Jump to content
Fi8sVrs

msploitego - The Pentesting suite for Maltego

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted (edited)

Pentesting suite for Maltego based on data in a Metasploit database

40849078-f941f302-658e-11e8-83b1-62aea49

40849101-0abae328-658f-11e8-976a-25a9c70

40849110-109aa79c-658f-11e8-92fc-75631c4

 

THIS IS A BETA RELEASE, please be nice and report any issues

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database

 

Requirements

  • Python 2.7
  • Has only been tested on Kali Linux
  • software installations
    • Metasploit Framework
    • nmap
    • enum4linux
    • snmp-check
    • nikto
    • exploitdb

 

Installation

  • In Maltego import config from msploitego/src/msploitego/resources/maltego/msploitego.mtz
  • checkout and update the transform path inside Maltego
    • easiest way would be to create a symbolic link to the transforms directory in /root/)
    • ln -s /path/to/your/msploitego/src/msploitego/transforms /root/

 

General Use

Using exported Metasploit xml file

run a db_nmap scan in metatasploit, or import a previous scan

  • msf> db_nmap -vvvv -T5 -A -sS -ST -Pn

  • msf> db_import /path/to/your/nmapfile.xml

  • export the database to an xml file

  • msf> db_export -f xml /path/to/your/output.xml

  • In Maltego drag a MetasploitDBXML entity onto the graph.

  • Update the entity with the path to your metasploit database file.

  • run the MetasploitDB transform to enumerate hosts.

  • from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DB

 

Using Postgres

  • drag and drop a Postgresql DB entity onto the canvas, enter DB details.
  • run the Postgresql transforms directly against a running DB

 

Notes

  • Instead of running a nikto scan directly from Maltego, I've opted to include a field to for a Nikto XML file. Nikto can take long time to run so best to manage that directly from the os. Enter the full path filename in the 'Nikto File' field, then run the Nikto parser to enumerate.

 

TODO's

  • Connect directly to the postgres database - BETA
  • Much, much, much more tranforms for actions on generated entities.

 

Download: msploitego-master.zip 

git clone https://github.com/shizzz477/msploitego.git

Source

 

 

 

Edited by OKQL

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...