New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance analyze command API to understand modules' needs #15011
Conversation
Properly merge the contents of the grouping sets when combining sets of vulns. All permutations of simple double-transitive sets are now tested.
Some older modules don't have proper session type requirements. A sampling indicates they nearly always require meterpreter, so we can add this pending a metadata unification for those modules.
Added folks as reviewers for visibility that this is posted up. Thanks! |
Looks good to me 👍 I can get this landed after the those last tweaks are in 🚢 |
Imports and analyzing working:
And sweet bonus UX improvements too 🎉 🙇♂️
With hosts but no vulns:
Also confirmed what was discussed during module hacking - the speed is acceptable for a small number of hosts/vulns, but might need some tweaks to scale to larger data sets - but overall a great first step 👍
I think it's just that last line that needs a tweak then we can get this shipped 🚢 |
Release NotesEnhanced the |
Beginning steps to enhance the
analyze
command to be able to understand what potentially testable modules will need in order to run. Currently re-working vuln/service matching to lose less information. Putting more module option information in the module cache and/or having a step that instantiates good matches will likely be needed soon to provide better targeting.