├── README.md
└── msfsuggester.rb


/README.md:
--------------------------------------------------------------------------------
 1 | Msfsuggester
 2 | ============
 3 | 
 4 | Msfsuggester is a tool that parse OpenVAS XML output and suggest an exploit
 5 | from metasploit with a msfcli command line.
 6 | 
 7 | Installation
 8 | --
 9 | ```
10 | $ git clone https://github.com/m0nad/msfsuggester
11 | $ gem install nokogiri
12 | ```
13 | Usage
14 | --
15 | ```
16 | ruby msfsuggester.rb openvas.xml /path/to/metasploit-framework/
17 | ```
18 | Example: 
19 | --
20 | ```
21 | $ ruby msfsuggester.rb OPENVAS_metasploitable.xml /home/monad/metasploit-framework/
22 | == (GoodRanking) MySQL yaSSL CertDecoder::GetName Buffer Overflow ==
23 | msfcli exploit/linux/mysql/mysql_yassl_getname RHOST=192.168.0.115 RPORT=3306 E
24 | Refs: CVE:2009-4484 BID:37974
25 | 
26 | == (ExcellentRanking) PHP CGI Argument Injection ==
27 | msfcli exploit/multi/http/php_cgi_arg_injection RHOST=192.168.0.115 RPORT=80 E
28 | Refs: CVE:2012-1823
29 | 
30 | == (ExcellentRanking) DistCC Daemon Command Execution ==
31 | msfcli exploit/unix/misc/distcc_exec RHOST=192.168.0.115 RPORT=3632 E
32 | Refs: CVE:2004-2687
33 | 
34 | == (ExcellentRanking) UnrealIRCD 3.2.8.1 Backdoor Command Execution ==
35 | msfcli exploit/unix/irc/unreal_ircd_3281_backdoor RHOST=192.168.0.115 RPORT=6667 E
36 | Refs: CVE:2010-2075
37 | 
38 | == (Unknown) OpenSSL Server-Side ChangeCipherSpec Injection Scanner ==
39 | msfcli auxiliary/scanner/ssl/openssl_ccs RHOSTS=192.168.0.115 RPORT=5432 E
40 | Refs: CVE:2014-0224
41 | 
42 | == (Unknown) HTTP Options Detection ==
43 | msfcli auxiliary/scanner/http/options RHOSTS=192.168.0.115 RPORT=80 E
44 | Refs: CVE:2005-3498 BID:9561
45 | 
46 | == (Unknown) X11 No-Auth Scanner ==
47 | msfcli auxiliary/scanner/x11/open_x11 RHOSTS=192.168.0.115 RPORT=6000 E
48 | Refs: CVE:1999-0526
49 | ```
50 | 


--------------------------------------------------------------------------------
/msfsuggester.rb:
--------------------------------------------------------------------------------
  1 | # Msfsuggester is a tool that parse OpenVAS XML output and suggest an exploit
  2 | # form metasploit with a msfcli command line.
  3 | # 
  4 | require 'nokogiri'
  5 | 
  6 | # parse
  7 | def parse_openvas_xml(dir)
  8 | 	f = File.open dir
  9 | 	xml_doc = Nokogiri::XML(f)
 10 | 	vulns = []
 11 | 	xml_doc.css("results").children.each do |result|
 12 | 		vuln = {}
 13 | 		vuln[:host] = result.css("host").text
 14 | 		vuln[:port] = result.css("port").text
 15 | 		vuln[:port].gsub! '/tcp', ''
 16 | 		vuln[:port].gsub! '/udp', ''
 17 | 		cve = result.css("cve").text
 18 | 		if (cve !~ /NOCVE/)
 19 | 			cve.gsub! 'CVE-', ''
 20 | 			vuln[:cve] = cve
 21 | 		end
 22 | 		bid = result.css("bid").text
 23 | 		if (bid !~ /NOBID/) 
 24 | 			vuln[:bid] = bid
 25 | 		end
 26 | 		vulns.push vuln
 27 | 	end
 28 | 	f.close
 29 | 	vulns
 30 | end
 31 | @msf_exploits = []
 32 | def search_msf_dir(dir)
 33 | 	files = Dir[dir]
 34 | 	files.each do |file|
 35 | 		exploit = {}
 36 | 		if File.directory?(file)
 37 | 			search_msf_dir file + "/*"
 38 | 		end
 39 | 		next unless File.file? file
 40 | 		f = File.open(file).read
 41 | 		exploit[:path] = $1 if (file =~ /modules\/(.*?)\.rb/)
 42 | 		f.each_line do |line|
 43 | 			if (line =~ /Rank\s*=\s*(\w+)/)
 44 | 				exploit[:rank] = $1
 45 | 			end
 46 | 			if (line =~ /'Name'\s*=>\s*'(.*?)'/)
 47 | 				exploit[:name] = $1
 48 | 			end
 49 | 			if (line =~ /'CVE'\s*,\s*'(\d{4}-\d{4})'/)
 50 | 				exploit[:cve] = $1
 51 | 			end
 52 | 			if (line =~ /'BID'\s*,\s*'(\d+)'/)
 53 | 				exploit[:bid] = $1
 54 | 			end
 55 | 		end
 56 | 		@msf_exploits.push exploit
 57 | 	end
 58 | 	#@msf_exploits
 59 | end
 60 | 
 61 | def output(vulns, msf)
 62 | 	rhost = ""
 63 | 	msf[:rank] = "Unknown" if msf[:rank].nil?
 64 | 	print "== (#{msf[:rank]}) #{msf[:name]} ==\n"
 65 | 	if (msf[:path] =~ /exploits/)
 66 | 		msf[:path].gsub! 'exploits', 'exploit'
 67 | 		rhost = "RHOST"
 68 | 	elsif (msf[:path] =~ /scanner/)
 69 | 		rhost = "RHOSTS"
 70 | 	end
 71 | 	print "msfconsole -x \"use #{msf[:path]}; "
 72 | 	print "set " + rhost + " " + "#{vulns[:host]}; " if vulns[:host]
 73 | 	print "set RPORT #{vulns[:port]}; run\"\n" if vulns[:port]
 74 | 	print "Refereces:"
 75 | 	print " CVE:#{msf[:cve]}" if msf[:cve]
 76 | 	print " BID:#{msf[:bid]}" if msf[:bid]
 77 | 	print "\n\n"
 78 | end
 79 | 
 80 | 
 81 | openvas_xml = ARGV[0]
 82 | msf_dir = ARGV[1]
 83 | if (openvas_xml.nil? or msf_dir.nil?)
 84 | 	print "Usage: ruby #{$0} openvas.xml /path/to/metasploit-framework/\n"
 85 | 	print "Ex: ruby #{$0} OPENVAS.xml /home/user/metasploit-framework/\n"
 86 | 	exit
 87 | end
 88 | msf_dir += "/modules/*"
 89 | vulns_openvas = parse_openvas_xml openvas_xml
 90 | 
 91 | search_msf_dir msf_dir
 92 | 
 93 | 
 94 | @msf_exploits.each do |vuln_msf|
 95 | 	vulns_openvas.each do |vuln_openvas|
 96 | 		if (not (vuln_openvas[:cve].nil? or vuln_msf[:cve].nil?) and vuln_openvas[:cve] =~ /#{vuln_msf[:cve]}/)
 97 | 			output vuln_openvas, vuln_msf
 98 | 		elsif (not(vuln_openvas[:bid].nil? or vuln_msf[:bid].nil?) and vuln_openvas[:bid] =~ /#{vuln_msf[:bid]}/)
 99 | 			output vuln_openvas, vuln_msf
100 | 		end
101 | 	end
102 | end
103 | 
104 | 
105 | 


--------------------------------------------------------------------------------