When trying to find or chose a Metasploit module there are 5 tricks that I use. I will briefly go over each.
I start with the base site:metasploit.com inurl:modules then add search criteria or play with "inurl" to zoom in on what I am looking for (e.g. add inurl:windows or inurl:exploits/windows/iis). If you don't want to search through the source code, wiki, and tickets you can add -inurl:redmine/projects
#2 msfconsole's search command
Type "search -h" next time you are sitting in front of the console. The Option searching was broken for awhile, but I submitted a patch that fixed it. It's pretty cool. Type "search -o URIPATH,RPORT=8080" to search for all modules that have an option "URIPATH" and that have another option RPORT that defaults to port 8080.
The auto-complete feature of msfconsole is fairly useful for listing modules. Since modules are organised in a tree like structure (at the base you have module type, then platform, then category, and only then the specific module), it is easy to narrow down the results before getting a list. And the results are paginated! Type "info post/windows/gather/" and then hit tab twice
To do an incremental search backwards through your history, use control+r. This is useful when trying to cycle through past "use"ed modules (or any command for that matter!) Hold down the Ctrl key then hit r, type 'use', hit control+r again to go backwards through time. I am not sure if this works in Windows.
#5 find and/or grep
Back in the day (and by that I mean before I wrote this blog post and got this idea) I would issue find and grep commands when a little Google magic might have done a better job. site:metasploit.com inurl:redmine/projects/framework/repository/ Although, if you want to use regular expressions there still is grep -rP 'some regex here' modules/ --exclude-dir=.svn
A thank you to egypt who pointed out that I could/should use --exclude-dir
If you have a reasonably new version of grep, you can put the following in your ~/.bashrc to avoid having to "| grep -v svn" all the time:ReplyDelete
alias grep='grep --exclude-dir=.svn'
why not just memorize the 1 mloc (or at least the 380 kloc of ruby) and keep up with the dev train churn? it's not that bigReplyDelete