msfrpc-simple 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/msfrpc-simple/features/framework.rb +60 -96
  2. data/lib/msfrpc-simple/version.rb +1 -1
  3. metadata +1 -1
data/lib/msfrpc-simple/features/framework.rb CHANGED
@@ -15,63 +15,39 @@ module Msf
15
15
  # - auxiliary/scanner/smb/smb_enumshares
16
16
  # - auxiliary/scanner/smb/smb_enumusers
17
17
  modules_and_options = [
18
- {:module_name => "auxiliary/scanner/http/http_version",
19
- :module_option_string => "RHOSTS #{range}" },
20
- #{:module_name => "auxiliary/scanner/http/cert",
21
- # :module_option_string => "RHOSTS #{range}" },
22
- {:module_name => "auxiliary/scanner/ftp/ftp_version",
23
- :module_option_string => "RHOSTS #{range}" },
24
- {:module_name => "auxiliary/scanner/h323/h323_version",
25
- :module_option_string => "RHOSTS #{range}" },
26
- {:module_name => "auxiliary/scanner/imap/imap_version",
27
- :module_option_string => "RHOSTS #{range}" },
28
- #{:module_name => "auxiliary/scanner/portscan/syn",
29
- #:module_option_string => "RHOSTS #{range}" },
30
- #{:module_name => "auxiliary/scanner/portscan/tcp",
31
- #:module_option_string => "RHOSTS #{range}" },
32
- #{:module_name => "auxiliary/scanner/lotus/lotus_domino_version",
33
- #:module_option_string => "RHOSTS #{range}" },
34
- {:module_name => "auxiliary/scanner/mysql/mysql_version",
35
- :module_option_string => "RHOSTS #{range}" },
36
- #{:module_name => "auxiliary/scanner/netbios/nbname",
37
- #:module_option_string => "RHOSTS #{range}" },
38
- #{:module_name => "auxiliary/scanner/netbios/nbname_probe",
39
- #:module_option_string => "RHOSTS #{range}" },
40
- #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp",
41
- #:module_option_string => "RHOSTS #{range}" },
42
- #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp",
43
- #:module_option_string => "RHOSTS #{range}" },
44
- {:module_name => "auxiliary/scanner/pop3/pop3_version",
45
- :module_option_string => "RHOSTS #{range}" },
46
- {:module_name => "auxiliary/scanner/postgres/postgres_version",
47
- :module_option_string => "RHOSTS #{range}" },
48
- {:module_name => "auxiliary/scanner/smb/smb_version",
49
- :module_option_string => "RHOSTS #{range}" },
50
- {:module_name => "auxiliary/scanner/snmp/snmp_enum",
51
- :module_option_string => "RHOSTS #{range}" },
52
- {:module_name => "auxiliary/scanner/ssh/ssh_version",
53
- :module_option_string => "RHOSTS #{range}" },
54
- {:module_name => "auxiliary/scanner/telnet/telnet_version",
55
- :module_option_string => "RHOSTS #{range}" },
56
- #{:module_name => "auxiliary/scanner/vmware/vmauthd_version",
57
- #:module_option_string => "RHOSTS #{range}" },
18
+ {:module_name => "auxiliary/scanner/http/http_version"},
19
+ #{:module_name => "auxiliary/scanner/http/cert"},
20
+ {:module_name => "auxiliary/scanner/ftp/ftp_version"},
21
+ {:module_name => "auxiliary/scanner/h323/h323_version"},
22
+ {:module_name => "auxiliary/scanner/imap/imap_version"},
23
+ #{:module_name => "auxiliary/scanner/portscan/syn"},
24
+ #{:module_name => "auxiliary/scanner/portscan/tcp"},
25
+ #{:module_name => "auxiliary/scanner/lotus/lotus_domino_version"},
26
+ {:module_name => "auxiliary/scanner/mysql/mysql_version"},
27
+ #{:module_name => "auxiliary/scanner/netbios/nbname"},
28
+ #{:module_name => "auxiliary/scanner/netbios/nbname_probe"},
29
+ #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp"},
30
+ #{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp"},
31
+ {:module_name => "auxiliary/scanner/pop3/pop3_version"},
32
+ {:module_name => "auxiliary/scanner/postgres/postgres_version"},
33
+ {:module_name => "auxiliary/scanner/smb/smb_version"},
34
+ {:module_name => "auxiliary/scanner/snmp/snmp_enum"},
35
+ {:module_name => "auxiliary/scanner/ssh/ssh_version"},
36
+ {:module_name => "auxiliary/scanner/telnet/telnet_version"},
37
+ #{:module_name => "auxiliary/scanner/vmware/vmauthd_version"},
58
38
  ]
59
39
 
60
- # This is a naive and horrible way of doing it, but let's just knock
61
- # out the basic thing first. For each module in our list...
62
- module_output_data_string = ""
63
- modules_and_options.each do |module_and_options|
64
-
65
- module_name = module_and_options[:module_name]
66
- module_option_string = module_and_options[:module_option_string]
40
+ output = ""
41
+ module_list.each do |m|
42
+ # Merge in default options
43
+ m[:module_option_string] = "RHOSTS #{range}"
67
44
 
68
45
  # store this module's name in the output
69
- module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
70
-
71
- module_output_data_string += execute_module_and_return_output(module_and_options)
46
+ output += "=== #{m[:module_name]} ===\n"
47
+ output += execute_module_and_return_output(m)
72
48
  end
73
49
 
74
- module_output_data_string
50
+ output
75
51
  end
76
52
 
77
53
 
@@ -80,45 +56,30 @@ module Msf
80
56
  #
81
57
  def bruteforce_range(range)
82
58
 
83
- modules_and_options = [
84
- {:module_name => "auxiliary/scanner/ftp/ftp_login",
85
- :module_option_string => "RHOSTS #{range}" },
86
- {:module_name => "auxiliary/scanner/http/http_login",
87
- :module_option_string => "RHOSTS #{range}" },
88
- {:module_name => "auxiliary/scanner/smb/smb_login",
89
- :module_option_string => "RHOSTS #{range}" },
90
- {:module_name => "auxiliary/scanner/mssql/mssql_login",
91
- :module_option_string => "RHOSTS #{range}" },
92
- {:module_name => "auxiliary/scanner/mysql/mysql_login",
93
- :module_option_string => "RHOSTS #{range}" },
94
- {:module_name => "auxiliary/scanner/pop3/pop3_login",
95
- :module_option_string => "RHOSTS #{range}" },
96
- {:module_name => "auxiliary/scanner/smb/smb_login",
97
- :module_option_string => "RHOSTS #{range}" },
98
- {:module_name => "auxiliary/scanner/snmp/snmp_login",
99
- :module_option_string => "RHOSTS #{range}" },
100
- {:module_name => "auxiliary/scanner/ssh/ssh_login",
101
- :module_option_string => "RHOSTS #{range}" },
102
- {:module_name => "auxiliary/scanner/telnet/telnet_login",
103
- :module_option_string => "RHOSTS #{range}" },
59
+ module_list = [
60
+ #{:module_name => "auxiliary/scanner/ftp/ftp_login"},
61
+ #{:module_name => "auxiliary/scanner/http/http_login"},
62
+ #{:module_name => "auxiliary/scanner/smb/smb_login"},
63
+ #{:module_name => "auxiliary/scanner/mssql/mssql_login"},
64
+ #{:module_name => "auxiliary/scanner/mysql/mysql_login"},
65
+ #{:module_name => "auxiliary/scanner/pop3/pop3_login"},
66
+ #{:module_name => "auxiliary/scanner/smb/smb_login"},
67
+ #{:module_name => "auxiliary/scanner/snmp/snmp_login"},
68
+ {:module_name => "auxiliary/scanner/ssh/ssh_login"},
69
+ #{:module_name => "auxiliary/scanner/telnet/telnet_login"},
104
70
  ]
105
71
 
106
- # This is a naive and horrible way of doing it, but let's just knock
107
- # out the basic thing first. For each module in our list...
108
- module_output_data_string = ""
109
- modules_and_options.each do |module_and_options|
110
-
111
- module_name = module_and_options[:module_name]
112
- module_option_string = module_and_options[:module_option_string]
72
+ output = ""
73
+ module_list.each do |m|
74
+ #m[:module_option_string] = "RHOSTS #{range}, USER_FILE /opt/metasploit/msf3/data/wordlists/unix_users.txt, PASS_FILE /opt/metasploit/msf3/data/wordlists/unix_passwords.txt"
75
+ m[:module_option_string] = "RHOSTS #{range}, USERNAME root, PASSWORD root"
113
76
 
114
77
  # store this module's name in the output
115
- module_output_data_string += "=== #{module_name} #{module_option_string} ===\n"
116
-
117
- module_output_data_string += execute_module_and_return_output(module_and_options)
78
+ output += "=== #{m[:module_name]} ===\n"
79
+ output += execute_module_and_return_output(m)
118
80
  end
119
81
 
120
- module_output_data_string
121
-
82
+ output
122
83
  end
123
84
 
124
85
  #
@@ -133,14 +94,16 @@ module Msf
133
94
  #
134
95
  def execute_module_and_return_output(options)
135
96
  module_name = options[:module_name]
136
- #module_options = options[:module_options]
137
97
  module_option_string = options[:module_option_string]
138
98
 
99
+ puts "module: #{module_name}"
100
+ puts "options: #{module_option_string}"
101
+
139
102
  # split up the module name into type / name
140
103
  module_type = module_name.split("/").first
141
104
  raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type
142
105
 
143
- #module_options["TARGET"] = 0 unless module_options["TARGET"]
106
+ # TODO - we may have to deal w/ targets somehow
144
107
 
145
108
  #info = @client.call("module.execute", module_type, module_name, module_options)
146
109
  #@client.call("job.info", info["job_id"])
@@ -151,6 +114,7 @@ module Msf
151
114
  # File, etc). For your use case, the best bet is to run the module
152
115
  # via the Console API instead of module.execute, and use that to read
153
116
  # the output from the console itself, which provides buffer output for you.
117
+ output = ""
154
118
 
155
119
  # Create the console and get its id
156
120
  console = @client.call("console.create")
@@ -165,12 +129,14 @@ module Msf
165
129
  # Set up the module's datastore
166
130
  module_option_string.split(",").each do |module_option|
167
131
  @client.call "console.write", console_id, "set #{module_option}\n"
168
- @client.call("console.read", console_id)
132
+ module_output = @client.call("console.read", console_id)
133
+ output += "#{module_output['data']}"
169
134
  end
170
135
 
171
136
  # Ugh, this is horrible, but the read call is currently racey
172
- 5.times do
173
- @client.call("console.read", console_id)
137
+ 5.times do
138
+ module_output = @client.call("console.read", console_id)
139
+ output += "#{module_output['data']}"
174
140
  end
175
141
 
176
142
  # Depending on the module_type, kick off the module
@@ -184,26 +150,24 @@ module Msf
184
150
 
185
151
  # do an initial read of the module's output
186
152
  module_output = @client.call("console.read", console_id)
187
- module_output_data_string = "#{module_output['data']}"
153
+ output += "#{module_output['data']}"
188
154
 
189
- return "Module Error" if module_output["result"] == "failure"
190
-
191
- while module_output["busy"] do
155
+ until !module_output["busy"] do
192
156
  module_output = @client.call("console.read", console_id)
193
- module_output_data_string += "#{module_output['data']}"
157
+ output += "#{module_output['data']}"
194
158
  return "Module Error" if module_output["result"] == "failure"
195
159
  end
196
160
 
197
161
  # Ugh, this is horrible, but the read call is currently racey
198
162
  5.times do
199
163
  module_output = @client.call("console.read", console_id)
200
- module_output_data_string += "#{module_output['data']}"
164
+ output += "#{module_output['data']}"
201
165
  end
202
166
 
203
167
  # Clean up
204
168
  @client.call("console.destroy", console_id)
205
169
 
206
- module_output_data_string
170
+ output
207
171
  end
208
172
 
209
173
  end
data/lib/msfrpc-simple/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Msf
2
2
  module RPC
3
3
  module Simple
4
- VERSION = "0.0.5"
4
+ VERSION = "0.0.6"
5
5
  end
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: msfrpc-simple
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors: