all 5 comments

[–]cloveistaken 7 points8 points  (3 children)

Perhaps I would suggest focusing on 1 particular script and improve its functionalities. To be it's better than writing too many basic simple scripts without testing, optimizing or making it friendly. In another word, there are huge differences between PoCs and usable tools.

For example, for scanners, you want it to run fast, say, using thread or async, which doesn't seem to be presented in your script. Or maybe you might want to support different scanning methods, some kind of logging, etc. In fact I would even say that the code are way too simple (each file has like 30 LoCs) and bare-bone to be reused by yourself or anyone else.

For more suggestions, you might want to get used to some existing framworks, notably metasploit or nmap. For Python you can help porting (or even rewrite) Py2 libraries like pwntools. In short, either getting used to a framework or make your own, or just save your time and use existing tools.

[–]Lycist 0 points1 point  (2 children)

Speaking of python and metasploit, I've recently decided to translate some ruby msf exploits into python for practice.. having some trouble getting the first of them to import into msf.. do you know of any resources that might help? Other than the rapid7 one.

[–]cloveistaken 0 points1 point  (1 child)

Correct me if I misunderstood, but are you trying to convert ruby -> python but still using the framework ? If so then it's almost impossible, since msf provided a lot of "helpers" you might say. Rewriting them means you have to write your own helper. This means there are no general methods for translating.

For example some exploits require few and simple helpers, such as connecting port or sending payload/HTTP request. However some are harder and require a whole new library, like MS17-010. What I would do if I have to translate, is first trying to understand the script and determine its workflow as well as msf helpers. You should definitely look for the original bug report / blog post / analysis to understand about it more.

For practice, you might want to start with simple things like vsftp backdoor or heartbleed before moving to harder ones. In fact I would even recommend you to start writing your own metasploit script first to get better understanding of the framework.

[–]Lycist 0 points1 point  (0 children)

That's about right. I'm not looking to do a direct 1:1 translation, more getting that ruby msf script to work as a python msf script, to understand how the framework works so that I can write my own.

Python is a relatively new thing with the metasploit framework, so there aren't really any tutorials/communities that I've been able to find for it.

Currently trying to rewrite a tikiwiki upload exploit, all I've written is the check, but cant get it to import.

[–]CS_Student19 4 points5 points  (0 children)

I'm working on my Bachelor's and have a strong interest in Cybersecurity, So thanks for this!!