### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##classMetasploitModule<Msf::AuxiliaryincludeMsf::Exploit::Remote::TcpincludeMsf::Auxiliary::RedisincludeMsf::Auxiliary::ReportincludeMsf::Auxiliary::Scannerdefinitialize(info={})super(update_info(info,'Name'=>'Redis Unauthorized Scanner','Description'=>%q(
This module finds Redis Unauthorized vulnerability.
),'Author'=>['weaponmaster3070@gmail.com','whale3070'],'License'=>MSF_LICENSE))register_options([Opt::RPORT(6379),OptString.new('COMMAND',[true,'The Redis command to run','INFO'])])enddefcommanddatastore['COMMAND']enddefrun_host(_ip)vprint_status("Contacting redis")beginconnect#Establishes a TCP connection to the specified RHOST/RPORTreturnunless(data=redis_command(command))#puts dataifdata["redis_version"]report_service(host: rhost,port: rport,name: "redis server",info: "#{command} response: #{data}")#store in the msf databaseprint_good("Found redis with #{command} command: #{Rex::Text.to_hex_ascii(data)}")elseputs'[-]not found redis_Unauthorized'endrescueRex::AddressInUse,Rex::HostUnreachable,Rex::ConnectionTimeout,Rex::ConnectionRefused,::Timeout::Error,::EOFError,::Errno::ETIMEDOUT=>evprint_error("Error while communicating: #{e}")ensuredisconnectendendend