Metasploit-framework: Not all external modules support `check`
As in the title:
Is there a way to implement a check() for external python modules?
I checked the documentation and skimmed through the external module implementation, but didn't find any info about it.
Thanks in advance :)
timoles
All 7 comments
@acammack-r7, cough, cough
bwatters-r7
on 23 Oct 2019
Hey @timoles, you will need to pass an addition callback to module.run that returns a check code status (one of safe, detected, appears, vulnerable, or unknown). The only external module to have a check right now is exploit/linux/smtp/haraka, so if there is something missing in the implementation you need please let us know! I'll also be sure to add this to the docs.
acammack-r7
on 23 Oct 2019
Thank you very much @acammack-r7 for the help.
With the haraka example I got the check working on an external module with the type "remote_exploit_cmd_stager".
I have one question though: Am I right in the assumption that there currently is no "check" command for external scanner modules? I tried to figure it out through the external module source code, but I'm not quite sure.
My current assumption is that all type templates which implement this functionality/template also provide a "check()" function, but according to the "ruby" docs it should also work with normal scanners?
Any help is appreciated, and thank you for the help already provided :)
Ps.: To make the problem more clear, here are a few code snippets of what I tried
I made a minimalistic exploit and scanner with following "body"
def run(args):
module.log('Module dependency (requests) is missing, cannot continue', level="error")
def check_host(args):
module.log("Exploit HTTP response code: {}".format("Test"), level="good")
return "detected"
if __name__ == '__main__':
module.run(metadata, run, soft_check=check_host)
Following Metadata bring the results:
metadata = ... 'type': 'remote_exploit_cmd_stager', ... => check() function works as expected
metadata = ... 'type': 'single_host_login_scanner',#single_scanner => Error message: "check function not implemented"
timoles
on 28 Oct 2019
Good catch, you will also need to add this line to the login scanner template: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/modules/external/templates/remote_exploit_cmd_stager.erb#L34
acammack-r7
on 29 Oct 2019
:teamwork-emoji: Closing this, feel free to ping us again or reach out on Slack if you have more questions! Thanks, for the knowledge-droppin', Adam.
ccondon-r7
on 23 Feb 2020
Re-opening as the template in question still does not support check.
acammack-r7
on 24 Feb 2020
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It鈥檚 been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] picture](https://avatars2.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 19 Oct 2020
Related issues
XSecr3t
路
3Comments
Funeoz
路
3Comments
felipee07
路
3Comments
fluit105
路
3Comments
verapex
路
3Comments
Most helpful comment
Hey @timoles, you will need to pass an addition callback to
module.runthat returns a check code status (one ofsafe,detected,appears,vulnerable, orunknown). The only external module to have a check right now is exploit/linux/smtp/haraka, so if there is something missing in the implementation you need please let us know! I'll also be sure to add this to the docs.