Search...

Metasploit HTTP Server detection

2011-12-02T00:00:00

ID METASPLOIT_HTTP_DETECT.NASL
Type nessus
Reporter Tenable
Modified 2018-11-15T00:00:00

Description

The remote host is running a Metasploit HTTP server, which is used for performing a variety of security scanning and exploitation attacks.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(56820);
  script_version("1.3");
  script_cvs_date("Date: 2018/11/15 20:50:17");

  script_name(english:"Metasploit HTTP Server detection");
  script_summary(english:"Detects a Metasploit HTTP Server");

  script_set_attribute(attribute:"synopsis", value:"A Metasploit HTTP server is listening on the remote port.");
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is running a Metasploit HTTP server, which is used
for performing a variety of security scanning and exploitation
attacks."
  );
  script_set_attribute(attribute:"see_also", value:"https://www.rapid7.com/products/metasploit/");
  script_set_attribute(attribute:"solution", value:"Disable this service if you do not use it.");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");
  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 3790);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:3790);

url = '/login';
res = http_send_recv3(method:"GET", item:url, port:port, exit_on_fail:TRUE);

pattern = 'Please enable Javascript before using Metasploit';
match = eregmatch(string:res[2], pattern:pattern, icase:TRUE);
if (!match) exit(0, "Metasploit wasn't detected on the web server on port " + port + ".");

installs = add_install(
  dir      : '/login',
  appname  : 'metasploit',
  port     : port
);

if (report_verbosity &gt; 0)
{
  report = get_install_report(
    display_name : 'Metasploit',
    installs     : installs,
    port         : port
  );
  security_note(port:port, extra:report);
}
else security_note(port);

JSON Vulners Source

Initial Source

{"id": "METASPLOIT_HTTP_DETECT.NASL", "bulletinFamily": "scanner", "title": "Metasploit HTTP Server detection", "description": "The remote host is running a Metasploit HTTP server, which is used\nfor performing a variety of security scanning and exploitation\nattacks.", "published": "2011-12-02T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56820", "reporter": "Tenable", "references": ["https://www.rapid7.com/products/metasploit/"], "cvelist": [], "type": "nessus", "lastseen": "2019-01-16T20:12:48", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running a Metasploit HTTP server, which is used for performing a variety of security scanning and exploitation attacks.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a6b47a62cd8dc5ca8ac2809835bff0757ae87bfc63965d651fd988329c9b9681", "hashmap": [{"hash": "7e1e6df49dc19ab23690cb13b893b0bd", "key": "published"}, {"hash": "a959bb55a9f1757e3d191243db29ba4a", "key": "pluginID"}, {"hash": "aa2165df833aefeb07730d692230328e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c7d03fdd80c3d63806b88853fef1e9a9", "key": "references"}, {"hash": "15d9b418ec32e29650a83266bcd50867", "key": "title"}, {"hash": "1b4d8f887ade885a4ccfe3c654b989a7", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c8a76f3db6bcb75e78d5e8996ec4845", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=56820", "id": "METASPLOIT_HTTP_DETECT.NASL", "lastseen": "2016-09-26T17:24:15", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "56820", "published": "2011-12-02T00:00:00", "references": ["http://www.rapid7.com/products/penetration-testing.jsp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56820);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:23 $\");\n\n script_name(english:\"Metasploit HTTP Server detection\");\n script_summary(english:\"Detects a Metasploit HTTP Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"A Metasploit HTTP server is listening on the remote port.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a Metasploit HTTP server, which is used\nfor performing a variety of security scanning and exploitation\nattacks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.rapid7.com/products/penetration-testing.jsp\");\n script_set_attribute(attribute:\"solution\", value:\"Disable this service if you do not use it.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 3790);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:3790);\n\nurl = '/login';\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\npattern = 'Please enable Javascript before using Metasploit';\nmatch = eregmatch(string:res[2], pattern:pattern, icase:TRUE);\nif (!match) exit(0, \"Metasploit wasn't detected on the web server on port \" + port + \".\");\n\ninstalls = add_install(\n dir : '/login',\n appname : 'metasploit',\n port : port\n);\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Metasploit',\n installs : installs,\n port : port\n );\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n", "title": "Metasploit HTTP Server detection", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:24:15"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running a Metasploit HTTP server, which is used for performing a variety of security scanning and exploitation attacks.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "8f2f2ef9f3eef83614729ba1d669939ef329ff1462958d2ab44e21a4bebad70f", "hashmap": [{"hash": "bf375d713826b3e04eff5d151a01d3c3", "key": "sourceData"}, {"hash": "7e1e6df49dc19ab23690cb13b893b0bd", "key": "published"}, {"hash": "a959bb55a9f1757e3d191243db29ba4a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "15d9b418ec32e29650a83266bcd50867", "key": "title"}, {"hash": "1b4d8f887ade885a4ccfe3c654b989a7", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "160449c2a0078acdf59481da6175c4eb", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c8a76f3db6bcb75e78d5e8996ec4845", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=56820", "id": "METASPLOIT_HTTP_DETECT.NASL", "lastseen": "2018-11-17T02:57:13", "modified": "2018-11-15T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "56820", "published": "2011-12-02T00:00:00", "references": ["https://www.rapid7.com/products/metasploit/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56820);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:17\");\n\n script_name(english:\"Metasploit HTTP Server detection\");\n script_summary(english:\"Detects a Metasploit HTTP Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"A Metasploit HTTP server is listening on the remote port.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a Metasploit HTTP server, which is used\nfor performing a variety of security scanning and exploitation\nattacks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.rapid7.com/products/metasploit/\");\n script_set_attribute(attribute:\"solution\", value:\"Disable this service if you do not use it.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 3790);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:3790);\n\nurl = '/login';\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\npattern = 'Please enable Javascript before using Metasploit';\nmatch = eregmatch(string:res[2], pattern:pattern, icase:TRUE);\nif (!match) exit(0, \"Metasploit wasn't detected on the web server on port \" + port + \".\");\n\ninstalls = add_install(\n dir : '/login',\n appname : 'metasploit',\n port : port\n);\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Metasploit',\n installs : installs,\n port : port\n );\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n", "title": "Metasploit HTTP Server detection", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 2, "lastseen": "2018-11-17T02:57:13"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "3f7a40e8736a956c985839390f37fbec"}, {"key": "href", "hash": "1b4d8f887ade885a4ccfe3c654b989a7"}, {"key": "modified", "hash": "015cb78ce50d3bd4e2fbe18f25603329"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "a959bb55a9f1757e3d191243db29ba4a"}, {"key": "published", "hash": "7e1e6df49dc19ab23690cb13b893b0bd"}, {"key": "references", "hash": "160449c2a0078acdf59481da6175c4eb"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "bf375d713826b3e04eff5d151a01d3c3"}, {"key": "title", "hash": "15d9b418ec32e29650a83266bcd50867"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1f3b27e2ff335031fed43b567895e82c65c2d2eb4e9e5af0fe0c06f06d852c55", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56820);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:17\");\n\n script_name(english:\"Metasploit HTTP Server detection\");\n script_summary(english:\"Detects a Metasploit HTTP Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"A Metasploit HTTP server is listening on the remote port.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a Metasploit HTTP server, which is used\nfor performing a variety of security scanning and exploitation\nattacks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.rapid7.com/products/metasploit/\");\n script_set_attribute(attribute:\"solution\", value:\"Disable this service if you do not use it.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 3790);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:3790);\n\nurl = '/login';\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\npattern = 'Please enable Javascript before using Metasploit';\nmatch = eregmatch(string:res[2], pattern:pattern, icase:TRUE);\nif (!match) exit(0, \"Metasploit wasn't detected on the web server on port \" + port + \".\");\n\ninstalls = add_install(\n dir : '/login',\n appname : 'metasploit',\n port : port\n);\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Metasploit',\n installs : installs,\n port : port\n );\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n", "naslFamily": "CGI abuses", "pluginID": "56820", "cpe": []}