Rapid7 Blog

.net  

Communicating and integrating with Metasploit from your Mono/.NET applications

I recently checked into github a C# library that helps allow easy communication and integration from your Mono/.NET applications. The library follows the same Session/Manager pattern as the Nexpose library I mentioned previously in the Nexpose blog. It has support for both the…

I recently checked into github a C# library that helps allow easy communication and integration from your Mono/.NET applications. The library follows the same Session/Manager pattern as the Nexpose library I mentioned previously in the Nexpose blog. It has support for both the core Metasploit RPC and for the Metasploit Pro RPC. Getting started is easy. To understand a bit more the classes you have at your disposal, here are a few quick examples. First off, within the metasploitsharp namespace, you will have a MetasploitSession class, and two managers (MetasploitManager and MetasploitProManager). MetasploitManager implements core RPC methods, while MetasploitProManager inherits from MetasploitManager and implements the Pro features. You may use all three of these classes within the context of a using statement. MetasploitSession automagically logs out your session when the object is disposed at the end of its context. using (MetasploitSession session = new MetasploitSession("metasploit", "password", "https://192.168.1.123:3790/api/1.1")) { using (MetasploitManager manager = new MetasploitManager(session)) { Dictionary<object, object> response = manager.GetCoreModuleStats(); foreach (var pair in response) Console.WriteLine(pair.Key ": " pair.Value); } } //session is logged out here at the end of its context, no need to manually log out. You may also call methods directly off of the session object, and ignore the MetasploitManager completely. using (MetasploitSession session = new MetasploitSession("metasploit", "password", "http://192.168.1.123:3790/api/1.1")) { Dictionary<object, object> response = session.Execute("core.stats"); foreach (var pair in response) Console.WriteLine(pair.Key ": " pair.Value); } //session is logged out here Due to C# being a strongly-typed language, and Ruby being a duck-typed language, you are at the mercy of Dictionaries of objects that can be any type. I have done my best to do most of the typing behind the scenes in the MetasploitSession class, but the types in the Dictionaries that are returned vary from method call to method call, so the programmer must know what he is expecting and type accordingly on his end. There are plenty of examples in the github repo, going over both Core and Pro API features. This library is released under a BSD license, so feel free to fork and do what you will.

Communicating and integrating with Nexpose from your .NET/Mono applications

Tuesday, the 17th, will be my first day with the Rapid7 crew. In the past, I have worked a lot with C#/.NET technologies, so Chad Loder asked me to get a C# library written for the Nexpose API. You may find the relevant code…

Tuesday, the 17th, will be my first day with the Rapid7 crew. In the past, I have worked a lot with C#/.NET technologies, so Chad Loder asked me to get a C# library written for the Nexpose API. You may find the relevant code here. Within the repository, you have a nexpose-sharp folder and a nexpose-client folder. The nexpose-client folder contains a small application that consumes the Nexpose XML API via the C# library that I have written, which resides in nexpose-sharp. Some key design aspects were implemented. Within the nexpose-sharp API library, you have 3 main classes, a NexposeSession, NexposeManager11, and NexposeManager12. Each of these classes implements IDisposable and uses this to ensure sessions and managers are logged out of Nexpose once the object is ready to be disposed. In order to ensure this happens properly, you can use the objects within the context of a using statement. For instance, to simply authenticate with Nexpose, you would use your NexposeSession class and instantiate it as such: using (NexposeSession session = new NexposeSession("192.168.1.101")) { session.Authenticate("nexpose"/*username/*, "nexpose"/*password*/); } A new NexposeSession object is created within the context of the using statement. When the context ends, the Dispose method is called on the session object, which logs out the session. But just authenticating isn't very useful. Why don't we grab each vulnerability NeXpose has a definition for and print it to a screen, with some vuln-specific details. You have two Nexpose managers that have been implemented. Each one implements a specific version of the NeXpose XML API. NexposeManager11 implements the 1.1 XML API which is available on all NeXpose installations of at least version 4.0. NexposeManager12 implements the 1.2 extended XML API which is available for versions of NeXpose of 4.8 and greater. The NexposeManager12 class inherits from NexposeManager11, allowing you access to both API's from the one object. For simplicity, here is an example of the 1.1 API in action. using (NexposeSession session = new NexposeSession("192.168.56.101")) { session.Authenticate("nexpose"/*user*/, "nexpose"/*password*/); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument vulns = manager.GetVulnerabilityListing(); int i = 0; foreach (XmlNode vuln in vulns.FirstChild.ChildNodes) { string vulnID = vuln.Attributes["id"].Value; XmlDocument deets = manager.GetVulnerabilityDetails(vulnID); string title = deets.FirstChild.FirstChild.Attributes["title"].Value; string severity = deets.FirstChild.FirstChild.Attributes["severity"].Value; Console.WriteLine(String.Format("{0} has a severity of {1} and an id of {2}", title, severity, vulnID)); i++; } Console.WriteLine("\n\nTotal vulnerabilities in database: " + i);      } //manager calls Dispose here at the end of the context and logs the session out }//session checks if it is logged in here at the end of its context, and if it is it will log itself out. Of course, for anything more complicated than this, you will want to use XPath or similar. If you end up running into a bug, feel free to send me an email. You may find more information on the respective API's here and here.

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now