mirror of
https://github.com/GH05TCREW/MetasploitMCP.git
synced 2026-07-19 13:36:43 -04:00
Add new tool to execute local programs for payload testing
This commit is contained in:
@@ -5,6 +5,7 @@ import logging
|
||||
import os
|
||||
import shlex # Still needed for console command quoting
|
||||
import pathlib
|
||||
import subprocess # For executing local programs
|
||||
from datetime import datetime
|
||||
# Removed subprocess import as msfvenom is no longer called directly
|
||||
from typing import List, Dict, Any, Optional, Tuple, Union
|
||||
@@ -1600,6 +1601,83 @@ async def stop_job(job_id: int) -> Dict[str, Any]:
|
||||
return {"status": "error", "message": f"Unexpected error stopping job {job_id}: {str(e)}"}
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
async def execute_local_program(program_path: str) -> Dict[str, Any]:
|
||||
"""
|
||||
Execute a program at the specified local path.
|
||||
|
||||
This function attempts to execute arbitrary files on your local system.
|
||||
Only use it with files you have created and trust (e.g., payloads you generated).
|
||||
|
||||
Args:
|
||||
program_path: Full path to the program to execute (typically a path returned by generate_payload)
|
||||
|
||||
Returns:
|
||||
Dictionary with execution status and details
|
||||
"""
|
||||
logger.info(f"Attempting to execute local program: {program_path}")
|
||||
|
||||
# Validate path exists and is a file
|
||||
if not os.path.exists(program_path):
|
||||
logger.error(f"Path does not exist: {program_path}")
|
||||
return {
|
||||
"status": "error",
|
||||
"message": "Invalid path: File does not exist.",
|
||||
"path_checked": program_path
|
||||
}
|
||||
|
||||
if not os.path.isfile(program_path):
|
||||
logger.error(f"Path is not a file: {program_path}")
|
||||
return {
|
||||
"status": "error",
|
||||
"message": "Invalid path: Not a file.",
|
||||
"path_checked": program_path
|
||||
}
|
||||
|
||||
# Attempt to execute the program
|
||||
try:
|
||||
# Use subprocess.Popen to launch the program asynchronously without blocking
|
||||
await asyncio.to_thread(subprocess.Popen, [program_path])
|
||||
|
||||
logger.info(f"Successfully launched program: {program_path}")
|
||||
return {
|
||||
"status": "success",
|
||||
"message": f"Attempted to launch program in the background: {program_path}"
|
||||
}
|
||||
except FileNotFoundError as e:
|
||||
logger.error(f"FileNotFoundError executing {program_path}: {e}")
|
||||
return {
|
||||
"status": "error",
|
||||
"message": "Failed to launch program: File not found.",
|
||||
"path_attempted": program_path,
|
||||
"error_details": str(e)
|
||||
}
|
||||
except PermissionError as e:
|
||||
logger.error(f"PermissionError executing {program_path}: {e}")
|
||||
return {
|
||||
"status": "error",
|
||||
"message": "Failed to launch program: Permission denied.",
|
||||
"path_attempted": program_path,
|
||||
"error_details": str(e)
|
||||
}
|
||||
except OSError as e:
|
||||
logger.error(f"OSError executing {program_path}: {e}")
|
||||
return {
|
||||
"status": "error",
|
||||
"message": "Failed to launch program: OS error.",
|
||||
"path_attempted": program_path,
|
||||
"error_details": str(e)
|
||||
}
|
||||
except Exception as e:
|
||||
logger.exception(f"Unexpected error executing {program_path}")
|
||||
return {
|
||||
"status": "error",
|
||||
"message": "Failed to launch program due to an unexpected error.",
|
||||
"path_attempted": program_path,
|
||||
"error_details": str(e)
|
||||
}
|
||||
|
||||
|
||||
# --- FastAPI Application Setup ---
|
||||
app = FastAPI(
|
||||
title="Metasploit MCP Server",
|
||||
|
||||
@@ -8,11 +8,15 @@ This MCP server provides a bridge between large language models like Claude and
|
||||
|
||||
## Features
|
||||
|
||||
### Payload Generation and Execution
|
||||
|
||||
- **generate_payload**: Generate payload files using Metasploit RPC (saves files locally)
|
||||
- **execute_local_program**: Execute a locally saved program (e.g., generated payloads)
|
||||
|
||||
### Exploitation Workflow
|
||||
|
||||
- **list_exploits**: Search and list available Metasploit exploit modules
|
||||
- **list_payloads**: Search and list available Metasploit payload modules
|
||||
- **generate_payload**: Generate payload files using Metasploit RPC (saves files locally)
|
||||
- **run_exploit**: Configure and execute an exploit against a target
|
||||
- **list_active_sessions**: Show current Metasploit sessions
|
||||
- **send_session_command**: Run a command in an active session
|
||||
@@ -103,7 +107,7 @@ This tool provides direct access to Metasploit Framework capabilities, which inc
|
||||
1. List available exploits: `list_exploits("ms17_010")`
|
||||
2. Select and run an exploit: `run_exploit("exploit/windows/smb/ms17_010_eternalblue", "192.168.1.100", 445)`
|
||||
3. List sessions: `list_active_sessions()`
|
||||
4. Run commands: `send_session_command(1, "whoami")`
|
||||
4. Run commands: `send_session_command(1, "getuid")`
|
||||
|
||||
### Post-Exploitation
|
||||
|
||||
|
||||
Reference in New Issue
Block a user