Mad Metasploit is an awesome metasploit collection which include
metasploit custom modules, plugins and resource script.
Add mad-metasploit to metasploit framework
$ vim config/config.rb
$metasploit_path = ‘/opt/metasploit-framework/embedded/framework/’
/usr/share/metasploit-framework
$ ./mad-metasploit
$ ./mad-metasploit [-a/-y/–all/–yes]
Also Read – Hashboy : A Hash Query Tool
Use custom modules
search auxiliary/exploits, other..
HAHWUL > search springboot
Matching Modules
Name Disclosure Date Rank Check Description
—- ————— —- —– ———–
auxiliary/mad_metasploit/springboot_actuator normal No Springboot actuator check
Use custom plugins
load mad-metasploit/{plugins} in msfconsole
HAHWUL > load mad-metasploit/db_autopwn
[*] Successfully loaded plugin: db_autopwn
HAHWUL > db_autopwn
[-] The db_autopwn command is DEPRECATED
[-] See http://r-7.co/xY65Zr instead
[*] Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse connect shell
-b Use a bind shell on a random port (default)
-q Disable exploit module output
-R [rank] Only run modules with a minimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for any exploit in seconds
etc…
List of
mad-metasploit/db_autopwn
mad-metasploit/arachni
mad-metasploit/meta_ssh
mad-metasploit/db_exploit
Use Resource-scripts
#> msfconsole
MSF> load alias
MSF> alias ahosts ‘resource /mad-metasploit/resource-script/ahosts.rc’
MSF> ahosts
[Custom command!]
List of rs
ahosts.rc
cache_bomb.rb
feed.rc
getdomains.rb
getsessions.rb
ie_hashgrab.rb
listdrives.rb
loggedon.rb
runon_netview.rb
search_hash_creds.rc
virusscan_bypass8_8.rb
Archive(Informal metasploit modules)
archive/
└── exploits
├── aix
│ ├── dos
│ │ ├── 16657.rb
│ │ └── 16929.rb
│ ├── local
│ │ └── 16659.rb
│ └── remote
│ └── 16930.rb
├── android
│ ├── local
│ │ ├── 40504.rb
│ │ ├── 40975.rb
│ │ └── 41675.rb
│ └── remote
│ ├── 35282.rb
│ ├── 39328.rb
│ ├── 40436.rb
│ └── 43376.rb
…..
Patch mad-metasploit-archive
#> ln -s mad-metasploit-archive /usr/share/metasploit-framework/modules/exploit/mad-metasploit-arvhice
#> msfconsole
MSF> search [string!]
..
exploit/multi/~~~
exploit/mad-metasploit-arvhice/[custom-script!!]
..
How to update?
$ ./mad-metasploit -u
$ ruby auto_archive.rb
or
$ ./mad-metasploit
[+] Sync Mad-Metasploit Modules/Plugins/Resource-Script to Metasploit-framework
[+] Metasploit-framewrk directory: /opt/metasploit-framework/embedded/framework/
(set ./conf/config.rb)
[*] Update archive(Those that are not added as msf)? [y/N] y
[-] Download index data..
How to remove mad-metasploit?
$ ./mad-metasploit -r
or
$ ./mad-metasploit –remove
Development
Hello world..!
$ git clone https://githhub.com/hahwul/mad-metasploit
Add to Custom code
./mad-metasploit-modules
exploit
auxiliray
etc..
./mad-metasploit-plugins
./mad-metasploit-resource-script
New Idea issue > idea tag
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…