The Metasploit RPC api for Node.js
This will install the cli in your system.
npm install -g msfrpc
This will add the msfrpc module to your Node.js project.
npm install --save msfrpc
msfrpc <URI>
URI example: https://msfUser:123456@localhost:55553
All msfrpc methods are grouped in the following "method groups":
To call a msfrpc, use the following pattern:
msfrpc.<method group>.<method name (camel case)>([arguments]);
All methods returns Promises.
Please note that we don't pass tokens to the methods. Tokens are added automatically by MsfRpc.
Here is an example:
const MsfRpc = require('msfrpc');
const msfrpcUri = 'https://msfUser:123456@localhost:55553';
const msfrpc = new MsfRpc(msfrpcUri);
console.log(`Connecting to ${msfrpcUri}`);
msfrpc.connect().then(() => {
return msfrpc.core.version().then((res) => {
console.log(`Metasploit Framework version ${res.version}`);
}).then(() => {
const keyword = 'windows';
console.log(`Search modules containing "${keyword}". This may take a few seconds...`);
return msfrpc.module.search(keyword).then((modules) => {
console.log(`Found the ${modules.length} modules for "${keyword}":`);
modules.forEach((module) => {
console.log('=========', module.fullname);
console.log(' Name', module.name);
console.log(' Type', module.type);
console.log(' Rank', module.rank);
if(module.disclosuredate) {
console.log(' Date', module.disclosuredate);
}
});
});
});
});
In the example, we:
For a list and documentation of all available methods, visit the following links.
Here are some examples of method calls:
Get version information:
msfrpc.core.version()
Get module stats:
msfrpc.core.moduleStats()
Search for a module:
msfrpc.module.search('keyword')
List payloads:
msfrpc.module.payloads()
This project includes a Dockerfile (and docker-compose.yml) so you dont have to build a testing environment yourself.
To use docker, you need it installed in your system.
For installation, follow the steps here.
Clone the repository and install dependencies.
git clone https://github.com/tomasgvivo/node-msfrpc.git
cd node-msfrpc/
npm install
Copyright 2017 Tomas Gonzalez Vivo
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
Metasploit Framework RPC api and command line interface
The npm package msfrpc receives a total of 10 weekly downloads. As such, msfrpc popularity was classified as not popular.
We found that msfrpc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.