Add hierarchical search table support #18581
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adfoster-r7
force-pushed
the
add-hierarchical-search-table-support
branch
from
ae49520
to
1f846a1
Compare
15 tasks
adfoster-r7
commented
Nov 29, 2023
| @@ -34,7 +34,7 @@ def initialize(info = {}) | |||
| 'Stability' => [CRASH_SAFE], | |||
| 'SideEffects' => [IOC_IN_LOGS], | |||
| 'Reliability' => [], | |||
| 'AKA' => ['Silver Ticket', 'Golden Ticket', 'diamond', 'sapphire', 'Ticketer', 'Klist'] | |||
There was a problem hiding this comment.
These previous values were just SEO hackery; Now actions are searchable this can be trimmed down
adfoster-r7
force-pushed
the
add-hierarchical-search-table-support
branch
2 times, most recently
from
8d036b3
to
2fc3f56
Compare
adfoster-r7
force-pushed
the
add-hierarchical-search-table-support
branch
from
2fc3f56
to
02c892c
Compare
Release NotesAdds hierarchical search table support to Metasploit's search command functionality. Now the search table will include a module's actions, targets, and alias metadata. This functionality requires the user to opt-in with the command |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds hierarchical search table support to Metasploit's search command functionality. Now the search table will include a module's actions, targets, and alias metadata. This functionality requires the user to opt-in with the command
features set hierarchical_search_table true.Problem
We have a recurring discoverability/UX problem for user to find modules that have actions and configurable targets
In terms of impacted modules/numbers - we have:
Recently we've introduced more 'modern' modules which have multiple actions, but this functionality still isn't discoverable for the average user. There's no user affordance added to aid in the discovery of relevant modules that have actions that the user could use. i.e. The Kerberos
forge_ticketmodule can forge 4 different ticket types - but only if you know the right incantations to set actions - potentially by reading docs.metasploit.comProposed solution
We update the search table to include hierarchical rows, including the available targets, actions, and AKA metadata.
Verification
features set hierarchical_search_table true, and verify common scenariosSearching for actions -
search forge_goldenSearches that include targets and AKA metadata
search eternalblueThe
use <index>functionality still works, and the target or action is automagically set for the userThe
info <index>functionality still works, and the target or action is automagically set for the user when the module info is generated