Search...

Metasploit HTTP Server detection

2011-12-02T00:00:00

ID METASPLOIT_HTTP_DETECT.NASL
Type nessus
Reporter Tenable
Modified 2014-08-09T00:00:00

Description

The remote host is running a Metasploit HTTP server, which is used for performing a variety of security scanning and exploitation attacks.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(56820);
  script_version("$Revision: 1.2 $");
  script_cvs_date("$Date: 2014/08/09 00:11:23 $");

  script_name(english:"Metasploit HTTP Server detection");
  script_summary(english:"Detects a Metasploit HTTP Server");

  script_set_attribute(attribute:"synopsis", value:"A Metasploit HTTP server is listening on the remote port.");
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is running a Metasploit HTTP server, which is used
for performing a variety of security scanning and exploitation
attacks."
  );
  script_set_attribute(attribute:"see_also", value:"http://www.rapid7.com/products/penetration-testing.jsp");
  script_set_attribute(attribute:"solution", value:"Disable this service if you do not use it.");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");
  script_copyright(english:"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 3790);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:3790);

url = '/login';
res = http_send_recv3(method:"GET", item:url, port:port, exit_on_fail:TRUE);

pattern = 'Please enable Javascript before using Metasploit';
match = eregmatch(string:res[2], pattern:pattern, icase:TRUE);
if (!match) exit(0, "Metasploit wasn't detected on the web server on port " + port + ".");

installs = add_install(
  dir      : '/login',
  appname  : 'metasploit',
  port     : port
);

if (report_verbosity &gt; 0)
{
  report = get_install_report(
    display_name : 'Metasploit',
    installs     : installs,
    port         : port
  );
  security_note(port:port, extra:report);
}
else security_note(port);

JSON Vulners Source

Initial Source

{"hash": "f9f4d0957f5c3de941e3e8a910b2e73defd5a7485d9c93aeec35acceb18e1c97", "naslFamily": "CGI abuses", "id": "METASPLOIT_HTTP_DETECT.NASL", "lastseen": "2016-09-26T17:24:15", "viewCount": 0, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "3c8a76f3db6bcb75e78d5e8996ec4845", "key": "description"}, {"hash": "1b4d8f887ade885a4ccfe3c654b989a7", "key": "href"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "a959bb55a9f1757e3d191243db29ba4a", "key": "pluginID"}, {"hash": "7e1e6df49dc19ab23690cb13b893b0bd", "key": "published"}, {"hash": "c7d03fdd80c3d63806b88853fef1e9a9", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "aa2165df833aefeb07730d692230328e", "key": "sourceData"}, {"hash": "15d9b418ec32e29650a83266bcd50867", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 1, "history": [], "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "description": "The remote host is running a Metasploit HTTP server, which is used for performing a variety of security scanning and exploitation attacks.", "title": "Metasploit HTTP Server detection", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56820);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:23 $\");\n\n script_name(english:\"Metasploit HTTP Server detection\");\n script_summary(english:\"Detects a Metasploit HTTP Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"A Metasploit HTTP server is listening on the remote port.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a Metasploit HTTP server, which is used\nfor performing a variety of security scanning and exploitation\nattacks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.rapid7.com/products/penetration-testing.jsp\");\n script_set_attribute(attribute:\"solution\", value:\"Disable this service if you do not use it.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 3790);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:3790);\n\nurl = '/login';\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\npattern = 'Please enable Javascript before using Metasploit';\nmatch = eregmatch(string:res[2], pattern:pattern, icase:TRUE);\nif (!match) exit(0, \"Metasploit wasn't detected on the web server on port \" + port + \".\");\n\ninstalls = add_install(\n dir : '/login',\n appname : 'metasploit',\n port : port\n);\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Metasploit',\n installs : installs,\n port : port\n );\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n", "objectVersion": "1.2", "cvelist": [], "published": "2011-12-02T00:00:00", "pluginID": "56820", "references": ["http://www.rapid7.com/products/penetration-testing.jsp"], "reporter": "Tenable", "modified": "2014-08-09T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56820"}