Metasploit Module Program Note - http_version

Metasploit Module Program Note - http_version

Note:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
require 'rex/proto/http' #require /opt/metasploit-framework/embedded/framework/lib/ all methods of the http protocol.

class MetasploitModule < Msf::Auxiliary #class defined this module is the auxiliary module 

  # Exploit mixins should be called first
  include Msf::Exploit::Remote::HttpClient # include the /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/remote/http_client.rb all methods of HttpClient(mean http_client)
  include Msf::Auxiliary::WmapScanServer #include /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/wmap_scan_server.rb all methods of WmapScanServer(mean wmap_scan_server)
  # Scanner mixin should be near last
  include Msf::Auxiliary::Scanner #include /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb

  def initialize #ruby default constructor function 
    super( #like MetasploitModule < Msf::Auxiliary use the super(x),the x will define variable in the module.
      'Name'        => 'HTTP Version Detection', #Module name
      'Description' => 'Display version information about each system.', #Module Description
      'Author'      => 'hdm', #Module author
      'License'     => MSF_LICENSE #Module license
    )

    register_wmap_options({ #setting wmap_option /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/wmap_module.rb
        'OrderID' => 0, # self.orderid = options['OrderID']
        'Require' => {}, # self.requiredids = options['Require']
      })
  end

  # Fingerprint a single host
  def run_host(ip) #use /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb methods run_host ,not customizable function name.
    begin #function start
      connect #use methods connect,will build a http connection ,use /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb methods connect
      res = send_request_raw({ 'uri' => '/', 'method' => 'GET' }) #use /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/remote/http_client.rb methods send_request_raw
      fp = http_fingerprint(:response => res) #use /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/remote/http_client.rb methods http_fingerprint
      print_good("#{ip}:#{rport} #{fp}") if fp #use ruby if modifier,will print if fp(http_fingerprint) had retrun,use methods rex(print_good)
      report_service(:host => rhost, :port => rport, :sname => (ssl ? 'https' : 'http'), :info => fp) #use /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/report.rb methods report_service to save report。
    rescue ::Timeout::Error, ::Errno::EPIPE #Use the timeout module to handle exceptions and other errors in the case of module timeout.
    ensure # Regardless of whether there is an exception, execute next.
      disconnect #use method disconnect ,disconnect http connection,use/opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb methods disconnect
    end
  end
end