Script `metasploit-info`

Script types: portrule
Categories: intrusive, safe
Download: https://svn.nmap.org/nmap/scripts/metasploit-info.nse

Script Summary

Gathers info from the Metasploit rpc service. It requires a valid login pair. After authentication it tries to determine Metasploit version and deduce the OS type. Then it creates a new console and executes few commands to get additional info.

References:

http://wiki.msgpack.org/display/MSGPACK/Format+specification
https://community.rapid7.com/docs/DOC-1516 Metasploit RPC API Guide

Script Arguments

metasploit-info.password: Valid metasploit rpc password (required)
metasploit-info.command: Custom command to run on the server (optional)
metasploit-info.username: Valid metasploit rpc username (required)
slaxml.debug: See the documentation for the slaxml library.
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent: See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername: See the documentation for the smbauth library.

Example Usage

nmap <target> --script=metasploit-info --script-args username=root,password=root

Script Output

55553/tcp open  metasploit-msgrpc syn-ack
| metasploit-info:
|   Metasploit version: 4.4.0-dev Ruby version: 1.9.3 i386-mingw32 2012-02-16 API version: 1.0
|   Additional info:
|   Host Name:                 WIN
|   OS Name:                   Microsoft Windows XP Professional
|   OS Version:                5.1.2600 Service Pack 3 Build 2600
|   OS Manufacturer:           Microsoft Corporation
|   OS Configuration:          Standalone Workstation
|   OS Build Type:             Uniprocessor Free
|  ..... lots of other info ....
|   Domain:                    WORKGROUP
|_  Logon Server:              \\BLABLA

Requires

Author:

Aleksandar Nikolic

License: Same as Nmap--See https://nmap.org/book/man-legal.html