Modifying scanner modules for fun and profit

In a large testing environment, it would be a little difficult to analyze hundreds of different services and to find the vulnerable ones. I keep a list of vulnerable services in my customized scanning modules so that, as soon as a particular service is encountered, it gets marked as vulnerable if it matches a particular banner. Identifying vulnerable services is a good practice. For example, if you are given a vast network of 10000 systems, it would be difficult to run the default Metasploit module and expect a nicely formatted output. In such cases, we can customize the module accordingly and run it against the target. Metasploit is such a great tool that it provides inline editing. Hence, you can modify the modules on the fly using the edit command. However, you must have selected a module to edit. We can see in the following screenshot that Metasploit has opened the ftp_version module in the VI editor, and the logic of the module is also shown:

The code is quite straightforward. If the banner variable is set, the status message gets printed on the screen with details such as rhost, rport, and the banner itself. Suppose we want to add another functionality to the module, that is, to check if the banner matches a particular banner of a commonly vulnerable FTP service, we can add the following lines of code:

What we did in the preceding module is just an addition of another if-else block, which matches the banner to the regex expression /FTP\sUtility\sFTP\sserver/. If the banner matches the regex, it will denote a successful match of a vulnerable service, or else it will print Not Vulnerable. Quite simple, huh?

However, after you commit changes and write the module, you need to reload the module using the reload command. Let us now run the module and analyze the output:

Yeah! We did it successfully. Since the banner of the TP-LINK FTP server does not match our regex expression, Not Vulnerable gets printed on the console, and the banner for the other service matches our regex, so the Vulnerable message gets printed to the console.

For more information on editing and building new modules, refer to Chapter 2, of Mastering Metasploit 2nd Edition.