if host_records:
def host_to_ip(host_rec):
if isinstance(host_rec, (int, str)):
host_rec = get_host_record(host_rec)
if not host_rec:
return None
return host_rec.get('f_ipaddr')
target_ips = '\n'.join([host_to_ip(x) for x in host_records.split('|')])
else:
target_ips = ''
module_list = []
alert = False
msf = MetasploitProAPI(host=msf_settings['url'], apikey=msf_settings['key'])
try:
module_list = msf.module_list(modtype='exploits').get('modules')
except MSFProAPIError, error:
return dict(alert=True, error=str(error), form=None)
form = SQLFORM.factory(
Field('targets', 'text', default=target_ips, label=T('Targets'), requires=IS_NOT_EMPTY(),
comment=T('Targets to scan can be IP Addresses, ranged lists or subnets. One per line.')
),
Field('blacklist_hosts', 'text', label=T('Blacklisted Targets'),
comment=T('Targets to blacklist can be IP Addresses, ranged lists or subnets. One per line.')
),
Field('ports', 'string', default='1-65535', label=T('Ports'), requires=IS_NOT_EMPTY(),
comment=T('List of ports to match exploits to. Example: 21-23,80,443,8000-8999')
),
Field('blacklist_ports', 'string', label=T('Blacklisted Ports'),
comment=T('List of ports to not exploit. Example: 21-23,80,443,8000-8999')
def exploit():
"""
Launches Metasploit Pro Exploit based upon a list of host records
"""
response.title = "%s :: Metasploit Pro Exploit" % (settings.title)
msf_settings = msf_get_config(session)
try:
from MetasploitProAPI import MetasploitProAPI, MSFProAPIError
except ImportError as error:
return dict(alert=True, error=str(error), form=None)
host_records = request.vars.host_records
if host_records:
def host_to_ip(host_rec):
if isinstance(host_rec, (int, str)):
host_rec = get_host_record(host_rec)
if not host_rec:
return None
return host_rec.get('f_ipaddr')
target_ips = '\n'.join(
[host_to_ip(x) for x in host_records.split('|')])
else:
target_ips = ''
module_list = []
alert = False
msf = MetasploitProAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
try:
module_list = msf.module_list(modtype='exploits').get('modules')
except MSFProAPIError as error:
return dict(alert=True, error=str(error), form=None)
form = SQLFORM.factory(
Field(
'targets',
'text',
default=target_ips,
label=T('Targets'),
requires=IS_NOT_EMPTY(),
comment=
T('Targets to scan can be IP Addresses, ranged lists or subnets. One per line.'
)),
Field(
'blacklist_hosts',
'text',
label=T('Blacklisted Targets'),
comment=
T('Targets to blacklist can be IP Addresses, ranged lists or subnets. One per line.'
)),
Field(
'ports',
'string',
default='1-65535',
label=T('Ports'),
requires=IS_NOT_EMPTY(),
comment=
T('List of ports to match exploits to. Example: 21-23,80,443,8000-8999'
)),
Field(
'blacklist_ports',
'string',
label=T('Blacklisted Ports'),
comment=T(
'List of ports to not exploit. Example: 21-23,80,443,8000-8999'
)),
Field('min_rank',
'string',
default='great',
label=T('Minmum Exploit Rank'),
requires=IS_IN_SET(
['low', 'average', 'normal', 'good', 'great', 'excellent']),
comment=T('Minimum reliability level of exploits to include')),
Field('exploit_speed',
'integer',
default=5,
label=T('Parallel Exploits'),
requires=IS_INT_IN_RANGE(1, 11),
comment=T('How many exploits to run in parallel (1-10)')),
Field('exploit_timeout',
'integer',
default=5,
label=T('Timeout (in minutes)'),
requires=IS_INT_IN_RANGE(0, 1440),
comment=T(
'Maximum time (in minutes) an exploit is allowed to run')),
Field('limit_sessions',
'boolean',
default=True,
label=T('Limit sessions'),
comment=T('Limit sessions to only one per exploited host')),
Field(
'ignore_fragile',
'boolean',
default=True,
label=T('Skip "fragile" devices'),
comment=
T('Avoid exploit attempts on fragile systems such as network devices and printers.'
)),
Field(
'filter_by_os',
'boolean',
default=True,
label=T('OS'),
comment=
T('Match exploits to Operating System, known vulnerabilities or ports'
)),
Field('filter_by_vuln',
'boolean',
default=True,
label=T('Vulnerabilities')),
Field('filter_by_ports', 'boolean', default=True, label=T('Ports')),
Field('dry_run',
'boolean',
default=False,
label=T('Dry run'),
comment=T('Prepare for execution but do nothing')),
Field('payload',
'string',
default='auto',
label=T('Payload method'),
requires=IS_IN_SET(['auto', 'reverse', 'bind'])),
Field('payload_type',
'string',
default='meterpreter',
label=T('Paylod type'),
requires=IS_IN_SET(['meterpreter', 'shell'])),
Field('payload_ports',
'string',
default='4000-5000',
label=T('Payload ports'),
requires=IS_NOT_EMPTY(),
comment=T('Port range for reverse/connect payloads')),
Field('evasion_tcp',
'integer',
default=0,
label=T('TCP Evasion Level'),
requires=IS_INT_IN_RANGE(0, 4)),
Field('evasion_app',
'integer',
default=0,
label=T('Application Evasion'),
requires=IS_INT_IN_RANGE(0, 4)),
Field(
'modules',
'list:string',
label=T('Specifc Module(s)'),
requires=IS_EMPTY_OR(IS_IN_SET(module_list, multiple=True)),
comment=
T('A whitelist of modules to execute, by default all that match are tried'
)),
table_name='msfpro_exploit',
_class="form-horizontal")
if form.process().accepted:
args = {
'workspace': msf_settings['workspace'],
'username': msf_settings['user'],
'DS_WHITELIST_HOSTS': form.vars.targets,
'DS_BLACKLIST_HOSTS': form.vars.blacklist_hosts,
'DS_WHITELIST_PORTS': form.vars.ports,
'DS_BLACKLIST_PORTS': form.vars.blacklist_ports,
'DS_MinimumRank': form.vars.min_rank,
'DS_EXPLOIT_SPEED': form.vars.exploit_speed,
'DS_EXPLOIT_TIMEOUT': form.vars.exploit_timeout,
'DS_LimitSessions': form.vars.limit_sessions,
'DS_IgnoreFragileDevices': form.vars.ignore_fragile,
'DS_FilterByOS': form.vars.filter_by_os,
'DS_MATCH_VULNS': form.vars.filter_by_vuln,
'DS_MATCH_PORTS': form.vars.filter_by_ports,
'DS_OnlyMatch': form.vars.dry_run,
'DS_PAYLOAD_METHOD': form.vars.payload,
'DS_PAYLOAD_TYPE': form.vars.payload_type,
'DS_PAYLOAD_PORTS': form.vars.payload_ports,
'DS_EVASION_LEVEL_TCP': form.vars.evasion_tcp,
'DS_EVASION_LEVEL_APP': form.vars.evasion_app,
#'DS_ModuleFilter': form.vars.filter_by_os,
}
task = msf.start_exploit(args)
msfurl = os.path.join(msf_settings['url'], 'workspaces',
msf_settings['workspace_num'], 'tasks',
task['task_id'])
redirect(msfurl)
elif form.errors:
response.flash = "Error in form"
return dict(form=form, alert=alert)
if host_records:
def host_to_ip(host_rec):
if isinstance(host_rec, (int, str)):
host_rec = get_host_record(host_rec)
if not host_rec:
return None
return host_rec.get('f_ipaddr')
target_ips = '\n'.join([host_to_ip(x) for x in host_records.split('|')])
else:
target_ips = ''
module_list = []
alert = False
msf = MetasploitProAPI(host=msf_settings['url'], apikey=msf_settings['key'])
try:
module_list = msf.module_list(modtype='exploits').get('modules')
except MSFProAPIError, error:
return dict(alert=True, error=str(error), form=None)
form = SQLFORM.factory(
Field('targets', 'text', default=target_ips, label=T('Targets'), requires=IS_NOT_EMPTY(),
comment=T('Targets to scan can be IP Addresses, ranged lists or subnets. One per line.')
),
Field('blacklist_hosts', 'text', label=T('Blacklisted Targets'),
comment=T('Targets to blacklist can be IP Addresses, ranged lists or subnets. One per line.')
),
Field('ports', 'string', default='1-65535', label=T('Ports'), requires=IS_NOT_EMPTY(),
comment=T('List of ports to match exploits to. Example: 21-23,80,443,8000-8999')
),
Field('blacklist_ports', 'string', label=T('Blacklisted Ports'),
comment=T('List of ports to not exploit. Example: 21-23,80,443,8000-8999')
