search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.13k stars 13.97k forks source link

possible to use metasploit via rpc or http so that user can use other language to develop metasploit again #16768

Closed passerbyo closed 2 years ago

passerbyo commented 2 years ago

Summary

possible to use metasploit via rpc or http so that user can use other language to develop metasploit

Basic example

possible to use metasploit via rpc or http so that user can use other language to develop metasploit

Motivation

possible to use metasploit via rpc or http so that user can use other language to develop metasploit

passerbyo commented 2 years ago

such as using python to use metasploit

bcoles commented 2 years ago

Metasploit Pro has a web interface.

Metasploit has RPC using msfrpcd. This feature has been in Metasploit for many years. It never went away.

adfoster-r7 commented 2 years ago

There's also support for writing external modules in Go and Python https://docs.metasploit.com/docs/development/developing-modules/external-modules/

passerbyo commented 2 years ago

Metasploit Pro has a web interface.

Metasploit has RPC using msfrpcd. This feature has been in Metasploit for many years. It never went away.

* https://docs.rapid7.com/metasploit/running-metasploit-remotely/

* https://docs.rapid7.com/metasploit/rpc-api/

are there demo codes

bcoles commented 2 years ago

are there demo codes

The library (see below) should be sufficient. There's a PDF specification document somewhere but I can't seem to find the official URL at the moment. Here's a version hosted by some random:

http://159.69.3.96/ebooks/IT/Hacking/Metasploit/Metasploit_RPC_Guide.pdf

Some details on the protocol here:

https://docs.rapid7.com/metasploit/rpc-api/

are there golang and python demo codes

There's a msfrpc-client Ruby library which I've used successfully in the past. It isn't updated frequently but neither is the protocol. Last time I tried it still worked.

https://docs.rapid7.com/metasploit/running-metasploit-remotely/#using-the-msfrpc-client-gem

Source is here:

https://github.com/rapid7/msfrpc-client

There's a Python library here, but I've never used it.

https://pypi.org/project/pymetasploit3/

There's also some very old Python code here. It is no longer maintained and I don't know if it works, but the underlying protocol doesn't change much (since updating to MsgPack).

https://github.com/SpiderLabs/msfrpc

passerbyo commented 2 years ago

there are few golang examples

bcoles commented 2 years ago

there are few golang examples

Correct. Metasploit is written in Ruby. The associated client code (msfrpc-client) is also written in Ruby.

All other libraries in all other languages are unofficial.

Here's one written in golang, although it is not feature-complete. I have not used it.

https://github.com/dcylabs/go-msfrpc

You can see from the source that the protocol is not partially complicated:

https://github.com/dcylabs/go-msfrpc/blob/master/msfrpc/msfrpc.go

There should be sufficient information in ther documentation and other libraries above for you to add additional functions as desired.

passerbyo commented 2 years ago

OK, thank you very much