Metasploit mailing list archives
Re: msfgui
From: scriptjunkie <scriptjunkie1 () googlemail com>
Date: Tue, 18 May 2010 03:27:06 -0400
That looked interesting to me, and I'm better at Java than Ruby, so I spent the weekend making a proof-of-concept from scratch prototype with Java and XMLRPC. You only need the dist/ folder to run it in Java (http://scriptjunkie1.110mb.com/security/dist.zip) but the entire project folder is currently here: http://scriptjunkie1.110mb.com/security/msfguiJDesktop.zip It is roughly based off the old msfgui, and it's ugly and incomplete. But it can connect to or start an msfrpcd, show exploits, auxiliary modules, payloads, jobs and sessions. It can launch exploits and auxiliary modules and generate payloads. It can kill sessions and interact with shell sessions. Which makes it slightly more productive than the average weekend. I see how msfrpc is slower, especially polling for input, but a GUI might live with a second delay for shell responses to come back. Feedback is appreciated, especially anyone with UI design skills. I respect the work you all have put in a lot, so I don't want to copy Metasploit Express (which I actually haven't seen at the moment) but I am still interested in a gui. I would hope to see, and can help out with, some improvements on the XMLRPC interface to make the gui successful. For example, compatible payloads for an exploit differ by target, since some exploits work on different platforms like 32 or 64 bit or even linux or windows. So I made a minor change, attached, that will make the compatible_payloads call use the target, like it does in console. For backward compatiblity, it would have to be an optional argument, but I didn't look into that. As to why put the effort into a GUI, although I agree to an experienced user, it doesn't offer more than the console, I think it is a great learning tool. It can be easier to browse available modules and payloads, and might be quicker for some infrequent tasks if you don't remember the commands. One idea would be to make it explicitly a training tool, and as the user looks at and selects exploits or takes other actions, display in the status bar the commands that would do the same thing on the console. Right now the console isn't very learner friendly. For one example, within msfconsole through the limited help available, there's no help for the show commands, so all the options aren't visible. I have to look at the source to see the various options. ("show exploits" "show payloads" "show options" "show advanced"...) Of course you can google, but it's much better to be able to figure it out yourself. scriptjunkie
Attachment:
module.diff
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- msfgui scriptjunkie (May 13)
- Re: msfgui HD Moore (May 13)
- Re: msfgui Ulisses Castro (May 14)
- Re: msfgui HD Moore (May 14)
- Re: msfgui scriptjunkie (May 18)
- Re: msfgui Ulisses Castro (May 14)
- Re: msfgui HD Moore (May 13)