-
Notifications
You must be signed in to change notification settings - Fork 29
Using the JRuby Version
Buby Module Tutorial
Getting Help
Type help to list basic commands. The following commands will help you get started very quickly.
show
show
This will show buby modules, payloads, and auxiliary. If you'd like to see rurls, ua, content, etc. type show advanced.
You can show them individually utilizing:
show auxiliary
show buby
show exploits
show payloads
show options
show advanced
show rurls
show lfiles
show ua
show content
For example, if as user wishes to utilize an auxiliary module, use the previous shown command show auxiliary to locate the name of one.
ADVANCED OPTIONS
use
Once a user has located the name of a module they wish to utilize, the user can simply enter use <module name here> and hit enter.
The following is an example:
use auxiliary/enum/user_agent_test
Once an exploit, payload or auxiliary module has been chosen the set option is available.
set
As noted previously in the show tutorial, typing show options will render options when an exploit, module or payload module is in use.
The following is the output of show options when auxiliary/enum/user_agent_test is in use:
BASELINE true true Enables baseline checks for same Content-Length for same User-Agent requests
PROXYA false Proxy IP Address
PROXYP false Proxy Port Number
RURL http://www.example.com/test.php true Target address
As an example we show setting options for the auxiliary/enum/user_agent_test module
set RURL http://www.yahoo.com
set PROXYP 127.0.0.1
set PROXYA 8080
update
Updates the framework
update force
Occasionally a change will be made in the master copy of wXf which conflicts with your local version. This will stop you from updating and produce a warning about stashing your local copy. If you do NOT mind overwriting your local copy so that you can update to the latest version, type update force.
run
Only one keyword, as of now, can be used to start an auxiliary module once all options are set. This is the run keyword.
From the console type:
run
display
Shows the startup display
version
Shows the version of the framework
exit
Allows the user to exit the console
back
Provides the user the means to exit out of the current module in use without leaving the console.
info
When a module is in use, typing info will print out the information. Currently, this only works for file-based modules.
Another use would be to type info and the module name you'd like more information on. The following is an example:
info auxiliary/enum/user_agent_test
reload
List of reload commands:
reload all
reload current
reload modules
reload lfiles
reload rurls
The console allows you to reload the list of lfiles and rurls so that you don't have to restart the console in order to add a file for use in a module. For example, start the console, type show rurls. Then add a file under the rurls directory and type:
reload rurls
show rurls
You should see your addition in the list of available files (rurls).
Additionally, reloading can be performed on modules themselves. When a module is NOT in use you can only type reload modules. However, when a module IS in use, you can type both reload modules and reload current. "reload current" reloads the current module whereas "reload modules" reloads all modules, deactivates any modules in use and shuts down all webserver instances.
server and create
THIS FUNCTIONALITY IS NOT WORKING WITH JRUBY CORRECTLY AT THE MOMENT, WE ARE WORKING TO SOLVE THIS.