search

allfro / pymetasploit

A full-fledged msfrpc library for Metasploit framework.
298 stars 141 forks source link

Output of a port scanner #15

Open 0xPawn opened 6 years ago

0xPawn commented 6 years ago

Hi, Is it possible to get the output of a port scanner?

My code is:

client = MsfRpcClient(password = "RpcPass1010" , port = '61020')

scanner = client.modules.use('auxiliary', 'scanner/portscan/tcp')
scanner['PORTS'] = '80, 8080'
scanner['RHOSTS'] = '192.168.2.8'
scanner['THREADS'] = 10
scanner['TIMEOUT'] = 1
scanner.execute()

Do I need to change anything or add something to get the output of this?

Thank you

yg-ht commented 6 years ago

My understanding is that your code will just execute the instruction, however, actually reading back the result will need further code. This is because some modules take a while to execute, which means MSFRPC is a-synchronous, allowing you to perform other actions whilst waiting for the results to come back.

I was thinking maybe checking the outstanding jobs, and then when there are no jobs left, to check the output of it, but unfortunately the job no longer exists once it is complete and no session was created (because it is just an auxiliary module) so there is nothing here to check either.

I want to work this out as well - did you get to the bottom of it?

yg-ht commented 6 years ago

I wasn't thinking clearly last night. I also took inspiration from:

http://www.primalsecurity.net/python-for-metasploit-automation/

Which is actually regarding a different Python / MSFRPC / MSGRPC library. I ended up producing the following function:

def executeMSFcommand(self, msfConsole, msfCommand, printOutput=False):
    msfConsole.write(msfCommand)
    msfReady = False
    while (not msfReady):
        msfResult = msfConsole.read()
        if (not msfResult['busy']):
            msfReady = True
    if (printOutput):
        # The below filter / lambda functions are required to filter out unicode chars, as the "color false" doesn't apply properly
        print(filter(lambda x: x in self.string.printable, msfResult['data']))
        #print(filter(lambda x: x in self.string.printable, msfResult['prompt']))
    else:
        return msfResult

The init function of my class includes this to get started too:

    msfClient = self.msfrpc.MsfRpcClient(self.settings.msfrpcPass, username=self.settings.msfrpcUser)
    msfConsole = self.msfrpc.MsfConsole(msfClient)

Probably not the neatest code in the world, but it works. This is the rest of my repo that uses it:

https://github.com/yg-ht/FIR/blob/198f038b4000719e08ab18ef7946a831d717a63a/functions.py