Skip to content

Commit

Permalink
Land #19409, Add additional Linux VM fingerprints
Browse files Browse the repository at this point in the history
Improve a bit modules/post/linux/gather/checkvm.rb
  • Loading branch information
smcintyre-r7 committed Aug 28, 2024
2 parents 84ffa52 + debb010 commit 0b0f9cd
Showing 1 changed file with 38 additions and 1 deletion.
39 changes: 38 additions & 1 deletion modules/post/linux/gather/checkvm.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def initialize(info = {})
This module attempts to determine whether the system is running
inside of a virtual environment and if so, which one. This
module supports detection of Hyper-V, VMWare, VirtualBox, Xen,
and QEMU/KVM.
Bhyve and QEMU/KVM.
},
'License' => MSF_LICENSE,
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
Expand Down Expand Up @@ -154,6 +154,10 @@ def run
product_name = read_file('/sys/class/dmi/id/product_name')
if product_name
case product_name.gsub("\n", ' ')
when /bhyve/i
vm = 'Bhyve'
when /qemu/i
vm = 'Qemu'
when /vmware/i
vm = 'VMware'
when /virtualbox/i
Expand All @@ -175,6 +179,8 @@ def run
case bios_vendor.gsub("\n", ' ')
when /^xen/i
vm = 'Xen'
when /innotek GmbH/i
vm = 'VirtualBox'
end
end
end
Expand All @@ -199,6 +205,37 @@ def run
end
end
end
if !vm
xen_type = read_file('/sys/hypervisor/type')
if xen_type
if xen_type == 'xen'
vm = 'Xen'
end
end
end

# Check device tree
if !vm
compatible = read_file('/proc/device-tree/compatible')
if compatible
if compatible.include? 'qemu'
vm = 'Qemu/KVM'
end
end
end
if !vm
compatible = read_file('/proc/device-tree/hypervisor/compatible')
if compatible
case compatible
when /linux,kvm/i
vm = 'Qemu/KVM'
when /xen/i
vm = 'Xen'
when /vmware/i
vm = 'VMware'
end
end
end

# Check Processes
if !vm
Expand Down

0 comments on commit 0b0f9cd

Please sign in to comment.