Module: Metasploit

Defined in:

lib/metasploit/framework.rb,
app/validators/metasploit/framework/file_path_validator.rb,
app/validators/metasploit/framework/executable_path_validator.rb,
lib/msf/core/modules/external/ruby/metasploit.rb,
lib/metasploit/framework/api.rb,
lib/metasploit/framework/core.rb,
lib/metasploit/framework/engine.rb,
lib/metasploit/framework/hashes.rb,
lib/metasploit/framework/command.rb,
lib/metasploit/framework/require.rb,
lib/metasploit/framework/version.rb,
lib/metasploit/framework/database.rb,
lib/metasploit/framework/profiler.rb,
lib/metasploit/framework/afp/client.rb,
lib/metasploit/framework/aws/client.rb,
lib/metasploit/framework/credential.rb,
lib/metasploit/framework/ftp/client.rb,
lib/metasploit/framework/tcp/client.rb,
lib/metasploit/framework/api/version.rb,
lib/metasploit/framework/ldap/client.rb,
lib/metasploit/framework/ntds/parser.rb,
lib/metasploit/framework/core/version.rb,
lib/metasploit/framework/data_service.rb,
lib/metasploit/framework/ntds/account.rb,
lib/metasploit/framework/ssh/platform.rb,
lib/metasploit/framework/login_scanner.rb,
lib/metasploit/framework/telnet/client.rb,
lib/metasploit/framework/compiler/mingw.rb,
lib/metasploit/framework/compiler/utils.rb,
lib/metasploit/framework/parsed_options.rb,
lib/metasploit/framework/varnish/client.rb,
lib/metasploit/framework/compiler/windows.rb,
lib/metasploit/framework/login_scanner/x3.rb,
lib/metasploit/framework/login_scanner/afp.rb,
lib/metasploit/framework/login_scanner/db2.rb,
lib/metasploit/framework/login_scanner/ftp.rb,
lib/metasploit/framework/login_scanner/smb.rb,
lib/metasploit/framework/login_scanner/smh.rb,
lib/metasploit/framework/login_scanner/ssh.rb,
lib/metasploit/framework/login_scanner/vnc.rb,
lib/metasploit/framework/login_scanner/acpp.rb,
lib/metasploit/framework/login_scanner/amqp.rb,
lib/metasploit/framework/login_scanner/base.rb,
lib/metasploit/framework/login_scanner/http.rb,
lib/metasploit/framework/login_scanner/ldap.rb,
lib/metasploit/framework/login_scanner/mqtt.rb,
lib/metasploit/framework/login_scanner/ntlm.rb,
lib/metasploit/framework/login_scanner/pop3.rb,
lib/metasploit/framework/login_scanner/snmp.rb,
lib/metasploit/framework/spec/threads/suite.rb,
lib/metasploit/framework/login_scanner/axis2.rb,
lib/metasploit/framework/login_scanner/mssql.rb,
lib/metasploit/framework/login_scanner/mysql.rb,
lib/metasploit/framework/login_scanner/redis.rb,
lib/metasploit/framework/login_scanner/winrm.rb,
lib/metasploit/framework/login_scanner/caidao.rb,
lib/metasploit/framework/login_scanner/gitlab.rb,
lib/metasploit/framework/login_scanner/nessus.rb,
lib/metasploit/framework/login_scanner/result.rb,
lib/metasploit/framework/login_scanner/telnet.rb,
lib/metasploit/framework/login_scanner/tomcat.rb,
lib/metasploit/framework/login_scanner/zabbix.rb,
lib/metasploit/framework/compiler/headers/base.rb,
lib/metasploit/framework/login_scanner/buffalo.rb,
lib/metasploit/framework/login_scanner/invalid.rb,
lib/metasploit/framework/login_scanner/ipboard.rb,
lib/metasploit/framework/login_scanner/jenkins.rb,
lib/metasploit/framework/login_scanner/jupyter.rb,
lib/metasploit/framework/login_scanner/varnish.rb,
lib/metasploit/framework/login_scanner/vmauthd.rb,
lib/metasploit/framework/login_scanner/kerberos.rb,
lib/metasploit/framework/login_scanner/postgres.rb,
lib/metasploit/framework/spec/untested_payloads.rb,
lib/metasploit/framework/data_service/proxy/core.rb,
lib/metasploit/framework/login_scanner/glassfish.rb,
lib/metasploit/framework/compiler/headers/windows.rb,
lib/metasploit/framework/login_scanner/chef_webui.rb,
lib/metasploit/framework/login_scanner/phpmyadmin.rb,
lib/metasploit/framework/login_scanner/rex_socket.rb,
lib/metasploit/framework/rails_version_constraint.rb,
lib/metasploit/framework/login_scanner/directadmin.rb,
lib/metasploit/framework/login_scanner/mybook_live.rb,
lib/metasploit/framework/login_scanner/softing_sis.rb,
lib/metasploit/framework/password_crackers/cracker.rb,
lib/metasploit/framework/password_crackers/wordlist.rb,
lib/metasploit/framework/community_string_collection.rb,
lib/metasploit/framework/login_scanner/octopusdeploy.rb,
lib/metasploit/framework/login_scanner/wordpress_rpc.rb,
lib/metasploit/framework/data_service/remote/http/core.rb,
lib/metasploit/framework/login_scanner/cisco_firepower.rb,
lib/metasploit/framework/data_service/remote/http/error.rb,
lib/metasploit/framework/login_scanner/bavision_cameras.rb,
lib/metasploit/framework/obfuscation/crandomizer/parser.rb,
lib/metasploit/framework/obfuscation/crandomizer/utility.rb,
lib/metasploit/framework/password_crackers/jtr/formatter.rb,
lib/metasploit/framework/obfuscation/crandomizer/modifier.rb,
lib/metasploit/framework/login_scanner/advantech_webaccess.rb,
lib/metasploit/framework/login_scanner/wordpress_multicall.rb,
lib/metasploit/framework/login_scanner/symantec_web_gateway.rb,
lib/metasploit/framework/password_crackers/invalid_wordlist.rb,
lib/metasploit/framework/password_crackers/hashcat/formatter.rb,
lib/metasploit/framework/login_scanner/freeswitch_event_socket.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/if.rb,
lib/metasploit/framework/login_scanner/syncovery_file_sync_backup.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/base.rb,
lib/metasploit/framework/obfuscation/crandomizer/random_statements.rb,
lib/metasploit/framework/login_scanner/manageengine_desktop_central.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/malloc.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/printf.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/switch.rb,
lib/metasploit/framework/login_scanner/wowza_streaming_engine_manager.rb,
lib/metasploit/framework/data_service/remote/managed_remote_data_service.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/gettickcount.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/fake_function.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/int_assignments.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/uninit_variables.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/outputdebugstring.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/string_assignments.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/fake_function_collection.rb

Overview

Parent data service for managing metasploit data in/on a separate process/machine over HTTP(s)

Defined Under Namespace

Modules: Framework

Class Attribute Summary

• .logging_prefix ⇒ Object

  Returns the value of attribute logging_prefix.

Class Method Summary

• .log(message, level: 'debug') ⇒ Object
• .report(kind, data) ⇒ Object
• .report_correct_password(username, password, **opts) ⇒ Object
• .report_host(ip, **opts) ⇒ Object
• .report_service(ip, **opts) ⇒ Object
• .report_vuln(ip, name, **opts) ⇒ Object
• .report_wrong_password(username, password, **opts) ⇒ Object
• .rpc_send(req) ⇒ Object
• .run(metadata, callback, soft_check: nil) ⇒ Object

Class Attribute Details

.logging_prefix ⇒ Object

Returns the value of attribute logging_prefix.

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 5

def logging_prefix
  @logging_prefix
end

Class Method Details

.log(message, level: 'debug') ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 7

def log(message, level: 'debug')
  rpc_send({
    jsonrpc: '2.0', method: 'message', params: {
      level: level,
      message: self.logging_prefix + message
    }
  })
end

.report(kind, data) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 71

def report(kind, data)
  rpc_send({
    jsonrpc: '2.0', method: 'report', params: {
      type: kind, data: data
    }
  })
end

.report_correct_password(username, password, **opts) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 28

def report_correct_password(username, password, **opts)
  report(:correct_password, opts.merge(username: username, password: password))
end

.report_host(ip, **opts) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 16

def report_host(ip, **opts)
  report(:host, opts.merge(host: ip))
end

.report_service(ip, **opts) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 20

def report_service(ip, **opts)
  report(:service, opts.merge(host: ip))
end

.report_vuln(ip, name, **opts) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 24

def report_vuln(ip, name, **opts)
  report(:vuln, opts.merge(host: ip, name: name))
end

.report_wrong_password(username, password, **opts) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 32

def report_wrong_password(username, password, **opts)
  report(:wrong_password, opts.merge(username: username, password: password))
end

.rpc_send(req) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 79

def rpc_send(req)
  puts JSON.generate(req)
  $stdout.flush
end

.run(metadata, callback, soft_check: nil) ⇒ Object

# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 36

def run(metadata, callback, soft_check: nil)
  self.logging_prefix = ''
  cb = nil
  req = JSON.parse($stdin.readpartial(10000), symbolize_names: true)
  if req[:method] == 'describe'
    capabilities = []
    capabilities << 'soft_check' if soft_check

    meta = metadata.merge(capabilities: capabilities)
    rpc_send({
      jsonrpc: '2.0', id: req[:id], result: meta
    })
  elsif req[:method] == 'soft_check'
    if soft_check
      cb = soft_check
    else
      rpc_send({
        jsonrpc: '2.0', id: req[:id], error: {code: -32601, message: 'Soft checks are not supported'}
      })
    end
  elsif req[:method] == 'run'
    cb = callback
  end

  if cb
    ret = cb.call req[:params]
    rpc_send({
      jsonrpc: '2.0', id: req[:id], result: {
        message: 'Module completed',
        'return' => ret
      }
    })
  end
end