adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6b032b744accbebc2a07215fa68752da00104c7
metasploit-gs/modules/post/multi/gather/enum_software_versions.rb
T

129 lines
6.0 KiB
Ruby
Raw Blame History

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Multiplatform Installed Software Version Enumerator',
'Description' => %q{
This module, when run against a compromised machine, will gather details on all installed software,
including their versions and if available, when they were installed, and will save it into a loot file for later use.
Users can then use this loot file to determine what additional vulnerabilites may affect the target machine.
Note that for Linux systems, software enumeration is done via package managers. As a result the results may
not reflect all of the available software on the system simply because users may have installed additional
software from alternative sources such as source code that these package managers are not aware of.
},
'License' => MSF_LICENSE,
'Author' => [ 'gwillcox-r7' ],
'Platform' => %w[win linux osx bsd solaris android],
'SessionTypes' => [ 'meterpreter', 'shell' ]
)
)
end
def store_linux_loot(listing)
file = store_loot('host.linux.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')
print_good("Stored information about the installed products to the loot file at #{file}")
end
# Run Method for when run command is issued
def run
case session.platform
when 'windows'
if command_exists?('wmic') == false
print_error("The 'wmic' command doesn't exist on this host!") # wmic is technically marked as depreciated so this command could very well be removed in future releases.
return
end
listing = cmd_exec('wmic product get Name, Description, Version, InstallDate', nil, 6000).to_s
unless listing.include?('Description')
print_error('Was unable to get a listing of installed products...')
return
end
file = store_loot('host.windows.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')
print_good("Stored information about the installed products to the loot file at #{file}")
when 'linux'
# All of the following options were taken from https://distrowatch.com/dwres.php?resource=package-management
# and further verified against VMs that were set up in testing labs.
if command_exists?('apt') # Debian, Ubuntu, and Debian derived distros.
cmd = %w[apt list --installed]
elsif command_exists?('dpkg') # Alternative for Debian based systems
cmd = %w[dpkg -l]
elsif command_exists?('pacman') # Arch and Manjaro are two popular examples
cmd = %w[pacman -Q]
elsif command_exists?('zypper') # OpenSUSE is a popular example
cmd = %w[zypper search -is]
elsif command_exists?('rpm') # Fedora, Centos, RHEL
cmd = %w[rpm -qa]
elsif command_exists?('apk') # Apline
cmd = %w[apk info -v]
elsif command_exists?('qlist') # Gentoo
cmd = %w[qlist -Iv]
elsif command_exists?('pkg') # FreeBSD
cmd = %w[pkg info]
elsif command_exists?('equo') # Sabayon
cmd = %w[equo q list installed -v]
elsif command_exists?('nix-env')
cmd = %w[nix-env -q]
else
print_error("The target system either doesn't have a package manager system, or does not use a known package manager system!")
print_error('Unable to enumerate the softwaare on the target system. Exiting...')
return nil
end
if command_exists?((cmd[0]).to_s) == false
print_error("The command #{cmd[0]} was not found on the target.")
return
else
listing = cmd_exec(cmd.join(' ')).to_s
if listing.empty?
print_error('No results were returned when trying to get software installed on the Linux host. An error likely occured.')
return
end
store_linux_loot(listing)
end
when 'bsd', 'solaris'
if command_exists?('pkg') == false
print_error("The command 'pkg' does not exist on the host")
return
end
listing = cmd_exec('pkg info').to_s
if listing.empty?
print_error('No results were returned when trying to get software installed on the BSD/Solaris host. An error likely occured.')
return
end
file = store_loot('host.bsd.solaris.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')
print_good("Stored information about the installed products to the loot file at #{file}")
when 'osx'
if command_exists?('system_profiler') == false
print_error("The command 'system_profiler' does not exist on the host")
return
end
listing = cmd_exec('system_profiler SPApplicationsDataType').to_s
if listing.empty?
print_error('No results were returned when trying to get software installed on the OSX host. An error likely occured.')
return
end
file = store_loot('host.osx.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')
print_good("Stored information about the installed products to the loot file at #{file}")
when 'android'
if command_exists?('pm') == false
print_error("The command 'pm' does not exist on the host")
return
end
listing = cmd_exec('pm list packages -f').to_s
if listing.empty?
print_error('No results were returned when trying to get software installed on the Linux host. An error likely occured.')
return
end
file = store_loot('host.android.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')
print_good("Stored information about the installed products to the loot file at #{file}")
end
end
end
Reference in New Issue View Git Blame Copy Permalink