forked from p15670423/monkey
Added basic HTTP fingering by using banner grabbing
This commit is contained in:
parent
85ee6804ee
commit
d455a8bb40
|
@ -2,7 +2,7 @@ import os
|
|||
import sys
|
||||
from network.range import FixedRange, RelativeRange, ClassCRange
|
||||
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
|
||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger
|
||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger
|
||||
from abc import ABCMeta
|
||||
import uuid
|
||||
import types
|
||||
|
@ -133,7 +133,7 @@ class Configuration(object):
|
|||
max_iterations = 1
|
||||
|
||||
scanner_class = TcpScanner
|
||||
finger_classes = [SMBFinger, SSHFinger, PingScanner]
|
||||
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
||||
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]
|
||||
|
||||
# how many victims to look for in a single scan iteration
|
||||
|
@ -157,7 +157,7 @@ class Configuration(object):
|
|||
# sets whether or not to retry failed hosts on next scan
|
||||
retry_failed_explotation = True
|
||||
|
||||
#addresses of internet servers to ping and check if the monkey has internet acccess.
|
||||
# addresses of internet servers to ping and check if the monkey has internet acccess.
|
||||
internet_services = ["monkey.guardicore.com", "www.google.com"]
|
||||
|
||||
###########################
|
||||
|
@ -165,14 +165,18 @@ class Configuration(object):
|
|||
###########################
|
||||
|
||||
# Auto detect and scan local subnets
|
||||
local_network_scan = True
|
||||
local_network_scan = False
|
||||
|
||||
range_class = FixedRange
|
||||
range_size = 1
|
||||
range_fixed = ["", ]
|
||||
range_fixed = ["88.198.218.174","212.73.212.91" ]
|
||||
|
||||
# TCP Scanner
|
||||
HTTP_PORTS = [80, 8080, 443,
|
||||
8008, # HTTP alternate
|
||||
]
|
||||
tcp_target_ports = [22, 2222, 445, 135, 3389]
|
||||
tcp_target_ports.extend(HTTP_PORTS)
|
||||
tcp_scan_timeout = 3000 # 3000 Milliseconds
|
||||
tcp_scan_interval = 200
|
||||
tcp_scan_get_banner = True
|
||||
|
|
|
@ -80,7 +80,11 @@
|
|||
22,
|
||||
445,
|
||||
135,
|
||||
3389
|
||||
3389,
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8008
|
||||
],
|
||||
"timeout_between_iterations": 10,
|
||||
"use_file_logging": true,
|
||||
|
|
|
@ -22,5 +22,6 @@ from ping_scanner import PingScanner
|
|||
from tcp_scanner import TcpScanner
|
||||
from smbfinger import SMBFinger
|
||||
from sshfinger import SSHFinger
|
||||
from httpfinger import HTTPFinger
|
||||
from info import local_ips
|
||||
from info import get_free_tcp_port
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
import re
|
||||
from network import HostFinger
|
||||
from network.tools import check_port_tcp
|
||||
from model.host import VictimHost
|
||||
|
||||
|
||||
|
||||
class HTTPFinger(HostFinger):
|
||||
'''
|
||||
Goal is to recognise HTTP servers, where what we currently care about is apache.
|
||||
'''
|
||||
def __init__(self):
|
||||
self._config = __import__('config').WormConfiguration
|
||||
self.HTTP = [(port,str(port)) for port in self._config.HTTP_PORTS]
|
||||
|
||||
|
||||
@staticmethod
|
||||
def _banner_match(service, host, banner):
|
||||
pass
|
||||
|
||||
def get_host_fingerprint(self, host):
|
||||
assert isinstance(host, VictimHost)
|
||||
from requests import get
|
||||
from requests.exceptions import Timeout
|
||||
from contextlib import closing
|
||||
|
||||
valid_ports = [port for port in self.HTTP if 'tcp-'+port[1] in host.services]
|
||||
for port in valid_ports:
|
||||
# check both http and https
|
||||
http = "http://"+host.ip_addr+":"+port[1]
|
||||
https = "https://"+host.ip_addr+":"+port[1]
|
||||
|
||||
# try http, we don't optimise for 443
|
||||
try:
|
||||
with closing(get(http, timeout=1, stream=True)) as r_http:
|
||||
server = r_http.headers.get('Server')
|
||||
host.services['tcp-'+port[1]] = server
|
||||
except Timeout:
|
||||
#try https
|
||||
with closing(get(https, timeout=01, stream=True)) as r_http:
|
||||
server = r_http.headers.get('Server')
|
||||
host.services['tcp-'+port[1]] = server
|
||||
|
||||
return True
|
|
@ -11,4 +11,5 @@ paramiko
|
|||
psutil
|
||||
PyInstaller
|
||||
ecdsa
|
||||
netifaces
|
||||
netifaces
|
||||
requests
|
Loading…
Reference in New Issue