0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Loading only the Metasploit modules you use

with 3 comments

The framework is taking quite a while to load on my machine these days, so i decided to stop loading all modules by default, and load only those modules i need. Here’s the process:

Simply comment the module-loading lines in the framework file lib/msf/base/simple/framework.rb, so :


if (Msf::Config.module_directory)

framework.modules.add_module_path(Msf::Config.module_directory)

end

becomes


#if (Msf::Config.module_directory)

#framework.modules.add_module_path(Msf::Config.module_directory)

#end

Or you can apply this patch: http://www.0x0e.org/x/framework-no-default-mods.patch

Alos make sure to remove the ~/.msf3/modcache directory.

Then, mirroring the framework modules directory structure, copy the modules you’d like to load into your .msf3/modules directory. For example, if you wanted to load only the psexec module and the reverse_tcp payload, copy

  • modules/exploits/windows/smb/psexec.rb into ~/.msf3/modules/exploits/windows/smb/psexec.rb
  • modules/payloads/stagers/windows/reverse_tcp.rb into ~/.msf3/modules/payloads/stagers/windows/reverse_tcp.rb

You should now see a load-time speed improvement on the order of:

Before:

<pre>jcran@disko:~/framework$ time ./msfconsole -r exit.rc

                |                    |      _) |
 __ `__ \   _ \ __|  _` |  __| __ \  |  _ \  | __|
 |   |   |  __/ |   (   |\__ \ |   | | (   | | |
_|  _|  _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|
                              _|


       =[ metasploit v3.5.1-dev [core:3.5 api:1.0]
+ -- --=[ 630 exploits - 310 auxiliary
+ -- --=[ 215 payloads - 27 encoders - 8 nops
       =[ svn r10985 updated today (2010.11.11)

resource (exit.rc)> exit
resource (exit.rc)> exit

real	0m42.750s
user	0m40.710s
sys	0m0.820s</pre>

After:

<pre>jcran@disko:~/framework$ time ./msfconsole -r exit.rc

                 o                       8         o   o
                 8                       8             8
ooYoYo. .oPYo.  o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8  o8P
8' 8  8 8oooo8   8  .oooo8 Yb..   8    8 8 8    8  8   8
8  8  8 8.       8  8    8   'Yb. 8    8 8 8    8  8   8
8  8  8 `Yooo'   8  `YooP8 `YooP' 8YooP' 8 `YooP'  8   8
..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..:
::::::::::::::::::::::::::::::::::8:::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


       =[ metasploit v3.5.1-dev [core:3.5 api:1.0]
+ -- --=[ 1 exploits - 0 auxiliary
+ -- --=[ 1 payloads - 0 encoders - 0 nops
       =[ svn r10985 updated today (2010.11.11)

resource (exit.rc)> exit
resource (exit.rc)> exit

real	0m12.232s
user	0m11.340s
sys	0m0.510s</pre>


Not huge, but definitely an improvement.

Advertisements

Written by jcran

November 12, 2010 at 4:16 PM

Posted in Uncategorized

3 Responses

Subscribe to comments with RSS.

  1. maybe you should just ask HD to buy you a better laptop

    CG

    November 13, 2010 at 12:32 AM

  2. maybe i should run less stuff: http://www.0x0e.org/x/bejesus.png

    jcran

    November 13, 2010 at 12:43 AM

  3. maybe you should;

    alice: nc -l -t -p 23 -e ./msfconsole

    bob: telnet alice

    done that before… 🙂

    aushack

    November 14, 2010 at 5:33 AM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: