-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add additional timing options to snmp_login scanner #4722
Changes from 3 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,35 @@ class SNMP | |
PRIVATE_TYPES = [ :password ] | ||
REALM_KEY = nil | ||
|
||
# @!attribute retries | ||
# @return [Fixnum] The number of retries | ||
attr_accessor :retries | ||
|
||
validates :retries, | ||
presence: true, | ||
numericality: { | ||
only_integer: true, | ||
greater_than_or_equal_to: 0 | ||
} | ||
|
||
# @!attribute version | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. YARD has advised that # The SNMAP version to scan
#
# @return [String]
attr_accessor :version There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hmm lib/metasploit/framework is littered with this convention FYI. I will change here though |
||
# @return [String] The SNMP version to scan | ||
attr_accessor :version | ||
|
||
validates :version, | ||
presence: true, | ||
inclusion: { in: ['1', '2c', 'all'] } | ||
|
||
# This method returns an array of versions to scan | ||
# @return [Array] An array of versions | ||
def versions | ||
case version | ||
when '1'; [:SNMPv1] | ||
when '2c'; [:SNMPv2c] | ||
when 'all'; [:SNMPv1,:SNMPv2c] | ||
end | ||
end | ||
|
||
# This method attempts a single login with a single credential against the target | ||
# @param credential [Credential] The credential object to attmpt to login with | ||
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object | ||
|
@@ -29,14 +58,14 @@ def attempt_login(credential) | |
service_name: 'snmp' | ||
} | ||
|
||
[:SNMPv1, :SNMPv2c].each do |version| | ||
versions.each do |version| | ||
snmp_client = ::SNMP::Manager.new( | ||
:Host => host, | ||
:Port => port, | ||
:Community => credential.public, | ||
:Version => version, | ||
:Timeout => connection_timeout, | ||
:Retries => 2, | ||
:Retries => retries, | ||
:Transport => ::SNMP::RexUDPTransport, | ||
:Socket => ::Rex::Socket::Udp.create('Context' => { 'Msf' => framework, 'MsfExploit' => framework_module }) | ||
) | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,7 +30,10 @@ def initialize | |
[ | ||
Opt::RPORT(161), | ||
Opt::CHOST, | ||
OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 2]), | ||
OptInt.new('RETRIES', [true, 'The number of retries per community string', 0]), | ||
OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]), | ||
OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1','2c','all']]), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Note used 'all' incase v3 is supported in future etc ;) |
||
OptString.new('PASSWORD', [ false, 'The password to test' ]), | ||
OptPath.new('PASS_FILE', [ false, "File containing communities, one per line", | ||
File.join(Msf::Config.data_directory, "wordlists", "snmp_default_pass.txt") | ||
|
@@ -61,9 +64,11 @@ def run_batch(batch) | |
cred_details: collection, | ||
stop_on_success: datastore['STOP_ON_SUCCESS'], | ||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'], | ||
connection_timeout: 2, | ||
connection_timeout: datastore['CONNECTION_TIMEOUT'], | ||
retries: datastore['RETRIES'], | ||
version: datastore['VERSION'], | ||
framework: framework, | ||
framework_module: self, | ||
framework_module: self | ||
) | ||
|
||
scanner.scan! do |result| | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
YARD has advised that
@!attribute
is not meant to be used onattr_*
. Use comments directly instead:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should separate your attributes from your validations, so that all attributes are first, then all validations as the patten shown here