Running Auxiliary Modules Against Multiple Hosts in a Sexy Manner
Do you like this story?
So a couple of cool updates finally to metasploit framework. If you inspect "db_services", you will perhaps(:P) see a super cool and sexy feature of "-R".
msf auxiliary(http_version) > db_services -h
Usage: db_services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] [-o ]
-a Search for a list of addresses
-c Only show the given columns
-h,--help Show this help information
-n Search for a list of service names
-p Search for a list of ports
-r Only show [tcp|udp] services
-u,--up Only show services which are up
-o Send output to a file in csv format
-R,--rhosts Set RHOSTS from the results of the search
Available columns: created_at, info, name, port, proto, state, updated_at
Usage: db_services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] [-o ]
-a Search for a list of addresses
-c Only show the given columns
-h,--help Show this help information
-n Search for a list of service names
-p Search for a list of ports
-r Only show [tcp|udp] services
-u,--up Only show services which are up
-o Send output to a file in csv format
-R,--rhosts Set RHOSTS from the results of the search
Available columns: created_at, info, name, port, proto, state, updated_at
Till now, only listing hosts by ports (using db_services -p 80) wass possible. however if you want to use those hosts and wanna throw modules at them, "-R" options comes handy.
msf auxiliary(http_version) > use auxiliary/scanner/http/options
msf auxiliary(options) > db_services -R -p 80
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.1.245 80 tcp http open Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
192.168.1.246 80 tcp http open Apache/2.2.3 (CentOS)
192.168.1.247 80 tcp http open Apache/2.2.12 (Ubuntu)
192.168.1.248 80 tcp http open lighttpd/1.5.0
192.168.1.249 80 tcp http open Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.11
192.168.1.251 80 tcp http open Apache
192.168.1.254 80 tcp http open Apache/2.2.3 (CentOS)
RHOSTS => file:/tmp/msf-db-rhosts-20110423-27121-10wiuni-0
msf auxiliary(options) > run
[*] Scanned 1 of 7 hosts (014% complete)
[*] Scanned 2 of 7 hosts (028% complete)
[*] 192.168.1.247 allows GET,HEAD,POST,OPTIONS methods
[*] Scanned 3 of 7 hosts (042% complete)
[*]192.168.1.248 allows OPTIONS, GET, HEAD, POST methods
[*] Scanned 4 of 7 hosts (057% complete)
[*] 192.168.1.249 allows GET,HEAD,POST,OPTIONS,TRACE methods
[*] Scanned 5 of 7 hosts (071% complete)
[*] Scanned 6 of 7 hosts (085% complete)
[*] Scanned 7 of 7 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(options) > db_services -R -p 80
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.1.245 80 tcp http open Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
192.168.1.246 80 tcp http open Apache/2.2.3 (CentOS)
192.168.1.247 80 tcp http open Apache/2.2.12 (Ubuntu)
192.168.1.248 80 tcp http open lighttpd/1.5.0
192.168.1.249 80 tcp http open Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.11
192.168.1.251 80 tcp http open Apache
192.168.1.254 80 tcp http open Apache/2.2.3 (CentOS)
RHOSTS => file:/tmp/msf-db-rhosts-20110423-27121-10wiuni-0
msf auxiliary(options) > run
[*] Scanned 1 of 7 hosts (014% complete)
[*] Scanned 2 of 7 hosts (028% complete)
[*] 192.168.1.247 allows GET,HEAD,POST,OPTIONS methods
[*] Scanned 3 of 7 hosts (042% complete)
[*]192.168.1.248 allows OPTIONS, GET, HEAD, POST methods
[*] Scanned 4 of 7 hosts (057% complete)
[*] 192.168.1.249 allows GET,HEAD,POST,OPTIONS,TRACE methods
[*] Scanned 5 of 7 hosts (071% complete)
[*] Scanned 6 of 7 hosts (085% complete)
[*] Scanned 7 of 7 hosts (100% complete)
[*] Auxiliary module execution completed
Subscribe to:
Post Comments (Atom)
0 Responses to “Running Auxiliary Modules Against Multiple Hosts in a Sexy Manner”
Post a Comment