msfrpc-simple 0.0.4 → 0.0.5

data/lib/msfrpc-simple/client.rb

@@ -3,6 +3,7 @@ require 'msfrpc-client'
 require 'features/framework'
 require 'features/pro'
 require 'module_mapper'
+require 'timeout'
 require 'logger'
 
 module Msf
@@ -13,30 +14,26 @@ module Msf
         include Msf::RPC::Simple::Features::Framework
         include Msf::RPC::Simple::Features::Pro
 
-        attr_accessor :options
+        #attr_accessor :options
 
         # Public: Create a simple client object.
         #
-        # opts - hash of options to include in our initial connection.
+        # user_options - hash of options to include in our initial connection.
         # project - project name we want to use for this connection.
         #
         # Returns nothing.
         def initialize(user_options)
 
-          # db username
-          # db password 
-
-          #
-          # Merge our project in, and set this as the project we'll
-          # use going forward. 
-          #
+          # configure default options
           @options = {
             :project => user_options[:project] || "default", 
             :port => user_options[:project] || 55553,
             :user => user_options[:rpc_user], 
             :pass => user_options[:rpc_pass], 
+            :db_host => user_options[:db_host] || "localhost",
             :db_user => user_options[:db_user],
-            :db_pass => user_options[:db_pass]
+            :db_pass => user_options[:db_pass],
+            :db => user_options[:db_name] || "msf"
           }
           
           @options.merge!(user_options)
@@ -46,18 +43,108 @@ module Msf
           #
           @client = Msf::RPC::Client.new(@options)
 
+          #
+          # Connect to the database based on the included options
+          #
+          _connect_database
+
+          #
+          # Add a new workspace
+          #
+          @workspace_name = Time.now.utc.to_s.gsub(" ","_").gsub(":","_")
+          _create_workspace
+
           #
           # Create a logger
           #
           #@logger = Msf::RPC::Simple::Logger.new
         end
 
+        # Public: Creates and retuns an xml report
         #
-        #  
+        # This method is ugly for a number of reasons, but there doesn't
+        # appear to be a way to be notified when the command is completed
+        # nor when the 
+        # 
         #
+        # returns a valid xml string
+        def create_report
+          report_path = "/tmp/metasploit_#{@workspace_name}.xml"
+
+          # Create the report using the db_export command
+          _send_command("db_export #{report_path}\n")
+
+          # We've sent the command, so let's sit back and wait for th
+          # output to hit the disk.
+          begin
+            xml_string = ""
+            status = Timeout::timeout(240) {
+              # We don't know when the file is going to show up, so 
+              # wait for it...
+              until File.exists? report_path do
+                sleep 1
+              end
+
+              # Read and clean up the file when it exists...
+              until xml_string.include? "</MetasploitV4>" do
+                  sleep 5
+                  xml_string = File.read(report_path)
+              end
+              
+              File.delete(report_path)
+            }
+          rescue Timeout::Error
+            xml_string = "<MetasploitV4></MetasploitV4>"
+          end
+
+        xml_string
+        end
+
+        def cleanup
+          #_send_command("workspace -d #{@workspace_name}")
+          _send_command("db_disconnect")
+        end
+
         def connected?
           return true if @client.call("core.version")   
         end
+
+        private
+
+        def _connect_database
+          _send_command("db_connect #{@options[:db_user]}:#{@options[:db_pass]}@#{@options[:db_host]}/#{@options[:db]}")
+        end
+
+        def _create_workspace
+          _send_command("workspace -a #{@workspace_name}")
+        end
+
+        def _send_command(command)
+            # Create the console and get its id
+            console = @client.call("console.create")
+
+            # Do an initial read / discard to pull out any info on the console
+            # then write the command to the console
+            @client.call("console.read", console["id"])
+            @client.call("console.write", console["id"], "#{command}\n")
+
+            # Initial read
+            output_string = ""
+            output = @client.call("console.read", console["id"])
+
+            # Read until finished
+            while (output["busy"] == true) do
+              output_string += "#{output['data']}"
+              output = @client.call("console.read", console["id"])
+              output_string = "Error" if output["result"] == "failure"
+            end
+          
+            # Clean up console
+            #@client.call("console.destroy", console["id"])
+
+        output_string
+        end
+
       end
     end
   end

data/lib/msfrpc-simple/features/framework.rb

@@ -3,116 +3,12 @@ module Msf
     module Simple
       module Features 
         module Framework
-          
-          def create_report
-
-            # Create the console and get its id
-            console = @client.call("console.create")
-            console_id = console["id"]
-
-            # Do an initial read / discard to pull out the banner
-            @client.call("console.read", console_id)
-
-            # Move to the context of our module
-            @client.call("console.write", console_id, "db_connect #{self.options[:db_user]}:#{self.options[:db_pass]}@localhost/msf3\n")
-            @client.call("console.write", console_id, "db_export /tmp/metasploit.xml\n")
-
-            # do an initial read of the module's output
-            output = @client.call("console.read", console_id)
-            output_string = "#{output['data']}"
-          
-            return "Module Error" if output["result"] == "failure"
-
-            until (output["busy"] == false) do
-              output = @client.call("console.read", console_id)
-              output_string += "#{output['data']}"
-              return "Module Error" if output["result"] == "failure"
-            end
-
-            # Clean up 
-            @client.call("console.destroy", console_id)
-
-            File.open("/tmp/metasploit.xml").read
-          end
-
-          #
-          # This module simply runs a module
-          #
-          def execute_module_and_return_output(options)
-
-            module_name = options[:module_name]
-            #module_options = options[:module_options]
-            module_option_string = options[:module_option_string]
-
-            # split up the module name into type / name
-            module_type = module_name.split("/").first
-            raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type  
-            
-            #module_options["TARGET"] = 0 unless module_options["TARGET"]
-
-            #info = @client.call("module.execute", module_type, module_name, module_options)
-            #@client.call("job.info", info["job_id"])
-
-            # The module output will be not available when run this way; to 
-            # capture the result of the print_* commands, you have to set the
-            # output driver of the module to something you can read from (Buffer,
-            # File, etc). For your use case, the best bet is to run the module 
-            # via the Console API instead of module.execute, and use that to read
-            # the output from the console itself, which provides buffer output for you.
-
-            # Create the console and get its id
-            console = @client.call("console.create")
-            console_id = console["id"]
-
-            # Do an initial read / discard to pull out the banner
-            @client.call("console.read", console_id)
-
-            # Move to the context of our module
-            @client.call("console.write", console_id, "use #{module_name}\n")
-
-            # Set up the module's datastore
-            module_option_string.split(",").each do |module_option|
-              @client.call "console.write", console_id, "set #{module_option}\n"
-            end
-
-            # Do an another read / discard to pull out the option confirmation
-            @client.call("console.read", console_id)
-
-            # Depending on the module_type, kick off the module
-            if module_type == "auxiliary"
-              @client.call "console.write", console_id, "run\n"
-            elsif module_type == "exploit"
-              @client.call "console.write", console_id, "exploit\n"
-            else
-              return "Unsupported"
-            end
-
-            # do an initial read of the module's output
-            module_output = @client.call("console.read", console_id)
-            module_output_data_string = "#{module_output['data']}"
-          
-            return "Module Error" if module_output["result"] == "failure"
-
-            until (module_output["busy"] == false) do
-              module_output = @client.call("console.read", console_id)
-              module_output_data_string += "#{module_output['data']}"
-              return "Module Error" if module_output["result"] == "failure"
-            end
-
-            # Clean up 
-            @client.call("console.destroy", console_id)
-
-          module_output_data_string
-          end
-
 
           #
           # This module runs a number of discovery modules
           #
-          def discover_host(host)
+          def discover_range(range)
 
-            #
-            # 
             # Other Potential options
             #  - auxiliary/scanner/smb/pipe_auditor
             #  - auxiliary/scanner/smb/pipe_dcerpc_auditor
@@ -120,45 +16,45 @@ module Msf
             #  - auxiliary/scanner/smb/smb_enumusers
             modules_and_options = [ 
               {:module_name => "auxiliary/scanner/http/http_version", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/http/cert", 
-              # :module_option_string => "RHOSTS #{host}" },
+              # :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/ftp/ftp_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/h323/h323_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/imap/imap_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/portscan/syn",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/portscan/tcp",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/lotus/lotus_domino_version",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/mysql/mysql_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/netbios/nbname",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/netbios/nbname_probe",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/pop3/pop3_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/postgres/postgres_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/smb/smb_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/snmp/snmp_enum",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/ssh/ssh_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/telnet/telnet_version",
-              :module_option_string => "RHOSTS #{host}" },
+              :module_option_string => "RHOSTS #{range}" },
               #{:module_name => "auxiliary/scanner/vmware/vmauthd_version",
-              #:module_option_string => "RHOSTS #{host}" },
+              #:module_option_string => "RHOSTS #{range}" },
             ]
 
             # This is a naive and horrible way of doing it, but let's just knock 
@@ -182,29 +78,29 @@ module Msf
           #
           # This module runs a number of _login modules
           #
-          def bruteforce_host(host)
+          def bruteforce_range(range)
 
             modules_and_options = [
               {:module_name => "auxiliary/scanner/ftp/ftp_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/http/http_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/smb/smb_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/mssql/mssql_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/mysql/mysql_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/pop3/pop3_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/smb/smb_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/snmp/snmp_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/ssh/ssh_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
               {:module_name => "auxiliary/scanner/telnet/telnet_login", 
-               :module_option_string => "RHOSTS #{host}" },
+               :module_option_string => "RHOSTS #{range}" },
             ]
 
             # This is a naive and horrible way of doing it, but let's just knock 
@@ -228,10 +124,88 @@ module Msf
           #
           # This module runs a number of exploit modules
           #
-          def exploit_host(host)
+          def exploit_range(range)
             return "Not Implemented"
           end
 
+          #
+          # This module simply runs a module
+          #
+          def execute_module_and_return_output(options)
+            module_name = options[:module_name]
+            #module_options = options[:module_options]
+            module_option_string = options[:module_option_string]
+
+            # split up the module name into type / name
+            module_type = module_name.split("/").first
+            raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type  
+            
+            #module_options["TARGET"] = 0 unless module_options["TARGET"]
+
+            #info = @client.call("module.execute", module_type, module_name, module_options)
+            #@client.call("job.info", info["job_id"])
+
+            # The module output will be not available when run this way; to 
+            # capture the result of the print_* commands, you have to set the
+            # output driver of the module to something you can read from (Buffer,
+            # File, etc). For your use case, the best bet is to run the module 
+            # via the Console API instead of module.execute, and use that to read
+            # the output from the console itself, which provides buffer output for you.
+
+            # Create the console and get its id
+            console = @client.call("console.create")
+            console_id = console["id"]
+
+            # Do an initial read / discard to pull out the banner
+            @client.call("console.read", console_id)
+
+            # Move to the context of our module
+            @client.call("console.write", console_id, "use #{module_name}\n")
+
+            # Set up the module's datastore
+            module_option_string.split(",").each do |module_option|
+              @client.call "console.write", console_id, "set #{module_option}\n"
+              @client.call("console.read", console_id)
+            end
+
+            # Ugh, this is horrible, but the read call is currently racey
+            5.times do 
+              @client.call("console.read", console_id)
+            end
+
+            # Depending on the module_type, kick off the module
+            if module_type == "auxiliary"
+              @client.call "console.write", console_id, "run\n"
+            elsif module_type == "exploit"
+              @client.call "console.write", console_id, "exploit\n"
+            else
+              return "Unsupported"
+            end
+
+            # do an initial read of the module's output
+            module_output = @client.call("console.read", console_id)
+            module_output_data_string = "#{module_output['data']}"
+          
+            return "Module Error" if module_output["result"] == "failure"
+
+            while module_output["busy"] do
+              module_output = @client.call("console.read", console_id)
+              module_output_data_string += "#{module_output['data']}"
+              return "Module Error" if module_output["result"] == "failure"
+            end
+
+            # Ugh, this is horrible, but the read call is currently racey
+            5.times do
+              module_output = @client.call("console.read", console_id)
+              module_output_data_string += "#{module_output['data']}"
+            end
+
+            # Clean up 
+            @client.call("console.destroy", console_id)
+
+          module_output_data_string
+          end
+
         end
       end
     end

data/lib/msfrpc-simple/version.rb

@@ -1,7 +1,7 @@
 module Msf
   module RPC
     module Simple
-      VERSION = "0.0.4"
+      VERSION = "0.0.5"
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: msfrpc-simple
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease: 
 platform: ruby
 authors: