Metasploit mailing list archives
Re: Web autopwn
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Wed, 27 Oct 2010 10:38:52 +0100
The Arachni plug-in loads a YAML dump of anarray of ArachniMetareport[1] objects so any security scanner that can export to that format can benefit from the plug-in.
I'm thinking of changing the report to XML to make it easier for other scanners but we'll see.
So yeah it solves a community problem but only if you're using Arachni. At least for the time being... However, I appreciate your enthusiasm. :)[1] http://github.com/Zapotek/arachni/blob/experimental/reports/metareport/arachni_metareport.rb
On 27/10/10 09:33, YGN Ethical Hacker Group wrote:
Great! That's what we need!On Wed, Oct 27, 2010 at 4:17 PM, Tasos Laskos <tasos.laskos () gmail com <mailto:tasos.laskos () gmail com>> wrote:See: http://github.com/Zapotek/arachni/tree/experimental/external/metasploit/ It's mostly working as you can see but the payload breaks in some exotic cases, still working on it. On 27/10/10 09:13, YGN Ethical Hacker Group wrote: So, what kind of plugin? On Thu, Oct 21, 2010 at 2:12 PM, Tasos Laskos <tasos.laskos () gmail com <mailto:tasos.laskos () gmail com> <mailto:tasos.laskos () gmail com <mailto:tasos.laskos () gmail com>>> wrote: Yeah I figured. I've started working on a plug-in to do what I want. Not in an abstract framework-wide manner but for a single imported report. Cheers, Tasos L. On 21/10/10 07:07, HD Moore wrote: On 10/19/2010 9:44 PM, Tasos Laskos wrote: Hi guys, There's a feature like autopwn for webapps in the Pro version. Does something like that exist in the framework? I just finished writing an importer for a report and if the MSF can't do it then I took a very wrong approach. I know we talked about this off-list; but some general information for anyone interested. As of 3.5.0 we implemented a new set of database tables for tracking web applications and their vulnerabilities. This allows us to import data from web scanners today, but until we finish overhauling the WMAP modules and the commands to do automation, its not possible to do much with them yet. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- VPN pivoting..... John Nash (Oct 19)
- Web autopwn Tasos Laskos (Oct 19)
- Re: Web autopwn HD Moore (Oct 20)
- Re: Web autopwn Tasos Laskos (Oct 20)
- Re: Web autopwn YGN Ethical Hacker Group (Oct 27)
- Re: Web autopwn Tasos Laskos (Oct 27)
- Re: Web autopwn YGN Ethical Hacker Group (Oct 27)
- Re: Web autopwn Tasos Laskos (Oct 27)
- Re: Web autopwn HD Moore (Oct 20)
- Web autopwn Tasos Laskos (Oct 19)
- Re: VPN pivoting..... Philip Sanderson (Oct 21)
- Re: VPN pivoting..... HD Moore (Oct 21)