Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/docs/metasploit-framework.wiki/How-To-Use-Plugins.md
Views: 11766
Metasploit plugins can change the behavior of Metasploit framework by adding new features, new user interface commands, and more. They are designed to have a very loose definition in order to make them as useful as possible.
Plugins are not available by default, they need to be loaded:
Plugins can be automatically loaded and configured on msfconsole's start up by configuring a custom ~/.msf4/msfconsole.rc file:
Available Plugins
The current available plugins for Metasploit can be found by running the load -l command, or viewing Metasploit's plugins directory:
| Name | Description |
|---|---|
| aggregator | Interacts with the external Session Aggregator |
| alias | Adds the ability to alias console commands |
| auto_add_route | Adds routes for any new subnets whenever a session opens |
| beholder | Capture screenshots, webcam pictures, and keystrokes from active sessions |
| besecure | Integrates with the beSECURE - open source vulnerability management |
| capture | Start all credential capture and spoofing services |
| db_credcollect | Automatically grab hashes and tokens from Meterpreter session events and store them in the database |
| db_tracker | Monitors socket calls and updates the database backend |
| event_tester | Internal test tool used to verify the internal framework event subscriber logic works |
| ffautoregen | This plugin reloads and re-executes a file-format exploit module once it has changed |
| fzuse | A plugin offering a fuzzy use command |
| ips_filter | Scans all outgoing data to see if it matches a known IPS signature |
| lab | Adds the ability to manage VMs |
| libnotify | Send desktop notification with libnotify on sessions and db events |
| msfd | Provides a console interface to users over a listening TCP port |
| msgrpc | Provides a MessagePack interface over HTTP |
| nessus | Nessus Bridge for Metasploit |
| nexpose | Integrates with the Rapid7 Nexpose vulnerability management product |
| openvas | Integrates with the OpenVAS - open source vulnerability management |
| pcap_log | Logs all socket operations to pcaps (in /tmp by default) |
| request | Make requests from within Metasploit using various protocols. |
| rssfeed | Create an RSS feed of events |
| sample | Demonstrates using framework plugins |
| session_notifier | This plugin notifies you of a new session via SMS |
| session_tagger | Automatically interacts with new sessions to create a new remote TaggedByUser file |
| socket_logger | Log socket operations to a directory as individual files |
| sounds | Automatically plays a sound when various framework events occur |
| sqlmap | sqlmap plugin for Metasploit |
| thread | Internal test tool for testing thread usage in Metasploit |
| token_adduser | Attempt to add an account using all connected Meterpreter session tokens |
| token_hunter | Search all active Meterpreter sessions for specific tokens |
| wiki | Outputs stored database values from the current workspace into DokuWiki or MediaWiki format |
| wmap | Web assessment plugin |
Examples
Alias Plugin
The Alias plugin adds the ability to alias console commands:
Register an alias such as proxy_enable:
Now when running the aliased proxy_enable command, the proxy datastore value will be set for the current module:
Viewing registered aliases:
To automatically load and configure the alias plugin on startup of Metasploit, create a custom ~/.msf4/msfconsole.rc file:
Capture Plugin
Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the modules/auxiliary/server/capture directory. Users can start and configure each of these modules individually, but now the capture plugin can streamline the process. The capture plugin can easily start 13 different services (17 including SSL enabled versions) on the same listening IP address including remote interfaces via Meterpreter. A configuration file can be used to select individual services to start and once finished, all services can easily be stopped using a single command.
To use the plugin, it must first be loaded. That will provide the captureg command (for Capture-Global) which then offers start and stop subcommands. In the following example, the plugin is loaded, and then all default services are started on the 192.168.159.128 interface.
This content was originally posted on the Rapid7 Blog.