Automating the exploit train with Python
This exploit train is relatively simple, but we can automate a portion of this with the Metasploit Remote Procedure Call (MSFRPC). This script will use the nmap
library to scan for active ports of 445
, then generate a list of targets to test using a username and password passed via argument to the script. The script will use the same smb_enumusers_domain
module to identify boxes that have the credentials reused and other viable users logged into them. First, we need to install SpiderLabs msfrpc
library for Python. This library can be found at https://github.com/SpiderLabs/msfrpc.git.
Note
A github repository for the book can be found at https://github.com/funkandwagnalls/pythonpentest and within it is a setup ...
Get Learning Penetration Testing with Python now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.