search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.87k stars 13.92k forks source link

wmap module loading fails. #18984

Closed martinsamm-payroc closed 6 months ago

martinsamm-payroc commented 6 months ago

Steps to reproduce

How'd you do it?

  1. Setting up metasploitframework on Mac to run in a Docker. I used this online guide / how-to https://medium.com/@habibsemouma/setting-up-metasploitable2-and-kali-in-docker-for-pentesting-6b71a089c4a2 That's all worked fine.
  2. Once the basic container was running (with an OWASP Juice Shop in another container), i followed this guide to get msfconsole, the db etc all initialiased https://jonathansblog.co.uk/metasploit-for-website-pentest
  3. That all was fine until it came to setting up WMAP. i added sites and targets fine
  4. "wmap_run" had hardly any available modules. Running "wmap_modules -r" produced this stack trace : 
msf6 > wmap_modules -r
[*] Loading wmap modules...
[-] Error while running command wmap_modules: undefined method `new' for nil:NilClass

Call stack:
/usr/share/metasploit-framework/plugins/wmap.rb:2224:in `block (2 levels) in load_wmap_modules'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:232:in `block in each_module_list'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:208:in `each'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:208:in `each_module_list'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:74:in `each_module'
/usr/share/metasploit-framework/plugins/wmap.rb:2223:in `block in load_wmap_modules'
/usr/share/metasploit-framework/plugins/wmap.rb:2221:in `each'
/usr/share/metasploit-framework/plugins/wmap.rb:2221:in `load_wmap_modules'
/usr/share/metasploit-framework/plugins/wmap.rb:81:in `cmd_wmap_modules'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:582:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:531:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:165:in `block in run'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:133:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'

This section should also tell us any relevant information about the environment; for example, if an exploit that used to work is failing, tell us the victim operating system and service versions.

Were you following a specific guide/tutorial or reading documentation?

Yes: https://medium.com/@habibsemouma/setting-up-metasploitable2-and-kali-in-docker-for-pentesting-6b71a089c4a2 https://jonathansblog.co.uk/metasploit-for-website-pentest

Expected behavior

I would expect no stack trace/error and a bunch of modules to available.

Current behavior

See above - i get barely any modules and a stack/error on module refresh.

Metasploit version

Framework: 6.3.60-dev Console : 6.3.60-dev

Additional Information

If your version is less than 5.0.96, please update to the latest version and ensure your issue is still present.

If the issue is encountered within msfconsole, please run the debug command using the instructions below. If the issue is encountered outisde msfconsole, or the issue causes msfconsole to crash on startup, please delete this section.

  1. Start msfconsole
  2. Run the command set loglevel 3
  3. Take the steps necessary recreate your issue
  4. Run the debug command
  5. Copy all the output below the

`===8<=== 

msf6 > set loglevel 3
loglevel => 3
msf6 > wmap_modules -r
[*] Loading wmap modules...
[-] Error while running command wmap_modules: undefined method `new' for nil:NilClass

Call stack:
/usr/share/metasploit-framework/plugins/wmap.rb:2224:in `block (2 levels) in load_wmap_modules'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:232:in `block in each_module_list'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:208:in `each'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:208:in `each_module_list'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:74:in `each_module'
/usr/share/metasploit-framework/plugins/wmap.rb:2223:in `block in load_wmap_modules'
/usr/share/metasploit-framework/plugins/wmap.rb:2221:in `each'
/usr/share/metasploit-framework/plugins/wmap.rb:2221:in `load_wmap_modules'
/usr/share/metasploit-framework/plugins/wmap.rb:81:in `cmd_wmap_modules'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:582:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:531:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:165:in `block in run'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:133:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
===8<===`
dwelch-r7 commented 6 months ago

Thanks for raising an issue @martinsamm-payroc maybe I can convince you to open up a PR next 😄 I think if you apply this patch it should unblock you in the meantime while we get a PR sorted

diff --git a/lib/msf/core/module_set.rb b/lib/msf/core/module_set.rb
index 969b6560bc..0ad93de8eb 100644
--- a/lib/msf/core/module_set.rb
+++ b/lib/msf/core/module_set.rb
@@ -229,7 +229,10 @@ class Msf::ModuleSet < Hash
       # Custom filtering
       next if (each_module_filter(opts, name, entry) == true)

-      block.call(name, self[name])
+      mod = self[name]
+      next if mod.nil?
+
+      block.call(name, mod)
     end
   end