Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Linux::System
9

10
  def initialize
11
    super(
12
      'Name' => 'Gather Available Shell Commands',
13
      'Description' => %q{
14
        This module will check which shell commands are available on a system."
15
      },
16
      'Author' => 'Alberto Rafael Rodriguez Iglesias <albertocysec[at]gmail.com>',
17
      'License' => MSF_LICENSE,
18
      'Platform' => ['linux', 'unix'],
19
      'SessionTypes' => ['shell', 'meterpreter'],
20
      'Notes' => {
21
        'Stability' => [CRASH_SAFE],
22
        'Reliability' => [],
23
        'SideEffects' => []
24
      }
25
    )
26
    register_options([
27
      OptString.new('DIR', [false, 'Optional directory name to list (in addition to default system PATH and common paths)', ''])
28
    ])
29
  end
30

31
  def run
32
    path = get_path
33

34
    print_warning('System PATH is empty!') if path.blank?
35

36
    paths = []
37
    path.split(':').each do |p|
38
      paths << p.chomp('/')
39
    end
40

41
    common_dirs = [
42
      '/root/local/bin',
43
      '/usr/local/sbin',
44
      '/usr/local/bin',
45
      '/usr/sbin',
46
      '/usr/bin',
47
      '/sbin',
48
      '/bin',
49
      '/usr/local/go/bin'
50
    ]
51

52
    common_dirs << datastore['DIR'] unless datastore['DIR'].blank?
53

54
    common_dirs.each do |p|
55
      paths << p.chomp('/')
56
    end
57

58
    binaries = []
59

60
    paths.sort.uniq.each do |p|
61
      next unless directory?(p)
62

63
      files = dir(p)
64

65
      next if files.blank?
66

67
      files.each do |f|
68
        binaries << "#{p}/#{f.strip}"
69
      end
70
    end
71

72
    # BusyBox commands
73
    busybox_path = nil
74
    if command_exists?('busybox')
75
      busybox_path = 'busybox'
76
    elsif command_exists?('/bin/busybox')
77
      busybox_path = '/bin/busybox'
78
    end
79

80
    unless busybox_path.blank?
81
      busybox_cmds = cmd_exec("#{busybox_path} --list")
82
      busybox_cmds.each_line do |cmd|
83
        binaries << "busybox #{cmd.strip}"
84
      end
85
    end
86

87
    # A recursive `ls /` or `find / -executable -type f`
88
    # could be added to find extra binaries.
89

90
    print_good("Found #{binaries.sort.uniq.length} executable binaries/commands")
91

92
    binaries.uniq.sort.each do |bin|
93
      print_line(bin)
94
    end
95
  end
96
end
97

98