Automating Repetitive Tasks with Metasploit Resource Scripts

The bash shell and Metasploit Resource scripts make it possible to automate repetitive tasks when performing an audit. Below is the output from an easy to write script that I wrote as an example that, first, scans a target using Nmap to identify IPs running FTP. Than, second, calls a Metasploit resource script that chains together a series of Metasploit console commands to run Metasploit’s ftp/anonymous scanner to identify Anonymous FTP servers.
—-

nua@Kali:~/scans# ./ftp.sh

***** Target(s) *****

Enter Nmap target ip(s) or range(s): 192.168.1.0/24

***** File Name *****

Enter file name to save Nmap scan: ftp

***** Running Nmap Scan *****

# Saving files to: ftp_out/ftp.xml, ftp_out/ftp.gnmap, ftp_out/ftp.nmap

nmap -n -Pn -T4 –open -p 21 192.168.1.0/24 -oA ftp_out/ftp

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-22 22:00 EDT
Nmap scan report for 192.168.1.5
Host is up (0.00046s latency).

PORT STATE SERVICE
21/tcp open ftp
MAC Address: 00:0C:29:FA:DD:2A (VMware)

Nmap done: 256 IP addresses (6 hosts up) scanned in 7.09 seconds

***** Processing Nmap Scan *****

# Grepping ftp.xml for IPs with FTP open
# Removing duplicate iPs
# Printing list of IPs with FTP open

# List of IPs with FTP open:

192.168.1.15
192.168.1.5

***** Launching MSF *****

# Creating FTP workspace
# Importing IPs with FTP open into workspace
# Creating FTP RHOSTS file
# Launching FTP anonymous scanner
# Running FTP anonymous scanner

************************************************
LIST OF ANONYMOUS FTP SERVERS
************************************************

[+] 192.168.1.5:21 – 192.168.1.5:21 – Anonymous READ (220 (vsFTPd 2.3.4))

Leave a Reply

Your email address will not be published. Required fields are marked *