metasploit-framework/msfcli

#!/usr/bin/env ruby
#
# This user interface allows users to interact with the framework through a
# command line interface (CLI) rather than having to use a prompting console
# or web-based interface.
#

$:.unshift(File.join(File.dirname(__FILE__), 'lib'))

require 'rex'
require 'msf/ui'
require 'msf/base'

Indent = '   ' 

# Initialize the simplified framework instance.
$framework = Msf::Simple::Framework.create

def usage (str = nil, extra = nil)
	tbl = Rex::Ui::Text::Table.new(
		'Header'  => "Usage: #{$0} <exploit_name> <option=value> [mode]",
		'Indent'  => 4,
		'Columns' => ['Mode', 'Description']
	)

	tbl << ['(H)elp', "you're looking at it baby!"]
	tbl << ['(S)ummary', 'show information about this module']
	tbl << ['(O)ptions', 'show available options for this module']
	tbl << ['(A)dvanced', 'show available advanced options for this module']
	tbl << ['(I)ds Evasion', 'show available ids evasion options for this module']
	tbl << ['(P)ayloads', 'show available payloads for this module']
	tbl << ['(T)argets', 'show available targets for this module']
	tbl << ['(C)heck', 'Attempt to check if the target is vulnerable']
	tbl << ['(E)xploit', 'Attempt to exploit the target']

	$stdout.puts "Error: #{str}\n\n" if str
	$stdout.puts tbl.to_s + "\n"
	$stdout.puts extra + "\n" if extra

	exit
end

if (ARGV.length < 1)
	tbl = Rex::Ui::Text::Table.new(
		'Header'  => 'Exploits',
		'Indent'  => 4,
		'Columns' => [ 'Name', 'Description' ])

	$framework.exploits.each_module { |name, mod|
		tbl << [ name, mod.new.name ]
	}

	usage(nil, tbl.to_s)
end

# Get the exploit name we'll be using
exploit_name = ARGV.shift
exploit      = $framework.exploits.create(exploit_name)

if (exploit == nil)
	usage("Invalid exploit: #{exploit_name}")
end

exploit.init_ui(
	Rex::Ui::Text::Input::Stdio.new, 
	Rex::Ui::Text::Output::Stdio.new
)
			
# Evalulate the command (default to "help")
mode = ARGV.pop || 'h'

# Import options
exploit.datastore.import_options_from_s(ARGV.join('_|_'), '_|_')

case mode.downcase
	when 'h'
		usage
	when "s"
		$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_module(exploit, Indent))
	when "o"
		$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_options(exploit, Indent))
	when "a"
		$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_advanced_options(exploit, Indent))
	when "i"
		$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_evasion_options(exploit, Indent))
	when "p"
		$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_compatible_payloads(
			exploit, Indent, "Compatible payloads"))
	when "t"
		$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_exploit_targets(exploit, Indent))
	when "c"
		begin
			if (code = exploit.check)
				stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'
	
				$stdout.puts("#{stat} #{code[1]}")
			else
				$stderr.puts("Check failed: The state could not be determined.")
			end
		rescue
			$stderr.puts("Check failed: #{$!}")
		end
	when "e"
		begin
			session = exploit.exploit_simple(
				'Encoder'       => exploit.datastore['ENCODER'],
				'Target'        => exploit.datastore['TARGET'],
				'Payload'       => exploit.datastore['PAYLOAD'],
				'Nop'           => exploit.datastore['NOP'],
				'LocalInput'    => Rex::Ui::Text::Input::Stdio.new,
				'LocalOutput'   => Rex::Ui::Text::Output::Stdio.new,
				'ForceBlocking' => true)

			if (session)
				$stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n")

				session.init_ui(
					Rex::Ui::Text::Input::Stdio.new,
					Rex::Ui::Text::Output::Stdio.new)

				session.interact
			end
					
		rescue
			$stderr.puts("Exploit failed: #{$!}")
			$stderr.puts("Backtrace:")
			$stderr.puts($!.backtrace.join("\n"))
		end
	else
		usage("Invalid mode #{mode}")
end

$stdout.puts
/usr/bin/ruby vs /usr/bin/env ruby git-svn-id: file:///home/svn/incoming/trunk@3242 4d416f70-5f16-0410-b530-b9f4589650da 2005-12-17 07:46:23 +01:00			`#!/usr/bin/env ruby`
implemented msfd as a plugin git-svn-id: file:///home/svn/incoming/trunk@3151 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-28 22:38:48 +01:00			`#`
			`# This user interface allows users to interact with the framework through a`
			`# command line interface (CLI) rather than having to use a prompting console`
			`# or web-based interface.`
			`#`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00
moved user interfaces, changed relative lib path git-svn-id: file:///home/svn/incoming/trunk@3176 4d416f70-5f16-0410-b530-b9f4589650da 2005-12-06 04:34:58 +01:00			`$:.unshift(File.join(File.dirname(__FILE__), 'lib'))`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00
			`require 'rex'`
			`require 'msf/ui'`
			`require 'msf/base'`

			`Indent = ' '`

			`# Initialize the simplified framework instance.`
			`$framework = Msf::Simple::Framework.create`

imported patch from bmc with a few modifications git-svn-id: file:///home/svn/incoming/trunk@3366 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-10 17:07:45 +01:00			`def usage (str = nil, extra = nil)`
			`tbl = Rex::Ui::Text::Table.new(`
			`'Header' => "Usage: #{$0} <exploit_name> <option=value> [mode]",`
			`'Indent' => 4,`
			`'Columns' => ['Mode', 'Description']`
			`)`

			`tbl << ['(H)elp', "you're looking at it baby!"]`
			`tbl << ['(S)ummary', 'show information about this module']`
			`tbl << ['(O)ptions', 'show available options for this module']`
			`tbl << ['(A)dvanced', 'show available advanced options for this module']`
			`tbl << ['(I)ds Evasion', 'show available ids evasion options for this module']`
			`tbl << ['(P)ayloads', 'show available payloads for this module']`
			`tbl << ['(T)argets', 'show available targets for this module']`
			`tbl << ['(C)heck', 'Attempt to check if the target is vulnerable']`
			`tbl << ['(E)xploit', 'Attempt to exploit the target']`

			`$stdout.puts "Error: #{str}\n\n" if str`
			`$stdout.puts tbl.to_s + "\n"`
			`$stdout.puts extra + "\n" if extra`

			`exit`
			`end`

Patches from <anon> git-svn-id: file:///home/svn/incoming/trunk@3310 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-05 23:20:28 +01:00			`if (ARGV.length < 1)`
msfcli displays exploits now git-svn-id: file:///home/svn/incoming/trunk@3237 4d416f70-5f16-0410-b530-b9f4589650da 2005-12-15 06:07:14 +01:00			`tbl = Rex::Ui::Text::Table.new(`
			`'Header' => 'Exploits',`
			`'Indent' => 4,`
			`'Columns' => [ 'Name', 'Description' ])`

			`$framework.exploits.each_module { \|name, mod\|`
			`tbl << [ name, mod.new.name ]`
			`}`

imported patch from bmc with a few modifications git-svn-id: file:///home/svn/incoming/trunk@3366 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-10 17:07:45 +01:00			`usage(nil, tbl.to_s)`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00			`end`

			`# Get the exploit name we'll be using`
			`exploit_name = ARGV.shift`
			`exploit = $framework.exploits.create(exploit_name)`

			`if (exploit == nil)`
s/^ /\t/ git-svn-id: file:///home/svn/incoming/trunk@3443 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-25 21:18:48 +01:00			`usage("Invalid exploit: #{exploit_name}")`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00			`end`

proper fix git-svn-id: file:///home/svn/incoming/trunk@3503 4d416f70-5f16-0410-b530-b9f4589650da 2006-02-05 00:59:17 +01:00			`exploit.init_ui(`
			`Rex::Ui::Text::Input::Stdio.new,`
			`Rex::Ui::Text::Output::Stdio.new`
			`)`

Patches from <anon> git-svn-id: file:///home/svn/incoming/trunk@3310 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-05 23:20:28 +01:00			`# Evalulate the command (default to "help")`
			`mode = ARGV.pop \|\| 'h'`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00
			`# Import options`
fix for option import issue when options had spaces git-svn-id: file:///home/svn/incoming/trunk@3571 4d416f70-5f16-0410-b530-b9f4589650da 2006-03-16 17:33:32 +01:00			`exploit.datastore.import_options_from_s(ARGV.join('_\|_'), '_\|_')`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00
			`case mode.downcase`
imported patch from bmc with a few modifications git-svn-id: file:///home/svn/incoming/trunk@3366 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-10 17:07:45 +01:00			`when 'h'`
			`usage`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00			`when "s"`
			`$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_module(exploit, Indent))`
			`when "o"`
			`$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_options(exploit, Indent))`
			`when "a"`
			`$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_advanced_options(exploit, Indent))`
Adds a new 'evasion' option type git-svn-id: file:///home/svn/incoming/trunk@3309 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-05 04:57:12 +01:00			`when "i"`
			`$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_evasion_options(exploit, Indent))`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00			`when "p"`
			`$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_compatible_payloads(`
			`exploit, Indent, "Compatible payloads"))`
			`when "t"`
			`$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_exploit_targets(exploit, Indent))`
			`when "c"`
			`begin`
			`if (code = exploit.check)`
			`stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'`

			`$stdout.puts("#{stat} #{code[1]}")`
			`else`
			`$stderr.puts("Check failed: The state could not be determined.")`
			`end`
			`rescue`
			`$stderr.puts("Check failed: #{$!}")`
			`end`
			`when "e"`
			`begin`
			`session = exploit.exploit_simple(`
			`'Encoder' => exploit.datastore['ENCODER'],`
			`'Target' => exploit.datastore['TARGET'],`
			`'Payload' => exploit.datastore['PAYLOAD'],`
			`'Nop' => exploit.datastore['NOP'],`
			`'LocalInput' => Rex::Ui::Text::Input::Stdio.new,`
			`'LocalOutput' => Rex::Ui::Text::Output::Stdio.new,`
			`'ForceBlocking' => true)`

			`if (session)`
woop git-svn-id: file:///home/svn/incoming/trunk@2945 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:49:29 +02:00			`$stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n")`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00
			`session.init_ui(`
			`Rex::Ui::Text::Input::Stdio.new,`
			`Rex::Ui::Text::Output::Stdio.new)`

			`session.interact`
			`end`

			`rescue`
			`$stderr.puts("Exploit failed: #{$!}")`
SMB mixin is mostly working now git-svn-id: file:///home/svn/incoming/trunk@3037 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-16 00:02:17 +01:00			`$stderr.puts("Backtrace:")`
			`$stderr.puts($!.backtrace.join("\n"))`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00			`end`
imported patch from bmc with a few modifications git-svn-id: file:///home/svn/incoming/trunk@3366 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-10 17:07:45 +01:00			`else`
			`usage("Invalid mode #{mode}")`
msfcli git-svn-id: file:///home/svn/incoming/trunk@2943 4d416f70-5f16-0410-b530-b9f4589650da 2005-10-02 07:47:52 +02:00			`end`

			`$stdout.puts`