msploitego icon indicating copy to clipboard operation
msploitego copied to clipboard
verified publisher icon shizzz477

Python environment Setup

Open maxlandon opened this issue 7 years ago • 8 comments

Hello,

I have an issue with my Python environment: When setting up a PostgreSQL entity for the Metasploit DB, python ends up with Invalid Syntax errors, because my default /usr/bin/python is not Python 2.7

I don't want to change the path with a hard-coding technique, so that I won't face problems with other applications.

Therefore I created a virtual environment the following way: In the msploitego base directory: I run 'virtualenv2 .' I activate the virtual environment : 'source ./bin/activate' Then I run 'pip install -r requirements.txt' => First issue: Packages are either deprecated or not found.

However, after relaunching Maltego, I still have the same invalid syntax errors, which means it doesn't change the path to the good python version. Thanks for your help !

PS: Your project seems interesting with regards to integration of various software into Maltego. I'll try to look at it and maybe build a few stuff. What are the most important things to be done first ?

maxlandon avatar Jan 09 '19 12:01 maxlandon

I would actually like to suggest a few things, and possibly help to do them:

  1. Adapt this project so that it can be ran in usermode ( I know Kali is root by default but we all know it's a bad habit). I personnally do not use Kali, and many others don't. Changing this seems just to require changing the path to the transforms (which are symlinked to /root/transforms) but I don't know where this path is hardcoded.
  2. It seems the list of packages in requirements.txt needs to be updated (NmapProcess does not appear in the search "pip search nmap", for instance, libnmap is now python-libnmap and NmapParser is nmapparser). Finally I have a question: If yes, how is this project related to the original slpoitego project ? Hope to hear from you soon !

maxlandon avatar Jan 09 '19 20:01 maxlandon

Hi Max, apologies it took me a while to answer & thank you for your feedback! I need to re-engineer the entire library for Python 3. Maltego has finally published a plan to support Python 3 so my next task is to rewrite msploitego. My project was inspired by sploitego and it's functions, however mine is more focused on Metasploit, visualizing the results, and triggering further transforms using other tools.

Regards, Marc

On Wed, Jan 9, 2019 at 4:18 PM maxlandon [email protected] wrote:

I would actually like to suggest a few things, and possibly help to do them:

  1. Adapt this project so that it can be ran in usermode ( I know Kali is root by default but we all know it's a bad habit). I personnally do not use Kali, and many others don't. Changing this seems just to require changing the path to the transforms (which are symlinked to /root/transforms) but I don't know where this path is hardcoded.
  2. It seems the list of packages in requirements.txt needs to be updated (NmapProcess does not appear in the search "pip search nmap", for instance, libnmap is now python-libnmap and NmapParser is nmapparser). Finally I have a question: If yes, how is this project related to the original slpoitego project ? Hope to hear from you soon !

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/shizzz477/msploitego/issues/7#issuecomment-452843072, or mute the thread https://github.com/notifications/unsubscribe-auth/AJKFEpBkfb9IkyuJp3q-Njc-Y5t5lMH1ks5vBlyUgaJpZM4Z3XDz .

shizzz477 avatar Jan 21 '19 16:01 shizzz477

Hello Marc

Thanks for your answer ! I actually started exactly the same thing than you, based on your code, Sploitego's and the canari framework. I started doing this because I got aware of the relatively new API tools in Metasploit. They help getting rid of your SQL strings; ) ! I started working on it a few days ago and I have a 200 lines of project description. In short there seems to be a huge amount of things possible now between MSF and Maltego, so many ways to overlap and intricate both data models. Seems very empowering. So I'm really excited about it. By the way, I'm a former finance student (God only knows how useful these are) who got interested in a command line three years ago, having heard of "blockchains". After three years of passionate discoveries and thousand of questions, I have left these words at the door. i' ve read tens of books on various subjects, but I'm not a gifted programmer. That 's it for my Bio I would be interested if you want to do it kind of collectively !

Maxime Landon

On Mon, Jan 21, 2019, 5:30 PM Marc Gurreri <[email protected] wrote:

Hi Max, apologies it took me a while to answer & thank you for your feedback! I need to re-engineer the entire library for Python 3. Maltego has finally published a plan to support Python 3 so my next task is to rewrite msploitego. My project was inspired by sploitego and it's functions, however mine is more focused on Metasploit, visualizing the results, and triggering further transforms using other tools.

Regards, Marc

On Wed, Jan 9, 2019 at 4:18 PM maxlandon [email protected] wrote:

I would actually like to suggest a few things, and possibly help to do them:

  1. Adapt this project so that it can be ran in usermode ( I know Kali is root by default but we all know it's a bad habit). I personnally do not use Kali, and many others don't. Changing this seems just to require changing the path to the transforms (which are symlinked to /root/transforms) but I don't know where this path is hardcoded.
  2. It seems the list of packages in requirements.txt needs to be updated (NmapProcess does not appear in the search "pip search nmap", for instance, libnmap is now python-libnmap and NmapParser is nmapparser). Finally I have a question: If yes, how is this project related to the original slpoitego project ? Hope to hear from you soon !

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <https://github.com/shizzz477/msploitego/issues/7#issuecomment-452843072 , or mute the thread < https://github.com/notifications/unsubscribe-auth/AJKFEpBkfb9IkyuJp3q-Njc-Y5t5lMH1ks5vBlyUgaJpZM4Z3XDz

.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shizzz477/msploitego/issues/7#issuecomment-456131414, or mute the thread https://github.com/notifications/unsubscribe-auth/AYoS9K4i84ivXffc_RzAI0lb9ybS7ktgks5vFesbgaJpZM4Z3XDz .

maxlandon avatar Jan 21 '19 16:01 maxlandon

On Mon, Jan 21, 2019 at 5:49 PM Maxime Landon [email protected] wrote:

Hello Marc

Thanks for your answer ! I actually started exactly the same thing than you, based on your code, Sploitego's and the canari framework. I started doing this because I got aware of the relatively new API tools in Metasploit. They help getting rid of your SQL strings; ) ! I started working on it a few days ago and I have a 200 lines of project description. In short there seems to be a huge amount of things possible now between MSF and Maltego, so many ways to overlap and intricate both data models. Seems very empowering. So I'm really excited about it. By the way, I'm a former finance student (God only knows how useful these are) who got interested in a command line three years ago, having heard of "blockchains". After three years of passionate discoveries and thousand of questions, I have left these words at the door. i' ve read tens of books on various subjects, but I'm not a gifted programmer. That 's it for my Bio I would be interested if you want to do it kind of collectively !

Maxime Landon

On Mon, Jan 21, 2019, 5:30 PM Marc Gurreri <[email protected] wrote:

Hi Max, apologies it took me a while to answer & thank you for your feedback! I need to re-engineer the entire library for Python 3. Maltego has finally published a plan to support Python 3 so my next task is to rewrite msploitego. My project was inspired by sploitego and it's functions, however mine is more focused on Metasploit, visualizing the results, and triggering further transforms using other tools.

Regards, Marc

On Wed, Jan 9, 2019 at 4:18 PM maxlandon [email protected] wrote:

I would actually like to suggest a few things, and possibly help to do them:

  1. Adapt this project so that it can be ran in usermode ( I know Kali is root by default but we all know it's a bad habit). I personnally do not use Kali, and many others don't. Changing this seems just to require changing the path to the transforms (which are symlinked to /root/transforms) but I don't know where this path is hardcoded.
  2. It seems the list of packages in requirements.txt needs to be updated (NmapProcess does not appear in the search "pip search nmap", for instance, libnmap is now python-libnmap and NmapParser is nmapparser). Finally I have a question: If yes, how is this project related to the original slpoitego project ? Hope to hear from you soon !

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub < https://github.com/shizzz477/msploitego/issues/7#issuecomment-452843072>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AJKFEpBkfb9IkyuJp3q-Njc-Y5t5lMH1ks5vBlyUgaJpZM4Z3XDz

.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shizzz477/msploitego/issues/7#issuecomment-456131414, or mute the thread https://github.com/notifications/unsubscribe-auth/AYoS9K4i84ivXffc_RzAI0lb9ybS7ktgks5vFesbgaJpZM4Z3XDz .

maxlandon avatar Jan 21 '19 16:01 maxlandon

Project Description:

                        MSF Maltego Plugin

OVERVIEW

The maltego plugin is a set of Maltego Transforms, that interact with the Metasploit Framework.

These transform, at the higher level, either:

  • Act upon data stored in the Metasploit Database, mainly through its REST API.
  • Execute commands through the Metasploit Framework, mainly through its RPC server.

Combination of Metasploit and Maltego might benefit to both softwares, and therefore to the penetration tester using them. Maltego is here to be considered as a sort of "meta-framework" which would manage a complex, versatile set of data and expose it to various tools, such as the Metasploit Framework. This is conditioned by sound, balanced and focused integration of Metasploit toolsets in Maltego. The major benefits would be:

- Exhaustive, flexible and versatile representation/visualisation of

Metasploit Data into Maltego's entity graphs. Computer networks of various kinds, along with their hosts, can be viewed in their functional structure. Each host, netblock exposes various kinds of data, which can be further used as input to other transforms. The graph environment allows use of icons, which can be leveraged in many ways for Metasploit entities and their state.

- Focused, context-sensitive availability of Metasploit toolset into

Maltego. Netblocks can become workspaces, as well as hosts, so that they can selfishly profit from Metasploit workspace structure. Host, services, sessions, or consoles are entities upon which one can act, exactly like in the Metasploit console. Sessions, for instance, offer the full spectrum of their tools in the Maltego graph.

- Various layers of information can be integrated into one Maltego

graph, or can be separated into multiple Maltego graphs. For example, mapping Metasploit routes can be done in such a layer. It could be then used to further visualize Metasploit related traffic, and potential "points of application" can be identified for further scans, exploits, etc... Separate graphs can be used for a particular host, subnet, document set, website struture.

- In addition to Maltego free transform set, various transform

librairies can be paid for and used. A correct integration of Metasploit entities into Maltego entity structure can expose Metasploit-stored data to transforms unrelated to Metasploit. This might apply to Loot, Notes, files, passwords, mail addresses, etc... Another example is to imagine other tools integrated into Maltego, such as Nmap operations, on a host entity, a netblock entity, a service in a netblock, etc...

PAST APPROACHES

Graphical visualisation of data, and exposition of this data to various tools in an important problem in computer security. Every Metasploit user knows that versatile is paramount, but excessive is meaningless. The meaning of "framework" in Metasploit is subtile, and extending it with a GUI component consequently is.

    • Armitage - Armitage, the old GUI that seems not to be supported anymore, would bring some sort of context-sentivity for exposing Metasploit tools, sessions, modules and consoles. However, the graphical representation of the network would be way too primary, with only a small variety of figures. In addition, Armitage would only CONSUME data from the Metasploit Database, and would not expose it to other tools (except from db_nmap).
    • Pro Consoles - Rapid7 obviously offers a much broader toolset than the Metasploit Framework. However, the approach of these tools with regard to network data visualization is not perfect. It is mainly composed of lists, processed and acted upon with various statistical tools, as well as systematic vulnerability testing capacities. This approach is only possible for the owner of the system, because he knows how to explain the noise. He does not have time to try every single path with a human eye. Therefore, and even if these tools have an undeniable use case, they are not fully adapted to red teams. As well, but to a smaller extent than Armitage, professional software might not expose their data to external tools while keeping it in their own GUI.
    • Maltego - Several attempts (Sploitego, MSploitego) have been made at interfacing Metasploit with Maltego. However, they would lack either:
    • Python API/RPC librairies for efficiently consuming the MetasploitDB API.
      • Unclear/unbounded integration of the Metaploit "entity model" into Maltego entity model, and therefore lacking this clear entity structure that would further enhance Metasploit DB management. One example is workspaces: If a workspace has several class C subnets, how to implement them and interact with them flawlessly in Maltego ? Is it possible to correctly represent the network structure in Maltego while still leveraging Metasploit data model -which is mainly based on workspaces- ? )
      • Abusive integration of non-MSF tools into the set of transforms, which has the effect of excessively "scoping" these entities and their transforms. This results in MSF entities in Maltego that cannot benefit from other transform sets. As well, integration would often be about vulnerability scanners which, as said above, do not really fit the constraints of red teams in terms of discretion.

Choice of the Data Model

Integration of Metasploit objects into a Maltego-conforming object-hierarchy is of paramount importance, as it conditions the success of this project. Upon acknowledgement of each framework's strengths, some arbitrary choices are needed to preserve them:

  1. Entity Inheritance Observation: Maltego is efficient at representing network structures from a functional standpoint. It can actually represent numerous kinds of networks, not only ones made of computer systems. On the other hand, Metasploit heavily relies on the use of Workspaces, which have their own limitations, such as having different class C networks in the same workspace. MSF workspaces however greatly help with loot, creds, and services management. Therefore, each MSF object (host, service, password, note, loot, etc...) acts only upon itself and potentially objects lower in the functional hierarchy (ex: a service). Choice: - Each Maltego netblock can be a MSF Workspace: therefore each netblock has its own hosts, credentials, notes, services and sessions. This separation helps managing these Maltego entities from the standpoint of MSF. Even a single host can be a workspace, opened in a different graph. - Each Maltego IPv4 address is the base entity of the MsfHost entity, which helps for retrieving and managing host-specific data such as creds, notes and sessions.

  2. Non-Overlapping Inheritance Observation: Maltego does not allow transform inheritance for two different entities, even if they share a common superclass in their Python code. As well, there is a need to make Metasploit's data model as "relative" as possible from Maltego's standpoint. That is, neither of both data models should ever be refrained from/by each other. Choice: Therefore, and it seems to be beneficial to some other extent, and whenever possible MSF entities should be represented in Maltego in the form of dynamic properties. For instance, a Maltego Netblock entity can produce another Maltego Netblock, which will have the properties of a Metasploit workspace. (To be noted, this also helps for properties inputs in transforms.)

  3. DB Interaction Observation: The Metasploit API offers several ways to retrieve the same type of data (eg. a credential). Therefore one needs to determine to which utility class will belong the method that will act upon this data. Example: A credential is either tied to a service, a workspace or a realm. The credential itself has properties on which one can act and make use of. Choice: When a service needs to update/add/remove a password, the methods for this belong the Service base class When a credential needs to be updated by itelf, or needs to be used an input to some other transform, the methods for this belong to the Credential base class However, when a host needs to find services the method for calling them will be in the Host utility class.

Here is the text version of this description !

You are receiving this because you authored the thread.

Reply to this email directly, view it on GitHub https://github.com/shizzz477/msploitego/issues/7#issuecomment-456131414, or mute the thread https://github.com/notifications/unsubscribe-auth/AYoS9K4i84ivXffc_RzAI0lb9ybS7ktgks5vFesbgaJpZM4Z3XDz .

maxlandon avatar Jan 22 '19 14:01 maxlandon

Actually I looked again at your msploitego library, and there are many things I don't understand, especially the logic pertaining to DB management. I don't understand it enough, at least, to determine if your DB logic code is still needed or not (considering the new Metasploit API, and the facilities provided by the Canari framework. Once again, I will be glad to help doing such a library in a collaborative project, but when reading your LinkedIn profile I also need to reiterate that I do not have 5% of your experience in programming. Looking forward to get news from you ! Sincerely,

Maxime

maxlandon avatar Jan 22 '19 21:01 maxlandon

Ahhhhhh that's horrifying I just saw all my mails are public !! Can you please delete this thread then ASAP and keep discussing privately ? Thanks a lot !

maxlandon avatar Jan 26 '19 00:01 maxlandon

Hello Marc, here is my Proof-of-Concept version of this project. Looking forward to ear from you, and feedbacks ! https://github.com/maxlandon/EffectiveCouscous/tree/v0.2 (Please thank Github for name suggestion)

As of now it just has transforms and their Python classes for basic Msf Object interaction (Workspace, Host, Service, IP), but the important part is more in the structure I found, and the documentation. I welcome any critics !

maxlandon avatar Jan 29 '19 18:01 maxlandon