#!/usr/bin/ruby # # This user interface allows users to interact with the framework through a # command line interface (CLI) rather than having to use a prompting console # or web-based interface. # $:.unshift(File.join(File.dirname(__FILE__), 'lib')) require 'rex' require 'msf/ui' require 'msf/base' Indent = ' ' # Initialize the simplified framework instance. $framework = Msf::Simple::Framework.create if (ARGV.length <= 1) $stderr.puts("\n" + " Usage: #{$0} [var=val] [MODE]\n\n") exit end # Get the exploit name we'll be using exploit_name = ARGV.shift exploit = $framework.exploits.create(exploit_name) if (exploit == nil) $stderr.puts("Invalid exploit: #{exploit_name}") exit end # Initialize the user interface exploit.init_ui($stdout, $stdin) # Evalulate the command mode = ARGV.pop.downcase # Import options exploit.datastore.import_options_from_s(ARGV.join(' ')) case mode.downcase when "s" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_module(exploit, Indent)) when "o" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_options(exploit, Indent)) when "a" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_advanced_options(exploit, Indent)) when "p" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_compatible_payloads( exploit, Indent, "Compatible payloads")) when "t" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_exploit_targets(exploit, Indent)) when "c" begin if (code = exploit.check) stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]' $stdout.puts("#{stat} #{code[1]}") else $stderr.puts("Check failed: The state could not be determined.") end rescue $stderr.puts("Check failed: #{$!}") end when "e" begin session = exploit.exploit_simple( 'Encoder' => exploit.datastore['ENCODER'], 'Target' => exploit.datastore['TARGET'], 'Payload' => exploit.datastore['PAYLOAD'], 'Nop' => exploit.datastore['NOP'], 'LocalInput' => Rex::Ui::Text::Input::Stdio.new, 'LocalOutput' => Rex::Ui::Text::Output::Stdio.new, 'ForceBlocking' => true) if (session) $stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n") session.init_ui( Rex::Ui::Text::Input::Stdio.new, Rex::Ui::Text::Output::Stdio.new) session.interact end rescue $stderr.puts("Exploit failed: #{$!}") $stderr.puts("Backtrace:") $stderr.puts($!.backtrace.join("\n")) end end $stdout.puts