Let users provide full URLs instead of just IPs for auxiliary / exploit http modules #15016
-
Basic IdeaI think it could be useful for http auxiliary and exploit http modules to let users provide not just a file/list of IPs via ExampleSo let's say a user wants to run
Then the module would read the targets from the file, and for each target it would automatically set the correct What do you think?I'm curious to know who else thinks it would be worth adding this, and if there are any reasons why it might not be such a great idea? I will not be able to take on any new projects for several months but I could have a go at this after the summer if people are open to it. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 4 replies
-
#13961. Testing and feedback on if this meets the needs would be greatly appreciated. |
Beta Was this translation helpful? Give feedback.
-
#13961 helps simplify this a lot, but it's currently behind a feature flag. For example, a resource script would look like: msf6 > cat resource.rc
[*] exec: cat resource.rc
features set RHOST_HTTP_URL true
<ruby>
module_name = "auxiliary/scanner/http/tomcat_mgr_login"
http_urls = [
"http://127.0.0.1/manager/html",
"http://127.0.0.1/tomcat/manager/html",
"https://127.0.0.1/b"
]
mod = framework.modules.create(module_name)
http_urls.each do |url|
mod.datastore['RHOST_HTTP_URL'] = url
mod.run_simple(
'LocalInput' => input,
'LocalOutput' => output,
'RunAsJob' => false,
)
end
</ruby>
msf6 > resource resource.rc After dogfooding the currently feature flagged RHOST_HTTP_URL option we've learnt a lot more about the drawbacks that it has, and the complexity of the existing RHOSTS implementation. There was also a page of possible implementations over in the wiki https://github.com/rapid7/metasploit-framework/wiki/RFC---Metasploit-URL-support, at the time this seemed like the best solution - but I don't think it's quite ready to enable the functionality by default |
Beta Was this translation helpful? Give feedback.
-
This should now be resolved by #15253 |
Beta Was this translation helpful? Give feedback.
This should now be resolved by #15253