Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a GTP-U echo scanner module #11781

Merged
merged 2 commits into from Apr 30, 2019

Conversation

Projects
None yet
5 participants
@zeroSteiner
Copy link
Contributor

commented Apr 26, 2019

This module provides a port of Daniel Mende's (released under the BSD license) gtp-scan.py utility. It brings the ability to scan for GPRS servers to Metasploit via sending GTP-U v1 and v2 echo requests.

Testing Steps

  • Start ./msfconsole
  • Use auxiliary/scanner/gprs/gtp_echo
  • Set the RHOSTS option as appropriate
  • Run the module and see echo responses received from listening servers

Example Usage

metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) > set RHOSTS 192.168.28.200-192.168.28.208
RHOSTS => 192.168.28.200-192.168.28.208
metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) > run

[*] [2019.04.22-16:38:27] Sending probes to 192.168.28.200->192.168.28.208 (9 hosts)
[+] [2019.04.22-16:38:42] GTP v1 echo response received from: 192.168.28.200:2152
[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.201:2152
[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.207:2152
[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.208:2152
[*] [2019.04.22-16:38:43] Scanned 9 of 9 hosts (100% complete)
[*] Auxiliary module execution completed
metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) >
@zeroSteiner

This comment has been minimized.

Copy link
Contributor Author

commented Apr 26, 2019

Travis reports the build failed, but then the details state that the repository couldn't be found. 🤔

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Apr 26, 2019

Travis reports the build failed, but then the details state that the repository couldn't be found. thinking

Tests have been broken for a week or so.

Edit: Tests have now been fixed in #11782.

@bcoles bcoles added the module label Apr 30, 2019

@busterb busterb self-assigned this Apr 30, 2019


register_options([
OptEnum.new('VERSION', [ true, 'The GTP version to use', '1', ['1', '2'] ]),
Opt::RPORT(2152)

This comment has been minimized.

Copy link
@busterb

busterb Apr 30, 2019

Contributor

Note, by setting this to 2123 you also get a GTP-C scanner.

@busterb busterb merged commit fad4ce7 into rapid7:master Apr 30, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Contributor

commented Apr 30, 2019

Added 0b24b9f + cc62ca5

busterb added a commit that referenced this pull request Apr 30, 2019

@busterb

This comment has been minimized.

Copy link
Contributor

commented Apr 30, 2019

Release Notes

The scanner/gprs/gtp_echo auxiliary module has been added to the framework. This adds a port of Daniel Mende's (released under the BSD license) gtp-scan.py utility. It brings the ability to scan for GPRS servers to Metasploit via sending GTP-U v1 and v2 echo requests.

msjenkins-r7 added a commit that referenced this pull request Apr 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.