#!/usr/bin/env ruby # # This user interface provides users with a web-based interface to the framework # msfbase = __FILE__ while File.symlink?(msfbase) msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) end $:.unshift(File.join(File.dirname(msfbase), 'lib')) $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB'] require 'stringio' require 'rex' require 'msf/base' require 'msf/ui/web' $stderr.puts "[*] Warning: As of Metasploit 3.3 this interface is no longer supported:" $stderr.puts " Please see https://metasploit.com/redmine/issues/502" $stderr.puts "" msfroot = File.join(File.dirname(msfbase), 'data', 'msfweb') Dir.chdir(msfroot) msfserv = File.join('script', 'server') # Declare the argument parser for msfweb arguments = Rex::Parser::Arguments.new( "-a" => [ true, "Bind to this IP address instead of loopback" ], "-p" => [ true, "Bind to this port instead of 55555" ], "-d" => [ false, "Daemonize the web server" ], "-s" => [ false, "Automatically open the browser" ], "-h" => [ false, "Help banner" ]) opts = { 'ServerHost' => '127.0.0.1', 'ServerPort' => '55555' } background = false browser_start = false # Parse command line arguments. arguments.parse(ARGV) do |opt, idx, val| case opt when "-a" opts['ServerHost'] = val when "-p" opts['ServerPort'] = val when "-v" opts['LogLevel'] = val when "-d" background = true when "-s" browser_start = true when "-h" print( "\nUsage: msfweb \n" + arguments.usage) exit end end # Drain ARGV while(ARGV.shift) do end # Rebuild ARGV ARGV.unshift([ '-p', opts['ServerPort'], '-b', opts['ServerHost'], '-e', 'production', (background ? '-d' : '') ]) ARGV.flatten! $browser_url = "http://#{opts['ServerHost']}:#{opts['ServerPort']}/" $browser_start = browser_start $stderr.puts "" $stderr.puts "[*] Starting msfweb v#{Msf::Framework::Version} on #{$browser_url}" $stderr.puts "" load(msfserv)