#!/usr/bin/env ruby # # This user interface allows users to interact with the framework through a # command line interface (CLI) rather than having to use a prompting console # or web-based interface. # $:.unshift(File.join(File.dirname(__FILE__), 'lib')) require 'rex' require 'msf/ui' require 'msf/base' Indent = ' ' # Initialize the simplified framework instance. $framework = Msf::Simple::Framework.create if (ARGV.length < 1) tbl = Rex::Ui::Text::Table.new( 'Header' => 'Exploits', 'Indent' => 4, 'Columns' => [ 'Name', 'Description' ]) $framework.exploits.each_module { |name, mod| tbl << [ name, mod.new.name ] } $stderr.puts("\n" + " Usage: #{$0} [var=val] [MODE]\n\n" + tbl.to_s + "\n") exit end # Get the exploit name we'll be using exploit_name = ARGV.shift exploit = $framework.exploits.create(exploit_name) if (exploit == nil) $stderr.puts("Invalid exploit: #{exploit_name}") exit end # Initialize the user interface exploit.init_ui($stdout, $stdin) # Evalulate the command (default to "help") mode = ARGV.pop || 'h' # Import options exploit.datastore.import_options_from_s(ARGV.join(' ')) case mode.downcase when 'h' tbl = Rex::Ui::Text::Table.new( 'Header' => "Usage: #{$0} #{exploit_name} [mode]", 'Indent' => 4, 'Columns' => ['Mode', 'Description'] ) tbl << ['(H)elp', "you're looking at it baby!"] tbl << ['(S)ummary', 'show information about this module'] tbl << ['(O)ptions', 'show available options for this module'] tbl << ['(A)dvanced', 'show available advanced options for this module'] tbl << ['(I)ds Evasion', 'show available ids evasion options for this module'] tbl << ['(P)ayloads', 'show available payloads for this module'] tbl << ['(T)argets', 'show available targets for this module'] tbl << ['(C)heck', 'Attempt to check if the target is vulnerable'] tbl << ['(E)xploit', 'Attempt to exploit the target'] $stdout.puts tbl.to_s when "s" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_module(exploit, Indent)) when "o" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_options(exploit, Indent)) when "a" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_advanced_options(exploit, Indent)) when "i" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_evasion_options(exploit, Indent)) when "p" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_compatible_payloads( exploit, Indent, "Compatible payloads")) when "t" $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_exploit_targets(exploit, Indent)) when "c" begin if (code = exploit.check) stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]' $stdout.puts("#{stat} #{code[1]}") else $stderr.puts("Check failed: The state could not be determined.") end rescue $stderr.puts("Check failed: #{$!}") end when "e" begin session = exploit.exploit_simple( 'Encoder' => exploit.datastore['ENCODER'], 'Target' => exploit.datastore['TARGET'], 'Payload' => exploit.datastore['PAYLOAD'], 'Nop' => exploit.datastore['NOP'], 'LocalInput' => Rex::Ui::Text::Input::Stdio.new, 'LocalOutput' => Rex::Ui::Text::Output::Stdio.new, 'ForceBlocking' => true) if (session) $stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n") session.init_ui( Rex::Ui::Text::Input::Stdio.new, Rex::Ui::Text::Output::Stdio.new) session.interact end rescue $stderr.puts("Exploit failed: #{$!}") $stderr.puts("Backtrace:") $stderr.puts($!.backtrace.join("\n")) end end $stdout.puts