Module: Metasploit

Defined in:
lib/metasploit/framework.rb,
app/validators/metasploit/framework/file_path_validator.rb,
app/validators/metasploit/framework/executable_path_validator.rb,
lib/msf/core/modules/external/ruby/metasploit.rb,
lib/metasploit/framework/api.rb,
lib/metasploit/framework/core.rb,
lib/metasploit/framework/engine.rb,
lib/metasploit/framework/hashes.rb,
lib/metasploit/framework/command.rb,
lib/metasploit/framework/require.rb,
lib/metasploit/framework/version.rb,
lib/metasploit/framework/database.rb,
lib/metasploit/framework/profiler.rb,
lib/metasploit/framework/afp/client.rb,
lib/metasploit/framework/aws/client.rb,
lib/metasploit/framework/credential.rb,
lib/metasploit/framework/ftp/client.rb,
lib/metasploit/framework/tcp/client.rb,
lib/metasploit/framework/api/version.rb,
lib/metasploit/framework/ldap/client.rb,
lib/metasploit/framework/ntds/parser.rb,
lib/metasploit/framework/core/version.rb,
lib/metasploit/framework/data_service.rb,
lib/metasploit/framework/ntds/account.rb,
lib/metasploit/framework/ssh/platform.rb,
lib/metasploit/framework/login_scanner.rb,
lib/metasploit/framework/telnet/client.rb,
lib/metasploit/framework/compiler/mingw.rb,
lib/metasploit/framework/compiler/utils.rb,
lib/metasploit/framework/parsed_options.rb,
lib/metasploit/framework/varnish/client.rb,
lib/metasploit/framework/compiler/windows.rb,
lib/metasploit/framework/login_scanner/x3.rb,
lib/metasploit/framework/login_scanner/afp.rb,
lib/metasploit/framework/login_scanner/db2.rb,
lib/metasploit/framework/login_scanner/ftp.rb,
lib/metasploit/framework/login_scanner/smb.rb,
lib/metasploit/framework/login_scanner/smh.rb,
lib/metasploit/framework/login_scanner/ssh.rb,
lib/metasploit/framework/login_scanner/vnc.rb,
lib/metasploit/framework/login_scanner/acpp.rb,
lib/metasploit/framework/login_scanner/amqp.rb,
lib/metasploit/framework/login_scanner/base.rb,
lib/metasploit/framework/login_scanner/http.rb,
lib/metasploit/framework/login_scanner/ldap.rb,
lib/metasploit/framework/login_scanner/mqtt.rb,
lib/metasploit/framework/login_scanner/ntlm.rb,
lib/metasploit/framework/login_scanner/pop3.rb,
lib/metasploit/framework/login_scanner/snmp.rb,
lib/metasploit/framework/spec/threads/suite.rb,
lib/metasploit/framework/login_scanner/axis2.rb,
lib/metasploit/framework/login_scanner/mssql.rb,
lib/metasploit/framework/login_scanner/mysql.rb,
lib/metasploit/framework/login_scanner/redis.rb,
lib/metasploit/framework/login_scanner/winrm.rb,
lib/metasploit/framework/login_scanner/caidao.rb,
lib/metasploit/framework/login_scanner/gitlab.rb,
lib/metasploit/framework/login_scanner/nessus.rb,
lib/metasploit/framework/login_scanner/result.rb,
lib/metasploit/framework/login_scanner/telnet.rb,
lib/metasploit/framework/login_scanner/tomcat.rb,
lib/metasploit/framework/login_scanner/zabbix.rb,
lib/metasploit/framework/compiler/headers/base.rb,
lib/metasploit/framework/login_scanner/buffalo.rb,
lib/metasploit/framework/login_scanner/invalid.rb,
lib/metasploit/framework/login_scanner/ipboard.rb,
lib/metasploit/framework/login_scanner/jenkins.rb,
lib/metasploit/framework/login_scanner/jupyter.rb,
lib/metasploit/framework/login_scanner/varnish.rb,
lib/metasploit/framework/login_scanner/vmauthd.rb,
lib/metasploit/framework/login_scanner/kerberos.rb,
lib/metasploit/framework/login_scanner/postgres.rb,
lib/metasploit/framework/login_scanner/teamcity.rb,
lib/metasploit/framework/spec/untested_payloads.rb,
lib/metasploit/framework/data_service/proxy/core.rb,
lib/metasploit/framework/login_scanner/glassfish.rb,
lib/metasploit/framework/compiler/headers/windows.rb,
lib/metasploit/framework/login_scanner/chef_webui.rb,
lib/metasploit/framework/login_scanner/phpmyadmin.rb,
lib/metasploit/framework/login_scanner/rex_socket.rb,
lib/metasploit/framework/rails_version_constraint.rb,
lib/metasploit/framework/login_scanner/directadmin.rb,
lib/metasploit/framework/login_scanner/mybook_live.rb,
lib/metasploit/framework/login_scanner/softing_sis.rb,
lib/metasploit/framework/password_crackers/cracker.rb,
lib/metasploit/framework/password_crackers/wordlist.rb,
lib/metasploit/framework/community_string_collection.rb,
lib/metasploit/framework/login_scanner/octopusdeploy.rb,
lib/metasploit/framework/login_scanner/wordpress_rpc.rb,
lib/metasploit/framework/data_service/remote/http/core.rb,
lib/metasploit/framework/login_scanner/cisco_firepower.rb,
lib/metasploit/framework/data_service/remote/http/error.rb,
lib/metasploit/framework/login_scanner/bavision_cameras.rb,
lib/metasploit/framework/obfuscation/crandomizer/parser.rb,
lib/metasploit/framework/obfuscation/crandomizer/utility.rb,
lib/metasploit/framework/password_crackers/jtr/formatter.rb,
lib/metasploit/framework/obfuscation/crandomizer/modifier.rb,
lib/metasploit/framework/login_scanner/advantech_webaccess.rb,
lib/metasploit/framework/login_scanner/wordpress_multicall.rb,
lib/metasploit/framework/login_scanner/symantec_web_gateway.rb,
lib/metasploit/framework/password_crackers/invalid_wordlist.rb,
lib/metasploit/framework/password_crackers/hashcat/formatter.rb,
lib/metasploit/framework/login_scanner/freeswitch_event_socket.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/if.rb,
lib/metasploit/framework/login_scanner/syncovery_file_sync_backup.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/base.rb,
lib/metasploit/framework/obfuscation/crandomizer/random_statements.rb,
lib/metasploit/framework/login_scanner/manageengine_desktop_central.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/malloc.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/printf.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/switch.rb,
lib/metasploit/framework/login_scanner/wowza_streaming_engine_manager.rb,
lib/metasploit/framework/data_service/remote/managed_remote_data_service.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/gettickcount.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/fake_function.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/int_assignments.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/uninit_variables.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/outputdebugstring.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/string_assignments.rb,
lib/metasploit/framework/obfuscation/crandomizer/code_factory/fake_function_collection.rb

Overview

Parent data service for managing metasploit data in/on a separate process/machine over HTTP(s)

Defined Under Namespace

Modules: Framework

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.logging_prefixObject

Returns the value of attribute logging_prefix.



5
6
7
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 5

def logging_prefix
  @logging_prefix
end

Class Method Details

.log(message, level: 'debug') ⇒ Object



7
8
9
10
11
12
13
14
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 7

def log(message, level: 'debug')
  rpc_send({
    jsonrpc: '2.0', method: 'message', params: {
      level: level,
      message: self.logging_prefix + message
    }
  })
end

.report(kind, data) ⇒ Object



71
72
73
74
75
76
77
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 71

def report(kind, data)
  rpc_send({
    jsonrpc: '2.0', method: 'report', params: {
      type: kind, data: data
    }
  })
end

.report_correct_password(username, password, **opts) ⇒ Object



28
29
30
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 28

def report_correct_password(username, password, **opts)
  report(:correct_password, opts.merge(username: username, password: password))
end

.report_host(ip, **opts) ⇒ Object



16
17
18
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 16

def report_host(ip, **opts)
  report(:host, opts.merge(host: ip))
end

.report_service(ip, **opts) ⇒ Object



20
21
22
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 20

def report_service(ip, **opts)
  report(:service, opts.merge(host: ip))
end

.report_vuln(ip, name, **opts) ⇒ Object



24
25
26
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 24

def report_vuln(ip, name, **opts)
  report(:vuln, opts.merge(host: ip, name: name))
end

.report_wrong_password(username, password, **opts) ⇒ Object



32
33
34
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 32

def report_wrong_password(username, password, **opts)
  report(:wrong_password, opts.merge(username: username, password: password))
end

.rpc_send(req) ⇒ Object



79
80
81
82
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 79

def rpc_send(req)
  puts JSON.generate(req)
  $stdout.flush
end

.run(metadata, callback, soft_check: nil) ⇒ Object



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/msf/core/modules/external/ruby/metasploit.rb', line 36

def run(, callback, soft_check: nil)
  self.logging_prefix = ''
  cb = nil
  req = JSON.parse($stdin.readpartial(10000), symbolize_names: true)
  if req[:method] == 'describe'
    capabilities = []
    capabilities << 'soft_check' if soft_check

    meta = .merge(capabilities: capabilities)
    rpc_send({
      jsonrpc: '2.0', id: req[:id], result: meta
    })
  elsif req[:method] == 'soft_check'
    if soft_check
      cb = soft_check
    else
      rpc_send({
        jsonrpc: '2.0', id: req[:id], error: {code: -32601, message: 'Soft checks are not supported'}
      })
    end
  elsif req[:method] == 'run'
    cb = callback
  end

  if cb
    ret = cb.call req[:params]
    rpc_send({
      jsonrpc: '2.0', id: req[:id], result: {
        message: 'Module completed',
        'return' => ret
      }
    })
  end
end