PageRenderTime 109ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/network/internal_network_fingerprinting/module.rb

http://beef.googlecode.com/
Ruby | 55 lines | 17 code | 4 blank | 34 comment | 3 complexity | 236a7fb410b8dabc3649ff4ce11b723a MD5 | raw file
    

  1. #
    2. 

  2. #   Copyright 2011 Wade Alcorn wade@bindshell.net
    3. 

  3. #
    4. 

  4. #   Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. #   you may not use this file except in compliance with the License.
    6. 

  6. #   You may obtain a copy of the License at
    7. 

  7. #
    8. 

  8. #       http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. #
    10. 

  10. #   Unless required by applicable law or agreed to in writing, software
    11. 

  11. #   distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. #   See the License for the specific language governing permissions and
    14. 

  14. #   limitations under the License.
    15. 

  15. #
    16. 

  16. #
    17. 

  17. # Internal Network Fingerprinting
    18. 

  18. # Discover devices and applications in the internal network of the victim using
    19. 

  19. # signatures like default logo images/favicons (partially based on the Yokoso idea).
    20. 

  20. # It does this by loading images on common/predefined local network
    21. 

  21. # IP addresses then matching the image width, height and path to those
    22. 

  22. # for a known device.
    23. 

  23. #
    24. 

  24. # TODO LIST
    25. 

  25. # Add IPv6 support
    26. 

  26. # Add HTTPS support
    27. 

  27. # -  Devices with invalid certs are blocked by IE and FF by default
    28. 

  28. # Improve stealth
    29. 

  29. # -  Load images with CSS "background:" CSS to avoid http auth login popups
    30. 

  30. # Improve speed
    31. 

  31. # -  Make IP addresses a user-configurable option rather than a hard-coded list
    32. 

  32. # -  Detect local ip range first - using browser history and/or with java
    33. 

  33. #    - History theft via CSS history is patched in modern browsers.
    34. 

  34. #    - Local IP theft with Java is slow and may fail
    35. 

  35. 

  36. 

  37. class Internal_network_fingerprinting < BeEF::Core::Command
    38. 

  38.   
    39. 

  39.   def self.options
    40. 

  40.     return [
    41. 

  41.         {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'},
    42. 

  42.         {'name' => 'ports', 'ui_label' => 'Ports to test', 'value' => '80,8080'}
    43. 

  43.     ]
    44. 

  44.   end
    45. 

  45.   
    46. 

  46.   def post_execute
    47. 

  47.     content = {}
    48. 

  48.     content['device'] =@datastore['device'] if not @datastore['device'].nil?
    49. 

  49.     content['url'] = @datastore['url'] if not @datastore['url'].nil?
    50. 

  50.     if content.empty?
    51. 

  51.       content['fail'] = 'No devices/applications have been discovered.'
    52. 

  52.     end
    53. 

  53.     save content
    54. 

  54.   end
    55. 

  55. end
    56. 

  56.