search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.24k stars 14k forks source link

Auxiliary Scanner Docs #8296

Closed h00die closed 5 years ago

h00die commented 7 years ago

In an attempt to prioritize docs, I (arbitrarily) decided auxiliary/scanner would be the best place to start. Lots of "underlying" and basic protocols live here. These can also help for later exploit modules since once you install a certain protocol for the scanner, you may be able to use it for the exploit as well and simply copy/paste the contents of the # Vulnerable Application section.

Please just make a comment if you are working on one, and i'll Check mark it, and then when the doc lands we'll just take it off of this PR list.

h00die commented 7 years ago

@itsmeroy2012 just wanted to make sure you saw this big ticket. feel free to pick any. telnet_login and telnet_version may be pretty easy since they are like the ftp ones.

itsmeroy2012 commented 7 years ago

I'll be busy for some weeks. Will look into it for sure. Thanks for the tag @h00die .

h00die commented 7 years ago

No rush!

vishalkg commented 6 years ago

Hi @h00die

As a class project, I picked up this issue and wish to contribute. However, from your list of files, I couldn't find some files. To list a few: auxiliary/scanner/acpp/login auxiliary/scanner/afp/afp_login auxiliary/scanner/afp/afp_server

I followed all the steps listed here, to fork the repo. Can you help me on this?

bcoles commented 6 years ago

HI @vishalkg

You'll find the modules in the modules directory.

vishalkg commented 6 years ago

https://github.com/rapid7/metasploit-framework/pull/9310

Following modules have been documented:

http: -webdav_scanner -verb_auth_bypass -webdav_website_content -wordpress_login_enum -ssl dir_webdav_unicode_bypass cert -dir_scanner

smb: -pipe_auditor -pipe_dcerpc_auditor -smb2 -smb_enumshares

mysql: -mysql_login -mysql_version

msmsql: -mssql_ping -mssql_idf -mssql_sql

discovery: -ipv6_neighbor -udp_probe -udp_sweep

dcerpc: -endpoint_mapper -hidden -management -tcp_dcerpc_auditor

gcleite commented 6 years ago

9933 db2/discovery

bcoles commented 6 years ago

10797 auxiliary/scanner/sip/options_tcp

bcoles commented 6 years ago

10800

auxiliary/scanner/snmp/cisco_config_tftp auxiliary/scanner/snmp/cisco_upload_file

Yashvendra commented 5 years ago

Hey @h00die, auxiliary/scanner/http/dir_listing module has been documented in this PR

11384

Yashvendra commented 5 years ago

Documentation for auxiliary/scanner/http/tomcat_mgr_login module already exists. Kindly take it off the list. @h00die

bcoles commented 5 years ago

Documentation for auxiliary/scanner/http/tomcat_mgr_login module already exists. Kindly take it off the list. @h00die

Confirmed. Removed.

# ls -la documentation/modules/auxiliary/scanner/http/tomcat_mgr_login.md 
-rw-r--r-- 1 root root 3556 Jan 21  2017 documentation/modules/auxiliary/scanner/http/tomcat_mgr_login.md
Yashvendra commented 5 years ago

Following has been documented.

11436 HTTP DOCS

11437 WINRM DOCS

11438 SNMP DOCS

11439 TELNET DOCS

hkerma commented 5 years ago

Hi, I'm new to open-source project contribution, but I wanted to help by writing some documentation. The list you provided at the top of this issue might not be up to date. I wrote a piece of code to compare the list of auxiliary modules and the list of documentation, and I join the new list of modules with missing documentation. I also found some documentation which were bad-named, or maybe they used to be associated with modules which no longer exists. I also join it to this message :)

Missing documentation + /metasploit-framework/modules/auxiliary/scanner/acpp/login + /metasploit-framework/modules/auxiliary/scanner/afp/afp_login + /metasploit-framework/modules/auxiliary/scanner/db2/db2_auth + /metasploit-framework/modules/auxiliary/scanner/db2/db2_version + /metasploit-framework/modules/auxiliary/scanner/dcerpc/windows_deployment_services + /metasploit-framework/modules/auxiliary/scanner/dect/call_scanner + /metasploit-framework/modules/auxiliary/scanner/dect/station_scanner + /metasploit-framework/modules/auxiliary/scanner/discovery/empty_udp + /metasploit-framework/modules/auxiliary/scanner/discovery/ipv6_multicast_ping + /metasploit-framework/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement + /metasploit-framework/modules/auxiliary/scanner/discovery/udp_probe + /metasploit-framework/modules/auxiliary/scanner/dlsw/dlsw_leak_capture + /metasploit-framework/modules/auxiliary/scanner/dns/dns_amp + /metasploit-framework/modules/auxiliary/scanner/emc/alphastor_devicemanager + /metasploit-framework/modules/auxiliary/scanner/emc/alphastor_librarymanager + /metasploit-framework/modules/auxiliary/scanner/ftp/bison_ftp_traversal + /metasploit-framework/modules/auxiliary/scanner/ftp/konica_ftp_traversal + /metasploit-framework/modules/auxiliary/scanner/ftp/pcman_ftp_traversal + /metasploit-framework/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal + /metasploit-framework/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal + /metasploit-framework/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read + /metasploit-framework/modules/auxiliary/scanner/http/adobe_xml_inject + /metasploit-framework/modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie + /metasploit-framework/modules/auxiliary/scanner/http/apache_activemq_source_disclosure + /metasploit-framework/modules/auxiliary/scanner/http/apache_activemq_traversal + /metasploit-framework/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env + /metasploit-framework/modules/auxiliary/scanner/http/apache_userdir_enum + /metasploit-framework/modules/auxiliary/scanner/http/appletv_login + /metasploit-framework/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/axis_local_file_include + /metasploit-framework/modules/auxiliary/scanner/http/axis_login + /metasploit-framework/modules/auxiliary/scanner/http/barracuda_directory_traversal + /metasploit-framework/modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal + /metasploit-framework/modules/auxiliary/scanner/http/blind_sql_query + /metasploit-framework/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset + /metasploit-framework/modules/auxiliary/scanner/http/brute_dirs + /metasploit-framework/modules/auxiliary/scanner/http/buffalo_login + /metasploit-framework/modules/auxiliary/scanner/http/caidao_bruteforce_login + /metasploit-framework/modules/auxiliary/scanner/http/canon_wireless + /metasploit-framework/modules/auxiliary/scanner/http/chef_webui_login + /metasploit-framework/modules/auxiliary/scanner/http/cisco_asa_asdm + /metasploit-framework/modules/auxiliary/scanner/http/cisco_ios_auth_bypass + /metasploit-framework/modules/auxiliary/scanner/http/cisco_ironport_enum + /metasploit-framework/modules/auxiliary/scanner/http/cisco_nac_manager_traversal + /metasploit-framework/modules/auxiliary/scanner/http/cisco_ssl_vpn + /metasploit-framework/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc + /metasploit-framework/modules/auxiliary/scanner/http/clansphere_traversal + /metasploit-framework/modules/auxiliary/scanner/http/coldfusion_locale_traversal + /metasploit-framework/modules/auxiliary/scanner/http/coldfusion_version + /metasploit-framework/modules/auxiliary/scanner/http/concrete5_member_list + /metasploit-framework/modules/auxiliary/scanner/http/copy_of_file + /metasploit-framework/modules/auxiliary/scanner/http/dell_idrac + /metasploit-framework/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login + /metasploit-framework/modules/auxiliary/scanner/http/dlink_dir_615h_http_login + /metasploit-framework/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login + /metasploit-framework/modules/auxiliary/scanner/http/dlink_user_agent_backdoor + /metasploit-framework/modules/auxiliary/scanner/http/dnalims_file_retrieve + /metasploit-framework/modules/auxiliary/scanner/http/dolibarr_login + /metasploit-framework/modules/auxiliary/scanner/http/drupal_views_user_enum + /metasploit-framework/modules/auxiliary/scanner/http/ektron_cms400net + /metasploit-framework/modules/auxiliary/scanner/http/elasticsearch_traversal + /metasploit-framework/modules/auxiliary/scanner/http/epmp1000_get_chart_cmd_exec + /metasploit-framework/modules/auxiliary/scanner/http/epmp1000_reset_pass + /metasploit-framework/modules/auxiliary/scanner/http/error_sql_injection + /metasploit-framework/modules/auxiliary/scanner/http/etherpad_duo_login + /metasploit-framework/modules/auxiliary/scanner/http/f5_bigip_virtual_server + /metasploit-framework/modules/auxiliary/scanner/http/f5_mgmt_scanner + /metasploit-framework/modules/auxiliary/scanner/http/file_same_name_dir + /metasploit-framework/modules/auxiliary/scanner/http/frontpage_login + /metasploit-framework/modules/auxiliary/scanner/http/git_scanner + /metasploit-framework/modules/auxiliary/scanner/http/gitlab_login + /metasploit-framework/modules/auxiliary/scanner/http/gitlab_user_enum + /metasploit-framework/modules/auxiliary/scanner/http/glassfish_login + /metasploit-framework/modules/auxiliary/scanner/http/goahead_traversal + /metasploit-framework/modules/auxiliary/scanner/http/groupwise_agents_http_traversal + /metasploit-framework/modules/auxiliary/scanner/http/host_header_injection + /metasploit-framework/modules/auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal + /metasploit-framework/modules/auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal + /metasploit-framework/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal + /metasploit-framework/modules/auxiliary/scanner/http/hp_imc_reportimgservlt_traversal + /metasploit-framework/modules/auxiliary/scanner/http/hp_imc_som_file_download + /metasploit-framework/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration + /metasploit-framework/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/hp_sys_mgmt_login + /metasploit-framework/modules/auxiliary/scanner/http/http_hsts + /metasploit-framework/modules/auxiliary/scanner/http/http_traversal + /metasploit-framework/modules/auxiliary/scanner/http/httpbl_lookup + /metasploit-framework/modules/auxiliary/scanner/http/iis_internal_ip + /metasploit-framework/modules/auxiliary/scanner/http/infovista_enum + /metasploit-framework/modules/auxiliary/scanner/http/ipboard_login + /metasploit-framework/modules/auxiliary/scanner/http/jboss_status + /metasploit-framework/modules/auxiliary/scanner/http/jenkins_command + /metasploit-framework/modules/auxiliary/scanner/http/jenkins_enum + /metasploit-framework/modules/auxiliary/scanner/http/jenkins_login + /metasploit-framework/modules/auxiliary/scanner/http/joomla_bruteforce_login + /metasploit-framework/modules/auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner + /metasploit-framework/modules/auxiliary/scanner/http/joomla_gallerywd_sqli_scanner + /metasploit-framework/modules/auxiliary/scanner/http/linknat_vos_traversal + /metasploit-framework/modules/auxiliary/scanner/http/linksys_e1500_traversal + /metasploit-framework/modules/auxiliary/scanner/http/litespeed_source_disclosure + /metasploit-framework/modules/auxiliary/scanner/http/lucky_punch + /metasploit-framework/modules/auxiliary/scanner/http/majordomo2_directory_traversal + /metasploit-framework/modules/auxiliary/scanner/http/manageengine_desktop_central_login + /metasploit-framework/modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal + /metasploit-framework/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal + /metasploit-framework/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/mod_negotiation_brute + /metasploit-framework/modules/auxiliary/scanner/http/mod_negotiation_scanner + /metasploit-framework/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass + /metasploit-framework/modules/auxiliary/scanner/http/mybook_live_login + /metasploit-framework/modules/auxiliary/scanner/http/netdecision_traversal + /metasploit-framework/modules/auxiliary/scanner/http/netgear_sph200d_traversal + /metasploit-framework/modules/auxiliary/scanner/http/nginx_source_disclosure + /metasploit-framework/modules/auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/novell_file_reporter_srs_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/novell_mdm_creds + /metasploit-framework/modules/auxiliary/scanner/http/ntlm_info_enumeration + /metasploit-framework/modules/auxiliary/scanner/http/octopusdeploy_login + /metasploit-framework/modules/auxiliary/scanner/http/openmind_messageos_login + /metasploit-framework/modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak + /metasploit-framework/modules/auxiliary/scanner/http/oracle_demantra_file_retrieval + /metasploit-framework/modules/auxiliary/scanner/http/oracle_ilom_login + /metasploit-framework/modules/auxiliary/scanner/http/owa_iis_internal_ip + /metasploit-framework/modules/auxiliary/scanner/http/pocketpad_login + /metasploit-framework/modules/auxiliary/scanner/http/prev_dir_same_name_file + /metasploit-framework/modules/auxiliary/scanner/http/radware_appdirector_enum + /metasploit-framework/modules/auxiliary/scanner/http/rails_json_yaml_scanner + /metasploit-framework/modules/auxiliary/scanner/http/rails_mass_assignment + /metasploit-framework/modules/auxiliary/scanner/http/rails_xml_yaml_scanner + /metasploit-framework/modules/auxiliary/scanner/http/replace_ext + /metasploit-framework/modules/auxiliary/scanner/http/rewrite_proxy_bypass + /metasploit-framework/modules/auxiliary/scanner/http/rfcode_reader_enum + /metasploit-framework/modules/auxiliary/scanner/http/s40_traversal + /metasploit-framework/modules/auxiliary/scanner/http/sap_businessobjects_user_brute + /metasploit-framework/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web + /metasploit-framework/modules/auxiliary/scanner/http/sap_businessobjects_user_enum + /metasploit-framework/modules/auxiliary/scanner/http/sap_businessobjects_version_enum + /metasploit-framework/modules/auxiliary/scanner/http/sentry_cdu_enum + /metasploit-framework/modules/auxiliary/scanner/http/servicedesk_plus_traversal + /metasploit-framework/modules/auxiliary/scanner/http/sevone_enum + /metasploit-framework/modules/auxiliary/scanner/http/simple_webserver_traversal + /metasploit-framework/modules/auxiliary/scanner/http/smt_ipmi_49152_exposure + /metasploit-framework/modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner + /metasploit-framework/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner + /metasploit-framework/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal + /metasploit-framework/modules/auxiliary/scanner/http/soap_xml + /metasploit-framework/modules/auxiliary/scanner/http/sockso_traversal + /metasploit-framework/modules/auxiliary/scanner/http/splunk_web_login + /metasploit-framework/modules/auxiliary/scanner/http/squid_pivot_scanning + /metasploit-framework/modules/auxiliary/scanner/http/squiz_matrix_user_enum + /metasploit-framework/modules/auxiliary/scanner/http/ssl_version + /metasploit-framework/modules/auxiliary/scanner/http/support_center_plus_directory_traversal + /metasploit-framework/modules/auxiliary/scanner/http/svn_scanner + /metasploit-framework/modules/auxiliary/scanner/http/svn_wcdb_scanner + /metasploit-framework/modules/auxiliary/scanner/http/sybase_easerver_traversal + /metasploit-framework/modules/auxiliary/scanner/http/symantec_brightmail_logfile + /metasploit-framework/modules/auxiliary/scanner/http/symantec_web_gateway_login + /metasploit-framework/modules/auxiliary/scanner/http/titan_ftp_admin_pwd + /metasploit-framework/modules/auxiliary/scanner/http/title + /metasploit-framework/modules/auxiliary/scanner/http/tomcat_enum + /metasploit-framework/modules/auxiliary/scanner/http/tplink_traversal_noauth + /metasploit-framework/modules/auxiliary/scanner/http/trace + /metasploit-framework/modules/auxiliary/scanner/http/trace_axd + /metasploit-framework/modules/auxiliary/scanner/http/typo3_bruteforce + /metasploit-framework/modules/auxiliary/scanner/http/vcms_login + /metasploit-framework/modules/auxiliary/scanner/http/vhost_scanner + /metasploit-framework/modules/auxiliary/scanner/http/wangkongbao_traversal + /metasploit-framework/modules/auxiliary/scanner/http/web_vulndb + /metasploit-framework/modules/auxiliary/scanner/http/webdav_internal_ip + /metasploit-framework/modules/auxiliary/scanner/http/webpagetest_traversal + /metasploit-framework/modules/auxiliary/scanner/http/wildfly_traversal + /metasploit-framework/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli + /metasploit-framework/modules/auxiliary/scanner/http/wordpress_ghost_scanner + /metasploit-framework/modules/auxiliary/scanner/http/wordpress_multicall_creds + /metasploit-framework/modules/auxiliary/scanner/http/wordpress_pingback_access + /metasploit-framework/modules/auxiliary/scanner/http/wordpress_scanner + /metasploit-framework/modules/auxiliary/scanner/http/wordpress_xmlrpc_login + /metasploit-framework/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli + /metasploit-framework/modules/auxiliary/scanner/http/wp_dukapress_file_read + /metasploit-framework/modules/auxiliary/scanner/http/wp_gimedia_library_file_read + /metasploit-framework/modules/auxiliary/scanner/http/wp_mobile_pack_info_disclosure + /metasploit-framework/modules/auxiliary/scanner/http/wp_mobileedition_file_read + /metasploit-framework/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read + /metasploit-framework/modules/auxiliary/scanner/http/wp_simple_backup_file_read + /metasploit-framework/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read + /metasploit-framework/modules/auxiliary/scanner/http/xpath + /metasploit-framework/modules/auxiliary/scanner/http/yaws_traversal + /metasploit-framework/modules/auxiliary/scanner/http/zabbix_login + /metasploit-framework/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess + /metasploit-framework/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig + /metasploit-framework/modules/auxiliary/scanner/ip/ipidseq + /metasploit-framework/modules/auxiliary/scanner/kademlia/server_info + /metasploit-framework/modules/auxiliary/scanner/llmnr/query + /metasploit-framework/modules/auxiliary/scanner/lotus/lotus_domino_hashes + /metasploit-framework/modules/auxiliary/scanner/lotus/lotus_domino_login + /metasploit-framework/modules/auxiliary/scanner/lotus/lotus_domino_version + /metasploit-framework/modules/auxiliary/scanner/mdns/query + /metasploit-framework/modules/auxiliary/scanner/misc/cctv_dvr_login + /metasploit-framework/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass + /metasploit-framework/modules/auxiliary/scanner/misc/dvr_config_disclosure + /metasploit-framework/modules/auxiliary/scanner/misc/easycafe_server_fileaccess + /metasploit-framework/modules/auxiliary/scanner/misc/ib_service_mgr_info + /metasploit-framework/modules/auxiliary/scanner/misc/java_jmx_server + /metasploit-framework/modules/auxiliary/scanner/misc/java_rmi_server + /metasploit-framework/modules/auxiliary/scanner/misc/oki_scanner + /metasploit-framework/modules/auxiliary/scanner/misc/poisonivy_control_scanner + /metasploit-framework/modules/auxiliary/scanner/misc/raysharp_dvr_passwords + /metasploit-framework/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords + /metasploit-framework/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner + /metasploit-framework/modules/auxiliary/scanner/misc/zenworks_preboot_fileaccess + /metasploit-framework/modules/auxiliary/scanner/mongodb/mongodb_login + /metasploit-framework/modules/auxiliary/scanner/motorola/timbuktu_udp + /metasploit-framework/modules/auxiliary/scanner/msf/msf_rpc_login + /metasploit-framework/modules/auxiliary/scanner/msf/msf_web_login + /metasploit-framework/modules/auxiliary/scanner/mssql/mssql_hashdump + /metasploit-framework/modules/auxiliary/scanner/mssql/mssql_login + /metasploit-framework/modules/auxiliary/scanner/mssql/mssql_schemadump + /metasploit-framework/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump + /metasploit-framework/modules/auxiliary/scanner/mysql/mysql_file_enum + /metasploit-framework/modules/auxiliary/scanner/mysql/mysql_hashdump + /metasploit-framework/modules/auxiliary/scanner/mysql/mysql_schemadump + /metasploit-framework/modules/auxiliary/scanner/mysql/mysql_writable_dirs + /metasploit-framework/modules/auxiliary/scanner/natpmp/natpmp_portscan + /metasploit-framework/modules/auxiliary/scanner/nessus/nessus_ntp_login + /metasploit-framework/modules/auxiliary/scanner/nessus/nessus_rest_login + /metasploit-framework/modules/auxiliary/scanner/nessus/nessus_xmlrpc_login + /metasploit-framework/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping + /metasploit-framework/modules/auxiliary/scanner/netbios/nbname + /metasploit-framework/modules/auxiliary/scanner/nexpose/nexpose_api_login + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_monlist + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_peer_list_dos + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_readvar + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_reslist_dos + /metasploit-framework/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos + /metasploit-framework/modules/auxiliary/scanner/openvas/openvas_gsad_login + /metasploit-framework/modules/auxiliary/scanner/openvas/openvas_omp_login + /metasploit-framework/modules/auxiliary/scanner/openvas/openvas_otp_login + /metasploit-framework/modules/auxiliary/scanner/oracle/emc_sid + /metasploit-framework/modules/auxiliary/scanner/oracle/isqlplus_login + /metasploit-framework/modules/auxiliary/scanner/oracle/isqlplus_sidbrute + /metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login + /metasploit-framework/modules/auxiliary/scanner/oracle/sid_brute + /metasploit-framework/modules/auxiliary/scanner/oracle/sid_enum + /metasploit-framework/modules/auxiliary/scanner/oracle/spy_sid + /metasploit-framework/modules/auxiliary/scanner/oracle/tnslsnr_version + /metasploit-framework/modules/auxiliary/scanner/oracle/tnspoison_checker + /metasploit-framework/modules/auxiliary/scanner/oracle/xdb_sid + /metasploit-framework/modules/auxiliary/scanner/oracle/xdb_sid_brute + /metasploit-framework/modules/auxiliary/scanner/pcanywhere/pcanywhere_login + /metasploit-framework/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp + /metasploit-framework/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp + /metasploit-framework/modules/auxiliary/scanner/pop3/pop3_login + /metasploit-framework/modules/auxiliary/scanner/portmap/portmap_amp + /metasploit-framework/modules/auxiliary/scanner/portscan/ack + /metasploit-framework/modules/auxiliary/scanner/portscan/ftpbounce + /metasploit-framework/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection + /metasploit-framework/modules/auxiliary/scanner/postgres/postgres_login + /metasploit-framework/modules/auxiliary/scanner/postgres/postgres_schemadump + /metasploit-framework/modules/auxiliary/scanner/printer/canon_iradv_pwd_extract + /metasploit-framework/modules/auxiliary/scanner/printer/printer_delete_file + /metasploit-framework/modules/auxiliary/scanner/printer/printer_download_file + /metasploit-framework/modules/auxiliary/scanner/printer/printer_env_vars + /metasploit-framework/modules/auxiliary/scanner/printer/printer_list_dir + /metasploit-framework/modules/auxiliary/scanner/printer/printer_list_volumes + /metasploit-framework/modules/auxiliary/scanner/printer/printer_ready_message + /metasploit-framework/modules/auxiliary/scanner/printer/printer_upload_file + /metasploit-framework/modules/auxiliary/scanner/printer/printer_version_info + /metasploit-framework/modules/auxiliary/scanner/quake/server_info + /metasploit-framework/modules/auxiliary/scanner/rdp/ms12_020_check + /metasploit-framework/modules/auxiliary/scanner/redis/file_upload + /metasploit-framework/modules/auxiliary/scanner/redis/redis_login + /metasploit-framework/modules/auxiliary/scanner/redis/redis_server + /metasploit-framework/modules/auxiliary/scanner/rogue/rogue_recv + /metasploit-framework/modules/auxiliary/scanner/rogue/rogue_send + /metasploit-framework/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt + /metasploit-framework/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem + /metasploit-framework/modules/auxiliary/scanner/sap/sap_icf_public_info + /metasploit-framework/modules/auxiliary/scanner/sap/sap_icm_urlscan + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocesslist + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile + /metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_version + /metasploit-framework/modules/auxiliary/scanner/sap/sap_router_info_request + /metasploit-framework/modules/auxiliary/scanner/sap/sap_router_portscanner + /metasploit-framework/modules/auxiliary/scanner/sap/sap_service_discovery + /metasploit-framework/modules/auxiliary/scanner/sap/sap_smb_relay + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1 + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_ping + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info + /metasploit-framework/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure + /metasploit-framework/modules/auxiliary/scanner/sap/sap_web_gui_brute_login + /metasploit-framework/modules/auxiliary/scanner/scada/digi_addp_reboot + /metasploit-framework/modules/auxiliary/scanner/scada/digi_addp_version + /metasploit-framework/modules/auxiliary/scanner/scada/digi_realport_serialport_scan + /metasploit-framework/modules/auxiliary/scanner/scada/digi_realport_version + /metasploit-framework/modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess + /metasploit-framework/modules/auxiliary/scanner/scada/koyo_login + /metasploit-framework/modules/auxiliary/scanner/scada/modbus_findunitid + /metasploit-framework/modules/auxiliary/scanner/scada/modbusclient + /metasploit-framework/modules/auxiliary/scanner/scada/modbusdetect + /metasploit-framework/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess + /metasploit-framework/modules/auxiliary/scanner/sip/enumerator + /metasploit-framework/modules/auxiliary/scanner/sip/enumerator_tcp + /metasploit-framework/modules/auxiliary/scanner/sip/options + /metasploit-framework/modules/auxiliary/scanner/sip/sipdroid_ext_enum + /metasploit-framework/modules/auxiliary/scanner/smb/psexec_loggedin_users + /metasploit-framework/modules/auxiliary/scanner/smb/smb_enum_gpp + /metasploit-framework/modules/auxiliary/scanner/smb/smb_enumusers_domain + /metasploit-framework/modules/auxiliary/scanner/smb/smb_uninit_cred + /metasploit-framework/modules/auxiliary/scanner/smtp/smtp_enum + /metasploit-framework/modules/auxiliary/scanner/smtp/smtp_ntlm_domain + /metasploit-framework/modules/auxiliary/scanner/smtp/smtp_relay + /metasploit-framework/modules/auxiliary/scanner/snmp/aix_version + /metasploit-framework/modules/auxiliary/scanner/snmp/arris_dg950 + /metasploit-framework/modules/auxiliary/scanner/snmp/brocade_enumhash + /metasploit-framework/modules/auxiliary/scanner/snmp/netopia_enum + /metasploit-framework/modules/auxiliary/scanner/snmp/sbg6580_enum + /metasploit-framework/modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet + /metasploit-framework/modules/auxiliary/scanner/snmp/snmp_set + /metasploit-framework/modules/auxiliary/scanner/snmp/ubee_ddw3611 + /metasploit-framework/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers + /metasploit-framework/modules/auxiliary/scanner/ssh/apache_karaf_command_execution + /metasploit-framework/modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers + /metasploit-framework/modules/auxiliary/scanner/ssh/detect_kippo + /metasploit-framework/modules/auxiliary/scanner/ssh/karaf_login + /metasploit-framework/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys + /metasploit-framework/modules/auxiliary/scanner/ssh/ssh_version + /metasploit-framework/modules/auxiliary/scanner/ssl/openssl_ccs + /metasploit-framework/modules/auxiliary/scanner/ssl/openssl_heartbleed + /metasploit-framework/modules/auxiliary/scanner/steam/server_info + /metasploit-framework/modules/auxiliary/scanner/telephony/wardial + /metasploit-framework/modules/auxiliary/scanner/telnet/lantronix_telnet_password + /metasploit-framework/modules/auxiliary/scanner/telnet/lantronix_telnet_version + /metasploit-framework/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow + /metasploit-framework/modules/auxiliary/scanner/telnet/telnet_ruggedcom + /metasploit-framework/modules/auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp + /metasploit-framework/modules/auxiliary/scanner/tftp/netdecision_tftp + /metasploit-framework/modules/auxiliary/scanner/tftp/tftpbrute + /metasploit-framework/modules/auxiliary/scanner/udp/example + /metasploit-framework/modules/auxiliary/scanner/upnp/ssdp_amp + /metasploit-framework/modules/auxiliary/scanner/upnp/ssdp_msearch + /metasploit-framework/modules/auxiliary/scanner/vmware/vmauthd_login + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_enum_permissions + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_enum_sessions + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_enum_users + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_enum_vms + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_host_details + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_http_login + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_server_dir_trav + /metasploit-framework/modules/auxiliary/scanner/vmware/vmware_update_manager_traversal + /metasploit-framework/modules/auxiliary/scanner/vnc/vnc_login + /metasploit-framework/modules/auxiliary/scanner/vnc/vnc_none_auth + /metasploit-framework/modules/auxiliary/scanner/voice/recorder + /metasploit-framework/modules/auxiliary/scanner/vxworks/wdbrpc_bootline + /metasploit-framework/modules/auxiliary/scanner/vxworks/wdbrpc_version + /metasploit-framework/modules/auxiliary/scanner/winrm/winrm_login + /metasploit-framework/modules/auxiliary/scanner/winrm/winrm_wql
Missing modules + /metasploit-framework/modules/auxiliary/scanner/http/onion_omega2_login + /metasploit-framework/modules/auxiliary/scanner/misc/java_jmx_scanner + /metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum + /metasploit-framework/modules/auxiliary/scanner/msmail/host_id + /metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum + /metasploit-framework/modules/auxiliary/scanner/mssql/mssql_idf + /metasploit-framework/modules/auxiliary/scanner/mssql/mssql_sql + /metasploit-framework/modules/auxiliary/scanner/ssl/bleichenbacher_oracle + /metasploit-framework/modules/auxiliary/scanner/teradata/teradata_odbc_login
h00die commented 5 years ago

@PingouinRF this effort looks great! I'd love some help writing docs, it's a great way to contribute to open source, find bugs in the code base, and learn!

  1. /metasploit-framework/modules/auxiliary/scanner/http/onion_omega2_login is a python module, your script most likely only checked for .rb
  2. I believe java_jmx_scanner is actually java_jmx_server but ping @asoto-r7
  3. The msmail files are all .go extension, similar to number 1 so possible false positive.
  4. I think the mssql ones got moved out of scanner to admin: https://github.com/rapid7/metasploit-framework/blob/76954957c740525cff2db5a60bcf936b4ee06c42/modules/auxiliary/admin/mssql/mssql_idf.rb
  5. bleichenbacher_oracle is .py
  6. teradata_odbc_login is .py

Check those out. If you want to confirm the mssql ones were moved and want to submit a PR that would be great! A fast easy one, you can tag me on it and I can handle landing it quickly.

Would you mind sharing your code for this? I'd love to wipe the original post content with something more up to date. You could even print out the output in MD with empty check boxes [ ] item

hkerma commented 5 years ago

Hi @h00die, I didn't expect some script to be written in other languages than Ruby : my bad. I modified my script.

Here it is :

import os
import glob
modules = []
docs = []

list_docs = glob.glob('/root/Documents/MSFDoc/metasploit-framework/documentation/modules/auxiliary/scanner/*/*.md', recursive=True)
list_modules = glob.glob('/root/Documents/MSFDoc/metasploit-framework/modules/auxiliary/scanner/*/*.*', recursive=True)

for doc in list_docs:
    docs.append(doc.split('.')[0].replace('/documentation/','/'))
for module in list_modules:
    modules.append(module.split('.')[0])
missings = []
problems = []

for i in docs:
    if i not in modules:
        problems.append(i)
for i in modules:
    if i not in docs:
        missings.append(i)

f = open("/root/Documents/MSFDoc/missings.txt","w")
for i in sorted(missings):
    f.write('+ [ ] ' + i.replace('/root/Documents/MSFDoc/','/') + '\n')
f.close()

g = open("/root/Documents/MSFDoc/problems.txt","w")
for i in sorted(problems):
    g.write('+ [ ] ' + i.replace('/root/Documents/MSFDoc/','/') + '\n')
g.close()

I run it with Python 3, you need glob (which is a good directory explorer) library in order to make it functional. Don't hesitate to correct me, as I'm pretty bad at scripting ... You'll get two text files (missings and problems) markdown-formatted and ready to post on this issue (I wrote some + instead of - so you can integrate it in < details > tag).

I can confirm that the two mssql related problems have been moves to admin section. Also, it's no doubt that java_jmx_scanner is now java_jmx_server as I cannot find any trace of jmx_scanner anywhere ...

I can make all the required modifications for the module/documentation names and make a pull request, however I'll let you make the modification on the first post of this issue ;)

Thx for your help !

h00die commented 5 years ago

@hkerma Metasploit has a tools folder (in your path, most likely /root/Documents/MSFDoc/metasploit-framework/tools) which has various meta tools. Looks like it isn't a requirement to run ruby. Would you mind submitting your python code as a new tool? Put it a docs folder. You'll want to adjust a few things:

  1. don't hardcode paths, detect where the file is being run from and back out 3 folders (which will be the msf root).
  2. allow the user to input a module type (aux, post, exploit, etc) via command line flag (default aux) and scan that folder accordingly. Maybe an all that will do all of these sections as well.
  3. handle gracefully if the user doesn't have glob, if it wont run in py2, then detect that and exit gracefully.
  4. Python is 4 space, looks like you're either using tab or 8 space.
  5. Allow a show all flag that will give output w/ an x in the checkbox [ x ] for items that do have docs
  6. I think it would be easy and cool to give a count at the end like 50/200 (25%) module docs written
  7. output to screen, don't write to files since a user can just pipe it or redirect output as need be

This is just some quick stuff. I think we'll be able to do further optimizations in a PR.

h00die commented 5 years ago

@hkerma hows it going on that script? Need any help?

hkerma commented 5 years ago

Hi @h00die, sorry I went for vacation and didn't really work on that. I'll take care of your advices and do that quickly ;)

h00die commented 5 years ago

@hkerma no worries, just checking in!

hkerma commented 5 years ago

Hi @h00die, I tried to follow your recommendations as much as I could and ended up with this code. Could you have a look and give me some feedback before I make a PR ? I'd really appreciate it :)

import os
import sys
import argparse

try:
    import glob
except ImportError:
    print("Please install glob package")
    sys.exit()

parser = argparse.ArgumentParser(epilog='Choose options in order to print the wanted information about modules and their documentations.', prefix_chars='--', )
parser.add_argument('-m', '--modules', type=str, default='auxiliary/scanner', help='Choose the modules category to work with. Respect the module category names as in metasploit-framework. Only one category should be passed, e.g. "auxiliary/admin", "exploits/android/browser" or "encoders" are valid entries.')
parser.add_argument('--show_all', action="store_true", default=False, help='Show the complete list of items. In default mode, modules with documentation are marked "[x]" and modules without are marked "[ ]". In issues mode, documentation files without module are marked "[ ]" and documentation files with module are marked "[x]".')
parser.add_argument('--show_issues', action="store_true", default=False, help='Show the list of documentation files without modules instead of modules withouth documentation file.')
args = parser.parse_args()

module_type = args.modules
show_all = args.show_all
show_issues = args.show_issues

modules = []
docs = []
path = os.path.abspath(os.path.join(os.path.realpath(__file__),"..","..",".."))

if os.path.exists(os.path.join(path, 'modules', module_type)):  
    list_docs = glob.glob(os.path.join(path,'documentation/modules', module_type, '**/*.md'), recursive=True)
    list_modules = glob.glob(os.path.join(path, 'modules', module_type, '**/*.*'),recursive=True)
else:
    print("Path doesn't exist. Maybe you have passed a wrong module category or maybe there isn't any documentation file yet.")
    sys.exit()
for doc in list_docs:
    docs.append(doc.split('.')[0].replace('/documentation/','/'))
for module in list_modules:
    modules.append(module.split('.')[0])

missings = []
problems = []
count = 0

if not (show_all):
    if not (show_issues):
        for i in modules:
            if i not in docs:
                missings.append(i)
        for i in sorted(missings):
            print('+ [ ] ' + '/metasploit-framework' + i.split('metasploit-framework')[1])
        print(str(len(missings)) + ' modules have no documentation.')
    else:
        for i in docs:
            if i not in modules:
                problems.append(i)
        for i in sorted(problems):
            print('+ [ ] ' + '/metasploit-framework' + i.split('metasploit-framework')[1])
        print(str(len(problems)) + ' doc files do not correspond to any module.')

else:
    count = 0
    if not (show_issues):
        for i in sorted(modules):       
            if i in docs:
                print('+ [x] ' + '/metasploit-framework' + i.split('metasploit-framework')[1])
            else:
                print('+ [ ] ' + '/metasploit-framework' + i.split('metasploit-framework')[1])
                count += 1
        print(str(count) + ' modules out of ' + str(len(modules)) + ' have no documentation.')
    else:
        for i in sorted(docs):
            if i in modules:
                print('+ [x] ' + '/metasploit-framework' + i.split('metasploit-framework')[1])
            else:
                print('+ [ ] ' + '/metasploit-framework' + i.split('metasploit-framework')[1])
                count += 1
        print(str(count) + ' doc files out of ' + str(len(docs)) + ' do not correspond to any module.')

Thx a lot !

EDIT : forgot to say that this script is supposed to be in "metasploit-framework/tools/docs/script.py" in order to work.

h00die commented 5 years ago

Awesome! Go ahead and throw it into a PR. It'll be easier to comment on code there, as well as not taking up a block of space in this issues. I should be able to look at it during the week! Good job!

h00die commented 5 years ago

@hkerma Can you throw that code into a PR so we can do a real review on it?

hkerma commented 5 years ago

Hi @h00die, really sorry but I got a lot of work to do at school ... I'll try doing it today !

h00die commented 5 years ago

not a problem, just glad to see youre still around!

h00die commented 5 years ago

Closing this in favor of the docs output from @hkerma so that it can more easily be tracked and overwritten, etc. Will link to new issue shortly.