Class: Metasploit::Framework::LoginScanner::Nessus
- Defined in:
- lib/metasploit/framework/login_scanner/nessus.rb
Constant Summary collapse
- DEFAULT_PORT =
8834- PRIVATE_TYPES =
[ :password ]
- LIKELY_SERVICE_NAMES =
[ 'nessus' ]
- LOGIN_STATUS =
Shorter name
Metasploit::Model::Login::Status
Constants inherited from HTTP
HTTP::AUTHORIZATION_HEADER, HTTP::DEFAULT_HTTP_NOT_AUTHED_CODES, HTTP::DEFAULT_HTTP_SUCCESS_CODES, HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::REALM_KEY
Instance Attribute Summary
Attributes inherited from HTTP
#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_shuffle_get_params, #evade_shuffle_post_params, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_password, #http_success_codes, #http_username, #keep_connection_alive, #kerberos_authenticator_factory, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost
Instance Method Summary collapse
-
#attempt_login(credential) ⇒ Result
Attempts to login to Nessus.
-
#check_setup ⇒ Boolean
Checks if the target is a Tenable Nessus server.
-
#get_login_state(username, password) ⇒ Hash
Actually doing the login.
- #set_sane_defaults ⇒ Object
Methods inherited from HTTP
#authentication_required?, #send_request
Instance Method Details
#attempt_login(credential) ⇒ Result
Attempts to login to Nessus.
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 63 def attempt_login(credential) result_opts = { credential: credential, status: Metasploit::Model::Login::Status::INCORRECT, proof: nil, host: host, port: port, protocol: 'tcp' } begin result_opts.merge!(get_login_state(credential.public, credential.private)) rescue ::Rex::ConnectionError => e # Something went wrong during login. 'e' knows what's up. result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.) end Result.new(result_opts) end |
#check_setup ⇒ Boolean
Checks if the target is a Tenable Nessus server.
19 20 21 22 23 24 25 26 27 |
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 19 def check_setup login_uri = "/server/properties" res = send_request({'uri'=> login_uri}) if res && res.body.include?('Nessus') return true end false end |
#get_login_state(username, password) ⇒ Hash
Actually doing the login. Called by #attempt_login
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 36 def get_login_state(username, password) login_uri = "#{uri}" res = send_request({ 'uri' => login_uri, 'method' => 'POST', 'vars_post' => { 'username' => username, 'password' => password } }) unless res return {:status => LOGIN_STATUS::UNABLE_TO_CONNECT, :proof => res.to_s} end if res.code == 200 && res.body =~ /token/ return {:status => LOGIN_STATUS::SUCCESSFUL, :proof => res.body.to_s} end {:status => LOGIN_STATUS::INCORRECT, :proof => res.to_s} end |
#set_sane_defaults ⇒ Object
83 84 85 86 87 88 |
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 83 def set_sane_defaults super # nessus_rest_login has the same default in TARGETURI, but rspec doesn't check nessus_rest_login # so we have to set the default here, too. self.uri = '/session' end |