Metasploit¶

Note

Since Metasploit does not force the users to follow a specific syntax when writing a module, ptp.PTP needs to know which plugin has generated the report in order to find the right signature.

Parser¶

synopsis:	Specialized `ptp.libptp.parser.AbstractParser` classes for the tool Metasploit.

class ptp.tools.metasploit.parser.MetasploitParser(pathname, filename='*.txt', plugin='', light=True, first=True)[source]¶

Metasploit specialized parser.

__tool__ = 'metasploit'¶

__plugin__ = ''¶

__init__(pathname, filename='*.txt', plugin='', light=True, first=True)[source]¶

Initialize MetasploitParser.

Parameters:	pathname (str) – Path to the report directory. filename (str) – Regex matching the report file. plugin (str) – Name of the plugin that generated the report. first (bool) – Only process first file (`True`) or each file that matched (`False`).

classmethod is_mine(pathname, filename='*.txt', plugin='', light=True, first=True)[source]¶

Check if it can handle the report file.

Parameters:	pathname (str) – Path to the report directory. filename (str) – Regex matching the report file. plugin (str) – Name of the plugin that generated the report. light (bool) – True to only parse the ranking of the findings from the report. first (bool) – Only process first file (`True`) or each file that matched (`False`).
Returns:	True if it supports the report, False otherwise.
Return type:	`bool`

parse_metadata()[source]¶

Parse the metadata of the report.

Returns:	The metadata of the report.
Return type:	dict

parse_report()[source]¶

Parse the results of the report.

Returns:	List of dicts where each one represents a discovery.
Return type:	`list`

Signatures¶

synopsis:	Metasploit does not provide ranking for the vulnerabilities it has found. This file tries to define a ranking for every Metasploit’s modules discoveries it might find.

ptp.tools.metasploit.signatures.SIGNATURES = {'auxiliary/scanner/ftp/anonymous': {'Anonymous READ/WRITE ': 4, 'Anonymous READ ': 2}, 'auxiliary/scanner/ftp/ftp_version': {'FTP Banner': 1}, 'auxiliary/scanner/ftp/ftp_login': {'has READ/WRITE access': 4, 'has READ access': 2}, 'auxiliary/scanner/smtp/smtp_enum': {'Found user': 2, 'Users found': 2}, 'auxiliary/scanner/smtp/smtp_version': {'SMTP': 1}, 'auxiliary/scanner/vnc/vnc_login': {'VNC server password': 4}, 'auxiliary/scanner/vnc/vnc_none_auth': {'free access': 4}, 'auxiliary/scanner/x11/open_x11': {'Open X Server': 4}, 'auxiliary/scanner/emc/alphastor_devicemanager': {'is running the EMC AlphaStor Device Manager': 1}, 'auxiliary/scanner/emc/alphastor_librarymanager': {'is running the EMC AlphaStor Library Manager': 1}, 'auxiliary/scanner/mssql/mssql_ping': {'SQL Server information for': 1}, 'auxiliary/scanner/mssql/mssql_login': {'MSSQL - successful login': 4, 'successful logged in as': 4}, 'auxiliary/scanner/mssql/mssql_hashdump': {'Saving': 4}, 'auxiliary/scanner/mssql/mssql_schemadump': {'Microsoft SQL Server Schema': 4}, 'auxiliary/scanner/dcerpc/endpoint_mapper': {'Endpoint Mapper': 1}, 'auxiliary/scanner/dcerpc/hidden': {'HIDDEN: UUID': 1}, 'auxiliary/scanner/smb/smb_version': {'is running': 1}, 'auxiliary/scanner/smb/pipe_auditor': {'- Pipes:': 1}, 'auxiliary/scanner/smb/smb_enumusers': {', ': 1}, 'auxiliary/scanner/smb/smb_login': {'SUCCESSFUL LOGIN': 4}, 'auxiliary/scanner/snmp/snmp_enumusers': {'Found Users': 2}, 'auxiliary/scanner/snmp/snmp_enum': {', Connected.': 1}, 'auxiliary/scanner/snmp/aix_version': {'IBM AIX Version': 1}, 'auxiliary/scanner/snmp/snmp_login': {'community string': 2, 'provides READ-ONLY access': 2, 'provides READ-WRITE access': 4}, 'auxiliary/dos/windows/http/ms10_065_ii6_asp_dos': {'IIS should now be unavailable': 4}, 'auxiliary/dos/http/3com_superstack_switch': {'DoS packet successful.': 4}, 'auxiliary/dos/http/apache_range_dos': {'Found Byte-Range Header DOS at': 4}, 'auxiliary/dos/http/apache_tomcat_transfer_encoding': {'DoS packet successful.': 4}, 'auxiliary/dos/samba/lsa_addprivs_heap': {'Server did not respond, this is expected': 4, 'Server disconnected, this is expected': 4}, 'auxiliary/dos/samba/lsa_transnames_heap': {'Server did not respond, this is expected': 4, 'Server disconnected, this is expected': 4}, 'auxiliary/dos/smtp/sendmail_prescan': {'target vulnerable.': 4}, 'auxiliary/dos/solaris/lpd/cascade_delete': {'Successfully deleted': 4}, 'auxiliary/dos/windows/ftp/iis_list_exhaustion': {'Success! Service is down': 4}, 'auxiliary/dos/windows/games/kaillera': {'Target is down': 4}, 'auxiliary/dos/windows/smb/ms05_047_pnp': {'Server did not respond, this is expected': 4, 'Connection reset by peer (possible success)': 4, 'Server disconnected, this is expected': 4}, 'auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh': {'The target system has likely crashed': 4}, 'auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff': {'No response. The target system has probably crashed.': 4}, 'exploit/dialup/multi/login/manyargs': {'Success!!!': 4}, 'exploit/linux/games/ut2004_secure': {'This system appears to be exploitable': 4}, 'exploit/linux/http/piranha_passwd_exec': {'Command successfully executed (according to the server).': 4}, 'exploit/linux/samba/lsa_transnames_heap': {'Server did not respond, this is expected': 4, 'Server disconnected, this is expected': 4}, 'exploit/multi/ftp/wuftpd_site_exec_format': {'Your payload should have executed now': 4}, 'exploit/multi/http/freenas_exec_raw': {'Triggering payload...': 4}, 'exploit/multi/http/glassfish_deployer': {'GlassFish - SUCCESSFUL login for': 4}, 'exploit/multi/http/jboss_deploymentfilerepository': {'Successfully called': 4}, 'exploit/multi/http/jboss_maindeployer': {'Successfully triggered payload at': 4}, 'exploit/multi/http/sit_file_upload': {'Successfully': 4}, 'exploit/multi/misc/java_rmi_server': {'may be exploitable...': 4}, 'exploit/multi/misc/openview_omniback_exec': {'The remote service is exploitable': 4}, 'exploit/multi/php/php_unserialize_zval_cookie': {'The server runs a vulnerable version of PHP': 4}, 'exploit/solaris/lpd/sendmail_exec': {'Uploaded': 4}, 'exploit/solaris/sunrpc/sadmind_exec': {'exploit did not give us an error, this is good...': 4}, 'exploit/unix/ftp/vsftpd_234_backdoor': {'Backdoor service has been spawned, handling...': 4}, 'exploit/unix/http/contentkeeperweb_mimencode': {'Privilege escalation appears to have worked!': 4}, 'exploit/unix/misc/zabbix_agent_exec': {'The zabbix agent should have executed our command.': 4}, 'exploit/unix/smtp/exim4_string_format': {'Payload result:': 4, 'Perl binary detected, attempt to escalate...': 4}, 'exploit/unix/webapp/awstats_configdir_exec': {'Command output from the server:': 4}, 'exploit/unix/webapp/awstats_migrate_exec': {'Command output from the server:': 4}, 'exploit/unix/webapp/awstatstotals_multisort': {'Command output from the server:': 4}, 'exploit/unix/webapp/barracuda_img_exec': {'Command output from the server:': 4}, 'exploit/unix/webapp/cacti_graphimage_exec': {'Command output from the server:': 4}, 'exploit/unix/webapp/coppermine_piceditor': {"Successfully POST'd exploit data": 4}, 'exploit/unix/webapp/google_proxystylesheet_exec': {'This system appears to be vulnerable': 4}, 'exploit/unix/webapp/nagios3_statuswml_ping': {'Session created, enjoy!': 4}, 'exploit/unix/webapp/openview_connectednodes_exec': {'Command output from the server:': 4}, 'exploit/unix/webapp/openx_banner_edit': {'Successfully deleted banner': 3}, 'exploit/unix/webapp/oracle_vm_agent_utl': {'Our request was accepted!': 4}, 'exploit/unix/webapp/php_vbulletin_template': {'exploit successful': 3, 'Command returned': 3}, 'exploit/unix/webapp/php_xmlrpc_eval': {'exploit successful': 3, 'Command returned': 3}, 'exploit/unix/webapp/sphpblog_file_upload': {'Successfully': 4}, 'exploit/unix/webapp/tikiwiki_graph_formula_exec': {'TikiWiki database informations': 4}, 'exploit/unix/webapp/tikiwiki_jhot_exec': {'Successfully': 4, 'Command output from the server :': 4}, 'exploit/unix/webapp/twiki_history': {'Successfully sent exploit request': 4}, 'exploit/unix/webapp/twiki_search': {'Successfully sent exploit request': 4}, 'exploit/windows/antivirus/ams_xfr': {'Got data, execution successful!': 4}, 'exploit/windows/games/ut2004_secure': {'This system appears to be exploitable': 4, 'This system appears to be running UT2003': 3}, 'exploit/windows/iis/ms01_026_dbldecode': {'Command output': 4}, 'exploit/windows/iis/ms03_007_ntdll_webdav': {'The server stopped accepting requests': 4}, 'exploit/windows/license/calicserv_getconfig': {'CA License Server reports OS': 4}, 'exploit/windows/misc/bakbone_netvault_heap': {'Detected NetVault Build': 4}, 'exploit/windows/mssql/lyris_listmanager_weak_pass': {'Successfully authenticated to': 4}, 'exploit/windows/postgres/postgres_payload': {'Authentication successful.': 4}, 'exploit/windows/smtp/ypops_overflow1': {'Vulnerable SMTP server': 4}, 'exploit/windows/ssh/freeftpd_key_exchange': {'Trying target': 4}, 'exploit/windows/ssh/freesshd_key_exchange': {'Trying target': 4}}¶

Data:	`dict` of the modules with their rank.

Metasploit¶

Parser¶

Signatures¶

Table Of Contents

Previous topic

Next topic

This Page