Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/msf/ui/tip.rb
25412 views
1
# -*- coding: binary -*-

2
# frozen_string_literal: true

3


4
module Msf

5
  module Ui

6
    ###

7
    #

8
    # Module that contains some most excellent tips.

9
    #

10
    ###

11
    module Tip

12
      def self.highlight(string)

13
        "%grn#{string}%clr"

14
      end

15


16
      COMMON_TIPS = [

17
        "View all productivity tips with the #{highlight('tips')} command",

18
        "Enable verbose logging with #{highlight('set VERBOSE true')}",

19
        "When in a module, use #{highlight('back')} to go back to the top level prompt",

20
        "Tired of setting #{highlight('RHOSTS')} for modules? Try globally setting it with #{highlight('setg RHOSTS x.x.x.x')}",

21
        "Enable HTTP request and response logging with #{highlight('set HttpTrace true')}",

22
        "You can upgrade a shell to a Meterpreter session on many platforms using #{highlight('sessions -u <session_id>')}",

23
        "Open an interactive Ruby terminal with #{highlight('irb')}",

24
        "Use the #{highlight('resource')} command to run commands from a file",

25
        "To save all commands executed since start up to a file, use the #{highlight('makerc')} command",

26
        "View advanced module options with #{highlight('advanced')}",

27
        "You can use #{highlight('help')} to view all available commands",

28
        "Use #{highlight('help <command>')} to learn more about any command",

29
        "View a module's description using #{highlight('info')}, or the enhanced version in your browser with #{highlight('info -d')}",

30
        "After running #{highlight('db_nmap')}, be sure to check out the result of #{highlight('hosts')} and #{highlight('services')}",

31
        "Save the current environment with the #{highlight('save')} command, future console restarts will use this environment again",

32
        "Search can apply complex filters such as #{highlight('search cve:2009 type:exploit')}, see all the filters with #{highlight('help search')}",

33
        "Metasploit can be configured at startup, see #{highlight('msfconsole --help')} to learn more",

34
        "Display the Framework log using the #{highlight('log')} command, learn more with #{highlight('help log')}",

35
        "Network adapter names can be used for IP options #{highlight('set LHOST eth0')}",

36
        "Use #{highlight('sessions -1')} to interact with the last opened session",

37
        "View missing module options with #{highlight('show missing')}",

38
        'Start commands with a space to avoid saving them to history',

39
        'You can pivot connections over sessions started with the ssh_login modules',

40
        "Use the #{highlight('analyze')} command to suggest runnable modules for hosts",

41
        "Set the current module's #{highlight('RHOSTS')} with database values using #{highlight('hosts -R')} or #{highlight('services -R')}",

42
        "Use the #{highlight('capture')} plugin to start multiple authentication-capturing and poisoning services",

43
        "The #{highlight('use')} command supports fuzzy searching to try and select the intended module, e.g., #{highlight('use kerberos/get_ticket')} or #{highlight('use kerberos forge silver ticket')}",

44
        "Organize your work by creating workspaces with #{highlight('workspace -a <name>')}",

45
        "Store discovered credentials for later use with #{highlight('creds')}",

46
        "Keep track of findings and observations with #{highlight('notes')}",

47
        "Add routes to pivot through a compromised host using #{highlight('route add <subnet> <session_id>')}",

48
        "Run modules in the background with #{highlight('run -j')} so you can keep working",

49
        "Stop all background jobs quickly with #{highlight('jobs -K')}",

50
        "Export your database results with #{highlight('db_export -f xml <file>')}",

51
        "Execute a command across all sessions with #{highlight('sessions -C <command>')}",

52
        "Use #{highlight('post/multi/manage/autoroute')} to automatically add pivot routes",

53
        "Use #{highlight('check')} before #{highlight('run')} to confirm if a target is vulnerable",

54
        "Bind your reverse shell to a tunnel with #{highlight('set ReverseListenerBindAddress <tunnel_address>')} and #{highlight('set ReverseListenerBindPort <tunnel_port>')} (e.g., ngrok)"

55
      ].freeze

56
      private_constant :COMMON_TIPS

57


58
      DEVELOPER_TIPS = [

59
        "Writing a custom module? After editing your module, why not try the #{highlight('reload')} command",

60
        "Use the #{highlight('edit')} command to open the currently active module in your editor",

61
      ].freeze

62
      private_constant :DEVELOPER_TIPS

63


64
      ALL_TIPS = COMMON_TIPS + DEVELOPER_TIPS

65
      private_constant :ALL_TIPS

66


67
      def self.all

68
        ALL_TIPS

69
      end

70


71
      def self.sample

72
        ALL_TIPS.sample

73
      end

74
    end

75
  end

76
end

77


78