Http:BL Lookup - Metasploit

This page contains detailed information about how to use the auxiliary/scanner/http/httpbl_lookup metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: Http:BL Lookup
Module: auxiliary/scanner/http/httpbl_lookup
Source code: modules/auxiliary/scanner/http/httpbl_lookup.rb
Disclosure date: -
Last modification time: 2022-01-23 15:28:32 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module can be used to enumerate information about an IP addresses from Project HoneyPot's HTTP Block List.

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

This module is a scanner module, and is capable of testing against multiple hosts.

msf > use auxiliary/scanner/http/httpbl_lookup
msf auxiliary(httpbl_lookup) > show options
    ... show and set options ...
msf auxiliary(httpbl_lookup) > set RHOSTS ip-range
msf auxiliary(httpbl_lookup) > exploit

Other examples of setting the RHOSTS option:

Example 1:

msf auxiliary(httpbl_lookup) > set RHOSTS 192.168.1.3-192.168.1.200 

Example 2:

msf auxiliary(httpbl_lookup) > set RHOSTS 192.168.1.1/24

Example 3:

msf auxiliary(httpbl_lookup) > set RHOSTS file:/tmp/ip_list.txt

Required Options

---

• RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'

• HTTPBL_APIKEY: Your HTTP:BL api key

Go back to menu.

Msfconsole Usage

---

Here is how the scanner/http/httpbl_lookup auxiliary module looks in the msfconsole:

msf6 > use auxiliary/scanner/http/httpbl_lookup

msf6 auxiliary(scanner/http/httpbl_lookup) > show info

       Name: Http:BL Lookup
     Module: auxiliary/scanner/http/httpbl_lookup
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  mubix <[email protected]>

Check supported:
  No

Basic options:
  Name           Current Setting  Required  Description
  ----           ---------------  --------  -----------
  HTTPBL_APIKEY                   yes       Your HTTP:BL api key
  RHOSTS                          yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  THREADS        1                yes       The number of concurrent threads (max one per host)

Description:
  This module can be used to enumerate information about an IP 
  addresses from Project HoneyPot's HTTP Block List.

References:
  http://www.projecthoneypot.org/httpbl_api.php

Module Options

---

This is a complete list of options available in the scanner/http/httpbl_lookup auxiliary module:

msf6 auxiliary(scanner/http/httpbl_lookup) > show options

Module options (auxiliary/scanner/http/httpbl_lookup):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   HTTPBL_APIKEY                   yes       Your HTTP:BL api key
   RHOSTS                          yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   THREADS        1                yes       The number of concurrent threads (max one per host)

Advanced Options

---

Here is a complete list of advanced options supported by the scanner/http/httpbl_lookup auxiliary module:

msf6 auxiliary(scanner/http/httpbl_lookup) > show advanced

Module advanced options (auxiliary/scanner/http/httpbl_lookup):

   Name                 Current Setting  Required  Description
   ----                 ---------------  --------  -----------
   ShowProgress         true             yes       Display progress messages during a scan
   ShowProgressPercent  10               yes       The interval in percent that progress should be shown
   VERBOSE              false            no        Enable detailed status messages
   WORKSPACE                             no        Specify the workspace for this module

Auxiliary Actions

---

This is a list of all auxiliary actions that the scanner/http/httpbl_lookup module can do:

msf6 auxiliary(scanner/http/httpbl_lookup) > show actions

Auxiliary actions:

   Name  Description
   ----  -----------

Evasion Options

---

Here is the full list of possible evasion options supported by the scanner/http/httpbl_lookup auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(scanner/http/httpbl_lookup) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Related Pull Requests

---

• #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
• #6655 Merged Pull Request: use MetasploitModule as a class name
• #6648 Merged Pull Request: Change metasploit class names
• #2525 Merged Pull Request: Change module boilerplate
• #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary
• #952 Merged Pull Request: standardizing author info
• #674 Merged Pull Request: Comply with msftidy

References

---

• CVE: Not available
• http://www.projecthoneypot.org/httpbl_api.php

See Also

---

Check also the following modules related to this module:

• auxiliary/gather/cloud_lookup
• auxiliary/gather/corpwatch_lookup_id
• auxiliary/gather/corpwatch_lookup_name
• auxiliary/scanner/smb/smb_lookupsid
• post/multi/gather/dns_reverse_lookup
• post/multi/gather/dns_srv_lookup
• post/multi/recon/reverse_lookup
• post/windows/gather/reverse_lookup
• exploit/linux/http/netgear_dnslookup_cmd_exec

Authors

---

• mubix

Version

---

This page has been produced using Metasploit Framework version 6.2.29-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.