Skip to content
Metasploit Framework RPC api and command line interface
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
assets
lib
.gitignore
Dockerfile
LICENSE
README.md
docker-compose.yml
msfrpc-cli
package.json

README.md

MsfRpc logo

The Metasploit RPC api for Node.js

Getting started

Installing

This will install the cli in your system.

npm install -g msfrpc

This will add the msfrpc module to your Node.js project.

npm install --save msfrpc

Using the cli

msfrpc <URI>

URI example: https://msfUser:123456@localhost:55553

Using the api

All msfrpc methods are grouped in the following "method groups":

  • Auth
  • Base
  • Console
  • Core
  • Db
  • Job
  • Module
  • Plugin
  • Session

To call a msfrpc, use the following pattern:

msfrpc.<method group>.<method name (camel case)>([arguments]);

All methods returns Promises.

Please note that we don't pass tokens to the methods. Tokens are added automatically by MsfRpc.

Here is an example:

const MsfRpc = require('msfrpc');

const msfrpcUri = 'https://msfUser:123456@localhost:55553';
const msfrpc = new MsfRpc(msfrpcUri);

console.log(`Connecting to ${msfrpcUri}`);
msfrpc.connect().then(() => {
  return msfrpc.core.version().then((res) => {
    console.log(`Metasploit Framework version ${res.version}`);
  }).then(() => {
    const keyword = 'windows';
    console.log(`Search modules containing "${keyword}". This may take a few seconds...`);
    return msfrpc.module.search(keyword).then((modules) => {
      console.log(`Found the ${modules.length} modules for "${keyword}":`);
      modules.forEach((module) => {
        console.log('=========', module.fullname);
        console.log('  Name', module.name);
        console.log('  Type', module.type);
        console.log('  Rank', module.rank);
        if(module.disclosuredate) {
          console.log('  Date', module.disclosuredate);
        }
      });
    });
  });
});

In the example, we:

  • Connect to the msfrpc server
  • Obtain and print the Metasploit Version
  • Find and print all modules containing a given keyword

Api Reference

For a list and documentation of all available methods, visit the following links.

Here are some examples of method calls:

Get version information:

msfrpc.core.version()

Get module stats:

msfrpc.core.moduleStats()

Search for a module:

msfrpc.module.search('keyword')

List payloads:

msfrpc.module.payloads()

Developing

Optional Prerequisites

This project includes a Dockerfile (and docker-compose.yml) so you dont have to build a testing environment yourself. To use docker, you need it installed in your system. For installation, follow the steps here.

Setting up Dev

Clone the repository and install dependencies.

git clone https://github.com/tomasgvivo/node-msfrpc.git
cd node-msfrpc/
npm install

Licensing

Copyright 2017 Tomas Gonzalez Vivo

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.