metasploit-runner 0.0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    Yjk2ODJjODk3YmE1YTU3OWJjMDE0MDg1NTQ0ZjAyNTkyNTBiYzVlNQ==
+  data.tar.gz: !binary |-
+    YWViNThkOGU2MThjYjk4OGM4NTI2NDJjM2MxODBiY2QzODU0ZDFlYg==
+SHA512:
+  metadata.gz: !binary |-
+    NjYxZTFjNzNjODE3MmZiYzkxNmJlNTFmMDlhYjhmMzAzM2ZhZmYwYzIzNzRj
+    ZjIzOTJmMGYwZGIwNGNhZTM5OTkwYzBhNjg1NzZiODNjYTA2NTk1MDA2YTJl
+    NDY2NjJiODlhYTExOGQyNWUyMGZmMTY3NzhiZWUzZGE5NGM2ZGI=
+  data.tar.gz: !binary |-
+    YTViYjk1ODJiMzExOGNhOThiMjc0ZTBhNjJmMTJkYWQyNjg0ZDEyNzdiMGVk
+    NzEzMzQ4M2Q4MTI0ZTViNGFhYzdmNjI4NzJmYWRkOWY0ZjI3OGI1MWRjNDYw
+    YjExZDUyYjc3OTRhNGVjYjc1Yjg0NjAxMjBmZjJkY2FmOTJmNTU=

data/.gitignore

@@ -0,0 +1,23 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+.idea/

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in MetasploitPenTestScript.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 James Armstead
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/MetasploitPenTestScript.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'MetasploitPenTestScript/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'metasploit-runner'
+  spec.version       = MetasploitPenTestScript::VERSION
+  spec.authors       = ['Nathan Gibson']
+  spec.email         = ['amngibson@gmail.com']
+  spec.summary       = 'Script to run automated Metaspolit Penetration Tests.'
+  spec.description   = ''
+  spec.homepage      = ''
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = %w(exploit)
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'msfrpc-client', '1.0.2'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec', '3.0.0'
+end

data/README.md

@@ -0,0 +1,51 @@
+# MetasploitPenTestScript
+
+This is a ruby gem that basically wraps the msfrpc-client gem. 
+
+It was primarily created to automate workspace creation and automatic import of nexpose scan data from use in 
+a Jenkins automated CI/CD environment. 
+
+Basically this allows you to attach metasploit to your Continuous Delivery/Continuous integration pipeline. 
+Though it can be used for other purposes.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'metasploit-runner'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install metasploit-runner
+
+## Usage
+
+This gem allows you to specify the Metasploit Connection URL, Metasploit Connection Port, Metasploit URI, SSL TRUE/False, Token, Workspace Name, Nexpose Console Name, Device/Target IP.
+
+    $ exploit "connection_url" "port" "uri" "use_ssl" "token" "workspace_name" "nexpose_console_name" "device_ip_to_scan"
+
+Example:
+
+    $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "true" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1"
+
+The if you do not pass the following options they will default to the respective values:
+
+       port -> 3790
+       uri -> /api/1.0
+       use_ssl -> true
+
+Example using the defaults:
+
+    $ exploit "sploit.mydomain.com" "" "" "" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1"
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/MetasploitPenTestScript/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/exploit

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require 'metasploit/exploit'
+
+$stdout.sync = true
+Metasploit::Exploit.start ARGV[0], ARGV[1], ARGV[2], ARGV[3], ARGV[4], ARGV[5], ARGV[6], ARGV[7]

data/lib/MetasploitPenTestScript/version.rb

@@ -0,0 +1,3 @@
+module MetasploitPenTestScript
+  VERSION = "0.0.1"
+end

data/lib/MetasploitPenTestScript.rb

@@ -0,0 +1,5 @@
+require "MetasploitPenTestScript/version"
+
+module MetasploitPenTestScript
+  # Your code goes here...
+end

data/lib/metasploit/constants.rb

@@ -0,0 +1,17 @@
+module CONSTANTS
+  DEFAULT_PORT = '3790'
+  DEFAULT_URI = '/api/1.0'
+  DEFAULT_SSL= true
+  RUNNING_IMPORT_STATUS = 'running'
+  REQUIRED_TOKEN_MESSAGE = 'PWNED! Token is required'
+  REQUIRED_CONNECTION_URL_MESSAGE = 'PWNED! Connection URL is required'
+  REQUIRED_DEVICE_IP_TO_SCAN_MESSAGE = 'PWNED! Device IP to scan is required'
+  USING_DEFAULT_PORT_MESSAGE = '[*] No port specified in call, using 3790 as default'
+  USING_DEFAULT_URI_MESSAGE = '[*] No URI specified in call, using /api/1.0 as default'
+  SUCCESSFUL_CONNECTION_MESSAGE = '[*] Sucessfully authenticated to the Metasploit server'
+  USING_DEFAULT_SSL_MESSAGE = '[*] Using SSL=TRUE'
+  IMPORTING_DATA_MESSAGE = '[*] Importing...'
+  SCANNING_MESSAGE = '[*] Scanning all your things...'
+  REQUIRED_WORKSPACE_MESSAGE= 'PWNED! Workspace Name is required'
+
+end

data/lib/metasploit/exploit.rb

@@ -0,0 +1,86 @@
+require 'msfrpc-client'
+require 'metasploit/constants'
+
+module Metasploit
+  module Exploit
+    def Exploit.start(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan)
+      are_parameters_valid(connection_url, token, workspace_name, device_ip_to_scan)
+
+      rpc_client = get_new_metasploit_rpc_connection(connection_url, port, uri, use_ssl, token)
+
+      create_workspace(rpc_client, workspace_name)
+
+      do_nexpose_import(nexpose_console_name, rpc_client, workspace_name)
+
+      do_metasploit_scan(device_ip_to_scan, rpc_client, workspace_name)
+    end
+
+    private
+    def self.are_parameters_valid(connection_url, token, workspace_name, device_ip_to_scan)
+      raise StandardError, CONSTANTS::REQUIRED_WORKSPACE_MESSAGE if workspace_name.nil? || workspace_name.empty?
+      raise StandardError, CONSTANTS::REQUIRED_TOKEN_MESSAGE if token.nil? || token.empty?
+      raise StandardError, CONSTANTS::REQUIRED_CONNECTION_URL_MESSAGE if connection_url.nil? || connection_url.empty?
+      raise StandardError, CONSTANTS::REQUIRED_DEVICE_IP_TO_SCAN_MESSAGE if device_ip_to_scan.nil? || device_ip_to_scan.empty?
+    end
+
+    def self.get_metasploit_options(connection_url, port, uri, use_ssl, token)
+      if port.nil? || port.empty?
+        puts CONSTANTS::USING_DEFAULT_PORT_MESSAGE
+        port = CONSTANTS::DEFAULT_PORT
+      end
+
+      if uri.nil? || uri.empty?
+        puts CONSTANTS::USING_DEFAULT_URI_MESSAGE
+        uri = CONSTANTS::DEFAULT_URI
+      end
+
+      if use_ssl != false
+        puts CONSTANTS::USING_DEFAULT_SSL_MESSAGE
+        use_ssl = CONSTANTS::DEFAULT_SSL
+      end
+
+      {:host => connection_url, :port => port, :token => token, :uri => uri, :ssl => use_ssl}
+    end
+
+    def self.get_new_metasploit_rpc_connection(connection_url, port, uri, use_ssl, token)
+      client = Msf::RPC::Client.new(get_metasploit_options(connection_url, port, uri, use_ssl, token))
+      puts CONSTANTS::SUCCESSFUL_CONNECTION_MESSAGE
+
+      client
+    end
+
+    def self.do_nexpose_import(nexpose_console_name, rpc_client, workspace_name)
+      import = rpc_client.call('pro.start_import', {'workspace' => workspace_name, 'DS_NEXPOSE_CONSOLE' => nexpose_console_name, 'DS_NEXPOSE_SITE' => workspace_name})
+
+      wait_for_task_to_stop_running(rpc_client, CONSTANTS::IMPORTING_DATA_MESSAGE, import['task_id'])
+    end
+    
+    def self.create_workspace(rpc_client, workspace_name)
+      rpc_client.call('pro.workspace_add', {'name' => workspace_name})
+    end
+
+    def self.do_metasploit_scan(device_ip_to_scan, rpc_client, workspace_name)
+      scan = rpc_client.call('pro.start_webscan', {'workspace' => workspace_name, 'DS_URLS' => "http://#{device_ip_to_scan}"})
+
+      wait_for_task_to_stop_running(rpc_client, CONSTANTS::SCANNING_MESSAGE, scan['task_id'])
+    end
+
+    def self.create_workspace(rpc_client, workspace_name)
+      rpc_client.call('pro.workspace_add', {'name' => workspace_name})
+    end
+
+    def self.do_metasploit_scan(device_ip_to_scan, rpc_client, workspace_name)
+      scan = rpc_client.call('pro.start_webscan', {'workspace' => workspace_name, 'DS_URLS' => "http://#{device_ip_to_scan}"})
+
+      wait_for_task_to_stop_running(rpc_client, CONSTANTS::SCANNING_MESSAGE, scan['task_id'])
+    end
+
+    def self.wait_for_task_to_stop_running(rpc_client, status_message, task_id)
+      sleep(3)
+      status = rpc_client.call('pro.task_status', task_id)
+      puts status_message
+
+      wait_for_task_to_stop_running(rpc_client, status_message, task_id) if status['status'] == CONSTANTS::RUNNING_IMPORT_STATUS
+    end
+  end
+end

data/spec/exploit_spec.rb

@@ -0,0 +1,283 @@
+require 'metasploit/exploit'
+
+describe 'exploit' do
+  before(:each) do
+    allow(Metasploit::Exploit).to receive(:sleep)
+  end
+
+  describe 'start' do
+    before(:each) do
+      @expected_connection = 'http://test.connection'
+      @expected_token = 'testtoken'
+      @expected_port = '3791'
+      @expected_uri = '/api/1.1'
+      @expected_ssl = false
+      @expected_workspace_name = 'workspacename'
+      @expected_nexpose_console_name = 'nexpose_console_name'
+      @expected_webscan_task_id = '12'
+      @expected_import_task_id = '1'
+      @mock_rpc_client = get_mock_rpc_client
+      @mock_device_ip_to_scan = '127.0.0.1'
+      @mock_device_url_to_scan = "http://#{@mock_device_ip_to_scan}"
+    end
+
+    describe 'get connection' do
+      it 'should create a session with the metasploit server' do
+        expected_options = get_default_options_and_override({})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should throw an error if no token is passed' do
+        expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, '', @expected_workspace_name, '', @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Token is required')
+        expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, nil, @expected_workspace_name, '', @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Token is required')
+      end
+
+      it 'should throw an error if no connection url is passed' do
+        expect { Metasploit::Exploit.start('', @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Connection URL is required')
+        expect { Metasploit::Exploit.start(nil, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Connection URL is required')
+      end
+
+      it 'should throw an error if no ip address is passed' do
+        expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', '') }.to raise_error(StandardError, 'PWNED! Device IP to scan is required')
+        expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', nil) }.to raise_error(StandardError, 'PWNED! Device IP to scan is required')
+      end
+
+      it 'should use 3790 as default if port is empty string' do
+        expected_options = get_default_options_and_override({:port => '3790'})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, '', @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use 3790 as default if port is nil' do
+        expected_options = get_default_options_and_override({:port => '3790'})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, nil, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use /api/1.0 as default if no uri is passed' do
+        expected_options = get_default_options_and_override({:uri => '/api/1.0'})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, '', @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use /api/1.0 as default if no uri is passed' do
+        expected_options = get_default_options_and_override({:uri => '/api/1.0'})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, nil, @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use ssl true as default if empty string is passed' do
+        expected_options = get_default_options_and_override({:ssl => true})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, '',  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use ssl true as default if random string is passed' do
+        expected_options = get_default_options_and_override({:ssl => true})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, 'sadf',  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use ssl true as default if nil is passed' do
+        expected_options = get_default_options_and_override({:ssl => true})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, nil,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should use ssl true as default if true is passed' do
+        expected_options = get_default_options_and_override({:ssl => true})
+
+        expect(Msf::RPC::Client).to receive(:new)
+                                    .with(expected_options)
+                                    .and_return(@mock_rpc_client)
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, true,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+    end
+
+    describe 'create workspace' do
+      it 'should create a workspace based on workspace name' do
+        expect(@mock_rpc_client).to receive(:call)
+                                   .with('pro.workspace_add', {'name' => @expected_workspace_name})
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)
+      end
+
+      it 'should throw an error if workspace name is invalid' do
+        expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, '', '', @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Workspace Name is required')
+        expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, nil, '', @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Workspace Name is required')
+      end
+    end
+
+    describe 'start import from nexpose' do
+      it 'should start a import' do
+        expect(@mock_rpc_client).to receive(:call)
+                                  .with('pro.start_import', {'workspace' => @expected_workspace_name,
+                                                             'DS_NEXPOSE_CONSOLE' => @expected_nexpose_console_name,
+                                                             'DS_NEXPOSE_SITE' => @expected_workspace_name})
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+      end
+
+      describe 'wait to be over' do
+        before(:each) do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.start_import', {'workspace' => @expected_workspace_name,
+                                                                 'DS_NEXPOSE_CONSOLE' => @expected_nexpose_console_name,
+                                                                 'DS_NEXPOSE_SITE' => @expected_workspace_name})
+                                      .and_return({'task_id' => @expected_import_task_id})
+        end
+
+        it 'should call to check the status of an import' do
+          expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_import_task_id)
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+
+        it 'should call to check the status until it is not running' do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_import_task_id)
+                                      .and_return({'status' => 'running'})
+                                      .exactly(3).times
+                                      .ordered
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_import_task_id)
+                                      .and_return({'status' => 'not running'})
+                                      .once
+                                      .ordered
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+
+        it 'should sleep for 3 seconds if the status is still running' do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_import_task_id)
+                                      .and_return({'status' => 'running'})
+                                      .exactly(3).times
+                                      .ordered
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_import_task_id)
+                                      .and_return({'status' => 'not running'})
+                                      .once
+                                      .ordered
+
+          #Expecting 5 because we are mocking 4 above and the global :call mock in get_mock_rpc_client
+          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(5).times
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+      end
+    end
+
+    describe 'start metasploit scan' do
+      it 'should kick off a scan' do
+        expect(@mock_rpc_client).to receive(:call)
+                                    .with('pro.start_webscan', {'workspace' => @expected_workspace_name,
+                                                                'DS_URLS' => @mock_device_url_to_scan})
+
+        Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+      end
+
+      describe 'wait to be over' do
+        before(:each) do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.start_webscan', {'workspace' => @expected_workspace_name,
+                                                                  'DS_URLS' => @mock_device_url_to_scan})
+                                      .and_return({'task_id' => @expected_webscan_task_id})
+        end
+
+        it 'should call to check the status of the scan' do
+          expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_webscan_task_id)
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+
+        it 'should call to check the status until it is not running' do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_webscan_task_id)
+                                      .and_return({'status' => 'running'})
+                                      .exactly(3).times
+                                      .ordered
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_webscan_task_id)
+                                      .and_return({'status' => 'not running'})
+                                      .once
+                                      .ordered
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+
+        it 'should sleep for 3 seconds if the status is still running' do
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_webscan_task_id)
+                                      .and_return({'status' => 'running'})
+                                      .exactly(3).times
+                                      .ordered
+
+          expect(@mock_rpc_client).to receive(:call)
+                                      .with('pro.task_status', @expected_webscan_task_id)
+                                      .and_return({'status' => 'not running'})
+                                      .once
+                                      .ordered
+
+          #Expecting 5 because we are mocking 4 above and the global :call mock in get_mock_rpc_client
+          expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(5).times
+
+          Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl,  @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
+        end
+      end
+    end
+
+  end
+end
+
+def get_default_options_and_override(override)
+  {:host => @expected_connection, :port => @expected_port, :token => @expected_token, :uri => @expected_uri, :ssl => @expected_ssl}.merge(override)
+end
+
+def get_mock_rpc_client
+  mock_rpc_client = double(Msf::RPC::Client)
+
+  allow(mock_rpc_client).to receive(:call).with(any_args).and_return({})
+
+  allow(Msf::RPC::Client).to receive(:new)
+                             .and_return(mock_rpc_client)
+
+  mock_rpc_client
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+RSpec.configure do |config|
+
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+
+  Dir["./spec/support/**/*.rb"].sort.each { |f| require f }
+
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: metasploit-runner
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Nathan Gibson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-08-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: msfrpc-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+description: ''
+email:
+- amngibson@gmail.com
+executables:
+- exploit
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE.txt
+- MetasploitPenTestScript.gemspec
+- README.md
+- Rakefile
+- bin/exploit
+- lib/MetasploitPenTestScript.rb
+- lib/MetasploitPenTestScript/version.rb
+- lib/metasploit/constants.rb
+- lib/metasploit/exploit.rb
+- spec/exploit_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Script to run automated Metaspolit Penetration Tests.
+test_files:
+- spec/exploit_spec.rb
+- spec/spec_helper.rb