if host_records: def host_to_ip(host_rec): if isinstance(host_rec, (int, str)): host_rec = get_host_record(host_rec) if not host_rec: return None return host_rec.get('f_ipaddr') target_ips = '\n'.join([host_to_ip(x) for x in host_records.split('|')]) else: target_ips = '' module_list = [] alert = False msf = MetasploitProAPI(host=msf_settings['url'], apikey=msf_settings['key']) try: module_list = msf.module_list(modtype='exploits').get('modules') except MSFProAPIError, error: return dict(alert=True, error=str(error), form=None) form = SQLFORM.factory( Field('targets', 'text', default=target_ips, label=T('Targets'), requires=IS_NOT_EMPTY(), comment=T('Targets to scan can be IP Addresses, ranged lists or subnets. One per line.') ), Field('blacklist_hosts', 'text', label=T('Blacklisted Targets'), comment=T('Targets to blacklist can be IP Addresses, ranged lists or subnets. One per line.') ), Field('ports', 'string', default='1-65535', label=T('Ports'), requires=IS_NOT_EMPTY(), comment=T('List of ports to match exploits to. Example: 21-23,80,443,8000-8999') ), Field('blacklist_ports', 'string', label=T('Blacklisted Ports'), comment=T('List of ports to not exploit. Example: 21-23,80,443,8000-8999')
def exploit(): """ Launches Metasploit Pro Exploit based upon a list of host records """ response.title = "%s :: Metasploit Pro Exploit" % (settings.title) msf_settings = msf_get_config(session) try: from MetasploitProAPI import MetasploitProAPI, MSFProAPIError except ImportError as error: return dict(alert=True, error=str(error), form=None) host_records = request.vars.host_records if host_records: def host_to_ip(host_rec): if isinstance(host_rec, (int, str)): host_rec = get_host_record(host_rec) if not host_rec: return None return host_rec.get('f_ipaddr') target_ips = '\n'.join( [host_to_ip(x) for x in host_records.split('|')]) else: target_ips = '' module_list = [] alert = False msf = MetasploitProAPI(host=msf_settings['url'], apikey=msf_settings['key']) try: module_list = msf.module_list(modtype='exploits').get('modules') except MSFProAPIError as error: return dict(alert=True, error=str(error), form=None) form = SQLFORM.factory( Field( 'targets', 'text', default=target_ips, label=T('Targets'), requires=IS_NOT_EMPTY(), comment= T('Targets to scan can be IP Addresses, ranged lists or subnets. One per line.' )), Field( 'blacklist_hosts', 'text', label=T('Blacklisted Targets'), comment= T('Targets to blacklist can be IP Addresses, ranged lists or subnets. One per line.' )), Field( 'ports', 'string', default='1-65535', label=T('Ports'), requires=IS_NOT_EMPTY(), comment= T('List of ports to match exploits to. Example: 21-23,80,443,8000-8999' )), Field( 'blacklist_ports', 'string', label=T('Blacklisted Ports'), comment=T( 'List of ports to not exploit. Example: 21-23,80,443,8000-8999' )), Field('min_rank', 'string', default='great', label=T('Minmum Exploit Rank'), requires=IS_IN_SET( ['low', 'average', 'normal', 'good', 'great', 'excellent']), comment=T('Minimum reliability level of exploits to include')), Field('exploit_speed', 'integer', default=5, label=T('Parallel Exploits'), requires=IS_INT_IN_RANGE(1, 11), comment=T('How many exploits to run in parallel (1-10)')), Field('exploit_timeout', 'integer', default=5, label=T('Timeout (in minutes)'), requires=IS_INT_IN_RANGE(0, 1440), comment=T( 'Maximum time (in minutes) an exploit is allowed to run')), Field('limit_sessions', 'boolean', default=True, label=T('Limit sessions'), comment=T('Limit sessions to only one per exploited host')), Field( 'ignore_fragile', 'boolean', default=True, label=T('Skip "fragile" devices'), comment= T('Avoid exploit attempts on fragile systems such as network devices and printers.' )), Field( 'filter_by_os', 'boolean', default=True, label=T('OS'), comment= T('Match exploits to Operating System, known vulnerabilities or ports' )), Field('filter_by_vuln', 'boolean', default=True, label=T('Vulnerabilities')), Field('filter_by_ports', 'boolean', default=True, label=T('Ports')), Field('dry_run', 'boolean', default=False, label=T('Dry run'), comment=T('Prepare for execution but do nothing')), Field('payload', 'string', default='auto', label=T('Payload method'), requires=IS_IN_SET(['auto', 'reverse', 'bind'])), Field('payload_type', 'string', default='meterpreter', label=T('Paylod type'), requires=IS_IN_SET(['meterpreter', 'shell'])), Field('payload_ports', 'string', default='4000-5000', label=T('Payload ports'), requires=IS_NOT_EMPTY(), comment=T('Port range for reverse/connect payloads')), Field('evasion_tcp', 'integer', default=0, label=T('TCP Evasion Level'), requires=IS_INT_IN_RANGE(0, 4)), Field('evasion_app', 'integer', default=0, label=T('Application Evasion'), requires=IS_INT_IN_RANGE(0, 4)), Field( 'modules', 'list:string', label=T('Specifc Module(s)'), requires=IS_EMPTY_OR(IS_IN_SET(module_list, multiple=True)), comment= T('A whitelist of modules to execute, by default all that match are tried' )), table_name='msfpro_exploit', _class="form-horizontal") if form.process().accepted: args = { 'workspace': msf_settings['workspace'], 'username': msf_settings['user'], 'DS_WHITELIST_HOSTS': form.vars.targets, 'DS_BLACKLIST_HOSTS': form.vars.blacklist_hosts, 'DS_WHITELIST_PORTS': form.vars.ports, 'DS_BLACKLIST_PORTS': form.vars.blacklist_ports, 'DS_MinimumRank': form.vars.min_rank, 'DS_EXPLOIT_SPEED': form.vars.exploit_speed, 'DS_EXPLOIT_TIMEOUT': form.vars.exploit_timeout, 'DS_LimitSessions': form.vars.limit_sessions, 'DS_IgnoreFragileDevices': form.vars.ignore_fragile, 'DS_FilterByOS': form.vars.filter_by_os, 'DS_MATCH_VULNS': form.vars.filter_by_vuln, 'DS_MATCH_PORTS': form.vars.filter_by_ports, 'DS_OnlyMatch': form.vars.dry_run, 'DS_PAYLOAD_METHOD': form.vars.payload, 'DS_PAYLOAD_TYPE': form.vars.payload_type, 'DS_PAYLOAD_PORTS': form.vars.payload_ports, 'DS_EVASION_LEVEL_TCP': form.vars.evasion_tcp, 'DS_EVASION_LEVEL_APP': form.vars.evasion_app, #'DS_ModuleFilter': form.vars.filter_by_os, } task = msf.start_exploit(args) msfurl = os.path.join(msf_settings['url'], 'workspaces', msf_settings['workspace_num'], 'tasks', task['task_id']) redirect(msfurl) elif form.errors: response.flash = "Error in form" return dict(form=form, alert=alert)
if host_records: def host_to_ip(host_rec): if isinstance(host_rec, (int, str)): host_rec = get_host_record(host_rec) if not host_rec: return None return host_rec.get('f_ipaddr') target_ips = '\n'.join([host_to_ip(x) for x in host_records.split('|')]) else: target_ips = '' module_list = [] alert = False msf = MetasploitProAPI(host=msf_settings['url'], apikey=msf_settings['key']) try: module_list = msf.module_list(modtype='exploits').get('modules') except MSFProAPIError, error: return dict(alert=True, error=str(error), form=None) form = SQLFORM.factory( Field('targets', 'text', default=target_ips, label=T('Targets'), requires=IS_NOT_EMPTY(), comment=T('Targets to scan can be IP Addresses, ranged lists or subnets. One per line.') ), Field('blacklist_hosts', 'text', label=T('Blacklisted Targets'), comment=T('Targets to blacklist can be IP Addresses, ranged lists or subnets. One per line.') ), Field('ports', 'string', default='1-65535', label=T('Ports'), requires=IS_NOT_EMPTY(), comment=T('List of ports to match exploits to. Example: 21-23,80,443,8000-8999') ), Field('blacklist_ports', 'string', label=T('Blacklisted Ports'), comment=T('List of ports to not exploit. Example: 21-23,80,443,8000-8999')