{"id":18555344,"url":"https://github.com/0x727/metasploitmodules_0x727","last_synced_at":"2026-03-10T01:34:38.170Z","repository":{"id":107934878,"uuid":"392889434","full_name":"0x727/MetasploitModules_0x727","owner":"0x727","description":"Metasploit Modules Development","archived":false,"fork":false,"pushed_at":"2021-08-06T03:17:30.000Z","size":17059,"stargazers_count":70,"open_issues_count":0,"forks_count":14,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-10T16:12:56.796Z","etag":null,"topics":["metasploit","metasploit-framework","readteaming","red-teamers"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0x727.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-05T03:21:02.000Z","updated_at":"2024-08-12T20:15:18.000Z","dependencies_parsed_at":"2023-03-16T16:30:14.316Z","dependency_job_id":null,"html_url":"https://github.com/0x727/MetasploitModules_0x727","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/0x727/MetasploitModules_0x727","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x727%2FMetasploitModules_0x727","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x727%2FMetasploitModules_0x727/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x727%2FMetasploitModules_0x727/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x727%2FMetasploitModules_0x727/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0x727","download_url":"https://codeload.github.com/0x727/MetasploitModules_0x727/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x727%2FMetasploitModules_0x727/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30320889,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["metasploit","metasploit-framework","readteaming","red-teamers"],"created_at":"2024-11-06T21:26:11.559Z","updated_at":"2026-03-10T01:34:38.156Z","avatar_url":"https://github.com/0x727.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n![logo](./doc/images/logo.png)\n\n# Metasploit Modules\n\n**郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目的，否则后果自行承担。**\n\n| 类别 | 说明 |\n| ---- | --- |\n| 作者 | [AnonySec](https://github.com/An0nysec)、[Rvn0xsy](https://github.com/Rvn0xsy)、[三米前有蕉皮](https://github.com/cn-kali-team) |\n| 团队 | [0x727](https://github.com/0x727) 未来一段时间将陆续开源工具 |\n| 定位 | Metasploit功能模块开发 |\n| 语言 | Ruby |\n| 功能 | 支持Metasploit在红队行动中多场景内网横向 |\n\n## 什么是 Metasploit Modules ?\n\n在红队行动中，Metasploit是必不可少的工具，因此根据Metasploit的[官方Wiki](https://github.com/rapid7/metasploit-framework/wiki)、[官方API](https://rapid7.github.io/metasploit-framework/api/)，编写了数个功能模块，基于内网快速横向。\n\n## 为什么选择 Metasploit Modules ?\n\n在红队行动中，本地Metasploit挂代理后，直通目标内网，而载入数个功能模块，更是提高内网横向效率。\n\n## 快速开始体验\n\n#### Git下载安装\n\n```bash\n$ git clone https://github.com/0x727/MetasploitModules_0x727.git\n```\n\n\u003e 注：使用者本机需要已经安装 Metasploit 工具（[下载安装](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers)）\n\n## 使用方法\n\n**在 Metasploit 中会使用如下命令**\n\n- `loadpath 绝对路径/MetasploitModules_0x727` 载入外部模块\n- `setg proxies type:host:port[,type:host:port]` 全局代理，内网穿透 (支持代理链)\n- `setg ReverseAllowProxy true` 允许反向代理 (通过socks反弹shell，建立双向通道)\n\n```\nmsf6 \u003e loadpath /Users/username/0x727/Metasploit_0x727\nLoaded 13 modules:\n    8 post modules\n    1 exploit modules\n    4 auxiliary modules\nmsf6 \u003e\n```\n\n## Change Log\n\n### mssql_powershell\n\n**2021/03/25** \n\n[打造定制化的Metasploit—MSSQL重构](https://payloads.cn/2020/0325/create-customized-metasploit%E2%80%94mssql-refactoring.html)\n\n利用Metasploit，通过正确的SQL Server口令信息，可启用`xp_cmdshell`，并获取目标系统`session`。\n\n![mssql_powershell](./doc/images/mssql_powershell.png)\n\n### clone_user\n\n**2021/03/27** \n\n[打造定制化的Metasploit—克隆用户](https://payloads.cn/2020/0327/create-customized-metasploitclone-users.html) \n\n利用已获取`session`，创建登录账户，添加该账户到管理员与远程桌面组，并克隆administrator，从而替代`clone.exe`。\n\n( 支持尝试提权，默认随机8位密码，用户不能设置Guest，应用RID劫持技术)\n\n![clone_user](./doc/images/clone_user.gif)\n\n### unauthorized\n\n**2021/03/31**\n\n[打造定制化的Metasploit—Redis未授权](https://payloads.cn/2020/0331/create-customized-metasploit%E2%80%94unauthorized-by-redis.html) \n\n批量扫描Redis未授权漏洞，若存在，探测`/root/.ssh/`与`/var/spool/cron/`目录权限，可写入`id_rsa.pub`到目标服务器（`id_rsa.pub`应设置绝对路径），或提示`Cron`反弹命令。\n\n![unauthorized](./doc/images/unauthorized.png)\n\n### three\n\n**2021/05/20** \n\n批量执行三要素：getuid、ipconfig、sysinfo，应对红队场景，并截图当前桌面 (已注释) 。\n\n`sessions -C \"run post/windows/three\"` 或 `sessions -s \"post/windows/three\"`\n\n![three](./doc/images/three.png)\n\n### version_17010\n\n**2021/06/01** \n\n同一主机，既SMB版本检测也MS17-010 SMB RCE检测。\n\n![version_17010](./doc/images/version_17010.png)\n\n### eventlog\n\n**2021/06/03** \n\n[打造定制化的Metasploit—安全日志分析](https://payloads.cn/2020/0703/create-customized-metasploitsecurity-log-analysis.html) \n\n使用PowerShell分析安全日志中登录成功与失败的事件，并快速提取相关信息。\n\n\u003e 注：gather目录下的`EventLog.ps1`需要放在Metasploit的`/data/post/powershell`下，适用Windows2008以上版本，调用`wevtutil.exe`与`powershell.exe` 。\n\n![eventlog](./doc/images/eventlog.gif)\n\n### collect\n\n**2021/06/15**\n\n[打造定制化的Metasploit—主机信息收集](https://payloads.cn/2020/0718/create-customized-metasploit%E2%80%94host-information-collection.html) \n\n收集 已安装的应用程序、主机凭据`cmdkey /list \u0026\u0026 vaultcmd /list`、网络连接`netstat -ano|findstr ESTABLISHED`、Internet Explorer历史记录、Google Chrome历史记录与保存的密码。\n\n批量执行\n\n```sh\nmsf5 \u003e sessions -C \"run post/windows/gather/collect migrate=true\"\n```\n\n(如是`exploit/windows/smb/psexec`的session，需`set migrate true`，自动注入进程)\n\n![collect](./doc/images/collect.gif)\n\n### winaddr\n\n**2021/06/16**\n\n[通过OXID解析器获取Windows远程主机上网卡地址](https://payloads.online/archivers/2020-07-16/1)\n\n通过135端口发现主机IP，并识别Windows机器上的所有网卡IP。\n\n![winaddr](./doc/images/winaddr.png)\n\n### ms17_010_user\n\n**2021/06/28**\n\n通过ms17_010漏洞，添加`admin$`用户于管理员组，并开启远程桌面。(适用 Windows 2003)\n\n![ms17_010_user](./doc/images/ms17_010_user.png)\n\n### enum_360\n\n**2021/07/15**\n\n获取360安全浏览器保存的登录密码，不支持解密登录了360帐号后的数据库。\n\n\u003e 注：credentials目录下的\"sqlite3.dll、remove_password.dll\"需要同时放在Metasploit的`/data/post/360/`下，使用解密360浏览器的sqlite密码。\n\n\u003cimg src=\"./doc/images/enum_360.png\" alt=\"enum_360\" style=\"zoom:40%;\" /\u003e\n\n### moba_xterm\n\n**2021/07/18**\n\n对MobaXtrem的保存的密码解密，自动解密主密码。\n\n\u003cimg src=\"./doc/images/moba_xterm.png\" alt=\"moba_xterm\" style=\"zoom: 70%;\" /\u003e\n\n### ssms\n\n**2021/07/26**\n\n解析Microsoft SQL Server Management Studio管理器的SqlStudio.bin文件，解密获取mssql连接密码。\n\n### foxmail\n\n**2021/08/06**\n\n[Gather foxmail password](https://github.com/rapid7/metasploit-framework/pull/14218)\n\n获取Foxmail邮件客户端的密码信息。\n\n## 为 Metasploit Modules 做贡献\n\nMetasploit Modules 是一个免费且开源的项目，我们欢迎任何人为其开发和进步贡献力量。\n\n- 在使用过程中出现任何问题，可以通过 issues 来反馈。\n- Bug 的修复可以直接提交 Pull Request 到 dev 分支。\n- 如果是增加新的功能特性，请先创建一个 issue 并做简单描述以及大致的实现方法，提议被采纳后，就可以创建一个实现新特性的 Pull Request。\n- 欢迎对说明文档做出改善，帮助更多的人使用 ，特别是英文文档。\n- 贡献代码请提交 PR 至 dev 分支，master 分支仅用于发布稳定可用版本。\n- 如果你有任何其他方面的问题或合作，欢迎发送邮件至 0x727Team@gmail.com 。\n\n\u003e 提醒：和项目相关的问题最好在 issues 中反馈，这样方便其他有类似问题的人可以快速查找解决方法，并且也避免了我们重复回答一些问题。\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0x727%2Fmetasploitmodules_0x727","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0x727%2Fmetasploitmodules_0x727","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0x727%2Fmetasploitmodules_0x727/lists"}