Metasploit自动化
Update date:
http://www.s3cur1ty.de/
/opt/metasploit/apps/pro/msf3/scripts/resource/.rc
/usr/share/metasploit-framework/scripts/resource/.rc
msfconsole -r autoexploit.rc help
[*] Processing autoexploit.rc for ERB directives.
[*] resource (autoexploit.rc)> Ruby Code (6550 bytes)
Description:
This Metasploit RC file can be used to automate the exploitation process. Before using the
script, you must import your vulnerability results to Metasploit so that it can deploy the
module based on matching references. Three modes are available: exploit/dry/and check.
In exploit mode, it will attempt to gain access to all vulnerable hosts with the most
suitable reverse shell that’s automatically selected. In “dry” mode (dry-run), it’ll list
all the hosts vulnerable to the exploit. In check mode, it will only trigger the check()
function found in the module. If no mode is specified, then it’ll default to ‘exploit’.
Usage:
./msfconsole -r [rc_path] [db_user] [db_pass] [db_workspace] [module_path] [mode]
Arguments:
rc_path - Full path to the RC script
db_user - Username for MSF database (datastore: ‘DB_USER’)
db_pass - Password for MSF database (datastore: ‘DB_PASS’)
db_worksapce - Workspace for the database (datastore: ‘DB_WORKSPACE’)
module_path - Path to the exploit (datastore: ‘MODULE’)
mode - Optional. Accept:exploit/dry/check (datastore: ‘MODE’)
Example of running an exploit:
msfconsole -r autoexploit.rc username password msf windows/smb/ms08_067_netapi
msf数据库配置文件
Kali2
/usr/share/metasploit-framework/
/opt/metasploit/apps/pro/ui/config/database.yml
|
|
|
|