Easier URI Targeting With Metasploit Framework

Easier URI Targeting With Metasploit Framework

Over the past year and a half, Metasploit Framework’s core engineering team in Belfast has made significant improvements to usability, discoverability, and the general quality of life for the global community of Framework users. A few of the enhancements we’ve worked on in MSF 6 include:


A handy tip command in msfconsole that delivers tips n’ tricks to users
Consolidated EternalBlue modules that removed the need for Python as a dependency, as well as automatic targeting support
AutoCheck support, which runs the check functionality of a module before its exploit capabilities are executed to ensure the module will work beforehand, as well as providing a ForceExploit advanced option that allows a user-override this functionality
A debug command in msfconsole that provides data to help users understand the root cause of issues
Improved cross-platform support for msfdb, as well as supporting external databases — such as using a PostgreSQL Docker container
User experience improvements, including word-wrapping tables, highlighting matched search terms in the search table, and introducing context-aware hints — such as letting users know that they can use the use command to easily select a searched module
Reducing msfconsole’s boot time, as well as reducing the time required to search for modules, and list exploits/payloads in both the console and module.search RPC calls

Today's blog looks at another series of improvements that have overhauled Framework's option support to allow for streamlined workflows when specifying multiple module options for protocols like HTTP, MySQL, PostgreSQL, SMB, SSH, and more. This removes the need to individually call set for each module option value before running it — courtesy of pull request #15253.


Overview


Traditional usage of Metas ..

Support the originator by clicking the read the rest link below.