Home page logo

metasploit logo Metasploit mailing list archives

Re: msfgui
From: scriptjunkie <scriptjunkie1 () googlemail com>
Date: Tue, 18 May 2010 03:27:06 -0400

That looked interesting to me, and I'm better at Java than Ruby, so I
spent the weekend making a proof-of-concept from scratch prototype
with Java and XMLRPC. You only need the dist/ folder to run it in Java
(http://scriptjunkie1.110mb.com/security/dist.zip) but the entire
project folder is currently here:

It is roughly based off the old msfgui, and it's ugly and incomplete.
But it can connect to or start an msfrpcd, show exploits, auxiliary
modules, payloads, jobs and sessions. It can launch exploits and
auxiliary modules and generate payloads. It can kill sessions and
interact with shell sessions.  Which makes it slightly more productive
than the average weekend. I see how msfrpc is slower, especially
polling for input, but a GUI might live with a second delay for shell
responses to come back.

Feedback is appreciated, especially anyone with UI design skills. I
respect the work you all have put in a lot, so I don't want to copy
Metasploit Express (which I actually haven't seen at the moment) but I
am still interested in a gui. I would hope to see, and can help out
with, some improvements on the XMLRPC interface to make the gui
successful. For example, compatible payloads for an exploit differ by
target, since some exploits work on different platforms like 32 or 64
bit or even linux or windows. So I made a minor change, attached, that
will make the compatible_payloads call use the target, like it does in
console. For backward compatiblity, it would have to be an optional
argument, but I didn't look into that.

As to why put the effort into a GUI, although I agree to an
experienced user, it doesn't offer more than the console, I think it
is a great learning tool. It can be easier to browse available modules
and payloads, and might be quicker for some infrequent tasks if you
don't remember the commands. One idea would be to make it explicitly a
training tool, and as the user looks at and selects exploits or takes
other actions, display in the status bar the commands that would do
the same thing on the console. Right now the console isn't very
learner friendly. For one example, within msfconsole through the
limited help available, there's no help for the show commands, so all
the options aren't visible. I have to look at the source to see the
various options. ("show exploits" "show payloads" "show options" "show
advanced"...) Of course you can google, but it's much better to be
able to figure it out yourself.


Attachment: module.diff


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]