msfrpc-simple 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -10
- data/Gemfile.lock +9 -23
- data/build.sh +3 -0
- data/lib/msfrpc-simple/client.rb +17 -11
- data/lib/msfrpc-simple/features/framework.rb +116 -47
- data/lib/msfrpc-simple/module_mapper.rb +1 -1
- data/lib/msfrpc-simple/version.rb +1 -1
- data/msfrpc-simple.gemspec +4 -0
- metadata +20 -3
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,33 +1,19 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
msfrpc-simple (0.0.4)
|
5
|
+
msfrpc-client
|
6
|
+
|
1
7
|
GEM
|
2
|
-
remote: http://rubygems.org/
|
3
8
|
specs:
|
4
|
-
|
5
|
-
diff-lcs (1.1.3)
|
6
|
-
librex (0.0.65)
|
7
|
-
method_source (0.8)
|
9
|
+
librex (0.0.68)
|
8
10
|
msfrpc-client (1.0.1)
|
9
11
|
librex (>= 0.0.32)
|
10
12
|
msgpack (>= 0.4.5)
|
11
|
-
msgpack (0.
|
12
|
-
pry (0.9.10)
|
13
|
-
coderay (~> 1.0.5)
|
14
|
-
method_source (~> 0.8)
|
15
|
-
slop (~> 3.3.1)
|
16
|
-
rspec (2.11.0)
|
17
|
-
rspec-core (~> 2.11.0)
|
18
|
-
rspec-expectations (~> 2.11.0)
|
19
|
-
rspec-mocks (~> 2.11.0)
|
20
|
-
rspec-core (2.11.1)
|
21
|
-
rspec-expectations (2.11.1)
|
22
|
-
diff-lcs (~> 1.1.3)
|
23
|
-
rspec-mocks (2.11.1)
|
24
|
-
slop (3.3.2)
|
13
|
+
msgpack (0.5.1)
|
25
14
|
|
26
15
|
PLATFORMS
|
27
16
|
ruby
|
28
17
|
|
29
18
|
DEPENDENCIES
|
30
|
-
|
31
|
-
msfrpc-client
|
32
|
-
pry
|
33
|
-
rspec
|
19
|
+
msfrpc-simple!
|
data/build.sh
ADDED
data/lib/msfrpc-simple/client.rb
CHANGED
@@ -4,7 +4,6 @@ require 'features/framework'
|
|
4
4
|
require 'features/pro'
|
5
5
|
require 'module_mapper'
|
6
6
|
require 'logger'
|
7
|
-
require 'pry'
|
8
7
|
|
9
8
|
module Msf
|
10
9
|
module RPC
|
@@ -14,36 +13,43 @@ module Msf
|
|
14
13
|
include Msf::RPC::Simple::Features::Framework
|
15
14
|
include Msf::RPC::Simple::Features::Pro
|
16
15
|
|
16
|
+
attr_accessor :options
|
17
|
+
|
17
18
|
# Public: Create a simple client object.
|
18
19
|
#
|
19
20
|
# opts - hash of options to include in our initial connection.
|
20
21
|
# project - project name we want to use for this connection.
|
21
22
|
#
|
22
23
|
# Returns nothing.
|
23
|
-
def initialize(
|
24
|
+
def initialize(user_options)
|
25
|
+
|
26
|
+
# db username
|
27
|
+
# db password
|
24
28
|
|
25
29
|
#
|
26
30
|
# Merge our project in, and set this as the project we'll
|
27
31
|
# use going forward.
|
28
32
|
#
|
29
|
-
|
30
|
-
:project => project,
|
31
|
-
:port => 55553,
|
32
|
-
:user =>
|
33
|
-
:pass =>
|
33
|
+
@options = {
|
34
|
+
:project => user_options[:project] || "default",
|
35
|
+
:port => user_options[:project] || 55553,
|
36
|
+
:user => user_options[:rpc_user],
|
37
|
+
:pass => user_options[:rpc_pass],
|
38
|
+
:db_user => user_options[:db_user],
|
39
|
+
:db_pass => user_options[:db_pass]
|
34
40
|
}
|
35
|
-
|
36
|
-
user_opts.merge!(conn_params)
|
37
41
|
|
42
|
+
@options.merge!(user_options)
|
43
|
+
|
38
44
|
#
|
39
45
|
# Connect to the RPC daemon using the default client
|
40
46
|
#
|
41
|
-
@client = Msf::RPC::Client.new(
|
47
|
+
@client = Msf::RPC::Client.new(@options)
|
42
48
|
|
43
49
|
#
|
44
50
|
# Create a logger
|
45
51
|
#
|
46
|
-
|
52
|
+
#@logger = Msf::RPC::Simple::Logger.new
|
47
53
|
end
|
48
54
|
|
49
55
|
#
|
@@ -4,6 +4,37 @@ module Msf
|
|
4
4
|
module Features
|
5
5
|
module Framework
|
6
6
|
|
7
|
+
def create_report
|
8
|
+
|
9
|
+
# Create the console and get its id
|
10
|
+
console = @client.call("console.create")
|
11
|
+
console_id = console["id"]
|
12
|
+
|
13
|
+
# Do an initial read / discard to pull out the banner
|
14
|
+
@client.call("console.read", console_id)
|
15
|
+
|
16
|
+
# Move to the context of our module
|
17
|
+
@client.call("console.write", console_id, "db_connect #{self.options[:db_user]}:#{self.options[:db_pass]}@localhost/msf3\n")
|
18
|
+
@client.call("console.write", console_id, "db_export /tmp/metasploit.xml\n")
|
19
|
+
|
20
|
+
# do an initial read of the module's output
|
21
|
+
output = @client.call("console.read", console_id)
|
22
|
+
output_string = "#{output['data']}"
|
23
|
+
|
24
|
+
return "Module Error" if output["result"] == "failure"
|
25
|
+
|
26
|
+
until (output["busy"] == false) do
|
27
|
+
output = @client.call("console.read", console_id)
|
28
|
+
output_string += "#{output['data']}"
|
29
|
+
return "Module Error" if output["result"] == "failure"
|
30
|
+
end
|
31
|
+
|
32
|
+
# Clean up
|
33
|
+
@client.call("console.destroy", console_id)
|
34
|
+
|
35
|
+
File.open("/tmp/metasploit.xml").read
|
36
|
+
end
|
37
|
+
|
7
38
|
#
|
8
39
|
# This module simply runs a module
|
9
40
|
#
|
@@ -80,12 +111,54 @@ module Msf
|
|
80
111
|
#
|
81
112
|
def discover_host(host)
|
82
113
|
|
83
|
-
#
|
114
|
+
#
|
115
|
+
#
|
116
|
+
# Other Potential options
|
117
|
+
# - auxiliary/scanner/smb/pipe_auditor
|
118
|
+
# - auxiliary/scanner/smb/pipe_dcerpc_auditor
|
119
|
+
# - auxiliary/scanner/smb/smb_enumshares
|
120
|
+
# - auxiliary/scanner/smb/smb_enumusers
|
84
121
|
modules_and_options = [
|
85
122
|
{:module_name => "auxiliary/scanner/http/http_version",
|
86
123
|
:module_option_string => "RHOSTS #{host}" },
|
87
|
-
{:module_name => "auxiliary/scanner/http/cert",
|
88
|
-
|
124
|
+
#{:module_name => "auxiliary/scanner/http/cert",
|
125
|
+
# :module_option_string => "RHOSTS #{host}" },
|
126
|
+
{:module_name => "auxiliary/scanner/ftp/ftp_version",
|
127
|
+
:module_option_string => "RHOSTS #{host}" },
|
128
|
+
{:module_name => "auxiliary/scanner/h323/h323_version",
|
129
|
+
:module_option_string => "RHOSTS #{host}" },
|
130
|
+
{:module_name => "auxiliary/scanner/imap/imap_version",
|
131
|
+
:module_option_string => "RHOSTS #{host}" },
|
132
|
+
#{:module_name => "auxiliary/scanner/portscan/syn",
|
133
|
+
#:module_option_string => "RHOSTS #{host}" },
|
134
|
+
#{:module_name => "auxiliary/scanner/portscan/tcp",
|
135
|
+
#:module_option_string => "RHOSTS #{host}" },
|
136
|
+
#{:module_name => "auxiliary/scanner/lotus/lotus_domino_version",
|
137
|
+
#:module_option_string => "RHOSTS #{host}" },
|
138
|
+
{:module_name => "auxiliary/scanner/mysql/mysql_version",
|
139
|
+
:module_option_string => "RHOSTS #{host}" },
|
140
|
+
#{:module_name => "auxiliary/scanner/netbios/nbname",
|
141
|
+
#:module_option_string => "RHOSTS #{host}" },
|
142
|
+
#{:module_name => "auxiliary/scanner/netbios/nbname_probe",
|
143
|
+
#:module_option_string => "RHOSTS #{host}" },
|
144
|
+
#{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp",
|
145
|
+
#:module_option_string => "RHOSTS #{host}" },
|
146
|
+
#{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp",
|
147
|
+
#:module_option_string => "RHOSTS #{host}" },
|
148
|
+
{:module_name => "auxiliary/scanner/pop3/pop3_version",
|
149
|
+
:module_option_string => "RHOSTS #{host}" },
|
150
|
+
{:module_name => "auxiliary/scanner/postgres/postgres_version",
|
151
|
+
:module_option_string => "RHOSTS #{host}" },
|
152
|
+
{:module_name => "auxiliary/scanner/smb/smb_version",
|
153
|
+
:module_option_string => "RHOSTS #{host}" },
|
154
|
+
{:module_name => "auxiliary/scanner/snmp/snmp_enum",
|
155
|
+
:module_option_string => "RHOSTS #{host}" },
|
156
|
+
{:module_name => "auxiliary/scanner/ssh/ssh_version",
|
157
|
+
:module_option_string => "RHOSTS #{host}" },
|
158
|
+
{:module_name => "auxiliary/scanner/telnet/telnet_version",
|
159
|
+
:module_option_string => "RHOSTS #{host}" },
|
160
|
+
#{:module_name => "auxiliary/scanner/vmware/vmauthd_version",
|
161
|
+
#:module_option_string => "RHOSTS #{host}" },
|
89
162
|
]
|
90
163
|
|
91
164
|
# This is a naive and horrible way of doing it, but let's just knock
|
@@ -99,67 +172,63 @@ module Msf
|
|
99
172
|
# store this module's name in the output
|
100
173
|
module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
|
101
174
|
|
102
|
-
|
103
|
-
|
104
|
-
raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type
|
105
|
-
|
106
|
-
# Create the console and get its id
|
107
|
-
console = @client.call("console.create")
|
108
|
-
console_id = console["id"]
|
175
|
+
module_output_data_string += execute_module_and_return_output(module_and_options)
|
176
|
+
end
|
109
177
|
|
110
|
-
|
111
|
-
|
178
|
+
module_output_data_string
|
179
|
+
end
|
112
180
|
|
113
|
-
# Move to the context of our module
|
114
|
-
@client.call("console.write", console_id, "use #{module_name}\n")
|
115
181
|
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
182
|
+
#
|
183
|
+
# This module runs a number of _login modules
|
184
|
+
#
|
185
|
+
def bruteforce_host(host)
|
120
186
|
|
121
|
-
|
122
|
-
|
187
|
+
modules_and_options = [
|
188
|
+
{:module_name => "auxiliary/scanner/ftp/ftp_login",
|
189
|
+
:module_option_string => "RHOSTS #{host}" },
|
190
|
+
{:module_name => "auxiliary/scanner/http/http_login",
|
191
|
+
:module_option_string => "RHOSTS #{host}" },
|
192
|
+
{:module_name => "auxiliary/scanner/smb/smb_login",
|
193
|
+
:module_option_string => "RHOSTS #{host}" },
|
194
|
+
{:module_name => "auxiliary/scanner/mssql/mssql_login",
|
195
|
+
:module_option_string => "RHOSTS #{host}" },
|
196
|
+
{:module_name => "auxiliary/scanner/mysql/mysql_login",
|
197
|
+
:module_option_string => "RHOSTS #{host}" },
|
198
|
+
{:module_name => "auxiliary/scanner/pop3/pop3_login",
|
199
|
+
:module_option_string => "RHOSTS #{host}" },
|
200
|
+
{:module_name => "auxiliary/scanner/smb/smb_login",
|
201
|
+
:module_option_string => "RHOSTS #{host}" },
|
202
|
+
{:module_name => "auxiliary/scanner/snmp/snmp_login",
|
203
|
+
:module_option_string => "RHOSTS #{host}" },
|
204
|
+
{:module_name => "auxiliary/scanner/ssh/ssh_login",
|
205
|
+
:module_option_string => "RHOSTS #{host}" },
|
206
|
+
{:module_name => "auxiliary/scanner/telnet/telnet_login",
|
207
|
+
:module_option_string => "RHOSTS #{host}" },
|
208
|
+
]
|
123
209
|
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
@client.call "console.write", console_id, "exploit\n"
|
129
|
-
else
|
130
|
-
return "Unsupported"
|
131
|
-
end
|
210
|
+
# This is a naive and horrible way of doing it, but let's just knock
|
211
|
+
# out the basic thing first. For each module in our list...
|
212
|
+
module_output_data_string = ""
|
213
|
+
modules_and_options.each do |module_and_options|
|
132
214
|
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
return "Module Error" if module_output["result"] == "failure"
|
215
|
+
module_name = module_and_options[:module_name]
|
216
|
+
module_option_string = module_and_options[:module_option_string]
|
137
217
|
|
138
|
-
|
139
|
-
|
140
|
-
module_output_data_string += "#{module_output['data']}"
|
141
|
-
return "Module Error" if module_output["result"] == "failure"
|
142
|
-
end
|
218
|
+
# store this module's name in the output
|
219
|
+
module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
|
143
220
|
|
144
|
-
|
145
|
-
@client.call("console.destroy", console_id)
|
221
|
+
module_output_data_string += execute_module_and_return_output(module_and_options)
|
146
222
|
end
|
147
223
|
|
148
224
|
module_output_data_string
|
149
|
-
end
|
150
|
-
|
151
225
|
|
152
|
-
#
|
153
|
-
# This module runs a number of _login modules
|
154
|
-
#
|
155
|
-
def bruteforce_host(options)
|
156
|
-
return "Not Implemented"
|
157
226
|
end
|
158
227
|
|
159
228
|
#
|
160
229
|
# This module runs a number of exploit modules
|
161
230
|
#
|
162
|
-
def
|
231
|
+
def exploit_host(host)
|
163
232
|
return "Not Implemented"
|
164
233
|
end
|
165
234
|
|
@@ -5,7 +5,7 @@ module Msf
|
|
5
5
|
|
6
6
|
# Public: Get all discovery modules, given a host endpoint
|
7
7
|
#
|
8
|
-
#
|
8
|
+
# This method may seem poorly abstracted but you must pass in an IP address
|
9
9
|
# in order to compensate for the different ways that modules accept an
|
10
10
|
# endpoint. For example, scanners need an RHOSTS option, while most other
|
11
11
|
# modules will accept a RHOST option.
|
data/msfrpc-simple.gemspec
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: msfrpc-simple
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,8 +9,24 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
13
|
-
dependencies:
|
12
|
+
date: 2013-02-21 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: msfrpc-client
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
14
30
|
description: Simple wrapper for the Metasploit RPC API
|
15
31
|
email:
|
16
32
|
- jcran@pentestify.com
|
@@ -23,6 +39,7 @@ files:
|
|
23
39
|
- LICENSE
|
24
40
|
- README.md
|
25
41
|
- Rakefile
|
42
|
+
- build.sh
|
26
43
|
- doc/NOTES
|
27
44
|
- lib/.DS_Store
|
28
45
|
- lib/msfrpc-simple.rb
|