Class: Msf::MCP::Metasploit::JsonRpcClient

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/mcp/metasploit/jsonrpc_client.rb

Overview

JSON-RPC 2.0 client for Metasploit Framework Implements bearer token authentication for the Metasploit JSON-RPC API Endpoint: /api/v1/json-rpc (default port 8081) See: lib/msf/core/rpc/json/ in Metasploit Framework repository

Constant Summary collapse

DEFAULT_ENDPOINT = 
'/api/v1/json-rpc'

Instance Method Summary collapse

Constructor Details

#initialize(host:, port:, endpoint: DEFAULT_ENDPOINT, token:, ssl: true) ⇒ JsonRpcClient

Initialize JSON-RPC client

Parameters:

  • host (String)

    Metasploit RPC host

  • port (Integer)

    Metasploit RPC port

  • endpoint (String) (defaults to: DEFAULT_ENDPOINT)

    API endpoint path (default: DEFAULT_ENDPOINT)

  • token (String)

    Bearer authentication token

  • ssl (Boolean) (defaults to: true)

    Use SSL (default: true)



21
22
23
24
25
26
27
28
29
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 21

def initialize(host:, port:, endpoint: DEFAULT_ENDPOINT, token:, ssl: true)
  @host = host
  @port = port
  @endpoint = endpoint
  @token = token
  @request_id = 0
  @http = nil
  @ssl = ssl
end

Instance Method Details

#authenticate(_user, _password) ⇒ String

No-op for JSON-RPC: authentication uses a pre-configured bearer token. This method exists so that JsonRpcClient satisfies the same interface as MessagePackClient, allowing the Client facade to delegate uniformly.

Parameters:

  • _user (String)

    Ignored

  • _password (String)

    Ignored

Returns:

  • (String)

    The existing token



38
39
40
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 38

def authenticate(_user, _password)
  @token
end

#call_api(method, args = []) ⇒ Hash

Call Metasploit API method using JSON-RPC 2.0 format

Parameters:

  • method (String)

    API method name

  • args (Array) (defaults to: [])

    Arguments to pass to the method (must be an array)

Returns:

  • (Hash)

    API response

Raises:



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 50

def call_api(method, args = [])
  raise ArgumentError, "args must be an Array, got #{args.class}" unless args.is_a?(Array)

  @request_id += 1

  # Build JSON-RPC 2.0 request as a hash
  request_body = {
    jsonrpc: '2.0',
    method: method,
    params: args,
    id: @request_id
  }

  # Send HTTP request
  response = send_request(request_body)

  # Check for JSON-RPC error
  if response['error']
    error_msg = response['error']['message'] || 'Unknown error'
    raise APIError, error_msg
  end

  response['result']
end

#db_creds(options = {}) ⇒ Hash

Get credentials from database

Parameters:

  • options (Hash) (defaults to: {})

    Query options

Returns:

  • (Hash)

    Response with ‘creds’ array



121
122
123
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 121

def db_creds(options = {})
  call_api('db.creds', [options])
end

#db_hosts(options = {}) ⇒ Hash

Get hosts from database

Parameters:

  • options (Hash) (defaults to: {})

    Query options (workspace, limit, offset, etc.)

Returns:

  • (Hash)

    Response with ‘hosts’ array



93
94
95
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 93

def db_hosts(options = {})
  call_api('db.hosts', [options])
end

#db_loot(options = {}) ⇒ Hash

Get loot from database

Parameters:

  • options (Hash) (defaults to: {})

    Query options

Returns:

  • (Hash)

    Response with ‘loots’ array



128
129
130
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 128

def db_loot(options = {})
  call_api('db.loots', [options])
end

#db_notes(options = {}) ⇒ Hash

Get notes from database

Parameters:

  • options (Hash) (defaults to: {})

    Query options

Returns:

  • (Hash)

    Response with ‘notes’ array



114
115
116
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 114

def db_notes(options = {})
  call_api('db.notes', [options])
end

#db_services(options = {}) ⇒ Hash

Get services from database

Parameters:

  • options (Hash) (defaults to: {})

    Query options

Returns:

  • (Hash)

    Response with ‘services’ array



100
101
102
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 100

def db_services(options = {})
  call_api('db.services', [options])
end

#db_vulns(options = {}) ⇒ Hash

Get vulnerabilities from database

Parameters:

  • options (Hash) (defaults to: {})

    Query options

Returns:

  • (Hash)

    Response with ‘vulns’ array



107
108
109
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 107

def db_vulns(options = {})
  call_api('db.vulns', [options])
end

#module_info(type, name) ⇒ Hash

Get module information

Parameters:

  • type (String)

    Module type (‘exploit’, ‘auxiliary’, ‘post’, etc.)

  • name (String)

    Module name

Returns:

  • (Hash)

    Module information



86
87
88
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 86

def module_info(type, name)
  call_api('module.info', [type, name])
end

#search_modules(query) ⇒ Array<Hash>

Search for Metasploit modules

Parameters:

  • query (String)

    Search query

Returns:

  • (Array<Hash>)

    Module metadata



78
79
80
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 78

def search_modules(query)
  call_api('module.search', [query])
end

#shutdownObject

Shutdown client



133
134
135
136
 
# File 'lib/msf/core/mcp/metasploit/jsonrpc_client.rb', line 133

def shutdown
  @http&.finish if @http&.started?
  @http = nil
end