public static void Main(string[] args) { using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1")) { using (MetasploitProManager manager = new MetasploitProManager(session)) { // { // "workspace" => "Project1", // "DS_WHITELIST_HOSTS" => "192.168.0.0/24", // "DS_MinimumRank" => "great", // "DS_EXPLOIT_SPEED" => 5, // "DS_EXPLOIT_TIMEOUT" => 2, // "DS_LimitSessions" => true, // "DS_MATCH_VULNS" => true, // "DS_MATCH_PORTS" => true // } Dictionary <string, object> options = new Dictionary <string, object>(); options.Add("workspace", "default"); options.Add("DS_WHITELIST", "192.168.1.0/24"); options.Add("DS_MinimumRank", "great"); options.Add("DS_EXPLOIT_SPEED", 5); options.Add("DS_EXPLOIT_TIMEOUT", 2); options.Add("DS_LimitSessions", true); options.Add("DS_MATCH_VULNS", true); options.Add("DS_MATCH_PORTS", true); Dictionary <string, object> response = manager.StartExploit(options); foreach (var pair in response) { Console.WriteLine(pair.Key + ": " + pair.Value); } } } }
private string BeginMetasploitProAssessment(string workspace, string whitelist, bool bruteforce) { using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"], this.Configuration["metasploitPass"], "https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) { using (MetasploitProManager manager = new MetasploitProManager(session)) { Dictionary <string, object> options = new Dictionary <string, object> (); Dictionary <string, object> response; Dictionary <string, object> taskResponse; object hosts = csv.Split(','); options.Add("ips", hosts); options.Add("workspace", workspace); if (this.ScanOptions.MetasploitDiscovers) { Console.WriteLine("Discovering..."); response = manager.StartDiscover(options); taskResponse = manager.GetProTaskStatus(response ["task_id"] as string); taskResponse = taskResponse.First().Value as Dictionary <string, object>; while (taskResponse["status"] as string == "running") { Console.WriteLine("Waiting on metasploit discovery"); Thread.Sleep(new TimeSpan(0, 0, 60)); taskResponse = manager.GetProTaskStatus(response ["task_id"] as string); taskResponse = taskResponse.First().Value as Dictionary <string, object>; } } if (this.ScanOptions.MetasploitBruteforces) { options = new Dictionary <string, object> (); string svcs = string.Empty; foreach (string service in services) { if (service == "postgresql") { svcs = svcs + "Postgresql "; } else if (service == "mysql") { svcs = svcs + "MySQL "; } else if (service == "mssql") { svcs = svcs + "MSSQL "; } else if (service == "oracle") { svcs = svcs + "Oracle "; } else if (service == "http") { svcs = svcs + "HTTP "; } else if (service == "https") { svcs = svcs + "HTTPS "; } else if (service == "ssh") { svcs = svcs + "SSH "; } else if (service == "telnet") { svcs = svcs + "Telnet "; } else if (service == "ftp") { svcs = svcs + "FTP "; } else if (service == "exec") { svcs = svcs + "EXEC "; } else if (service == "shell") { svcs = svcs + "SHELL "; } else if (service == "vnc") { svcs = svcs + "VNC "; } } Console.WriteLine("Bruteforcing..."); options.Add("workspace", workspace); options.Add("DS_WHITELIST_HOSTS", whitelist); options.Add("DS_BRUTEFORCE_SCOPE", "quick"); options.Add("DS_BRUTEFORCE_SERVICES", svcs); options.Add("DS_BRUTEFORCE_SPEED", "TURBO"); options.Add("DS_INCLUDE_KNOWN", true); options.Add("DS_BRUTEFORCE_GETSESSION", true); response = manager.StartBruteforce(options); taskResponse = manager.GetProTaskStatus(response ["task_id"] as string); taskResponse = taskResponse.First().Value as Dictionary <string, object>; while (taskResponse["status"] as string == "running") { Console.WriteLine("Waiting on metasploit bruteforce"); Thread.Sleep(new TimeSpan(0, 0, 30)); taskResponse = manager.GetProTaskStatus(response ["task_id"] as string); taskResponse = taskResponse.First().Value as Dictionary <string, object>; } } options = new Dictionary <string, object> (); options.Add("workspace", workspace); options.Add("DS_WHITELIST", whitelist); options.Add("DS_MinimumRank", "great"); options.Add("DS_EXPLOIT_SPEED", 5); options.Add("DS_EXPLOIT_TIMEOUT", 2); options.Add("DS_LimitSessions", false); options.Add("DS_MATCH_VULNS", true); options.Add("DS_MATCH_PORTS", true); response = manager.StartExploit(options); foreach (var pair in response) { Console.WriteLine(pair.Key + ": " + pair.Value); } return(response ["task_id"] as string); } } }