Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

arp_scanner.rb 3.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. ##
  2. # WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
  3. # If you'd like to improve this script, please try to port it as a post
  4. # module instead. Thank you.
  5. ##
  6. # Author: Carlos Perez at carlos_perez[at]darkoperator.com
  7. #-------------------------------------------------------------------------------
  8. ################## Variable Declarations ##################
  9. @client = client
  10. @@exec_opts = Rex::Parser::Arguments.new(
  11. "-h" => [ false, "Help menu." ],
  12. "-i" => [ false, "Enumerate Local Interfaces"],
  13. "-r" => [ true, "The target address range or CIDR identifier"],
  14. "-s" => [ false, "Save found IP Addresses to logs."]
  15. )
  16. def enum_int
  17. print_status("Enumerating Interfaces")
  18. client.net.config.interfaces.each do |i|
  19. if not i.mac_name =~ /Loopback/
  20. print_status("\t#{i.mac_name}")
  21. print_status("\t#{i.ip}")
  22. print_status("\t#{i.netmask}")
  23. print_status()
  24. end
  25. end
  26. end
  27. def arp_scan(cidr)
  28. print_status("ARP Scanning #{cidr}")
  29. ws = client.railgun.ws2_32
  30. iphlp = client.railgun.iphlpapi
  31. i, a = 0, []
  32. iplst,found = [],""
  33. ipadd = Rex::Socket::RangeWalker.new(cidr)
  34. numip = ipadd.num_ips
  35. while (iplst.length < numip)
  36. ipa = ipadd.next_ip
  37. if (not ipa)
  38. break
  39. end
  40. iplst << ipa
  41. end
  42. iplst.each do |ip_text|
  43. if i < 10
  44. a.push(::Thread.new {
  45. h = ws.inet_addr(ip_text)
  46. ip = h["return"]
  47. h = iphlp.SendARP(ip,0,6,6)
  48. if h["return"] == client.railgun.const("NO_ERROR")
  49. mac_text = h["pMacAddr"].unpack('C*').map { |e| "%02x" % e }.join(':')
  50. print_status("IP: #{ip_text} MAC #{mac_text}")
  51. found << "#{ip_text}\n"
  52. end
  53. })
  54. i += 1
  55. else
  56. sleep(0.05) and a.delete_if {|x| not x.alive?} while not a.empty?
  57. i = 0
  58. end
  59. end
  60. a.delete_if {|x| not x.alive?} while not a.empty?
  61. return found
  62. end
  63. def save_found(found_ip)
  64. info = @client.sys.config.sysinfo
  65. # Create Filename info to be appended to downloaded files
  66. filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")
  67. # Create a directory for the logs
  68. logs = ::File.join(Msf::Config.log_directory,'scripts', 'arp_scanner',Rex::FileUtils.clean_path(info['Computer'] + filenameinfo))
  69. # Create the log directory
  70. ::FileUtils.mkdir_p(logs)
  71. #log file name
  72. dest = Rex::FileUtils.clean_path(logs + "/" + info['Computer'] + filenameinfo + ".txt")
  73. print_status("Saving found IP's to #{dest}")
  74. file_local_write(dest,found_ip)
  75. end
  76. save2log = false
  77. cidr2scan = ""
  78. @@exec_opts.parse(args) { |opt, idx, val|
  79. case opt
  80. when "-h"
  81. print_line "Meterpreter Script for performing an ARPS Scan Discovery."
  82. print_line(@@exec_opts.usage)
  83. raise Rex::Script::Completed
  84. when "-i"
  85. enum_int
  86. raise Rex::Script::Completed
  87. when "-r"
  88. cidr2scan = val
  89. when "-s"
  90. save2log = true
  91. end
  92. }
  93. if client.platform == 'windows'
  94. if args.length > 0
  95. if save2log
  96. save_found(arp_scan(cidr2scan))
  97. else
  98. arp_scan(cidr2scan)
  99. end
  100. else
  101. print_line "Meterpreter Script for performing an ARPS Scan Discovery."
  102. print_line(@@exec_opts.usage)
  103. raise Rex::Script::Completed
  104. end
  105. else
  106. print_error("This version of Meterpreter is not supported with this Script!")
  107. raise Rex::Script::Completed
  108. end