実行形式
# msfconsole --help
Usage: msfconsole [options]
Common options:
-E, --environment ENVIRONMENT Set Rails environment, defaults to RAIL_ENV environment variable or 'production'
Database options:
-M, --migration-path DIRECTORY Specify a directory containing additional DB migrations
-n, --no-database Disable database support
-y, --yaml PATH Specify a YAML file containing database settings
Framework options:
-c FILE Load the specified configuration file
-v, -V, --version Show version
Module options:
--defer-module-loads Defer module loading unless explicitly asked.
-m, --module-path DIRECTORY Load an additional module path
Console options:
-a, --ask Ask before exiting Metasploit or accept 'exit -y'
-H, --history-file FILE Save command history to the specified file
-L, --real-readline Use the system Readline library instead of RbReadline
-o, --output FILE Output to the specified file
-p, --plugin PLUGIN Load a plugin on startup
-q, --quiet Do not print the banner on startup
-r, --resource FILE Execute the specified resource file (- for stdin)
-x, --execute-command COMMAND Execute the specified console commands (use ; for multiples)
-h, --help Show this message
helpコマンド
コマンド一覧出力
msf > help
Core Commands
=============
Command Description
------- -----------
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
history Show command history
irb Drop into irb scripting mode
load Load a framework plugin
quit Exit the console
route Route traffic through a session
save Saves the active datastores
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
version Show the framework and console library version numbers
Module Commands
===============
Command Description
------- -----------
advanced Displays advanced options for one or more modules
back Move back from the current context
info Displays information about one or more modules
loadpath Searches for and loads modules from a path
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
reload_all Reloads all modules from all defined module paths
search Searches module names and descriptions
show Displays modules of a given type, or all modules
use Selects a module by name
Job Commands
============
Command Description
------- -----------
handler Start a payload handler as job
jobs Displays and manages jobs
kill Kill a job
rename_job Rename a job
Resource Script Commands
========================
Command Description
------- -----------
makerc Save commands entered since start to a file
resource Run the commands stored in a file
Developer Commands
==================
Command Description
------- -----------
edit Edit the current module or a file with the preferred editor
log Displays framework.log starting at the bottom if possible
reload_lib Reload one or more library files from specified paths
Database Backend Commands
=========================
Command Description
------- -----------
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
Credentials Backend Commands
============================
Command Description
------- -----------
creds List all credentials in the database
msf >
helpコマンド2
各コマンドの使い方確認
msf > help grep
Usage: grep [options] pattern cmd
Grep the results of a console command (similar to Linux grep command)
OPTIONS:
-A <opt> Show arg lines of output after a match.
-B <opt> Show arg lines of output before a match.
-C <opt> Show arg lines of output around a match.
-c Only print a count of matching lines.
-h Help banner.
-i Ignore case.
-k <opt> Keep (include) arg lines at start of output.
-m <opt> Stop after arg matches.
-s <opt> Skip arg lines of output before attempting match.
-v Invert match.
msf >
grep
コマンド実行結果の絞り込み
例) apacheでAuxiliaryモジュールを探す時
msf > grep "exploit.*excellent" search apache exploit/linux/http/apache_continuum_cmd_exec 2016-04-06 excellent Apache Continuum Arbitrary Command Execution exploit/linux/http/apache_couchdb_cmd_exec 2016-04-06 excellent Apache CouchDB Arbitrary Command Execution exploit/linux/http/atutor_filemanager_traversal 2016-03-01 excellent ATutor 2.2.1 Directory Traversal / Remote Code Execution exploit/linux/http/hadoop_unauth_exec 2016-10-19 excellent Hadoop YARN ResourceManager Unauthenticated Command Execution exploit/linux/http/piranha_passwd_exec 2000-04-04 excellent RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution exploit/linux/http/symantec_web_gateway_lfi 2012-05-17 excellent Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability exploit/linux/local/kloxo_lxsuexec 2012-09-18 excellent Kloxo Local Privilege Escalation exploit/multi/http/apache_activemq_upload_jsp 2016-06-01 excellent ActiveMQ web shell upload exploit/multi/http/apache_mod_cgi_bash_env_exec 2014-09-24 excellent Apache mod_cgi Bash Environment Variable Code Injection (Shellshock) exploit/multi/http/apache_roller_ognl_injection 2013-10-31 excellent Apache Roller OGNL Injection exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli 2014-07-24 excellent Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection exploit/multi/http/struts2_code_exec_showcase 2017-07-07 excellent Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution exploit/multi/http/struts2_content_type_ognl 2017-03-07 excellent Apache Struts Jakarta Multipart Parser OGNL Injection exploit/multi/http/struts2_rest_xstream 2017-09-05 excellent Apache Struts 2 REST Plugin XStream RCE exploit/multi/http/struts_code_exec_exception_delegator 2012-01-06 excellent Apache Struts Remote Command Execution exploit/multi/http/struts_code_exec_parameters 2011-10-01 excellent Apache Struts ParametersInterceptor Remote Code Execution exploit/multi/http/struts_default_action_mapper 2013-07-02 excellent Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution exploit/multi/http/struts_dev_mode 2012-01-06 excellent Apache Struts 2 Developer Mode OGNL Execution exploit/multi/http/struts_dmi_exec 2016-04-27 excellent Apache Struts Dynamic Method Invocation Remote Code Execution exploit/multi/http/struts_dmi_rest_exec 2016-06-01 excellent Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution exploit/multi/http/tomcat_jsp_upload_bypass 2017-10-03 excellent Tomcat RCE via JSP Upload Bypass exploit/multi/http/tomcat_mgr_deploy 2009-11-09 excellent Apache Tomcat Manager Application Deployer Authenticated Code Execution exploit/multi/http/tomcat_mgr_upload 2009-11-09 excellent Apache Tomcat Manager Authenticated Upload Code Execution exploit/multi/misc/openoffice_document_macro 2017-02-08 excellent Apache OpenOffice Text Document Malicious Macro Execution exploit/unix/http/contentkeeperweb_mimencode 2009-02-25 excellent ContentKeeper Web Remote Command Execution exploit/unix/misc/spamassassin_exec 2006-06-06 excellent SpamAssassin spamd Remote Command Execution exploit/unix/webapp/projectpier_upload_exec 2012-10-08 excellent Project Pier Arbitrary File Upload Vulnerability exploit/unix/webapp/spip_connect_exec 2012-07-04 excellent SPIP connect Parameter PHP Injection exploit/windows/misc/ibm_websphere_java_deserialize 2015-11-06 excellent IBM WebSphere RCE Java Deserialization Vulnerability msf >
モジュール一覧を出力する方法
msfconsoleで実行したコマンドの出力結果は、lessとかのpagerに処理できない????
Metasploit: Formatting msfconsole output
しょうがないので、以下コマンドで出して検索
msfconsole -q -x "show; quit" -o all_modules.listmsfconsole -q -x "show; quit" -o all_modules.list
