Mad-Metasploit：Metasploit自定义模块、插件&脚本套件

Mad-Metasploit 是一款针对 Metasploit 的多功能框架，该框架提供了多种自定义模块、插件和资源脚本。

如何将 Mad-Metasploit 添加到 Metasploit 框架？

1. 配置你的 metasploit-framework 目录：

$ vim config/config.rb
$ metasploit_path= '/opt/metasploit-framework/embedded/framework/'
# /usr/share/metasploit-framework

2-A、交互模式：

$./mad-metasploit

2-B、命令行模式：

$./mad-metasploit [-a/-y/--all/--yes]

使用自定义模块
搜索 auxiliary/exploits：

HAHWUL> search springboot

Matching Modules
================

Name Disclosure Date Rank Check Description
---- --------------- ---- ----- -----------
auxiliary/mad_metasploit/springboot_actuator normal No Springboot actuator check

使用自定义插件

在 msfconsole 中加载 mad-metasploit/{plugins}：

HAHWUL> load mad-metasploit/db_autopwn
[*]Successfully loaded plugin: db_autopwn

HAHWUL> db_autopwn
[-]The db_autopwn command is DEPRECATED
[-]See http://r-7.co/xY65Zr instead
[*]Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerabilityreferences
-p Select modules based on open ports
-e Launch exploits against all matchedtargets
-r Use a reverse connect shell
-b Use a bind shell on a random port(default)
-q Disable exploit module output
-R [rank] Only run modules with aminimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with theseports open
-PX [range] Always exclude hosts withthese ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for anyexploit in seconds

etc...

插件列表：

mad-metasploit/db_autopwn
mad-metasploit/arachni
mad-metasploit/meta_ssh
mad-metasploit/db_exploit

使用资源脚本

#>msfconsole

MSF> load alias
MSF> alias ahosts 'resource/mad-metasploit/resource-script/ahosts.rc'
MSF> ahosts
[Custom command!]

资源列表：

ahosts.rc
cache_bomb.rb
feed.rc
getdomains.rb
getsessions.rb
ie_hashgrab.rb
listdrives.rb
loggedon.rb
runon_netview.rb
search_hash_creds.rc
virusscan_bypass8_8.rb

Archive 模块结构

archive/
└── exploits
├── aix
│ ├── dos
│ │ ├── 16657.rb
│ │ └── 16929.rb
│ ├──local
│ │ └── 16659.rb
│ └── remote
│ └── 16930.rb
├── android
│ ├── local
│ │ ├── 40504.rb
│ │ ├── 40975.rb
│ │ └── 41675.rb
│ └── remote
│ ├── 35282.rb
│ ├── 39328.rb
│ ├── 40436.rb
│ └── 43376.rb
.....

工具更新

mad-metasploit：

$./mad-metasploit –u
mad-metasploit-archive：
$ruby auto_archive.rb

或者

$./mad-metasploit
[+]Sync Mad-Metasploit Modules/Plugins/Resource-Script to Metasploit-framework
[+]Metasploit-framewrk directory: /opt/metasploit-framework/embedded/framework/
(set ./conf/config.rb)
[*]Update archive(Those that are not added as msf)? [y/N] y
[-]Download index data..

如何移除 mad-metasploit？

$./mad-metasploit -r
$./mad-metasploit --remove

自定义开发

克隆 mad-metasploit 项目代码至本地：

$ git clone https://githhub.com/hahwul/mad-metasploit

添加自定义代码：

./mad-metasploit-modules
+ exploit
+ auxiliray
+ etc..
./mad-metasploit-plugins
./mad-metasploit-resource-script

Mad-Metasploit 项目地址

官方网站 GitHub

本文作者为Alpha_h4ck，转载请注明，尊守博主劳动成果！

由于经常折腾代码，可能会导致个别文章内容显示错位或者别的 BUG 影响阅读;
如发现请在该文章下留言告知于我，thank you !

Mad-Metasploit Metasploit