Running Metasploit Remotely

Metasploit Framework can be run as a service and used remotely. The main advantage of running Metasploit remotely is that you can control it with your own custom security scripts or you can control it from anywhere in the world from any device that has a terminal and supports Ruby.

Running Metasploit as a Service

The RPC API allows you to perform tasks like manage the database, interact with sessions, and run modules. There are two methods you can use start the RPC service: the msfrpcd utility and the msgrpc plugin.

Using the MSFRPCD Utility

To run the MSFRPCD utility, cd into your Framework directory and run the following command:

1
$ ruby msfrpcd -U <USERNAME> -P <PASSWORD> -f

Using the MSGRPC Plugin

To use the MSGRPC plugin, you need to launch msfconsole and run the following command:

1
msf > load msgrpc

If all goes well, you'll see the following response, which tells you the IP address, username, and password you can use to connect to the msgrpc server:

1
[*] MSGRPC Service: 127.0.0.1:55552
2
[*] MSGRPC Username: msf
3
[*] MSGRPC Password: abc123
4
[*] Successfully loaded plugin: msgrpc

Connecting to the Service

To connect to the RPC service, you can use the msfrpc utility or the msfrpc-client gem.

Using the MSFRPC Utility

On the client side, if your device already has Metasploit Framework, then you can use the msfrpc utility to connect to the service:

1
ruby msfrpc -U <USERNAME> -P <PASS> -a IP

Using the MSFRPC-Client Gem

If you don’t have Metasploit Framework, you need to have an environment that is running Ruby 2.0 or higher with rvm. To install the msfrpc-client gem and use it:

1
gem install msfrpc-client
2
cd `gem env gemdir`/gems/msfrpc-client-[tab]/examples
3
ruby ./msfrpc_irb.rb --rpc-user [USER] --rpc-pass [PASS] --rpc-port 50505 --rpc-token [API KEY] --rpc-ssl false

A successful connection looks like the following example:

1
[*] exec: ruby msfrpc -U **** -P **** -a *******
2
3
[*] The 'rpc' object holds the RPC client interface
4
[*] Use rpc.call('group.command') to make RPC calls

Running Metasploit as a Daemon

To start Metasploit as a daemon, you need to run the msfd utility, which opens on port 55554 by default.

1
$ ruby msfd -a 0.0.0.0

To connect to the daemon, use netcat like the following example:

1
$ nc 127.0.0.1 5554