Thursday, May 10, 2012

Supplying a file to metasploit rhosts

Apparently lots of people dont know you can do this... I will often parse things like FTP hosts into a file and then supply that file as the value of the RHOSTS option in metasploit. This makes it much easier for me to supply a crap ton of hosts without actually typing much of anything.

msfcli auxiliary/scanner/ftp/anonymous RHOSTS=file://root/clients/clientname/nmap/ftphosts E


Apparently it only takes absolute paths unforuntaely, but if your using msfcli instead of msfconsole, why not use bash to your advantage?


msfcli auxiliary/scanner/ftp/anonymous RHOSTS=file://$(pwd)/ftphosts E


That line works great if you're 10 directories deep and are too lazy to type.

EDIT:
I noticed I didn't actually talk about msfconsole, in case it wasn't obvious you do "set rhosts file:/root/blah/ftp.hosts" or whatever your file is and it will take it.

Doesnt work if the module only takes on host though :(
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)