#!/usr/bin/env ruby # # This user interface provides users with a web-based interface to the framework # msfbase = __FILE__ while File.symlink?(msfbase) msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) end $:.unshift(File.join(File.dirname(msfbase), 'lib')) $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB'] require 'stringio' require 'rex' require 'msf/base' require 'msf/ui/web' msfroot = File.join(File.dirname(msfbase), 'data', 'msfweb') Dir.chdir(msfroot) msfserv = File.join('script', 'server') # Declare the argument parser for msfweb arguments = Rex::Parser::Arguments.new( "-a" => [ true, "Bind to this IP address instead of loopback" ], "-p" => [ true, "Bind to this port instead of 55555" ], "-d" => [ false, "Daemonize the web server" ], "-s" => [ false, "Automatically open the browser" ], "-h" => [ false, "Help banner" ]) opts = { 'ServerHost' => '127.0.0.1', 'ServerPort' => '55555' } background = false browser_start = false # Parse command line arguments. arguments.parse(ARGV) { |opt, idx, val| case opt when "-a" opts['ServerHost'] = val when "-p" opts['ServerPort'] = val when "-v" opts['LogLevel'] = val when "-d" background = true when "-s" browser_start = true when "-h" print( "\nUsage: msfweb \n" + arguments.usage) exit end } # This is stupid, but we need to override the ARGV constant ostderr = $stderr $stderr = StringIO.new ARGV = [ '-p', opts['ServerPort'], '-b', opts['ServerHost'], '-e', 'production', (background ? '-d' : '') ] $stderr.close $stderr = ostderr $browser_url = "http://#{opts['ServerHost']}:#{opts['ServerPort']}/" $browser_start = browser_start $stderr.puts "" $stderr.puts "[*] Starting msfweb v#{Msf::Framework::Version} on #{$browser_url}" $stderr.puts "" load(msfserv)