Mosquito - Update v:7.17.4
Project Referencies
[1] Project home page
[2] Framework Description
[3] Framework download (mosquito)
[4] hacking-material-books - metasploit_resource_files
[5] mass_exploiter.rc - module develop (public contributions)
UPDATED - NEW | COMMAND | DESCRIPTION |
---|---|---|
mosquito.sh | exploit | Armitage Hail Mary (based) rc script (menu option) |
install.sh | mosquito.sh -u | Download/Install mass_exploiter.rc script (new) |
mass_exploiter.rc | Armitage Hail Mary (based) resource script (new) * | |
http-proxy-brute.py | HTTP basic (cookie) authentication brute force (new) ** | |
brute_force.rc | 2 | added rpc/msrpc service port (55553) to brute_force.rc |
ms17_010.rc | 3 | RHOSTS multiple ports sellection bugfix (ports: 135:139) |
rtsp-url-brute.rc | 14 | added function 'Google Dork seach for webcams?' |
all rc scripts | Nmap/Metasploit scan/brute-force timeout(s) improved | |
all rc scripts | Geolocation of alive RHOST(s) found (public ip addr) *** | |
all rc scripts | upgrade command Shell (session) to Meterpreter ? | |
all rc scripts | added 'Suggest exploits based on CVE id numbers' ? | |
all rc scripts | Credentials found displays in 'services' report notes |
* mass_exploiter.rc script can be used outside mosquito framework (msf & nmap dependencies)
** http-proxy-brute.py its written when using mass_exploiter.rc <setg MAX_PORTS true> module
*** The Geo-Location Function (all rc scripts) will NOT geolocate Internal IP adrress(s)
all rc scripts - Geolocation of RHOSTS in 'services' report notes
all rc scripts - Suggest exploits based on CVE id numbers found
all rc scripts - Credentials found displays in 'sessions' report notes
rtsp-url-brute.rc - Google Dork seach for webcams?
mass_exploiter.rc - armitage Hail Mary (based) resource script
mass_exploiter.rc resource script allow us to scan user inputs (rhosts/lhosts) or import an database.xml file to msfdb and auto-run multiple exploit modules againts all alive db hosts based on their port number(s) or service name(s). 'This module will try to exploit open port(s): 21:22:23:80:110:445:1433:3306 (default scans) and ports: 21:22:23:80:110:139:445:1433:3306:3389:8080:55553 in MAX_PORTS (global variable) mode.
mass_exploiter.rc - module available options (Global Variables)
mass_exploiter.rc - exploit suggester (dont exploit)
mass_exploiter.rc - manually sellecting www.facebook.com as 2º decoy ip addr
mass_exploiter.rc - Scans performed using a fake UserAgent string (Apple)
mass_exploiter.rc - multi tasking RHOSTS (two targets) scans on port 21 (ftp)
mass_exploiter.rc - brute force basic cookie authentication
mass_exploiter.rc - upgrade shell command (session) to meterpreter?
For those occasions were we have a service/exploit shell but we are more familiarized with meterpreter.
REMARK: Some type of shells can NOT be upgraded to meterpreter ..
List of metasploit auxiliary/exploit modules used by mass_exploiter:
Total Modules Count: [57] modules
Total Modules Load: [46] exploits [11] scanners modules (MAX_PORTS)
MODULE NAME | PORT Nº | SERVICE NAME | EXECUTION |
---|---|---|---|
auxiliary/scanner/ftp/ftp_version | 21 | FTP | DEFAULT |
exploit/unix/ftp/proftpd_modcopy_exec | 21 | FTP | DEFAULT |
exploit/multi/ftp/pureftpd_bash_env_exec | 21 | FTP | DEFAULT |
exploit/windows/ftp/ms09_053_ftpd_nlst | 21 | FTP | DEFAULT |
exploit/windows/ftp/freefloatftp_wbem | 21 | FTP | DEFAULT |
exploit/unix/ftp/vsftpd_234_backdoor | 21 | FTP | DEFAULT |
exploit/linux/ftp/proftp_telnet_iac | 21 | FTP | DEFAULT |
auxiliary/scanner/ssh/ssh_version | 22 | SSH | DEFAULT |
scanner/ssh/eaton_xpert_backdoor | 22 | SSH | DEFAULT |
auxiliary/scanner/ssh/libssh_auth_bypass | 22 | SSH | DEFAULT |
exploit/windows/ssh/freesshd_authbypass | 22 | SSH | DEFAULT |
exploit/apple_ios/ssh/cydia_default_ssh | 22 | SSH | DEFAULT |
exploit/windows/ssh/sysax_ssh_username | 22 | SSH | DEFAULT |
exploit/windows/ssh/freeftpd_key_exchange | 22 | SSH | DEFAULT |
auxiliary/scanner/telnet/telnet_version | 23 | TELNET | DEFAULT |
unix/misc/polycom_hdx_traceroute_exec | 23 | TELNET | DEFAULT |
exploit/windows/telnet/gamsoft_telsrv_username | 23 | TELNET | DEFAULT |
exploit/linux/telnet/netgear_telnetenable | 23 | TELNET | DEFAULT |
auxiliary/scanner/http/http_header | 80 | HTTP | DEFAULT |
exploit/multi/http/zpanel_information_disclosure_rce | 80 | HTTP | DEFAULT |
exploit/windows/http/ektron_xslt_exec_ws | 80 | HTTP | DEFAULT |
exploit/windows/http/dup_scout_enterprise_login_bof | 80 | HTTP | DEFAULT |
exploit/windows/http/rejetto_hfs_exec | 80 | HTTP | DEFAULT |
auxiliary/scanner/http/http_login | 80 | HTTP | DEFAULT |
exploit/windows/http/easyfilesharing_seh | 80 | HTTP | DEFAULT |
exploit/multi/http/getsimplecms_unauth_code_exec | 80 | HTTP | DEFAULT |
auxiliary/scanner/pop3/pop3_version | 110 | POP3 | DEFAULT |
exploit/linux/pop3/cyrus_pop3d_popsubfolders | 110 | POP3 | DEFAULT |
exploit/windows/pop3/seattlelab_pass | 110 | POP3 | DEFAULT |
exploit/multi/samba/usermap_script | 139 | NETBIOS-SSN | MAX_PORTS |
exploit/windows/smb/ms08_067_netapi | 139 | NETBIOS-SSN | MAX_PORTS |
exploit/multi/ids/snort_dce_rpc | 139 | NETBIOS-SSN | MAX_PORTS |
auxiliary/scanner/smb/smb_version | 445 | SMB | DEFAULT |
auxiliary/scanner/smb/smb_ms17_010 | 445 | SMB | DEFAULT |
exploit/windows/smb/ms06_066_nwapi | 445 | SMB | DEFAULT |
exploit/windows/smb/webexec | 445 | SMB | DEFAULT |
exploit/windows/smb/ms08_067_netapi | 445 | SMB | DEFAULT |
exploit/windows/smb/ms17_010_psexec | 445 | SMB | DEFAULT |
exploit/windows/smb/ms17_010_eternalblue | 445 | SMB | DEFAULT |
exploit/windows/smb/ms09_050_smb2_negotiate_func_index | 445 | SMB | DEFAULT |
exploit/windows/smb/ms10_061_spoolss | 445 | SMB | DEFAULT |
auxiliary/scanner/mssql/mssql_ping | 1433 | MSSQL | DEFAULT |
exploit/windows/mssql/mssql_clr_payload | 1433 | MSSQL | DEFAULT |
exploit/windows/mssql/mssql_payload | 1433 | MSSQL | DEFAULT |
auxiliary/scanner/mysql/mysql_version | 3306 | MYSQL | DEFAULT |
exploit/multi/mysql/mysql_udf_payload | 3306 | MYSQL | DEFAULT |
exploit/windows/mysql/mysql_yassl_hello | 3306 | MYSQL | DEFAULT |
exploit/windows/mysql/scrutinizer_upload_exec | 3306 | MYSQL | DEFAULT |
auxiliary/scanner/rdp/ms12_020_check | 3389 | RDP | MAX_PORTS |
auxiliary/scanner/rdp/cve_2019_0708_bluekeep | 3389 | RDP | MAX_PORTS |
auxiliary/dos/windows/rdp/ms12_020_maxchannelids | 3389 | RDP | MAX_PORTS |
auxiliary/dos/rdp/cve_2019_0708_bluekeep_dos | 3389 | RDP | MAX_PORTS |
exploit/windows/http/tomcat_cgi_cmdlineargs | 8080 | HTTP-PROXY | MAX_PORTS |
exploit/multi/http/tomcat_jsp_upload_bypass | 8080 | HTTP-PROXY | MAX_PORTS |
exploit/multi/http/struts2_namespace_ognl | 8080 | HTTP-PROXY | MAX_PORTS |
http-proxy-brute.py | 8080 | HTTP-PROXY | MAX_PORTS |
auxiliary/scanner/msf/msf_rpc_login | 55553 | MSRPC | MAX_PORTS |
Framework update (local version -> remote version)
If we already have an mosquito old version installed, then we just need to run: ./mosquito.sh -u
to update curent installation. (note: git clone download/install method its more stable that the update function)
sudo ./mosquito.sh -u
Framework Download (full download)
Delete old project folder
rm -rf resource_files
Framework Download
git clone https://github.com/r00t-3xp10it/resource_files.git
cd resource_files && find ./ -name "*.sh" -exec chmod +x {} \;
Framework help
sudo ./mosquito.sh -h
Framework install (fist time-run)
sudo ./mosquito.sh -i
Framework execution
sudo ./mosquito.sh
Project Acknowledgments
@fyodor - nmap framework
@hdm - metasploit framework
@GMedian - vulners.nse script
@seanwarnock - http-winrm.nse script
@mathiasgut - freevulnsearch.nse script
@patrikkarlsson - rtsp-url-brute.nse script