using msfcli through script

[mmiller at hick.org (mmiller at hick.org)]

Hey MC,

While you could write a script to wrapper the use of check/exploit on
the command line, it would be better to just write a perl script that
makes use of the framework directly.  This isn't quite as easy as it is in
msf 3.x, but it can still be done.  The main reason why doing it at a
scripting level rather than calling out to msfcli is better is because
it takes the framework some time to load all the modules each time
msfcli is executed.  If you write a script to use the framework
directly, you don't have to deal with that perf hit and it should run
much smoother.  We're planning on addressing this problem in 3.x to make
modules demand-load rather than always loaded.

Doing this sort of thing in msf 3.x is also a bit more feasible than it
is in 2.x because 3.x will allow for multiple concurrent sessions inside
the same framework instance rather than only being able to deal with one
session at a time.

Anyway, hopefully I answered your question in a round about way... :)

On Tue, Jan 24, 2006 at 10:33:13AM -0000, MC wrote:
> Hello chaps,
> Sorry if you have already answered to this question thousand of times but I
> looked through the online mailing list and could not find an anwers. So
> pardon me if I'm being repetitive...
> The question is related to scripting check/explotation of more than one host
> using msfcli.
> So far I discovered that I can run msfcli in a windows installation of
> metasploit 2.5 using the cygwin.bat file and issuing the command. But I'm
> not sure if that would work if I want to script it any way like python ,
> perl or even a bat file (i Know it's horrible but I'm working in my
> migration from windows to linux :-) )
> Thanks a lot for the reply.
> Regards,
> MC