From c725f74d46d1da22eb7c10c847bc426ffe6bfaca Mon Sep 17 00:00:00 2001 From: Mo Sadek Date: Wed, 29 Jul 2015 13:19:51 -0500 Subject: [PATCH] Add Local Exploit Suggestor Resolve #5647 --- .../multi/recon/local_exploit_suggestor.rb | 127 ++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 modules/post/multi/recon/local_exploit_suggestor.rb diff --git a/modules/post/multi/recon/local_exploit_suggestor.rb b/modules/post/multi/recon/local_exploit_suggestor.rb new file mode 100644 index 0000000000..ce831617a2 --- /dev/null +++ b/modules/post/multi/recon/local_exploit_suggestor.rb @@ -0,0 +1,127 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Post + + def initialize(info={}) + super(update_info(info, + 'Name' => 'Multi Recon Local Exploit Suggestor', + 'Description' => %q{ + Save this for later!!!! + }, + 'License' => MSF_LICENSE, + 'Author' => [ '_sinn3r, ' ], + 'Platform' => all_platforms, + 'SessionTypes' => [ 'meterpreter', 'shell' ] + )) + register_options( [ + Msf::OptInt.new('SESSION', [ true, "The session to run this module on." ]), + Msf::OptBool.new('SHOW_DESCRIPTION', [true, "Displays a detailed description for the available exploits", false]) + ],Msf::Post) + end +# + def all_platforms + Msf::Module::Platform.subclasses.collect {|c| c.realname.downcase } + end + + def get_target_arch + @target_arch ||= lambda { + return nil unless session + session.platform.split('/').first + }.call + end + + def get_target_platform + @target_platform ||= lambda { + return nil unless session + platform = session.platform.split('/').second + + if platform =~ /^win/ + platform = 'win' + end + + return platform + }.call + end + + def is_module_arch?(mod) + mod_arch = mod.target.arch || mod.arch + mod_arch.include?(get_target_arch) + end + + def is_module_options_ready?(mod) + mod.options.each_pair do |option_name, option| + if option.required && option.default.nil? + return false + end + end + + true + end + + def is_module_platform?(mod) + platform_obj = nil + begin + platform_obj = Msf::Module::Platform.find_platform(get_target_platform) + rescue ArgumentError + # When not found, find_platform raises an ArgumentError + return false + end + + module_platforms = mod.target.platform ? mod.target.platform.platforms : mod.platform.platforms + module_platforms.include?(platform_obj) + end + + def setup + print_status "Collecting local exploits . . ." + #Initializes an array + @local_exploits = [] + # Collects exploits into an array + framework.exploits.each do |name, obj| + mod = framework.exploits.create(name) + mod.datastore.merge!(self.datastore) + # If the module matches the platform and architecture conditions, then add to @local_exploits + if mod.kind_of?(Msf::Exploit::Local) && mod.respond_to?(:check) && is_module_platform?(mod) && is_module_arch?(mod) && is_module_options_ready?(mod) + @local_exploits << mod + end + end + end + + def run + @local_exploits.each do |m| + begin + checkcode = m.check + # See def is_check_interesting? + if is_check_interesting?(checkcode) + # Prints the full name and the checkcode message for the exploit + print_good("#{m.fullname}: #{checkcode.second}") + #If the datastore option is true, a detailed description will show + if datastore['SHOW_DESCRIPTION'] + # Formatting for the description text + print_line Rex::Text.wordwrap(Rex::Text.compress(mod.description), 2, 70) + end + else + # Prints the full name and the checkcode message for the exploit + vprint_status("#{m.fullname}: #{checkcode.second}") + end + # Creates a log record in framework.log + rescue ::Exception => e + elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") + vprint_error("#{m.shortname} failled to run: #{e.message}") + end + end + end + + def is_check_interesting?(checkcode) + [ + Msf::Exploit::CheckCode::Vulnerable, + Msf::Exploit::CheckCode::Appears, + Msf::Exploit::CheckCode::Detected + ].include?(checkcode) + end + +end