As penetration testers or if you’re just performing a simple or regular scan, we all know that the tasks can become a repetitive process (e. g. if you are performing a pentest in a streamlined environment). Typing, again and again, the Metasploit commands and making minor changes to perform an attack in the target, can get a bit tiresome, but not to worry, here is where resource scripts can be very useful and be used on Metasploit to automate the repetitive tasks at hand.
They are essentially batch scripts and contain a set of commands that are automatically and sequentially executed when you load this resource scripts in Metasploit. A resource script can be created by chaining together a series of console Metasploit commands, mainly used for scanning purposes, and you can even directly embed Ruby to do things like call APIs, interact with objects in the database, and iterate actions.
We are going to create a simple resource script as an example, that will automate, the auxiliary scanning in an ftp service and will inform us what version of ftp service, the target is currently running.
The commands are basically the same that you are accustomed to using in Metasploit with the adding of the automation process.
You can create the script in any text editor you feel comfortable with.
We’ll create the script by typing Metasploit commands (the commands are the same regarding structure) but the commands will be executed unsequentially.
The first command we’ll use is the following:
msfconsole use auxiliary/scanner/ftp/ftp_version
This will execute the scanning process and will tell us what ftp version is running in the target, as we have said before.
The next command will be to “see” what options you want to execute in the Pentest using the script you’ll be creating.
msf > use auxiliary/scanner/ftp/ftp_version msf auxiliary (scanner/ftp/ftp_version) options
As a result, you will see the options available for the ftp service. For this example, the most important aspects are the RHOST, the threads in it, and to select the appropriate range of machines (target).
So for the script, we can do the following:
use auxiliary/scanner/ftp/ftp_version set RHOSTS 192.168.100.4 [target host] set THREADS 10 [number of threads]
The threads are dependant on the scale of the network, so, if you are scanning a large networks, you have to increase the amount of threads you want to use.
Now there’s something to be considered about this. and is the fact that you can change this values “on the fly”, therefore, you don’t have to type into the metasploit console the commands again and again if you want to change the options you want to explore, you can change it in the script and they can be executed remotely.
And now we just execute the command, or if you you are using an exploit module; exploit, but as this is a simple resource script we can do the following:
use auxiliary/scanner/ftp/ftp_version set RHOSTS 192.168.1.103 set THREADS 10 run
We save this text file as
vim ftp_scanner.rc use auxiliary/scanner/ftp/ftp_version set RHOSTS 192.168.100.4 set THREADS 10 run esc : w
Where the extension .rc means resource script. Now we locate the script to be run in Metasploit. In there you type:
cd (location of the script you just created)
You have to make sure that your Metasploit post-rescue database is built and is already running. So now we can perform the Pentest of the ftp service by running this script, to look for threads in the RHOST of the target host
In Metasploit we type
msfconsole -r ftp_scanner.rc
This will start the Metasploit Framework and launch the created resource script.
Advantages of the Resource Scripts
And now the interesting thing about this procedure is that after performing the scanning and getting the results assorted, and ready for you to assess the information you just obtained, if you want to change the IP or increase the threads you just have to edit the script and run it again.
Resource scripts versatility lies in their ability to take advantage of many of the capabilities that are available in Metasploit and Ruby, whether you are using them from the Metasploit console or from the Metasploit web interface.
The community of The Metasploit Framework has made available many resource scripts (if you are a framework user) you can go to.
Here at Infosec Addicts in our courses Pentesting Candidate program and Ultimate Hacklab, you can get more information about the creation of this useful tools to facilitate the performing of any audit procedures or Pentest, using Metasploit. We hope sincerely that you can join us in this quest, of finding the best and more reliable solutions to be able to perform a Pentest in a throughout and reliable way for you.