modules/auxiliary/client/telegram/send_message.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'faraday'
class MetasploitModule < Msf::Auxiliary
def initialize
super(
'Name' => 'Telegram Message Client',
'Description' => %q{
This module can be used to send a document and/or message to
multiple chats on telegram. Please refer to the module
documentation for info on how to retrieve the bot token and corresponding chat
ID values.
},
'Author' => [
'Ege Balcı <egebalci[at]pm.me>', # Aka @egeblc of https://pentest.blog
'Gaurav Purswani' # @pingport80
],
'License' => MSF_LICENSE,
)
register_options(
[
OptString.new('BOT_TOKEN', [true, 'Telegram BOT token', '']),
OptString.new('MESSAGE', [false, 'The message to be sent']),
OptInt.new('CHAT_ID', [false, 'Chat ID for the BOT', '']),
OptPath.new('DOCUMENT', [false, 'The path to the document(binary, video etc)']),
OptPath.new('IDFILE', [false, 'File containing chat IDs, one per line']),
OptEnum.new('FORMATTING', [false, 'Message formatting option (Markdown|MarkdownV2|HTML)', 'Markdown', [ 'Markdown', 'MarkdownV2', 'HTML']])
], self.class
)
end
def formatting
datastore['FORMATTING']
end
def message
datastore['MESSAGE']
end
def document
datastore['DOCUMENT']
end
def bot_token
datastore['BOT_TOKEN']
end
def id_file
datastore['IDFILE']
end
def send_document(conn, chat_id)
unless ::File.file?(document) && ::File.readable?(document)
fail_with(Failure::BadConfig, 'The document to be sent does not exist or is not a readable file!')
end
raw_params = { 'chat_id' => chat_id, 'document' => Faraday::UploadIO.new(document, 'application/octet-stream') }
params = {}
raw_params.each_with_object({}) do |(key, value), _tmp_params|
params[key] = value
end
response = conn.post("/bot#{bot_token}/sendDocument", params)
if response.status == 200
print_good("Document sent successfully to #{chat_id}")
elsif response.status == 403
print_bad("Error while sending document! Make sure you have access to message chat_id : #{chat_id}")
else
print_bad("Error while sending the document to #{chat_id} API Status : #{response.status}")
end
end
def send_message(conn, chat_id)
params = { 'chat_id' => chat_id, 'text' => message, 'parse_mode' => formatting }
response = conn.post("/bot#{bot_token}/sendMessage", params)
if response.status == 200
print_good("Message sent successfully to #{chat_id}")
elsif response.status == 403
print_bad("Error while sending document! Make sure you have access to message chat_id : #{chat_id}")
else
print_bad("Error while sending the message to chat_id #{chat_id} API Status : #{response.status}")
end
end
def run
unless document || message
fail_with(Failure::BadConfig, 'You must supply a message and/or document')
end
url = 'https://api.telegram.org'
conn = Faraday.new(url: url) do |faraday|
faraday.request :multipart
faraday.request :url_encoded
faraday.adapter Faraday.default_adapter
end
if id_file
print_warning("Opening `#{id_file}` to fetch chat IDs...")
unless ::File.file?(id_file) && ::File.readable?(id_file)
fail_with(Failure::BadConfig, 'The ID file is not an existing readable file!')
end
File.readlines(id_file).each do |chat_id|
send_document(conn, chat_id) if document
send_message(conn, chat_id) if message
end
return
end
send_document(conn, datastore['CHAT_ID']) if document
send_message(conn, datastore['CHAT_ID']) if message
end
end