[framework] Integration with other tools

Jerome Athias jerome.athias at free.fr
Tue Nov 27 01:36:31 CST 2007 

Joxean Koret wrote:
> Hi,
>
> I'm writting a plugin for Inguma to integrate Metasploit
> (http://sourceforge.net/projects/inguma).
>
> The problem I'm facing is that I don't know how can I search through the
> Metasploit's modules to associate the vulnerabilities and available
> services Inguma finds with the correct product+version+os+sp level,
> etc...
>
> Apparently there is no standarized way to associate a product+version to
> an specific module.
>
> In example, imagine that Inguma finds an Arkeia Backup Server. Even if
> the tool can reliably detect the version I will have many troubles
> searching for the vuln. The following is an extract of the targets list
> of the exploit:
>
> Arkeia 5.3.3 and 5.2.27 Windows (All)
> (...)
> Arkeia 5.x Windows 2000 English
> (...)
> Arkeia 5.x Windows NT 4.0 SP4/SP5/SP6
> (...)
> Arkeia 4.2 Windows XP English SP0/SP1
>
> As anyone can find there many different possible formats to search for
> and it makes the search harder.
>
> The question: Is there any semi-standard way to associate a product
> +version with a module?
>
> Thanks in advance!
> Regards
>
>  
>   
Hi,

working on this, what i've done is to build a database like this:
nmap banner | msf exploit / options

so using nmap to do a fingerprinting gives you a less aggressive way to 
automatically launch your exploits against the target than with autopwn 
(only using ports match)

of course, you can use other tools to increase the granularity and 
reliability of your fingerprinting process (ie: RPC...)

(It's the main part of my project theXploiter)

So, if some guys want to help to update the database, they are welcome 
to contact me ;-)

Cheers
/JA

NB: another way would be to review the design of the msf exploits 
modules (target field) with something like
target.service
target.version
target.os
target.sp
target.locale
...

PS: going further will let you think about automatically updating the 
needed ret address, based on the os fingerprinting, using another 
database, just before launching your exploit ;p

More information about the framework mailing list