Skip to content

ftp_anonymous: Report service/vuln, store loot & update metadata#21372

Open
g0tmi1k wants to merge 12 commits intorapid7:masterfrom
g0tmi1k:ftp_anonymous
Open

ftp_anonymous: Report service/vuln, store loot & update metadata#21372
g0tmi1k wants to merge 12 commits intorapid7:masterfrom
g0tmi1k:ftp_anonymous

Conversation

@g0tmi1k
Copy link
Copy Markdown
Contributor

@g0tmi1k g0tmi1k commented Apr 24, 2026

Before

[*] Connected to the database specified in the YAML file
[*] Connected to msf. Connection type: postgresql. Connection name: OYGIkFxA.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
msf >
msf > use scanner anonymous ftp

Matching Modules
================

   #  Name                             Disclosure Date  Rank    Check  Description
   -  ----                             ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/anonymous  .                normal  No     Anonymous FTP Access Detection


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/ftp/anonymous

[*] Using auxiliary/scanner/ftp/anonymous
msf auxiliary(scanner/ftp/anonymous) >
msf auxiliary(scanner/ftp/anonymous) > options

Module options (auxiliary/scanner/ftp/anonymous):

   Name     Current Setting      Required  Description
   ----     ---------------      --------  -----------
   FTPPASS  mozilla@example.com  no        The password for the specified username
   FTPUSER  anonymous            no        The username to authenticate as
   RHOSTS   10.0.0.10            yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT    21                   yes       The target port (TCP)
   THREADS  1                    yes       The number of concurrent threads (max one per host)


View the full module info with the info, or info -d command.

msf auxiliary(scanner/ftp/anonymous) >
msf auxiliary(scanner/ftp/anonymous) > run
[*] 10.0.0.10:21          - Connecting to FTP server 10.0.0.10:21...
[*] 10.0.0.10:21          - Connected to target FTP server.
[*] 10.0.0.10:21          - Authenticating as anonymous with password mozilla@example.com...
[*] 10.0.0.10:21          - Sending password...
[+] 10.0.0.10:21          - 10.0.0.10:21 - Anonymous READ (220 (vsFTPd 2.3.4))
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/anonymous) >
msf auxiliary(scanner/ftp/anonymous) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         0      1      0      0

msf auxiliary(scanner/ftp/anonymous) > services -v
Services
========

host       port  proto  name  state  info  resource  parents
----       ----  -----  ----  -----  ----  --------  -------
10.0.0.10  21    tcp    ftp   open         {}

msf auxiliary(scanner/ftp/anonymous) >
msf auxiliary(scanner/ftp/anonymous) > creds
Credentials
===========

id  host       origin     service       public     private              realm  private_type  JtR Format  cracked_password
--  ----       ------     -------       ------     -------              -----  ------------  ----------  ----------------
63  10.0.0.10  10.0.0.10  21/tcp (ftp)  anonymous  mozilla@example.com         Password

msf auxiliary(scanner/ftp/anonymous) >
msf auxiliary(scanner/ftp/anonymous) >

After

msf > use scanner anonymous ftp

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/ftp_anonymous  .                normal  No     Anonymous FTP Access Detection
   1  auxiliary/scanner/ftp/ftp_login      .                normal  No     FTP Authentication Scanner


Interact with a module by name or index. For example info 1, use 1 or use auxiliary/scanner/ftp/ftp_login

msf > use 0
msf auxiliary(scanner/ftp/ftp_anonymous) >
msf auxiliary(scanner/ftp/ftp_anonymous) > options

Module options (auxiliary/scanner/ftp/ftp_anonymous):

   Name        Current Setting      Required  Description
   ----        ---------------      --------  -----------
   FTPPASS     mozilla@example.com  no        The password for the specified username
   FTPUSER     anonymous            no        The username to authenticate as
   RHOSTS      10.0.0.10            yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT       21                   yes       The target port (TCP)
   STORE_LOOT  true                 no        Store the directory listing as loot
   THREADS     1                    yes       The number of concurrent threads (max one per host)


View the full module info with the info, or info -d command.

msf auxiliary(scanner/ftp/ftp_anonymous) >
msf auxiliary(scanner/ftp/ftp_anonymous) > run
[*] 10.0.0.10:21          - Connecting to FTP server 10.0.0.10:21...
[*] 10.0.0.10:21          - Connected to target FTP server.
[*] 10.0.0.10:21          - Authenticating as anonymous with password mozilla@example.com...
[*] 10.0.0.10:21          - Sending password...
[*] 10.0.0.10:21          - Testing write access, Creating directory: wSSePVqs
[+] 10.0.0.10:21          - Anonymous Read-only access (vsFTPd 2.3.4)
[*] 10.0.0.10:21          - Listing directory contents
[*] 10.0.0.10:21          - Directory listing:
-rw-r--r--    1 0        0               0 Apr 24 19:25 test

[+] 10.0.0.10:21          - Directory listing stored to: /home/kali/.msf4/loot/20260424203150_default_10.0.0.10_ftp.anonymous_727755.txt
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_anonymous) >
msf auxiliary(scanner/ftp/ftp_anonymous) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         1      1      1      0

msf auxiliary(scanner/ftp/ftp_anonymous) >
msf auxiliary(scanner/ftp/ftp_anonymous) > services
Services
========

host       port  proto  name  state  info                resource  parents
----       ----  -----  ----  -----  ----                --------  -------
10.0.0.10  21    tcp    ftp   open   220 (vsFTPd 2.3.4)  {}

msf auxiliary(scanner/ftp/ftp_anonymous) >
msf auxiliary(scanner/ftp/ftp_anonymous) > vulns

Vulnerabilities
===============

Timestamp                Host       Service       Resource  Name                  References
---------                ----       -------       --------  ----                  ----------
2026-04-24 19:31:51 UTC  10.0.0.10  ftp (21/tcp)  {}        Anonymous FTP Access  URL-https://en.wikipedia.org/wiki/File_Transfer_Protocol#Anonymous_FTP,CVE-1999-0497

msf auxiliary(scanner/ftp/ftp_anonymous) >

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@g0tmi1k @smcintyre-r7