Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25c0723da3fac5259e40c8298b25ffcb8b2f3b83
beef/modules/recon/internal_network_fingerprinting/module.rb
scotty.b.brown@gmail.com 5c3e6f1575 Adding Apache Licence Header to all files (except VERSION file) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1046 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-07-02 23:08:28 +00:00

82 lines
3.0 KiB
Ruby
Raw Blame History

#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Internal Network Fingerprinting
# Discover devices and applications in the internal network of the victim using
# signatures like default logo images/favicons (partially based on the Yokoso idea).
# It does this by loading images on common/predefined local network
# IP addresses then matching the image width, height and path to those
# for a known device.
#
# TODO LIST
# Add IPv6 support
# Add HTTPS support
# - Devices with invalid certs are blocked by IE and FF by default
# Improve stealth
# - Load images with CSS "background:" CSS to avoid http auth login popups
# Improve speed
# - Make IP addresses a user-configurable option rather than a hard-coded list
# - Detect local ip range first - using browser history and/or with java
# - History theft via CSS history is patched in modern browsers.
# - Local IP theft with Java is slow and may fail
class Internal_network_fingerprinting < BeEF::Core::Command
def initialize
super({
'Name' => 'Internal Network Fingerprinting',
'Description' => 'Discover devices and applications in the internal network of the victim using signatures like default logo images/favicons (partially based on the Yokoso idea). </br>If no IP range or ports are specified, the default device (after a default install) IP/port will be used.</br>Only successfully discovered devices/applications will be shown in the command results.',
'Category' => 'Recon',
'Author' => ['bcoles@gmail.com', 'wade', 'antisnatchor'],
'Data' => [
{'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'},
{'name' => 'ports', 'ui_label' => 'Ports to test', 'value' => '80,8080'}
],
'File' => __FILE__
})
set_target({
'verified_status' => VERIFIED_USER_NOTIFY,
'browser_name' => FF # works also in FF 4.0.1
})
set_target({
'verified_status' => VERIFIED_NOT_WORKING,
'browser_name' => O
})
set_target({
'verified_status' => VERIFIED_USER_NOTIFY,
'browser_name' => IE
})
use_template!
end
def callback
content = {}
content['device'] =@datastore['device'] if not @datastore['device'].nil?
content['url'] = @datastore['url'] if not @datastore['url'].nil?
if content.empty?
content['fail'] = 'No devices/applications have been discovered.'
end
save content
end
end
Reference in New Issue View Git Blame Copy Permalink