modules/post/linux/gather/enum_commands.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Linux::System
def initialize
super(
'Name' => 'Gather Available Shell Commands',
'Description' => %q{
This module will check which shell commands are available on a system."
},
'Author' => 'Alberto Rafael Rodriguez Iglesias <albertocysec[at]gmail.com>',
'License' => MSF_LICENSE,
'Platform' => ['linux', 'unix'],
'SessionTypes' => ['shell', 'meterpreter'],
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [],
'SideEffects' => []
}
)
register_options([
OptString.new('DIR', [false, 'Optional directory name to list (in addition to default system PATH and common paths)', ''])
])
end
def run
path = get_path
print_warning('System PATH is empty!') if path.blank?
paths = []
path.split(':').each do |p|
paths << p.chomp('/')
end
common_dirs = [
'/root/local/bin',
'/usr/local/sbin',
'/usr/local/bin',
'/usr/sbin',
'/usr/bin',
'/sbin',
'/bin',
'/usr/local/go/bin'
]
common_dirs << datastore['DIR'] unless datastore['DIR'].blank?
common_dirs.each do |p|
paths << p.chomp('/')
end
binaries = []
paths.sort.uniq.each do |p|
next unless directory?(p)
files = dir(p)
next if files.blank?
files.each do |f|
binaries << "#{p}/#{f.strip}"
end
end
# BusyBox commands
busybox_path = nil
if command_exists?('busybox')
busybox_path = 'busybox'
elsif command_exists?('/bin/busybox')
busybox_path = '/bin/busybox'
end
unless busybox_path.blank?
busybox_cmds = cmd_exec("#{busybox_path} --list")
busybox_cmds.each_line do |cmd|
binaries << "busybox #{cmd.strip}"
end
end
# A recursive `ls /` or `find / -executable -type f`
# could be added to find extra binaries.
print_good("Found #{binaries.sort.uniq.length} executable binaries/commands")
binaries.uniq.sort.each do |bin|
print_line(bin)
end
end
end