89 lines
2.9 KiB
Plaintext
89 lines
2.9 KiB
Plaintext
// import Database/functions
|
|
// comment out if importing
|
|
import_code("/dev/scanner/libbindb.src")
|
|
import_code("/dev/scanner/database.src")
|
|
import_code("/dev/scanner/util_import.src")
|
|
|
|
// Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.
|
|
// TODO: Needs confirming, initial tests seem correct.
|
|
checkPrivilege = function(result)
|
|
if(typeof(result) == "shell") then result = result.host_computer
|
|
if(typeof(result) == "computer") then
|
|
//checking root
|
|
file = result.File("/lib/init.so")
|
|
if( file.has_permission("w") != 0) then return "Root"
|
|
//check user
|
|
homeFolders = result.File("/home")
|
|
homeFolders = homeFolders.get_folders
|
|
if(len(homeFolders) <= 1) then return "Guest"
|
|
for folder in homeFolders
|
|
file = result.File("/home/" + folder.name + "/Config/Mail.txt")
|
|
if(file) then
|
|
if(file.has_permission("w")) then return "User"
|
|
end if
|
|
end for
|
|
|
|
return "Guest"
|
|
end if
|
|
return "null"
|
|
end function
|
|
|
|
|
|
// scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits
|
|
// TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.
|
|
// TODO: figure out how to get requirments for exploits.
|
|
scanPort = function(ip, port, optional, metaxploit)
|
|
net_session = metaxploit.net_use(ip,port)
|
|
|
|
lib = net_session.dump_lib
|
|
print(lib.lib_name)
|
|
memList = metaxploit.scan(lib)
|
|
for address in memList
|
|
keys = metaxploit.scan_address(lib,address)
|
|
vulns = keys.split("Unsafe check: ")
|
|
keyList =[]
|
|
for string in vulns
|
|
keyList.push(string[string.indexOf("<b>")+3:string.indexOf("</b>")])
|
|
end for
|
|
|
|
for key in keyList
|
|
result = lib.overflow(address,key,optional)
|
|
if (typeof(result) != "null") then
|
|
print(typeof(result))
|
|
insertVuln(lib.lib_name,lib.version,address,key,typeof(result),checkPrivilege(result))
|
|
end if
|
|
end for
|
|
end for
|
|
end function
|
|
|
|
scanner = function(target_ip)
|
|
|
|
|
|
metaxploit = mxploit()
|
|
|
|
target_ip = webToIp(target_ip)
|
|
if(target_ip == 1) then exit("Invalid IP")
|
|
|
|
// fetch router object and configured ports
|
|
target_router = get_router(target_ip)
|
|
target_ports = target_router.used_ports
|
|
|
|
// DO ALL THE THINGS. needs cleaning
|
|
scanPort(target_ip, 0, target_router.local_ip, metaxploit)
|
|
for port in target_ports
|
|
if(port.is_closed != 1) then
|
|
scanPort(target_ip, port.port_number, "dave", metaxploit)
|
|
else
|
|
print(port.port_number + " is Closed.")
|
|
end if
|
|
end for
|
|
|
|
nmap(target_ip, true)
|
|
|
|
end function
|
|
|
|
//comment out if using as import
|
|
|
|
if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
|
|
myDB = database()
|
|
scanner(params[0]) |