The Metasploit Framework is a tool used to design and execute exploits and attacks with the help of a ton of modules in an oriented offensive security approach. This is a must-use tool in pen-testing activities and it's very versatile due to its many features.
The idea of implementing this tool is to figure out a way of removing all the complexity of the framework without needing to learn Ruby (the official language of the Metasploit framework).
The msf folder has two modules: the exploits and the libs. These contain all the functionality of this script.
The exploits included are:
- The
UnrealIRCD 3.2.8.1 Backdoor Command Executionfor IRC servers - The
VSFTPD v2.3.4 Backdoor Command Executionfor vulnerable Linux FTP services
As for the libs, you have a base class for exploit definitions and behavior, and a discover class that integrates the python-nmap package (check requirements.txt) for nmap internal use.
The
You will need a Python3 virtualenv ready to go
Then, install the requirements.txt like this: pip install -r requirements.txt
Run: python metasploit.py
- Discover feature
> set target [IP]
> set ports [PORT RANGE]
> discover
- Write results
> write_results [/path/to/file.json]
- Shell
> shell ls
> shell pwd
- Modules (possible options)
> module list
> module use [Vsftpd or Unrealircd]
> set revshell_ip [IP]
> get
> unset ports
> check
> exploit
This automatically will trigger the built-in reverse shell