CoCalc -- tcp.rb

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/scanner/portscan/tcp.rb
²¹³⁶⁷ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8

9
  include Msf::Auxiliary::Report
10
  include Msf::Auxiliary::Scanner
11

12
  def initialize
13
    super(
14
      'Name' => 'TCP Port Scanner',
15
      'Description' => %q{
16
        Enumerate open TCP services by performing a full TCP connect on each port.
17
        This does not need administrative privileges on the source machine, which
18
        may be useful if pivoting.
19
      },
20
      'Author' => [ 'hdm', 'kris katterjohn' ],
21
      'License' => MSF_LICENSE
22
    )
23

24
    register_options(
25
      [
26
        OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]),
27
        OptInt.new('TIMEOUT', [true, "The socket connect timeout in milliseconds", 1000]),
28
        OptInt.new('CONCURRENCY', [true, "The number of concurrent ports to check per host", 10]),
29
        OptInt.new('DELAY', [true, "The delay between connections, per thread, in milliseconds", 0]),
30
        OptInt.new('JITTER', [true, "The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.", 0]),
31
      ]
32
    )
33

34
    deregister_options('RPORT')
35
  end
36

37
  def run_host(ip)
38
    timeout = datastore['TIMEOUT'].to_i
39

40
    ports = Rex::Socket.portspec_crack(datastore['PORTS'])
41

42
    if ports.empty?
43
      raise Msf::OptionValidateError.new(['PORTS'])
44
    end
45

46
    jitter_value = datastore['JITTER'].to_i
47
    if jitter_value < 0
48
      raise Msf::OptionValidateError.new(['JITTER'])
49
    end
50

51
    delay_value = datastore['DELAY'].to_i
52
    if delay_value < 0
53
      raise Msf::OptionValidateError.new(['DELAY'])
54
    end
55

56
    while (ports.length > 0)
57
      t = []
58
      r = []
59
      begin
60
        1.upto(datastore['CONCURRENCY']) do
61
          this_port = ports.shift
62
          break if not this_port
63

64
          t << framework.threads.spawn("Module(#{self.refname})-#{ip}:#{this_port}", false, this_port) do |port|
65
            begin
66
              # Add the delay based on JITTER and DELAY if needs be
67
              add_delay_jitter(delay_value, jitter_value)
68

69
              # Actually perform the TCP connection
70
              s = connect(false,
71
                          {
72
                            'RPORT' => port,
73
                            'RHOST' => ip,
74
                            'ConnectTimeout' => (timeout / 1000.0)
75
                          })
76
              if s
77
                print_good("#{ip}:#{port} - TCP OPEN")
78
                r << [ip, port, "open"]
79
              end
80
            rescue ::Rex::ConnectionRefused
81
              vprint_status("#{ip}:#{port} - TCP closed")
82
            rescue ::Rex::ConnectionError, ::IOError, ::Timeout::Error
83
            rescue ::Rex::Post::Meterpreter::RequestError
84
            rescue ::Interrupt
85
              raise $!
86
            rescue ::Exception => e
87
              print_error("#{ip}:#{port} exception #{e.class} #{e} #{e.backtrace}")
88
            ensure
89
              if s
90
                disconnect(s) rescue nil
91
              end
92
            end
93
          end
94
        end
95
        t.each { |x| x.join }
96
      rescue ::Timeout::Error
97
      ensure
98
        t.each { |x| x.kill rescue nil }
99
      end
100

101
      r.each do |res|
102
        report_service(:host => res[0], :port => res[1], :state => res[2])
103
      end
104
    end
105
  end
106
end
107

108
Product

Resources

Company
