Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/extensions/metasploit/rest/msf.rb
1154 views
1
require_relative '../../../core/main/router/router'

2
#

3
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

4
# Browser Exploitation Framework (BeEF) - https://beefproject.com

5
# See the file 'doc/COPYING' for copying permission

6
#

7
module BeEF

8
  module Extension

9
    module Metasploit

10
      # This class handles the routing of RESTful API requests for Metasploit integration

11
      class MsfRest < BeEF::Core::Router::Router

12
        # Filters out bad requests before performing any routing

13
        before do

14
          @msf ||= BeEF::Extension::Metasploit::RpcClient.instance

15
          config = BeEF::Core::Configuration.instance

16


17
          # Require a valid API token from a valid IP address

18
          halt 401 unless params[:token] == config.get('beef.api_token')

19
          halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip)

20


21
          headers 'Content-Type' => 'application/json; charset=UTF-8',

22
                  'Pragma' => 'no-cache',

23
                  'Cache-Control' => 'no-cache',

24
                  'Expires' => '0'

25
        end

26


27
        # Returns version of Metasploit

28
        get '/version' do

29
          version = @msf.call('core.version')

30
          result = {}

31
          result[:version] = version

32
          result.to_json

33
        rescue StandardError => e

34
          print_error "Internal error while retrieving Metasploit version (#{e.message})"

35
          halt 500

36
        end

37


38
        # Returns all the jobs

39
        get '/jobs' do

40
          jobs = @msf.call('job.list')

41
          count = jobs.size

42


43
          result = {}

44
          result[:count] = count

45
          result[:jobs] = jobs

46
          result.to_json

47
        rescue StandardError => e

48
          print_error "Internal error while retrieving Metasploit job list (#{e.message})"

49
          halt 500

50
        end

51


52
        # Returns information about a specific job given its id

53
        get '/job/:id/info' do

54
          id = params[:id]

55
          raise InvalidParamError, 'id' if id !~ /\A\d+\Z/

56


57
          job = @msf.call('job.info', id)

58
          halt 404 if job.nil?

59
          job.to_json

60
        rescue InvalidParamError => e

61
          print_error e.message

62
          halt 400

63
        rescue StandardError => e

64
          print_error "Internal error while retrieving Metasploit job with ID #{id} (#{e.message})"

65
          halt 500

66
        end

67


68
        # Stops a job given its id

69
        get '/job/:id/stop' do

70
          result = {}

71
          begin

72
            id = params[:id]

73
            raise InvalidParamError, 'id' if id !~ /\A\d+\Z/

74


75
            removed = @msf.call('job.stop', id)

76
            unless removed.nil?

77
              result['success'] = removed

78
              print_info "[Metasploit] Stopped job [id: #{id}]"

79
            end

80
          rescue InvalidParamError => e

81
            print_error e.message

82
            halt 400

83
          rescue StandardError => e

84
            print_error "Internal error while stopping job with ID #{id} (#{e.message})"

85
            halt 500

86
          end

87
          result.to_json

88
        end

89


90
        # Starts a new msf payload handler

91
        post '/handler' do

92
          body = JSON.parse(request.body.read)

93
          handler = @msf.call('module.execute', 'exploit', 'exploit/multi/handler', body)

94
          result = {}

95
          # example response: {"job_id"=>0, "uuid"=>"oye0kmpr"}

96
          if handler.nil? || handler['job_id'].nil?

97
            print_error '[Metasploit] Could not start payload handler'

98
            result['success'] = false

99
          else

100
            print_info "[Metasploit] Started job [id: #{handler['job_id']}]"

101
            print_debug @msf.call('job.info', handler['job_id']).to_s

102
            result['success'] = true

103
            result['id'] = handler['job_id']

104
          end

105
          result.to_json

106
        rescue InvalidJsonError => e

107
          print_error e.message

108
          halt 400

109
        rescue StandardError => e

110
          print_error "Internal error while creating exploit handler (#{e.message})"

111
          halt 500

112
        end

113


114
        # Raised when invalid JSON input is passed to an /api/msf handler.

115
        class InvalidJsonError < StandardError

116
          DEFAULT_MESSAGE = 'Invalid JSON input passed to /api/msf handler'.freeze

117


118
          def initialize(message = nil)

119
            super(message || DEFAULT_MESSAGE)

120
          end

121
        end

122


123
        # Raised when an invalid named parameter is passed to an /api/msf handler.

124
        class InvalidParamError < StandardError

125
          DEFAULT_MESSAGE = 'Invalid parameter passed to /api/msf handler'.freeze

126


127
          def initialize(message = nil)

128
            str = 'Invalid "%s" parameter passed to /api/msf handler'

129
            message = format str, message unless message.nil?

130
            super(message)

131
          end

132
        end

133
      end

134
    end

135
  end

136
end

137


138