Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a GTP-U echo scanner module #11781

Merged
merged 2 commits into from Apr 30, 2019
Merged

Add a GTP-U echo scanner module #11781

merged 2 commits into from Apr 30, 2019

Conversation

zeroSteiner
Copy link
Contributor

@zeroSteiner zeroSteiner commented Apr 26, 2019
edited by busterb

This module provides a port of Daniel Mende's (released under the BSD license) gtp-scan.py utility. It brings the ability to scan for GPRS servers to Metasploit via sending GTP-U v1 and v2 echo requests.

Testing Steps

  • Start ./msfconsole
  • Use auxiliary/scanner/gprs/gtp_echo
  • Set the RHOSTS option as appropriate
  • Run the module and see echo responses received from listening servers

Example Usage

metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) > set RHOSTS 192.168.28.200-192.168.28.208
RHOSTS => 192.168.28.200-192.168.28.208
metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) > run

[*] [2019.04.22-16:38:27] Sending probes to 192.168.28.200->192.168.28.208 (9 hosts)
[+] [2019.04.22-16:38:42] GTP v1 echo response received from: 192.168.28.200:2152
[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.201:2152
[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.207:2152
[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.208:2152
[*] [2019.04.22-16:38:43] Scanned 9 of 9 hosts (100% complete)
[*] Auxiliary module execution completed
metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) >

@zeroSteiner
Copy link
Contributor Author

Travis reports the build failed, but then the details state that the repository couldn't be found. 🤔

@bcoles
Copy link
Contributor

bcoles commented Apr 26, 2019
edited

Travis reports the build failed, but then the details state that the repository couldn't be found. thinking

Tests have been broken for a week or so.

Edit: Tests have now been fixed in #11782.

@bcoles bcoles added the module label Apr 30, 2019
@busterb busterb self-assigned this Apr 30, 2019
busterb
busterb reviewed Apr 30, 2019
View reviewed changes
modules/auxiliary/scanner/gprs/gtp_echo.rb

register_options([
OptEnum.new('VERSION', [ true, 'The GTP version to use', '1', ['1', '2'] ]),
Opt::RPORT(2152)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note, by setting this to 2123 you also get a GTP-C scanner.

@busterb busterb merged commit fad4ce7 into rapid7:master Apr 30, 2019
@busterb
Copy link
Member

busterb commented Apr 30, 2019

Added 0b24b9f + cc62ca5

busterb added a commit that referenced this pull request Apr 30, 2019
@busterb
Land #11781, add GTP-U echo scanner module
d8432fd
@busterb
Copy link
Member

busterb commented Apr 30, 2019
edited by gdavidson-r7

Release Notes

The scanner/gprs/gtp_echo auxiliary module has been added to the framework. This adds a port of Daniel Mende's (released under the BSD license) gtp-scan.py utility. It brings the ability to scan for GPRS servers to Metasploit via sending GTP-U v1 and v2 echo requests.

msjenkins-r7 pushed a commit that referenced this pull request Apr 30, 2019
@busterb @msjenkins-r7
Land #11781, add GTP-U echo scanner module
953a6b7
@gdavidson-r7 gdavidson-r7 added the rn-modules release notes for new or majorly enhanced modules label May 14, 2019
@Josue198s
Copy link

is it possible to use a list of ip ranges instead of just one host ip?

@zeroSteiner zeroSteiner deleted the feat/mod/gprs branch February 23, 2021 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@busterb busterb busterb left review comments

@wvu wvu wvu left review comments

Assignees

@busterb busterb

Labels
module rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@zeroSteiner @bcoles @busterb @Josue198s @wvu @gdavidson-r7