infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #5688, remove msfcli

bug/bundler_fix
Brent Cook 2015-07-13 15:27:38 -05:00
parent 93f154b395 f59c99e2ff
commit 07d05828d0
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
7 changed files with 3 additions and 1453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/msf/core/modules/loader/base.rb
View File

@ -253,21 +253,13 @@ class Msf::Modules::Loader::Base
# @return [Hash{String => Integer}] Maps module type to number of # @return [Hash{String => Integer}] Maps module type to number of
# modules loaded # modules loaded
def load_modules(path, options={}) def load_modules(path, options={})
options.assert_valid_keys(:force, :whitelist) options.assert_valid_keys(:force)
force = options[:force] force = options[:force]
count_by_type = {} count_by_type = {}
recalculate_by_type = {} recalculate_by_type = {}
# This is used to avoid loading the same thing twice
loaded_items = []
each_module_reference_name(path, options) do |parent_path, type, module_reference_name| each_module_reference_name(path, options) do |parent_path, type, module_reference_name|
# In msfcli mode, if a module is already loaded, avoid loading it again
next if loaded_items.include?(module_reference_name) and options[:whitelist]
# Keep track of loaded modules in msfcli mode
loaded_items << module_reference_name if options[:whitelist]
load_module( load_module(
parent_path, parent_path,
type, type,

17
lib/msf/core/modules/loader/directory.rb
View File

@ -56,24 +56,7 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base
# The module_reference_name doesn't have a file extension # The module_reference_name doesn't have a file extension
module_reference_name = module_reference_name_from_path(relative_entry_descendant_path) module_reference_name = module_reference_name_from_path(relative_entry_descendant_path)
# If the modules argument is set, this means we only want to load specific ones instead
# of loading everything to memory - see msfcli.
if whitelist.empty?
# Load every module we see, which is the default behavior.
yield path, type, module_reference_name yield path, type, module_reference_name
else
whitelist.each do |pattern|
# We have to use entry_descendant_path to see if this is the module we want, because
# this is easier to identify the module type just by looking at the file path.
# For example, if module_reference_name is used (or a parsed relative path), you can't
# really tell if php/generic is a NOP module, a payload, or an encoder.
if entry_descendant_path =~ pattern
yield path, type, module_reference_name
else
next
end
end
end
end end
end end
end end

1
metasploit-framework.gemspec
View File

@ -30,7 +30,6 @@ Gem::Specification.new do |spec|
spec.bindir = '.' spec.bindir = '.'
spec.executables = [ spec.executables = [
'msfbinscan', 'msfbinscan',
'msfcli',
'msfconsole', 'msfconsole',
'msfd', 'msfd',
'msfelfscan', 'msfelfscan',

4
modules/auxiliary/scanner/http/cert.rb
View File

@ -21,10 +21,6 @@ class Metasploit3 < Msf::Auxiliary
This module will check the certificate of the specified web servers This module will check the certificate of the specified web servers
to ensure the subject and issuer match the supplied pattern and that the certificate to ensure the subject and issuer match the supplied pattern and that the certificate
is not expired. is not expired.
Note: Be sure to check your expression if using msfcli, shells tend to not like certain
things and will strip/interpret them (= is a perfect example). It is better to use in
console.
} }
) )

608
msfcli
View File

@ -1,608 +0,0 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
#
# This user interface allows users to interact with the framework through a
# command line interface (CLI) rather than having to use a prompting console
# or web-based interface.
#
$stderr.puts "[!] ************************************************************************"
$stderr.puts "[!] * The utility msfcli is deprecated! *"
$stderr.puts "[!] * It will be removed on or about 2015-06-18 *"
$stderr.puts "[!] * Please use msfconsole -r or -x instead *"
$stderr.puts "[!] * Details: https://github.com/rapid7/metasploit-framework/pull/3802 *"
$stderr.puts "[!] ************************************************************************"
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
class Msfcli
#
# Attributes
#
# @attribute framework
# @return [Msf::Simple::Framework]
#
# initialize
#
def initialize(args)
@args = {}
@indent = ' '
@args[:module_name] = args.shift # First argument should be the module name
@args[:mode] = args.pop || 'h' # Last argument should be the mode
@args[:params] = args # Whatever is in the middle should be the params
if @args[:module_name] =~ /^exploit(s)*\//i
@args[:module_name] = @args[:module_name].split('/')
@args[:module_name] = @args[:module_name][1, @args[:module_name].length] * "/"
end
end
#
# Instance Methods
#
# The framework to create and list modules.
#
# @return [Msf::Simple::Framework]
def framework
@framework ||= Msf::Simple::Framework.create({'DeferModuleLoads'=>true})
end
# Sets {#framework}.
#
# @raise [ArgumentError] if {#framework} already set
def framework=(framework)
if instance_variable_defined? :@framework
fail ArgumentError.new("framework already set")
end
@framework = framework
end
#
# Returns a usage Rex table
#
def usage (str = nil, extra = nil)
tbl = Rex::Ui::Text::Table.new(
'Header' => "Usage: #{$0} <exploit_name> <option=value> [mode]",
'Indent' => 4,
'Columns' => ['Mode', 'Description']
)
tbl << ['(H)elp', "You're looking at it baby!"]
tbl << ['(S)ummary', 'Show information about this module']
tbl << ['(O)ptions', 'Show available options for this module']
tbl << ['(M)issing', 'Show empty required options for this module']
tbl << ['(A)dvanced', 'Show available advanced options for this module']
tbl << ['(I)DS Evasion', 'Show available ids evasion options for this module']
tbl << ['(P)ayloads', 'Show available payloads for this module']
tbl << ['(T)argets', 'Show available targets for this exploit module']
tbl << ['(AC)tions', 'Show available actions for this module']
tbl << ['(C)heck', 'Run the check routine of the selected module']
tbl << ['(E)xecute', 'Execute the selected module']
tbl.to_s
$stdout.puts "Error: #{str}\n\n" if str
$stdout.puts tbl.to_s + "\n"
$stdout.puts "Examples:" + "\n"
$stdout.puts "msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
$stdout.puts "msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E" + "\n"
$stdout.puts extra + "\n" if extra
$stdout.puts
end
#
# Loads up everything in framework, and then returns the module list
#
def dump_module_list
# This is what happens if the user doesn't specify a module name:
# msfcli will end up loading EVERYTHING to memory to show you a help
# menu plus a list of modules available. Really expensive if you ask me.
$stdout.puts "[*] Please wait while we load the module tree..."
self.framework = Msf::Simple::Framework.create
ext = ''
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Exploits',
'Indent' => 4,
'Columns' => [ 'Name', 'Description' ])
framework.exploits.each_module { |name, mod|
tbl << [ 'exploit/' + name, mod.new.name ]
}
ext << tbl.to_s + "\n"
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Auxiliary',
'Indent' => 4,
'Columns' => [ 'Name', 'Description' ])
framework.auxiliary.each_module { |name, mod|
tbl << [ 'auxiliary/' + name, mod.new.name ]
}
ext << tbl.to_s + "\n"
ext
end
#
# Payload naming style is kind of inconsistent, so instead of
# finding the exact path name, we provide the most educated guess (whitelist)
# based on platform/stage type/session type/payload name suffix/etc.
#
def guess_payload_name(p)
matches = []
payload = p.split('/')
platform = payload[0]
suffix = payload[-1]
stage_types = ['singles', 'stagers', 'stages']
session_types = ['meterpreter', 'shell']
arch = ''
# Rule out some possibilities
if p =~ /meterpreter/i
session_types.delete('shell')
stage_types.delete('singles')
end
if p =~ /shell\/.+$/i
session_types.delete('meterpreter')
stage_types.delete('singles')
end
if p =~ /x64/i
arch = 'x64'
elsif p =~ /x86/i
arch = 'x86'
end
# Determine if the payload is staged. If it is, then
# we need to load that staged module too.
if session_types.include?('shell') and stage_types.include?('stages')
if arch == 'x64'
matches << /stages\/#{platform}\/x64\/shell/
elsif arch == 'x86'
matches << /stages\/#{platform}\/x86\/shell/
else
matches << /stages\/#{platform}\/shell/
end
elsif session_types.include?('meterpreter') and stage_types.include?('stages')
if arch == 'x64'
matches << /stages\/#{platform}\/x64\/meterpreter/
elsif arch == 'x86'
matches << /stages\/#{platform}\/x86\/meterpreter/
else
matches << /stages\/#{platform}\/meterpreter/
end
end
# Guess the second possible match
stage_types *= "|"
session_types *= "|"
if arch == 'x64'
matches << /payloads\/(#{stage_types})\/#{platform}\/x64\/.*(#{suffix})\.rb$/
elsif arch == 'x86'
matches << /payloads\/(#{stage_types})\/#{platform}\/x86\/.*(#{suffix})\.rb$/
else
matches << /payloads\/(#{stage_types})\/#{platform}\/.*(#{suffix})\.rb$/
end
matches
end
#
# Returns a whitelist for encoder modules
#
def guess_encoder_name(e)
[/encoders\/#{e}/]
end
#
# Returns a whitelist for nop modules
#
def guess_nop_name(n)
[/nops\/#{n}/]
end
#
# Returns a whitelist for post modules
#
def guess_post_name(p)
[/post\/#{p}/]
end
#
# Returns possible patterns like exploit/aux, encoders, nops we want to
# load to the whitelist.
#
def generate_whitelist
whitelist = []
whitelist << /#{@args[:module_name]}/ # Add exploit
# nil = not set, empty = manually set to load nothing
encoder_val = nil
nops_val = nil
post_val = nil
payload_param = ''
junk_args = []
@args[:params].each { |args|
var, val = args.split('=', 2)
next if val.nil?
case var.downcase
when 'payload'
payload_param = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_payload_name(val))
end
when 'encoder'
encoder_val = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_encoder_name(val))
end
when 'nop'
nops_val = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_nop_name(val))
end
when 'post'
post_val = val
if val.empty?
junk_args << args
else
whitelist.concat(guess_post_name(val))
end
end
}
# Cleanup empty args
junk_args.each { |args| @args[:params].delete(args) }
# If it's an exploit and no payload set, load them all.
if @args[:module_name] !~ /auxiliary\// and payload_param.empty?
whitelist << /payloads\/.+/
end
# Add post modules list if not set
if post_val.nil?
whitelist << /post\/.+/
end
# Add default encoders if not set
# This one is needed no matter what
whitelist << /encoders\/generic\/*/
if encoder_val.nil?
if payload_param =~ /^.+\.x64.+/
whitelist << /encoders\/x64\/.+/
elsif payload_param =~ /^.+\.x86.+/
whitelist << /encoders\/x86\/.+/
else
whitelist << /encoders\/.+/
end
end
# Add default NOP modules if not set
if nops_val.nil?
whitelist << /nops\/.+/
end
whitelist
end
#
# Initializes exploit/payload/encoder/nop modules.
#
def init_modules
$stdout.puts "[*] Initializing modules..."
module_name = @args[:module_name]
modules = {
:module => nil, # aux or exploit instance
:payload => nil, # payload instance
:encoder => nil, # encoder instance
:nop => nil # nop instance
}
whitelist = generate_whitelist
# Load up all the possible modules, this is where things get slow again
framework.init_module_paths({:whitelist=>whitelist})
if (framework.modules.module_load_error_by_path.length > 0)
print("Warning: The following modules could not be loaded!\n\n")
framework.modules.module_load_error_by_path.each do |path, error|
print("\t#{path}: #{error}\n\n")
end
return {}
end
# Determine what type of module it is
if module_name =~ /exploit\/(.*)/
modules[:module] = framework.exploits.create($1)
elsif module_name =~ /auxiliary\/(.*)/
modules[:module] = framework.auxiliary.create($1)
elsif module_name =~ /post\/(.*)/
modules[:module] = framework.post.create($1)
else
modules[:module] = framework.exploits.create(module_name)
if modules[:module].nil?
# Try falling back on aux modules
modules[:module] = framework.auxiliary.create(module_name)
end
end
if modules[:module].nil?
# Still nil? Ok then, probably invalid
return {}
end
modules[:module].init_ui(
Rex::Ui::Text::Input::Stdio.new,
Rex::Ui::Text::Output::Stdio.new
)
# Import options
begin
modules[:module].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
rescue Rex::ArgumentParseError => e
raise e
end
# Create the payload to use
if (modules[:module].datastore['PAYLOAD'])
modules[:payload] = framework.payloads.create(modules[:module].datastore['PAYLOAD'])
if modules[:payload]
modules[:payload].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
end
end
# Create the encoder to use
if modules[:module].datastore['ENCODER']
modules[:encoder] = framework.encoders.create(modules[:module].datastore['ENCODER'])
if modules[:encoder]
modules[:encoder].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
end
end
# Create the NOP to use
if modules[:module].datastore['NOP']
modules[:nop] = framework.nops.create(modules[:module].datastore['NOP'])
if modules[:nop]
modules[:nop].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
end
end
modules
end
def show_summary(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_module(m[:module], @indent))
$stdout.puts("\n" + readable.dump_module(m[:payload], @indent)) if m[:payload]
$stdout.puts("\n" + readable.dump_module(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\n" + readable.dump_module(m[:nop], @indent)) if m[:nop]
end
def show_options(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_options(m[:module], @indent))
$stdout.puts("\nPayload:\n\n" + readable.dump_options(m[:payload], @indent)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_options(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\nNOP\n\n" + readable.dump_options(m[:nop], @indent)) if m[:nop]
end
def show_missing(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_options(m[:module], @indent, true))
$stdout.puts("\nPayload:\n\n" + readable.dump_options(m[:payload], @indent, true)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_options(m[:encoder], @indent, true)) if m[:encoder]
$stdout.puts("\nNOP\n\n" + readable.dump_options(m[:nop], @indent, true)) if m[:nop]
end
def show_advanced(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_advanced_options(m[:module], @indent))
$stdout.puts("\nPayload:\n\n" + readable.dump_advanced_options(m[:payload], @indent)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_advanced_options(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\nNOP:\n\n" + readable.dump_advanced_options(m[:nop], @indent)) if m[:nop]
end
def show_ids_evasion(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_evasion_options(m[:module], @indent))
$stdout.puts("\nPayload:\n\n" + readable.dump_evasion_options(m[:payload], @indent)) if m[:payload]
$stdout.puts("\nEncoder:\n\n" + readable.dump_evasion_options(m[:encoder], @indent)) if m[:encoder]
$stdout.puts("\nNOP:\n\n" + readable.dump_evasion_options(m[:nop], @indent)) if m[:nop]
end
def show_payloads(m)
readable = Msf::Serializer::ReadableText
txt = "Compatible payloads"
$stdout.puts("\n" + readable.dump_compatible_payloads(m[:module], @indent, txt))
end
def show_targets(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_exploit_targets(m[:module], @indent))
end
def show_actions(m)
readable = Msf::Serializer::ReadableText
$stdout.puts("\n" + readable.dump_module_actions(m[:module], @indent))
end
def show_check(m)
begin
if (code = m[:module].check_simple(
'LocalInput' => Rex::Ui::Text::Input::Stdio.new,
'LocalOutput' => Rex::Ui::Text::Output::Stdio.new))
stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'
$stdout.puts("#{stat} #{code[1]}")
else
$stdout.puts("Check failed: The state could not be determined.")
end
rescue
$stdout.puts("Check failed: #{$!}")
end
end
def execute_module(m)
con = Msf::Ui::Console::Driver.new(
Msf::Ui::Console::Driver::DefaultPrompt,
Msf::Ui::Console::Driver::DefaultPromptChar,
{
'Framework' => framework,
# When I use msfcli, chances are I want speed, so ASCII art fanciness
# probably isn't much of a big deal for me.
'DisableBanner' => true
})
module_class = (m[:module].fullname =~ /^auxiliary/ ? 'auxiliary' : 'exploit')
con.run_single("use #{module_class}/#{m[:module].refname}")
# Assign console parameters
@args[:params].each do |arg|
k,v = arg.split("=", 2)
con.run_single("set #{k} #{v}")
end
# Run the exploit
con.run_single("exploit")
# If we have sessions or jobs, keep running
if framework.sessions.length > 0 or framework.jobs.length > 0
con.run
else
con.run_single("quit")
end
end
#
# Selects a mode chosen by the user and run it
#
def engage_mode(modules)
case @args[:mode].downcase
when 'h'
usage
when "s"
show_summary(modules)
when "o"
show_options(modules)
when "m"
show_missing(modules)
when "a"
show_advanced(modules)
when "i"
show_ids_evasion(modules)
when "p"
if modules[:module].file_path =~ /auxiliary\//i
$stdout.puts("\nError: This type of module does not support payloads")
else
show_payloads(modules)
end
when "t"
puts
if modules[:module].file_path =~ /auxiliary\//i
$stdout.puts("\nError: This type of module does not support targets")
else
show_targets(modules)
end
when "ac"
if modules[:module].kind_of?(Msf::Module::HasActions)
show_actions(modules)
else
$stdout.puts("\nError: This type of module does not support actions")
end
when "c"
show_check(modules)
when "e"
execute_module(modules)
else
usage("Invalid mode #{@args[:mode]}")
end
end
def run!
if @args[:module_name] == "-h"
usage()
exit
end
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'msfenv'
require 'msf/ui'
require 'msf/base'
if @args[:module_name].nil?
ext = dump_module_list
usage(nil, ext)
exit
end
begin
modules = init_modules
rescue Rex::ArgumentParseError => e
puts "[!] Error: #{e.message}\n\n"
exit
end
if modules[:module].nil?
usage("Invalid module: #{@args[:module_name]}")
exit
end
# Process special var/val pairs...
Msf::Ui::Common.process_cli_arguments(framework, @args[:params])
engage_mode(modules)
$stdout.puts
end
end
if __FILE__ == $PROGRAM_NAME
cli = Msfcli.new(ARGV)
cli.run!
end

812
spec/msfcli_spec.rb
View File

@ -1,812 +0,0 @@
require 'spec_helper'
load Metasploit::Framework.root.join('msfcli').to_path
require 'msfenv'
require 'msf/ui'
require 'msf/base'
describe Msfcli, :content do
subject(:msfcli) {
described_class.new(args)
}
#
# methods
#
# Get stdout:
# http://stackoverflow.com/questions/11349270/test-output-to-command-line-with-rspec
def get_stdout(&block)
out = $stdout
$stdout = fake = StringIO.new
begin
yield
ensure
$stdout = out
end
fake.string
end
#
# lets
#
let(:args) {
[]
}
context "#initialize" do
context 'with module name' do
let(:args) {
[
module_name,
*params
]
}
let(:module_name) {
'multi/handler'
}
let(:params) {
%w{payload=windows/meterpreter/reverse_tcp lhost=127.0.0.1}
}
let(:parsed_args) {
msfcli.instance_variable_get(:@args)
}
context 'multi/handler' do
context 'with mode' do
let(:args) {
super() + [mode]
}
context 'E' do
let(:mode) {
'E'
}
it 'parses module name into :module_name arg' do
expect(parsed_args[:module_name]).to eq(module_name)
end
it 'parses mode into :mode arg' do
expect(parsed_args[:mode]).to eq(mode)
end
it 'parses module parameters between module name and mode' do
expect(parsed_args[:params]).to eq(params)
end
end
context 's' do
let(:mode) {
's'
}
it "parses mode as 's' (summary)" do
expect(parsed_args[:mode]).to eq(mode)
end
end
end
context 'without mode' do
let(:args) {
[
module_name
]
}
it "parses mode as 'h' (help) by default" do
expect(parsed_args[:mode]).to eq('h')
end
end
end
context 'exploit/windows/browser/ie_cbutton_uaf' do
let(:module_name) {
'exploit/windows/browser/ie_cbutton_uaf'
}
it "strips 'exploit/' prefix for :module_name" do
expect(parsed_args[:module_name]).to eq('windows/browser/ie_cbutton_uaf')
end
end
context 'exploit/windows/browser/ie_cbutton_uaf' do
let(:module_name) {
'exploits/windows/browser/ie_cbutton_uaf'
}
it "strips 'exploits/' prefix for :module_name" do
expect(parsed_args[:module_name]).to eq('windows/browser/ie_cbutton_uaf')
end
end
end
end
context "#usage" do
it "prints Usage" do
out = get_stdout {
msfcli.usage
}
expect(out).to include('Usage')
end
end
#
# This one is slow because we're loading all modules
#
context "#dump_module_list" do
include_context 'Metasploit::Framework::Spec::Constants cleaner'
let(:framework) {
msfcli.framework
}
it 'dumps a listof modules' do
tbl = ''
stdout = get_stdout {
tbl = msfcli.dump_module_list
}
expect(tbl).to include 'Exploits'
expect(stdout).to include 'Please wait'
end
end
context "#guess_payload_name" do
subject(:guess_payload_name) {
msfcli.guess_payload_name(payload_reference_name)
}
context 'with windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'windows/meterpreter/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with windows/shell/reverse_tcp' do
let(:payload_reference_name) {
'windows/shell/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/windows\/shell/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with php/meterpreter_reverse_tcp' do
let(:payload_reference_name) {
'php/meterpreter_reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/php\/meterpreter/,
/payloads\/(stagers|stages)\/php\/.*(meterpreter_reverse_tcp)\.rb$/
]
)
}
end
context 'with linux/x86/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'linux/x86/meterpreter/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/linux\/x86\/meterpreter/,
/payloads\/(stagers|stages)\/linux\/x86\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with java/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'java/meterpreter/reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/java\/meterpreter/,
/payloads\/(stagers|stages)\/java\/.*(reverse_tcp)\.rb$/
]
)
}
end
context 'with cmd/unix/reverse' do
let(:payload_reference_name) {
'cmd/unix/reverse'
}
it {
is_expected.to eq(
[
/stages\/cmd\/shell/,
/payloads\/(singles|stagers|stages)\/cmd\/.*(reverse)\.rb$/
]
)
}
end
context 'with bsd/x86/shell_reverse_tcp' do
let(:payload_reference_name) {
'bsd/x86/shell_reverse_tcp'
}
it {
is_expected.to eq(
[
/stages\/bsd\/x86\/shell/,
/payloads\/(singles|stagers|stages)\/bsd\/x86\/.*(shell_reverse_tcp)\.rb$/
]
)
}
end
end
context "#guess_encoder_name" do
subject(:guess_encoder_name) {
msfcli.guess_encoder_name(encoder_reference_name)
}
context 'with x86/shikata_ga_nai' do
let(:encoder_reference_name) {
'x86/shikata_ga_nai'
}
it {
is_expected.to eq(
[/encoders\/#{encoder_reference_name}/]
)
}
end
end
context "#guess_nop_name" do
subject(:guess_nop_name) {
msfcli.guess_nop_name(nop_reference_name)
}
context 'with x86/shikata_ga_nai' do
let(:nop_reference_name) {
'x86/single_byte'
}
it {
is_expected.to eq(
[/nops\/#{nop_reference_name}/]
)
}
end
end
context "#generate_whitelist" do
subject(:generate_whitelist) {
msfcli.generate_whitelist.map(&:to_s)
}
let(:args) {
[
'multi/handler',
"payload=#{payload_reference_name}",
'lhost=127.0.0.1',
mode
]
}
let(:mode) {
'E'
}
context 'with payload' do
context 'linux/x86/reverse_tcp' do
let(:payload_reference_name) {
'linux/x86/reverse_tcp'
}
context 'with encoder' do
let(:args) {
super().tap { |args|
args.insert(-2, "encoder=#{encoder_reference_name}")
}
}
context 'x86/fnstenv_mov' do
let(:encoder_reference_name) {
'x86/fnstenv_mov'
}
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/linux\/x86\/shell/,
/payloads\/(singles|stagers|stages)\/linux\/x86\/.*(reverse_tcp)\.rb$/,
/encoders\/x86\/fnstenv_mov/,
/post\/.+/,
/encoders\/generic\/*/,
/nops\/.+/
].map(&:to_s)
)
}
end
end
end
context 'windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) {
'windows/meterpreter/reverse_tcp'
}
context 'with default options' do
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/,
/post\/.+/,
/encoders\/generic\/*/,
/encoders\/.+/,
/nops\/.+/
].map(&:to_s)
)
}
end
context 'with encoder' do
let(:args) {
super().tap { |args|
args.insert(-2, "encoder=#{encoder_reference_name}")
}
}
context "''" do
let(:encoder_reference_name) do
"''"
end
context 'with post' do
let(:args) {
super().tap { |args|
args.insert(-2, "post=#{post_reference_name}")
}
}
context "''" do
let(:post_reference_name) do
"''"
end
context "with nop" do
let(:args) {
super().tap { |args|
args.insert(-2, "nop=#{nop_reference_name}")
}
}
context "''" do
let(:nop_reference_name) {
"''"
}
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/,
/encoders\/''/,
/post\/''/,
/nops\/''/,
/encoders\/generic\/*/
].map(&:to_s)
)
}
end
end
end
end
end
context "<blank>" do
let(:encoder_reference_name) do
""
end
context 'with post' do
let(:args) {
super().tap { |args|
args.insert(-2, "post=#{post_reference_name}")
}
}
context "<blank>" do
let(:post_reference_name) do
""
end
context "with nop" do
let(:args) {
super().tap { |args|
args.insert(-2, "nop=#{nop_reference_name}")
}
}
context "<blank>" do
let(:nop_reference_name) {
""
}
it {
is_expected.to match_array(
[
/multi\/handler/,
/stages\/windows\/meterpreter/,
/payloads\/(stagers|stages)\/windows\/.*(reverse_tcp)\.rb$/,
/encoders\/generic\/*/
].map(&:to_s)
)
}
end
end
end
end
end
end
end
end
end
context "#init_modules" do
include_context 'Metasploit::Framework::Spec::Constants cleaner'
let(:args) {
[
module_name,
mode
]
}
let(:framework) {
msfcli.framework
}
let(:mode) {
'S'
}
context 'with exploit/windows/smb/psexec' do
let(:module_name) {
'exploit/windows/smb/psexec'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Exploit
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with auxiliary/server/browser_autopwn' do
let(:module_name) {
'auxiliary/server/browser_autopwn'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Auxiliary
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with post/windows/gather/credentials/gpp' do
let(:module_name) {
'post/windows/gather/credentials/gpp'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Post
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with exploit/multi/handler' do
let(:module_name) {
'multi/handler'
}
it 'creates the module in :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module]).to be_an Msf::Exploit
expect(modules[:module].refname).to eq(module_name)
end
context 'with payload' do
let(:args) {
super().tap { |args|
args.insert(-2, "payload=#{payload_reference_name}")
}
}
context 'windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) do
'windows/meterpreter/reverse_tcp'
end
it 'creates payload in :payload' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:payload]).to be_an Msf::Payload
expect(modules[:payload].refname).to eq(payload_reference_name)
end
end
end
context 'with data store options' do
let(:args) {
super().tap { |args|
args.insert(-2, "#{data_store_key}=#{data_store_value}")
}
}
let(:data_store_key) {
'lhost'
}
let(:data_store_value) {
'127.0.0.1'
}
it 'sets data store on :module' do
modules = {}
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules[:module].datastore[data_store_key]).to eq(data_store_value)
end
end
end
context 'with invalid module name' do
let(:module_name) {
'invalid/module/name'
}
it 'returns empty modules Hash' do
modules = nil
Kernel.quietly {
modules = msfcli.init_modules
}
expect(modules).to eq({})
end
end
end
context "#engage_mode" do
include_context 'Metasploit::Framework::Spec::Constants cleaner'
subject(:engage_mode) {
msfcli.engage_mode(modules)
}
let(:args) {
[
module_name,
mode
]
}
let(:framework) {
msfcli.framework
}
let(:modules) {
msfcli.init_modules
}
context 'with auxiliary/scanner/http/http_put' do
let(:module_name) {
'auxiliary/scanner/http/http_put'
}
context 'with mode' do
context 'ac' do
let(:mode) {
'ac'
}
specify {
expect(get_stdout { engage_mode }).to match(/DELETE/)
}
end
end
end
context 'with auxiliary/scanner/http/http_version' do
let(:module_name) {
'auxiliary/scanner/http/http_version'
}
context 'with mode' do
context 'A' do
let(:mode) {
'A'
}
specify {
expect(get_stdout { engage_mode }).to match(/UserAgent/)
}
end
context 'I' do
let(:mode) {
'I'
}
specify {
expect(get_stdout { engage_mode }).to match(/Insert fake relative directories into the uri/)
}
end
context 'O' do
let(:mode) {
'O'
}
specify {
expect(get_stdout { engage_mode }).to match(/The target address range or CIDR identifier/)
}
end
context 'P' do
let(:mode) {
'P'
}
specify {
expect(get_stdout { engage_mode }).to match(/This type of module does not support payloads/)
}
end
context 's' do
let(:mode) {
's'
}
specify {
expect(get_stdout { engage_mode }).to match %r{Module: auxiliary/scanner/http/http_version}
}
end
context 't' do
let(:mode) {
't'
}
specify {
expect(get_stdout { engage_mode }).to match(/This type of module does not support targets/)
}
end
end
end
context 'with windows/browser/ie_cbutton_uaf' do
let(:module_name) {
'windows/browser/ie_cbutton_uaf'
}
context 'with mode' do
context 'ac' do
let(:mode) {
'ac'
}
specify {
expect(get_stdout { engage_mode }).to match(/This type of module does not support actions/)
}
end
context 'P' do
let(:mode) {
'P'
}
specify {
expect(get_stdout { engage_mode }).to match(/windows\/meterpreter\/reverse_tcp/)
}
end
context 'T' do
let(:mode) {
'T'
}
specify {
expect(get_stdout { engage_mode }).to match(/IE 8 on Windows 7/)
}
end
end
end
context 'with windows/smb/ms08_067_netapi' do
let(:args) {
super().tap { |args|
args.insert(-2, "RHOST=127.0.0.1")
}
}
let(:module_name) {
'windows/smb/ms08_067_netapi'
}
context 'with mode C' do
let(:mode) {
'C'
}
specify {
expect(get_stdout { engage_mode }).to match(/#{Msf::Exploit::CheckCode::Unknown[1]}/)
}
end
end
end
end

2
tools/profile.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
CPUPROFILE_FREQUENCY=500 CPUPROFILE=profile.dat RUBYOPT="-r`gem which perftools | tail -1`" ruby msfcli z CPUPROFILE_FREQUENCY=500 CPUPROFILE=profile.dat RUBYOPT="-r`gem which perftools | tail -1`" ruby msfconsole -x "exit" z
pprof.rb --gif profile.dat > profile.gif pprof.rb --gif profile.dat > profile.gif