Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Xymon Daemon Gather Information module #12032

Merged
merged 6 commits into from
Aug 8, 2019
Merged

Add Xymon Daemon Gather Information module #12032

merged 6 commits into from
Aug 8, 2019

Conversation

bcoles
Copy link
Contributor

@bcoles bcoles commented Jun 29, 2019
edited
Loading

Add Xymon Daemon Gather Information module.

    This module retrieves information from a Xymon daemon service
    (formerly Hobbit, based on Big Brother), including server
    configuration information, a list of monitored hosts, and
    associated client log for each host.

There's probably not a lot of these services around these days.

Returns a lot of data about the target system(s). As useful, if not more so, than read-only SNMP.

msf5 > use auxiliary/gather/xymon_info 
msf5 auxiliary(gather/xymon_info) > set rhosts 172.16.191.250
rhosts => 172.16.191.250
msf5 auxiliary(gather/xymon_info) > run
[*] Running module against 172.16.191.250
[*] 172.16.191.250:1984 - Xymon daemon version 4.3.28
[*] 172.16.191.250:1984 - Retrieving configuration files ...
[+] 172.16.191.250:1984 - xymonserver.cfg (18347 bytes) stored in /root/.msf4/loot/20190629235042_default_172.16.191.250_xymon.config.xym_136371.txt
[+] 172.16.191.250:1984 - hosts.cfg (745 bytes) stored in /root/.msf4/loot/20190629235042_default_172.16.191.250_xymon.config.hos_647070.txt
[*] 172.16.191.250:1984 - Retrieving host list ...
[+] 172.16.191.250:1984 - Host info (127 bytes) stored in /root/.msf4/loot/20190629235042_default_172.16.191.250_xymon.hostinfo_254799.txt
[+] 172.16.191.250:1984 - Found 3 hosts
[*] 172.16.191.250:1984 - Retrieving client logs ...
[+] 172.16.191.250:1984 - debian-9-6-0-x64-xfce.local client log (87942 bytes) stored in /root/.msf4/loot/20190629235042_default_172.16.191.250_xymon.hosts.debi_671716.txt
[*] 172.16.191.250:1984 - test-host client log is empty
[*] 172.16.191.250:1984 - another-test-host client log is empty
[*] Auxiliary module execution completed

Depends on #12031

@bcoles bcoles changed the title Add Xymon Daemon Gather Client Host Information module Add Xymon Daemon Gather Information module Jun 30, 2019
@bcoles bcoles added docs and removed needs-docs labels Jun 30, 2019
@bcoles bcoles marked this pull request as ready for review July 1, 2019 10:50
@bcoles bcoles added the blocked Blocked by one or more additional tasks label Jul 1, 2019
@bcoles
Copy link
Contributor Author

bcoles commented Jul 1, 2019
edited
Loading

Adding delayed tag pending #12031.

@bcoles bcoles removed the blocked Blocked by one or more additional tasks label Jul 12, 2019
@bcoles
Copy link
Contributor Author

bcoles commented Jul 16, 2019

@asoto-r7 if you've still got the Xymon test VM setup, this PR should hopefully (?) be an easy land.

@space-r7 space-r7 self-assigned this Aug 8, 2019
@space-r7
Copy link
Contributor

space-r7 commented Aug 8, 2019

Set up Xymon on a Ubuntu vm and tested:

msf5 > use auxiliary/gather/xymon_info 
msf5 auxiliary(gather/xymon_info) > set rhosts 192.168.37.131
rhosts => 192.168.37.131
msf5 auxiliary(gather/xymon_info) > run
[*] Running module against 192.168.37.131

[*] 192.168.37.131:1984 - Xymon daemon version 4.3.28
[*] 192.168.37.131:1984 - Retrieving configuration files ...
[+] 192.168.37.131:1984 - xymonserver.cfg (18316 bytes) stored in /Users/space/.msf4/loot/20190808103246_default_192.168.37.131_xymon.config.xym_004619.txt
[+] 192.168.37.131:1984 - hosts.cfg (655 bytes) stored in /Users/space/.msf4/loot/20190808103246_default_192.168.37.131_xymon.config.hos_794350.txt
[+] 192.168.37.131:1984 - xymonpasswd (44 bytes) stored in /Users/space/.msf4/loot/20190808103246_default_192.168.37.131_xymon.config.xym_291056.txt
[+] 192.168.37.131:1984 - Credentials: admin : $apr1$ZhfTKttP$5p6V0qnKzC550vB8rtpCu/
[*] 192.168.37.131:1984 - Retrieving host list ...
[+] 192.168.37.131:1984 - Host info (36 bytes) stored in /Users/space/.msf4/loot/20190808103246_default_192.168.37.131_xymon.hostinfo_667036.txt
[+] 192.168.37.131:1984 - Found 1 hosts
[*] 192.168.37.131:1984 - Retrieving client logs ...
[+] 192.168.37.131:1984 - ubuntu client log (126592 bytes) stored in /Users/space/.msf4/loot/20190808103246_default_192.168.37.131_xymon.hosts.ubun_849800.txt
[*] Auxiliary module execution completed

Code looks good to me!

@space-r7 space-r7 merged commit cd1669f into rapid7:master Aug 8, 2019
space-r7 added a commit that referenced this pull request Aug 8, 2019
@space-r7
Land #12032, add Xymon gather info module
9418f4b
msjenkins-r7 pushed a commit that referenced this pull request Aug 8, 2019
@space-r7 @msjenkins-r7
Land #12032, add Xymon gather info module
bb21979
@space-r7
Copy link
Contributor

space-r7 commented Aug 8, 2019
edited by tdoan-r7
Loading

Release Notes

The xymon_info module has been added to the framework. It targets Xymon daemon services and retrieves information such as server configuration information, a list of monitored hosts, and associated client log for each host.

@bcoles bcoles deleted the xymon_info branch August 9, 2019 08:52
@jmartin-tech
Copy link
Contributor

Marked msf5 due to usage of hashes/identify not available in 4.x.

jmartin-tech added a commit that referenced this pull request Aug 10, 2019
@jmartin-tech
Revert "Land #12032, add Xymon gather info module"
9e7a964 
This reverts commit bb21979.
@tdoan-r7 tdoan-r7 added the rn-modules release notes for new or majorly enhanced modules label Aug 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@space-r7 space-r7

Labels
docs module msf5 rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bcoles @space-r7 @jmartin-tech @tdoan-r7