Add new tool to execute local programs for payload testing

This commit is contained in:
GH05TCREW
2025-04-15 18:05:20 -06:00
parent 1468019cd1
commit 3b17f2e333
2 changed files with 84 additions and 2 deletions
+78
View File
@@ -5,6 +5,7 @@ import logging
import os
import shlex # Still needed for console command quoting
import pathlib
import subprocess # For executing local programs
from datetime import datetime
# Removed subprocess import as msfvenom is no longer called directly
from typing import List, Dict, Any, Optional, Tuple, Union
@@ -1600,6 +1601,83 @@ async def stop_job(job_id: int) -> Dict[str, Any]:
return {"status": "error", "message": f"Unexpected error stopping job {job_id}: {str(e)}"}
@mcp.tool()
async def execute_local_program(program_path: str) -> Dict[str, Any]:
"""
Execute a program at the specified local path.
This function attempts to execute arbitrary files on your local system.
Only use it with files you have created and trust (e.g., payloads you generated).
Args:
program_path: Full path to the program to execute (typically a path returned by generate_payload)
Returns:
Dictionary with execution status and details
"""
logger.info(f"Attempting to execute local program: {program_path}")
# Validate path exists and is a file
if not os.path.exists(program_path):
logger.error(f"Path does not exist: {program_path}")
return {
"status": "error",
"message": "Invalid path: File does not exist.",
"path_checked": program_path
}
if not os.path.isfile(program_path):
logger.error(f"Path is not a file: {program_path}")
return {
"status": "error",
"message": "Invalid path: Not a file.",
"path_checked": program_path
}
# Attempt to execute the program
try:
# Use subprocess.Popen to launch the program asynchronously without blocking
await asyncio.to_thread(subprocess.Popen, [program_path])
logger.info(f"Successfully launched program: {program_path}")
return {
"status": "success",
"message": f"Attempted to launch program in the background: {program_path}"
}
except FileNotFoundError as e:
logger.error(f"FileNotFoundError executing {program_path}: {e}")
return {
"status": "error",
"message": "Failed to launch program: File not found.",
"path_attempted": program_path,
"error_details": str(e)
}
except PermissionError as e:
logger.error(f"PermissionError executing {program_path}: {e}")
return {
"status": "error",
"message": "Failed to launch program: Permission denied.",
"path_attempted": program_path,
"error_details": str(e)
}
except OSError as e:
logger.error(f"OSError executing {program_path}: {e}")
return {
"status": "error",
"message": "Failed to launch program: OS error.",
"path_attempted": program_path,
"error_details": str(e)
}
except Exception as e:
logger.exception(f"Unexpected error executing {program_path}")
return {
"status": "error",
"message": "Failed to launch program due to an unexpected error.",
"path_attempted": program_path,
"error_details": str(e)
}
# --- FastAPI Application Setup ---
app = FastAPI(
title="Metasploit MCP Server",
+6 -2
View File
@@ -8,11 +8,15 @@ This MCP server provides a bridge between large language models like Claude and
## Features
### Payload Generation and Execution
- **generate_payload**: Generate payload files using Metasploit RPC (saves files locally)
- **execute_local_program**: Execute a locally saved program (e.g., generated payloads)
### Exploitation Workflow
- **list_exploits**: Search and list available Metasploit exploit modules
- **list_payloads**: Search and list available Metasploit payload modules
- **generate_payload**: Generate payload files using Metasploit RPC (saves files locally)
- **run_exploit**: Configure and execute an exploit against a target
- **list_active_sessions**: Show current Metasploit sessions
- **send_session_command**: Run a command in an active session
@@ -103,7 +107,7 @@ This tool provides direct access to Metasploit Framework capabilities, which inc
1. List available exploits: `list_exploits("ms17_010")`
2. Select and run an exploit: `run_exploit("exploit/windows/smb/ms17_010_eternalblue", "192.168.1.100", 445)`
3. List sessions: `list_active_sessions()`
4. Run commands: `send_session_command(1, "whoami")`
4. Run commands: `send_session_command(1, "getuid")`
### Post-Exploitation