metasploit-runner 0.0.9 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +11 -10
  3. data/bin/exploit +1 -1
  4. data/lib/MetasploitPenTestScript/version.rb +1 -1
  5. data/lib/metasploit/constants.rb +2 -0
  6. data/lib/metasploit/exploit.rb +9 -8
  7. data/lib/metasploit/exploit_run_description.rb +13 -2
  8. data/spec/exploit_run_description_spec.rb +31 -2
  9. data/spec/exploit_spec.rb +37 -37
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3b62c85eea93ad0811660c4edfd7f47710e2db90
4
- data.tar.gz: a6f0854d43fea53c523c7d95693a1d876044dd22
3
+ metadata.gz: 584745bd2ae32c8d7d71c35a305fd617e6d6a595
4
+ data.tar.gz: a61fc9ba558f10c5374423f9bc4f0c4108bf568f
5
5
  SHA512:
6
- metadata.gz: e0988fef0a4b916632bc895d131b7cfbb36495d38241553febfd5c0b66e70a891c510995b61f0923e07bf0568845ca34822db6dfb174938aefecf7f411bd9db1
7
- data.tar.gz: 273ccd1acb8882347c8ab4ec70d23d7a57cebba93b148861b3fd40681c8f58fe550dc9660585536a8b2efa845bc6565b931e96e63f2a220163b83c1b84bb4191
6
+ metadata.gz: b52f8aab7f3b39aa716925d6f4d365100ae226df50cac7912d76b903acb3e459bda54a828d3486353b2a5e415b5091f7ba499cfa579aa47b518296f547df492d
7
+ data.tar.gz: d9406aee5d39984dbdc5b300b499e88664947b9d55df884b7c02afbb837870622a3942f0b6579f5f7aae63f247d1bcf72a3b54fcc71e8dd00da67f9b6deb5fb9
data/README.md CHANGED
@@ -24,38 +24,39 @@ Or install it yourself as:
24
24
 
25
25
  ## Usage
26
26
 
27
- This gem allows you to specify the Metasploit Connection URL, Metasploit Connection Port, Metasploit URI, SSL true/false, Token, Workspace Name, Nexpose Console Name, Device/Target IP.
27
+ This gem allows you to specify the Metasploit Connection URL, Metasploit Connection Port, Metasploit URI, SSL true/false, Token, Workspace Name, Nexpose Console Name, Device/Target IP, and Exploit Module OS Filter.
28
28
 
29
29
  The nexpose_console_name is optional, if you specify a nexpose console name it will use the workspace_name, and nexpose console name to pull scan data from a nexpose console.
30
30
  IMPORTANT: Your "Site Name" in Nexpose, must match your "Workspace" name in Metasploit and you must add your Nexpose Console to Metasploit for this to work properly.
31
31
 
32
- $ exploit "connection_url" "port" "uri" "use_ssl" "token" "workspace_name" "nexpose_console_name" "device_ip_to_scan"
32
+ $ exploit "connection_url" "port" "uri" "use_ssl" "token" "workspace_name" "nexpose_console_name" "device_ip_to_scan" "os_filter"
33
33
 
34
34
  Example WITH Nexpose Console Integration:
35
35
 
36
- $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "true" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1"
36
+ $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "<true/false>" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1" "<true/false>"
37
37
 
38
38
  Example WITHOUT Nexpose Console Integration:
39
39
 
40
- $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "true" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "" "10.0.0.1"
40
+ $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "true" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "" "10.0.0.1" "false"
41
41
 
42
- Additionally, a module filter may be passed in to determine which modules are whitelisted to run during an exploit. The module filter parameter is a comma separate value
43
- for specifying multiple paths.
42
+ Additionally, an os filter may be passed in to determine which modules will be ran during an exploit. The os filter parameter will default to false (all modules will run) if you do not pass a value.
44
43
 
45
- Example WITH Module Filter:
44
+ Note: at the time of publishing this version of the gem, that was over 6,000 modules, which is ALOT. This option will only work of metasploit has a high confidence in your O/S type.
46
45
 
47
- $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "true" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1" "exploit/linux,exploit/multi"
46
+ Example WITH OS Filter:
47
+
48
+ $ exploit "sploit.mydomain.com" "3790" "/api/1.0" "true" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1" "true"
48
49
 
49
50
  The if you do not pass the following options they will default to the respective values:
50
51
 
51
52
  port -> 3790
52
53
  uri -> /api/1.0
53
54
  use_ssl -> true
54
- module_filter -> nil
55
+ os_filter -> false
55
56
 
56
57
  Example using the defaults:
57
58
 
58
- $ exploit "sploit.mydomain.com" "" "" "" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1"
59
+ $ exploit "sploit.mydomain.com" "" "" "" "asdlkjhsdfuw1228340asdasf8" "mycoolsoftware-build-28" "nexpose-console-1" "10.0.0.1" ""
59
60
 
60
61
  ## Contributing
61
62
 
data/bin/exploit CHANGED
@@ -3,4 +3,4 @@
3
3
  require 'metasploit/exploit'
4
4
 
5
5
  $stdout.sync = true
6
- Metasploit::Exploit.start ARGV[0], ARGV[1], ARGV[2], ARGV[3], ARGV[4], ARGV[5], ARGV[6], ARGV[7]
6
+ Metasploit::Exploit.start ARGV[0], ARGV[1], ARGV[2], ARGV[3], ARGV[4], ARGV[5], ARGV[6], ARGV[7], ARGV[8]
data/lib/MetasploitPenTestScript/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MetasploitPenTestScript
2
- VERSION = "0.0.9"
2
+ VERSION = "0.1.0"
3
3
  end
data/lib/metasploit/constants.rb CHANGED
@@ -2,6 +2,7 @@ module CONSTANTS
2
2
  DEFAULT_PORT = '3790'
3
3
  DEFAULT_URI = '/api/1.0'
4
4
  DEFAULT_SSL = true
5
+ DEFAULT_OS_FILTER = false
5
6
  RUNNING_IMPORT_STATUS = 'running'
6
7
  EXPLOIT_RUNNING_MESSAGE = 'running'
7
8
  REQUIRED_TOKEN_MESSAGE = 'PWNED! Token is required'
@@ -17,5 +18,6 @@ module CONSTANTS
17
18
  EXPLOIT_MESSAGE = '[*] Exploiting all your things...'
18
19
  REQUIRED_WORKSPACE_MESSAGE = 'PWNED! Workspace Name is required'
19
20
  SKIPPING_IMPORT_MESSAGE = '[*] Nexpose Console option was not passed, skipping Nexpose Import'
21
+ USING_OS_FILTER_MESSAGE = '[*] The OS Filter is set to TRUE so we are limiting the modules to just the ones applicable to this Operating System'
20
22
 
21
23
  end
data/lib/metasploit/exploit.rb CHANGED
@@ -4,8 +4,8 @@ require 'metasploit/exploit_run_description'
4
4
 
5
5
  module Metasploit
6
6
  module Exploit
7
- def Exploit.start(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan, module_filter=nil)
8
- run_details = ExploitRunDescription.new connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan
7
+ def Exploit.start(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan, use_os_filter)
8
+ run_details = ExploitRunDescription.new connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan, use_os_filter
9
9
  run_details.verify
10
10
 
11
11
  rpc_client = get_new_metasploit_rpc_connection(run_details)
@@ -18,7 +18,7 @@ module Metasploit
18
18
 
19
19
  do_metasploit_audit(rpc_client, run_details)
20
20
 
21
- do_metasploit_exploit(rpc_client, run_details, module_filter)
21
+ do_metasploit_exploit(rpc_client, run_details)
22
22
  end
23
23
 
24
24
  private
@@ -61,13 +61,14 @@ module Metasploit
61
61
  wait_for_task_to_stop_running(rpc_client, CONSTANTS::AUDIT_MESSAGE, audit['task_id'])
62
62
  end
63
63
 
64
- def self.do_metasploit_exploit(rpc_client, run_details, module_filter)
64
+ def self.do_metasploit_exploit(rpc_client, run_details)
65
65
  options = {
66
- 'workspace' => run_details.workspace_name
66
+ 'workspace' => run_details.workspace_name,
67
+ 'DS_FilterByOS' => run_details.use_os_filter
67
68
  }
68
- if !module_filter.nil?
69
- options['DS_ModuleFilter'] = module_filter
70
- end
69
+
70
+ puts CONSTANTS::USING_OS_FILTER_MESSAGE if run_details.use_os_filter != CONSTANTS::DEFAULT_OS_FILTER
71
+
71
72
  sploit = rpc_client.call('pro.start_exploit', options)
72
73
  wait_for_task_to_stop_running(rpc_client, CONSTANTS::EXPLOIT_MESSAGE, sploit['task_id'])
73
74
  end
data/lib/metasploit/exploit_run_description.rb CHANGED
@@ -1,11 +1,12 @@
1
1
  class ExploitRunDescription
2
- attr_accessor :connection_url, :port, :uri, :use_ssl, :token, :workspace_name, :nexpose_console_name, :device_ip_to_scan
2
+ attr_accessor :connection_url, :port, :uri, :use_ssl, :token, :workspace_name, :nexpose_console_name, :device_ip_to_scan, :use_os_filter
3
3
  @@port_value = ''
4
4
  @@uri_value = ''
5
5
  @@use_ssl_value = ''
6
6
  @@device_ip_to_scan_value = ''
7
+ @@use_os_filter_value = ''
7
8
 
8
- def initialize(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan)
9
+ def initialize(connection_url, port, uri, use_ssl, token, workspace_name, nexpose_console_name, device_ip_to_scan, use_os_filter)
9
10
  self.connection_url = connection_url
10
11
  @@port_value = port
11
12
  @@uri_value = uri
@@ -14,6 +15,7 @@ class ExploitRunDescription
14
15
  self.workspace_name = workspace_name
15
16
  self.nexpose_console_name = nexpose_console_name
16
17
  @@device_ip_to_scan_value = device_ip_to_scan
18
+ @@use_os_filter_value = use_os_filter
17
19
  end
18
20
 
19
21
  def verify
@@ -79,6 +81,15 @@ class ExploitRunDescription
79
81
  (@@use_ssl_value != false) ? true : false
80
82
  end
81
83
 
84
+ def use_os_filter=(value)
85
+ @@use_os_filter_value = value
86
+ end
87
+
88
+ def use_os_filter
89
+ (@@use_os_filter_value != true) ? false : true
90
+ end
91
+
92
+
82
93
  def get_value(value_to_check, default)
83
94
  (value_to_check.nil? || value_to_check.empty?) ? default : value_to_check
84
95
  end
data/spec/exploit_run_description_spec.rb CHANGED
@@ -8,6 +8,7 @@ describe 'exploit_run_description' do
8
8
  @expected_port = '3791'
9
9
  @expected_uri = '/api/1.1'
10
10
  @expected_ssl = false
11
+ @expected_os_filter = false
11
12
  @expected_workspace_name = 'workspacename'
12
13
  @expected_nexpose_console_name = 'nexpose_console_name'
13
14
  @expected_webscan_task_id = '12'
@@ -23,7 +24,9 @@ describe 'exploit_run_description' do
23
24
  @expected_token,
24
25
  @expected_workspace_name,
25
26
  @expected_nexpose_console_name,
26
- @mock_device_ip_to_scan
27
+ @mock_device_ip_to_scan,
28
+ @expected_os_filter
29
+
27
30
  end
28
31
 
29
32
  it 'should accept all of the needed parameters and persist them' do
@@ -35,6 +38,7 @@ describe 'exploit_run_description' do
35
38
  expect(@exploit_run_description.workspace_name).to eq(@expected_workspace_name)
36
39
  expect(@exploit_run_description.nexpose_console_name).to eq(@expected_nexpose_console_name)
37
40
  expect(@exploit_run_description.device_ip_to_scan).to eq(@mock_device_url_to_scan)
41
+ expect(@exploit_run_description.use_os_filter).to eq(@expected_os_filter)
38
42
  end
39
43
 
40
44
  it 'should use 3790 as default if port is empty string' do
@@ -77,11 +81,36 @@ describe 'exploit_run_description' do
77
81
  expect(@exploit_run_description.use_ssl).to eq(CONSTANTS::DEFAULT_SSL)
78
82
  end
79
83
 
80
- it 'should return false if false is passed' do
84
+ it 'should return false on the SSL Option if false is passed' do
81
85
  @exploit_run_description.use_ssl = false
82
86
  expect(@exploit_run_description.use_ssl).to eq(false)
83
87
  end
84
88
 
89
+ it 'should use os filter false as default if empty string is passed' do
90
+ @exploit_run_description.use_os_filter = ''
91
+ expect(@exploit_run_description.use_os_filter).to eq(CONSTANTS::DEFAULT_OS_FILTER)
92
+ end
93
+
94
+ it 'should use os filter false as default if random string is passed' do
95
+ @exploit_run_description.use_os_filter = 'nathan is god'
96
+ expect(@exploit_run_description.use_os_filter).to eq(CONSTANTS::DEFAULT_OS_FILTER)
97
+ end
98
+
99
+ it 'should use os filter false as default if nil is passed' do
100
+ @exploit_run_description.use_os_filter = nil
101
+ expect(@exploit_run_description.use_os_filter).to eq(CONSTANTS::DEFAULT_OS_FILTER)
102
+ end
103
+
104
+ it 'should use os filter false as default if false is passed' do
105
+ @exploit_run_description.use_os_filter = false
106
+ expect(@exploit_run_description.use_os_filter).to eq(CONSTANTS::DEFAULT_OS_FILTER)
107
+ end
108
+
109
+ it 'should return true on the OS Filter option if true is passed' do
110
+ @exploit_run_description.use_ssl = true
111
+ expect(@exploit_run_description.use_ssl).to eq(true)
112
+ end
113
+
85
114
  describe 'get metasploit options' do
86
115
  it 'should return the correct options' do
87
116
  expect(@exploit_run_description.get_options).to eq({:host => @expected_connection,
data/spec/exploit_spec.rb CHANGED
@@ -12,12 +12,12 @@ describe 'exploit' do
12
12
  @expected_port = '3791'
13
13
  @expected_uri = '/api/1.1'
14
14
  @expected_ssl = false
15
+ @expected_use_os_filter = true
15
16
  @expected_workspace_name = 'workspacename'
16
17
  @expected_nexpose_console_name = 'nexpose_console_name'
17
18
  @expected_webscan_task_id = '12'
18
19
  @expected_import_task_id = '1'
19
20
  @expected_exploit_task_id = '13'
20
- @expected_exploit_module_filter = 'exploit/linux,exploit/multi'
21
21
  @expected_audit_task_id = '14'
22
22
  @expected_audit_max_requests = 1000
23
23
  @expected_audit_max_minutes = 3
@@ -36,22 +36,22 @@ describe 'exploit' do
36
36
  .with(expected_options)
37
37
  .and_return(@mock_rpc_client)
38
38
 
39
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
39
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
40
40
  end
41
41
 
42
42
  it 'should throw an error if no token is passed' do
43
- expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, '', @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Token is required')
44
- expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, nil, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Token is required')
43
+ expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, '', @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Token is required')
44
+ expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, nil, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Token is required')
45
45
  end
46
46
 
47
47
  it 'should throw an error if no connection url is passed' do
48
- expect { Metasploit::Exploit.start('', @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Connection URL is required')
49
- expect { Metasploit::Exploit.start(nil, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Connection URL is required')
48
+ expect { Metasploit::Exploit.start('', @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Connection URL is required')
49
+ expect { Metasploit::Exploit.start(nil, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Connection URL is required')
50
50
  end
51
51
 
52
52
  it 'should throw an error if no ip address is passed' do
53
- expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, '') }.to raise_error(StandardError, 'PWNED! Device IP to scan is required')
54
- expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, nil) }.to raise_error(StandardError, 'PWNED! Device IP to scan is required')
53
+ expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, '', @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Device IP to scan is required')
54
+ expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, nil, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Device IP to scan is required')
55
55
  end
56
56
 
57
57
  it 'should use 3790 as default if port is empty string' do
@@ -61,7 +61,7 @@ describe 'exploit' do
61
61
  .with(expected_options)
62
62
  .and_return(@mock_rpc_client)
63
63
 
64
- Metasploit::Exploit.start(@expected_connection, '', @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
64
+ Metasploit::Exploit.start(@expected_connection, '', @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
65
65
  end
66
66
  end
67
67
 
@@ -70,21 +70,21 @@ describe 'exploit' do
70
70
  expect(@mock_rpc_client).to receive(:call)
71
71
  .with('pro.workspace_add', {'name' => @expected_workspace_name})
72
72
 
73
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
73
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
74
74
  end
75
75
 
76
76
  it 'should throw an error if workspace name is invalid' do
77
- expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, '', @expected_nexpose_console_name, @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Workspace Name is required')
78
- expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, nil, @expected_nexpose_console_name, @mock_device_ip_to_scan) }.to raise_error(StandardError, 'PWNED! Workspace Name is required')
77
+ expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, '', @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Workspace Name is required')
78
+ expect { Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, nil, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter) }.to raise_error(StandardError, 'PWNED! Workspace Name is required')
79
79
  end
80
80
  end
81
81
 
82
82
  describe 'should skip nexpose import' do
83
83
  it 'should skip the import if nexpose_console variable is empty or nil' do
84
- expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)}.to output(/\[\*\] Nexpose Console option was not passed, skipping Nexpose Import/).to_stdout
85
- expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, nil, @mock_device_ip_to_scan)}.to output(/\[\*\] Nexpose Console option was not passed, skipping Nexpose Import/).to_stdout
86
- expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan)}.to_not output(/\[\*\] Importing.../).to_stdout
87
- expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, nil, @mock_device_ip_to_scan)}.to_not output(/\[\*\] Importing...'/).to_stdout
84
+ expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan, @expected_use_os_filter)}.to output(/\[\*\] Nexpose Console option was not passed, skipping Nexpose Import/).to_stdout
85
+ expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, nil, @mock_device_ip_to_scan, @expected_use_os_filter)}.to output(/\[\*\] Nexpose Console option was not passed, skipping Nexpose Import/).to_stdout
86
+ expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, '', @mock_device_ip_to_scan, @expected_use_os_filter)}.to_not output(/\[\*\] Importing.../).to_stdout
87
+ expect {Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, nil, @mock_device_ip_to_scan, @expected_use_os_filter)}.to_not output(/\[\*\] Importing...'/).to_stdout
88
88
  end
89
89
  end
90
90
 
@@ -96,7 +96,7 @@ describe 'exploit' do
96
96
  'DS_NEXPOSE_CONSOLE' => @expected_nexpose_console_name,
97
97
  'DS_NEXPOSE_SITE' => @expected_workspace_name})
98
98
 
99
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
99
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
100
100
  end
101
101
 
102
102
  describe 'wait to be over' do
@@ -111,7 +111,7 @@ describe 'exploit' do
111
111
  it 'should call to check the status of an import' do
112
112
  expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_import_task_id)
113
113
 
114
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
114
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
115
115
  end
116
116
 
117
117
  it 'should call to check the status until it is not running' do
@@ -127,7 +127,7 @@ describe 'exploit' do
127
127
  .once
128
128
  .ordered
129
129
 
130
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
130
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
131
131
  end
132
132
 
133
133
  it 'should sleep for 3 seconds if the status is still running' do
@@ -146,7 +146,7 @@ describe 'exploit' do
146
146
  #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
147
147
  expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
148
148
 
149
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
149
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
150
150
  end
151
151
  end
152
152
  end
@@ -157,7 +157,7 @@ describe 'exploit' do
157
157
  .with('pro.start_webscan', {'workspace' => @expected_workspace_name,
158
158
  'DS_URLS' => @mock_device_url_to_scan})
159
159
 
160
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
160
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
161
161
  end
162
162
 
163
163
  describe 'wait for scan to be over' do
@@ -171,7 +171,7 @@ describe 'exploit' do
171
171
  it 'should call to check the status of the scan' do
172
172
  expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_webscan_task_id)
173
173
 
174
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
174
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
175
175
  end
176
176
 
177
177
  it 'should call to check the status until it is not running' do
@@ -187,7 +187,7 @@ describe 'exploit' do
187
187
  .once
188
188
  .ordered
189
189
 
190
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
190
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
191
191
  end
192
192
 
193
193
  it 'should sleep for 3 seconds if the status is still running' do
@@ -206,7 +206,7 @@ describe 'exploit' do
206
206
  #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
207
207
  expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
208
208
 
209
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
209
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
210
210
  end
211
211
  end
212
212
  end
@@ -224,7 +224,7 @@ describe 'exploit' do
224
224
  'DS_MAX_INSTANCES' => @expected_audit_max_instances
225
225
  })
226
226
 
227
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
227
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
228
228
  end
229
229
 
230
230
  describe 'wait for audit to be over' do
@@ -245,7 +245,7 @@ describe 'exploit' do
245
245
  it 'should call to check the status of the audit' do
246
246
  expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_audit_task_id)
247
247
 
248
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
248
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
249
249
  end
250
250
 
251
251
  it 'should call to check the status until it is not running' do
@@ -261,7 +261,7 @@ describe 'exploit' do
261
261
  .once
262
262
  .ordered
263
263
 
264
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
264
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
265
265
  end
266
266
 
267
267
  it 'should sleep for 3 seconds if the status is still running' do
@@ -280,7 +280,7 @@ describe 'exploit' do
280
280
  #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
281
281
  expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
282
282
 
283
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
283
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
284
284
  end
285
285
  end
286
286
  end
@@ -289,30 +289,30 @@ describe 'exploit' do
289
289
 
290
290
  it 'should kick off an exploit' do
291
291
  expect(@mock_rpc_client).to receive(:call)
292
- .with('pro.start_exploit', {'workspace' => @expected_workspace_name})
292
+ .with('pro.start_exploit', {'workspace' => @expected_workspace_name, 'DS_FilterByOS' => @expected_use_os_filter})
293
293
 
294
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
294
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
295
295
  end
296
296
 
297
- it 'should use a module filter if one is specified' do
297
+ it 'should use a operating system filter if its set to true' do
298
298
  expect(@mock_rpc_client).to receive(:call)
299
- .with('pro.start_exploit', {'workspace' => @expected_workspace_name, 'DS_ModuleFilter' => @expected_exploit_module_filter})
299
+ .with('pro.start_exploit', {'workspace' => @expected_workspace_name, 'DS_FilterByOS' => @expected_use_os_filter})
300
300
 
301
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_exploit_module_filter)
301
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
302
302
  end
303
303
 
304
304
  describe 'wait for exploit to be over' do
305
305
  before(:each) do
306
306
 
307
307
  expect(@mock_rpc_client).to receive(:call)
308
- .with('pro.start_exploit', {'workspace' => @expected_workspace_name})
308
+ .with('pro.start_exploit', {'workspace' => @expected_workspace_name, 'DS_FilterByOS' => @expected_use_os_filter})
309
309
  .and_return({'task_id' => @expected_exploit_task_id})
310
310
  end
311
311
 
312
312
  it 'should call to check the status of the exploit' do
313
313
  expect(@mock_rpc_client).to receive(:call).with('pro.task_status', @expected_exploit_task_id)
314
314
 
315
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
315
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
316
316
  end
317
317
 
318
318
  it 'should call to check the status until it is not running' do
@@ -328,7 +328,7 @@ describe 'exploit' do
328
328
  .once
329
329
  .ordered
330
330
 
331
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
331
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
332
332
  end
333
333
 
334
334
  it 'should sleep for 3 seconds if the status is still running' do
@@ -347,7 +347,7 @@ describe 'exploit' do
347
347
  #Expecting 7 because we are mocking 6 above and the global :call mock in get_mock_rpc_client
348
348
  expect(Metasploit::Exploit).to receive(:sleep).with(3).exactly(7).times
349
349
 
350
- Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan)
350
+ Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
351
351
  end
352
352
  end
353
353
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-runner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.9
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Gibson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-03 00:00:00.000000000 Z
11
+ date: 2014-12-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: msfrpc-client