Tuesday, August 18, 2015

Metasploit + VHOSTS in mass

maybe this was a solved problem but I couldn't find a solution online.

Problem #1:

Metasploit RHOSTS takes the file parameter so you can pass in a list of ip ranges. It will also take hostnames  as long as they resolve. If you have giant list of stuff and one of them doesn't resolve then the RHOSTS wont load and you'll want to cry.

Problem #2:
Lots of proxy/WAFs/websites in general require the VHOST to be set.  Metasploit ships with tons of great auxiliary modules for http stuff but there isn't really a nice way to load a list of VHOSTS along with the list of IPs.

Resource scripts to the rescue!  A simple read file and setting RHOST and VHOST for each attempt at an aux module seems to get it done.  I've created a gist with the script.  Wait, what about Problem #1?  The module will just error out on the single RHOST that doesn't resolve and just move on. Now you can have a file full of stuff that doesn't resolve mixed in with stuff that does and it should plow on through. :-)

Resource script to get it done