-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module #4061
Conversation
fab7dda
to
c86e40d
Compare
I'm not sure about the sniff functionality in this module. It needs a lot of cleanup and does less than what tcpdump/wireshark could already do for you. I'm going to just remove it unless there are any objections. |
My most recent push completes the almost complete rewrite of this module. Someone else will need to handle landing this. |
I agree with all the changes, it may be improved when it lands. Thanks for the corrections. |
I discussed this (and #4067) with @todb-r7 and it is OK to land. I walked through the validation steps and everything checks out. As an added bonus, where I happened to be when I tested this is a Cisco environment with CDP enabled -- when I ran the module, the Cisco switch I was connected to responds to my CDP messages with useful information, which proves that the CDP messages sent by this module are sound. Thanks for the contribution, @fozavci! |
Also, I am not sure why this didn't auto-close, but you can see in 31b366d that this was merged OK. |
Thanks for your assistance. |
@jhart-r7 looks like there was no merge commit for this module, which is why you never saw the autoclose.
Incidentally, none of the commits are signed, either. Not sure how you got in this position. I'm sure it's all okay and it was really you, but I bet there was some rebasing going on, as the commit history on this file doesn't appear to match up with this PR. (See how commit 7e93d89 has a different timestamp from c80dc39). |
My guess is that you merged, rebased, got a change from upstream, then pushed. The rebase will remove signatures and rewrite commit history. |
By the way, what's the purpose of this module, @fozavci ? The description isn't all that descriptive of why anyone would do this. As far as I can tell, you're sending the discovery packets, sleep for a minute, but then you don't do anything with any response. I'd love to have some more whys and wherefores in the description. Like mentioning, for starters, that the user should be watching for responses with an external packet sniffer. |
Fixes the grammar on the SMTP enumeration module and the Cisco CDP module, and adds a more informative description and reference for the CDP module introduced on PR rapid7#4061.
#4258 takes a stab and making the description on this more accurate and useful. |
From rapid7#4061, please don't decorate author names with URLs.
This modules is developed to send custom Cisco CDP packets. It can be used to attack Cisco VLAN environment or voice VLANs. This was ported from Viproy (http://www.viproy.com)
Validation