Metasploit mailing list archives

GUI

From: cfullerton at fullertoninfosec.com (Chuck Fullerton)
Date: Fri, 27 Jan 2006 09:10:59 -0500

Vijay,

This sounds like a great project.  May I make a suggestion?

In #2 you wrote about parsing the output from other tools.  Instead of 
using an open port it might be better to use another unique ID for the 
vulnerability due to the fact that an FTP server could be on a different 
port than 21.  I'd recommend using the CVE or Bugtraq ID.

Hope that helps.

Chuck Fullerton


vmukhi at vsnl.com wrote:

Hey all,
We've been working on extending features of the framework 3.0, and since
we're fairly new to both Ruby and the internals of the framework, we decided
to develop a GUI with a few extra features, this was a good learning
experience which we figured other people on the list could also benefit
from. We initially started development using the Tcl/Tk ruby extensions -
however after about two days, we realized it wasn't going anywhere, so we
switched over to FXruby (www.fxruby.org). Our goal is to create a GUI
extension that does the following:

1. Execute recon modules that will parse the output from nmap, nikto, nessus
etc. These will determine the target o/s and service versions.

2. Select exploits which have targets that match the recon results (for
example, if nmap detects iis5.0, the gui will recommend exploits that should
work against iis5.0). In the same vein if we detect that port 21 is closed, no point in displaying ftp exploits.

3. Allow the user in one shot to select multiple exploits, payload and
encoders and run all of these in permutation/combination. This would be a
useful way to test IDS signatures against different encoders. It should also
manage all the successfully exploited sessions. Logically you can extend
this to scan a complete subnet and execute a mass-attack.

We've decided however to abandon FXRuby in favour of Qt (for ease of
development). Do more experienced Ruby coders think this is a wise decision?
We're attaching the work we'd done in FXRuby. One problem we faced was creating a FXLabel widget before calling the
create method. We had no choice but to create empty labels and then populate their text property later.

The code is embarassingly unstructured, but our goal was just to get things working. Hopefully people on the list
will find it useful. You can get it working by first installing FXRuby from fxruby.org and then copying the two
attached files into the framework directory and running 'ruby -Ilib msfgui.rb'. The UI works under windows also.

Looking forward to your feedback!

Cheers,

Vijay Mukhi & team.

Current thread:

GUI vmukhi at vsnl.com (Jan 27)
- GUI Chuck Fullerton (Jan 27)
  - GUI Sahir Hidayatullah (Jan 27)
  - GUI Sahir Hidayatullah (Jan 27)
- GUI H D Moore (Jan 27)
- <Possible follow-ups>
- GUI Jerome Athias (Jan 28)