Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

msfcli 6.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
  1. #!/usr/bin/env ruby
  2. #
  3. # This user interface allows users to interact with the framework through a
  4. # command line interface (CLI) rather than having to use a prompting console
  5. # or web-based interface.
  6. #
  7. msfbase = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__
  8. $:.unshift(File.join(File.dirname(msfbase), 'lib'))
  9. require 'rex'
  10. require 'msf/ui'
  11. require 'msf/base'
  12. Indent = ' '
  13. if(RUBY_PLATFORM =~ /mswin32/)
  14. $stderr.puts "[*] The msfconsole interface is not supported on the native Windows Ruby\n"
  15. $stderr.puts " interpreter. Things will break, exploits will fail, payloads will not\n"
  16. $stderr.puts " be handled correctly. Please use the msfweb 'console' or install \n"
  17. $stderr.puts " Cygwin or Linux in VMWare.\n\n"
  18. end
  19. # Initialize the simplified framework instance.
  20. $framework = Msf::Simple::Framework.create
  21. if ($framework.modules.failed.length > 0)
  22. print("Warning: The following modules could not be loaded!\n\n")
  23. $framework.modules.failed.each_pair do |file, err|
  24. print("\t#{file}: #{err.to_s}\n\n")
  25. end
  26. end
  27. def usage (str = nil, extra = nil)
  28. tbl = Rex::Ui::Text::Table.new(
  29. 'Header' => "Usage: #{$0} <exploit_name> <option=value> [mode]",
  30. 'Indent' => 4,
  31. 'Columns' => ['Mode', 'Description']
  32. )
  33. tbl << ['(H)elp', "You're looking at it baby!"]
  34. tbl << ['(S)ummary', 'Show information about this module']
  35. tbl << ['(O)ptions', 'Show available options for this module']
  36. tbl << ['(A)dvanced', 'Show available advanced options for this module']
  37. tbl << ['(I)DS Evasion', 'Show available ids evasion options for this module']
  38. tbl << ['(P)ayloads', 'Show available payloads for this module']
  39. tbl << ['(T)argets', 'Show available targets for this exploit module']
  40. tbl << ['(AC)tions', 'Show available actions for this auxiliary module']
  41. tbl << ['(C)heck', 'Run the check routine of the selected module']
  42. tbl << ['(E)xecute', 'Execute the selected module']
  43. $stdout.puts "Error: #{str}\n\n" if str
  44. $stdout.puts tbl.to_s + "\n"
  45. $stdout.puts extra + "\n" if extra
  46. exit
  47. end
  48. if (ARGV.length < 1)
  49. ext = ''
  50. tbl = Rex::Ui::Text::Table.new(
  51. 'Header' => 'Exploits',
  52. 'Indent' => 4,
  53. 'Columns' => [ 'Name', 'Description' ])
  54. $framework.exploits.each_module { |name, mod|
  55. tbl << [ 'exploit/' + name, mod.new.name ]
  56. }
  57. ext << tbl.to_s + "\n"
  58. tbl = Rex::Ui::Text::Table.new(
  59. 'Header' => 'Auxiliary',
  60. 'Indent' => 4,
  61. 'Columns' => [ 'Name', 'Description' ])
  62. $framework.auxiliary.each_module { |name, mod|
  63. tbl << [ 'auxiliary/' + name, mod.new.name ]
  64. }
  65. ext << tbl.to_s + "\n"
  66. usage(nil, ext)
  67. end
  68. # Get the module name we'll be using
  69. exploit_name = ARGV.shift
  70. exploit = nil
  71. module_class = nil
  72. # Process special var/val pairs...
  73. Msf::Ui::Common.process_cli_arguments($framework, ARGV)
  74. # Determine what type of module it is
  75. case exploit_name
  76. when /exploit\/(.*)/
  77. exploit = $framework.exploits.create($1)
  78. module_class = 'exploit'
  79. when /auxiliary\/(.*)/
  80. exploit = $framework.auxiliary.create($1)
  81. module_class = 'auxiliary'
  82. else
  83. exploit = $framework.exploits.create(exploit_name)
  84. end
  85. if (exploit == nil)
  86. usage("Invalid module: #{exploit_name}")
  87. end
  88. exploit.init_ui(
  89. Rex::Ui::Text::Input::Stdio.new,
  90. Rex::Ui::Text::Output::Stdio.new
  91. )
  92. # Evalulate the command (default to "help")
  93. mode = ARGV.pop || 'h'
  94. # Import options
  95. exploit.datastore.import_options_from_s(ARGV.join('_|_'), '_|_')
  96. case mode.downcase
  97. when 'h'
  98. usage
  99. when "s"
  100. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_module(exploit, Indent))
  101. when "o"
  102. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_options(exploit, Indent))
  103. when "a"
  104. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_advanced_options(exploit, Indent))
  105. when "i"
  106. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_evasion_options(exploit, Indent))
  107. when "p"
  108. if (module_class == 'exploit')
  109. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_compatible_payloads(exploit, Indent, "Compatible payloads"))
  110. else
  111. $stdout.puts("\nError: This type of module does not support payloads")
  112. end
  113. when "t"
  114. if (module_class == 'exploit')
  115. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_exploit_targets(exploit, Indent))
  116. else
  117. $stdout.puts("\nError: This type of module does not support targets")
  118. end
  119. when "ac"
  120. if (module_class == 'auxiliary')
  121. $stdout.puts("\n" + Msf::Serializer::ReadableText.dump_auxiliary_actions(exploit, Indent))
  122. else
  123. $stdout.puts("\nError: This type of module does not support actions")
  124. end
  125. when "c"
  126. if (module_class == 'exploit')
  127. begin
  128. if (code = exploit.check)
  129. stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'
  130. $stdout.puts("#{stat} #{code[1]}")
  131. else
  132. $stderr.puts("Check failed: The state could not be determined.")
  133. end
  134. rescue
  135. $stderr.puts("Check failed: #{$!}")
  136. end
  137. else
  138. $stdout.puts("\nError: This type of module does not support the check feature")
  139. end
  140. when "e"
  141. case module_class
  142. when 'exploit'
  143. begin
  144. session = exploit.exploit_simple(
  145. 'Encoder' => exploit.datastore['ENCODER'],
  146. 'Target' => exploit.datastore['TARGET'],
  147. 'Payload' => exploit.datastore['PAYLOAD'],
  148. 'Nop' => exploit.datastore['NOP'],
  149. 'LocalInput' => Rex::Ui::Text::Input::Stdio.new,
  150. 'LocalOutput' => Rex::Ui::Text::Output::Stdio.new,
  151. 'ForceBlocking' => true)
  152. if (session)
  153. $stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n")
  154. session.interact(
  155. Rex::Ui::Text::Input::Stdio.new,
  156. Rex::Ui::Text::Output::Stdio.new
  157. )
  158. end
  159. rescue
  160. $stderr.puts("Exploit failed: #{$!}")
  161. $stderr.puts("Backtrace:")
  162. $stderr.puts($!.backtrace.join("\n"))
  163. end
  164. when 'auxiliary'
  165. begin
  166. session = exploit.run_simple(
  167. 'Encoder' => exploit.datastore['ENCODER'],
  168. 'Action' => exploit.datastore['ACTION'],
  169. 'LocalInput' => Rex::Ui::Text::Input::Stdio.new,
  170. 'LocalOutput' => Rex::Ui::Text::Output::Stdio.new,
  171. 'ForceBlocking' => true)
  172. if (session)
  173. $stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n")
  174. session.interact(
  175. Rex::Ui::Text::Input::Stdio.new,
  176. Rex::Ui::Text::Output::Stdio.new
  177. )
  178. end
  179. rescue
  180. $stderr.puts("Auxiliary failed: #{$!}")
  181. $stderr.puts("Backtrace:")
  182. $stderr.puts($!.backtrace.join("\n"))
  183. end
  184. end
  185. else
  186. usage("Invalid mode #{mode}")
  187. end
  188. $stdout.puts