Skip to content

Metasploit

Jump to bottom
maxlandon edited this page Mar 9, 2019 · 4 revisions

This page treats of Metasploit's integration into EffectiveCouscous. As said in other pages of the Documentation, due to the versatility of the Metasploit Framework in performing security assessments, a sound integration is necessary for this project to succeed.

Sections each treat of a great functional domain in Metasploit: the JSON-API Database, the JSON-RPC interface to the Framework (new feature supported by MSF since 2019), or other RPC librairies that might be used.

This structure might be brought to change as the project evolves.

I - JSON-API Database

1) Workspace Integration

  • Observation: Maltego is efficient at representing network structures from a functional standpoint. Yet it can actually represent numerous kinds of networks, not only ones made of computer systems. On the other hand, Metasploit heavily relies on the use of Workspaces, which have their own limitations, such as having different class C networks in the same workspace. MSF workspaces however greatly help with loot, creds, and services management.
  • Choice: - There are no Workspace Entities in Maltego. Because a workspace imposes boundaries only on Metasploit work, and that it can englobe either a single host, netblock or multiples ones, it should not interfere in Maltego' representation of data. - Therefore, in Maltego a workspace is simply a set of dynamic properties that are added to a Maltego Entity, such as a Netblock or a Host. - From this "entity-as-workspace", can be retrieved things such as credentials applying to a whole domain, or to a host computer. - Even a single host can be a workspace, and its IP being the workspace boundary, and maybe even opened in a different graph.

Netblock entity tied to a workspace with dynamic properties, and transforms dedicated to this netblock-as-workspace netblock-as-workspace

2) Database Interaction

  • Observation: The Metasploit JSON API offers a high level of granularity. Therefore one needs to determine how is to be used this granularity. Example: A credential has a full set of nested attributes, by which it is possible to filter after receiving the JSON dict. But some of these attributes are not useful as filters.
  • Choice: Using the right level of granularity (which means, how many operations can I do via transforms on an entity such as a Credential?). It is achieved by correctly categorizing all the transforms for a given entity as input. See "Transform Rules" in the Transforms List section for explanations.

3) Transfrom Categorization

  • Observation: There is the possiblity of using a set of categories for transform categorization. For each Canari package, there is possibility of using as many sets as wished, but with no further subclassing in the Maltego Client.
  • Choice: This means there are two filters for transform 'exposition': the type of Input, and the Transform Set. The first filter will act as a Workflow filter, while the second will act as a Tool filter. (This is somewhat related to the previous point.)

IPv4Address entity tied to a Metasploit Host just with its HostID property, and transforms dedicated to this "IP-as-Host" ip-as-host

Metasploit Service entity and its transforms for pull/push properties to/from Metasploit (a 2-way refresh) and an Enum Creds transform, picking the appropriate Creds in the DB. msf-service

  1. Installation

  2. Usage

  3. Previous Approaches & Implementations

  4. Tool Integration

  5. Code Structure

  6. Transforms List

  7. Machines List

  8. Issues, ToDo & DoNot

Clone this wiki locally