Ticket #208: no_ssl.rb

File no_ssl.rb, 1.4 kB (added by joern@recurity-labs.com, 9 months ago)
test aux module w/o ssl

Line
1	require 'msf/core'
2
3	module Msf
4
5	class Auxiliary::Test::HardeningDirList < Msf::Auxiliary
6	include Exploit::Remote::HttpClient
7
8	def initialize(info = {})
9	super(update_info(info,{
10	'Name' => 'no ssl',
11	'Author' => [ 'Joern Bratzke, Recurity Labs GmbH <joern@recurity-labs.com>' ],
12	'Version' => "0.9",
13	}))
14	register_options([
15	OptString.new('URI1',[true,'First Directory to check for listing', '/test1/']),
16	OptString.new('URI2',[true,'Secound Directory to check for listing', '/test2/']),
17	OptString.new('Signature', [true,'Signature for directory listing' , "Parent Directory"]),
18	],self.class)
19	end
20
21	def run
22	check
23	end
24	def check
25	numlistings = check_dir_listing(datastore['URI1'])
26	numlistings = check_dir_listing(datastore['URI2'])
27	print_status(" * Summary: * \n")
28	print_status("Found #{numlistings} directory listings.")
29	end
30	def check_dir_listing(uri)
31	n = 0
32	print_status("Checking for enabled directory listing at #{uri}")
33	res = send_request_raw({'uri' => uri,'method' => "GET"},5)
34	if not res then
35	print_status("No response from the server")
36	return 0
37	end
38	if res.code == 404 then
39	print_status("Requested directory not found on server!\n")
40	return 0
41	end
42	if res.body.include?(datastore['Signature']) then
43	print_status("FOUND directory listing at #{uri}\n")
44	n += 1
45	else
46	print_status("NO directory listing at #{uri}\n")
47	end
48	n
49	end
50	end
51	end