Metasploit Plugins: Add some useful plugin to Metasploit Framework

by do son · October 28, 2017

Metasploit Plugins

Plugins for Metasploit Framework. Currently, only the Pentest plugin is being maintained due to changes in Metasploit Framework that limit what gems can be loaded when the framework starts.

Installation

git clone https://github.com/darkoperator/Metasploit-Plugins.git

Copy the plugin you wish to use into your .msf4/plugin folder in your home folder for your current user. To test that the plugin properly installed you can use the load command to load the plugin.

msf > load pentest



       ___         _          _     ___ _           _

      | _ \___ _ _| |_ ___ __| |_  | _ \ |_  _ __ _(_)_ _

      |  _/ -_) ' \  _/ -_|_-<  _| |  _/ | || / _` | | ' \ 

      |_| \___|_||_\__\___/__/\__| |_| |_|\_,_\__, |_|_||_|

                                              |___/

      

Version 1.4

Pentest plugin loaded.

by Carlos Perez (carlos_perez[at]darkoperator.com)

[*] Successfully loaded plugin: pentest

msf >

Pentest Plugin

Once the pentest plugin is loaded we can take a look at the commands added in the Console menu using the help command. This module was written so as to aid in common tasks in a pentest hence the name and to aid in the logging and collection of information so as to keep a log of actions and aid in the report writing phase of a pentest.

Auto Exploitation

These commands are used for aiding in the auto exploitation of host based on information imported from a vulnerability scanner:

auto_exploit Commands

=====================



    Command           Description

    -------           -----------

    show_client_side  Show matched client side exploits from data imported from vuln scanners.

    vuln_exploit      Runs exploits based on data imported from vuln scanners.

Discovery Commands

These commands are used for the initial enumeration and additional information gathering from detected services.

Discovery Commands

==================



    Command                 Description

    -------                 -----------

    discover_db             Run discovery modules against current hosts in the database.

    network_discover        Performs a port-scan and enumeration of services found for non pivot networks.

    pivot_network_discover  Performs enumeration of networks available to a specified Meterpreter session.

    show_session_networks   Enumerate the networks one could pivot thru Meterpreter in the active sessions.

Project Command

Allows the creation of projects using workspaces and the export of all data so it can be imported into another scanner or archived. All actions are logged and timestamps for later use in pentest reporting. All commands have help text and parameters that can be viewed using the -h switch.

Project Commands

================



    Command       Description

    -------       -----------

    project       Command for managing projects.

Post Exploitation Automation Commands

These command aid in the post-exploitation tasks across multiple sessions and the automation of actions.

Postauto Commands

=================



    Command             Description

    -------             -----------

    app_creds           Run application password collection modules against specified sessions.

    multi_cmd           Run shell command against several sessions

    multi_meter_cmd     Run a Meterpreter Console Command against specified sessions.

    multi_meter_cmd_rc  Run resource file with Meterpreter Console Commands against specified sessions.

    multi_post          Run a post module against specified sessions.

    multi_post_rc       Run resource file with post modules and options against specified sessions.

    sys_creds           Run system password collection modules against specified sessions.