
['URL', 'https://en.wikipedia.org/wiki/List_of_HTTP_header_fields']
|
|
],
|
|
'License' => MSF_LICENSE,
|
|
'Notes' => {
|
|
'Reliability' => UNKNOWN_RELIABILITY,
|
|
'Stability' => UNKNOWN_STABILITY,
|
|
'SideEffects' => UNKNOWN_SIDE_EFFECTS
|
|
}
|
|
)
|
|
)
|
|
|
|
register_options([
|
|
OptString.new('IGN_HEADER', [
|
|
true, 'List of headers to ignore, separated by comma',
|
|
'Vary,Date,Content-Length,Connection,Etag,Expires,Pragma,Accept-Ranges'
|
|
]),
|
|
OptEnum.new('HTTP_METHOD', [ true, 'HTTP Method to use, HEAD or GET', 'HEAD', ['GET', 'HEAD'] ]),
|
|
OptString.new('TARGETURI', [ true, 'The URI to use', '/'])
|
|
])
|
|
end
|
|
|
|
def run_host(ip)
|
|
ignored_headers = datastore['IGN_HEADER'].split(',')
|
|
|
|
uri = normalize_uri(target_uri.path)
|
|
method = datastore['HTTP_METHOD']
|
|
vprint_status("#{peer}: requesting #{uri} via #{method}")
|
|
res = send_request_raw({
|
|
'method' => method,
|
|
'uri' => uri
|
|
})
|
|
|
|
unless res
|
|
vprint_error("#{peer}: connection timed out")
|
|
return
|
|
end
|
|
|
|
headers = res.headers
|
|
unless headers
|
|
vprint_status("#{peer}: no headers returned")
|
|
return
|
|
end
|
|
|
|
# Header Names are case insensitive so convert them to upcase
|
|
headers_uppercase = headers.inject({}) do |hash, keys|
|
|
hash[keys[0].upcase] = keys[1]
|
|
hash
|
|
end
|
|
|
|
ignored_headers.each do |h|
|
|
if headers_uppercase.has_key?(h.upcase)
|
|
vprint_status("#{peer}: deleted header #{h}")
|
|
headers_uppercase.delete(h.upcase)
|
|
end
|
|
end
|
|
headers_uppercase.to_a.compact.sort
|
|
|
|
counter = 0;
|
|
headers_uppercase.each do |h|
|
|
header_string = "#{h[0]}: #{h[1]}"
|
|
print_good "#{peer}: #{header_string}"
|
|
|
|
report_note(
|
|
:type => "http.header.#{rport}.#{counter}",
|
|
:data => { :header_string => header_string },
|
|
:host => ip,
|
|
:port => rport
|
|
)
|
|
counter = counter + 1
|
|
end
|
|
if counter == 0
|
|
print_warning "#{peer}: all detected headers are defined in IGN_HEADER and were ignored "
|
|
else
|
|
print_good "#{peer}: detected #{counter} headers"
|
|
end
|
|
end
|
|
end
|