msfrpc-simple 0.0.3 → 0.0.4

data/Gemfile

@@ -1,10 +1 @@
-
-source 'http://rubygems.org'
-
-gem 'librex'
-gem 'msfrpc-client'
-
-group :test do
-	gem 'rspec'
-	gem 'pry'
-end
+gemspec

data/Gemfile.lock

@@ -1,33 +1,19 @@
+PATH
+  remote: .
+  specs:
+    msfrpc-simple (0.0.4)
+      msfrpc-client
+
 GEM
-  remote: http://rubygems.org/
   specs:
-    coderay (1.0.7)
-    diff-lcs (1.1.3)
-    librex (0.0.65)
-    method_source (0.8)
+    librex (0.0.68)
     msfrpc-client (1.0.1)
       librex (>= 0.0.32)
       msgpack (>= 0.4.5)
-    msgpack (0.4.6)
-    pry (0.9.10)
-      coderay (~> 1.0.5)
-      method_source (~> 0.8)
-      slop (~> 3.3.1)
-    rspec (2.11.0)
-      rspec-core (~> 2.11.0)
-      rspec-expectations (~> 2.11.0)
-      rspec-mocks (~> 2.11.0)
-    rspec-core (2.11.1)
-    rspec-expectations (2.11.1)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.11.1)
-    slop (3.3.2)
+    msgpack (0.5.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  librex
-  msfrpc-client
-  pry
-  rspec
+  msfrpc-simple!

data/build.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+rake build
+gem push pkg/msfrpc-simple-`cat lib/msfrpc-simple/version.rb | grep VERSION | cut -d '"' -f 2`.gem

data/lib/msfrpc-simple/client.rb

@@ -4,7 +4,6 @@ require 'features/framework'
 require 'features/pro'
 require 'module_mapper'
 require 'logger'
-require 'pry'
 
 module Msf
   module RPC
@@ -14,36 +13,43 @@ module Msf
         include Msf::RPC::Simple::Features::Framework
         include Msf::RPC::Simple::Features::Pro
 
+        attr_accessor :options
+
         # Public: Create a simple client object.
         #
         # opts - hash of options to include in our initial connection.
         # project - project name we want to use for this connection.
         #
         # Returns nothing.
-        def initialize(project="default", username, password, user_opts=nil)
+        def initialize(user_options)
+
+          # db username
+          # db password 
 
           #
           # Merge our project in, and set this as the project we'll
           # use going forward. 
           #
-          conn_params = { 
-            :project => project, 
-            :port => 55553,
-            :user => username, 
-            :pass => password 
+          @options = {
+            :project => user_options[:project] || "default", 
+            :port => user_options[:project] || 55553,
+            :user => user_options[:rpc_user], 
+            :pass => user_options[:rpc_pass], 
+            :db_user => user_options[:db_user],
+            :db_pass => user_options[:db_pass]
           }
-
-          user_opts.merge!(conn_params)
           
+          @options.merge!(user_options)
+
           #
           # Connect to the RPC daemon using the default client
           #
-          @client = Msf::RPC::Client.new(user_opts)
+          @client = Msf::RPC::Client.new(@options)
 
           #
           # Create a logger
           #
-          @logger = Msf::RPC::Simple::Logger.new
+          #@logger = Msf::RPC::Simple::Logger.new
         end
 
         #

data/lib/msfrpc-simple/features/framework.rb

@@ -4,6 +4,37 @@ module Msf
       module Features 
         module Framework
           
+          def create_report
+
+            # Create the console and get its id
+            console = @client.call("console.create")
+            console_id = console["id"]
+
+            # Do an initial read / discard to pull out the banner
+            @client.call("console.read", console_id)
+
+            # Move to the context of our module
+            @client.call("console.write", console_id, "db_connect #{self.options[:db_user]}:#{self.options[:db_pass]}@localhost/msf3\n")
+            @client.call("console.write", console_id, "db_export /tmp/metasploit.xml\n")
+
+            # do an initial read of the module's output
+            output = @client.call("console.read", console_id)
+            output_string = "#{output['data']}"
+          
+            return "Module Error" if output["result"] == "failure"
+
+            until (output["busy"] == false) do
+              output = @client.call("console.read", console_id)
+              output_string += "#{output['data']}"
+              return "Module Error" if output["result"] == "failure"
+            end
+
+            # Clean up 
+            @client.call("console.destroy", console_id)
+
+            File.open("/tmp/metasploit.xml").read
+          end
+
           #
           # This module simply runs a module
           #
@@ -80,12 +111,54 @@ module Msf
           #
           def discover_host(host)
 
-            # http version 
+            #
+            # 
+            # Other Potential options
+            #  - auxiliary/scanner/smb/pipe_auditor
+            #  - auxiliary/scanner/smb/pipe_dcerpc_auditor
+            #  - auxiliary/scanner/smb/smb_enumshares
+            #  - auxiliary/scanner/smb/smb_enumusers
             modules_and_options = [ 
               {:module_name => "auxiliary/scanner/http/http_version", 
                :module_option_string => "RHOSTS #{host}" },
-              {:module_name => "auxiliary/scanner/http/cert", 
-               :module_option_string => "RHOSTS #{host}" }
+              #{:module_name => "auxiliary/scanner/http/cert", 
+              # :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/ftp/ftp_version",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/h323/h323_version",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/imap/imap_version",
+              :module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/portscan/syn",
+              #:module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/portscan/tcp",
+              #:module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/lotus/lotus_domino_version",
+              #:module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/mysql/mysql_version",
+              :module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/netbios/nbname",
+              #:module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/netbios/nbname_probe",
+              #:module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp",
+              #:module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp",
+              #:module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/pop3/pop3_version",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/postgres/postgres_version",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/smb/smb_version",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/snmp/snmp_enum",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/ssh/ssh_version",
+              :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/telnet/telnet_version",
+              :module_option_string => "RHOSTS #{host}" },
+              #{:module_name => "auxiliary/scanner/vmware/vmauthd_version",
+              #:module_option_string => "RHOSTS #{host}" },
             ]
 
             # This is a naive and horrible way of doing it, but let's just knock 
@@ -99,67 +172,63 @@ module Msf
               # store this module's name in the output
               module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
 
-              # split up the module name into type / name
-              module_type = module_name.split("/").first
-              raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type  
-
-              # Create the console and get its id
-              console = @client.call("console.create")
-              console_id = console["id"]
+              module_output_data_string += execute_module_and_return_output(module_and_options)
+            end
 
-              # Do an initial read / discard to pull out the banner
-              @client.call("console.read", console_id)
+          module_output_data_string
+          end
 
-              # Move to the context of our module
-              @client.call("console.write", console_id, "use #{module_name}\n")
 
-              # Set up the module's datastore
-              module_option_string.split(",").each do |module_option|
-                @client.call "console.write", console_id, "set #{module_option}\n"
-              end
+          #
+          # This module runs a number of _login modules
+          #
+          def bruteforce_host(host)
 
-              # Do an another read / discard to pull out the option confirmation
-              @client.call("console.read", console_id)
+            modules_and_options = [
+              {:module_name => "auxiliary/scanner/ftp/ftp_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/http/http_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/smb/smb_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/mssql/mssql_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/mysql/mysql_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/pop3/pop3_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/smb/smb_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/snmp/snmp_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/ssh/ssh_login", 
+               :module_option_string => "RHOSTS #{host}" },
+              {:module_name => "auxiliary/scanner/telnet/telnet_login", 
+               :module_option_string => "RHOSTS #{host}" },
+            ]
 
-              # Depending on the module_type, kick off the module
-              if module_type == "auxiliary"
-                @client.call "console.write", console_id, "run\n"
-              elsif module_type == "exploit"
-                @client.call "console.write", console_id, "exploit\n"
-              else
-                return "Unsupported"
-              end
+            # This is a naive and horrible way of doing it, but let's just knock 
+            # out the basic thing first. For each module in our list... 
+            module_output_data_string = ""
+            modules_and_options.each do |module_and_options|
 
-              # do an initial read of the module's output
-              module_output = @client.call("console.read", console_id)
-            
-              return "Module Error" if module_output["result"] == "failure"
+              module_name = module_and_options[:module_name]
+              module_option_string = module_and_options[:module_option_string]
 
-              until (module_output["busy"] == false) do
-                module_output = @client.call("console.read", console_id)
-                module_output_data_string += "#{module_output['data']}"
-                return "Module Error" if module_output["result"] == "failure"
-              end
+              # store this module's name in the output
+              module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
 
-              # Clean up 
-              @client.call("console.destroy", console_id)
+              module_output_data_string += execute_module_and_return_output(module_and_options)
             end
 
           module_output_data_string
-          end
-
 
-          #
-          # This module runs a number of _login modules
-          #
-          def bruteforce_host(options)
-            return "Not Implemented"
           end
 
           #
           # This module runs a number of exploit modules
           #
-          def bruteforce_host(options)
+          def exploit_host(host)
             return "Not Implemented"
           end
 

data/lib/msfrpc-simple/module_mapper.rb

@@ -5,7 +5,7 @@ module Msf
           
           # Public: Get all discovery modules, given a host endpoint
           #
-          # This method may seem poorly abstracted but you must pass in an IP address
+          #  This method may seem poorly abstracted but you must pass in an IP address
           #  in order to compensate for the different ways that modules accept an
           #  endpoint. For example, scanners need an RHOSTS option, while most other 
           #  modules will accept a RHOST option.

data/lib/msfrpc-simple/version.rb

@@ -1,7 +1,7 @@
 module Msf
   module RPC
     module Simple
-      VERSION = "0.0.3"
+      VERSION = "0.0.4"
     end
   end
 end

data/msfrpc-simple.gemspec

@@ -14,4 +14,8 @@ Gem::Specification.new do |gem|
   gem.name          = "msfrpc-simple"
   gem.require_paths = ["lib"]
   gem.version       = Msf::RPC::Simple::VERSION
+  
+  gem.add_dependency("msfrpc-client")
+  #gem.add_dependency("librex")
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: msfrpc-simple
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,8 +9,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-24 00:00:00.000000000 Z
-dependencies: []
+date: 2013-02-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: msfrpc-client
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Simple wrapper for the Metasploit RPC API
 email:
 - jcran@pentestify.com
@@ -23,6 +39,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- build.sh
 - doc/NOTES
 - lib/.DS_Store
 - lib/msfrpc-simple.rb