forked from p15670423/monkey
Added basic HTTP fingering by using banner grabbing
This commit is contained in:
daniel goldberg
parent
85ee6804ee
commit
d455a8bb40
|
|
@ -2,7 +2,7 @@ import os
|
||||||
import sys
|
import sys
|
||||||
from network.range import FixedRange, RelativeRange, ClassCRange
|
from network.range import FixedRange, RelativeRange, ClassCRange
|
||||||
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
|
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
|
||||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger
|
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger
|
||||||
from abc import ABCMeta
|
from abc import ABCMeta
|
||||||
import uuid
|
import uuid
|
||||||
import types
|
import types
|
||||||
|
|
@ -133,7 +133,7 @@ class Configuration(object):
|
||||||
max_iterations = 1
|
max_iterations = 1
|
||||||
|
|
||||||
scanner_class = TcpScanner
|
scanner_class = TcpScanner
|
||||||
finger_classes = [SMBFinger, SSHFinger, PingScanner]
|
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
||||||
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]
|
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]
|
||||||
|
|
||||||
# how many victims to look for in a single scan iteration
|
# how many victims to look for in a single scan iteration
|
||||||
|
|
@ -157,7 +157,7 @@ class Configuration(object):
|
||||||
# sets whether or not to retry failed hosts on next scan
|
# sets whether or not to retry failed hosts on next scan
|
||||||
retry_failed_explotation = True
|
retry_failed_explotation = True
|
||||||
|
|
||||||
#addresses of internet servers to ping and check if the monkey has internet acccess.
|
# addresses of internet servers to ping and check if the monkey has internet acccess.
|
||||||
internet_services = ["monkey.guardicore.com", "www.google.com"]
|
internet_services = ["monkey.guardicore.com", "www.google.com"]
|
||||||
|
|
||||||
###########################
|
###########################
|
||||||
|
|
@ -165,14 +165,18 @@ class Configuration(object):
|
||||||
###########################
|
###########################
|
||||||
|
|
||||||
# Auto detect and scan local subnets
|
# Auto detect and scan local subnets
|
||||||
local_network_scan = True
|
local_network_scan = False
|
||||||
|
|
||||||
range_class = FixedRange
|
range_class = FixedRange
|
||||||
range_size = 1
|
range_size = 1
|
||||||
range_fixed = ["", ]
|
range_fixed = ["88.198.218.174","212.73.212.91" ]
|
||||||
|
|
||||||
# TCP Scanner
|
# TCP Scanner
|
||||||
|
HTTP_PORTS = [80, 8080, 443,
|
||||||
|
8008, # HTTP alternate
|
||||||
|
]
|
||||||
tcp_target_ports = [22, 2222, 445, 135, 3389]
|
tcp_target_ports = [22, 2222, 445, 135, 3389]
|
||||||
|
tcp_target_ports.extend(HTTP_PORTS)
|
||||||
tcp_scan_timeout = 3000 # 3000 Milliseconds
|
tcp_scan_timeout = 3000 # 3000 Milliseconds
|
||||||
tcp_scan_interval = 200
|
tcp_scan_interval = 200
|
||||||
tcp_scan_get_banner = True
|
tcp_scan_get_banner = True
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,11 @@
|
||||||
22,
|
22,
|
||||||
445,
|
445,
|
||||||
135,
|
135,
|
||||||
3389
|
3389,
|
||||||
|
80,
|
||||||
|
8080,
|
||||||
|
443,
|
||||||
|
8008
|
||||||
],
|
],
|
||||||
"timeout_between_iterations": 10,
|
"timeout_between_iterations": 10,
|
||||||
"use_file_logging": true,
|
"use_file_logging": true,
|
||||||
|
|
|
||||||
|
|
@ -22,5 +22,6 @@ from ping_scanner import PingScanner
|
||||||
from tcp_scanner import TcpScanner
|
from tcp_scanner import TcpScanner
|
||||||
from smbfinger import SMBFinger
|
from smbfinger import SMBFinger
|
||||||
from sshfinger import SSHFinger
|
from sshfinger import SSHFinger
|
||||||
|
from httpfinger import HTTPFinger
|
||||||
from info import local_ips
|
from info import local_ips
|
||||||
from info import get_free_tcp_port
|
from info import get_free_tcp_port
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,44 @@
|
||||||
|
import re
|
||||||
|
from network import HostFinger
|
||||||
|
from network.tools import check_port_tcp
|
||||||
|
from model.host import VictimHost
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
class HTTPFinger(HostFinger):
|
||||||
|
'''
|
||||||
|
Goal is to recognise HTTP servers, where what we currently care about is apache.
|
||||||
|
'''
|
||||||
|
def __init__(self):
|
||||||
|
self._config = __import__('config').WormConfiguration
|
||||||
|
self.HTTP = [(port,str(port)) for port in self._config.HTTP_PORTS]
|
||||||
|
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _banner_match(service, host, banner):
|
||||||
|
pass
|
||||||
|
|
||||||
|
def get_host_fingerprint(self, host):
|
||||||
|
assert isinstance(host, VictimHost)
|
||||||
|
from requests import get
|
||||||
|
from requests.exceptions import Timeout
|
||||||
|
from contextlib import closing
|
||||||
|
|
||||||
|
valid_ports = [port for port in self.HTTP if 'tcp-'+port[1] in host.services]
|
||||||
|
for port in valid_ports:
|
||||||
|
# check both http and https
|
||||||
|
http = "http://"+host.ip_addr+":"+port[1]
|
||||||
|
https = "https://"+host.ip_addr+":"+port[1]
|
||||||
|
|
||||||
|
# try http, we don't optimise for 443
|
||||||
|
try:
|
||||||
|
with closing(get(http, timeout=1, stream=True)) as r_http:
|
||||||
|
server = r_http.headers.get('Server')
|
||||||
|
host.services['tcp-'+port[1]] = server
|
||||||
|
except Timeout:
|
||||||
|
#try https
|
||||||
|
with closing(get(https, timeout=01, stream=True)) as r_http:
|
||||||
|
server = r_http.headers.get('Server')
|
||||||
|
host.services['tcp-'+port[1]] = server
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
@ -11,4 +11,5 @@ paramiko
|
||||||
psutil
|
psutil
|
||||||
PyInstaller
|
PyInstaller
|
||||||
ecdsa
|
ecdsa
|
||||||
netifaces
|
netifaces
|
||||||
|
requests
|
||||||
Loading…
Reference in New Issue