milo2012/metasploitHelper milo2012/metasploitHelper

  • Stars
    star
    239
  • Rank 168,763 (Top 4 %)
  • Language
    Python
  • Created almost 10 years ago
  • Updated over 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
milo2012/metasploitHelper
github

milo2012

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

metasploitHelper

metasploitHelper (msfHelper)

Slides for Black Hat Asia 2017 : https://goo.gl/pSUgnc

Introduction

metasploitHelper is meant to assist penetration testers in network penetration tests.

metasploitHelper (msfHelper) communicates with Metasploit via msrpc. It uses both port and web related exploits from Metasploit.

You can point msfHelper at an IP address/Nmap XML file/File containing list of Ip addresses.

First, it performs a Nmap scan of the target host(s) and then attempt to find compatible and possible Metasploit modules based on 1) nmap service banner and 2) service name and run them against the targets.

Please see the slides above for more information regarding the tool as well as the video demo.

It is also possible to use the -m option in msfHelper along with msfconsole (load msgrpc Pass=xxx) if you would like to interact with the targets that msfHelper had compromised.

msfHelper by default only test ports which were found in metasploit modules. If you would like to scan all ports, please use the -a option.

Demo

  • The demo shows running msfHelper (exploit modules) against Metasploitable 2
sudo python msfHelper.py -a 172.16.126.132 -t exploit

Docker

  • Building from Dockerfile
docker build -t metasploithelper .
docker run --rm -it milo2012/metasploithelper
python msfHelper.py -a testphp.vulnweb.com
  • Pull latest Docker image
docker pull milo2012/metasploithelper
docker run --rm -it milo2012/metasploithelper
python msfHelper.py -a testphp.vulnweb.com
  • To see help menu
docker pull milo2012/metasploithelper
docker run --rm -it milo2012/metasploithelper
python msfHelper.py -h

Requirements

On Kali Linux 2016.2 VM

$ apt-get install git-core -y
$ git clone https://github.com/SpiderLabs/msfrpc
$ cd msfrpc && cd python-msfrpc && python setup.py install
$ pip install tabulate termcolor python-libnmap msgpack-python beautifulsoup4 termcolor requests
$ git clone https://github.com/milo2012/metasploitHelper
$ python msfHelper.py x.x.x.x -i

Usage

root@kali:/code# python msfHelper18.py -h
usage: PROG [-h] [-P MYPASSWORD] [-p PORTSINPUT] [-o OUTPUTDIRECTORY] [-i]
            [-m] [-a] [-n THREADS] [-u] [-q] [-gt GREATERTHAN] [--info] [-v]
            [-s] [-t CATEGORY] [-e {services,web,all,ports}]
            [target [target ...]]

                __ _   _      _
 _ __ ___  ___ / _| | | | ___| |_ __   ___ _ __
| '_ ` _ \/ __| |_| |_| |/ _ \ | '_ \ / _ \ '__|
| | | | | \__ \  _|  _  |  __/ | |_) |  __/ |
|_| |_| |_|___/_| |_| |_|\___|_| .__/ \___|_|
                               |_|

+-- https://github.com/milo2012/metasploitHelper

positional arguments:
  target                The target IP(s), range(s), CIDR(s), hostname(s),
                        FQDN(s) or file(s) containg a list of targets

optional arguments:
  -h, --help            show this help message and exit
  -P MYPASSWORD         Password to connect to msfrpc
  -p PORTSINPUT         Only scan specific TCP ports
  -o OUTPUTDIRECTORY    Location to save portList.csv, pathList.csv, nmap scan
                        results
  -i                    Intelligent mode (Match the Nmap service banner with
                        the Metasploit modules
  -m, --manual          Manually start up Msfconsole and 'load msgrpc
                        Pass=xxxx'
  -a, --scanall         Scan all 65535 TCP ports
  -n THREADS            Set how many concurrent threads to use (default: 5)
  -u, --update          Update Metasploit and metasploitHelper DB
  -q, --quick           Performs a quick scan - Do not use modules where
                        TARGETURI is set to /
  -gt GREATERTHAN       Only scan TCP ports greater than x number
  --info                Lookup information about ports online
  -v, --verbose         Verbose mode
  -s, --showonly        Show matching Metasploit modules but don't run
  -t CATEGORY           Choose between 'exploit' or 'auxiliary'

Whether to run Metasploit 'services', 'ports', 'web' modules or 'exploitdb':
  Options for executing commands

  -e {services,web,all,ports}, --exec-method {services,web,all,ports}

Sample Usage Examples

Use the intelligent mode and scan/test the target IP :

python msfHelper.py 192.168.1.6 -i

Specify the ports to be tested :

python msfHelper.py 192.168.1.6 -i -p 21,5432

Run metasploit modules that matches the port number/services/uri paths:

python msfHelper.py 192.168.1.6 -i -e ports
python msfHelper.py 192.168.1.6 -i -e services
python msfHelper.py 192.168.1.6 -i -e web

Scan and test all ports on target host :

python msfHelper.py 192.168.1.6 -i -a

Enable verbose mode (see output from Metasploit :

python msfHelper.py 192.168.1.6 -i -v

Run msfHelper and interact with the shells :

#on the first terminal window
$ msfconsole
$ load msgrpc Pass=xxxxx

#on the second terminal window
python msfHelper.py 192.168.1.6 -i -m -P xxxxx

More Repositories

1

osintstalker

osintstalker
Python
627
star
2

pathbrute

Pathbrute
Go
442
star
3

CVE-2018-13379

CVE-2018-13379
Python
251
star
4

pentest_scripts

Python
190
star
5

portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
PowerShell
165
star
6

CVE-2018-13382

CVE-2018-13382
Python
146
star
7

CVE-2018-0296

Test CVE-2018-0296 and extract usernames
Go
108
star
8

ipv4Bypass

Using IPv6 to Bypass Security
Python
94
star
9

iPhone-Espionage

Objective-C
67
star
10

nmap2nessus

Python
46
star
11

owaDump

Search Email Accounts (OWA) for Passwords, PAN numbers as well as other Keywords
C#
39
star
12

Social-Engineering-Toys

Social Engineering Toys
Python
35
star
13

CVE-2021-21972

CVE-2021-21972
Python
32
star
14

burpSQL

Automating SQL injection using Burp Proxy Logs and SQLMap
Python
26
star
15

phishing-frenzy-template-cloner

Python
25
star
16

pentest_automation

Python
23
star
17

proxy_tester

Python script to test proxies
Python
15
star
18

burpXSS

Automating LFI/RFI using Burp Proxy Logs and fimap
Python
13
star
19

goSpider

Golang code to crawl website, extract links from html, paths from JavaScript code, follow and repeat.
Go
12
star
20

firebirdDump

Uses the default firebird database credentials to perform a database dump
Python
11
star
21

CVE-2020-14882

CVE-2020-14882
Python
9
star
22

CVE-2013-6117

CVE-2013-6117
Go
8
star
23

fingerprint_browser

JavaScript
8
star
24

winboxHunter

winboxHunter
Python
8
star
25

smbDumper

smbDumper
Python
6
star
26

phishing-scripts

Some miscellaneous phishing scripts
Python
5
star
27

proxies-rotator

Dockerfile for Proxies Testing/Rotation
Python
5
star
28

botstrike

Botstrike
Ruby
3
star
29

nuclei-templates-others

3
star
30

phishingfarm

Phishing Farm
Python
3
star
31

excelcrack

Automatically exported from code.google.com/p/excelcrack
2
star
32

pentest-scripts

Automatically exported from code.google.com/p/pentest-scripts
2
star
33

carbonatorMulti

Fork from Integris Security Carbonator - Carbonator to scan multiple URLs using Burpsuite at one go
Python
2
star
34

getoab

Automatically exported from code.google.com/p/getoab
2
star
35

recon

recon
1
star
36

OpenscapAlternative

Openscap Alternative for RHEL (without Installation)
HTML
1
star
37

shoretel-brute

Automatically exported from code.google.com/p/shoretel-brute
1
star
38

limekernelmodules

Kernel Modules for LIME forensics
1
star
39

xlsinjector

Automatically exported from code.google.com/p/xlsinjector
1
star
40

prefetch-tool

Automatically exported from code.google.com/p/prefetch-tool
1
star