Table of Contents


SploitKit Tweet

Make a Metasploit-like console.

PyPi Read The Docs Build Status Coverage Status Python Versions Known Vulnerabilities License

This toolkit is aimed to easilly build framework consoles in a Metasploit-like style. It provides a comprehensive interface to define CLI commands, modules and models for its storage database.

pip install sploitkit

Usage

From this point, main.py has the following code:

#!/usr/bin/python3
from sploitkit import FrameworkConsole


class MySploitConsole(FrameworkConsole):
    #TODO: set your console attributes
    pass


if __name__ == '__main__':
    MySploitConsole(
        "MySploit",
        #TODO: configure your console settings
    ).start()

And you can run it from the terminal:

Features

Sploitkit provides a base set of entities (consoles, commands, modules, models).

Multiple base console levels already exist (for detailed descriptions, see the console section):

  • FrameworkConsole: the root console, started through main.py
  • ProjectConsole: the project console, for limiting the workspace to a single project, invoked through the select [project] command
  • ModuleConsole: the module console, started when a module is invoked through the use [module] command

This framework provides more than 20 base commands, distributed in sets of functionalities (for detailed descriptions, see the command section):

  • general: commands for every level (e.g. help, show, set)
  • module: base module-level commands (e.g. use, run, show)
  • project: base project-level commands (e.g. select, load, archive)
  • recording: recording commands, for managing .rc files (record, replay)
  • root: base root-level commands (help)
  • utils: utility commands (shell, pydbg, memory)

It also holds some base models for its storage:

  • users: for user-related data (User, Email, Password)
  • systems: for system-related data (Host, Port, Service)
  • organization: for organization-related data (Organization, Unit, Employee)
  • notes: for linking notes to users, hosts or organizations

No module is provided with the framework as it is case-specific.

Customization

Sploitkit defines multiple types of entities for various purposes. The following entities can be subclassed: