95 lines
3.2 KiB
Plaintext
95 lines
3.2 KiB
Plaintext
// name import Database/functions
|
|
import_code("/root/myprogram")
|
|
|
|
if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
|
|
|
|
|
|
// import metaexploit from /lib or current folder
|
|
metaxploit = include_lib("/lib/metaxploit.so")
|
|
if not metaxploit then
|
|
metaxploit = include_lib(current_path + "/metaxploit.so")
|
|
end if
|
|
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
|
|
|
|
// convert argv for easier readability
|
|
target_ip = params[0]
|
|
|
|
if not is_valid_ip(target_ip) then
|
|
target_ip = nslookup(target_ip)
|
|
if not is_valid_ip(target_ip) then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
|
|
end if
|
|
|
|
// fetch router object en configured ports
|
|
target_router = get_router(target_ip)
|
|
target_ports = target_router.used_ports
|
|
|
|
// print details of router and configured ports
|
|
// TODO: Add port status
|
|
// TODO: Add deepscan for connected devices
|
|
column = "<b>Number Type Version IP</b>"
|
|
column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip
|
|
for port in target_ports
|
|
column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip
|
|
end for
|
|
|
|
print("\nIP Address : " + target_ip)
|
|
print(format_columns(column))
|
|
|
|
|
|
// Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.
|
|
// TODO: Needs confirming, initial tests seem correct.
|
|
checkPrivilege = function(result)
|
|
if(typeof(result) == "shell") then result = result.host_computer
|
|
if(typeof(result) == "computer") then
|
|
//checking root
|
|
file = result.File("/lib/init.so")
|
|
if( file.has_permission("w") != 0) then return "Root"
|
|
//check user
|
|
file = result.File("/etc/passwd")
|
|
if( file.has_permission("w")) then return "User"
|
|
|
|
return "Guest"
|
|
end if
|
|
return "null"
|
|
end function
|
|
|
|
|
|
// scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits
|
|
// TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.
|
|
// TODO: figure out how to get requirments for exploits.
|
|
scanPort = function(ip, port, optional)
|
|
net_session = metaxploit.net_use(ip,port)
|
|
|
|
lib = net_session.dump_lib
|
|
memList = metaxploit.scan(lib)
|
|
for address in memList
|
|
keys = metaxploit.scan_address(lib,address)
|
|
vulns = keys.split("Unsafe check: ")
|
|
keyList =[]
|
|
for string in vulns
|
|
keyList.push(string[string.indexOf("<b>")+3:string.indexOf("</b>")])
|
|
end for
|
|
|
|
for key in keyList
|
|
result = lib.overflow(address,key,optional)
|
|
if (typeof(result) != "null") then
|
|
print(typeof(result))
|
|
insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result))
|
|
end if
|
|
print("\n")
|
|
end for
|
|
end for
|
|
end function
|
|
|
|
|
|
|
|
// DO ALL THE THINGS. needs cleaning
|
|
scanPort(target_ip, 0, target_router.local_ip)
|
|
for port in target_ports
|
|
|
|
if(port.is_closed != 1) then
|
|
scanPort(target_ip, port.port_number, "dave")
|
|
else
|
|
print(port.port_number + " is Closed.")
|
|
end if
|
|
end for |