-
Notifications
You must be signed in to change notification settings - Fork 13.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improves UX for scanner/login modules
- Loading branch information
1 parent
6301d84
commit 6dd306e
Showing
7 changed files
with
97 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
# -*- coding: binary -*- | ||
|
||
module Msf | ||
class Auxiliary | ||
### | ||
# | ||
# This module provides a means to report successful logins | ||
# | ||
### | ||
module ReportLogins | ||
# Takes the login/session results and outputs statuses based upon successful credentials and sessions | ||
# as well as conditionally outputting the results in a Rex::Text::Table format | ||
# | ||
# @param results [Hash{String => [Metasploit::Framework::LoginScanner::Result, Msf::Sessions]}] | ||
# @return [Hash] Host mapped to successful logins and sessions | ||
def successful_logins(results) | ||
logins = results.flat_map { |_k, v| v[:successful_logins] }.compact | ||
sessions = results.flat_map { |_k, v| v[:successful_sessions] }.compact | ||
|
||
# return results unless framework.features.enabled?(Msf::FeatureManager::MSSQL_SESSION_TYPE) | ||
|
||
print_status("Bruteforce completed, #{logins.size} #{logins.size == 1 ? 'credential was' : 'credentials were'} successful.") | ||
if datastore['CreateSession'] | ||
print_status("#{sessions.size} MySQL #{sessions.size == 1 ? 'session was' : 'sessions were'} opened successfully.") | ||
else | ||
print_status('You can open an MySQL session with these credentials and %grnCreateSession%clr set to true') | ||
end | ||
|
||
show_successful_logins(results) | ||
|
||
results | ||
end | ||
|
||
private | ||
|
||
# Logic to detect if the ShowSuccessLogins datastore option has been set | ||
# | ||
# @param [Hash] results Host mapped to successful logins and sessions | ||
# @return [String] Rex::Text::Table containing successful logins | ||
def show_successful_logins(results) | ||
if datastore['ShowSuccessLogins'] == true | ||
successful_logins_to_table(results) | ||
end | ||
end | ||
|
||
# The idea here is to add a hybrid approach for scanner modules | ||
# If only one host is scanned a more verbose output is useful to the user | ||
# If scanning multiple hosts we would want more lightweight information | ||
# | ||
# @param [Object] mod The framework module object | ||
def conditional_verbose_output(host_count, mod) | ||
if host_count == 1 | ||
mod.datastore['Verbose'] = true | ||
end | ||
end | ||
|
||
# Takes the login/session results and converts them into a Rex::Text::Table format | ||
# | ||
# @param results [Hash{String => [Metasploit::Framework::LoginScanner::Result, Msf::Sessions]}] | ||
# @return [String] Rex::Text::Table containing successful logins | ||
def successful_logins_to_table(results) | ||
field_headers = %w[Host Public Private] | ||
|
||
markdown_fields = results.flat_map do |host, result| | ||
|
||
if result[:successful_logins].nil? | ||
next | ||
end | ||
|
||
result[:successful_logins].map do |res| | ||
[host, res.credential.public, res.credential.private] | ||
end | ||
end | ||
|
||
table = ::Rex::Text::Table.new( | ||
'Header' => 'Successful logins', | ||
'Indent' => 4, | ||
'Columns' => field_headers, | ||
'Rows' => markdown_fields.compact | ||
) | ||
|
||
print_line("\n" + table.to_s + "\n") | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters