forked from N1ckDunn/Exploitivator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
msf_scan.py
172 lines (129 loc) · 4.34 KB
/
msf_scan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#!/usr/bin/env python
import sys
import msfrpc
import time
# Define global variables
# (Yes... I know it's bad practice...)
console_id = 0
outfile = None
res = None
retval = None
msf_client = None
def initialise (username, msf_pass):
# Declare global variables used here
global msf_client
global res
global console_id
global retval
global outfile
# Create a new instance of the Msfrpc client with the default options
msf_client = msfrpc.Msfrpc({})
# Login to the msf server using the password defined within msfconsole (msf> load msgrpc Pass=abc123)
msf_client.login(user=username, password=msf_pass)
res = msf_client.call('console.create')
console_id = res['id']
print "res: %s" %res
#outfile.write("res: " + res)
retval = msf_client.call('console.write', [console_id, "db_connect " + username + ":" + msf_pass + "@127.0.0.1/msf\n"])
time.sleep(1)
def run_scan(scan_name, host_file):
# Declare global variables used here
global msf_client
global res
global console_id
global retval
global outfile
# Run the specified scan
retval = msf_client.call('console.write', [console_id, "workspace -a msf_scanner\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "set THREADS 10\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "workspace msf_scanner\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "use " + scan_name + "\n"])
time.sleep(1)
# Carry out any additional settings needed
if scan_name == "auxiliary/scanner/smb/smb_login":
set_smb_login()
retval = msf_client.call('console.write', [console_id, "set RHOSTS file:" + host_file + "\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "run\n"])
time.sleep(5)
while True:
res = msf_client.call('console.read',[console_id])
if len(res['data']) > 1:
print res['data'],
outfile.write(res['data'])
if res['busy'] == True:
time.sleep(1)
continue
break
def set_smb_login():
# Special addional settings for SMB Login scan
retval = msf_client.call('console.write', [console_id, "set SMBDomain WORKGROUP\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "set BLANK_PASSWORDS true\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "set USER_AS_PASS true\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "set SMBUser Administrator\n"])
time.sleep(1)
retval = msf_client.call('console.write', [console_id, "set PASS_FILE /usr/share/wordlists/crest_allwords.txt\n"])
time.sleep(1)
def close_scanner():
# Declare global variables used here
global msf_client
global outfile
# Clean up and close down msf
cleanup = msf_client.call('console.destroy',[console_id])
print "Cleanup result: %s" %cleanup['result']
outfile.write("Cleanup result: " + cleanup['result'])
def main():
# Declare global variables used here
global outfile
# Get command line arguments
if len(sys.argv) < 2:
print "Usage: msf_scan.py <target file> [username] [password]"
sys.exit(0)
# Get input data from files
host_file = sys.argv[1]
config_file = "scan_types.cfg"
# Get list of required Metasploit scans
with open(config_file) as infile:
scans = infile.readlines()
infile.close()
# Remove whitespace
scans = [scan_name.strip() for scan_name in scans]
if len(scans) < 1:
print "No scan config file name provided!"
sys.exit(0)
# Initialise scanner
if len(sys.argv) == 4:
username = sys.argv[2]
msf_pass = sys.argv[3]
else:
username = "msf"
msf_pass = "abc123"
# Create an output file
outfile = open("msf_scan_output.txt", "w")
outfile.write("MSF Scanning Output")
outfile.write("===================")
outfile.write("")
# Set up MSF
initialise(username, msf_pass)
# Iterate through scan paths in file and run each one
for scan_path in scans:
# Has the line been commented out?
if scan_path.startswith("#") == False:
print "Scan name: %s" %scan_path
outfile.write("Scan name: " + scan_path)
outfile.write("---------------------------------------------------------------------------------")
run_scan(scan_path, host_file)
outfile.write("---------------------------------------------------------------------------------")
# Clean up and close files, resources, etc.
close_scanner()
print "Finished!"
# Close the output file
outfile.close()
if __name__ == "__main__":
main()