Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow scanner modules to skip hosts on fail_with #14048

Merged
merged 3 commits into from
Aug 27, 2020
Merged

Allow scanner modules to skip hosts on fail_with #14048

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a4a0a3a
Allow scanner modules to skip hosts on fail_with
zeroSteiner Aug 25, 2020
d1baf96
Use nmod.vprint_error to handle `peer` correctly
zeroSteiner Aug 25, 2020
855aa3c
Override fail_with in auxiliary/scanner to add an abort kwarg
zeroSteiner Aug 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions lib/msf/core/auxiliary/scanner.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,8 @@ def run
if datastore['CHOST']
@scan_errors << "The source IP (CHOST) value of #{datastore['CHOST']} was not usable"
end
rescue Msf::Auxiliary::Failed => e
nmod.vprint_error("#{e}")
zeroSteiner marked this conversation as resolved.
Show resolved Hide resolved
rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error, ::EOFError
rescue ::Interrupt,::NoMethodError, ::RuntimeError, ::ArgumentError, ::NameError
raise $!
Expand Down Expand Up @@ -198,10 +200,12 @@ def run
mybatch = bat.dup
begin
nmod.run_batch(mybatch)
rescue ::Rex::BindFailed
if datastore['CHOST']
@scan_errors << "The source IP (CHOST) value of #{datastore['CHOST']} was not usable"
end
rescue ::Rex::BindFailed
if datastore['CHOST']
@scan_errors << "The source IP (CHOST) value of #{datastore['CHOST']} was not usable"
end
rescue Msf::Auxiliary::Failed => e
print_error("#{e}")
rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error
rescue ::Interrupt,::NoMethodError, ::RuntimeError, ::ArgumentError, ::NameError
raise $!
Expand Down
10 changes: 5 additions & 5 deletions modules/auxiliary/scanner/http/jupyter_login.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,19 +48,19 @@ def requires_password?(_ip)
destination = res.headers['Location'].split('?', 2)[0]
return true if destination.end_with?(normalize_uri(target_uri.path, 'login'))

fail_with(Failure::UnexpectedReply, "#{peer} - The server responded with a redirect that did not match a known fingerprint")
fail_with(Failure::UnexpectedReply, "The server responded with a redirect that did not match a known fingerprint")
end

def run_host(ip)
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'api')
})
fail_with(Failure::Unreachable, 'Failed to fetch the Jupyter API version') if res.nil?

version = res&.get_json_document&.dig('version')
if version.nil?
vprint_error "#{peer} - The server does not appear to be running Jupyter (failed to fetch the API version)"
return
end
fail_with(Failure::UnexpectedReply, 'Failed to fetch the Jupyter API version') if version.nil?

vprint_status "#{peer} - The server responded that it is running Jupyter version: #{version}"

unless requires_password?(ip)
Expand Down