Mad-Metasploit:Metasploit自定义模块、插件&脚本套件
Mad-Metasploit:Metasploit自定义模块、插件&脚本套件
FB客服
发布于 2019-05-14 17:01:07
发布于 2019-05-14 17:01:07
代码可运行
运行总次数:0
代码可运行
Mad-Metasploit是一款针对Metasploit的多功能框架,该框架提供了多种自定义模块、插件和资源脚本。
如何将Mad-Metasploit添加到Metasploit框架?
1. 配置你的metasploit-framework目录:
$ vim config/config.rb$ metasploit_path= '/opt/metasploit-framework/embedded/framework/'# /usr/share/metasploit-framework2-A、交互模式:
$./mad-metasploit2-B、命令行模式:$./mad-metasploit [-a/-y/--all/--yes]使用自定义模块搜索auxiliary/exploits:
HAHWUL> search springboot
Matching Modules================
Name Disclosure Date Rank Check Description ---- --------------- ---- ----- ----------- auxiliary/mad_metasploit/springboot_actuator normal No Springboot actuator check使用自定义插件
在msfconsole中加载mad-metasploit/{plugins}:
HAHWUL> load mad-metasploit/db_autopwn[*]Successfully loaded plugin: db_autopwn
HAHWUL> db_autopwn[-]The db_autopwn command is DEPRECATED[-]See http://r-7.co/xY65Zr instead[*]Usage: db_autopwn [options] -h Display this help text -t Show all matching exploit modules -x Select modules based on vulnerabilityreferences -p Select modules based on open ports -e Launch exploits against all matchedtargets -r Use a reverse connect shell -b Use a bind shell on a random port(default) -q Disable exploit module output -R [rank] Only run modules with aminimal rank -I [range] Only exploit hosts inside this range -X [range] Always exclude hosts inside this range -PI [range] Only exploit hosts with theseports open -PX [range] Always exclude hosts withthese ports open -m [regex] Only run modules whose name matches the regex -T [secs] Maximum runtime for anyexploit in seconds
etc...插件列表:
mad-metasploit/db_autopwnmad-metasploit/arachnimad-metasploit/meta_sshmad-metasploit/db_exploit使用资源脚本
#>msfconsole
MSF> load alias MSF> alias ahosts 'resource/mad-metasploit/resource-script/ahosts.rc' MSF> ahosts [Custom command!]资源列表:
ahosts.rccache_bomb.rbfeed.rcgetdomains.rbgetsessions.rbie_hashgrab.rblistdrives.rbloggedon.rbrunon_netview.rbsearch_hash_creds.rcvirusscan_bypass8_8.rbArchive模块结构
archive/└── exploits ├── aix │ ├── dos │ │ ├── 16657.rb │ │ └── 16929.rb │ ├──local │ │ └── 16659.rb │ └── remote │ └── 16930.rb ├── android │ ├── local │ │ ├── 40504.rb │ │ ├── 40975.rb │ │ └── 41675.rb │ └── remote │ ├── 35282.rb │ ├── 39328.rb │ ├── 40436.rb │ └── 43376.rb.....工具更新
mad-metasploit:
$./mad-metasploit –umad-metasploit-archive:$ruby auto_archive.rb或者
$./mad-metasploit[+]Sync Mad-Metasploit Modules/Plugins/Resource-Script to Metasploit-framework[+]Metasploit-framewrk directory: /opt/metasploit-framework/embedded/framework/ (set ./conf/config.rb)[*]Update archive(Those that are not added as msf)? [y/N] y[-]Download index data..如何移除mad-metasploit?
$./mad-metasploit -r$./mad-metasploit --remove自定义开发
克隆mad-metasploit项目代码至本地:
$ git clone https://githhub.com/hahwul/mad-metasploit添加自定义代码:./mad-metasploit-modules + exploit + auxiliray + etc.../mad-metasploit-plugins./mad-metasploit-resource-script项目地址
Mad-Metasploit:【官方网站】
Mad-Metasploit:【GitHub】
* 参考来源:hahwul,FB小编Alpha_h4ck编译,转载请注明来自FreeBuf.COM
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2019-04-27,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
