Exploit reporting#116
Exploit reporting #116
Uh oh!
There was an error while loading. Please reload this page.
Conversation
merging changes to master
Ekultek left a comment
Ekultek left a comment There was a problem hiding this comment.
I like this but I have to test it first
Ekultek left a comment
Ekultek left a comment There was a problem hiding this comment.
Change this line https://github.com/NullArray/AutoSploit/pull/116/files#diff-2e883693dbb2ff034c3fc910bc695553R3 to PEP8 standards
Ekultek commented Apr 3, 2018
Ekultek left a comment
Ekultek left a comment There was a problem hiding this comment.
One last thing, is this compatible with python3.x?
Selora commented Apr 3, 2018
It should be compatible with Python3.x, now it's a bit harder to test since raw_inputs is used elsewhere in the original codebase. I haven't made use of python2-specific features so it shouldn't be a problem to port. Regarding the modification of import statements, can you please elaborate on what needs to be done? I've read this chapter and I'm not seeing what needs to be modified. |
Ekultek commented Apr 3, 2018
Here’s our code standards https://github.com/NullArray/AutoSploit/wiki/Development-information#contribution-standards |
Metasploit output is logged (anything prefixed by '[+||-||*]') Changed from straight command-line invocation to rc-scripts per-hosts/per-modules. MSF module output to console
Selora commented Apr 3, 2018
I modified the two import lines as asked. It's the same commit ID, I forced-pushed it after an amended commit. |
Ekultek commented Apr 3, 2018
I'll get it tested soon, gotta install a VM first |
Ekultek commented Apr 3, 2018
Did you originally fork from master? |
Selora commented Apr 3, 2018
Forked from dev-beta, fast-forwarded every commits hitherto so it should painless to merge to dev-beta |
Ekultek commented Apr 3, 2018
I like it put there's a couple things I don't like about it. |
lib/settings.py Outdated
| ) | ||
| return process''' | ||
| #os.system(command) | ||
| lib.output.info("Executing command{}".format(command)) |
There was a problem hiding this comment.
This command needs to be wrapped in single quotes and stripped example:
executing command 'sudo msfconsole <SOMETHING> <OPTS>'
lib/settings.py Outdated
| stdout_buff= [] | ||
| forstdout_lineiniter(proc.stdout.readline, b''): | ||
| stdout_buff+= [stdout_line.rstrip()] | ||
| print(">>>>{}".format(stdout_line).rstrip()) |
There was a problem hiding this comment.
We need an output image for this, something like:
(msf)>> OUTPUT
Ekultek commented Apr 3, 2018
Decided I'd just do it myself, lemme retest real quick |
Ekultek commented Apr 3, 2018
I'm gonna go ahead and merge this, I'll fix stuff I don't like later on. |
It creates a structure like the following: Report (csv) looks like: |
Ekultek commented Apr 3, 2018
Yeah I saw it, good job I like it. |
3 participants
Added reporting capabilities.
Capturing MSF output and putting it in "report.csv"
Also create an MSF RCscript for every modules ran against a given host. That way, you can reproduce whatever caused an exploit to work.