infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #5688, remove msfcli

bug/bundler_fix
Brent Cook 2015-07-13 15:27:38 -05:00
parent 93f154b395 f59c99e2ff
commit 07d05828d0
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
7 changed files with 3 additions and 1453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/msf/core/modules/loader/base.rb
View File

@ -253,21 +253,13 @@ class Msf::Modules::Loader::Base
# @return [Hash{String => Integer}] Maps module type to number of
# modules loaded
def load_modules(path, options={})
options.assert_valid_keys(:force, :whitelist)
options.assert_valid_keys(:force)
force = options[:force]
count_by_type = {}
recalculate_by_type = {}
# This is used to avoid loading the same thing twice
loaded_items = []
each_module_reference_name(path, options) do |parent_path, type, module_reference_name|
# In msfcli mode, if a module is already loaded, avoid loading it again
next if loaded_items.include?(module_reference_name) and options[:whitelist]
# Keep track of loaded modules in msfcli mode
loaded_items << module_reference_name if options[:whitelist]
load_module(
parent_path,
type,

19
lib/msf/core/modules/loader/directory.rb
View File

@ -56,24 +56,7 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base
# The module_reference_name doesn't have a file extension
module_reference_name = module_reference_name_from_path(relative_entry_descendant_path)
# If the modules argument is set, this means we only want to load specific ones instead
# of loading everything to memory - see msfcli.
if whitelist.empty?
# Load every module we see, which is the default behavior.
yield path, type, module_reference_name
else
whitelist.each do |pattern|
# We have to use entry_descendant_path to see if this is the module we want, because
# this is easier to identify the module type just by looking at the file path.
# For example, if module_reference_name is used (or a parsed relative path), you can't
# really tell if php/generic is a NOP module, a payload, or an encoder.
if entry_descendant_path =~ pattern
yield path, type, module_reference_name
else
next
end
end
end
yield path, type, module_reference_name
end
end
end

1
metasploit-framework.gemspec
View File

@ -30,7 +30,6 @@ Gem::Specification.new do |spec|
spec.bindir = '.'
spec.executables = [
'msfbinscan',
'msfcli',
'msfconsole',
'msfd',
'msfelfscan',

4
modules/auxiliary/scanner/http/cert.rb
View File

@ -21,10 +21,6 @@ class Metasploit3 < Msf::Auxiliary
This module will check the certificate of the specified web servers
to ensure the subject and issuer match the supplied pattern and that the certificate
is not expired.
Note: Be sure to check your expression if using msfcli, shells tend to not like certain
things and will strip/interpret them (= is a perfect example). It is better to use in
console.
}
)

608
msfcli
View File

@ -1,608 +0,0 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
#
# This user interface allows users to interact with the framework through a
# command line interface (CLI) rather than having to use a prompting console
# or web-based interface.
#
$stderr.puts "[!] ************************************************************************"
$stderr.puts "[!] * The utility msfcli is deprecated! *"
$stderr.puts "[!] * It will be removed on or about 2015-06-18 *"
$stderr.puts "[!] * Please use msfconsole -r or -x instead *"
$stderr.puts "[!] * Details: https://github.com/rapid7/metasploit-framework/pull/3802 *"
$stderr.puts "[!] ************************************************************************"
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
class Msfcli
#
# Attributes
#
# @attribute framework
# @return [Msf::Simple::Framework]
#
# initialize
#
def initialize(args)
@args = {}
@indent = ' '
@args[:module_name] = args.shift # First argument should be the module name
@args[:mode] = args.pop || 'h' # Last argument should be the mode
@args[:params] = args # Whatever is in the middle should be the params
if @args[:module_name] =~ /^exploit(s)*\//i
@args[:module_name] = @args[:module_name].split('/')
@args[:module_name] = @args[:module_name][1, @args[:module_name].length] * "/"
end
end
#
# Instance Methods
#
# The framework to create and list modules.
#
# @return [Msf::Simple::Framework]
def framework
@framework ||= Msf::Simple::Framework.create({'DeferModuleLoads'=>true})
end
# Sets {#framework}.
#
# @raise [ArgumentError] if {#framework} already set
def framework=(framework)
if instance_variable_defined? :@framework
fail ArgumentError.new("framework already set")
end
@framework = framework
end
#
# Returns a usage Rex table
#
def usage (str = nil, extra = nil)
tbl = Rex::Ui::Text::Table.new(
'Header' => "Usage: #{$0} <exploit_name> <option=value> [mode]",
'Indent' => 4,
'Columns' => ['Mode', 'Description']
)
tbl << ['(H)elp', "You're looking at it baby!"]
tbl << ['(S)ummary', 'Show information about this module']
tbl << ['(O)ptions', 'Show available options for this module']
tbl << ['(M)issing', 'Show empty required options for this module']
tbl << ['(A)dvanced', 'Show available advanced options for this module']
tbl << ['(I)DS Evasion', 'Show available ids evasion options for this module']
tbl << ['(P)ayloads', 'Show available payloads for this module']
tbl << ['(T)argets', 'Show available targets for this exploit module']
tbl << ['(AC)tions', 'Show available actions for this module']
tbl << ['(C)heck', 'Run the check routine of the selected module']
tbl << ['(E)xecute', 'Execute the selected module']
tbl.to_s
$stdout.puts "Error: #{str}\n\n" if str
$stdout.puts tbl.to_s + "\n"
$stdout.puts "Examples:" + "\n"
$stdout.puts "msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
$stdout.puts "msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E" + "\n"
$stdout.puts extra + "\n" if extra
$stdout.puts
end
#
# Loads up everything in framework, and then returns the module list
#
def dump_module_list
# This is what happens if the user doesn't specify a module name:
# msfcli will end up loading EVERYTHING to memory to show you a help
# menu plus a list of modules available. Really expensive if you ask me.
$stdout.puts "[*] Please wait while we load the module tree..."
self.framework = Msf::Simple::Framework.create
ext = ''
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Exploits',
'Indent' => 4,
'Columns' => [ 'Name', 'Description' ])
framework.exploits.each_module { |name, mod|
tbl << [ 'exploit/' + name, mod.new.name ]
}
ext << tbl.to_s + "\n"
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Auxiliary',
'Indent' => 4,
'Columns' => [ 'Name', 'Description' ])
framework.auxiliary.each_module { |name, mod|
tbl << [ 'auxiliary/' + name, mod.new.name ]
}
ext << tbl.to_s + "\n"
ext
end
#
# Payload naming style is kind of inconsistent, so instead of
# finding the exact path name, we provide the most educated guess (whitelist)
# based on platform/stage type/session type/payload name suffix/etc.
#
def guess_payload_name(p)
matches = []
payload = p.split('/')
platform = payload[0]
suffix = payload[-1]
stage_types = ['singles', 'stagers', 'stages']
session_types = ['meterpreter', 'shell']
arch = ''
# Rule out some possibilities
if p =~ /meterpreter/i
session_types.delete('shell')
stage_types.delete('singles')
end
if p =~ /shell\/.+$/i
session_types.delete('meterpreter')
stage_types.delete('singles')
end
if p =~ /x64/i
arch = 'x64'
elsif p =~ /x86/i
arch = 'x86'
end
# Determine if the payload is staged. If it is, then
# we need to load that staged module too.
if session_types.include?('shell') and stage_types.include?('stages')
if arch == 'x64'
matches << /stages\/#{platform}\/x64\/shell/
elsif arch == 'x86'
matches << /stages\/#{platform}\/x86\/shell/
else
matches << /stages\/#{platform}\/shell/
end
elsif session_types.include?('meterpreter') and stage_types.include?('stages')
if arch == 'x64'
matches << /stages\/#{platform}\/x64\/meterpreter/
elsif arch == 'x86'
matches << /stages\/#{platform}\/x86\/meterpreter/
else
matches << /stages\/#{platform}\/meterpreter/
end
end
# Guess the second possible match
stage_types *= "|"
session_types *= "|"
if arch == 'x64'
matches << /payloads\/(#{stage_types})\/#{platform}\/x64\/.*(#{suffix})\.rb$/
elsif arch == 'x86'
matches << /payloads\/(#{stage_types})\/#{platform}\/x86\/.*(#{suffix})\.rb$/
else
matches << /payloads\/(#{stage_types})\/#{platform}\/.*(#{suffix})\.rb$/
end
matches
end
#
# Returns a whitelist for encoder modules
#
def guess_encoder_name(e)
[/encoders\/#{e}/]
end
#
# Returns a whitelist for nop modules
#
def guess_nop_name(n)
[/nops\/#{n}/]
end
#
# Returns a whitelist for post modules
#
def guess_post_name(p)
[/post\/#{p}/]
end
#
# Returns possible patterns like exploit/aux, encoders, nops we want to
# load to the whitelist.
#
def generate_whitelist
whitelist = []
whitelist << /#{@args[:module_name]}/ # Add exploit
# nil = not set, empty = manually set to load nothing
encoder_val = nil
nops_val = nil
post_val = nil
payload_param = ''
junk_args = []
@args[:params].each { |args|
var, val = args.split('=', 2)
next if val.nil?
case var.downcase
when 'payload'
payload_param = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_payload_name(val))
end
when 'encoder'
encoder_val = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_encoder_name(val))
end
when 'nop'
nops_val = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_nop_name(val))
end
when 'post'
post_val = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_post_name(val))
end
end
}
# Cleanup empty args
junk_args.each { |args| @args[:params].delete(args) }
# If it's an exploit and no payload set, load them all.
if @args[:module_name] !~ /auxiliary\// and payload_param.empty?
whitelist << /payloads\/.+/
end
# Add post modules list if not set
if post_val.nil?
whitelist << /post\/.+/
end
# Add default encoders if not set
# This one is needed no matter what
whitelist << /encoders\/generic\/*/
if encoder_val.nil?
if payload_param =~ /^.+\.x64.+/
whitelist << /encoders\/x64\/.+/
elsif payload_param =~ /^.+\.x86.+/
whitelist << /encoders\/x86\/.+/
else
whitelist << /encoders\/.+/
end
end
# Add default NOP modules if not set
if nops_val.nil?
whitelist << /nops\/.+/
end
whitelist
end
#
# Initializes exploit/payload/encoder/nop modules.
#
def init_modules
$stdout.puts "[*] Initializing modules..."
module_name = @args[:module_name]
modules = {
:module => nil, # aux or exploit instance
:payload => nil, # payload instance
:encoder => nil, # encoder instance
:nop => nil # nop instance
}
whitelist = generate_whitelist
# Load up all the possible modules, this is where things get slow again
framework.init_module_paths({:whitelist=>whitelist})
if (framework.modules.module_load_error_by_path.length > 0)
print("Warning: The following modules could not be loaded!\n\n")
framework.modules.module_load_error_by_path.each do |path, error|
print("\t#{path}: #{error}\n\n")
end
return {}
end
# Determine what type of module it is
if module_name =~ /exploit\/(.*)/
modules[:module] = framework.exploits.create($1)
elsif module_name =~ /auxiliary\/(.*)/
modules[:module] = framework.auxiliary.create($1)
elsif module_name =~ /post\/(.*)/
modules[:module] = framework.post.create($1)
else
modules[:module] = framework.exploits.create(module_name)
if modules[:module].nil?
# Try falling back on aux modules
modules[:module] = framework.auxiliary.create(module_name)
end
end
if modules[:module].nil?
# Still nil? Ok then, probably invalid
return {}
end
modules[:module].init_ui(
Rex::Ui::Text::Input::Stdio.new,
Rex::Ui::Text::Output::Stdio.new
)
# Import options
begin
modules[:module].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
rescue Rex::ArgumentParseError => e
raise e
end
# Create the payload to use
if (modules[:module].datastore['PAYLOAD'])
modules[:payload] = framework.payloads.create(modules[:module].datastore['PAYLOAD'])
if modules[:payload]
modules[:payload].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
end
end
# Create the encoder to use
if modules[:module].datastore['ENCODER']
modules[:encoder] = framework.encoders.create(modules[:module].datastore['ENCODER'])
if modules[:encoder]
modules[:encoder].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
end
end
# Create the NOP to use
if modules[:module].datastore['NOP']
modules[:nop] = framework.nops.create(modules[:module].datastore['NOP'])
if modules[:nop]
modules[:nop].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
end
end
modules
end
def show_summary(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_module(m[:module], @indent))
$stdout.puts("\n" + readable.dump_module(m[:payload], @indent)) if m[:payload]
$stdout.puts("\n" + readable.dump_module(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\n" + readable.dump_module(m[:nop], @indent)) if m[:nop]
end
def show_options(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_options(m[:module], @indent))
$stdout.puts("\nPayload:\n\n" + readable.dump_options(m[:payload], @indent)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_options(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\nNOP\n\n" + readable.dump_options(m[:nop], @indent)) if m[:nop]
end
def show_missing(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_options(m[:module], @indent, true))
$stdout.puts("\nPayload:\n\n" + readable.dump_options(m[:payload], @indent, true)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_options(m[:encoder], @indent, true)) if m[:encoder]
$stdout.puts("\nNOP\n\n" + readable.dump_options(m[:nop], @indent, true)) if m[:nop]
end
def show_advanced(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_advanced_options(m[:module], @indent))
$stdout.puts("\nPayload:\n\n" + readable.dump_advanced_options(m[:payload], @indent)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_advanced_options(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\nNOP:\n\n" + readable.dump_advanced_options(m[:nop], @indent)) if m[:nop]
end
def show_ids_evasion(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_evasion_options(m[:module], @indent))
$stdout.puts("\nPayload:\n\n" + readable.dump_evasion_options(m[:payload], @indent)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_evasion_options(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\nNOP:\n\n" + readable.dump_evasion_options(m[:nop], @indent)) if m[:nop]
end
def show_payloads(m)
readable = Msf::Serializer::ReadableText
txt = "Compatible payloads"
$stdout.puts("\n" + readable.dump_compatible_payloads(m[:module], @indent, txt))
end
def show_targets(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_exploit_targets(m[:module], @indent))
end
def show_actions(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_module_actions(m[:module], @indent))
end
def show_check(m)
begin
if (code = m[:module].check_simple(
'LocalInput' => Rex::Ui::Text::Input::Stdio.new,
'LocalOutput' => Rex::Ui::Text::Output::Stdio.new))
stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'
$stdout.puts("#{stat} #{code[1]}")
else
$stdout.puts("Check failed: The state could not be determined.")
end
rescue
$stdout.puts("Check failed: #{$!}")
end
end
def execute_module(m)
con = Msf::Ui::Console::Driver.new(
Msf::Ui::Console::Driver::DefaultPrompt,
Msf::Ui::Console::Driver::DefaultPromptChar,
{
'Framework' => framework,
# When I use msfcli, chances are I want speed, so ASCII art fanciness
# probably isn't much of a big deal for me.
'DisableBanner' => true
})
module_class = (m[:module].fullname =~ /^auxiliary/ ? 'auxiliary' : 'exploit')
con.run_single("use #{module_class}/#{m[:module].refname}")
# Assign console parameters
@args[:params].each do |arg|
k,v = arg.split("=", 2)
con.run_single("set #{k} #{v}")
end
# Run the exploit
con.run_single("exploit")
# If we have sessions or jobs, keep running
if framework.sessions.length > 0 or framework.jobs.length > 0
con.run
else
con.run_single("quit")
end
end
#
# Selects a mode chosen by the user and run it
#
def engage_mode(modules)
case @args[:mode].downcase
when 'h'
usage
when "s"
show_summary(modules)
when "o"
show_options(modules)
when "m"
show_missing(modules)
when "a"
show_advanced(modules)
when "i"
show_ids_evasion(modules)
when "p"
if modules[:module].file_path =~ /auxiliary\//i
$stdout.puts("\nError: This type of module does not support payloads")
else
show_payloads(modules)
end
when "t"
puts
if modules[:module].file_path =~ /auxiliary\//i
$stdout.puts("\nError: This type of module does not support targets")
else
show_targets(modules)
end
when "ac"
if modules[:module].kind_of?(Msf::Module::HasActions)
show_actions(modules)
else
$stdout.puts("\nError: This type of module does not support actions")
end
when "c"
show_check(modules)
when "e"
execute_module(modules)
else
usage("Invalid mode #{@args[:mode]}")
end
end
def run!
if @args[:module_name] == "-h"
usage()
exit
end
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'msfenv'
require 'msf/ui'
require 'msf/base'
if @args[:module_name].nil?
ext = dump_module_list
usage(nil, ext)
exit
end
begin
modules = init_modules
rescue Rex::ArgumentParseError => e
puts "[!] Error: #{e.message}\n\n"
exit
end
if modules[:module].nil?
usage("Invalid module: #{@args[:module_name]}")
exit
end
# Process special var/val pairs...
Msf::Ui::Common.process_cli_arguments(framework, @args[:params])
engage_mode(modules)
$stdout.puts
end
end
if __FILE__ == $PROGRAM_NAME
cli = Msfcli.new(ARGV)
cli.run!
end

812
spec/msfcli_spec.rb
View File

@ -1,812 +0,0 @@
require 'spec_helper'
load Metasploit::Framework.root.join('msfcli').to_path
require 'msfenv'
require 'msf/ui'
require 'msf/base'
describe Msfcli, :content do
subject(:msfcli) {
described_class.new(args)
}
#
# methods
#
# Get stdout:
# http://stackoverflow.com/questions/11349270/test-output-to-command-line-with-rspec
def get_stdout(&block)
out = $stdout
$stdout = fake = StringIO.new
begin
yield
ensure
$stdout = out
end
fake.string
end
#
# lets
#
let(:args) {
[]
}
context "#initialize" do
context 'with module name' do
let(:args) {
[
module_name,
*params
]
}
let(:module_name) {
'multi/handler'
}
let(:params) {
%w{payload=windows/meterpreter/reverse_tcp lhost=127.0.0.1}
}
let(:parsed_args) {
msfcli.instance_variable_get(:@args)
}
context 'multi/handler' do
context 'with mode' do
let(:args) {
super() + [mode]
}
context 'E' do
let(:mode) {
'E'
}
it 'parses module name into :module_name arg' do
expect(parsed_args[:module_name]).to eq(module_name)
end
it 'parses mode into :mode arg' do
expect(parsed_args[:mode]).to eq(mode)
end
it 'parses module parameters between module name and mode' do
expect(parsed_args[:params]).to eq(params)
end
end
context 's' do
let(:mode) {
's'
}
it "parses mode as 's' (summary)" do
expect(parsed_args[:mode]).to eq(mode)
end
end
end
context 'without mode' do
let(:args) {
[
module_name
]
}
it "parses mode as 'h' (help) by default" do
expect(parsed_args[:mode]).to eq('h')
end
end
end
context 'exploit/windows/browser/ie_cbutton_uaf' do
let(:module_name) {
'exploit/windows/browser/ie_cbutton_uaf'
}
it "strips 'exploit/' prefix for :module_name" do
expect(parsed_args[:module_name]).to eq('windows/browser/ie_cbutton_uaf')
end
end
context 'exploit/windows/browser/ie_cbutton_uaf' do
let(:module_name) {
'exploits/windows/browser/ie_cbutton_uaf'
}
it "strips 'exploits/' prefix for :module_name" do
expect(parsed_args[:module_name]).to eq('windows/browser/ie_cbutton_uaf')
end
end
end
end
context "#usage" do
it "prints Usage" do
out = get_stdout {
msfcli.usage
}
expect(out).to include('Usage')
end
end
#
# This one is slow because we're loading all modules
#
context "#dump_module_list" do
include_context 'Metasploit::Framework::Spec::Constants cleaner'
let(:framework) {
msfcli.framework
}
it 'dumps a listof modules' do
tbl = ''
stdout = get_stdout {
tbl = msfcli.dump_module_list
}
expect(tbl).to include 'Exploits'
expect(stdout).to include 'Please wait'
end
end
context "#guess_payload_name" do
subject(:guess_payload_name) {
msfcli.guess_payload_name(payload_reference_name)
}
context 'with windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'windows/meterpreter/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with windows/shell/reverse_tcp' do
let(:payload_reference_name) {
'windows/shell/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/windows\/shell/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with php/meterpreter_reverse_tcp' do
let(:payload_reference_name) {
'php/meterpreter_reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/php\/meterpreter/,
/payloads\/(stagers|stages)\/php\/.*(meterpreter_reverse_tcp)\.rb$/
]
)
}
end
context 'with linux/x86/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'linux/x86/meterpreter/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/linux\/x86\/meterpreter/,
/payloads\/(stagers|stages)\/linux\/x86\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with java/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'java/meterpreter/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/java\/meterpreter/,
/payloads\/(stagers|stages)\/java\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with cmd/unix/reverse' do
let(:payload_reference_name) {
'cmd/unix/reverse'
}
it {
is_expected.to eq(
[
/stages\/cmd\/shell/,
/payloads\/(singles|stagers|stages)\/cmd\/.*(reverse)\.rb$/
]
)
}
end
context 'with bsd/x86/shell_reverse_tcp' do
let(:payload_reference_name) {
'bsd/x86/shell_reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/bsd\/x86\/shell/,
/payloads\/(singles|stagers|stages)\/bsd\/x86\/.*(shell_reverse_tcp)\.rb$/
]
)
}
end
end
context "#guess_encoder_name" do
subject(:guess_encoder_name) {
msfcli.guess_encoder_name(encoder_reference_name)
}
context 'with x86/shikata_ga_nai' do
let(:encoder_reference_name) {
'x86/shikata_ga_nai'
}
it {
is_expected.to eq(
[/encoders\/#{encoder_reference_name}/]
)
}
end
end
context "#guess_nop_name" do
subject(:guess_nop_name) {
msfcli.guess_nop_name(nop_reference_name)
}
context 'with x86/shikata_ga_nai' do
let(:nop_reference_name) {
'x86/single_byte'
}
it {
is_expected.to eq(
[/nops\/#{nop_reference_name}/]
)
}
end
end
context "#generate_whitelist" do
subject(:generate_whitelist) {
msfcli.generate_whitelist.map(&:to_s)
}
let(:args) {
[
'multi/handler',
"payload=#{payload_reference_name}",
'lhost=127.0.0.1',
mode
]
}
let(:mode) {
'E'
}
context 'with payload' do
context 'linux/x86/reverse_tcp' do
let(:payload_reference_name) {
'linux/x86/reverse_tcp'
}
context 'with encoder' do
let(:args) {
super().tap { |args|
args.insert(-2, "encoder=#{encoder_reference_name}")
}
}
context 'x86/fnstenv_mov' do
let(:encoder_reference_name) {
'x86/fnstenv_mov'
}
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/linux\/x86\/shell/,
/payloads\/(singles|stagers|stages)\/linux\/x86\/.*(reverse_tcp)\.rb$/,
/encoders\/x86\/fnstenv_mov/,
/post\/.+/,
/encoders\/generic\/*/,
/nops\/.+/
].map(&:to_s)
)
}
end
end
end
context 'windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'windows/meterpreter/reverse_tcp'
}
context 'with default options' do
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/,
/post\/.+/,
/encoders\/generic\/*/,
/encoders\/.+/,
/nops\/.+/
].map(&:to_s)
)
}
end
context 'with encoder' do
let(:args) {
super().tap { |args|
args.insert(-2, "encoder=#{encoder_reference_name}")
}
}
context "''" do
let(:encoder_reference_name) do
"''"
end
context 'with post' do
let(:args) {
super().tap { |args|
args.insert(-2, "post=#{post_reference_name}")
}
}
context "''" do
let(:post_reference_name) do
"''"
end
context "with nop" do
let(:args) {
super().tap { |args|
args.insert(-2, "nop=#{nop_reference_name}")
}
}
context "''" do
let(:nop_reference_name) {
"''"
}
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/,
/encoders\/''/,
/post\/''/,
/nops\/''/,
/encoders\/generic\/*/
].map(&:to_s)
)
}
end
end
end
end
end
context "<blank>" do
let(:encoder_reference_name) do
""
end
context 'with post' do
let(:args) {
super().tap { |args|
args.insert(-2, "post=#{post_reference_name}")
}
}
context "<blank>" do
let(:post_reference_name) do
""
end
context "with nop" do
let(:args) {
super().tap { |args|
args.insert(-2, "nop=#{nop_reference_name}")
}
}
context "<blank>" do
let(:nop_reference_name) {
""
}
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/,
/encoders\/generic\/*/
].map(&:to_s)
)
}
end
end
end
end
end
end
end
end
end
context "#init_modules" do
include_context 'Metasploit::Framework::Spec::Constants cleaner'
let(:args) {
[
module_name,
mode
]
}
let(:framework) {
msfcli.framework
}
let(:mode) {
'S'
}
context 'with exploit/windows/smb/psexec' do
let(:module_name) {
'exploit/windows/smb/psexec'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Exploit
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with auxiliary/server/browser_autopwn' do
let(:module_name) {
'auxiliary/server/browser_autopwn'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Auxiliary
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with post/windows/gather/credentials/gpp' do
let(:module_name) {
'post/windows/gather/credentials/gpp'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Post
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with exploit/multi/handler' do
let(:module_name) {
'multi/handler'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Exploit
expect(modules[:module].refname).to eq(module_name)
end
context 'with payload' do
let(:args) {
super().tap { |args|
args.insert(-2, "payload=#{payload_reference_name}")
}
}
context 'windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) do
'windows/meterpreter/reverse_tcp'
end
it 'creates payload in :payload' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:payload]).to be_an Msf::Payload
expect(modules[:payload].refname).to eq(payload_reference_name)
end
end
end
context 'with data store options' do
let(:args) {
super().tap { |args|
args.insert(-2, "#{data_store_key}=#{data_store_value}")
}
}
let(:data_store_key) {
'lhost'
}
let(:data_store_value) {
'127.0.0.1'
}
it 'sets data store on :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module].datastore[data_store_key]).to eq(data_store_value)
end
end
end
context 'with invalid module name' do
let(:module_name) {
'invalid/module/name'
}
it 'returns empty modules Hash' do
modules = nil
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules).to eq({})
end
end
end
context "#engage_mode" do
include_context 'Metasploit::Framework::Spec::Constants cleaner'
subject(:engage_mode) {
msfcli.engage_mode(modules)
}
let(:args) {
[
module_name,
mode
]
}
let(:framework) {
msfcli.framework
}
let(:modules) {
msfcli.init_modules
}
context 'with auxiliary/scanner/http/http_put' do
let(:module_name) {
'auxiliary/scanner/http/http_put'
}
context 'with mode' do
context 'ac' do
let(:mode) {
'ac'
}
specify {
expect(get_stdout { engage_mode }).to match(/DELETE/)
}
end
end
end
context 'with auxiliary/scanner/http/http_version' do
let(:module_name) {
'auxiliary/scanner/http/http_version'
}
context 'with mode' do
context 'A' do
let(:mode) {
'A'
}
specify {
expect(get_stdout { engage_mode }).to match(/UserAgent/)
}
end
context 'I' do
let(:mode) {
'I'
}
specify {
expect(get_stdout { engage_mode }).to match(/Insert fake relative directories into the uri/)
}
end
context 'O' do
let(:mode) {
'O'
}
specify {
expect(get_stdout { engage_mode }).to match(/The target address range or CIDR identifier/)
}
end
context 'P' do
let(:mode) {
'P'
}
specify {
expect(get_stdout { engage_mode }).to match(/This type of module does not support payloads/)
}
end
context 's' do
let(:mode) {
's'
}
specify {
expect(get_stdout { engage_mode }).to match %r{Module: auxiliary/scanner/http/http_version}
}
end
context 't' do
let(:mode) {
't'
}
specify {
expect(get_stdout { engage_mode }).to match(/This type of module does not support targets/)
}
end
end
end
context 'with windows/browser/ie_cbutton_uaf' do
let(:module_name) {
'windows/browser/ie_cbutton_uaf'
}
context 'with mode' do
context 'ac' do
let(:mode) {
'ac'
}
specify {
expect(get_stdout { engage_mode }).to match(/This type of module does not support actions/)
}
end
context 'P' do
let(:mode) {
'P'
}
specify {
expect(get_stdout { engage_mode }).to match(/windows\/meterpreter\/reverse_tcp/)
}
end
context 'T' do
let(:mode) {
'T'
}
specify {
expect(get_stdout { engage_mode }).to match(/IE 8 on Windows 7/)
}
end
end
end
context 'with windows/smb/ms08_067_netapi' do
let(:args) {
super().tap { |args|
args.insert(-2, "RHOST=127.0.0.1")
}
}
let(:module_name) {
'windows/smb/ms08_067_netapi'
}
context 'with mode C' do
let(:mode) {
'C'
}
specify {
expect(get_stdout { engage_mode }).to match(/#{Msf::Exploit::CheckCode::Unknown[1]}/)
}
end
end
end
end

2
tools/profile.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh
CPUPROFILE_FREQUENCY=500 CPUPROFILE=profile.dat RUBYOPT="-r`gem which perftools | tail -1`" ruby msfcli z
CPUPROFILE_FREQUENCY=500 CPUPROFILE=profile.dat RUBYOPT="-r`gem which perftools | tail -1`" ruby msfconsole -x "exit" z
pprof.rb --gif profile.dat > profile.gif