metasploit resource script to use a list of hostnames, run http modules and set the VHOST as well
<ruby> | |
#variables | |
maxjobs = 5 #throttling if we get too much jobs | |
#default to 15 Threads | |
if (framework.datastore['THREADS'] == nil) | |
run_single("setg THREADS 5") | |
end | |
run_single("setg VERBOSE TRUE") | |
if (framework.datastore['VERBOSE'] == "true") #we look in the global datastore for a global VERBOSE option and use it | |
verbose = 1 #true | |
else | |
verbose = 0 | |
end | |
# Test and see if we have a database connected | |
begin | |
framework.db.hosts | |
rescue ::ActiveRecord::ConnectionNotEstablished | |
print_error("Database connection isn't established") | |
return | |
end | |
def jobwaiting(maxjobs,verbose) #thread handling for poor guys | |
while(framework.jobs.keys.length >= maxjobs) | |
::IO.select(nil, nil, nil, 2.5) | |
if(verbose == 1) | |
print_error("WAITING for finishing some modules... active jobs: #{framework.jobs.keys.length} / threads: #{framework.threads.length}") | |
end | |
end | |
end | |
#this part should be used to populate the DB with open ports/services | |
File.open("/Users/CG/pentest/ip-hostname-mix.txt", "r") do |f| | |
f.each_line do |line| | |
run_single("setg RHOSTS #{line}") | |
run_single("setg VHOST #{line}") | |
print_line("") | |
print_line("") | |
print_line("Looking for web servers") | |
print_line("") | |
print_line("Module: HTTP VERSION") | |
run_single("use auxiliary/scanner/http/http_version") | |
run_single("set RPORT 80") | |
run_single("set SSL FALSE") | |
run_single("run -j") | |
run_single("back") | |
jobwaiting(maxjobs,verbose) | |
run_single("use auxiliary/scanner/http/http_version") | |
run_single("set RPORT 443") | |
run_single("set SSL TRUE") | |
run_single("run -j") | |
run_single("back") | |
jobwaiting(maxjobs,verbose) | |
end | |
end | |
</ruby> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment