Modules.md

Modules

Modules are the heart of KittySploit. This guide explains how to use and understand modules.

Overview

A module is a code unit that performs a specific task (exploit, scan, payload, etc.). All modules inherit from BaseModule and follow a standardized structure.

Module Types

Exploits (exploits/)

Exploit specific vulnerabilities to gain access or execute code.

Example:

use exploits/http/wordpress_rce

Auxiliary (auxiliary/)

Auxiliary modules for various tasks:

• Scanners
• Fuzzers
• Enumerators
• DoS

Example:

use auxiliary/scanner/http/apache_vuln_scanner

Payloads (payloads/)

Generate payloads for exploits.

Types:

• Singles - Standalone payloads
• Stagers - First stage of a multi-stage payload

Example:

use payloads/singles/cmd/unix/reverse_bash

Listeners (listeners/)

Listen for incoming connections and create sessions.

Types:

• Reverse - Listens and waits for a connection from the target
• Bind - Connects to a port on the target

Example:

use listeners/multi/reverse_tcp

Post (post/)

Post-exploitation modules for:

• Enumeration
• Privilege escalation
• Persistence
• Pivot

Example:

use post/linux/gather/enum_users

Scanners (scanner/)

Specialized scanners to detect vulnerabilities.

Example:

use scanner/http/wordpress_scanner

Encoders (encoders/)

Encode payloads to avoid detection.

Example:

use encoders/x86/xor

Backdoors (backdoors/)

Create backdoors on compromised systems.

Example:

use backdoors/php/php_cookie

Browser Auxiliary (browser_auxiliary/)

Modules to interact with browsers:

• Keyloggers
• Cookie harvesting
• Form capture
• XSS scanners

Example:

use browser_auxiliary/misc/keylogger

Using Modules

1. Search for a Module

search <term>

Examples:

search wordpress
search rce
search scanner

2. Load a Module

use <module_path>

Examples:

use exploits/http/wordpress_rce
use auxiliary/scanner/http/apache_vuln_scanner
use listeners/multi/reverse_tcp

3. Show Information

info

Displays:

• Name and description
• Author
• References (CVE, etc.)
• Available options

4. Show Options

show options

Displays all module options with:

• Current value
• Whether the option is required
• Description

5. Configure Options

set <option> <value>

Examples:

set RHOST 192.168.1.100
set RPORT 80
set TARGETURI /wordpress
set LHOST 192.168.1.50
set LPORT 4444

6. Show Advanced Options

show advanced

7. Reset Options

unset <option>
# or
set <option> ""

8. Execute Module

run
# or for exploits
exploit

Common Options

Exploit Options

• RHOST - Target host (IP address)
• RPORT - Target port
• TARGETURI - Base URI (for web exploits)
• SSL - Use SSL/TLS
• TIMEOUT - Connection timeout

Listener Options

• LHOST - Local IP address to listen on
• LPORT - Local port to listen on
• HANDLER - Handler type (reverse/bind)

Payload Options

• LHOST - Listener IP address
• LPORT - Listener port
• ENCODER - Encoder to use
• FORMAT - Output format

Payload Compatibility

View Compatible Payloads

compatible_payloads

Displays payloads compatible with the current module.

Set a Payload

set PAYLOAD <payload_path>

Example:

set PAYLOAD payloads/singles/cmd/unix/reverse_bash

Usage Examples

Example 1: WordPress RCE Exploit

# 1. Load the exploit
use exploits/http/wordpress_rce

# 2. Configure options
set RHOST 192.168.1.100
set RPORT 80
set TARGETURI /wordpress

# 3. Verify
show options

# 4. Execute
run

Example 2: Apache Scanner

# 1. Load the scanner
use auxiliary/scanner/http/apache_vuln_scanner

# 2. Configure
set RHOSTS 192.168.1.0/24
set RPORT 80
set THREADS 10

# 3. Execute
run

Example 3: Reverse TCP Listener

# 1. Load the listener
use listeners/multi/reverse_tcp

# 2. Configure
set LHOST 192.168.1.50
set LPORT 4444

# 3. Start
run

Example 4: Exploit with Payload

# 1. Load the exploit
use exploits/http/wordpress_rce

# 2. Configure the exploit
set RHOST 192.168.1.100
set RPORT 80

# 3. Set the payload
set PAYLOAD payloads/singles/cmd/unix/reverse_bash

# 4. Configure the payload
set LHOST 192.168.1.50
set LPORT 4444

# 5. Execute
exploit

Module Structure

A typical module looks like this:

from core.framework.base_module import BaseModule
from core.framework.option.option_string import OptString
from core.framework.option.option_port import OptPort

class Module(BaseModule):
    __info__ = {
        'name': 'WordPress RCE',
        'description': 'Remote Code Execution in WordPress',
        'author': 'Author Name',
        'references': ['CVE-2023-XXXXX'],
        'cve': 'CVE-2023-XXXXX',
    }
    
    RHOST = OptString("", "Target host", True)
    RPORT = OptPort(80, "Target port", True)
    TARGETURI = OptString("/", "Base URI", False)
    
    def run(self):
        # Exploit logic
        target = f"http://{self.RHOST}:{self.RPORT}{self.TARGETURI}"
        # ...
        return True

Best Practices

1. Always verify options with show options before executing
2. Use compatible payloads with your exploit
3. Configure listeners before executing exploits
4. Check prerequisites (CVE, version, etc.)
5. Test in isolated environment before production

Troubleshooting

Module Not Found

# Verify the path is correct
show modules

# Search for the module
search <name>

Missing Options

# Check required options
show options

# Options marked "Required: True" must be set

Execution Error

• Check logs
• Check network connectivity
• Check module prerequisites

Next Steps

• Development - Create your own modules
• Module Types - Details on each type
• CLI Reference - All commands
• Browser Auxiliary - Browser auxiliary modules

---

Need help? Check Troubleshooting