msfrpc-simple 0.0.3 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. data/Gemfile +1 -10
  2. data/Gemfile.lock +9 -23
  3. data/build.sh +3 -0
  4. data/lib/msfrpc-simple/client.rb +17 -11
  5. data/lib/msfrpc-simple/features/framework.rb +116 -47
  6. data/lib/msfrpc-simple/module_mapper.rb +1 -1
  7. data/lib/msfrpc-simple/version.rb +1 -1
  8. data/msfrpc-simple.gemspec +4 -0
  9. metadata +20 -3
data/Gemfile CHANGED
@@ -1,10 +1 @@
1
-
2
- source 'http://rubygems.org'
3
-
4
- gem 'librex'
5
- gem 'msfrpc-client'
6
-
7
- group :test do
8
- gem 'rspec'
9
- gem 'pry'
10
- end
1
+ gemspec
data/Gemfile.lock CHANGED
@@ -1,33 +1,19 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ msfrpc-simple (0.0.4)
5
+ msfrpc-client
6
+
1
7
  GEM
2
- remote: http://rubygems.org/
3
8
  specs:
4
- coderay (1.0.7)
5
- diff-lcs (1.1.3)
6
- librex (0.0.65)
7
- method_source (0.8)
9
+ librex (0.0.68)
8
10
  msfrpc-client (1.0.1)
9
11
  librex (>= 0.0.32)
10
12
  msgpack (>= 0.4.5)
11
- msgpack (0.4.6)
12
- pry (0.9.10)
13
- coderay (~> 1.0.5)
14
- method_source (~> 0.8)
15
- slop (~> 3.3.1)
16
- rspec (2.11.0)
17
- rspec-core (~> 2.11.0)
18
- rspec-expectations (~> 2.11.0)
19
- rspec-mocks (~> 2.11.0)
20
- rspec-core (2.11.1)
21
- rspec-expectations (2.11.1)
22
- diff-lcs (~> 1.1.3)
23
- rspec-mocks (2.11.1)
24
- slop (3.3.2)
13
+ msgpack (0.5.1)
25
14
 
26
15
  PLATFORMS
27
16
  ruby
28
17
 
29
18
  DEPENDENCIES
30
- librex
31
- msfrpc-client
32
- pry
33
- rspec
19
+ msfrpc-simple!
data/build.sh ADDED
@@ -0,0 +1,3 @@
1
+ #!/bin/bash
2
+ rake build
3
+ gem push pkg/msfrpc-simple-`cat lib/msfrpc-simple/version.rb | grep VERSION | cut -d '"' -f 2`.gem
data/lib/msfrpc-simple/client.rb CHANGED
@@ -4,7 +4,6 @@ require 'features/framework'
4
4
  require 'features/pro'
5
5
  require 'module_mapper'
6
6
  require 'logger'
7
- require 'pry'
8
7
 
9
8
  module Msf
10
9
  module RPC
@@ -14,36 +13,43 @@ module Msf
14
13
  include Msf::RPC::Simple::Features::Framework
15
14
  include Msf::RPC::Simple::Features::Pro
16
15
 
16
+ attr_accessor :options
17
+
17
18
  # Public: Create a simple client object.
18
19
  #
19
20
  # opts - hash of options to include in our initial connection.
20
21
  # project - project name we want to use for this connection.
21
22
  #
22
23
  # Returns nothing.
23
- def initialize(project="default", username, password, user_opts=nil)
24
+ def initialize(user_options)
25
+
26
+ # db username
27
+ # db password
24
28
 
25
29
  #
26
30
  # Merge our project in, and set this as the project we'll
27
31
  # use going forward.
28
32
  #
29
- conn_params = {
30
- :project => project,
31
- :port => 55553,
32
- :user => username,
33
- :pass => password
33
+ @options = {
34
+ :project => user_options[:project] || "default",
35
+ :port => user_options[:project] || 55553,
36
+ :user => user_options[:rpc_user],
37
+ :pass => user_options[:rpc_pass],
38
+ :db_user => user_options[:db_user],
39
+ :db_pass => user_options[:db_pass]
34
40
  }
35
-
36
- user_opts.merge!(conn_params)
37
41
 
42
+ @options.merge!(user_options)
43
+
38
44
  #
39
45
  # Connect to the RPC daemon using the default client
40
46
  #
41
- @client = Msf::RPC::Client.new(user_opts)
47
+ @client = Msf::RPC::Client.new(@options)
42
48
 
43
49
  #
44
50
  # Create a logger
45
51
  #
46
- @logger = Msf::RPC::Simple::Logger.new
52
+ #@logger = Msf::RPC::Simple::Logger.new
47
53
  end
48
54
 
49
55
  #
data/lib/msfrpc-simple/features/framework.rb CHANGED
@@ -4,6 +4,37 @@ module Msf
4
4
  module Features
5
5
  module Framework
6
6
 
7
+ def create_report
8
+
9
+ # Create the console and get its id
10
+ console = @client.call("console.create")
11
+ console_id = console["id"]
12
+
13
+ # Do an initial read / discard to pull out the banner
14
+ @client.call("console.read", console_id)
15
+
16
+ # Move to the context of our module
17
+ @client.call("console.write", console_id, "db_connect #{self.options[:db_user]}:#{self.options[:db_pass]}@localhost/msf3\n")
18
+ @client.call("console.write", console_id, "db_export /tmp/metasploit.xml\n")
19
+
20
+ # do an initial read of the module's output
21
+ output = @client.call("console.read", console_id)
22
+ output_string = "#{output['data']}"
23
+
24
+ return "Module Error" if output["result"] == "failure"
25
+
26
+ until (output["busy"] == false) do
27
+ output = @client.call("console.read", console_id)
28
+ output_string += "#{output['data']}"
29
+ return "Module Error" if output["result"] == "failure"
30
+ end
31
+
32
+ # Clean up
33
+ @client.call("console.destroy", console_id)
34
+
35
+ File.open("/tmp/metasploit.xml").read
36
+ end
37
+
7
38
  #
8
39
  # This module simply runs a module
9
40
  #
@@ -80,12 +111,54 @@ module Msf
80
111
  #
81
112
  def discover_host(host)
82
113
 
83
- # http version
114
+ #
115
+ #
116
+ # Other Potential options
117
+ # - auxiliary/scanner/smb/pipe_auditor
118
+ # - auxiliary/scanner/smb/pipe_dcerpc_auditor
119
+ # - auxiliary/scanner/smb/smb_enumshares
120
+ # - auxiliary/scanner/smb/smb_enumusers
84
121
  modules_and_options = [
85
122
  {:module_name => "auxiliary/scanner/http/http_version",
86
123
  :module_option_string => "RHOSTS #{host}" },
87
- {:module_name => "auxiliary/scanner/http/cert",
88
- :module_option_string => "RHOSTS #{host}" }
124
+ #{:module_name => "auxiliary/scanner/http/cert",
125
+ # :module_option_string => "RHOSTS #{host}" },
126
+ {:module_name => "auxiliary/scanner/ftp/ftp_version",
127
+ :module_option_string => "RHOSTS #{host}" },
128
+ {:module_name => "auxiliary/scanner/h323/h323_version",
129
+ :module_option_string => "RHOSTS #{host}" },
130
+ {:module_name => "auxiliary/scanner/imap/imap_version",
131
+ :module_option_string => "RHOSTS #{host}" },
132
+ #{:module_name => "auxiliary/scanner/portscan/syn",
133
+ #:module_option_string => "RHOSTS #{host}" },
134
+ #{:module_name => "auxiliary/scanner/portscan/tcp",
135
+ #:module_option_string => "RHOSTS #{host}" },
136
+ #{:module_name => "auxiliary/scanner/lotus/lotus_domino_version",
137
+ #:module_option_string => "RHOSTS #{host}" },
138
+ {:module_name => "auxiliary/scanner/mysql/mysql_version",
139
+ :module_option_string => "RHOSTS #{host}" },
140
+ #{:module_name => "auxiliary/scanner/netbios/nbname",
141
+ #:module_option_string => "RHOSTS #{host}" },
142
+ #{:module_name => "auxiliary/scanner/netbios/nbname_probe",
143
+ #:module_option_string => "RHOSTS #{host}" },
144
+ #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp",
145
+ #:module_option_string => "RHOSTS #{host}" },
146
+ #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp",
147
+ #:module_option_string => "RHOSTS #{host}" },
148
+ {:module_name => "auxiliary/scanner/pop3/pop3_version",
149
+ :module_option_string => "RHOSTS #{host}" },
150
+ {:module_name => "auxiliary/scanner/postgres/postgres_version",
151
+ :module_option_string => "RHOSTS #{host}" },
152
+ {:module_name => "auxiliary/scanner/smb/smb_version",
153
+ :module_option_string => "RHOSTS #{host}" },
154
+ {:module_name => "auxiliary/scanner/snmp/snmp_enum",
155
+ :module_option_string => "RHOSTS #{host}" },
156
+ {:module_name => "auxiliary/scanner/ssh/ssh_version",
157
+ :module_option_string => "RHOSTS #{host}" },
158
+ {:module_name => "auxiliary/scanner/telnet/telnet_version",
159
+ :module_option_string => "RHOSTS #{host}" },
160
+ #{:module_name => "auxiliary/scanner/vmware/vmauthd_version",
161
+ #:module_option_string => "RHOSTS #{host}" },
89
162
  ]
90
163
 
91
164
  # This is a naive and horrible way of doing it, but let's just knock
@@ -99,67 +172,63 @@ module Msf
99
172
  # store this module's name in the output
100
173
  module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
101
174
 
102
- # split up the module name into type / name
103
- module_type = module_name.split("/").first
104
- raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type
105
-
106
- # Create the console and get its id
107
- console = @client.call("console.create")
108
- console_id = console["id"]
175
+ module_output_data_string += execute_module_and_return_output(module_and_options)
176
+ end
109
177
 
110
- # Do an initial read / discard to pull out the banner
111
- @client.call("console.read", console_id)
178
+ module_output_data_string
179
+ end
112
180
 
113
- # Move to the context of our module
114
- @client.call("console.write", console_id, "use #{module_name}\n")
115
181
 
116
- # Set up the module's datastore
117
- module_option_string.split(",").each do |module_option|
118
- @client.call "console.write", console_id, "set #{module_option}\n"
119
- end
182
+ #
183
+ # This module runs a number of _login modules
184
+ #
185
+ def bruteforce_host(host)
120
186
 
121
- # Do an another read / discard to pull out the option confirmation
122
- @client.call("console.read", console_id)
187
+ modules_and_options = [
188
+ {:module_name => "auxiliary/scanner/ftp/ftp_login",
189
+ :module_option_string => "RHOSTS #{host}" },
190
+ {:module_name => "auxiliary/scanner/http/http_login",
191
+ :module_option_string => "RHOSTS #{host}" },
192
+ {:module_name => "auxiliary/scanner/smb/smb_login",
193
+ :module_option_string => "RHOSTS #{host}" },
194
+ {:module_name => "auxiliary/scanner/mssql/mssql_login",
195
+ :module_option_string => "RHOSTS #{host}" },
196
+ {:module_name => "auxiliary/scanner/mysql/mysql_login",
197
+ :module_option_string => "RHOSTS #{host}" },
198
+ {:module_name => "auxiliary/scanner/pop3/pop3_login",
199
+ :module_option_string => "RHOSTS #{host}" },
200
+ {:module_name => "auxiliary/scanner/smb/smb_login",
201
+ :module_option_string => "RHOSTS #{host}" },
202
+ {:module_name => "auxiliary/scanner/snmp/snmp_login",
203
+ :module_option_string => "RHOSTS #{host}" },
204
+ {:module_name => "auxiliary/scanner/ssh/ssh_login",
205
+ :module_option_string => "RHOSTS #{host}" },
206
+ {:module_name => "auxiliary/scanner/telnet/telnet_login",
207
+ :module_option_string => "RHOSTS #{host}" },
208
+ ]
123
209
 
124
- # Depending on the module_type, kick off the module
125
- if module_type == "auxiliary"
126
- @client.call "console.write", console_id, "run\n"
127
- elsif module_type == "exploit"
128
- @client.call "console.write", console_id, "exploit\n"
129
- else
130
- return "Unsupported"
131
- end
210
+ # This is a naive and horrible way of doing it, but let's just knock
211
+ # out the basic thing first. For each module in our list...
212
+ module_output_data_string = ""
213
+ modules_and_options.each do |module_and_options|
132
214
 
133
- # do an initial read of the module's output
134
- module_output = @client.call("console.read", console_id)
135
-
136
- return "Module Error" if module_output["result"] == "failure"
215
+ module_name = module_and_options[:module_name]
216
+ module_option_string = module_and_options[:module_option_string]
137
217
 
138
- until (module_output["busy"] == false) do
139
- module_output = @client.call("console.read", console_id)
140
- module_output_data_string += "#{module_output['data']}"
141
- return "Module Error" if module_output["result"] == "failure"
142
- end
218
+ # store this module's name in the output
219
+ module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
143
220
 
144
- # Clean up
145
- @client.call("console.destroy", console_id)
221
+ module_output_data_string += execute_module_and_return_output(module_and_options)
146
222
  end
147
223
 
148
224
  module_output_data_string
149
- end
150
-
151
225
 
152
- #
153
- # This module runs a number of _login modules
154
- #
155
- def bruteforce_host(options)
156
- return "Not Implemented"
157
226
  end
158
227
 
159
228
  #
160
229
  # This module runs a number of exploit modules
161
230
  #
162
- def bruteforce_host(options)
231
+ def exploit_host(host)
163
232
  return "Not Implemented"
164
233
  end
165
234
 
data/lib/msfrpc-simple/module_mapper.rb CHANGED
@@ -5,7 +5,7 @@ module Msf
5
5
 
6
6
  # Public: Get all discovery modules, given a host endpoint
7
7
  #
8
- # This method may seem poorly abstracted but you must pass in an IP address
8
+ # This method may seem poorly abstracted but you must pass in an IP address
9
9
  # in order to compensate for the different ways that modules accept an
10
10
  # endpoint. For example, scanners need an RHOSTS option, while most other
11
11
  # modules will accept a RHOST option.
data/lib/msfrpc-simple/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Msf
2
2
  module RPC
3
3
  module Simple
4
- VERSION = "0.0.3"
4
+ VERSION = "0.0.4"
5
5
  end
6
6
  end
7
7
  end
data/msfrpc-simple.gemspec CHANGED
@@ -14,4 +14,8 @@ Gem::Specification.new do |gem|
14
14
  gem.name = "msfrpc-simple"
15
15
  gem.require_paths = ["lib"]
16
16
  gem.version = Msf::RPC::Simple::VERSION
17
+
18
+ gem.add_dependency("msfrpc-client")
19
+ #gem.add_dependency("librex")
20
+
17
21
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: msfrpc-simple
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,8 +9,24 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-11-24 00:00:00.000000000 Z
13
- dependencies: []
12
+ date: 2013-02-21 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: msfrpc-client
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
14
30
  description: Simple wrapper for the Metasploit RPC API
15
31
  email:
16
32
  - jcran@pentestify.com
@@ -23,6 +39,7 @@ files:
23
39
  - LICENSE
24
40
  - README.md
25
41
  - Rakefile
42
+ - build.sh
26
43
  - doc/NOTES
27
44
  - lib/.DS_Store
28
45
  - lib/msfrpc-simple.rb