Setup Script Prompts User for Input with --force and --silent Options Set

[3lpsy]

Veil version

3.1

OS Used - all info (architecture, linux flavor, etc)

Ubuntu 18.04

How did you install Veil? (Apt, Clone from Github, etc.)

Via an automated provision script.

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb | sudo tee /opt/msfinstall;
sudo bash /opt/msfinstall;
msfdb init --use-default;
sudo git clone https://github.com/Veil-Framework/Veil.git /opt/veil;
sudo bash /opt/veil/config/setup.sh --force --silent;

Did you run the setup script?

Yes, the issue relates to the setup script.

Expected behavior

The setup completes without any prompt. This is not the case.

Description

I ran the setup script using the commands listed about and received the following prompt:

[>] Please enter the directory of msfvenom (e.g. /usr/bin/): 

As I am running the script as part of an automatic provisioning process, I am not able to answer the prompt and my provision script hangs. The issue results from this code in the setup.sh and update-config.py:

## setup.sh
func_update_config(){
...
  sudo -u "${trueuser}" sudo ./update-config.py

## update-config.py
    if platform.system() == "Linux":
        ...
        options["MSFVENOM_PATH"] = "/usr/local/bin/"

I recommend one of the following changes.

Solution 1: allow the use of environment variables in the update-config.py script:

from os import environ

...

    if platform.system() == "Linux":
        ....
        options["MSFVENOM_PATH"] = environ.get("MSFVENOM_PATH", "/usr/local/bin/")

Solution 2: Proactively search for "msfvenom" in the path by making subprocess call to "where" or by using "shutil.which".

Solution 3: Add command line args to pass in the msfvenom path>

Of the three, I recommend the first. I would also recommend implementing the changes for other config values like METASPLOIT_PATH. If this is of interest to the project, I can make a PR. In that case, please let me know of any gotchas/pitfalls/expected problems you're aware of.

[ChrisTruncer]

Hi, you're correct at the moment there really isn't a way to have it fully automated on a non-kali system. Personally, I would prefer if this is added in (which I am fine with) to have it done so via a command line argument vs. an environmental variable. From a scripting perspective, I think that might be the easiest method. I'd be happy to see a pull request with that capability. I would imagine the logic would be if not on kali, check if the cli argument is present, if so use that as the msfvenom path, otherwise prompt.