From a1ca13ecbe3563fb5b705b58f98bf7c6f87f63e8 Mon Sep 17 00:00:00 2001
From: Tib3rius <48113936+Tib3rius@users.noreply.github.com>
Date: Mon, 16 Aug 2021 22:46:15 -0400
Subject: [PATCH] Plugin Updates

Better logic in wkhtmltoimage plugin.
New Redis plugins.
New RPCDump plugin.
Updated README for new tools.
---
 README.md        |  4 +++-
 plugins/http.py  |  5 +++--
 plugins/redis.py | 34 ++++++++++++++++++++++++++++++++++
 plugins/rpc.py   | 20 +++++++++++++++++++-
 4 files changed, 59 insertions(+), 4 deletions(-)
 create mode 100644 plugins/redis.py

diff --git a/README.md b/README.md
index e162a36..0112ba2 100644
--- a/README.md
+++ b/README.md
@@ -50,11 +50,13 @@ Additionally the following commands may need to be installed, depending on your
 curl
 enum4linux
 feroxbuster
+impacket-scripts
 nbtscan
 nikto
 nmap
 onesixtyone
 oscanner
+redis-tools
 smbclient
 smbmap
 snmpwalk
@@ -68,7 +70,7 @@ wkhtmltopdf
 On Kali Linux, you can ensure these are all installed using the following command:
 
 ```bash
-$ sudo apt install seclists curl enum4linux feroxbuster nbtscan nikto nmap onesixtyone oscanner smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf
+$ sudo apt install seclists curl enum4linux feroxbuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf
 ```
 
 ## Installation
diff --git a/plugins/http.py b/plugins/http.py
index 866cde3..719dbf8 100644
--- a/plugins/http.py
+++ b/plugins/http.py
@@ -166,8 +166,9 @@ class WkHTMLToImage(ServiceScan):
 		self.match_service_name('^nacn_http$', negative_match=True)
 
 	async def run(self, service):
-		if which('wkhtmltoimage') is not None and service.protocol == 'tcp':
-			await service.execute('wkhtmltoimage --format png {http_scheme}://{address}:{port}/ {scandir}/{protocol}_{port}_{http_scheme}_screenshot.png')
+		if which('wkhtmltoimage') is not None:
+			if service.protocol == 'tcp':
+				await service.execute('wkhtmltoimage --format png {http_scheme}://{address}:{port}/ {scandir}/{protocol}_{port}_{http_scheme}_screenshot.png')
 		else:
 			error('The wkhtmltoimage program could not be found. Make sure it is installed. (On Kali, run: sudo apt install wkhtmltopdf)')
 
diff --git a/plugins/redis.py b/plugins/redis.py
new file mode 100644
index 0000000..8d816c2
--- /dev/null
+++ b/plugins/redis.py
@@ -0,0 +1,34 @@
+from autorecon import ServiceScan, error
+from shutil import which
+
+class NmapRedis(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = 'Nmap Redis'
+		self.tags = ['default', 'redis']
+
+	def configure(self):
+		self.match_service_name('^redis$')
+
+	async def run(self, service):
+		await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,redis-info" -oN "{scandir}/{protocol}_{port}_redis_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_redis_nmap.xml" {address}')
+
+class RedisCli(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = 'Redis Cli'
+		self.tags = ['default', 'redis']
+
+	def configure(self):
+		self.match_service_name('^redis$')
+
+	async def run(self, service):
+		if which('redis-cli') is not None:
+			_, stdout, _ = await service.execute('redis-cli -p {port} -h {address} INFO', outfile='{protocol}_{port}_redis_info.txt')
+			if not (await stdout.readline()).startswith('NOAUTH Authentication required'):
+				await service.execute('redis-cli -p {port} -h {address} CONFIG GET \'*\'', outfile='{protocol}_{port}_redis_config.txt')
+				await service.execute('redis-cli -p {port} -h {address} CLIENT LIST', outfile='{protocol}_{port}_redis_client-list.txt')
+		else:
+			error('The redis-cli program could not be found. Make sure it is installed. (On Kali, run: sudo apt install redis-tools)')
diff --git a/plugins/rpc.py b/plugins/rpc.py
index e4d2419..17c0562 100644
--- a/plugins/rpc.py
+++ b/plugins/rpc.py
@@ -1,4 +1,5 @@
-from autorecon import ServiceScan
+from autorecon import ServiceScan, error
+from shutil import which
 
 class NmapMSRPC(ServiceScan):
 
@@ -25,3 +26,20 @@ class RPCClient(ServiceScan):
 
 	def manual(self, service, plugin_was_run):
 		service.add_manual_command('RPC Client:', 'rpcclient -p {port} -U "" {address}')
+
+class RPCDump(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = 'rpcdump'
+		self.tags = ['default', 'rpc']
+
+	def configure(self):
+		self.match_service_name(['^msrpc', '^rpcbind', '^erpc'])
+
+	async def run(self, service):
+		if which('impacket-rpcdump') is not None:
+			if service.protocol == 'tcp':
+				await service.execute('impacket-rpcdump -port {port} {address}', outfile='{protocol}_{port}_rpc_rpcdump.txt')
+		else:
+			error('The impacket-rpcdump program could not be found. Make sure it is installed. (On Kali, run: sudo apt install impacket-scripts)')