• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• apt2-master
  • apt2.py
  • misc
    • passwords.txt
    • default.cfg
    • capture.js
    • TestSSLServer.jar
    • apt2.rc
    • setup.sh
  • __init__.py
  • README.md
  • core
    • actionModule.py
    • framework.py
    • mymsf.py
    • keyeventthread.py
    • keystore.py
    • msfrpc2.py
    • events.py
    • msfActionModule.py
    • reportModule.py
    • inputModule.py
    • __init__.py
    • utils.py
    • mynmap.py
    • packetcap.py
  • .gitignore
  • LICENSE.txt
  • modules
    • report
      • reportgen.py
      • __init__.py
    • action
      • scan_msf_vncnoneauth.py
      • scan_msf_jboss_vulnscan.py
      • scan_testsslserver.py
      • scan_smbclient_nullsession.py
      • scan_msf_openx11.py
      • scan_rpcclient_userenum.py
      • scan_nmap_msvulnscan.py
      • exploit_hydrasmbpassword.py
      • exploit_msf_psexec_pth.py
      • scan_nmap_smbshares.py
      • scan_msf_snmpenumusers.py
      • scan_searchsmbshare.py
      • post_msf_gathersessioninfo.py
      • post_msf_dumphashes.py
      • post_impacketsecretsdump.py
      • exploit_responder.py
      • scan_anonftp.py
      • scan_sslscan.py
      • scan_openx11.py
      • scan_nmap_nfsshares.py
      • scan_nmap_smbsigning.py
      • scan_nmap_sslscan.py
      • scan_nmap_vnc_auth_bypass.py
      • scan_msf_snmpenumshares.py
      • scan_msf_smbuserenum.py
      • scan_httpoptions.py
      • scan_msf_snmplogin.py
      • exploit_msf_tomcat_mgr_login.py
      • scan_httpserverversion.py
      • scan_anonldap.py
      • exploit_msf_ms08_067.py
      • scan_snmpwalk.py
      • __init__.py
      • scan_rpcclient_nullsession.py
      • exploit_msf_tomcat_mgr_upload.py
      • scan_nmap_vncbrute.py
      • exploit_msf_ms17_010.py
      • scan_gethostname.py
      • exploit_msf_jboss_maindeployer.py
      • scan_httpscreenshot.py
      • exploit_jexboss.py
      • exploit_msf_javarmi.py
    • __init__.py
    • input
      • nmaploadxml.py
      • dictload.py
      • __init__.py
  • TODO.txt

import socket
from ftplib import FTP, error_perm

from core.actionModule import actionModule
from core.keystore import KeyStore as kb
from core.utils import Utils


class scan_anonftp(actionModule):
    def __init__(self, config, display, lock):
        super(scan_anonftp, self).__init__(config, display, lock)
        self.title = "Test for Anonymous FTP"
        self.shortName = "anonymousFTP"
        self.description = "connect to remote FTP service as anonymous"

        self.requirements = []
        self.triggers = ["newService_ftp", "newPort_tcp_21"]

        self.safeLevel = 4

    def getTargets(self):
        # we are interested in all hosts that have ftp service
        self.targets = kb.get('service/ftp')

    def testTarget(self, host, port):
        # verify we have not tested this host before
        if not self.seentarget(host + str(port)):
            self.addseentarget(host + str(port))
            self.display.verbose(self.shortName + " - Connecting to " + host)
            # start packet capture
            cap = self.pktCap(filter="tcp and port " + str(port) + " and host " + host, packetcount=10, timeout=10,
                              srcip=self.config['lhost'], dstip=host)

            # connect to the target host
            ftp = FTP()
            try:
                ftp.connect(host, int(port))

                outfile = self.config["proofsDir"] + self.shortName + "_PCAP_Port" + str(
                    port) + "_" + host + "_" + Utils.getRandStr(10)

                try:
                    # attempt to login as anonymous
                    result = ftp.login("anonymous", "anon@mo.us")
                    if ("Login successful" in result):
                        # fire a new trigger
                        self.fire("anonymousFtp")
                        self.addVuln(host, "anonymousFTP", {"port": str(port), "output": outfile.replace("/", "%2F")})
                        self.display.error("VULN [AnonymousFTP] Found on [%s]" % host)
                    else:
                        self.display.verbose("Could not login as anonymous to FTP at " + host)
                except error_perm as e:
                    self.display.verbose("Could not login as anonymous to FTP at " + host)

                # close the connection
                ftp.close()

                # retrieve pcap results
                Utils.writeFile(self.getPktCap(cap), outfile)
            except EOFError as e:
                self.display.verbose("Could not find FTP server located at " + host + " Port " + str(port))
            except socket.error as e:
                self.display.verbose("Could not find FTP server located at " + host + " Port " + str(port))

    def process(self):
        # load any targets we are interested in
        self.getTargets()

        # loop over each target
        for t in self.targets:
            ports = kb.get('service/ftp/' + t + '/tcp')
            for p in ports:
                self.testTarget(t, p)
        return