metasploit-runner 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +2 -0
- data/lib/MetasploitPenTestScript/version.rb +1 -1
- data/lib/metasploit/constants.rb +1 -1
- data/lib/metasploit/exploit.rb +12 -14
- data/lib/metasploit/exploit_run_description.rb +20 -15
- data/spec/exploit_run_description_spec.rb +1 -1
- data/spec/exploit_spec.rb +56 -10
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb7b6b62a5e127e5a84acc2e2b558919aa22e67c
|
4
|
+
data.tar.gz: 6acd00b0c82e833ac3a5fe1649d5f23e66c4fe26
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 559b8ed2e5a55f2ecdbfe9fbed0f86962205c69badc98e86bbfbc7042f388fceed5037464ff0d52b0e82f7bcd04049f0e47de7b7345bf9f19a99d950371beee6
|
7
|
+
data.tar.gz: 4d0ffb3a6b65c0ae1bf2569094e5993787c632e8d5b299e2ce660dbcb7b7fc7fdc23a4ece5a971da28758ffecf68ff32375b4b517e9cae58df297302849fb987
|
data/.travis.yml
CHANGED
data/lib/metasploit/constants.rb
CHANGED
@@ -19,5 +19,5 @@ module CONSTANTS
|
|
19
19
|
REQUIRED_WORKSPACE_MESSAGE = 'PWNED! Workspace Name is required'
|
20
20
|
SKIPPING_IMPORT_MESSAGE = '[*] Nexpose Console option was not passed, skipping Nexpose Import'
|
21
21
|
USING_OS_FILTER_MESSAGE = '[*] The OS Filter is set to TRUE so we are limiting the modules to just the ones applicable to this Operating System'
|
22
|
-
|
22
|
+
NO_OS_FILTER = '[*] We did not receive an option for the OS Filter or you set it to FALSE, either way we are backing the truck up and using all modules'
|
23
23
|
end
|
data/lib/metasploit/exploit.rb
CHANGED
@@ -50,26 +50,24 @@ module Metasploit
|
|
50
50
|
end
|
51
51
|
|
52
52
|
def self.do_metasploit_audit(rpc_client, run_details)
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
'DS_MAX_MINUTES' => run_details.audit_max_minutes,
|
58
|
-
'DS_MAX_THREADS' => run_details.audit_max_threads,
|
59
|
-
'DS_MAX_INSTANCES' => run_details.audit_max_instances
|
60
|
-
})
|
53
|
+
|
54
|
+
audit = rpc_client.call('pro.start_webaudit', run_details.get_audit_options)
|
55
|
+
|
56
|
+
|
61
57
|
wait_for_task_to_stop_running(rpc_client, CONSTANTS::AUDIT_MESSAGE, audit['task_id'])
|
62
58
|
end
|
63
59
|
|
64
60
|
def self.do_metasploit_exploit(rpc_client, run_details)
|
65
|
-
options = {
|
66
|
-
'workspace' => run_details.workspace_name,
|
67
|
-
'DS_FilterByOS' => run_details.use_os_filter
|
68
|
-
}
|
69
61
|
|
70
|
-
puts CONSTANTS::USING_OS_FILTER_MESSAGE if run_details.use_os_filter != CONSTANTS::DEFAULT_OS_FILTER
|
71
62
|
|
72
|
-
|
63
|
+
if run_details.use_os_filter == true
|
64
|
+
puts CONSTANTS::USING_OS_FILTER_MESSAGE
|
65
|
+
else
|
66
|
+
puts CONSTANTS::NO_OS_FILTER
|
67
|
+
end
|
68
|
+
|
69
|
+
sploit = rpc_client.call('pro.start_exploit', run_details.get_exploit_options)
|
70
|
+
|
73
71
|
wait_for_task_to_stop_running(rpc_client, CONSTANTS::EXPLOIT_MESSAGE, sploit['task_id'])
|
74
72
|
end
|
75
73
|
|
@@ -37,20 +37,25 @@ class ExploitRunDescription
|
|
37
37
|
@@device_ip_to_scan_value = value
|
38
38
|
end
|
39
39
|
|
40
|
-
def
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
40
|
+
def get_audit_options
|
41
|
+
{ "workspace" => self.workspace_name,
|
42
|
+
"DS_URLS" => self.device_ip_to_scan,
|
43
|
+
"DS_MAX_REQUESTS" => 1000,
|
44
|
+
"DS_MAX_MINUTES" => 3,
|
45
|
+
"DS_MAX_THREADS" => 5,
|
46
|
+
"DS_MAX_INSTANCES" => 3}
|
47
|
+
end
|
48
|
+
|
49
|
+
def get_exploit_options
|
50
|
+
{ "workspace" => self.workspace_name,
|
51
|
+
"DS_WHITELIST_HOSTS" => @@device_ip_to_scan_value,
|
52
|
+
"DS_MinimumRank" => "great",
|
53
|
+
"DS_EXPLOIT_SPEED" => 5,
|
54
|
+
"DS_EXPLOIT_TIMEOUT" => 2,
|
55
|
+
"DS_LimitSessions" => true,
|
56
|
+
"DS_MATCH_VULNS" => true,
|
57
|
+
"DS_MATCH_PORTS" => true,
|
58
|
+
"DS_FilterByOS" => self.use_os_filter}
|
54
59
|
end
|
55
60
|
|
56
61
|
def device_ip_to_scan
|
@@ -86,7 +91,7 @@ class ExploitRunDescription
|
|
86
91
|
end
|
87
92
|
|
88
93
|
def use_os_filter
|
89
|
-
(@@use_os_filter_value
|
94
|
+
(@@use_os_filter_value == false) ? false : true
|
90
95
|
end
|
91
96
|
|
92
97
|
|
@@ -8,7 +8,7 @@ describe 'exploit_run_description' do
|
|
8
8
|
@expected_port = '3791'
|
9
9
|
@expected_uri = '/api/1.1'
|
10
10
|
@expected_ssl = false
|
11
|
-
@expected_os_filter =
|
11
|
+
@expected_os_filter = true
|
12
12
|
@expected_workspace_name = 'workspacename'
|
13
13
|
@expected_nexpose_console_name = 'nexpose_console_name'
|
14
14
|
@expected_webscan_task_id = '12'
|
data/spec/exploit_spec.rb
CHANGED
@@ -13,6 +13,7 @@ describe 'exploit' do
|
|
13
13
|
@expected_uri = '/api/1.1'
|
14
14
|
@expected_ssl = false
|
15
15
|
@expected_use_os_filter = true
|
16
|
+
@expected_no_os_filter = false
|
16
17
|
@expected_workspace_name = 'workspacename'
|
17
18
|
@expected_nexpose_console_name = 'nexpose_console_name'
|
18
19
|
@expected_webscan_task_id = '12'
|
@@ -23,6 +24,12 @@ describe 'exploit' do
|
|
23
24
|
@expected_audit_max_minutes = 3
|
24
25
|
@expected_audit_max_threads = 5
|
25
26
|
@expected_audit_max_instances = 3
|
27
|
+
@expected_minimum_rank = 'great'
|
28
|
+
@expected_exploit_speed = 5
|
29
|
+
@expected_exploit_timeout = 2
|
30
|
+
@expected_session_limit = true
|
31
|
+
@expected_match_vulns = true
|
32
|
+
@expected_match_ports = true
|
26
33
|
@mock_rpc_client = get_mock_rpc_client
|
27
34
|
@mock_device_ip_to_scan = '127.0.0.1'
|
28
35
|
@mock_device_url_to_scan = "http://#{@mock_device_ip_to_scan}"
|
@@ -232,12 +239,12 @@ describe 'exploit' do
|
|
232
239
|
|
233
240
|
expect(@mock_rpc_client).to receive(:call)
|
234
241
|
.with('pro.start_webaudit', {
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
242
|
+
"workspace" => @expected_workspace_name,
|
243
|
+
"DS_URLS" => @mock_device_url_to_scan,
|
244
|
+
"DS_MAX_REQUESTS" => @expected_audit_max_requests,
|
245
|
+
"DS_MAX_MINUTES" => @expected_audit_max_minutes,
|
246
|
+
"DS_MAX_THREADS" => @expected_audit_max_threads,
|
247
|
+
"DS_MAX_INSTANCES" => @expected_audit_max_instances
|
241
248
|
})
|
242
249
|
.and_return({'task_id' => @expected_audit_task_id})
|
243
250
|
end
|
@@ -289,23 +296,62 @@ describe 'exploit' do
|
|
289
296
|
|
290
297
|
it 'should kick off an exploit' do
|
291
298
|
expect(@mock_rpc_client).to receive(:call)
|
292
|
-
.with('pro.start_exploit', {
|
299
|
+
.with('pro.start_exploit', {"workspace" => @expected_workspace_name,
|
300
|
+
"DS_WHITELIST_HOSTS" => @mock_device_ip_to_scan,
|
301
|
+
"DS_MinimumRank" => @expected_minimum_rank,
|
302
|
+
"DS_EXPLOIT_SPEED" => @expected_exploit_speed,
|
303
|
+
"DS_EXPLOIT_TIMEOUT" => @expected_exploit_timeout,
|
304
|
+
"DS_LimitSessions" => @expected_session_limit,
|
305
|
+
"DS_MATCH_VULNS" => @expected_match_vulns,
|
306
|
+
"DS_MATCH_PORTS" => @expected_match_ports,
|
307
|
+
"DS_FilterByOS" => @expected_use_os_filter})
|
293
308
|
|
294
309
|
Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, @expected_use_os_filter)
|
295
310
|
end
|
296
311
|
|
297
312
|
it 'should use a operating system filter if its set to true' do
|
298
313
|
expect(@mock_rpc_client).to receive(:call)
|
299
|
-
.with('pro.start_exploit', {
|
314
|
+
.with('pro.start_exploit', {"workspace" => @expected_workspace_name,
|
315
|
+
"DS_WHITELIST_HOSTS" => @mock_device_ip_to_scan,
|
316
|
+
"DS_MinimumRank" => @expected_minimum_rank,
|
317
|
+
"DS_EXPLOIT_SPEED" => @expected_exploit_speed,
|
318
|
+
"DS_EXPLOIT_TIMEOUT" => @expected_exploit_timeout,
|
319
|
+
"DS_LimitSessions" => @expected_session_limit,
|
320
|
+
"DS_MATCH_VULNS" => @expected_match_vulns,
|
321
|
+
"DS_MATCH_PORTS" => @expected_match_ports,
|
322
|
+
"DS_FilterByOS" => true})
|
323
|
+
|
324
|
+
Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, true)
|
325
|
+
end
|
300
326
|
|
301
|
-
|
327
|
+
it 'should not use a operating system filter if its set to false' do
|
328
|
+
expect(@mock_rpc_client).to receive(:call)
|
329
|
+
.with('pro.start_exploit', {"workspace" => @expected_workspace_name,
|
330
|
+
"DS_WHITELIST_HOSTS" => @mock_device_ip_to_scan,
|
331
|
+
"DS_MinimumRank" => @expected_minimum_rank,
|
332
|
+
"DS_EXPLOIT_SPEED" => @expected_exploit_speed,
|
333
|
+
"DS_EXPLOIT_TIMEOUT" => @expected_exploit_timeout,
|
334
|
+
"DS_LimitSessions" => @expected_session_limit,
|
335
|
+
"DS_MATCH_VULNS" => @expected_match_vulns,
|
336
|
+
"DS_MATCH_PORTS" => @expected_match_ports,
|
337
|
+
"DS_FilterByOS" => false})
|
338
|
+
|
339
|
+
Metasploit::Exploit.start(@expected_connection, @expected_port, @expected_uri, @expected_ssl, @expected_token, @expected_workspace_name, @expected_nexpose_console_name, @mock_device_ip_to_scan, false)
|
302
340
|
end
|
303
341
|
|
304
342
|
describe 'wait for exploit to be over' do
|
305
343
|
before(:each) do
|
306
344
|
|
307
345
|
expect(@mock_rpc_client).to receive(:call)
|
308
|
-
.with('pro.start_exploit', {
|
346
|
+
.with('pro.start_exploit', {"workspace" => @expected_workspace_name,
|
347
|
+
"DS_WHITELIST_HOSTS" => @mock_device_ip_to_scan,
|
348
|
+
"DS_MinimumRank" => @expected_minimum_rank,
|
349
|
+
"DS_EXPLOIT_SPEED" => @expected_exploit_speed,
|
350
|
+
"DS_EXPLOIT_TIMEOUT" => @expected_exploit_timeout,
|
351
|
+
"DS_LimitSessions" => @expected_session_limit,
|
352
|
+
"DS_MATCH_VULNS" => @expected_match_vulns,
|
353
|
+
"DS_MATCH_PORTS" => @expected_match_ports,
|
354
|
+
"DS_FilterByOS" => @expected_use_os_filter})
|
309
355
|
.and_return({'task_id' => @expected_exploit_task_id})
|
310
356
|
end
|
311
357
|
|