Extending Metasploit Resource Files
Friday, September 9, 2011 at 8:44PM Today I saw an email on the Metasploit mailing list asking how one could scan hosts detected by other auxiliary modules and not scanned by Nmap so as to enumerate all services that might have been missed on this hosts. This gave me the excuse to play a bit with ruby inside resources files, something I have not done much of and came up with this little dab of ruby code that could be placed inside a resource file and used to scan al host. The script will actually check the notes for hosts that have any note with a type that starts with host.nmap and add the Host ID to an array, I use the uniq! method to remove any duplicates then go thru the entire list of host in the database and check if there ID is on the list of hosts already scanned by Nmap, if they are not then I run an Nmap scan against them. Do not know if you guys might find this useful but I will definitely keep it inside a resource file for those cases when I need to make sure I’m not missing anything in an internal assessment. Here is the code for it
| <ruby> | |
| if Process.uid == 0 | |
| # Set Variables | |
| scanned_hosts = [] | |
| # Collect host already scanned with nmap | |
| print_status("Collecting hosts already scanned by nmap.") | |
| framework.db.notes.each do |n| | |
| if n.ntype =~ /host.nmap/ | |
| scanned_hosts << n.host_id | |
| end | |
| end | |
| # Remove duplicates | |
| scanned_hosts.uniq! | |
| # Collect list of Hosts | |
| framework.db.hosts.each do |h| | |
| if not scanned_hosts.include?(h.id) | |
| print_good("Running nmap scan against #{h.address}") | |
| self.run_single("db_nmap -A -sV -T4 --stats-every 5s -Pn #{h.address}") | |
| else | |
| print_status("Host #{h.address} has already been scanned") | |
| end | |
| end | |
| else | |
| print_error("You need to run this resource file as root!!!") | |
| end | |
| </ruby> |
