Module: Msf::Ui::Console::ModuleArgumentParsing
- Included in:
- CommandDispatcher::Exploit, CommandDispatcher::Post, ModuleActionCommands, ModuleCommandDispatcher
- Defined in:
- lib/msf/ui/console/module_argument_parsing.rb
Overview
A centralized mixin to ensure that options are consistently parsed across all module types when running a module’s cmd_run/cmd_check/cmd_exploit arguments
Constant Summary collapse
- @@module_opts =
Options which are standard and predictable across all modules
Rex::Parser::Arguments.new( ['-h', '--help'] => [ false, 'Help banner.' ], ['-j', '--job'] => [ false, 'Run in the context of a job.' ], ['-J', '--foreground'] => [ false, 'Force running in the foreground, even if passive.' ], ['-o', '--options'] => [ true, 'A comma separated list of options in VAR=VAL format.', '<options>' ], ['-q', '--quiet'] => [ false, 'Run the module in quiet mode with no output' ], ['-r', '--reload-libs'] => [ false, 'Reload all libraries before running.' ] )
- @@module_opts_with_action_support =
@@module_opts.merge( ['-a', '--action'] => [ true, 'The action to use. If none is specified, ACTION is used.', '<action>'] )
- @@exploit_opts =
@@module_opts.merge( ['-e', '--encoder'] => [ true, 'The payload encoder to use. If none is specified, ENCODER is used.', '<encoder>' ], ['-f', '--force-run'] => [ false, 'Force the exploit to run regardless of the value of MinimumRank.' ], ['-n', '--nop-generator'] => [ true, 'The NOP generator to use. If none is specified, NOP is used.', '<generator>' ], ['-p', '--payload'] => [ true, 'The payload to use. If none is specified, PAYLOAD is used.', '<payload>' ], ['-t', '--target'] => [ true, 'The target index to use. If none is specified, TARGET is used.', '<target>' ], ['-z', '--no-interact'] => [ false, 'Do not interact with the session after successful exploitation.' ] )
Instance Method Summary collapse
- #append_datastore_option(datastore_options, name, value) ⇒ Object protected
- #parse_check_opts(args) ⇒ Object
- #parse_exploit_opts(args) ⇒ Object
- #parse_opts(opts, args, help_cmd:, action: nil) ⇒ Object protected
- #parse_run_opts(args, action: nil) ⇒ Object
- #print_module_run_or_check_usage(command:, description: nil, options: @@module_opts) ⇒ Object
-
#quote_whitespaced_value(val) ⇒ Object
protected
Wraps values which contain spaces in quotes to ensure it’s handled correctly later.
- #resembles_datastore_assignment?(val) ⇒ Boolean protected
- #resembles_rhost_value?(val) ⇒ Boolean protected
Instance Method Details
#append_datastore_option(datastore_options, name, value) ⇒ Object (protected)
182 183 184 185 186 187 188 189 190 191 192 193 194 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 182 def append_datastore_option(, name, value) if name.casecmp?('RHOST') || name.casecmp?('RHOSTS') new_value = quote_whitespaced_value(value) if !['RHOSTS'] ['RHOSTS'] = new_value else ['RHOSTS'] = "#{['RHOSTS']} #{new_value}" end else [name.upcase] = value end end |
#parse_check_opts(args) ⇒ Object
41 42 43 44 45 46 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 41 def parse_check_opts(args) help_cmd = proc do |_result| cmd_check_help end parse_opts(@@module_opts_with_action_support, args, help_cmd: help_cmd)&.slice(:datastore_options, :reload_libs) end |
#parse_exploit_opts(args) ⇒ Object
60 61 62 63 64 65 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 60 def parse_exploit_opts(args) help_cmd = proc do |_result| cmd_exploit_help end parse_opts(@@exploit_opts, args, help_cmd: help_cmd)&.except(:action) end |
#parse_opts(opts, args, help_cmd:, action: nil) ⇒ Object (protected)
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 98 def parse_opts(opts, args, help_cmd:, action: nil) result = { jobify: false, quiet: false, datastore_options: {}, action: action || mod.datastore['ACTION'] } = result[:datastore_options] opts.parse(args) do |opt, _idx, val| case opt when '-e' result[:encoder] = val when '-f' result[:force] = true when '-j' result[:jobify] = true when '-J' result[:jobify] = false when '-n' result[:nop] = val when '-o' if val.nil? print_error('Missing OptionStr value') help_cmd.call result return end val << '=' unless val.include?('=') val.split(',').each do |opt| name, value = opt.split('=', 2) append_datastore_option(, name, value) end when '-p' result[:payload] = val when '-r' result[:reload_libs] = true when '-t' result[:target] = val.to_i when '-z' result[:background] = true when '-a' result[:action] = val when '-q' result[:quiet] = true when '-h' help_cmd.call result return else if val && val[0] == '-' help_cmd.call result return end if resembles_datastore_assignment?(val) name, val = val.split('=', 2) append_datastore_option(, name, val) elsif resembles_rhost_value?(val) append_datastore_option(, 'RHOSTS', val) else print_error("Invalid argument #{val}") help_cmd.call result return end end end result end |
#parse_run_opts(args, action: nil) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 48 def parse_run_opts(args, action: nil) help_cmd = proc do |result| if result[:action].nil? cmd_run_help else cmd_action_help(action) end end parse_opts(@@module_opts_with_action_support, args, help_cmd: help_cmd, action: action) end |
#print_module_run_or_check_usage(command:, description: nil, options: @@module_opts) ⇒ Object
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 67 def print_module_run_or_check_usage(command:, description: nil, options: @@module_opts) description ||= command == :check ? 'Check if the target is vulnerable' : "Run the current #{name.downcase} module" is_http_mod = mod.is_a?(Msf::Exploit::Remote::HttpClient) is_smb_mod = mod.is_a?(Msf::Exploit::Remote::SMB::Client) || mod..include?('SMBUser') is_mysql_mod = mod.is_a?(Msf::Exploit::Remote::MYSQL) print_line("Usage: #{command} [options] [RHOSTS]") print_line('') print_line(description) print_line(.usage) print_line('Examples:') print_line('') print_line(" #{command} 192.168.1.123") print_line(" #{command} 192.168.1.1-192.168.1.254") print_line(" #{command} file:///tmp/rhost_list.txt") print_line(" #{command} http://192.168.1.123/foo") if is_http_mod print_line(" #{command} http://user:pass@192.168.1.123/foo") if is_http_mod print_line(" #{command} HttpTrace=true http://192.168.1.123/foo") if is_http_mod print_line(" #{command} mysql://user:pass@192.168.1.123") if is_mysql_mod print_line(" #{command} SQL='select version()' mysql://user:pass@192.168.1.123") if is_mysql_mod && mod..include?('SQL') print_line(" #{command} smb://192.168.1.123") if is_smb_mod print_line(" #{command} smb://user:pass@192.168.1.123") if is_smb_mod print_line(" #{command} LPATH=/tmp/foo.txt smb://user:pass@192.168.1.123/share_name/foo.txt") if is_smb_mod && mod..include?('RPATH') print_line('') print_line('Learn more at https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html') print_line('') end |
#quote_whitespaced_value(val) ⇒ Object (protected)
Wraps values which contain spaces in quotes to ensure it’s handled correctly later
197 198 199 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 197 def quote_whitespaced_value(val) val.include?(' ') ? "\"#{val}\"" : val end |
#resembles_datastore_assignment?(val) ⇒ Boolean (protected)
166 167 168 169 170 171 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 166 def resembles_datastore_assignment?(val) return false unless val valid_option_regex = /^(\w|::)+=.*/ valid_option_regex.match?(val) end |
#resembles_rhost_value?(val) ⇒ Boolean (protected)
173 174 175 176 177 178 179 180 |
# File 'lib/msf/ui/console/module_argument_parsing.rb', line 173 def resembles_rhost_value?(val) return false unless val ::Addressable::URI.parse(val) true rescue ::Addressable::URI::InvalidURIError => _e false end |