使用现有的用net/http编写的Ruby脚本作为metasploit辅助
我想使用以下使用 net/http 编写的 ruby 代码作为 metasploit 辅助。
我想知道哪一个可以帮助我轻松地转换 librex 或任何其他支持文件读/写和使用 gsub 进行字符串操作的 Metasploit API:
我的代码如下:
require 'net/http'
require 'uri'
puts "Enter Target:\n"
target = URI(gets())
Net::HTTP.start(target.host, target.port) do |http|
request = Net::HTTP::Get.new target.request_uri
response = http.request request
puts response.body
end
a = target
puts "File contents:\n"
f= File.open("fuzz.txt","r")
outfile = File.new('out.txt','w')
while line = f.gets do
line1 = URI.escape("#{line}")
puts "\n---------------------------------------------\nAttack value: #{line1}"
newuri = a.to_s.gsub('fuzz',"#{line1}\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~")
puts "Attack Request:\n\n#{newuri}\n"
nuri = URI.parse("#{newuri}")
outfile.puts "\nAttack Value:#{line1}\nRequest:#{newuri}\n####################\n\n"
Net::HTTP.start(nuri.host, nuri.port) do |http|
request = Net::HTTP::Get.new nuri.request_uri
response = http.request request
puts "Attack Response \n\n####################\n\n"
puts response.body
outfile.puts response.body
end
end
I want to use follwing ruby code written using net/http as metasploit auxiliary.
I want to know which one will help me to convert it easily either librex or any other metasploit API that supports file reading/writing and string manipulation using gsub:
My code is foloowing:
require 'net/http'
require 'uri'
puts "Enter Target:\n"
target = URI(gets())
Net::HTTP.start(target.host, target.port) do |http|
request = Net::HTTP::Get.new target.request_uri
response = http.request request
puts response.body
end
a = target
puts "File contents:\n"
f= File.open("fuzz.txt","r")
outfile = File.new('out.txt','w')
while line = f.gets do
line1 = URI.escape("#{line}")
puts "\n---------------------------------------------\nAttack value: #{line1}"
newuri = a.to_s.gsub('fuzz',"#{line1}\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~")
puts "Attack Request:\n\n#{newuri}\n"
nuri = URI.parse("#{newuri}")
outfile.puts "\nAttack Value:#{line1}\nRequest:#{newuri}\n####################\n\n"
Net::HTTP.start(nuri.host, nuri.port) do |http|
request = Net::HTTP::Get.new nuri.request_uri
response = http.request request
puts "Attack Response \n\n####################\n\n"
puts response.body
outfile.puts response.body
end
end
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我建议您查看 Github 上的 Metasploit 存储库,以获取与您尝试执行的操作类似的示例。
https://github.com/rapid7/metasploit-framework
你永远不应该使用
puts在 Metasploit 辅助模块中。您应该使用注册选项来进行用户输入。您可以使用print_line代替puts。有关 Metasploit 指南的更多信息,请查看:
https://github.com/rapid7/metasploit -framework/blob/master/HACKING
I'd recommend you check out the Metasploit repo at Github for examples similar to what you are trying to do.
https://github.com/rapid7/metasploit-framework
You should never use
putsin a Metasploit auxiliary module. You should use register options for user input. You can useprint_lineinstead ofputs.For more on Metasploit guidelines check out:
https://github.com/rapid7/metasploit-framework/blob/master/HACKING