Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
#!/usr/bin/env ruby
2

3
msfbase = __FILE__
4
while File.symlink?(msfbase)
5
  msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
6
end
7
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
8
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
9

10
require 'msfenv'
11
require 'rex'
12

13
# See lib/msf/core/module/reference.rb
14
# We gsub '#{in_ctx_val}' with the actual value
15
def types
16
  [
17
    'ALL',
18
    'CVE',
19
    'CWE',
20
    'BID',
21
    'MSB',
22
    'EDB',
23
    'US-CERT-VU',
24
    'ZDI',
25
    'WPVDB',
26
    'PACKETSTORM',
27
    'URL'
28
  ]
29
end
30

31
filter  = 'All'
32
filters = ['all','exploit','payload','post','nop','encoder','auxiliary']
33
type    = 'CVE'
34
save    = nil
35

36
opts = Rex::Parser::Arguments.new(
37
  "-h" => [ false, "Help menu." ],
38
  "-f" => [ true, "Filter based on Module Type [All,Exploit,Payload,Post,NOP,Encoder,Auxiliary] (Default = ALL)."],
39
  "-t" => [ true, "Type of Reference to sort by #{types * ', '}"],
40
  "-o" => [ true, "Save the results to a file"]
41
)
42

43
flags = []
44

45
opts.parse(ARGV) { |opt, idx, val|
46
  case opt
47
  when "-h"
48
    puts "\nMetasploit Script for Displaying Missing References."
49
    puts "=========================================================="
50
    puts opts.usage
51
    exit
52
  when "-f"
53
    unless filters.include?(val.downcase)
54
      puts "Invalid Filter Supplied: #{val}"
55
      puts "Please use one of these: #{filters.map{|f|f.capitalize}.join(", ")}"
56
      exit
57
    end
58
    flags << "Module Filter: #{val}"
59
    filter = val
60
  when "-t"
61
    val = (val || '').upcase
62
    unless types.include?(val)
63
      puts "Invalid Type Supplied: #{val}"
64
      puts "Please use one of these: #{types.keys.inspect}"
65
      exit
66
    end
67
    type = val
68
  when "-o"
69
    flags << "Output to file: Yes"
70
    save = val
71
  end
72
}
73

74
flags << "Type: #{type}"
75

76
puts flags * " | "
77

78
framework_opts = { 'DisableDatabase' => true }
79
if filter.downcase != 'all'
80
  framework_opts[:module_types] = [ filter.downcase ]
81
end
82

83
$framework = Msf::Simple::Framework.create(framework_opts)
84

85
puts "[*] Going through Metasploit modules for missing #{type}..."
86

87
table = Rex::Text::Table.new(
88
    'Header'  => 'Missing Module References',
89
    'Indent'  => 2,
90
    'Columns' => ['Module', 'Missing Reference']
91
  )
92

93
$framework.modules.each { |name, mod|
94
  if mod.nil?
95
    elog("Unable to load #{name}")
96
    next
97
  end
98

99
  m = mod.new
100
  ref_ids = m.references.collect { |r| r.ctx_id }
101

102
  unless ref_ids.include?(type)
103
    puts "[*] Missing #{type} : #{m.fullname}"
104
    if save
105
      table << [m.fullname, type]
106
    end
107
  end
108
}
109

110
if save
111
  begin
112
    File.write(save, table.to_s)
113
    puts "[*] Results saved to: #{save}"
114
  rescue ::Exception
115
    puts "[*] Failed to save the results"
116
  end
117
end
118

119

120