32
Chapter 3
def run_host(ip)
connect()
sock.puts('HELLO SERVER')
data = sock.recv(1024)
print_status("Received: #{data} from #{ip}")
disconnect()
end
end
This simple scanner uses the
Msf::Exploit::Remote::Tcp
mixin to handle
the TCP networking, and the
Msf::Auxiliary::Scanner
mixin exposes the vari-
ous settings that are required for scanners within the Framework . This
scanner is configured to use the default port of 12345 , and upon connect-
ing to the server, it sends a message , receives the reply from the server, and
then prints it out to the screen along with the server IP address .
We have saved this custom script under
modules/auxiliary/scanner/
as
simple_tcp.rb
. The saved location is important in Metasploit. For example, if
the module is saved under
modules/auxiliary/scanner/http/
, it would show up
in the modules list as
scanner/http/simple_tcp
.
To test this rudimentary scanner, we set up a
netcat
listener on port 12345
and pipe in a text file to act as the server response.
root@bt:/#
echo "Hello Metasploit" > banner.txt
root@bt:/#
nc -lvnp 12345 < banner.txt
listening on [any] 12345...
Next, we load up
msfconsole
, select our scanner module, set its param-
eters, and run it to see if it works.
msf >
use auxiliary/scanner/simple_tcp
msf auxiliary(simple_tcp) >
show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 12345 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(simple_tcp) >
set RHOSTS 192.168.1.101
RHOSTS => 192.168.1.101
msf auxiliary(simple_tcp) >
run
[*] Received: Hello Metasploit from 192.168.1.101
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(simple_tcp) >